EljakimHerrewijnen/Samsung_S7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Can print UART address from functoin

Browse Source
This commit is contained in:
Jonathan Herrewijnen 2024-11-25 17:40:39 +01:00
parent 901f9b2141
commit a7a5bdeb7e
1 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
source/exploit/exploit.py
View File

@ -838,21 +838,48 @@ class ExynosDevice():
BL33_AUTH = 0x02024e5c
if args.MIB3:
self.cd.memwrite_region(0xcf08aa59, b"\x4c\x44\x46\x58") #58 was 57 in INIT print
#self.cd.memwrite_region(0xcf05e2b0, struct.pack('>I', 0x20000014)) # Change bootmode to GPT
self.cd.memwrite_region(0xcf026b94, struct.pack('>I', 0x210000b4)) # Change bootmode to GPT
BL33_AUTH = 0x202ae18 # BL33_LR
# Modifying return values to continue boot flow
#self.cd.memwrite_region(0xcf05dea8, b"\xa0\x1f\x42\xf8")
self.cd.arch_dbg.state.LR = DEBUGGER_ADDR
self.cd.restore_stack_and_jump(BL33_AUTH)
time.sleep(1)
self.usb_read(0x200)
self.cd.arch_dbg.state.LR = DEBUGGER_ADDR
self.write_uart(DEBUGGER_ADDR, 0xcf4dfb28)th
# NOT WORKING
self.read_ufs(DEBUGGER_ADDR)
pass
def write_uart(self, DEBUGGER_ADDR, data_pointer):
self.cd.arch_dbg.state.LR = DEBUGGER_ADDR
curr_X0 = self.cd.arch_dbg.state.X0
curr_X1 = self.cd.arch_dbg.state.X1
self.cd.arch_dbg.state.X0 = data_pointer
self.cd.arch_dbg.state.X1 = 0x0
self.cd.restore_stack_and_jump(0xcf05dd6c)
time.sleep(0.5)
self.connect_device()
self.usb_read(0x200)
self.cd.arch_dbg.state.X0 = curr_X0
self.cd.arch_dbg.state.X1 = curr_X1
return
def read_ufs(self, DEBUGGER_ADDR):
"""
Read UFS
@ -861,9 +888,13 @@ class ExynosDevice():
param1 = offset
"""
self.cd.arch_dbg.state.LR = DEBUGGER_ADDR
ufs_read_addr = 0xcf013840
self.cd.arch_dbg.state.X4 = 0x155A0000
ufs_read_addr = 0xcf00eaf4
self.cd.arch_dbg.state.X0 = 0x0
self.cd.arch_dbg.state.X1 = 0x1
self.cd.restore_stack_and_jump(ufs_read_addr)
time.sleep(1)
self.connect_device()
pass