From 69387e84fb94db43cb4dcb3910a4da41807a3099 Mon Sep 17 00:00:00 2001 From: Gregor Haas Date: Tue, 7 Jan 2020 17:35:51 -0500 Subject: [PATCH] Fixed bug related to 2-byte reads only returning one byte sometimes --- c8_arduino/src/checkm8_arduino.ino | 24 +++++++------- c8_remote/main.c | 2 +- c8_remote/src/usb_helpers.c | 52 +++++++++++++++++------------- 3 files changed, 42 insertions(+), 36 deletions(-) diff --git a/c8_arduino/src/checkm8_arduino.ino b/c8_arduino/src/checkm8_arduino.ino index 3febd69..72647ba 100644 --- a/c8_arduino/src/checkm8_arduino.ino +++ b/c8_arduino/src/checkm8_arduino.ino @@ -100,7 +100,7 @@ void loop() (usb_args.wValue >> 8u) & 0xFFu, usb_args.wIndex, usb_args.data_len); - if(respond_rcode()) break; + if(respond_rcode()) return; if(usb_args.bmRequestType & 0x80u) { @@ -109,7 +109,7 @@ void loop() } else rcode = Usb.dispatchPkt(tokOUTHS, 0, 0); - if(respond_rcode()) break; + if(respond_rcode()) return; Serial.write(PROT_SUCCESS); break; @@ -133,7 +133,7 @@ void loop() else rcode = Usb.dispatchPkt(tokOUTHS, 0, 0); Serial.write(PROT_SUCCESS); - break; + return; case PROT_NO_ERROR_CTRL_XFER_DATA: recv_serial((uint8_t *) &usb_args, sizeof(struct usb_xfer_args)); @@ -172,7 +172,7 @@ void loop() } Serial.write(PROT_SUCCESS); - break; + return; case PROT_CTRL_XFER: recv_serial((uint8_t *) &usb_args, sizeof(struct usb_xfer_args)); @@ -228,13 +228,13 @@ void loop() Serial.write(PROT_FAIL_USB); Serial.write(rcode); - break; + return; } } Usb.regWr(rHXFR, tokOUTHS); Serial.write(PROT_SUCCESS); - break; + return; } else { @@ -265,7 +265,7 @@ void loop() Usb.regWr(rHXFR, tokINHS); Serial.write(PROT_SUCCESS); - break; + return; } case PROT_RESET: @@ -275,7 +275,7 @@ void loop() while((state = Usb.getUsbTaskState()) != USB_STATE_RUNNING) Usb.Task(); Serial.write(PROT_SUCCESS); - break; + return; case PROT_SERIAL_DESC: recv_serial((uint8_t *) &sd_args, sizeof(struct serial_desc_args)); @@ -285,7 +285,7 @@ void loop() if(state == USB_DETACHED_SUBSTATE_WAIT_FOR_DEVICE) { Serial.write(PROT_FAIL_NODEV); - break; + return; } get_dev_descriptor(); @@ -293,7 +293,7 @@ void loop() desc_buf.idProduct != sd_args.dev_idProduct) { Serial.write(PROT_FAIL_WRONGDEV); - break; + return; } // multiplication by 2 is necessary here because iphone returns 16-bit characters @@ -305,11 +305,11 @@ void loop() { Serial.write(((uint16_t *) usb_data_buf)[i]); } - break; + return; default: Serial.write(PROT_FAIL_BADCMD); - break; + return; } } } \ No newline at end of file diff --git a/c8_remote/main.c b/c8_remote/main.c index 1c57c6c..0d12410 100644 --- a/c8_remote/main.c +++ b/c8_remote/main.c @@ -101,7 +101,7 @@ int main() free_dev_cmd_resp(resp); for(int i = 0; i < 100000; i++) { - resp = execute_payload(dev, PAYLOAD_AES_BUSY, 16, 4, 0x180153000, 0x1800b0010, 0x180150000, 16); + resp = execute_payload(dev, PAYLOAD_AES_BUSY, 16, 4, 0x180153000, 0x1800b0010, 0x180150000, 8); if(IS_CHECKM8_FAIL(resp->ret)) { printf("failed to execute busy AES payload\n"); diff --git a/c8_remote/src/usb_helpers.c b/c8_remote/src/usb_helpers.c index ebe0bfa..dcee56c 100644 --- a/c8_remote/src/usb_helpers.c +++ b/c8_remote/src/usb_helpers.c @@ -11,7 +11,7 @@ #include #include -#include +#include #endif @@ -246,6 +246,17 @@ int is_device_session_open(struct pwned_device *dev) #endif } +#ifdef WITH_ARDUINO +void ard_read(struct pwned_device *dev, unsigned char *target, int nbytes) +{ + int index = 0; + while(index < nbytes) + { + index += read(dev->ard_fd, &target[index], nbytes - index); + } +} +#endif + int partial_ctrl_transfer(struct pwned_device *dev, unsigned char bmRequestType, unsigned char bRequest, @@ -270,12 +281,12 @@ int partial_ctrl_transfer(struct pwned_device *dev, write(dev->ard_fd, &PROT_PARTIAL_CTRL_XFER, 1); write(dev->ard_fd, &args, sizeof(struct usb_xfer_args)); - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); if(buf == PROT_ACK) { checkm8_debug_indent("\treceived ack\n"); - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); if(buf == PROT_SUCCESS) { checkm8_debug_indent("\tsuccess\n"); @@ -283,7 +294,7 @@ int partial_ctrl_transfer(struct pwned_device *dev, } else if(buf == PROT_FAIL_USB) { - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); checkm8_debug_indent("\trequest failed with error %X\n", buf); return CHECKM8_FAIL_XFER; @@ -349,7 +360,7 @@ int no_error_ctrl_transfer(struct pwned_device *dev, dev, bmRequestType, bRequest, wValue, wIndex, data, data_len, timeout); #ifdef WITH_ARDUINO - unsigned char buf; + char buf; struct usb_xfer_args args; args.bmRequestType = bmRequestType; args.bRequest = bRequest; @@ -361,7 +372,7 @@ int no_error_ctrl_transfer(struct pwned_device *dev, write(dev->ard_fd, &PROT_NO_ERROR_CTRL_XFER, 1); write(dev->ard_fd, &args, sizeof(struct usb_xfer_args)); - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); if(buf == PROT_ACK) { checkm8_debug_indent("\treceived ack\n"); @@ -369,11 +380,11 @@ int no_error_ctrl_transfer(struct pwned_device *dev, { if(buf == PROT_FAIL_USB) { - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); checkm8_debug_indent("\treceived error %X but ignoring\n", buf); } - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); } while(buf != PROT_SUCCESS); checkm8_debug_indent("\tsuccess\n"); @@ -429,21 +440,21 @@ int no_error_ctrl_transfer_data(struct pwned_device *dev, write(dev->ard_fd, &PROT_NO_ERROR_CTRL_XFER_DATA, 1); write(dev->ard_fd, &args, sizeof(struct usb_xfer_args)); - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); if(buf == PROT_ACK) { checkm8_debug_indent("\treceived argument ack\n"); while(index < data_len) { amount = 0; - while(read(dev->ard_fd, &amount, 2) == 0); + ard_read(dev, (unsigned char *) &amount, 2); checkm8_debug_indent("\twriting data chunk of size %i\n", amount); write(dev->ard_fd, &data[index], amount); index += amount; } - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); if(buf == PROT_SUCCESS) { checkm8_debug_indent("\tsuccess\n"); @@ -490,25 +501,20 @@ int ctrl_transfer(struct pwned_device *dev, write(dev->ard_fd, &PROT_CTRL_XFER, 1); write(dev->ard_fd, &args, sizeof(struct usb_xfer_args)); - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); if(buf == PROT_ACK) { checkm8_debug_indent("\treceived argument ack\n"); - if(bmRequestType & 0x80) + if(bmRequestType & 0x80u) { amount = 0; while(amount < data_len) { // get the size of this chunk - while(read(dev->ard_fd, &size, 2) == 0); + ard_read(dev, (unsigned char *) &size, 2); checkm8_debug_indent("\treceiving data chunk of size %i\n", size); - index = 0; - while(index < size) - { - index += read(dev->ard_fd, &data[amount + index], size - index); - } - + ard_read(dev, (unsigned char *) &data[amount], size); amount += size; } } @@ -518,15 +524,15 @@ int ctrl_transfer(struct pwned_device *dev, while(index < data_len) { amount = 0; - while(read(dev->ard_fd, &amount, 2) == 0); + ard_read(dev, (unsigned char *) &amount, 2); checkm8_debug_indent("\twriting data chunk of size %i\n", amount); - write(dev->ard_fd, &data[index], amount); + write(dev->ard_fd, &data[index], amount); index += amount; } } - while(read(dev->ard_fd, &buf, 1) == 0); + ard_read(dev, (unsigned char *) &buf, 1); if(buf == PROT_SUCCESS) { checkm8_debug_indent("\tsuccess\n");