Working trigger (basic) and user key AES - good for experiments tomorrow!

2020-01-05 22:25:27 -05:00
parent afae03eb78
commit d8f5e48598
8 changed files with 32 additions and 2248 deletions
--- a/c8_arduino/src/checkm8_arduino.ino
+++ b/c8_arduino/src/checkm8_arduino.ino
@@ -70,6 +70,7 @@ void setup()
 void loop()
 {
    Usb.Task();
    state = Usb.getUsbTaskState();
    while(state != USB_DETACHED_SUBSTATE_WAIT_FOR_DEVICE && state != USB_STATE_RUNNING)
    {
@@ -178,6 +179,8 @@ void loop()
                Serial.write(PROT_ACK);
                get_dev_descriptor();
                if(usb_args.trigger == 1) digitalWrite(6, HIGH);
                rcode = Usb.ctrlReq_SETUP(addr, 0,
                                          usb_args.bmRequestType,
                                          usb_args.bRequest,
@@ -222,6 +225,7 @@ void loop()
                    }
                    Usb.regWr(rHXFR, tokOUTHS);
                    if(usb_args.trigger == 1) digitalWrite(6, LOW);
                    Serial.write(PROT_SUCCESS);
                    break;
                }
@@ -253,6 +257,7 @@ void loop()
                    }
                    Usb.regWr(rHXFR, tokINHS);
                    if(usb_args.trigger == 1) digitalWrite(6, LOW);
                    Serial.write(PROT_SUCCESS);
                    break;
                }
--- a/c8_remote/include/usb_helpers.h
+++ b/c8_remote/include/usb_helpers.h
@@ -41,7 +41,7 @@ int ctrl_transfer(struct pwned_device *dev,
                  unsigned char bmRequestType, unsigned char bRequest,
                  unsigned short wValue, unsigned short wIndex,
                  unsigned char *data, unsigned short data_len,
-                  unsigned int timeout);
+                  unsigned int timeout, unsigned int trigger);
 int reset(struct pwned_device *dev);
 int serial_descriptor(struct pwned_device *dev, unsigned char *serial_buf, int len);
--- a/c8_remote/main.c
+++ b/c8_remote/main.c
@@ -52,6 +52,7 @@ int main()
        return -1;
    }
    unsigned char key[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
    unsigned char data0[8] = {0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef};
    unsigned char data1[8] = {0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef};
@@ -62,7 +63,15 @@ int main()
        return -1;
    }
-    for(int i = 0; i < 100000; i++)
+    resp = write_gadget(dev, 0x180150000, key, 8);
    if(IS_CHECKM8_FAIL(resp->ret))
    {
        printf("failed to write key to device\n");
        return -1;
    }
    free_dev_cmd_resp(resp);
    for(int i = 0; i < 257; i++)
    {
        printf("encrypting ");
        for(int j = 0; j < 8; j++)
@@ -81,8 +90,9 @@ int main()
                              16, // action (AES_ENCRYPT)
                              0x1800b0048, 0x1800b0010, // dest and src addresses
                              16, // data size
-                              0x20000201, // AES_UID_KEY
+                              0x00000000, // AES_USER_KEY
-                              0, 0, // no
+                              0x180150000, // key address
                              0, // no IV
                              *((unsigned long long *) data0),
                              *((unsigned long long *) data1));
@@ -107,7 +117,7 @@ int main()
            printf("%02X", ((unsigned char *) &data1)[j]);
        }
        printf("\n");
-        usleep(333333);
+        usleep(1000000);
    }
    close_device_session(dev);
--- a/c8_remote/src/command.c
+++ b/c8_remote/src/command.c
@@ -12,7 +12,7 @@ void free_dev_cmd_resp(struct dev_cmd_resp *resp)
    free(resp);
 }
-int dfu_send_data(struct pwned_device *dev, unsigned char *data, long data_len)
+int dfu_send_data(struct pwned_device *dev, unsigned char *data, long data_len, unsigned int trigger)
 {
    checkm8_debug_indent("dfu_send_data(dev = %p, data = %p, data_len = %li)\n", dev, data, data_len);
    long long index = 0, amount;
@@ -25,7 +25,7 @@ int dfu_send_data(struct pwned_device *dev, unsigned char *data, long data_len)
        checkm8_debug_indent("\tsending chunk of size %li at index %li\n", amount, index);
-        ret = ctrl_transfer(dev, 0x21, 1, 0, 0, &data[index], amount, 5000);
+        ret = ctrl_transfer(dev, 0x21, 1, 0, 0, &data[index], amount, 5000, trigger);
        if(ret > 0) checkm8_debug_indent("\ttransferred %i bytes\n", ret);
        else
        {
@@ -64,14 +64,14 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
        }
    }
-    ret = dfu_send_data(dev, nullbuf, 16);
+    ret = dfu_send_data(dev, nullbuf, 16, 0);
    if(IS_CHECKM8_FAIL(ret))
    {
        cmd_resp->ret = ret;
        return cmd_resp;
    }
-    ret = ctrl_transfer(dev, 0x21, 1, 0, 0, nullbuf, 0, 100);
+    ret = ctrl_transfer(dev, 0x21, 1, 0, 0, nullbuf, 0, 100, 0);
    if(ret >= 0) checkm8_debug_indent("\ttransferred %i bytes\n", ret);
    else
    {
@@ -80,7 +80,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
        return cmd_resp;
    }
-    ret = ctrl_transfer(dev, 0xA1, 3, 0, 0, nullbuf, 6, 100);
+    ret = ctrl_transfer(dev, 0xA1, 3, 0, 0, nullbuf, 6, 100, 0);
    if(ret >= 0) checkm8_debug_indent("\ttransferred %i bytes\n", ret);
    else
    {
@@ -89,7 +89,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
        return cmd_resp;
    }
-    ret = ctrl_transfer(dev, 0xA1, 3, 0, 0, nullbuf, 6, 100);
+    ret = ctrl_transfer(dev, 0xA1, 3, 0, 0, nullbuf, 6, 100, 0);
    if(ret >= 0) checkm8_debug_indent("\ttransferred %i bytes\n", ret);
    else
    {
@@ -98,7 +98,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
        return cmd_resp;
    }
-    ret = dfu_send_data(dev, args, arg_len);
+    ret = dfu_send_data(dev, args, arg_len, 1);
    if(IS_CHECKM8_FAIL(ret))
    {
        cmd_resp->ret = ret;
@@ -110,7 +110,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
        ret = ctrl_transfer(dev,
                            0xA1, 2, 0xFFFF, 0,
                            resp_buf, response_len + 1,
-                            100);
+                            100, 0);
        if(ret >= 0) checkm8_debug_indent("\tfinal request transferred %i bytes\n", ret);
        else
        {
@@ -124,7 +124,7 @@ struct dev_cmd_resp *command(struct pwned_device *dev,
        ret = ctrl_transfer(dev,
                            0xA1, 2, 0xFFFF, 0,
                            resp_buf, response_len,
-                            100);
+                            100, 0);
        if(ret >= 0) checkm8_debug_indent("\tfinal request transferred %i bytes\n", ret);
        else
        {
--- a/c8_remote/src/usb_helpers.c
+++ b/c8_remote/src/usb_helpers.c
@@ -480,7 +480,7 @@ int ctrl_transfer(struct pwned_device *dev,
                  unsigned char bmRequestType, unsigned char bRequest,
                  unsigned short wValue, unsigned short wIndex,
                  unsigned char *data, unsigned short data_len,
-                  unsigned int timeout)
+                  unsigned int timeout, unsigned int trigger)
 {
    checkm8_debug_indent(
            "ctrl_transfer(dev = %p, bmRequestType = %X, bRequest = %X, wValue = %i, wIndex = %i, data = %p, data_len = %i, timeout = %i)\n",
@@ -495,6 +495,7 @@ int ctrl_transfer(struct pwned_device *dev,
    args.wValue = wValue;
    args.wIndex = wIndex;
    args.data_len = data_len;
    args.trigger = trigger;
    checkm8_debug_indent("\tsending data to arduino\n");
    write(dev->ard_fd, &PROT_CTRL_XFER, 1);
--- a/include/ard_protocol.h
+++ b/include/ard_protocol.h
@@ -28,6 +28,7 @@ struct usb_xfer_args
    unsigned short wIndex;
    unsigned short data_len;
    unsigned char trigger;
 } __attribute__ ((packed));
 struct serial_desc_args
--- a/include/libusb.h
+++ b/include/libusb.h
--- a/include/libusb_config.h
+++ b/include/libusb_config.h
@@ -1,167 +0,0 @@
 /* config.h.  Generated from config.h.in by configure.  */
 /* config.h.in.  Generated from configure.ac by autoheader.  */
 #include "checkm8_config.h"
 /* Default visibility */
 #define DEFAULT_VISIBILITY __attribute__((visibility("default")))
 #ifdef LIBUSB_LOGGING
    /* Start with debug message logging enabled */
    #define ENABLE_DEBUG_LOGGING 1
    /* Message logging */
    #define ENABLE_LOGGING 1
 #endif
 /* Define to 1 if you have the <asm/types.h> header file. */
 /* #undef HAVE_ASM_TYPES_H */
 /* Define to 1 if you have the declaration of `TFD_CLOEXEC', and to 0 if you
   don't. */
 #define HAVE_DECL_TFD_CLOEXEC 1
 /* Define to 1 if you have the declaration of `TFD_NONBLOCK', and to 0 if you
   don't. */
 #define HAVE_DECL_TFD_NONBLOCK 1
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #define HAVE_DLFCN_H 1
 /* Define to 1 if you have the <inttypes.h> header file. */
 #define HAVE_INTTYPES_H 1
 /* Define to 1 if you have the `udev' library (-ludev). */
 #define HAVE_LIBUDEV 1
 /* Define to 1 if you have the <libudev.h> header file. */
 #define HAVE_LIBUDEV_H 1
 /* Define to 1 if you have the <linux/netlink.h> header file. */
 /* #undef HAVE_LINUX_NETLINK_H */
 /* Define to 1 if you have the <memory.h> header file. */
 #define HAVE_MEMORY_H 1
 /* Define to 1 if you have the `pipe2' function. */
 #define HAVE_PIPE2 1
 /* Define to 1 if you have the <poll.h> header file. */
 #define HAVE_POLL_H 1
 /* Define to 1 if you have the <stdint.h> header file. */
 #define HAVE_STDINT_H 1
 /* Define to 1 if you have the <stdlib.h> header file. */
 #define HAVE_STDLIB_H 1
 /* Define to 1 if you have the <strings.h> header file. */
 #define HAVE_STRINGS_H 1
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1
 /* Define to 1 if the system has the type `struct timespec'. */
 #define HAVE_STRUCT_TIMESPEC 1
 /* syslog() function available */
 /* #undef HAVE_SYSLOG_FUNC */
 /* Define to 1 if you have the <syslog.h> header file. */
 /* #undef HAVE_SYSLOG_H */
 /* Define to 1 if you have the <sys/socket.h> header file. */
 /* #undef HAVE_SYS_SOCKET_H */
 /* Define to 1 if you have the <sys/stat.h> header file. */
 #define HAVE_SYS_STAT_H 1
 /* Define to 1 if you have the <sys/time.h> header file. */
 #define HAVE_SYS_TIME_H 1
 /* Define to 1 if you have the <sys/types.h> header file. */
 #define HAVE_SYS_TYPES_H 1
 /* Define to 1 if you have the <unistd.h> header file. */
 #define HAVE_UNISTD_H 1
 /* Define to the sub-directory where libtool stores uninstalled libraries. */
 #define LT_OBJDIR ".libs/"
 /* Darwin backend */
 /* #undef OS_DARWIN */
 /* Haiku backend */
 /* #undef OS_HAIKU */
 /* Linux backend */
 #define OS_LINUX 1
 /* NetBSD backend */
 /* #undef OS_NETBSD */
 /* OpenBSD backend */
 /* #undef OS_OPENBSD */
 /* SunOS backend */
 /* #undef OS_SUNOS */
 /* Windows backend */
 /* #undef OS_WINDOWS */
 /* Name of package */
 #define PACKAGE "src"
 /* Define to the address where bug reports for this package should be sent. */
 #define PACKAGE_BUGREPORT "src-devel@lists.sourceforge.net"
 /* Define to the full name of this package. */
 #define PACKAGE_NAME "src"
 /* Define to the full name and version of this package. */
 #define PACKAGE_STRING "src 1.0.23"
 /* Define to the one symbol short name of this package. */
 #define PACKAGE_TARNAME "src"
 /* Define to the home page for this package. */
 #define PACKAGE_URL "http://src.info"
 /* Define to the version of this package. */
 #define PACKAGE_VERSION "1.0.23"
 /* type of second poll() argument */
 #define POLL_NFDS_TYPE nfds_t
 /* Define to 1 if you have the ANSI C header files. */
 #define STDC_HEADERS 1
 /* Use POSIX Threads */
 #define THREADS_POSIX 1
 /* timerfd headers available */
 #define USBI_TIMERFD_AVAILABLE 1
 /* Enable output to system log */
 /* #undef USE_SYSTEM_LOGGING_FACILITY */
 /* Use udev for device enumeration/hotplug */
 #define USE_UDEV 1
 /* Version number of package */
 #define VERSION "1.0.23"
 /* Oldest Windows version supported */
 /* #undef WINVER */
 /* Use GNU extensions */
 #define _GNU_SOURCE 1
 /* Oldest Windows version supported */
 /* #undef _WIN32_WINNT */
 /* Define to `__inline__' or `__inline' if that's what the C compiler
   calls it, or to nothing if 'inline' is not supported under any name.  */
 #ifndef __cplusplus
 /* #undef inline */
 #endif