Found area where 02035600 becomes unaccessible. Trying to patch it.
This commit is contained in:
parent
66621d36d7
commit
20ad0cdb45
@ -743,12 +743,14 @@ class ExynosDevice():
|
|||||||
|
|
||||||
# Modifies/disables setting up MMU (but is set up eventually) -> MMU says 0x0 instead of 0x1, but still little access (and proper USB recovyer boot!?)
|
# Modifies/disables setting up MMU (but is set up eventually) -> MMU says 0x0 instead of 0x1, but still little access (and proper USB recovyer boot!?)
|
||||||
# self.cd.memwrite_region(0x020244e8, struct.pack('>I', 0x1f0c00f1)) # Change check to always false
|
# self.cd.memwrite_region(0x020244e8, struct.pack('>I', 0x1f0c00f1)) # Change check to always false
|
||||||
|
|
||||||
# Write jump backs from BL31 at different levels
|
|
||||||
# self.cd.memwrite_region(0x02030a28, p64(DEBUGGER_ADDR))
|
|
||||||
|
|
||||||
# Overwrite jump back at 0202f810
|
# Overwrite jump back at 0202f810
|
||||||
# self.cd.memwrite_region(0x0202f818, struct.pack('>I', 0xfa610091))
|
# self.cd.memwrite_region(0x020242a8, struct.pack('>I', 0x568f0094)) # Last succesful jump back to debugger, while still having access to 0x02035600
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x02032008, struct.pack('>I', 0x1f2003d5)) # Overwrite MAIR to NOP
|
||||||
|
# self.cd.memwrite_region(0x0203203c, struct.pack('>I', 0xf1570094)) # Return to debugger. (not working, it continues booting..)
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x0203200c, struct.pack('>I', 0xfd570094)) # -> X1=0x18800, X30=0x20241a0. Device crashes when writing here.
|
||||||
|
|
||||||
# Jump into BL31 and execute it
|
# Jump into BL31 and execute it
|
||||||
self.cd.restore_stack_and_jump(0x02024010)
|
self.cd.restore_stack_and_jump(0x02024010)
|
||||||
@ -778,7 +780,7 @@ class ExynosDevice():
|
|||||||
|
|
||||||
# ==== Stage 4 ====
|
# ==== Stage 4 ====
|
||||||
stage4 = open("../S7/g930f_latest/g930f_sboot.bin.4.bin", "rb").read()
|
stage4 = open("../S7/g930f_latest/g930f_sboot.bin.4.bin", "rb").read()
|
||||||
|
|
||||||
# Patching
|
# Patching
|
||||||
# stage4_len = len(stage4)
|
# stage4_len = len(stage4)
|
||||||
# patch_len = len(b"USB RECOVERY MODE")
|
# patch_len = len(b"USB RECOVERY MODE")
|
||||||
|
Loading…
Reference in New Issue
Block a user