sending incorrect data now
This commit is contained in:
parent
10e4590faf
commit
d40e818b33
@ -1,46 +1,47 @@
|
||||
start:
|
||||
b main
|
||||
|
||||
.text
|
||||
.global rom_send
|
||||
rom_send:
|
||||
mov w1, #0x20000 // size
|
||||
mov w0, #0x0 // address
|
||||
bl usb_send
|
||||
ret
|
||||
|
||||
.text
|
||||
.global usb_send
|
||||
usb_send:
|
||||
stp x29, x30, [sp,#-48]!
|
||||
mov w3, #0x0
|
||||
bfxil w3, w1, #0, #24
|
||||
mov w1, #0xc12
|
||||
mov x29, sp
|
||||
stp x19, x20, [sp,#16]
|
||||
mov x5, #0xc834
|
||||
mov w20, #0x1
|
||||
movk x5, #0x1540, lsl #16
|
||||
ldr x2, [x29,#40]
|
||||
mov x4, #0xc838
|
||||
orr w6, w1, w20
|
||||
movk x4, #0x1540, lsl #16
|
||||
mov x19, #0xc83c
|
||||
movk x19, #0x1540, lsl #16
|
||||
stp w3, w1, [x2,#8]
|
||||
mov w3, #0x406
|
||||
stp w0, wzr, [x2]
|
||||
mov w0, w20
|
||||
ldr x1, [x29,#40]
|
||||
strb w6, [x2,#12]
|
||||
; mov x2, #0x27c8
|
||||
str w1, [x5]
|
||||
mov w1, #0x1388
|
||||
str wzr, [x4]
|
||||
str w3, [x19]
|
||||
; blr x2
|
||||
mov w0, w20
|
||||
ldr w1, [x19]
|
||||
ldp x19, x20, [sp,#16]
|
||||
ldp x29, x30, [sp],#48
|
||||
ret
|
||||
;.text
|
||||
;.global rom_send
|
||||
;rom_send:
|
||||
; mov w1, #0x20000 // size
|
||||
; mov w0, #0x0 // address
|
||||
; bl usb_send
|
||||
; ret
|
||||
;
|
||||
;.text
|
||||
;.global usb_send
|
||||
;usb_send:
|
||||
; stp x29, x30, [sp,#-48]!
|
||||
; mov w3, #0x0
|
||||
; bfxil w3, w1, #0, #24
|
||||
; mov w1, #0xc12
|
||||
; mov x29, sp
|
||||
; stp x19, x20, [sp,#16]
|
||||
; mov x5, #0xc834
|
||||
; mov w20, #0x1
|
||||
; movk x5, #0x1540, lsl #16
|
||||
; ldr x2, [x29,#40]
|
||||
; mov x4, #0xc838
|
||||
; orr w6, w1, w20
|
||||
; movk x4, #0x1540, lsl #16
|
||||
; mov x19, #0xc83c
|
||||
; movk x19, #0x1540, lsl #16
|
||||
; stp w3, w1, [x2,#8]
|
||||
; mov w3, #0x406
|
||||
; stp w0, wzr, [x2]
|
||||
; mov w0, w20
|
||||
; ldr x1, [x29,#40]
|
||||
; strb w6, [x2,#12]
|
||||
; ; mov x2, #0x27c8
|
||||
; str w1, [x5]
|
||||
; mov w1, #0x1388
|
||||
; str wzr, [x4]
|
||||
; str w3, [x19]
|
||||
; ; blr x2
|
||||
; mov w0, w20
|
||||
; ldr w1, [x19]
|
||||
; ldp x19, x20, [sp,#16]
|
||||
; ldp x29, x30, [sp],#48
|
||||
; ret
|
||||
;
|
||||
@ -2,7 +2,7 @@ import usb.util
|
||||
import struct, sys, usb1, libusb1, ctypes, usb, argparse
|
||||
from keystone import *
|
||||
from capstone import *
|
||||
# from ghidra_assistant.utils.utils import *
|
||||
from ghidra_assistant.utils.utils import *
|
||||
|
||||
def p32(x):
|
||||
return struct.pack("<I", x)
|
||||
@ -168,8 +168,9 @@ class ExynosDevice():
|
||||
|
||||
|
||||
|
||||
from ghidra_assistant.utils.utils import *
|
||||
|
||||
ks = Ks(KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN)
|
||||
cs = Cs(CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN)
|
||||
def usb_debug():
|
||||
shellcode = f"""
|
||||
start:
|
||||
@ -285,7 +286,8 @@ def usb_debug():
|
||||
def recv_data():
|
||||
transferred.value = 0
|
||||
buf = ctypes.c_buffer(b"", 0x200)
|
||||
res = libusb1.libusb_bulk_transfer(exynos.handle._USBDeviceHandle__handle, 0x81, buf, len(buf), ctypes.byref(transferred), 100)
|
||||
res = libusb1.libusb_bulk_transfer(exynos.handle._USBDeviceHandle__handle, 0x81, buf, len(buf), ctypes.byref(transferred), 100)
|
||||
hexdump(buf.raw[:0x20])
|
||||
pass
|
||||
|
||||
# Should have received some bytes
|
||||
|
||||
Loading…
Reference in New Issue
Block a user