grg/checkm8_tool
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Working trigger (basic) and user key AES - good for experiments tomorrow!

Browse Source
This commit is contained in:
Gregor Haas
2020-01-05 22:25:27 -05:00
parent afae03eb78
commit d8f5e48598
8 changed files with 32 additions and 2248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
c8_remote/src/command.c
View File

@@ -12,7 +12,7 @@ void free_dev_cmd_resp(struct dev_cmd_resp *resp)
free(resp);
}
int dfu_send_data(struct pwned_device *dev, unsigned char *data, long data_len)
int dfu_send_data(struct pwned_device *dev, unsigned char *data, long data_len, unsigned int trigger)
{
checkm8_debug_indent("dfu_send_data(dev = %p, data = %p, data_len = %li)\n", dev, data, data_len);
long long index = 0, amount;
@@ -25,7 +25,7 @@ int dfu_send_data(struct pwned_device *dev, unsigned char *data, long data_len)
checkm8_debug_indent("\tsending chunk of size %li at index %li\n", amount, index);
ret = ctrl_transfer(dev, 0x21, 1, 0, 0, &data[index], amount, 5000);
ret = ctrl_transfer(dev, 0x21, 1, 0, 0, &data[index], amount, 5000, trigger);
if(ret > 0) checkm8_debug_indent("\ttransferred %i bytes\n", ret);
else
{
@@ -64,14 +64,14 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
}
}
ret = dfu_send_data(dev, nullbuf, 16);
ret = dfu_send_data(dev, nullbuf, 16, 0);
if(IS_CHECKM8_FAIL(ret))
{
cmd_resp->ret = ret;
return cmd_resp;
}
ret = ctrl_transfer(dev, 0x21, 1, 0, 0, nullbuf, 0, 100);
ret = ctrl_transfer(dev, 0x21, 1, 0, 0, nullbuf, 0, 100, 0);
if(ret >= 0) checkm8_debug_indent("\ttransferred %i bytes\n", ret);
else
{
@@ -80,7 +80,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
return cmd_resp;
}
ret = ctrl_transfer(dev, 0xA1, 3, 0, 0, nullbuf, 6, 100);
ret = ctrl_transfer(dev, 0xA1, 3, 0, 0, nullbuf, 6, 100, 0);
if(ret >= 0) checkm8_debug_indent("\ttransferred %i bytes\n", ret);
else
{
@@ -89,7 +89,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
return cmd_resp;
}
ret = ctrl_transfer(dev, 0xA1, 3, 0, 0, nullbuf, 6, 100);
ret = ctrl_transfer(dev, 0xA1, 3, 0, 0, nullbuf, 6, 100, 0);
if(ret >= 0) checkm8_debug_indent("\ttransferred %i bytes\n", ret);
else
{
@@ -98,7 +98,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
return cmd_resp;
}
ret = dfu_send_data(dev, args, arg_len);
ret = dfu_send_data(dev, args, arg_len, 1);
if(IS_CHECKM8_FAIL(ret))
{
cmd_resp->ret = ret;
@@ -110,7 +110,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
ret = ctrl_transfer(dev,
0xA1, 2, 0xFFFF, 0,
resp_buf, response_len + 1,
100);
100, 0);
if(ret >= 0) checkm8_debug_indent("\tfinal request transferred %i bytes\n", ret);
else
{
@@ -124,7 +124,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
ret = ctrl_transfer(dev,
0xA1, 2, 0xFFFF, 0,
resp_buf, response_len,
100);
100, 0);
if(ret >= 0) checkm8_debug_indent("\tfinal request transferred %i bytes\n", ret);
else
{

3
c8_remote/src/usb_helpers.c
View File

@@ -480,7 +480,7 @@ int ctrl_transfer(struct pwned_device *dev,
unsigned char bmRequestType, unsigned char bRequest,
unsigned short wValue, unsigned short wIndex,
unsigned char *data, unsigned short data_len,
unsigned int timeout)
unsigned int timeout, unsigned int trigger)
{
checkm8_debug_indent(
"ctrl_transfer(dev = %p, bmRequestType = %X, bRequest = %X, wValue = %i, wIndex = %i, data = %p, data_len = %i, timeout = %i)\n",
@@ -495,6 +495,7 @@ int ctrl_transfer(struct pwned_device *dev,
args.wValue = wValue;
args.wIndex = wIndex;
args.data_len = data_len;
args.trigger = trigger;
checkm8_debug_indent("\tsending data to arduino\n");
write(dev->ard_fd, &PROT_CTRL_XFER, 1);