grg/checkm8_tool
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

I guess this is okay for now... do want to clean up in the future though

Browse Source
This commit is contained in:
Gregor Haas
2020-01-04 14:51:07 -05:00
parent 5f07a7d1ef
commit dcfb71bbb6
4 changed files with 7 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
c8_arduino/src/checkm8_arduino.ino
View File

@@ -296,9 +296,9 @@ void loop()
} }
break; break;
// default: default:
// Serial.write(PROT_FAIL_BADCMD); Serial.write(PROT_FAIL_BADCMD);
// break; break;
} }
} }
} }

2
c8_remote/CMakeLists.txt
View File

@@ -8,7 +8,7 @@ add_executable(checkm8_remote main.c src/usb_helpers.c src/exploit.c src/payload
add_custom_command(TARGET checkm8_remote POST_BUILD add_custom_command(TARGET checkm8_remote POST_BUILD
COMMAND ln COMMAND ln
ARGS -s -f -n ARGS -s -f -n
${CMAKE_SOURCE_DIR}/checkm8_payloads/bin ${CMAKE_SOURCE_DIR}/c8_payloads/bin
${CMAKE_CURRENT_SOURCE_DIR}/bin/payloads) ${CMAKE_CURRENT_SOURCE_DIR}/bin/payloads)
target_link_libraries(checkm8_remote checkm8_libusb pthread udev) target_link_libraries(checkm8_remote checkm8_libusb pthread udev)

52
c8_remote/main.c
View File

@@ -39,6 +39,7 @@ void checkm8_debug_block(const char *format, ...)
int main() int main()
{ {
int ret; int ret;
struct dev_cmd_resp *resp;
struct pwned_device *dev = exploit_device(); struct pwned_device *dev = exploit_device();
if(dev == NULL || dev->status == DEV_NORMAL) if(dev == NULL || dev->status == DEV_NORMAL)
{ {
@@ -46,57 +47,6 @@ int main()
return -1; return -1;
} }
struct dev_cmd_resp *resp;
ret = install_payload(dev, PAYLOAD_SYNC, DRAM);
if(IS_CHECKM8_FAIL(ret))
{
printf("Failed to install sync payload\n");
return -1;
}
ret = install_payload(dev, PAYLOAD_AES, DRAM);
if(IS_CHECKM8_FAIL(ret))
{
printf("Failed to install AES payload\n");
return -1;
}
resp = execute_payload(dev, PAYLOAD_SYNC, 0);
if(IS_CHECKM8_FAIL(resp->ret))
{
printf("Failed to execute sync payload\n");
return -1;
}
unsigned char data[16] = {0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe,
0xef};
unsigned char key[16] = {0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe,
0xef};
free_dev_cmd_resp(resp);
resp = write_payload(dev, 0x180152000, data, 16);
if(IS_CHECKM8_FAIL(resp->ret))
{
printf("Failed to write AES data\n");
return -1;
}
free_dev_cmd_resp(resp);
resp = write_payload(dev, 0x180152010, key, 16);
if(IS_CHECKM8_FAIL(resp->ret))
{
printf("Failed to write AES key\n");
return -1;
}
// free_dev_cmd_resp(resp);
// resp = execute_payload(dev, PAYLOAD_AES, 7, 16, 0x180152000, DFU_IMAGE_BASE + 56, 128, 0, 0x180152010, 0);
//
// if(IS_CHECKM8_FAIL(resp->ret))
// {
// printf("Failed to execute AES\n");
// return -1;
// }
free_dev_cmd_resp(resp); free_dev_cmd_resp(resp);
free_device(dev); free_device(dev);

4
include/ard_protocol.h
View File

@@ -28,13 +28,13 @@ struct usb_xfer_args
unsigned short wIndex; unsigned short wIndex;
unsigned short data_len; unsigned short data_len;
}; } __attribute__ ((packed));
struct serial_desc_args struct serial_desc_args
{ {
unsigned short dev_idVendor; unsigned short dev_idVendor;
unsigned short dev_idProduct; unsigned short dev_idProduct;
unsigned char len; unsigned char len;
}; } __attribute__ ((packed));
#endif //CHECKM8_TOOL_ARD_PROTOCOL_H #endif //CHECKM8_TOOL_ARD_PROTOCOL_H