EljakimHerrewijnen/Samsung_S7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added bl1 patches comment

Browse Source
This commit is contained in:
Eljakim Herrewijnen 2024-08-17 12:27:56 +02:00
parent 8926897590
commit 8cb5f2e151
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source/exploit/exploit.py
View File

@ -610,8 +610,7 @@ class ExynosDevice():
jump_bl1(DEBUGGER_ADDR) jump_bl1(DEBUGGER_ADDR)
# ==== BL31 ====
# At this point BL1 has booted. Next up is BL31
assert self.usb_read(0x200) == b"GiAs", "Failed to jump back to debugger" assert self.usb_read(0x200) == b"GiAs", "Failed to jump back to debugger"
self.cd.memwrite_region(0x020200dc, p32(hijacked_fun)) # To continue booting next stages self.cd.memwrite_region(0x020200dc, p32(hijacked_fun)) # To continue booting next stages
self.cd.restore_stack_and_jump(hijacked_fun) self.cd.restore_stack_and_jump(hijacked_fun)
@ -623,15 +622,13 @@ class ExynosDevice():
self.connect_device() self.connect_device()
time.sleep(1) time.sleep(1)
### WORKS UNTIL HERE. Unsure where we are in BL31 currently # ==== Stage 3 BL2 ====
# Load BL3
# self.usb_read(0x200) # GiAs
# self.cd.restore_stack_and_jump(hijacked_fun)
self.send_normal_stage(open("../S7/g930f_latest/g930f_sboot.bin.3.bin", "rb").read()) self.send_normal_stage(open("../S7/g930f_latest/g930f_sboot.bin.3.bin", "rb").read())
time.sleep(2) time.sleep(2)
self.connect_device() self.connect_device()
# ==== Stage 4 ====
self.send_normal_stage(open("../S7/g930f_latest/g930f_sboot.bin.4.bin", "rb").read()) self.send_normal_stage(open("../S7/g930f_latest/g930f_sboot.bin.4.bin", "rb").read())
time.sleep(2) time.sleep(2)
self.connect_device() self.connect_device()