Samsung_S7

Author	SHA1	Message	Date
Jonathan Herrewijnen	091efe2f80	mib3 boots with debugger until after BL2. BL33 not properly booting	2024-11-05 18:30:55 +01:00
Jonathan Herrewijnen	1e040cbea9	modifies pointers to also debug boot MIB3	2024-11-05 17:30:09 +01:00
Jonathan Herrewijnen	3b89bec190	Modify usb_recovery boot to boot normally or in another way	2024-10-24 18:28:39 +02:00
Jonathan Herrewijnen	d187b06980	adds print screen binary. Not working for now	2024-10-23 19:24:09 +02:00
Jonathan Herrewijnen	9b12fe8c33	adding ghidra zip file	2024-10-10 20:36:18 +02:00
Jonathan Herrewijnen	26bb5a5718	Trying to patch screen	2024-10-10 19:58:17 +02:00
Jonathan Herrewijnen	0c84503e47	minor docs update	2024-09-26 19:01:12 +02:00
Jonathan Herrewijnen	6711ceea27	updates docs to explain final sboot boot	2024-09-25 18:44:44 +02:00
Jonathan Herrewijnen	0174b2a4f7	Boots patched BL33	2024-09-24 18:50:11 +02:00
Jonathan Herrewijnen	1dc24198b6	Returns to debugger and allows booting into recovery. Patching BL33 does not work. Should try patching the verification	2024-09-17 20:06:49 +02:00
Jonathan Herrewijnen	f431e1981f	Adding DT_Sphinx confluence push. Fixing some errors in the documentation.	2024-09-17 18:28:35 +02:00
Jonathan Herrewijnen	fe58a3b869	reads B33	2024-09-16 17:14:14 +02:00
Jonathan Herrewijnen	e56a90f457	Merge remote-tracking branch 'origin/HEAD'	2024-09-16 10:53:46 +02:00
Jonathan Herrewijnen	201e8485e8	Minor docs update and exploit.py update	2024-09-16 10:52:44 +02:00
Jonathan Herrewijnen	5bf8cf0a7f	Minor update to memory map and some documentation updates	2024-09-14 16:41:21 +02:00
Jonathan Herrewijnen	d9d9ae332a	Cleaning up code and rewriting documentation. Now mostly finalized. Boots BL2 and returns to debugger. BL2 is not yet patcheable.	2024-09-10 18:59:32 +02:00
Jonathan Herrewijnen	a75bf965cc	Boots BL2 and returns to debugger. BL2 not yet patcheable.	2024-09-09 17:23:10 +02:00
Jonathan Herrewijnen	c03af09de2	Adding ghidra BL31 file for later inspection	2024-09-05 20:18:05 +02:00
Jonathan Herrewijnen	20ad0cdb45	Found area where 02035600 becomes unaccessible. Trying to patch it.	2024-09-04 18:16:37 +02:00
Jonathan Herrewijnen	66621d36d7	Add descriptions to commit and cleanup	2024-09-04 14:16:26 +02:00
Jonathan Herrewijnen	906629b80f	Small docs update	2024-09-03 19:31:41 +02:00
Jonathan Herrewijnen	e59478187d	Loads and executes BL31, then returns debugger, then continues bootflow and enters recovery	2024-08-29 21:06:15 +02:00
Jonathan Herrewijnen	a12453cbd3	TTBR0_EL3 visible after BL31	2024-08-28 18:45:05 +02:00
Jonathan Herrewijnen	5044941619	Better boot memory overview. Boots into recovery.	2024-08-26 17:45:29 +02:00
Jonathan Herrewijnen	3039e1dbc7	Debugger overwritten by BL2. Working on better memory map	2024-08-23 18:05:06 +02:00
Jonathan Herrewijnen	4ab063cc71	Unable to get firmware loader to return to debugger (yet)	2024-08-22 19:50:46 +02:00
Jonathan Herrewijnen	416521c8c7	Revert changes in exploit.py	2024-08-21 19:00:18 +02:00
Eljakim Herrewijnen	2c20ff6255	Boots a patched bl31	2024-08-18 13:55:11 +02:00
Eljakim Herrewijnen	2d0557c5c7	update	2024-08-17 20:35:52 +02:00
Eljakim Herrewijnen	8cb5f2e151	added bl1 patches comment	2024-08-17 12:27:56 +02:00
Eljakim Herrewijnen	8926897590	added bl1 patches comment	2024-08-17 12:25:35 +02:00
Eljakim Herrewijnen	c4fac034a1	Fully booting with ability to patch BL1	2024-08-17 12:24:47 +02:00
Jonathan Herrewijnen	5e7cfa7a60	Debugger alive after bl31	2024-08-16 19:37:25 +02:00
Jonathan Herrewijnen	55da2ce981	Now booting into USB recovery. Not yet jumping back to the debugger at each boot stage	2024-08-16 18:15:53 +02:00
Eljakim Herrewijnen	27fd2b00fb	added normal boot mode	2024-08-16 10:11:18 +02:00
Jonathan Herrewijnen	a8aed2e480	usb stack likely not executable	2024-08-14 19:46:27 +02:00
Jonathan Herrewijnen	99385d69e9	Booting bl31 fails as soon as we jump into it at 02021810	2024-08-13 16:42:17 +02:00
Jonathan Herrewijnen	7a80b9f5a9	Boots BL1 correctly by setting some things (twin)	2024-08-12 18:58:49 +02:00
Eljakim Herrewijnen	5e7fd96d40	fixed conflicts	2024-08-12 16:53:25 +02:00
Eljakim Herrewijnen	2a0cd7ef02	bl1 authenticated and jumped to	2024-08-09 22:22:16 +02:00
Jonathan Herrewijnen	5d6204efa3	Minor docs update. Trying to dump memory	2024-08-09 22:16:13 +02:00
Jonathan Herrewijnen	e8a997fee8	Merge branch 'main' of https://git.herreweb.nl/EljakimHerrewijnen/Samsung_S7 into altered-script-flow	2024-08-09 15:26:18 +02:00
Eljakim Herrewijnen	fbf826c99b	authbl1 with bl1 works	2024-08-09 12:57:34 +02:00
Jonathan Herrewijnen	11bd8dd512	changed exploit flow	2024-08-08 19:46:04 +02:00
Jonathan Herrewijnen	e4c2b7ae02	Additional documentation	2024-08-07 19:13:35 +02:00
Eljakim Herrewijnen	0176439498	update	2024-08-07 00:20:30 +02:00
Eljakim Herrewijnen	a8cc6b3f39	Started booting fwbl1	2024-08-05 19:37:13 +02:00
Eljakim Herrewijnen	934bebe0c5	stage1 and debugger working	2024-08-05 14:51:04 +02:00
Eljakim Herrewijnen	87c5ce75c9	full send/recv working but need to clean up code	2024-08-02 21:18:08 +02:00
Eljakim Herrewijnen	0a7ffe9399	send with custom address works	2024-08-02 21:11:18 +02:00

1 2

52 Commits