Samsung_S7

EljakimHerrewijnen/Samsung_S7

Fork 0

d1e0fdcd21 Merge branch 'main' of git.eminjenv.nl:nfi-exploitdev/samsung_s7 main Eljakim 2024-12-11 11:54:58 +0100
4c4ae97635 started on mib3 kdf Eljakim 2024-12-11 11:54:30 +0100
535d137102 Adding ghidra zip file Jonathan Herrewijnen 2024-12-10 20:31:19 +0100
da14253312 Cleaning up code Jonathan Herrewijnen 2024-12-10 19:47:56 +0100
d8163d1a15 Merge branch 'main' of git.eminjenv.nl:nfi-exploitdev/samsung_s7 Jonathan Herrewijnen 2024-12-10 18:58:54 +0100
15c848b190 belated commit (needs cleaning) Jonathan Herrewijnen 2024-12-10 18:58:47 +0100
2dd0ef7106 Fix requirements Floris van Silfhout 2024-12-09 11:15:37 +0100
93a1be94b2 Update requirements Floris van Silfhout 2024-12-09 10:45:04 +0100
1dec7120f1 patching introduced bugs Jonathan Herrewijnen 2024-12-09 10:51:36 +0100
e98ceea1d6 removed unnecesary code Eljakim Herrewijnen 2024-12-07 21:02:52 +0100
52a80a6f5e merge conflict Eljakim Herrewijnen 2024-12-07 21:02:04 +0100
4bfd827fbc added gupje only launch Eljakim Herrewijnen 2024-12-07 21:01:35 +0100
ee3bf581e3 Merge branch 'main' of git.eminjenv.nl:nfi-exploitdev/samsung_s7 Jonathan Herrewijnen 2024-12-07 20:59:40 +0100
6492aadd7c seperated exynos device from exploit Eljakim Herrewijnen 2024-12-07 20:59:02 +0100
72a50cd648 docs update and boot flow update Jonathan Herrewijnen 2024-12-07 20:58:35 +0100
ab0e9e3d57 docs update and boot flow update Jonathan Herrewijnen 2024-12-07 20:57:04 +0100
a7a5bdeb7e Can print UART address from functoin Jonathan Herrewijnen 2024-11-25 17:40:39 +0100
901f9b2141 Add gzf with ufs read/write Jonathan Herrewijnen 2024-11-25 13:58:05 +0100
05ae123c50 cleanup repository Jonathan Herrewijnen 2024-11-21 21:39:30 +0100
768ce5cf26 docs update on mobicore, xen and kinibi Jonathan Herrewijnen 2024-11-14 19:02:42 +0100
009be66808 adds ghidra mcl loader for ta.bin in aarchv7 32 le Jonathan Herrewijnen 2024-11-14 14:18:37 +0100
ef4b266b62 boots mib3 after BL33. keeps debugger? Jonathan Herrewijnen 2024-11-12 20:58:34 +0100
5bc481f321 Merge remote-tracking branch 'origin/HEAD' Jonathan Herrewijnen 2024-11-12 17:46:10 +0100
7cb00e4c98 update docs regarding xen Jonathan Herrewijnen 2024-11-12 17:44:35 +0100
7dc12e054f Merge remote-tracking branch 'origin/main' Jonathan Herrewijnen 2024-11-12 15:50:08 +0100
4b937366bd Merge remote-tracking branch 'origin/HEAD' Jonathan Herrewijnen 2024-11-12 15:49:23 +0100
e0269ae3f1 restore proper boot chain for samsung s7 Jonathan Herrewijnen 2024-11-12 15:48:13 +0100
f905c6d2d3 documentation update Jonathan Herrewijnen 2024-11-07 19:08:53 +0100
091efe2f80 mib3 boots with debugger until after BL2. BL33 not properly booting Jonathan Herrewijnen 2024-11-05 18:30:55 +0100
1e040cbea9 modifies pointers to also debug boot MIB3 Jonathan Herrewijnen 2024-11-05 17:30:09 +0100
44ebe96d86 adds ghzfile Jonathan Herrewijnen 2024-10-24 19:18:42 +0200
3b89bec190 Modify usb_recovery boot to boot normally or in another way Jonathan Herrewijnen 2024-10-24 18:28:39 +0200
d187b06980 adds print screen binary. Not working for now Jonathan Herrewijnen 2024-10-23 19:24:09 +0200
9b12fe8c33 adding ghidra zip file Jonathan Herrewijnen 2024-10-10 20:36:18 +0200
26bb5a5718 Trying to patch screen Jonathan Herrewijnen 2024-10-10 19:58:17 +0200
697a2a6f4f adds ghidra zip file from 26 sept (xrdp is not working.. ) Jonathan Herrewijnen 2024-09-26 19:35:38 +0200
0c84503e47 minor docs update Jonathan Herrewijnen 2024-09-26 19:01:12 +0200
6711ceea27 updates docs to explain final sboot boot Jonathan Herrewijnen 2024-09-25 18:44:44 +0200
0174b2a4f7 Boots patched BL33 Jonathan Herrewijnen 2024-09-24 18:50:11 +0200
1dc24198b6 Returns to debugger and allows booting into recovery. Patching BL33 does not work. Should try patching the verification Jonathan Herrewijnen 2024-09-17 20:06:49 +0200
f431e1981f Adding DT_Sphinx confluence push. Fixing some errors in the documentation. Jonathan Herrewijnen 2024-09-17 18:28:35 +0200
fe58a3b869 reads B33 Jonathan Herrewijnen 2024-09-16 17:14:14 +0200
e56a90f457 Merge remote-tracking branch 'origin/HEAD' Jonathan Herrewijnen 2024-09-16 10:53:46 +0200
201e8485e8 Minor docs update and exploit.py update Jonathan Herrewijnen 2024-09-16 10:52:44 +0200
76d1b8361c Adding decompiled BL33 for now Jonathan Herrewijnen 2024-09-16 10:46:37 +0200
5bf8cf0a7f Minor update to memory map and some documentation updates Jonathan Herrewijnen 2024-09-14 16:41:21 +0200
d9d9ae332a Cleaning up code and rewriting documentation. Now mostly finalized. Jonathan Herrewijnen 2024-09-10 18:59:32 +0200
ac755b81f1 Updating docs Jonathan Herrewijnen 2024-09-09 18:19:34 +0200
a75bf965cc Boots BL2 and returns to debugger. BL2 not yet patcheable. Jonathan Herrewijnen 2024-09-09 17:23:10 +0200
b0c2b414ca Updated ghidra project file Jonathan Herrewijnen 2024-09-09 10:12:37 +0200
c8dd132ef9 Some spaces/devices Jonathan Herrewijnen 2024-09-05 20:55:39 +0200
c03af09de2 Adding ghidra BL31 file for later inspection Jonathan Herrewijnen 2024-09-05 20:18:05 +0200
20ad0cdb45 Found area where 02035600 becomes unaccessible. Trying to patch it. Jonathan Herrewijnen 2024-09-04 18:16:37 +0200
66621d36d7 Add descriptions to commit and cleanup Jonathan Herrewijnen 2024-09-04 14:16:26 +0200
906629b80f Small docs update Jonathan Herrewijnen 2024-09-03 19:31:41 +0200
e59478187d Loads and executes BL31, then returns debugger, then continues bootflow and enters recovery Jonathan Herrewijnen 2024-08-29 21:06:15 +0200
a12453cbd3 TTBR0_EL3 visible after BL31 Jonathan Herrewijnen 2024-08-28 18:45:05 +0200
91c7d60638 Adding third (variable) debugger Jonathan Herrewijnen 2024-08-27 20:18:39 +0200
a9f426292c Reversing draw order of boot diagram Jonathan Herrewijnen 2024-08-27 20:16:45 +0200
5044941619 Better boot memory overview. Boots into recovery. Jonathan Herrewijnen 2024-08-26 17:45:29 +0200
fb2c105bf3 Adding memdump with potential keys (NIST_P25) from before any boot other than bootrom Jonathan Herrewijnen 2024-08-26 13:09:19 +0200
df71d537ec small blocks in blocks memory map update Jonathan Herrewijnen 2024-08-25 20:00:07 +0200
3039e1dbc7 Debugger overwritten by BL2. Working on better memory map Jonathan Herrewijnen 2024-08-23 18:05:06 +0200
98033c5d61 Update .gitlab-ci.yml file Jonathan Herrewijnen 2024-08-23 08:27:08 +0000
ee605f567e Adjust for non-sudo Jonathan Herrewijnen 2024-08-22 19:56:46 +0200
d45b9eeb1b Add xvfb to build pipeline Jonathan Herrewijnen 2024-08-22 19:55:56 +0200
4ab063cc71 Unable to get firmware loader to return to debugger (yet) Jonathan Herrewijnen 2024-08-22 19:50:46 +0200
416521c8c7 Revert changes in exploit.py Jonathan Herrewijnen 2024-08-21 19:00:18 +0200
34ca995109 Adding gitlab pages Jonathan Herrewijnen 2024-08-20 17:28:57 +0200
5154096998 Updating readme and adding some necessary binaries to run the exploit Jonathan Herrewijnen 2024-08-20 16:31:49 +0200
ac9b7630b9 update gitignore Jonathan Herrewijnen 2024-08-20 15:23:50 +0200
2c20ff6255 Boots a patched bl31 Eljakim Herrewijnen 2024-08-18 13:55:11 +0200
2d0557c5c7 update Eljakim Herrewijnen 2024-08-17 20:35:52 +0200
8cb5f2e151 added bl1 patches comment Eljakim Herrewijnen 2024-08-17 12:27:56 +0200
8926897590 added bl1 patches comment Eljakim Herrewijnen 2024-08-17 12:25:35 +0200
c4fac034a1 Fully booting with ability to patch BL1 Eljakim Herrewijnen 2024-08-17 12:24:47 +0200
6bc9156cb6 Fixed resturctured text layout Eljakim Herrewijnen 2024-08-16 23:00:13 +0200
5e7cfa7a60 Debugger alive after bl31 Jonathan Herrewijnen 2024-08-16 19:37:25 +0200
55da2ce981 Now booting into USB recovery. Not yet jumping back to the debugger at each boot stage Jonathan Herrewijnen 2024-08-16 18:15:53 +0200
dc64defded added sboot Eljakim Herrewijnen 2024-08-16 13:46:03 +0200
27fd2b00fb added normal boot mode Eljakim Herrewijnen 2024-08-16 10:11:18 +0200
a8aed2e480 usb stack likely not executable Jonathan Herrewijnen 2024-08-14 19:46:27 +0200
99385d69e9 Booting bl31 fails as soon as we jump into it at 02021810 Jonathan Herrewijnen 2024-08-13 16:42:17 +0200
7a80b9f5a9 Boots BL1 correctly by setting some things (twin) Jonathan Herrewijnen 2024-08-12 18:58:49 +0200
4bbb11908f Merge branch 'main' of https://git.herreweb.nl/EljakimHerrewijnen/Samsung_S7 Jonathan Herrewijnen 2024-08-12 16:58:46 +0200
de8395b286 updated docs Jonathan Herrewijnen 2024-08-12 16:58:34 +0200
19d20965db updated docs Jonathan Herrewijnen 2024-08-12 16:57:40 +0200
6e4a22b5c3 pushed ghidra db Eljakim Herrewijnen 2024-08-12 16:56:19 +0200
5e7fd96d40 fixed conflicts Eljakim Herrewijnen 2024-08-12 16:53:25 +0200
2a0cd7ef02 bl1 authenticated and jumped to Eljakim Herrewijnen 2024-08-09 22:22:16 +0200
cf83b3d34e Merge pull request 'altered-script-flow' (#1) from altered-script-flow into main Jonathan Herrewijnen 2024-08-09 20:21:42 +0000
5d6204efa3 Minor docs update. Trying to dump memory altered-script-flow Jonathan Herrewijnen 2024-08-09 22:16:13 +0200
e8a997fee8 Merge branch 'main' of https://git.herreweb.nl/EljakimHerrewijnen/Samsung_S7 into altered-script-flow Jonathan Herrewijnen 2024-08-09 15:26:18 +0200
5cf20aa834 Merge branch 'main' of https://git.herreweb.nl/EljakimHerrewijnen/Samsung_S7 Jonathan Herrewijnen 2024-08-09 13:16:16 +0200
34c23e0d2a add venv to gitignore Jonathan Herrewijnen 2024-08-09 13:15:31 +0200
fbf826c99b authbl1 with bl1 works Eljakim Herrewijnen 2024-08-09 12:57:34 +0200
11bd8dd512 changed exploit flow Jonathan Herrewijnen 2024-08-08 19:46:04 +0200
d3ffb96db4 Readme update Eljakim Herrewijnen 2024-08-08 11:47:47 +0200
63befbb676 .gitignore update Eljakim Herrewijnen 2024-08-08 11:45:22 +0200
5cece6a205 .gitignore update Eljakim Herrewijnen 2024-08-08 11:44:56 +0200

Commit Graph Select branches Hide Pull Requests altered-script-flow main #1 Mono Color

Commit Graph

Select branches

Hide Pull Requests

altered-script-flow

main

#1