diff --git a/.gitignore b/.gitignore
index 279b45b..de94b74 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
dump/
+*.bin
+*.a
diff --git a/documentation/.gitignore b/documentation/.gitignore
new file mode 100644
index 0000000..567609b
--- /dev/null
+++ b/documentation/.gitignore
@@ -0,0 +1 @@
+build/
diff --git a/documentation/images/underflow_bug.png b/documentation/source/images/underflow_bug.png
similarity index 100%
rename from documentation/images/underflow_bug.png
rename to documentation/source/images/underflow_bug.png
diff --git a/dwc3.bin b/dwc3.bin
deleted file mode 100755
index 2a61d94..0000000
Binary files a/dwc3.bin and /dev/null differ
diff --git a/dwc3.o b/dwc3.o
deleted file mode 100644
index a372f27..0000000
Binary files a/dwc3.o and /dev/null differ
diff --git a/reven/SamsungS7.gpr b/reven/SamsungS7.gpr
new file mode 100644
index 0000000..e69de29
diff --git a/reven/SamsungS7.lock b/reven/SamsungS7.lock
new file mode 100644
index 0000000..b791c8f
--- /dev/null
+++ b/reven/SamsungS7.lock
@@ -0,0 +1,9 @@
+#Ghidra Lock File
+#Wed Jul 31 20:30:18 CEST 2024
+OS\ Name=Linux
+OS\ Version=6.5.0-41-generic
+Username=eljakim
+Hostname=levith
+\ Supports\ File\ Channel\ Locking=Channel Lock
+OS\ Architecture=amd64
+Timestamp=7/31/24, 8\:30 PM
diff --git a/reven/SamsungS7.lock~ b/reven/SamsungS7.lock~
new file mode 100644
index 0000000..e69de29
diff --git a/reven/SamsungS7.rep/idata/00/00000000.prp b/reven/SamsungS7.rep/idata/00/00000000.prp
new file mode 100644
index 0000000..4f6f33b
--- /dev/null
+++ b/reven/SamsungS7.rep/idata/00/00000000.prp
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/reven/SamsungS7.rep/idata/00/00000002.prp b/reven/SamsungS7.rep/idata/00/00000002.prp
new file mode 100644
index 0000000..e9d40f0
--- /dev/null
+++ b/reven/SamsungS7.rep/idata/00/00000002.prp
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/reven/SamsungS7.rep/idata/00/~00000000.db/db.3.gbf b/reven/SamsungS7.rep/idata/00/~00000000.db/db.3.gbf
new file mode 100644
index 0000000..9793d8b
Binary files /dev/null and b/reven/SamsungS7.rep/idata/00/~00000000.db/db.3.gbf differ
diff --git a/reven/SamsungS7.rep/idata/00/~00000002.db/db.1.gbf b/reven/SamsungS7.rep/idata/00/~00000002.db/db.1.gbf
new file mode 100644
index 0000000..d9ff928
Binary files /dev/null and b/reven/SamsungS7.rep/idata/00/~00000002.db/db.1.gbf differ
diff --git a/reven/SamsungS7.rep/idata/~index.bak b/reven/SamsungS7.rep/idata/~index.bak
new file mode 100644
index 0000000..b1e697f
--- /dev/null
+++ b/reven/SamsungS7.rep/idata/~index.bak
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/reven/SamsungS7.rep/idata/~index.dat b/reven/SamsungS7.rep/idata/~index.dat
new file mode 100644
index 0000000..3d79cef
--- /dev/null
+++ b/reven/SamsungS7.rep/idata/~index.dat
@@ -0,0 +1,7 @@
+VERSION=1
+/
+ 00000002:8890_bootrom.bin:7f0119bc3142241939494339
+/mib3
+ 00000000:full_boot:7f0118059140616855428589
+NEXT-ID:3
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/reven/SamsungS7.rep/idata/~journal.bak b/reven/SamsungS7.rep/idata/~journal.bak
new file mode 100644
index 0000000..fbe0c2d
--- /dev/null
+++ b/reven/SamsungS7.rep/idata/~journal.bak
@@ -0,0 +1,10 @@
+FADD:/NewFolder
+FMV:/NewFolder:/mib3
+IADD:00000000:/mib3/fwbl1_a.bin
+IDSET:/mib3/fwbl1_a.bin:7f0118059140616855428589
+IMV:/mib3/fwbl1_a.bin:/mib3/full_boot
+IADD:00000001:/mib3/8890_bootrom.bin
+IDSET:/mib3/8890_bootrom.bin:7f011974d142238523757581
+IADD:00000002:/8890_bootrom.bin
+IDSET:/8890_bootrom.bin:7f0119bc3142241939494339
+IDEL:/mib3/8890_bootrom.bin
diff --git a/reven/SamsungS7.rep/project.prp b/reven/SamsungS7.rep/project.prp
new file mode 100644
index 0000000..6452dab
--- /dev/null
+++ b/reven/SamsungS7.rep/project.prp
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/reven/SamsungS7.rep/user/00/00000000.prp b/reven/SamsungS7.rep/user/00/00000000.prp
new file mode 100644
index 0000000..37613a7
--- /dev/null
+++ b/reven/SamsungS7.rep/user/00/00000000.prp
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/reven/SamsungS7.rep/user/00/00000001.prp b/reven/SamsungS7.rep/user/00/00000001.prp
new file mode 100644
index 0000000..cd6603d
--- /dev/null
+++ b/reven/SamsungS7.rep/user/00/00000001.prp
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/reven/SamsungS7.rep/user/00/~00000000.db/db.1.gbf b/reven/SamsungS7.rep/user/00/~00000000.db/db.1.gbf
new file mode 100644
index 0000000..d04eed4
Binary files /dev/null and b/reven/SamsungS7.rep/user/00/~00000000.db/db.1.gbf differ
diff --git a/reven/SamsungS7.rep/user/00/~00000001.db/db.1.gbf b/reven/SamsungS7.rep/user/00/~00000001.db/db.1.gbf
new file mode 100644
index 0000000..9620672
Binary files /dev/null and b/reven/SamsungS7.rep/user/00/~00000001.db/db.1.gbf differ
diff --git a/reven/SamsungS7.rep/user/~index.bak b/reven/SamsungS7.rep/user/~index.bak
new file mode 100644
index 0000000..b1e697f
--- /dev/null
+++ b/reven/SamsungS7.rep/user/~index.bak
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/reven/SamsungS7.rep/user/~index.dat b/reven/SamsungS7.rep/user/~index.dat
new file mode 100644
index 0000000..441e2e0
--- /dev/null
+++ b/reven/SamsungS7.rep/user/~index.dat
@@ -0,0 +1,5 @@
+VERSION=1
+/
+ 00000000:udf_7f0118059140616855428589:7f0118d0b142268235940037
+NEXT-ID:1
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/reven/SamsungS7.rep/user/~journal.bak b/reven/SamsungS7.rep/user/~journal.bak
new file mode 100644
index 0000000..c490adb
--- /dev/null
+++ b/reven/SamsungS7.rep/user/~journal.bak
@@ -0,0 +1,2 @@
+IADD:00000000:/udf_7f0118059140616855428589
+IDSET:/udf_7f0118059140616855428589:7f0118d0b142268235940037
diff --git a/reven/SamsungS7.rep/user/~journal.dat b/reven/SamsungS7.rep/user/~journal.dat
new file mode 100644
index 0000000..ca6f18b
--- /dev/null
+++ b/reven/SamsungS7.rep/user/~journal.dat
@@ -0,0 +1,2 @@
+IADD:00000001:/udf_7f0119bc3142241939494339
+IDSET:/udf_7f0119bc3142241939494339:7f011abb7142807435236045
diff --git a/Makefile b/source/Makefile
similarity index 100%
rename from Makefile
rename to source/Makefile
diff --git a/source/dump_bootrom.elf b/source/dump_bootrom.elf
new file mode 100644
index 0000000..570320d
Binary files /dev/null and b/source/dump_bootrom.elf differ
diff --git a/dwc3.elf b/source/dwc3.elf
similarity index 79%
rename from dwc3.elf
rename to source/dwc3.elf
index 2bf5e44..2a73fb7 100755
Binary files a/dwc3.elf and b/source/dwc3.elf differ
diff --git a/source/dwc3.o b/source/dwc3.o
new file mode 100644
index 0000000..d4c13dc
Binary files /dev/null and b/source/dwc3.o differ
diff --git a/entry.S b/source/entry.S
similarity index 100%
rename from entry.S
rename to source/entry.S
diff --git a/entry.o b/source/entry.o
similarity index 100%
rename from entry.o
rename to source/entry.o
diff --git a/exploit.py b/source/exploit.py
similarity index 99%
rename from exploit.py
rename to source/exploit.py
index a81e53d..addd672 100644
--- a/exploit.py
+++ b/source/exploit.py
@@ -163,6 +163,7 @@ class ExynosDevice():
p = b"\xaa" * 0x200
transferred.value = 0
res = libusb1.libusb_bulk_transfer(self.handle._USBDeviceHandle__handle, ENDPOINT_BULK_OUT, p, len(p), ctypes.byref(transferred), 100)
+ assert res == 0, "Error sending data"
buf = ctypes.c_buffer(b"", 0x20000)
res = libusb1.libusb_bulk_transfer(self.handle._USBDeviceHandle__handle, 0x81, buf, len(buf), ctypes.byref(transferred), 100)
diff --git a/source/ghidra.py b/source/ghidra.py
new file mode 100644
index 0000000..18dfd85
--- /dev/null
+++ b/source/ghidra.py
@@ -0,0 +1,9 @@
+from ghidra_assistant.ghidra_assistant import GhidraAssistant
+
+if __name__ == "__main__":
+ rom = open("S7/rom.bin", 'rb').read()
+
+ ga = GhidraAssistant()
+ ga.ghidra.add_memory(rom, 0x0, True, "ROM")
+
+ pass
\ No newline at end of file
diff --git a/symbols.txt b/source/symbols.txt
similarity index 100%
rename from symbols.txt
rename to source/symbols.txt
diff --git a/test_dwc3.c b/source/test_dwc3.c
similarity index 90%
rename from test_dwc3.c
rename to source/test_dwc3.c
index d39f0b2..f746b7a 100644
--- a/test_dwc3.c
+++ b/source/test_dwc3.c
@@ -40,6 +40,16 @@ void recv_data(){
}
}
+void send_data(void *address, uint32_t size){
+ maybe_usb_setup_read(0x81, NULL, 0x200);
+ void *rbuf = get_endpoint_buffer(1);
+ for(int i= 0; i < size; i++){
+ *(char *)(void *)((int)rbuf + i) = *(char *)(void *)((int)address + i);
+ }
+ dwc
+
+}
+
void send_data(uint32_t *address, uint32_t size)
{
// asm("stp x29, x30, [sp,#-48]!");;
@@ -79,7 +89,6 @@ void send_data(uint32_t *address, uint32_t size)
int main() {
while(1){
recv_data();
- send_data((uint32_t *) recv_buffer, 0x200);
}
diff --git a/test_dwc3.ld b/source/test_dwc3.ld
similarity index 100%
rename from test_dwc3.ld
rename to source/test_dwc3.ld