grg/checkm8_tool
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Also place payload lengths in the header... not known at compile time

Browse Source
This commit is contained in:
Gregor Haas
2020-01-12 17:14:21 -05:00
parent 37c11da469
commit c94c776a61
4 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
c8_libpayload/scripts/headerize.py
View File

@@ -21,13 +21,21 @@ if __name__ == '__main__':
'#define CHECKM8_TOOL_LIBPAYLOAD_H\n', '#define CHECKM8_TOOL_LIBPAYLOAD_H\n',
'\n'] '\n']
name_lines = []
size_lines = []
for n in lib_names: for n in lib_names:
with open(n, 'r') as f: with open(n, 'r') as f:
line = f.readline() # looks like "const unsigned char PAYLOAD_NAME[PAYLOAD_SIZE] = " line = f.readline() # looks like "const unsigned char PAYLOAD_NAME[PAYLOAD_SIZE] = "
name = line.split(' ')[3].split('[')[0] name = line.split(' ')[3].split('[')[0]
size = line.split(' ')[3].split('[')[1][:-1] size = line.split(' ')[3].split('[')[1][:-1]
header_lines.append('extern const unsigned char %s[%s];\n' % (name, size)) name_lines.append('extern const unsigned char %s[%s_SZ];\n' % (name, name.upper()))
size_lines.append('#define %s_SZ %s\n' % (name.upper(), size))
header_lines.extend(size_lines)
header_lines.append('\n')
header_lines.extend(name_lines)
header_lines.append('\n') header_lines.append('\n')
header_lines.append('#endif //CHECKM8_TOOL_LIBPAYLOAD_H\n') header_lines.append('#endif //CHECKM8_TOOL_LIBPAYLOAD_H\n')

2
c8_libpayload/scripts/librarize.py
View File

@@ -24,7 +24,7 @@ if __name__ == '__main__':
for n in bin_names: for n in bin_names:
payload_name = os.path.basename(n).split('.')[0] payload_name = os.path.basename(n).split('.')[0]
with open(n, 'rb') as fbin: with open(n, 'rb') as fbin:
fbytes = fbin.read() fbytes = fbin.read()
source_lines[payload_name].append('const unsigned char %s[%i] =\n' % (payload_name, len(fbytes))) source_lines[payload_name].append('const unsigned char %s[%i] =\n' % (payload_name, len(fbytes)))
source_lines[payload_name].append('\t{') source_lines[payload_name].append('\t{')

4
c8_remote/CMakeLists.txt
View File

@@ -1,10 +1,10 @@
cmake_minimum_required(VERSION 3.10)
project(checkm8_remote C) project(checkm8_remote C)
set(CMAKE_C_STANDARD 99) set(CMAKE_C_STANDARD 99)
set(CMAKE_C_FLAGS "-g -Wall") set(CMAKE_C_FLAGS "-g -Wall")
include_directories(include) include_directories(include)
add_executable(checkm8_remote main.c src/usb_helpers.c src/exploit.c src/payload.c src/command.c)
add_executable(checkm8_remote main.c src/usb_helpers.c src/exploit.c src/payload.c src/command.c)
target_link_libraries(checkm8_remote usb-1.0 pthread udev payload) target_link_libraries(checkm8_remote usb-1.0 pthread udev payload)

9
c8_remote/src/payload.c
View File

@@ -24,31 +24,38 @@ struct payload *get_payload(PAYLOAD_T p)
{ {
struct payload *res; struct payload *res;
const unsigned char *pl; const unsigned char *pl;
int len;
switch(p) switch(p)
{ {
case PAYLOAD_AES: case PAYLOAD_AES:
pl = payload_aes; pl = payload_aes;
len = PAYLOAD_AES_SZ;
break; break;
case PAYLOAD_AES_BUSY: case PAYLOAD_AES_BUSY:
pl = payload_aes_busy; pl = payload_aes_busy;
len = PAYLOAD_AES_BUSY_SZ;
break; break;
case PAYLOAD_AES_SW: case PAYLOAD_AES_SW:
pl = payload_aes_sw; pl = payload_aes_sw;
len = PAYLOAD_AES_SW_SZ;
break; break;
case PAYLOAD_SYNC: case PAYLOAD_SYNC:
pl = payload_sync; pl = payload_sync;
len = PAYLOAD_SYNC_SZ;
break; break;
case PAYLOAD_SYSREG: case PAYLOAD_SYSREG:
pl = payload_sysreg; pl = payload_sysreg;
len = PAYLOAD_SYSREG_SZ;
break; break;
case PAYLOAD_TASK_SLEEP_TEST: case PAYLOAD_TASK_SLEEP_TEST:
pl = payload_task_sleep_test; pl = payload_task_sleep_test;
len = PAYLOAD_TASK_SLEEP_TEST_SZ;
break; break;
default: default:
@@ -60,7 +67,7 @@ struct payload *get_payload(PAYLOAD_T p)
if(res == NULL) return NULL; if(res == NULL) return NULL;
res->type = p; res->type = p;
res->len = sizeof(pl); res->len = len;
res->data = pl; res->data = pl;
res->install_base = -1; res->install_base = -1;
res->next = NULL; res->next = NULL;