diff --git a/c8_libpayload/CMakeLists.txt b/c8_libpayload/CMakeLists.txt index c63705a..c3b96a0 100644 --- a/c8_libpayload/CMakeLists.txt +++ b/c8_libpayload/CMakeLists.txt @@ -5,6 +5,7 @@ set(PL_NAMES aes_busy aes_sw bootstrap + exit_usb_task floppysleep sync sysreg diff --git a/c8_libpayload/pl/include/brfunc_timing.h b/c8_libpayload/pl/include/brfunc_timing.h index b3eac15..a75ace3 100644 --- a/c8_libpayload/pl/include/brfunc_timing.h +++ b/c8_libpayload/pl/include/brfunc_timing.h @@ -7,4 +7,6 @@ #define SYSTEM_TIME ((BOOTROM_FUNC) ADDR_SYSTEM_TIME) #define TIME_HAS_ELAPSED ((BOOTROM_FUNC) ADDR_TIME_HAS_ELAPSED) +#define GET_PLL ((BOOTROM_FUNC) ADDR_GET_PLL) + #endif //CHECKM8_TOOL_BRFUNC_TIMING_H diff --git a/c8_libpayload/pl/src/aes.c b/c8_libpayload/pl/src/aes.c index f86953e..4ecb75b 100644 --- a/c8_libpayload/pl/src/aes.c +++ b/c8_libpayload/pl/src/aes.c @@ -55,5 +55,6 @@ int _start(void *src, void *dst, void *key) { - return aes_hw_crypto_command(0, src, dst, 128, 0, key, 0); + return ((BOOTROM_FUNC) ADDR_AES_HW_CRYPTO_CMD)(0, src, dst, 128, 0, key, 0); + // return aes_hw_crypto_command(0, src, dst, 128, 0, key, 0); } \ No newline at end of file diff --git a/c8_libpayload/pl/src/aes_sw.c b/c8_libpayload/pl/src/aes_sw.c index 188f621..b30525c 100644 --- a/c8_libpayload/pl/src/aes_sw.c +++ b/c8_libpayload/pl/src/aes_sw.c @@ -161,14 +161,26 @@ void aes128_encrypt_ecb(unsigned char *msg, unsigned int msg_len, unsigned char } TEXT_SECTION -void _start(unsigned char *msg, unsigned int msg_len, unsigned char *key, +unsigned long long _start(unsigned char *msg, unsigned int msg_len, unsigned char *key, unsigned char sbox[16][16], unsigned char rc_lookup[11], unsigned char mul2[256], unsigned char mul3[256]) { - unsigned long long start, end; - unsigned long long platform_quiesce_hardware = 0x100007dd0; + unsigned long long start = 0, end = 0; + unsigned long long timer_deadline_enter = 0x10000b874; + unsigned long long halt = 0x1000004fc; - __asm__ volatile ("mrs %0, cntpct_el0" : "=r" (start)); - aes128_encrypt_ecb(msg, msg_len, key, sbox, rc_lookup, mul2, mul3); - __asm__ volatile ("mrs %0, cntpct_el0" : "=r" (end)); + while(1) + { + __asm__ volatile ("mrs %0, cntpct_el0" : "=r" (start)); + aes128_encrypt_ecb(msg, msg_len, key, sbox, rc_lookup, mul2, mul3); + __asm__ volatile ("mrs %0, cntpct_el0" : "=r" (end)); + + if(2 * end - start - 64 > 0) + { + ((BOOTROM_FUNC) timer_deadline_enter)(2 * end - start - 64, ((BOOTROM_FUNC) 0x10000b924)); + ((BOOTROM_FUNC) halt)(); + } + } + + return end - start; } \ No newline at end of file diff --git a/c8_libpayload/pl/src/exit_usb_task.c b/c8_libpayload/pl/src/exit_usb_task.c new file mode 100644 index 0000000..821849d --- /dev/null +++ b/c8_libpayload/pl/src/exit_usb_task.c @@ -0,0 +1,62 @@ +#include "brfunc_common.h" +#include "util.h" + +PAYLOAD_SECTION +void fix_heap() +{ + BOOTROM_FUNC calculate_checksum = ((BOOTROM_FUNC) 0x10000ee20); + BOOTROM_FUNC heap_verify = ((BOOTROM_FUNC) 0x10000f8b4); + + *((unsigned long long *) 0x1801b91a0) = 0x80 / 0x40; + *((unsigned long long *) 0x1801b91a8) = ((0x840u / 0x40) << 2u); + *((unsigned long long *) 0x1801b91b0) = 0x80; + *((unsigned long long *) 0x1801b91b8) = 0; + + *((unsigned long long *) 0x1801b9220) = 0x80 / 0x40; + *((unsigned long long *) 0x1801b9228) = ((0x80u / 0x40) << 2u); + *((unsigned long long *) 0x1801b9230) = 0x80; + *((unsigned long long *) 0x1801b9238) = 0; + + *((unsigned long long *) 0x1801b92a0) = 0x80 / 0x40; + *((unsigned long long *) 0x1801b92a8) = ((0x80u / 0x40) << 2u); + *((unsigned long long *) 0x1801b92b0) = 0x80; + *((unsigned long long *) 0x1801b92b8) = 0; + + __asm__ volatile ("dmb sy"); + calculate_checksum((unsigned long long *) 0x1801b9180, + (unsigned long long *) 0x1801b91a0, + 32, + (unsigned long long *) 0x180080640); + + calculate_checksum((unsigned long long *) 0x1801b9200, + (unsigned long long *) 0x1801b9220, + 32, + (unsigned long long *) 0x180080640); + + calculate_checksum((unsigned long long *) 0x1801b9280, + (unsigned long long *) 0x1801b92a0, + 32, + (unsigned long long *) 0x180080640); + + __asm__ volatile ("dmb sy"); + heap_verify(); +} + +TEXT_SECTION +void _start() +{ + unsigned int *completion = (unsigned int *) 0x180088ac8; + unsigned char *dfu_done = (unsigned char *) 0x180088ac0; + + unsigned long long *dfu_event = (unsigned long long *) 0x180088af0; + BOOTROM_FUNC event_signal = ((BOOTROM_FUNC) 0x10000aee8); + BOOTROM_FUNC enter_critical_section = ((BOOTROM_FUNC) 0x10000a4b8); + + fix_heap(); + + *completion = -1; + *dfu_done = 1; + + event_signal(dfu_event); + // enter_critical_section(); +} \ No newline at end of file diff --git a/c8_libpayload/pl/src/floppysleep.c b/c8_libpayload/pl/src/floppysleep.c index c7755d1..f946078 100644 --- a/c8_libpayload/pl/src/floppysleep.c +++ b/c8_libpayload/pl/src/floppysleep.c @@ -23,6 +23,8 @@ TEXT_SECTION unsigned long long _start(float *init_a) { int i; + volatile int j = 0; + unsigned long long start, end, report; unsigned long long timer_deadline_enter = 0x10000b874; unsigned long long halt = 0x1000004fc; @@ -39,9 +41,10 @@ unsigned long long _start(float *init_a) ((BOOTROM_FUNC) timer_deadline_enter)(2 * end - start - 64, ((BOOTROM_FUNC) 0x10000b924)); ((BOOTROM_FUNC) halt)(); } + + __asm__ volatile ("isb\n\rmrs %0, cntpct_el0" : "=r" (report)); + j++; } - - __asm__ volatile ("isb\n\rmrs %0, cntpct_el0" : "=r" (report)); - return report - end; + return end - start; } \ No newline at end of file diff --git a/c8_libpayload/pl/src/task_sleep_test.c b/c8_libpayload/pl/src/task_sleep_test.c index 423c04f..9f806fc 100644 --- a/c8_libpayload/pl/src/task_sleep_test.c +++ b/c8_libpayload/pl/src/task_sleep_test.c @@ -1,20 +1,21 @@ #include "util.h" #include "brfunc_common.h" -PAYLOAD_SECTION -void task_sleep(unsigned int usec) -{ - ((BOOTROM_FUNC) ADDR_TASK_SLEEP)(usec); -} - TEXT_SECTION -unsigned long long _start(unsigned int usec) +void _start(unsigned long long next, + unsigned long long arg0, unsigned long long arg1, + unsigned long long arg2, unsigned long long arg3) { - unsigned long long start, end; + int i; + BOOTROM_FUNC clock_gate = ((BOOTROM_FUNC) 0x100009d4cull); + for(i = 0x54 + 6; i > 6; i--) + { + if(i == 0x4b || i == 0x4a || i == 0x49 || i == 0x3e || + i == 0x1b || i == 0x17 || i == 0x11 || i == 0x10) + continue; - __asm__ volatile ("mrs %0, cntpct_el0" : "=r" (start)); - task_sleep(usec); - __asm__ volatile ("mrs %0, cntpct_el0" : "=r" (end)); + clock_gate(i, 0); + } - return end - start; + ((BOOTROM_FUNC) next)(arg0, arg1, arg2, arg3); } \ No newline at end of file diff --git a/c8_remote/include/payload.h b/c8_remote/include/payload.h index 67acbfb..c12cb6d 100644 --- a/c8_remote/include/payload.h +++ b/c8_remote/include/payload.h @@ -9,6 +9,7 @@ typedef enum PAYLOAD_AES_BUSY, PAYLOAD_AES_SW, PAYLOAD_BOOTSTRAP, + PAYLOAD_EXIT_USB_TASK, PAYLOAD_FLOPPYSLEEP, PAYLOAD_SYNC, PAYLOAD_SYSREG, diff --git a/c8_remote/src/payload.c b/c8_remote/src/payload.c index 9e8920b..819640e 100644 --- a/c8_remote/src/payload.c +++ b/c8_remote/src/payload.c @@ -48,6 +48,11 @@ struct payload *get_payload(PAYLOAD_T p) len = PAYLOAD_BOOTSTRAP_SZ; break; + case PAYLOAD_EXIT_USB_TASK: + pl = payload_exit_usb_task; + len = PAYLOAD_EXIT_USB_TASK_SZ; + break; + case PAYLOAD_FLOPPYSLEEP: pl = payload_floppysleep; len = PAYLOAD_FLOPPYSLEEP_SZ; diff --git a/include/checkm8_config.h b/include/checkm8_config.h index 56033f0..83d8ca9 100644 --- a/include/checkm8_config.h +++ b/include/checkm8_config.h @@ -3,7 +3,7 @@ #define CHECKM8_LOGGING -#define WITH_ARDUINO +//#define WITH_ARDUINO #define ARDUINO_DEV "/dev/ttyACM0" #define ARDUINO_BAUD 115200