diff --git a/c8_arduino/src/checkm8_arduino.ino b/c8_arduino/src/checkm8_arduino.ino index 633e16c..5997d27 100644 --- a/c8_arduino/src/checkm8_arduino.ino +++ b/c8_arduino/src/checkm8_arduino.ino @@ -296,9 +296,9 @@ void loop() } break; -// default: -// Serial.write(PROT_FAIL_BADCMD); -// break; + default: + Serial.write(PROT_FAIL_BADCMD); + break; } } } \ No newline at end of file diff --git a/c8_remote/CMakeLists.txt b/c8_remote/CMakeLists.txt index 8c36622..206cfc0 100644 --- a/c8_remote/CMakeLists.txt +++ b/c8_remote/CMakeLists.txt @@ -8,7 +8,7 @@ add_executable(checkm8_remote main.c src/usb_helpers.c src/exploit.c src/payload add_custom_command(TARGET checkm8_remote POST_BUILD COMMAND ln ARGS -s -f -n - ${CMAKE_SOURCE_DIR}/checkm8_payloads/bin + ${CMAKE_SOURCE_DIR}/c8_payloads/bin ${CMAKE_CURRENT_SOURCE_DIR}/bin/payloads) target_link_libraries(checkm8_remote checkm8_libusb pthread udev) \ No newline at end of file diff --git a/c8_remote/main.c b/c8_remote/main.c index 1f6507d..80005ae 100644 --- a/c8_remote/main.c +++ b/c8_remote/main.c @@ -39,6 +39,7 @@ void checkm8_debug_block(const char *format, ...) int main() { int ret; + struct dev_cmd_resp *resp; struct pwned_device *dev = exploit_device(); if(dev == NULL || dev->status == DEV_NORMAL) { @@ -46,57 +47,6 @@ int main() return -1; } - struct dev_cmd_resp *resp; - ret = install_payload(dev, PAYLOAD_SYNC, DRAM); - if(IS_CHECKM8_FAIL(ret)) - { - printf("Failed to install sync payload\n"); - return -1; - } - - ret = install_payload(dev, PAYLOAD_AES, DRAM); - if(IS_CHECKM8_FAIL(ret)) - { - printf("Failed to install AES payload\n"); - return -1; - } - - resp = execute_payload(dev, PAYLOAD_SYNC, 0); - if(IS_CHECKM8_FAIL(resp->ret)) - { - printf("Failed to execute sync payload\n"); - return -1; - } - - unsigned char data[16] = {0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, - 0xef}; - unsigned char key[16] = {0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, - 0xef}; - - free_dev_cmd_resp(resp); - resp = write_payload(dev, 0x180152000, data, 16); - if(IS_CHECKM8_FAIL(resp->ret)) - { - printf("Failed to write AES data\n"); - return -1; - } - - free_dev_cmd_resp(resp); - resp = write_payload(dev, 0x180152010, key, 16); - if(IS_CHECKM8_FAIL(resp->ret)) - { - printf("Failed to write AES key\n"); - return -1; - } - -// free_dev_cmd_resp(resp); -// resp = execute_payload(dev, PAYLOAD_AES, 7, 16, 0x180152000, DFU_IMAGE_BASE + 56, 128, 0, 0x180152010, 0); -// -// if(IS_CHECKM8_FAIL(resp->ret)) -// { -// printf("Failed to execute AES\n"); -// return -1; -// } free_dev_cmd_resp(resp); free_device(dev); diff --git a/include/ard_protocol.h b/include/ard_protocol.h index e3d0dc9..d20d37c 100644 --- a/include/ard_protocol.h +++ b/include/ard_protocol.h @@ -28,13 +28,13 @@ struct usb_xfer_args unsigned short wIndex; unsigned short data_len; -}; +} __attribute__ ((packed)); struct serial_desc_args { unsigned short dev_idVendor; unsigned short dev_idProduct; unsigned char len; -}; +} __attribute__ ((packed)); #endif //CHECKM8_TOOL_ARD_PROTOCOL_H