Trying to patch screen
This commit is contained in:
parent
697a2a6f4f
commit
26bb5a5718
@ -803,13 +803,64 @@ class ExynosDevice():
|
|||||||
print(self.cd.arch_dbg.state.print_ctx())
|
print(self.cd.arch_dbg.state.print_ctx())
|
||||||
print(self.cd.memdump_region(0x8f063710, 0x8))
|
print(self.cd.memdump_region(0x8f063710, 0x8))
|
||||||
self.cd.memwrite_region(0x8f063710, struct.pack('>I', 0x53614d74))
|
self.cd.memwrite_region(0x8f063710, struct.pack('>I', 0x53614d74))
|
||||||
|
print(self.cd.memdump_region(0x8f063710, 0x8))
|
||||||
|
|
||||||
# Modify USB Recovyer mode string to: NFI Patched BL33
|
# Modify USB Recovyer mode string to: NFI Patched BL33
|
||||||
self.cd.memwrite_region(0x8f06ab10, b'\x4e\x46\x49\x20\x50\x61\x74\x63\x68\x69\x6e\x67\x20\x42\x4c\x33\x33')
|
self.cd.memwrite_region(0x8f06ab10, b'\x4e\x46\x49\x20\x50\x61\x74\x63\x68\x69\x6e\x67\x20\x42\x4c\x33\x33')
|
||||||
print(self.cd.memdump_region(0x8f063710, 0x8))
|
|
||||||
|
|
||||||
# Print state of x30/LR on screen
|
# Print state of x30/LR on screen
|
||||||
self.cd.memwrite_region(0x8f01dc08, struct.pack('>I', 0x7b432c91))
|
# self.cd.memwrite_region(0x8f01dc08, struct.pack('>I', 0xa40000f9))
|
||||||
|
|
||||||
|
# # Nop-able, but executed space
|
||||||
|
self.cd.memwrite_region(0x8f01dca8, struct.pack('>I', 0x804682d2))
|
||||||
|
# self.cd.memwrite_region(0x8f01dca8, struct.pack('>I', 0x1f2003d5))
|
||||||
|
|
||||||
|
self.cd.memwrite_region(0x8f01dcb0, struct.pack('>I', 0xe4ff9fd2))
|
||||||
|
# self.cd.memwrite_region(0x8f01dcb0, struct.pack('>I', 0x1f2003d5))
|
||||||
|
|
||||||
|
self.cd.memwrite_region(0x8f01dcb4, struct.pack('>I', 0xe5030091))
|
||||||
|
# self.cd.memwrite_region(0x8f01dcb4, struct.pack('>I', 0x1f2003d5))
|
||||||
|
|
||||||
|
self.cd.memwrite_region(0x8f008cb8, struct.pack('>I', 0xaaaaaaaa)) #0x24660094
|
||||||
|
# self.cd.memwrite_region(0x8f008cb8, struct.pack('>I', 0x1f2003d5))
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x8f008cb8, struct.pack('>I', 0x03028052)) # Set W3
|
||||||
|
self.cd.memwrite_region(0x8f008cb8, struct.pack('>I', 0x1f2003d5))
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x8f008ccc, struct.pack('>I', 0xe3ff9fd2)) # Set x3
|
||||||
|
self.cd.memwrite_region(0x8f008ccc, struct.pack('>I', 0x1f2003d5)) # Set x3
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x8f008cc0, struct.pack('>I', 0xe2ff9fd2)) # Set x2
|
||||||
|
self.cd.memwrite_region(0x8f008cc0, struct.pack('>I', 0x1f2003d5)) # Set x2
|
||||||
|
|
||||||
|
# # self.cd.memwrite_region(0x8f008cc4, struct.pack('>I', 0x804682d2)) # Set x0 to 0x0
|
||||||
|
self.cd.memwrite_region(0x8f008cc4, struct.pack('>I', 0x1f2003d5)) # Set x0 to 0x0
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x8f008cc8, struct.pack('>I', 0x410280d2)) # Set x1
|
||||||
|
self.cd.memwrite_region(0x8f008cc8, struct.pack('>I', 0x1f2003d5)) # Set x1
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x8f008cdc, struct.pack('>I', 0xe4ff9fd2)) # Set x4 to 0xffff
|
||||||
|
self.cd.memwrite_region(0x8f008cdc, struct.pack('>I', 0x1f2003d5)) # Set x4 to 0xffff
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x8f008cd0, struct.pack('>I', 0xe5030091)) # Set x5 to SP
|
||||||
|
self.cd.memwrite_region(0x8f008cd0, struct.pack('>I', 0x1f2003d5)) # Set x5 to SP
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x8f008cd4, struct.pack('>I', 0x00013fd6)) # Jump to screen function
|
||||||
|
self.cd.memwrite_region(0x8f008cd4, struct.pack('>I', 0x1f2003d5)) # Jump to screen function
|
||||||
|
|
||||||
|
# self.cd.memwrite_region(0x8f008cd8, struct.pack('>I', 0xc00800b0)) # Set x7 to 0x0
|
||||||
|
self.cd.memwrite_region(0x8f008cd8, struct.pack('>I', 0x1f2003d5)) # Set x7 to 0x0
|
||||||
|
|
||||||
|
### SCREEN PATCHES
|
||||||
|
# Nop initial l_display screen at 0x8f022654
|
||||||
|
# self.cd.memwrite_region(0x8f022654, struct.pack('>I', 0x1f2003d5))
|
||||||
|
# self.cd.memwrite_region(0x8f022658, struct.pack('>I', 0x1f2003d5))
|
||||||
|
# self.cd.memwrite_region(0x8f022658, struct.pack('>I', 0xe40300b9)) #Modify offset at pinter that contains the to-be printed text
|
||||||
|
# # Modify jh_format_log to instead jump to l_display_screen
|
||||||
|
# self.cd.memwrite_region(0x8f02265c, struct.pack('>I', 0xbbffff97))
|
||||||
|
|
||||||
|
# For when it works. Write jump
|
||||||
|
# self.cd.memwrite_region(0x8f008cb4, struct.pack('>I', 0x25660094))
|
||||||
|
|
||||||
self.cd.restore_stack_and_jump(0x02024e5c)
|
self.cd.restore_stack_and_jump(0x02024e5c)
|
||||||
|
|
||||||
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user