2 lines
11 KiB
XML
2 lines
11 KiB
XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1101px" height="331px" viewBox="-0.5 -0.5 1101 331" content="<mxfile host="04n1rgtnob7ebrhhg57mh2mjuh68d4qe61ncs1a2e1n2no0ifp02" modified="2024-08-17T12:19:10.470Z" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Code/1.90.2 Chrome/122.0.6261.156 Electron/29.4.0 Safari/537.36" etag="KKJYI1_nldUocN3jMCBl" version="12.2.4" pages="1"><diagram id="ADw-6-ScJEZwpCBiqabR" name="Page-1">7Vnbbts4EP0aP24gWZZsPza2t0XRYoF1iraPjDiSmNKkQFG+7NeXpEiJCt1ugRox0uTFEQ+Ht5kzRyNmkqx2x7cC1dVHjoFOphE+TpL1ZDqNp8ul+qORU4eky6gDSkGwNRqALfkPLOjMWoKhGRlKzqkk9RjMOWOQyxGGhOCHsVnB6XjVGpUQANsc0RD9TLCsOnSRRgP+DkhZuZXjyPbskDO2QFMhzA8elGwmyUpwLrun3XEFVDvP+aUb9/cPevuNCWDyVwbM7DbkyZ0NsDqqbXIhK15yhuhmQG8FbxkGPUGkWoPNB85rBcYKfAApTzZuqJVcQZXcUdsLRyK/eM9f9VQ3qW2tj3Zm0zi5BpPi9MVveKN0cxhmWm5c6BDro4a3IrdnnloOIVGCtUo6SHvDG2ad+Bb4DtQqykAARZLsx8RAll9lbzeEQD3YKJyPiN3LHtHWTro51pQTGUaKUkV4HRHFolqDmLf3FDY97vkco6bqY3aoiISmRub8B5WjCkNN3aVKQY7a8LYglK445cKslhSLHPJcLyYF/wZez/0inaU/9fUehITjT/1oe11eWGGI57Z9GNIss1DlZZjDfsfx89dUGHjvp0J6rVRIglTYSiWtcRCocRgMu7djdnsuf8RriHEK83O8XmbzBGWX4XU8e0TsxTwgdnqG2M75v+PGxSuxBxb7xM6uRew0IPYa7tuyBPEMqd3zttfs2U0akDuOz7A7vYBsu3lfOL2zkN7La9E7C+j97z8fFfBpq84SrfmBUY7wRan+NNXJ7LGKPzHVX6t1j9c+1eOrlevLP0nKs6D8fkp2x4ErJ9OMSu0X1ZWV+skVgB2uphy6HIjJ3kF3FQjQSzTqh6lvasUQxtuy0oExrtcXB+qn06NIVhopWrMv3McxIkz9cGbMBWINyiXhClsZZg4DiWikibm+P9Aj6Km7hShI2Qpoeg0UkINmofIY0wtjq4lNP9ewen9U72ABt1SA5ZhAY6Iwvfsxqyyk/UBYqYB0aN0Zbfhr+iOicsWpgpqLi4pgDCwQmkvUzGMyzsJPwb6Sqsa3LRcgY/gZHpJxHcbo/+g45lVFHlD+bQi6I4dsBTNEZJZoliYU5GDcvVNx/za1MNNMsBy8UQ9vWoUzSXIkDQH1RYKd7qHd1Y1LASK19V1lcgVRqi/JdABlXml6TKPbD7HuKaTZOhqmNTt8sSxNHmlmr4UeT5PkjGZehqevtxb++39UE1zt8y4OLy7eq1RzOfTsyt5FfM2yIPxYDpW4E853Rk5/VY1voeCmOtAy2Emcec93OudrrKfDaognut2oUHddyYGoqQ46mVchNgVDSfbduLYxxQHW5nCEvHVabyW224iZSC+mx79YlZ2n6TVVNvyifcZVfhxFT5fPqjn8N8v0ef8TTDbfAQ==</diagram></mxfile>"><defs/><g><path d="M 70 170 L 123.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 128.88 170 L 121.88 173.5 L 123.63 170 L 121.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><ellipse cx="40" cy="170" rx="30" ry="30" fill="#f8cecc" stroke="#b85450" pointer-events="all"/><ellipse cx="40" cy="170" rx="26" ry="26" fill="none" stroke="#b85450" pointer-events="all"/><g transform="translate(21.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="36" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">Exploit</div></div></foreignObject></g><path d="M 180 170 L 233.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 238.88 170 L 231.88 173.5 L 233.63 170 L 231.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="130" y="157" width="50" height="25" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(135.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="38" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 39px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Stage1</div></div></foreignObject></g><path d="M 350 170 L 423.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 428.88 170 L 421.88 173.5 L 423.63 170 L 421.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="240" y="144.5" width="110" height="50" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(268.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="53" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 54px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Debugger</div></div></foreignObject></g><path d="M 540 170 L 603.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 608.88 170 L 601.88 173.5 L 603.63 170 L 601.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="430" y="144.5" width="110" height="50" fill="#f8cecc" stroke="#b85450" pointer-events="all"/><g transform="translate(431.5,155.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="106" height="27"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 106px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">ROM USB Download</div></div></foreignObject></g><path d="M 720 170 L 793.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 798.88 170 L 791.88 173.5 L 793.63 170 L 791.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="610" y="145" width="110" height="50" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(638.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="53" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 54px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Debugger</div></div></foreignObject></g><rect x="0" y="10" width="225" height="110" fill="none" stroke="none" pointer-events="all"/><g transform="translate(4.5,-0.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="215" height="117"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; overflow: hidden; max-height: 120px; max-width: 215px; width: 215px; white-space: normal; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><h1>Stage1</h1><div>There is not enough space to load the full debugger in one transaction, so the first stage only configures USB receive and downloads the debugger</div></div></div></foreignObject></g><rect x="310" y="220" width="330" height="110" fill="none" stroke="none" pointer-events="all"/><g transform="translate(314.5,209.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="320" height="102"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; overflow: hidden; max-height: 120px; max-width: 320px; width: 320px; white-space: normal; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><h1>Debugger</h1><div>The debugger hijacks the USB return function and lets the ROM download the next stage. Authenticates it and jumps to it. This allows patching BL1 after authentication</div></div></div></foreignObject></g><path d="M 910 170 L 983.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 988.88 170 L 981.88 173.5 L 983.63 170 L 981.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="800" y="145" width="110" height="50" fill="#f8cecc" stroke="#b85450" pointer-events="all"/><g transform="translate(827.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="54" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 55px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Jump BL1</div></div></foreignObject></g><rect x="745" y="220" width="330" height="110" fill="none" stroke="none" pointer-events="all"/><g transform="translate(749.5,209.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="320" height="102"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; overflow: hidden; max-height: 120px; max-width: 320px; width: 320px; white-space: normal; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><h1>USB Hijack</h1><div>Before jumping in BL1 the ROM function for downloading the next stage is also hijacked, giving us code execution after BL1 is loaded</div></div></div></foreignObject></g><rect x="990" y="145" width="110" height="50" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(1018.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="53" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 54px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Debugger</div></div></foreignObject></g></g></svg> |