grg/checkm8_tool
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed bug related to 2-byte reads only returning one byte sometimes

Browse Source
This commit is contained in:
Gregor Haas
2020-01-07 17:35:51 -05:00
parent cde3ad8bbe
commit 69387e84fb
3 changed files with 42 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
c8_arduino/src/checkm8_arduino.ino
View File

@@ -100,7 +100,7 @@ void loop()
(usb_args.wValue >> 8u) & 0xFFu, (usb_args.wValue >> 8u) & 0xFFu,
usb_args.wIndex, usb_args.wIndex,
usb_args.data_len); usb_args.data_len);
if(respond_rcode()) break; if(respond_rcode()) return;
if(usb_args.bmRequestType & 0x80u) if(usb_args.bmRequestType & 0x80u)
{ {
@@ -109,7 +109,7 @@ void loop()
} }
else rcode = Usb.dispatchPkt(tokOUTHS, 0, 0); else rcode = Usb.dispatchPkt(tokOUTHS, 0, 0);
if(respond_rcode()) break; if(respond_rcode()) return;
Serial.write(PROT_SUCCESS); Serial.write(PROT_SUCCESS);
break; break;
@@ -133,7 +133,7 @@ void loop()
else rcode = Usb.dispatchPkt(tokOUTHS, 0, 0); else rcode = Usb.dispatchPkt(tokOUTHS, 0, 0);
Serial.write(PROT_SUCCESS); Serial.write(PROT_SUCCESS);
break; return;
case PROT_NO_ERROR_CTRL_XFER_DATA: case PROT_NO_ERROR_CTRL_XFER_DATA:
recv_serial((uint8_t *) &usb_args, sizeof(struct usb_xfer_args)); recv_serial((uint8_t *) &usb_args, sizeof(struct usb_xfer_args));
@@ -172,7 +172,7 @@ void loop()
} }
Serial.write(PROT_SUCCESS); Serial.write(PROT_SUCCESS);
break; return;
case PROT_CTRL_XFER: case PROT_CTRL_XFER:
recv_serial((uint8_t *) &usb_args, sizeof(struct usb_xfer_args)); recv_serial((uint8_t *) &usb_args, sizeof(struct usb_xfer_args));
@@ -228,13 +228,13 @@ void loop()
Serial.write(PROT_FAIL_USB); Serial.write(PROT_FAIL_USB);
Serial.write(rcode); Serial.write(rcode);
break; return;
} }
} }
Usb.regWr(rHXFR, tokOUTHS); Usb.regWr(rHXFR, tokOUTHS);
Serial.write(PROT_SUCCESS); Serial.write(PROT_SUCCESS);
break; return;
} }
else else
{ {
@@ -265,7 +265,7 @@ void loop()
Usb.regWr(rHXFR, tokINHS); Usb.regWr(rHXFR, tokINHS);
Serial.write(PROT_SUCCESS); Serial.write(PROT_SUCCESS);
break; return;
} }
case PROT_RESET: case PROT_RESET:
@@ -275,7 +275,7 @@ void loop()
while((state = Usb.getUsbTaskState()) != USB_STATE_RUNNING) Usb.Task(); while((state = Usb.getUsbTaskState()) != USB_STATE_RUNNING) Usb.Task();
Serial.write(PROT_SUCCESS); Serial.write(PROT_SUCCESS);
break; return;
case PROT_SERIAL_DESC: case PROT_SERIAL_DESC:
recv_serial((uint8_t *) &sd_args, sizeof(struct serial_desc_args)); recv_serial((uint8_t *) &sd_args, sizeof(struct serial_desc_args));
@@ -285,7 +285,7 @@ void loop()
if(state == USB_DETACHED_SUBSTATE_WAIT_FOR_DEVICE) if(state == USB_DETACHED_SUBSTATE_WAIT_FOR_DEVICE)
{ {
Serial.write(PROT_FAIL_NODEV); Serial.write(PROT_FAIL_NODEV);
break; return;
} }
get_dev_descriptor(); get_dev_descriptor();
@@ -293,7 +293,7 @@ void loop()
desc_buf.idProduct != sd_args.dev_idProduct) desc_buf.idProduct != sd_args.dev_idProduct)
{ {
Serial.write(PROT_FAIL_WRONGDEV); Serial.write(PROT_FAIL_WRONGDEV);
break; return;
} }
// multiplication by 2 is necessary here because iphone returns 16-bit characters // multiplication by 2 is necessary here because iphone returns 16-bit characters
@@ -305,11 +305,11 @@ void loop()
{ {
Serial.write(((uint16_t *) usb_data_buf)[i]); Serial.write(((uint16_t *) usb_data_buf)[i]);
} }
break; return;
default: default:
Serial.write(PROT_FAIL_BADCMD); Serial.write(PROT_FAIL_BADCMD);
break; return;
} }
} }
} }

2
c8_remote/main.c
View File

@@ -101,7 +101,7 @@ int main()
free_dev_cmd_resp(resp); free_dev_cmd_resp(resp);
for(int i = 0; i < 100000; i++) for(int i = 0; i < 100000; i++)
{ {
resp = execute_payload(dev, PAYLOAD_AES_BUSY, 16, 4, 0x180153000, 0x1800b0010, 0x180150000, 16); resp = execute_payload(dev, PAYLOAD_AES_BUSY, 16, 4, 0x180153000, 0x1800b0010, 0x180150000, 8);
if(IS_CHECKM8_FAIL(resp->ret)) if(IS_CHECKM8_FAIL(resp->ret))
{ {
printf("failed to execute busy AES payload\n"); printf("failed to execute busy AES payload\n");

52
c8_remote/src/usb_helpers.c
View File

@@ -11,7 +11,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <libusb.h> #include <libusb-1.0/libusb.h>
#endif #endif
@@ -246,6 +246,17 @@ int is_device_session_open(struct pwned_device *dev)
#endif #endif
} }
#ifdef WITH_ARDUINO
void ard_read(struct pwned_device *dev, unsigned char *target, int nbytes)
{
int index = 0;
while(index < nbytes)
{
index += read(dev->ard_fd, &target[index], nbytes - index);
}
}
#endif
int partial_ctrl_transfer(struct pwned_device *dev, int partial_ctrl_transfer(struct pwned_device *dev,
unsigned char bmRequestType, unsigned char bRequest, unsigned char bmRequestType, unsigned char bRequest,
@@ -270,12 +281,12 @@ int partial_ctrl_transfer(struct pwned_device *dev,
write(dev->ard_fd, &PROT_PARTIAL_CTRL_XFER, 1); write(dev->ard_fd, &PROT_PARTIAL_CTRL_XFER, 1);
write(dev->ard_fd, &args, sizeof(struct usb_xfer_args)); write(dev->ard_fd, &args, sizeof(struct usb_xfer_args));
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
if(buf == PROT_ACK) if(buf == PROT_ACK)
{ {
checkm8_debug_indent("\treceived ack\n"); checkm8_debug_indent("\treceived ack\n");
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
if(buf == PROT_SUCCESS) if(buf == PROT_SUCCESS)
{ {
checkm8_debug_indent("\tsuccess\n"); checkm8_debug_indent("\tsuccess\n");
@@ -283,7 +294,7 @@ int partial_ctrl_transfer(struct pwned_device *dev,
} }
else if(buf == PROT_FAIL_USB) else if(buf == PROT_FAIL_USB)
{ {
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
checkm8_debug_indent("\trequest failed with error %X\n", buf); checkm8_debug_indent("\trequest failed with error %X\n", buf);
return CHECKM8_FAIL_XFER; return CHECKM8_FAIL_XFER;
@@ -349,7 +360,7 @@ int no_error_ctrl_transfer(struct pwned_device *dev,
dev, bmRequestType, bRequest, wValue, wIndex, data, data_len, timeout); dev, bmRequestType, bRequest, wValue, wIndex, data, data_len, timeout);
#ifdef WITH_ARDUINO #ifdef WITH_ARDUINO
unsigned char buf; char buf;
struct usb_xfer_args args; struct usb_xfer_args args;
args.bmRequestType = bmRequestType; args.bmRequestType = bmRequestType;
args.bRequest = bRequest; args.bRequest = bRequest;
@@ -361,7 +372,7 @@ int no_error_ctrl_transfer(struct pwned_device *dev,
write(dev->ard_fd, &PROT_NO_ERROR_CTRL_XFER, 1); write(dev->ard_fd, &PROT_NO_ERROR_CTRL_XFER, 1);
write(dev->ard_fd, &args, sizeof(struct usb_xfer_args)); write(dev->ard_fd, &args, sizeof(struct usb_xfer_args));
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
if(buf == PROT_ACK) if(buf == PROT_ACK)
{ {
checkm8_debug_indent("\treceived ack\n"); checkm8_debug_indent("\treceived ack\n");
@@ -369,11 +380,11 @@ int no_error_ctrl_transfer(struct pwned_device *dev,
{ {
if(buf == PROT_FAIL_USB) if(buf == PROT_FAIL_USB)
{ {
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
checkm8_debug_indent("\treceived error %X but ignoring\n", buf); checkm8_debug_indent("\treceived error %X but ignoring\n", buf);
} }
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
} while(buf != PROT_SUCCESS); } while(buf != PROT_SUCCESS);
checkm8_debug_indent("\tsuccess\n"); checkm8_debug_indent("\tsuccess\n");
@@ -429,21 +440,21 @@ int no_error_ctrl_transfer_data(struct pwned_device *dev,
write(dev->ard_fd, &PROT_NO_ERROR_CTRL_XFER_DATA, 1); write(dev->ard_fd, &PROT_NO_ERROR_CTRL_XFER_DATA, 1);
write(dev->ard_fd, &args, sizeof(struct usb_xfer_args)); write(dev->ard_fd, &args, sizeof(struct usb_xfer_args));
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
if(buf == PROT_ACK) if(buf == PROT_ACK)
{ {
checkm8_debug_indent("\treceived argument ack\n"); checkm8_debug_indent("\treceived argument ack\n");
while(index < data_len) while(index < data_len)
{ {
amount = 0; amount = 0;
while(read(dev->ard_fd, &amount, 2) == 0); ard_read(dev, (unsigned char *) &amount, 2);
checkm8_debug_indent("\twriting data chunk of size %i\n", amount); checkm8_debug_indent("\twriting data chunk of size %i\n", amount);
write(dev->ard_fd, &data[index], amount); write(dev->ard_fd, &data[index], amount);
index += amount; index += amount;
} }
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
if(buf == PROT_SUCCESS) if(buf == PROT_SUCCESS)
{ {
checkm8_debug_indent("\tsuccess\n"); checkm8_debug_indent("\tsuccess\n");
@@ -490,25 +501,20 @@ int ctrl_transfer(struct pwned_device *dev,
write(dev->ard_fd, &PROT_CTRL_XFER, 1); write(dev->ard_fd, &PROT_CTRL_XFER, 1);
write(dev->ard_fd, &args, sizeof(struct usb_xfer_args)); write(dev->ard_fd, &args, sizeof(struct usb_xfer_args));
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
if(buf == PROT_ACK) if(buf == PROT_ACK)
{ {
checkm8_debug_indent("\treceived argument ack\n"); checkm8_debug_indent("\treceived argument ack\n");
if(bmRequestType & 0x80) if(bmRequestType & 0x80u)
{ {
amount = 0; amount = 0;
while(amount < data_len) while(amount < data_len)
{ {
// get the size of this chunk // get the size of this chunk
while(read(dev->ard_fd, &size, 2) == 0); ard_read(dev, (unsigned char *) &size, 2);
checkm8_debug_indent("\treceiving data chunk of size %i\n", size); checkm8_debug_indent("\treceiving data chunk of size %i\n", size);
index = 0; ard_read(dev, (unsigned char *) &data[amount], size);
while(index < size)
{
index += read(dev->ard_fd, &data[amount + index], size - index);
}
amount += size; amount += size;
} }
} }
@@ -518,15 +524,15 @@ int ctrl_transfer(struct pwned_device *dev,
while(index < data_len) while(index < data_len)
{ {
amount = 0; amount = 0;
while(read(dev->ard_fd, &amount, 2) == 0); ard_read(dev, (unsigned char *) &amount, 2);
checkm8_debug_indent("\twriting data chunk of size %i\n", amount); checkm8_debug_indent("\twriting data chunk of size %i\n", amount);
write(dev->ard_fd, &data[index], amount);
write(dev->ard_fd, &data[index], amount);
index += amount; index += amount;
} }
} }
while(read(dev->ard_fd, &buf, 1) == 0); ard_read(dev, (unsigned char *) &buf, 1);
if(buf == PROT_SUCCESS) if(buf == PROT_SUCCESS)
{ {
checkm8_debug_indent("\tsuccess\n"); checkm8_debug_indent("\tsuccess\n");