synchronous payloads seem to work well
This commit is contained in:
@@ -294,6 +294,13 @@ int demote_device(struct pwned_device *dev)
|
||||
{
|
||||
checkm8_debug_indent("demote_device(dev = %p)\n", dev);
|
||||
unsigned int oldval, newval;
|
||||
int retval;
|
||||
|
||||
if(IS_CHECKM8_FAIL(open_device_session(dev)))
|
||||
{
|
||||
checkm8_debug_indent("\tfailed to open a device session\n");
|
||||
return CHECKM8_FAIL_XFER;
|
||||
}
|
||||
|
||||
struct dev_cmd_resp *resp = dev_read_memory(dev, DEMOTE_REG, 4);
|
||||
if(IS_CHECKM8_FAIL(resp->ret))
|
||||
@@ -305,46 +312,73 @@ int demote_device(struct pwned_device *dev)
|
||||
|
||||
oldval = *((unsigned int *) resp->data);
|
||||
free_dev_cmd_resp(resp);
|
||||
if(oldval & 1u)
|
||||
if(!(oldval & 1u))
|
||||
{
|
||||
oldval &= 0xFFFFFFFE;
|
||||
checkm8_debug_block("\tdevice already demoted\n");
|
||||
if(IS_CHECKM8_FAIL(close_device_session(dev)))
|
||||
{
|
||||
checkm8_debug_indent("\tfailed to close device session\n");
|
||||
return CHECKM8_FAIL_XFER;
|
||||
}
|
||||
|
||||
checkm8_debug_indent("\tattempting to demote device\n");
|
||||
resp = dev_write_memory(dev, DEMOTE_REG, (unsigned char *) &oldval, 4);
|
||||
return CHECKM8_SUCCESS;
|
||||
}
|
||||
|
||||
oldval &= 0xFFFFFFFE;
|
||||
|
||||
checkm8_debug_indent("\tattempting to demote device\n");
|
||||
resp = dev_write_memory(dev, DEMOTE_REG, (unsigned char *) &oldval, 4);
|
||||
free_dev_cmd_resp(resp);
|
||||
if(IS_CHECKM8_FAIL(resp->ret))
|
||||
{
|
||||
checkm8_debug_block("\tfailed to write to demotion reg\n");
|
||||
|
||||
if(IS_CHECKM8_FAIL(close_device_session(dev)))
|
||||
{
|
||||
checkm8_debug_indent("\tfailed to close device session\n");
|
||||
return CHECKM8_FAIL_XFER;
|
||||
}
|
||||
|
||||
return CHECKM8_FAIL_INVARGS;
|
||||
}
|
||||
|
||||
// verify
|
||||
resp = dev_read_memory(dev, DEMOTE_REG, 4);
|
||||
if(IS_CHECKM8_FAIL(resp->ret))
|
||||
{
|
||||
free_dev_cmd_resp(resp);
|
||||
if(IS_CHECKM8_FAIL(resp->ret))
|
||||
checkm8_debug_block("\tfailed to verify demotion reg\n");
|
||||
|
||||
if(IS_CHECKM8_FAIL(close_device_session(dev)))
|
||||
{
|
||||
checkm8_debug_block("\tfailed to write to demotion reg\n");
|
||||
return CHECKM8_FAIL_INVARGS;
|
||||
checkm8_debug_indent("\tfailed to close device session\n");
|
||||
return CHECKM8_FAIL_XFER;
|
||||
}
|
||||
|
||||
// verify
|
||||
resp = dev_read_memory(dev, DEMOTE_REG, 4);
|
||||
if(IS_CHECKM8_FAIL(resp->ret))
|
||||
{
|
||||
free_dev_cmd_resp(resp);
|
||||
checkm8_debug_block("\tfailed to verify demotion reg\n");
|
||||
return CHECKM8_FAIL_INVARGS;
|
||||
}
|
||||
return CHECKM8_FAIL_INVARGS;
|
||||
}
|
||||
|
||||
newval = *((unsigned int *) resp->data);
|
||||
free_dev_cmd_resp(resp);
|
||||
if(oldval == newval)
|
||||
{
|
||||
checkm8_debug_block("\tdemotion success!\n");
|
||||
return CHECKM8_SUCCESS;
|
||||
}
|
||||
else
|
||||
{
|
||||
checkm8_debug_block("\tdemotion register did not change!\n");
|
||||
return CHECKM8_FAIL_INVARGS;
|
||||
}
|
||||
newval = *((unsigned int *) resp->data);
|
||||
free_dev_cmd_resp(resp);
|
||||
|
||||
if(oldval == newval)
|
||||
{
|
||||
checkm8_debug_block("\tdemotion success!\n");
|
||||
retval = CHECKM8_SUCCESS;
|
||||
}
|
||||
else
|
||||
{
|
||||
checkm8_debug_block("\tdevice already demoted\n");
|
||||
return CHECKM8_SUCCESS;
|
||||
checkm8_debug_block("\tdemotion register did not change!\n");
|
||||
retval = CHECKM8_FAIL_INVARGS;
|
||||
}
|
||||
|
||||
if(IS_CHECKM8_FAIL(close_device_session(dev)))
|
||||
{
|
||||
checkm8_debug_indent("\tfailed to close device session\n");
|
||||
return CHECKM8_FAIL_XFER;
|
||||
}
|
||||
|
||||
return retval;
|
||||
}
|
||||
|
||||
void free_device(struct pwned_device *dev)
|
||||
|
||||
Reference in New Issue
Block a user