From 59eaf299ad28883b76b5e814676057a3593f4fcc Mon Sep 17 00:00:00 2001 From: Eljakim Herrewijnen Date: Mon, 17 Jun 2024 20:15:08 +0200 Subject: [PATCH] started device implementation --- .vscode/launch.json | 8 + __pycache__/partial_emulation.cpython-310.pyc | Bin 7116 -> 11827 bytes partial_emulation.py | 300 ++++++++++++++++-- .../ghidra_assistant-0.0.1.dist-info/RECORD | 12 +- .../__pycache__/__init__.cpython-310.pyc | Bin 216 -> 216 bytes .../concrete_device.cpython-310.pyc | Bin 8551 -> 8750 bytes .../ghidra_assistant.cpython-310.pyc | Bin 1046 -> 1281 bytes .../ghidra_assistant/concrete_device.py | 7 + .../ghidra_assistant/ghidra_assistant.py | 6 + .../__pycache__/__init__.cpython-310.pyc | Bin 222 -> 222 bytes .../__pycache__/bit_helper.cpython-310.pyc | Bin 2777 -> 2777 bytes .../__pycache__/definitions.cpython-310.pyc | Bin 4768 -> 4768 bytes .../__pycache__/ga_client.cpython-310.pyc | Bin 2712 -> 2712 bytes .../__pycache__/ga_server.cpython-310.pyc | Bin 5366 -> 5366 bytes .../utils/__pycache__/utils.cpython-310.pyc | Bin 8515 -> 8515 bytes .../__pycache__/asm_utils.cpython-310.pyc | Bin 3615 -> 3615 bytes .../armT_processor_state.cpython-310.pyc | Bin 10885 -> 10885 bytes .../__pycache__/arm_emulator.cpython-310.pyc | Bin 10059 -> 10102 bytes .../utils/archs/arm/arm_emulator.py | 1 + .../arm64_emulator.cpython-310.pyc | Bin 22407 -> 22407 bytes .../arm64_processor_state.cpython-310.pyc | Bin 22255 -> 22255 bytes .../__pycache__/asm_arm64.cpython-310.pyc | Bin 2846 -> 2846 bytes .../__pycache__/uc_emulator.cpython-310.pyc | Bin 22604 -> 22604 bytes .../utils/archs/arm64/arm64_emulator.py | 24 +- .../MMU/__pycache__/arm64_mmu.cpython-310.pyc | Bin 1078 -> 1078 bytes .../MMU/__pycache__/arm64_pte.cpython-310.pyc | Bin 7633 -> 7633 bytes .../MMU/__pycache__/mair_eln.cpython-310.pyc | Bin 1650 -> 1650 bytes .../pagetable_arm64.cpython-310.pyc | Bin 6157 -> 6157 bytes .../MMU/__pycache__/ttbr0_eln.cpython-310.pyc | Bin 1336 -> 1336 bytes .../__pycache__/current_el.cpython-310.pyc | Bin 1097 -> 1097 bytes .../__pycache__/sctlr_el1.cpython-310.pyc | Bin 2650 -> 2650 bytes .../__pycache__/sctlr_el3.cpython-310.pyc | Bin 3457 -> 3457 bytes .../__pycache__/tcr_el3.cpython-310.pyc | Bin 6802 -> 6802 bytes .../__pycache__/tcr_elx.cpython-310.pyc | Bin 1169 -> 1169 bytes .../__pycache__/base_arch.cpython-310.pyc | Bin 2393 -> 2393 bytes .../__pycache__/ga_arm.cpython-310.pyc | Bin 3364 -> 3364 bytes .../__pycache__/ga_arm64.cpython-310.pyc | Bin 8812 -> 8812 bytes .../__pycache__/ga_arm_thumb.cpython-310.pyc | Bin 5761 -> 6118 bytes .../debugger/debugger_archs/ga_arm_thumb.py | 9 + .../ghidra_connect.cpython-310.pyc | Bin 11258 -> 12814 bytes .../__pycache__/pyhidra.cpython-310.pyc | Bin 903 -> 903 bytes .../utils/ghidra/ghidra_connect.py | 45 ++- .../bin/__pycache__/rst2html.cpython-310.pyc | Bin 627 -> 627 bytes .../bin/__pycache__/rst2html4.cpython-310.pyc | Bin 749 -> 749 bytes .../bin/__pycache__/rst2html5.cpython-310.pyc | Bin 667 -> 667 bytes .../bin/__pycache__/rst2latex.cpython-310.pyc | Bin 760 -> 760 bytes .../bin/__pycache__/rst2man.cpython-310.pyc | Bin 719 -> 719 bytes .../bin/__pycache__/rst2odt.cpython-310.pyc | Bin 773 -> 773 bytes .../rst2odt_prepstyles.cpython-310.pyc | Bin 772 -> 772 bytes .../__pycache__/rst2pseudoxml.cpython-310.pyc | Bin 633 -> 633 bytes .../bin/__pycache__/rst2s5.cpython-310.pyc | Bin 672 -> 672 bytes .../bin/__pycache__/rst2xetex.cpython-310.pyc | Bin 846 -> 846 bytes .../bin/__pycache__/rst2xml.cpython-310.pyc | Bin 635 -> 635 bytes .../__pycache__/rstpep2html.cpython-310.pyc | Bin 695 -> 695 bytes 54 files changed, 360 insertions(+), 52 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index d022db4..ad0a088 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -35,6 +35,14 @@ "program": "GA_debugger.py", "console": "integratedTerminal", "justMyCode": false + }, + { + "name": "Emulate BootROM", + "type": "python", + "request": "launch", + "program": "partial_emulation.py", + "console": "integratedTerminal", + "justMyCode": false } ] } \ No newline at end of file diff --git a/__pycache__/partial_emulation.cpython-310.pyc b/__pycache__/partial_emulation.cpython-310.pyc index df42c765fdf796352d002a7166e90943869780c1..f11e9a5ccc152d069f059e0d8a9d67496d240ab5 100644 GIT binary patch literal 11827 zcmb_iYm8jySw6R!Idk1vdu^|8$s}&lOq;A7r#I3xwY^>^Ch^+c9XIV3dNQ8x?Cv;o z%XiK?_Ar}NU6)isk$`d!0UK115fW7qD)57!2nvFV0xCyHwBiTkACiF|p%9+uJ#*Qa zUDHNlM&~`>{qlbA{X6Y^K4ail`b=k4f5b5UnVIds8Dvi33BC`Y3}rTqmH2J0n3A_v zEP2~2Hr`glsj%K|B$~;Uq{+0?NHyIR*ED?NYFfWvT4gGRpH&Gzr;>hNrTl_&{VA39 ziz?$!tE|6A<@~)W@6V`0J+rb;O{wBdV`cv{hMHD;ZW?OOmbG#KxxH!zxf%b!mc25I z{64iG`TdeVi2MOHi~OwQ4~mhSmS zm8nYVfj2Cy-&~fbeC%ytz*sDsk@*3Dsb|*fN>@(@K|Khotq?_p`F5+O{m?(_U#r*r zD0_L{yRdMTdyk#P(sfik zJ=Xft(#1+t+&-+73>w9K$BMW}@ASFK!cxuTM*Bae9X#`Rf*e3-+%lEfGj3bUM%h|? z$9n2a*@}`us5fe1yLY##zt^Fh|8AO+pB)#q*r5PACUE%0<}< z*VR8lH=eYuqr4O^$QqDM;+!{hYq7=!41P@WA+qk0uX;d~2Nqa1?wFt)eE?;5tjG!c z#;RllKQSPuMXu-7TlLWM4si&Ml`*?B+g3C;Xi($s20x~GQZg}*D>S}n>cdFf0a-4# z!}HBf!*BYn&{t(!A4Nr!sw$=ZAi!$sU4L>Rj`pjH?PL*-*)48g1S{{k09`^inOr}B zRDV8w4C%;G)v!7_SK<|24}Iyylj=@ypGxZPI5D z8cgRr@8ykZBd*c+vBN_Ij}VX=w*jJDlZ-fI-~zb7w`=EYDXpPk>_^PO+X(uiU~=_4sD=l~=WY=oG`7HGJ@d9n@wpu15@eGIHafnJ z_jCm9aJFgBt2L@Y;Cb=3WJg@x`#2csr)YNfjutW`A6@1E3H<@Q^alwZC1BSm-ygK* zHyVS11#>6aM5dTSiU)d^C~=Mbre?`K5f(tTj1Xpm_pBAix0QW>e3ughx+;A$w~|yD zl?68fsX(L)MCQSf^`@_5j;tG(j2G($(DXJ@^+O|8A7^WFgg!w){At;b>}-fPLB)qq z39cK>Iz-zT(R1&7=J5pV(=$WkstFA;8(N`#%TYK&WgRxQOl6-kHtn8qHE}D+Ha+_` zbW51}qFHtpHCea*uQ>k(9^>8D-hIsm0qKt+6BR`;SI%Ep@GhP^x4ck^?0O4=HpJ?p zVy)4xz2vR=A+ug95PU>wVH&R!YW*O_C_BRO!hxEE5!n#WlYBrf;UNkiWX%0$(G<4d zh6S>{5KcKgK{%0f=JfJH{Hv)?w^h={nq_j5+-71wYupKBJ(qAfeW zCo$>A(473W&}`OXs`!5=gAZd0Eo88FG|P|*1P5B$j3mlvUuV#nef38PnA@?J1Pb{J z{t{p)Ngh`xg%uo?xS0o&JRvH|q>AzrFjL4H4p=0o@?;Uz7u3{EbH!CfHI0(A+N1X3 zol!GtAKqEDUmd_Zr)Jebyz}aiI*fNg9Z^T|o>DM)@GjEW!Fw78(J{RDsQ0Od@ZPH) zR`17qMm?g+c<)mmQXf>0V#fXIF*S#h1M0Xsf%mMi>p`&Vhc$(CC6>}->_Xa3;^8|W zjr8T5C323M(h_}X*A1kdZYoS{F_nBlq@W26XBwZ4wW+mODW~+~7^E+<8tpZ2{S~iT zt5KyTk*tT!C>K<(`O3ROE(tUzj*@F)w+*z?0?SgOb2n|~V!Z`h8%k*~>;*QuAE0~R`1F$v$81{C0SQsI^2bQTHtp@01dXfK zE&H~RU@Whd6{bQLX=lsaGQ)J3Ib+t*a zDJe4*(7w>0X{tXKHN+IhQmIW-xnXg}*yQ-o8lV>|%y7&w9gj@#Xh}xA&lm^ zEAN&BQ6vB)WK=B**p0;gTcknKJ{EHGOvJ^abw>HBFopbu$vdBvbtyz$H8Z zDJuukybqde*3OugnX_`#YPM@0F}sJxDJJF#Ob9l*C$)+lgY$q#i1RG+>^Ub_S{y@hM1dWGe7DE|W{6EmN;VU-rX%JZtj$%J zwBWvLqScW1p@NyeW5#l0;w;FYEj$6uqznXS_wa6O> z$2T1y*m)CSg%B)p(0J2$E4kITl*@_5?vcwa&}GM0rT8#Qu}&ye!_tZCk$L@{Z0VJH zxL%^yQ|jhQ)s`AGfg_vfXqs1P>Eywyy_1S}_BkveO2%W2EGfN*#c5zgd%L+dc?wx? zqrW1J#)66xO{)o1jJ4c>3Zg?$aTWJ}_+a^iEyL2CDai`&*_ zB6NBQ*xal+8bWr0PZPH-Wgj#)6RkqO)&al;*4Q|?9pgZgjE$4WI8qjm(_KW50>-%!W^d(`O#>-S z?}B6B1`}{+Z^)kWpoIea^4wu4O)nd$=ic6u`YF^G$LqssHMM1a5e}x{?vMKIe+M%d zSNGi73oLHK=4f2>E3%(sgwr>^V;Y-??sbddOi$Qvw9*&ENZU-ln&fH}+P#{5#eBsm z?^%4Ca-eHHbzWSaw<(466pOMY>V}v{H6?~_vp7|fIMOG&cBxnDI;E!`Bgcxih})v< zv8PLQ;}NsdEnaS|gP9xPd?Dipx;aEXO8v42D&>8e%%g>l#k{!A?B@w+;6=%e7QrH9 z!u93Ey*D@_K&dgb86n$aI}+`(s0CNQ;S5_NhWUTAPQY;-w9Y9P z(%>SnlJENxh5mbL;8UQkxV^4#S<-|=tObSwfcYXLP*))ETaoRz6e~Nr0*F+xBeqR> zy00??kBBcuhhX77d-39P5(gK)9Yw6i>L#MujEE2W4I<)t1GDKLBY2VE3V;N;hb_gx zWRQDU5?hw9v$^SJ(Hw3|e$E7;JrW`xREPQf1lMvw1?QM8LGc>A zZ(_Uw&TeyJA@d>5^jA>!4=n#RfJq}R#?NrJ_l}z(!SZ}Y1gk9I2R0n=<1BWMJqsQL zMV1DP{Ag*lt!pe99L-!GiMIX)uJsoQew|=9T*f3i80>p!)+bRx=&mF>XuKPV4(jSp z-Ve-v96(5P470z%wM=04XHfQCmJ4Pl)M1R-!O$}87K46LkzQ?LrQlbp1m#zJXhXG4ak^CM?dL81#Yg(d-@g=>P? zct`L6#1w%6_Mkn2Pn2-P6zor}9 zh|Zz)*p^9-^xF6isC$*UX^IvDDM5>YpZi*jVP8`@2aH&gu^he}wVZPmb`FE!Am8*s z+&TC4TxPNUkKZ&;jVU_`h+rD-A|UTW#o@V%JD5$U`$o^XMMRsMi8Xj6%GykYHvPG? z#*g2(3Gb_yQpT4MPKa-9Hq$6cqYO7xEZxlXQoS^DA2l{pz2vP#FT;b zIX4{jBt~_W1vdFqFNgNoUb5#Nl+E2(~lC zzL|eD-%7-9l2(`vb69y^{8o&Opo=X*7tDCg(BDYIKZaz^EZ!v_KO~}8e;Uahp)~pu zazrGF9*6=PO!KIC-wEdxpOB#BKnT-@2F{j=1%ouUP$y*|47m1K8n-s8gO&}*WDf=L zOLeU)558kQD2pgNQC5POAbT-meBOW2yw|S+FznL|Z*=^~;hp%Tp3OEYQtJOMu+Df^g ze;*a1!=gm3y@4=QLRVXBSoUhYr4XD#)T^cREwqBsa1zfGv3EOUeA#YfJ->v(b}`%{ z8@mJ&^jd%jm|pXU6x^n?S688YBC{U3H80NSKj2zu?BYWLw4^{0Au?h6#YPHtJw?Qw zLi-%tQM#axIIu-P{4K}L0iAJVh;Pd(S{d_U)A^r*jhZi5@6IA@YoS+n?!BQ~5F4xC zuVVU&{!Kt3&~kEQG3sAsX_er&2!0!2pfd88PcK!x=Py1ZCZ+yU){CqhnM6N_GO$m4 zdCHy5mLIey9mZIJ4+!Jj7;8{*lQl$IogjDZzer1ZkUfd;QSeJG?0?8o8@x&X z((WO}y9rUZiF`s!&&!X%T zBoj&yVE`v*%{blrf55tSDApwU3#mMc#1E@jg(#AX^*@|co!hY-kTMu+2TdSI`4$45 zAg9E_Sl3nHyIIw8Yva8SgYxHn0d7s@bXaZ z*z^UaB;a&|sV@=yB*E(hjP&TY2);rAKi zn$>#C^SFY)M@iYNl<&t^4>vln;PeY9iG%hotPczs_|aqWmmMBHhl@YSo!bcOjbN^- zYwLtfKKFw0%Aeu3Fyb@mkIU}>?fEbAd$rPuDR1o7rcSv6(0tX z78Cf0#v~|LNunb}>_Qius~ryk@*se8^2B I4F2x_0_{J2i~s-t literal 7116 zcmb7JOK==V8J?b*ot=GZEz6eVIPuz!L)Ij+V+WD~6C}&)2aZ>cw2q0YQsdF~NLqPc z?wPfvWffA$sRRm##|bK=Np;`+xu4TTi9p8lGSL^!oDahcxYP^wIx};bR)F|1$utaaPe5!;&pB^{p@JDD{d_ zq;{iXRwIiMMs>4dRilehrg_?$Esm;Dv7+Y1dBjU_%S-a8m*TdU<}q)C$Gr?sczbx# z8|5i)FHe`_i(`C*XYOi?`z~mF4(2QjsuKbSS@qm&iH=W58PUSru1yRRuW#|o%3#&OP)+zn{}?_uQ>DhnR7DP`M5rR zshID5ozE9%FUqmLfzGwUm6@wo^XKHgevIAC3U#M>&%o%b^K(U+>7Q1$bO(jF15LC^ zXXbn{KVM=*Xy>82iFX#Sp9BcBZN^z!yRU;MdZDGCIh)g^!D_vBqT!05>{cAF+N`)ixn7%UY)HNF;(pqa4v=Jm)To4a;E8m;{C83DG}0&N z(qVq&ZEcxxlSl5R77cFkC^W!?o`5Z7EkabTBAJ0(ASZ*?krX6rJKH>6{WSJG#t`3eXp`C zqYATGdcb7NaY_}}_Z>$GSnS1kF$r)0ub&1;G7CSQrB&J5yF=_$cMH4pjObN*_9QB8 zZCkq!I#9Assdq|)N}}@tE96XU9lUEeRj*nX8*(K465a~z(i6T+gbl0p`b}S^+(x6a z;WXT!wCec}n0OpZg*1?+Dnh_3n(!#TeH*}L^h>fMv0V zjrYD%owl~7Z-bTCnu&U3+v0i<4Q$lSEw;siSP(y}-8V=C=uL2)dhY8ioW)SHB+-`a z%#u>$EHbPRH%JfQ(<&*#=hi0U(O_gu+oUaT*`QLL3rr&MvevOZ9pn>QyIz zN0?eF*WiUSnv9hp?$gdvDJX-iX#i8J5V`c|+CyT0E+eB5^lGKNB+aX+$YggiYL;=~ zxzPBH!1HCa(EyqepWXRVPCiDM zcSJex!X1*LtxA(ND^u{s3NMTR`h~MOLn(laotvMz;+&mX$aks>mlpFw8X=B=qG$2? zEknc$;K3FX8n`@5lu}Uk~isR?j+1Q4H%o zR40Q|>PkK!puHJff6v6e%=ZxS11QR*_MY~>wM9OV_8BR(4qmH4Tn&$BLwd8JQ_H$R z_T;)`>yHxIJLOz7+z_E9qH)_8Xayj!Fp%C$ho6q18LmWzglc?w&QR>wg`UCsr0 zN|R<0d#Eqg^gZElH*km8AXDUSoMvZRiXe)jS!S}3T^PNV5FXTM_(TmQ6 z=|2NtvExkFDIATmF=nRizpFBC|I3CSFeCQIX&9Wz>^JpKT9dNnm*d+)A^6+Y$Ive6RAZnRLF0BM4ZN)!WtULg(dvR{= zvP#62=iNz}2l|H6X-dg^c-@p-T*gA;G=Ucgd=)@t*}ah}3Q(5aYf)>8Ycw()`ec=O z!9B=5;kVjrC-HiUrd63pFC7u&2_3vDuR5rY83)*yet_9JQj-0BGTxcZ-z8wO4<%qq zBT2w(NaDH9je9ybC#gku$XcmAGSqG=H)|DI@oN2cR-Ak$d-P-xNucfeVe}Mac#k4W z>)DFPMWl{A%W(ZFA_k%baGaBlI0>n(I~DP%LE{+kYj{=An9wIoQy=h>14-KeZ4}6Q zUb2XfR)VNNk_?Kt@^N8G3}0hxNIOolxHZ;0q}iJZ%$)4adJ41JTt}37rJcn1MB8fHle8miOINsGM?b|ccc?$w z*KeTz)=+2p=CUPcZOfCY64-4MXmySGQN7N>8`bwxQ8hT%@tw__uxnHbd17Z$M7M)_Yo^Z%27Tw$85~sIivQA-@}6+1J1zaQiYu70 zWn{mS^(o#i@M^V`ok!lEU3SaJ5sHWyb#zF59v-SxZz2(l2)DL^EiadA9O)nON|gHi zb9hhTJuSWj1kp2kMXA(Zp6>*oz7S86kOl|@{bI#OiYZnc;)gG-`tmYJlB_K4k`sQ2 zTQspxNKqOIrV8accA|pfTNvFy^LH@Rp9V-WUB!J9K4g^61@zNRI|)us^j=-h=yCQG zGe1e=+yFoG?+N4*I_0Ea{69FYcq(4SvZ4e~6fRXsJ#$u=AH9aUIvJ@bI6HSPAEr#4 z26{BGbMi@Do0%^#YC*2$oD2*brdK1CZ0ZG4CFS0nla!iDLjxX zQ?Bv}RFqRe;DehaH>mO)*hkm>8HEAQ*F~j`d^83?=5$~AJ|OF7U}OuL7)J-rN2wJr zP-&mKb`X!DRkQ&fm?2YkGCxv_VOxmrWC0(b+oz>7IwW&)mt=NE`a4R$(+J*DloCn^ zbm&w9B;#cQ&H7j{wH8|V;&huGcg+_8v$=8Ly5c~{d%=4UP~+ z9J9Uo&dfuCpn1w4{FzOcZ~T=_E7z1W#Sdxbo+*UV=v=w|h`I(1KpqO2|Cww47C1@{ z7C9lab^P;hH^)dZ>8_=a+e>$_HMi>F4mR#M)jDrhsGfA3TTQnT_Ncp5@der?DW}L0 zI6~kk0d)+aBZWE}h+|Z%5FlqMZV>nZfgc0NROha?Dn>s}9J!^o*>3mS%YpfUc@Hk$qAoPB|HB z;q@(}+rlv03@<~?a7sm@qL?TFyPigYGhVeB3QBERg}*ef<6f=zpTO^FNgIIfn&_TZ z{DdZ$lolc_k`h6;W?}?DJ{#U>JGi+H|FoHE2IY!B<%-fO!79C-{~78+9^N&4xFNhK z&ki?Fl{$X};rf>T2~t9osp4x_^UmzW{OsjRg$puqVWxMxt1b`1y9dhb1(73S1mXk| z1d;?&1Sla7Z!5?%%H+)a6$k$!;Lnk|2$@M7=wsUs@9Z<7!o5V{+9!uFfrN|F1q-Qw TX_#<>L%)C6sf?k0dvxkQi1CYn diff --git a/partial_emulation.py b/partial_emulation.py index d23224d..13274ee 100644 --- a/partial_emulation.py +++ b/partial_emulation.py @@ -1,4 +1,4 @@ -import typing, pathlib, struct +import typing, pathlib, struct, argparse from ghidra_assistant.utils.archs.arm.arm_emulator import * from ghidra_assistant.ghidra_assistant import GhidraAssistant from ghidra_assistant.concrete_device import ConcreteDevice @@ -21,20 +21,121 @@ acces_str = { def p8(value): return struct.pack(" None: + def __init__(self, emulator : "TegraEmulator") -> None: + self.emulator = emulator + self.fuses_visible = 0 + + def read(self, address, size): + if address == TegraDevice.CLK_RST_CONTROLLER_MISC_CLK_ENB_0: + self.emulator.write_ptr(TegraDevice.CLK_RST_CONTROLLER_MISC_CLK_ENB_0, self.fuses_visible) + return True + raise NotImplemented + + def write(self, address, data): + if address == TegraDevice.CLK_RST_CONTROLLER_MISC_CLK_ENB_0: + self.fuses_visible = data + return True + raise NotImplemented + +class FuseDevice(TegraDevice): + BASE = 0x7000F000 + SIZE = 0x1000 + NAME = "Fuse" + FUSE_ODM_INFO_0 = BASE + 0x99c + FUSE_FUSEADDR_0 = BASE + 0x804 + FUSE_FUSECTRL_0 = BASE + 0x800 + CMD_READ = 1 + CMD_IDLE = 0 + FUSE_DAT = BytesIO() + def __init__(self, emulator: "TegraEmulator") -> None: + super().__init__(emulator) + self.fuse_ctr_cmd = 0xc0040000 + self.fuse_addr = 0x0 + + def read(self, address, size): + if address == FuseDevice.FUSE_ODM_INFO_0: + self.emulator.write_ptr(FuseDevice.FUSE_ODM_INFO_0, 2) + elif address == FuseDevice.FUSE_FUSECTRL_0: + # get last int from fuse_ctr_cmd + cmd = self.fuse_ctr_cmd & 0xffffffff + if cmd == FuseDevice.CMD_READ: + # Handle read + + # Set idle, set last byte of cmd to 0 + self.fuse_ctr_cmd = cmd & 0xffffff00 + self.emulator.write_ptr(FuseDevice.FUSE_FUSECTRL_0, self.fuse_ctr_cmd) + + self.emulator.write_ptr(FuseDevice.FUSE_FUSECTRL_0, self.fuse_ctr_cmd) + else: + raise NotImplemented + return True + + def write(self, address, value): + if address == FuseDevice.FUSE_FUSEADDR_0: + self.fuse_addr = value + elif address == FuseDevice.FUSE_FUSECTRL_0: + self.emulator.write_ptr(FuseDevice.FUSE_FUSECTRL_0, value) + self.fuse_ctr_cmd = value + else: + raise NotImplemented + return True + pass + +class TimerDevice(TegraDevice): + BASE = 0x60005000 + SIZE = 0x1000 + NAME = "Timer" + READ_TIME_OFFSET = BASE + 0x10 + def __init__(self, emulator: "TegraEmulator") -> None: + super().__init__(emulator) + + def read(self, address, size): + if address == TimerDevice.READ_TIME_OFFSET: + val = int(time.clock_gettime_ns(0)/1000) & 0xffffffff + self.emulator.write_ptr(TimerDevice.READ_TIME_OFFSET, val) + return True + +class EmmcDevice(TegraDevice): + BASE = 0x700b0000 + SIZE = 0x1000 + NAME = "Emmc" + def __init__(self, emulator: "TegraEmulator") -> None: + super().__init__(emulator) + +class CryptoDevice(TegraDevice): + BASE = 0x70012000 + SIZE = 0x1000 + NAME = "Crypto" + def __init__(self, emulator: "TegraEmulator") -> None: + super().__init__(emulator) + + + +class TegraEmulator(ARM_Emulator): + def __init__(self, hw_itm=True, init_uc=True) -> None: super().__init__(init_uc) self.log_hw_access = True + self.hw_itm = hw_itm self.saved_blocks = {} try: self.ghidra = GhidraAssistant() except: pass - def setup(self): + def setup(self, target="bootrom"): + self.target = target self.setup_memory() self.setup_registers() + if not self.hw_itm: + self.setup_devices() self.setup_hooks() self.apply_patches() @@ -49,77 +150,199 @@ class PartialEmu(ARM_Emulator): self.uc.mem_write(0x100000, self.bootrom) # map IMEM - self.imem_path = pathlib.Path("imem3_bct") - self.imem = self.imem_path.read_bytes() self.uc.mem_map(0x40000000, 0x40000, UC_PROT_EXEC | UC_PROT_READ | UC_PROT_WRITE) - self.uc.mem_write(0x40000000, self.imem) + if self.target == "bootrom": + pass + else: + self.imem_path = pathlib.Path("imem3_bct") + self.imem = self.imem_path.read_bytes() + self.uc.mem_write(0x40000000, self.imem) # DRAM DRAM_BASE = 0x80000000 DRAM_SIZE = 2 * GB self.uc.mem_map(DRAM_BASE, DRAM_SIZE, UC_PROT_READ | UC_PROT_WRITE | UC_PROT_EXEC) - def setup_registers(self): - self.sp = 0x4000d000 - self.pc = 0x4000e000 - self.is_thumb = False + def setup_registers(self, target="bootrom"): + if self.target == "bootrom": + self.pc = 0x100000 | 1 + self.sp = 0x4000d000 + self.is_thumb = True + else: + self.sp = 0x4000d000 + self.pc = 0x4000e000 + self.is_thumb = False + + def setup_devices(self): + self.devices = {} + self.devices['fuse'] = FuseDevice(self) + self.devices['timer'] = TimerDevice(self) + self.devices['emmc'] = EmmcDevice(self) + self.devices['crypto'] = CryptoDevice(self) + self.devices['tegra'] = TegraDevice(self) # For all other devices def hook_unmapped(self, uc, access, address, size, value, user_data): print(f"Unmapped memory access at 0x{address:x} with size {size} and access {acces_str[access]}") pass + + def hook_mem_access(self, uc, access, address, size, value, user_data): + # Hook all memory accesses + # if self.log_hw_access: + # p_info(f"{hex(self.pc)} HW access at 0x{address:x} with size {size}, value={hex(value)} and access {acces_str[access]}") - def hook_hw_access(self, uc, access, address, size, value, user_data): - if self.log_hw_access: - p_info(f"{hex(self.pc)} HW access at 0x{address:x} with size {size} and access {acces_str[access]}") + # Try and keep memory in sync with target device + + if access == UC_MEM_WRITE: + self.debugger.memwrite_region(address, self.uc.mem_read(address, size)) + if access == UC_MEM_READ: + self.uc.mem_write(address, self.debugger.memdump_region(address, size)) + + pass + + def hw_itm_handle(self, access, address, size, value): # All unmapped memory is send to the debugger + if self.log_hw_access: + if access == UC_MEM_READ: + val = self.debugger.memdump_region(address, size) + if len(val) == 4: + val = struct.unpack(" {hex(value)}") try: + if address == 0x70012800: + # self.ghidra.ghidra.set_background_color(self.saved_blocks) + sys.exit(0) + pass if access == UC_MEM_WRITE: if size == 4: self.debugger.memwrite_region(address, p32(value)) - self.uc.mem_write(address, p32(value)) + # self.uc.mem_write(address, p32(value)) # self.uc.mem_write(address, self.debugger.memdump_region(address, size)) elif size == 1: - self.debugger.memwrite_region(address, p8(value)) - self.uc.mem_write(address, p8(value)) + self.debugger.memwrite_io(address, p8(value)) + # self.uc.mem_write(address, p8(value)) # self.uc.mem_write(address, self.debugger.memdump_region(address, size)) else: raise Exception("Unhandled write!") elif access == UC_MEM_READ: - uc.mem_write(address, self.debugger.memdump_region(address, size)) + if size == 1: + pass + self.uc.mem_write(address, self.debugger.memdump_region(address, size)) else: raise Exception("Not handled!") except Exception as e: + print(e) + sys.exit(0) pass return True + + def get_device_at(self, address): + for devname in self.devices: + dev = self.devices[devname] + if address >= dev.BASE and address < dev.BASE + dev.SIZE: + return dev + return self.devices['tegra'] + # raise Exception(f"No device found at address {hex(address)} pc={hex(sef.pc)}") + + def hw_emulation_handle(self, access, address, size, value): + dev = self.get_device_at(address) + print(f"Device={dev.NAME} pc={hex(self.pc)} target=0x{address:x} size={size} access={acces_str[access]}") + if access == UC_MEM_READ: + dev.read(address, size) + elif access == UC_MEM_WRITE: + dev.write(address, value) + return True + + def hook_hw_access(self, uc, access, address, size, value, user_data): + if self.hw_itm: + return self.hw_itm_handle(access, address, size, value) + + return self.hw_emulation_handle(access, address, size, value) def setup_hooks(self): # hook unmapped self.uc.hook_add(UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_FETCH_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_UNMAPPED, self.hook_unmapped) # 0x6000f000 - self.uc.mem_map(0x60000000, 0x10000, UC_PROT_READ | UC_PROT_WRITE) + self.uc.mem_map(0x60000000, 0x20000, UC_PROT_READ | UC_PROT_WRITE) self.uc.hook_add(UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE, self.hook_hw_access, begin=0x60000000, end=0x60000000 + 0x10000) self.uc.mem_map(0x70000000, 0x100000, UC_PROT_READ | UC_PROT_WRITE) self.uc.hook_add(UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE, self.hook_hw_access, begin=0x70000000, end=0x70000000 + 0x100000) - self.setup_log_hook() - self.setup_hook_blocks() + + #ROM + # self.uc.hook_add(UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE, self.hook_mem_access, self, 0x100000, 0x100000 + len(self.bootrom)) + #IMEM access + # self.uc.hook_add(UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE, self.hook_mem_access, self, 0x40000000, 0x40000000 + 0x40000) + # DRAM + # self.uc.hook_add(UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE, self.hook_mem_access, self, 0x80000000, 0x80000000 + 2 * GB) + if self.target == "bootrom": + self.setup_warmboot_hook() + self.setup_hook_blocks() + self.setup_rcm_hooks() + else: + self.setup_log_hook() + self.setup_hook_blocks() # self.setup_hook_EmmcValidateResponse() + def setup_coldboot_hook(self): + def hook_coldboot(uc, address, size, user_data): + logging.info(f"Reached coldboot target.") + self.print_ctx() + return True + self.uc.hook_add(UC_HOOK_CODE, hook_coldboot, begin=0x0010145e, end=0x0010145e + 1) + + def setup_rcm_hooks(self): + def hook_rcm(uc, address, size, user_data): + self.R0 = 0 + self.R1 = 0 + return True + self.uc.hook_add(UC_HOOK_CODE, hook_rcm, begin=0x00101414, end=0x00101414 + 1) + + def setup_warmboot_hook(self): + def hook_warmboot(uc, address, size, user_data): + logging.info(f"Hooking warmboot, forcing coldboot.") + self.R0 = 0 + return True + self.uc.hook_add(UC_HOOK_CODE, hook_warmboot, begin=0x00101f3a, end=0x00101f3a + 1) + def apply_patches(self): + # Nop out 400101f0 to 0x40010220, maybe this is restricting access to IMEM and ROM? self.sc.mov_0_r0 = self.ks.asm("mov r0, #0", as_bytes=True)[0] # self.uc.mem_write(0x400101e4, self.sc.mov_0_r0 * ((0x40010220 - 0x400101e4) // 4)) # Patch EMMCVerifyResponse self.sc.bx_lr = self.ks.asm("bx lr", as_bytes=True)[0] + + bx_lr_thumb = self.ksT.asm("bx lr", as_bytes=True)[0] + movs_0_r0_thumb = self.ksT.asm("movs r0, #0", as_bytes=True)[0] # self.uc.mem_write(0x4001dfb0, self.sc.mov_0_r0 + self.sc.bx_lr) + if self.target == "bootrom": + #NvBootClocksIsPllStable, ret + # self.uc.mem_write(0x00101730, bx_lr_thumb) + # # NvBootClocksStartPll + self.uc.mem_write(0x00101866, bx_lr_thumb) + # NvBootClocksPllDivRstCtrl + self.uc.mem_write(0x001016ce, bx_lr_thumb) + + #usb init? + self.uc.mem_write(0x00103bf4, bx_lr_thumb) + + #SE engine always ready + # self.uc.mem_write(0x00102b24, movs_0_r0_thumb) + + pass def run(self): try: self.uc.emu_start(self.pc, 0) + pass except Exception as e: print(str(e)) self.print_ctx(print) @@ -173,12 +396,19 @@ class PartialEmu(ARM_Emulator): # And patch function to just return self.uc.mem_write(UART_LOG_HOOK, self.ks.asm("bx lr", as_bytes=True)[0]) - def setup_hook_blocks(self): - def hook_block(uc, address, size, user_data): - # print(f"Block at {hex(self.LR)}") - self.saved_blocks[self.LR] = self.get_registers() - return True - self.uc.hook_add(UC_HOOK_BLOCK, hook_block) + def setup_hook_blocks(self, only_blocks=False): + if only_blocks: + def hook_block(uc, address, size, user_data): + # print(f"Block at {hex(self.LR)}") + self.saved_blocks[self.LR] = self.get_registers() + return True + self.uc.hook_add(UC_HOOK_BLOCK, hook_block) + else: + def hook_all(uc, address, size, user_data): + # print(f"Block at {hex(self.LR)}") + self.saved_blocks[self.pc] = self.get_registers() + return True + self.uc.hook_add(UC_HOOK_CODE, hook_all, self) def setup_interrupt_hook(self): RAISE_INTERRUPT = 0x4001cab8 @@ -196,8 +426,14 @@ class PartialEmu(ARM_Emulator): self.uc.hook_add(UC_HOOK_CODE, hook_emmc, begin=0x4001dfb0, end=0x4001e160) -def do_partial_emu(debugger : ConcreteDevice): - emu = PartialEmu() - emu.install_debugger(debugger) - emu.setup() - emu.run() \ No newline at end of file +def do_partial_emu(debugger : ConcreteDevice, real_hw=True): + if real_hw: + emu = TegraEmulator() + emu.install_debugger(debugger) + else: + emu = TegraEmulator(hw_itm=False) + emu.setup(target="bootrom") + emu.run() + +if __name__ == "__main__": + do_partial_emu(None, real_hw=False) \ No newline at end of file diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant-0.0.1.dist-info/RECORD b/venv/lib/python3.10/site-packages/ghidra_assistant-0.0.1.dist-info/RECORD index 0b1172a..1562e79 100644 --- a/venv/lib/python3.10/site-packages/ghidra_assistant-0.0.1.dist-info/RECORD +++ b/venv/lib/python3.10/site-packages/ghidra_assistant-0.0.1.dist-info/RECORD @@ -9,8 +9,8 @@ ghidra_assistant/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU, ghidra_assistant/__pycache__/__init__.cpython-310.pyc,, ghidra_assistant/__pycache__/concrete_device.cpython-310.pyc,, ghidra_assistant/__pycache__/ghidra_assistant.cpython-310.pyc,, -ghidra_assistant/concrete_device.py,sha256=llVfmejKwBl8lohEhcpTeKvepguJ0dhUKGlZQL2wV0Y,8228 -ghidra_assistant/ghidra_assistant.py,sha256=CYJw9zTDB6QdXes0oebg2HRjIDdEc_SwqVdBY7iJQpY,497 +ghidra_assistant/concrete_device.py,sha256=MF6X-DZpPN9UhZzmrXUyM_GbGdJKQVziNAJ9RjOzyLI,8418 +ghidra_assistant/ghidra_assistant.py,sha256=tlpbxh9-V29IVN_tBiE6hOc7nuWa9zZt-z1AwGZpRD8,728 ghidra_assistant/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0 ghidra_assistant/utils/__pycache__/__init__.cpython-310.pyc,, ghidra_assistant/utils/__pycache__/bit_helper.cpython-310.pyc,, @@ -22,12 +22,12 @@ ghidra_assistant/utils/archs/__pycache__/asm_utils.cpython-310.pyc,, ghidra_assistant/utils/archs/arm/__pycache__/armT_processor_state.cpython-310.pyc,, ghidra_assistant/utils/archs/arm/__pycache__/arm_emulator.cpython-310.pyc,, ghidra_assistant/utils/archs/arm/armT_processor_state.py,sha256=ZdsI6Q9mLv-YZEmJSEwKUmsh7903--nfa-dlhfi8QtQ,9466 -ghidra_assistant/utils/archs/arm/arm_emulator.py,sha256=Wq7Tyiph3KYmvmMnRG8dl4TFKJEeNP8dtDrm_XpBLew,7798 +ghidra_assistant/utils/archs/arm/arm_emulator.py,sha256=dL86jwUMYON5Ry_OcDPDjvEYp4LYCZcadW3yiiG26fk,7841 ghidra_assistant/utils/archs/arm64/__pycache__/arm64_emulator.cpython-310.pyc,, ghidra_assistant/utils/archs/arm64/__pycache__/arm64_processor_state.cpython-310.pyc,, ghidra_assistant/utils/archs/arm64/__pycache__/asm_arm64.cpython-310.pyc,, ghidra_assistant/utils/archs/arm64/__pycache__/uc_emulator.cpython-310.pyc,, -ghidra_assistant/utils/archs/arm64/arm64_emulator.py,sha256=MtAM0DjxagGJZfN5SQuzKJ2tf7kqcYs4r_9a07pZg9o,17044 +ghidra_assistant/utils/archs/arm64/arm64_emulator.py,sha256=h19lNQvT9RSHeN4MrUagqq7coo0tbTHzlofsNtAFcmI,16964 ghidra_assistant/utils/archs/arm64/arm64_processor_state.py,sha256=GqKoqwbCDhznJEbIgefvlsTcn6ensMD-q70bQMWsgvo,17633 ghidra_assistant/utils/archs/arm64/asm_arm64.py,sha256=k96Xp7hEhQWD6lbbmT2bAKuwJCz5VDRF6gx2koMuDW8,2562 ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_mmu.cpython-310.pyc,, @@ -60,13 +60,13 @@ ghidra_assistant/utils/debugger/debugger_archs/__pycache__/ga_arm_thumb.cpython- ghidra_assistant/utils/debugger/debugger_archs/base_arch.py,sha256=uzyYUm_xEekk3j8uHx8blaKDbK8VR_gMU-Br8RY0tCs,1244 ghidra_assistant/utils/debugger/debugger_archs/ga_arm.py,sha256=lPecV5UyTBErJgIkfrAa1d3kiH3PN_gaD5zhA4uzU4A,2745 ghidra_assistant/utils/debugger/debugger_archs/ga_arm64.py,sha256=_195wxctqIBidDfHjSn-bicrsAbOtnhQGta4LgfiOog,9363 -ghidra_assistant/utils/debugger/debugger_archs/ga_arm_thumb.py,sha256=tZsQk6hnduZBy6n7g6x7tBhutpTmDk4W1wrNSbSaSsE,4946 +ghidra_assistant/utils/debugger/debugger_archs/ga_arm_thumb.py,sha256=v8qwn7DsI2Hl38bzzybpfmwhYi82o5i_-8Pva5gtFDw,5339 ghidra_assistant/utils/definitions.py,sha256=tsk4MkEz510JN9-T1ZZExq61uZ32MVPc-0JljHQSde0,3511 ghidra_assistant/utils/ga_client.py,sha256=dQeJdxL8z48WOw0cHf7sNtqlCVS3ZJ9FSTiB5om-ojM,2065 ghidra_assistant/utils/ga_server.py,sha256=gchzEPmEtT8kigVB3Jnnv35nsB2k3_dSrQ5_BD8UgUA,5067 ghidra_assistant/utils/ghidra/__pycache__/ghidra_connect.cpython-310.pyc,, ghidra_assistant/utils/ghidra/__pycache__/pyhidra.cpython-310.pyc,, -ghidra_assistant/utils/ghidra/ghidra_connect.py,sha256=UUBAzRq4WraqBewi-gH-bXyoAkydBUpVvuVYthNjoUU,13856 +ghidra_assistant/utils/ghidra/ghidra_connect.py,sha256=69JunNjWcNc4uBLw5u3S0KAzBY9yeF_QQjvnTdI2Fwg,15506 ghidra_assistant/utils/ghidra/pyhidra.py,sha256=amdhJcj4Fw3INuAqtIl7DfXNTtTwzPmj2FnyM0sNOFY,412 ghidra_assistant/utils/utils.py,sha256=Ij9FiQsuCWAA8iIWt_3aO46E5K4e5zqaA7DCeqB7sk0,7372 ghidra_assistant/venv/bin/__pycache__/rst2html.cpython-310.pyc,, diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/__pycache__/__init__.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/__pycache__/__init__.cpython-310.pyc index 859477e588173286dc789d9681cde8663fa018ae..3796ee584c44afee50dc305d849fa85c73f534e1 100644 GIT binary patch delta 19 Zcmcb?c!QBUpO=@50SK%PXH4Wi3ji=+1s?za delta 19 Zcmcb?c!QBUpO=@50SJN?g-+x?3jiD|Ke!YXD9s~=5s0Rbyi-Od%2*z74J%}d{q9k2Yb9Ec;#eF;`@d%FC@sf&^qqAyPFNs5D$~A}U>@3Ghf?h^qa=Aup(Vo^+`5gi`V(})E{HxEQrSS2I61kdSabk6JcS6xXn z40u6(#wxsOeK7g~TJ$aU0M_VgJP!?8k1uHrsUlT;4Qa+l*~I)oKhwocV*)vWlEAD$ zSzt<_B5+1vUSL6BM!=!oV2pkyg8uhBbz&S^hX&Nuy$YXOZ@V|3Q=HdU>;?W*^ej1I zFfo_s$f)i!vZN?9=zDSkzR+mTN$&+A?x5Q}kEUE7uA}q3*jCC5^|nX+jKfSZ=2~>! z{WrEK1osyA7wRIt$kCPyxwbr+W7jCvYtY@423dNXN=LkEFsiFQRnZkyQN3z_Gen4{FPtKy152pA)(Gf_-%Cz>j}D9;ym2>EC4ha} zOFxGXG@7Y{MO&FJ{mQJ3M=VV|KPjjQnu6PcdBKX{mS9!T7Ay$5)Jdo4T{a&6#7kS} z^abc3+kW%NqFRIEoD*!*etsIh)9?KC&>hh%)0Lxp z*ZdU7YfoA2Y~=EwS_)^wZeRWTBRFeIc+ zqJV}@%^W4numz9oiqRm3Pv1CD7TtH4X5C$l;nMw6jn1{*i^4SXlF78+s=}(|CfsgK z+%WF;qQrBfv`^w_)wQ4o2%!P6s5a1C`SQ49Y7xfcL{+cXhH~S;SL>B-rhYa$bG^$z zCD*YWc}bM0@`P_UxMqQ?Yg2D@<3`thT2A;*qxwxtn7An%beL+FFMNRQ@{8{o8#apH EKR0_-p8x;= delta 164 zcmZqVn#RGG&&$ij00cpcLeoAnZsa@2q|XH8g0M3X7s~*N5{4AUW=2Ma62@kRT80{i zET#p_3mIw|Q<#DoG?^zWG203IX|mj6$;?a3FJcC2DB=MUleJkS4VZ2*r6=BEPDv~& x;s8m22~HsE7E5koW*#4qRm=t?I9S*i`522tCO5MK|N#{~d5gaudt diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/definitions.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/definitions.cpython-310.pyc index c65de3eb71cdf32ce35ef5b801add1fc4b6e0e84..ed8f90d83e09eb2127d06e998b203c8452d48f94 100644 GIT binary patch delta 20 acmZ3WxK}YDg*#AK~T diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/ga_server.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/ga_server.cpython-310.pyc index 0fcd17dd4f2f957e6727524d395627e723e8f57a..da8c2e824481e957e7af11af3b99f9153bc70e3d 100644 GIT binary patch delta 20 acmeyS`Aw5MpO=@50SK%PXKdttEdl^QV+H*H delta 20 acmeyS`Aw5MpO=@50SJN?g>K}2Edl^P<^|yZ diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/utils.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/utils.cpython-310.pyc index 8f51c221ea6e92a849879625827df9f10a33ffed..daec8e54f8b961f47bb2f102a1d7de3cbac7b2b2 100644 GIT binary patch delta 20 acmX@?bl8bIpO=@50SK%PXKduQPy_%v`~@Qb delta 20 acmX@?bl8bIpO=@50SJN?g>K}wPy_%ve+35s diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/__pycache__/asm_utils.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/__pycache__/asm_utils.cpython-310.pyc index 18629211e04a0e56ea888cfdd42b7a79f9246b4c..de1d92a486e28b02e65526c079fc28d6ad33637e 100644 GIT binary patch delta 20 acmbO)Ghc=~pO=@50SK%PXKdsa;R66K@dQ`^ delta 20 acmbO)Ghc=~pO=@50SJN?g>K{);R66KbObyA diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/armT_processor_state.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/armT_processor_state.cpython-310.pyc index 2916e226e63d7052ae1b0d74d0fe9bf93c88918b..e8b4c15155292a5627c8ba779081f37a2122c979 100644 GIT binary patch delta 20 ZcmZn-Z4Kql=jG*M00OJS85_B)v;Z{$1sDJT delta 20 ZcmZn-Z4Kql=jG*M0D_=Jp&PlYv;Z`O1pEL1 diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/arm_emulator.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/arm_emulator.cpython-310.pyc index f3bb444001b9e0e7750c97dee6d2cb5c6af0cf20..3e037e50131acb9c99a7ee2012f40c61672bb58c 100644 GIT binary patch delta 629 zcmW;GOGs2v9LI5gGlNbu-Y93rJFj!++<62wZEHdhN^2u_FTJdwg-xT~Ae~!|(87g1 z76nG)zeQ0{K~f6~;|4~w2y`J-V$s5dM2nCZitI^?iVpw(;=u32cX3`=zbvh)X`u#n zZL?1Qok!YJKhDy;zo#J8?HhL8>gn2$ELUre+_87JJUUpB`<>x|vK**Z`i8uC;2WS( zxN!z)nr&Qwq=}{pY@kAL2}SxBe1H;7trW9-r==b zKe}mT{VN=zu9i#TBkDWfed=lP(N{f3h#2Ul*Abmckxo=dCby9n5pb0C<0Nl4D&TT6 z8MRSURwNnQgfndAn2izc>M?;)woI#y3vBmV1un8JD;s00=mO(x*L53L+03}WHMX9( zjhk%ml-*{FBy8MeyO9vM&$g&+O4$KS^S+$4@tB)fO5h1wSIWjSwl~V2vo)n{%&}cb z3(T|4DSOG*Ed&;6!AQ_~Vd1T^BK;Kxme{r!9a!dW+7NiJ>^MH~9?S@Qc*MCo(xAX2m|?;ztn%$I2_A$kGn%?=hq5*<1Ox)2o6%l7a0yL~^;@4L6^nG>ejT&M5& z?c&(f19Qc|5MLNWIKgr@9*pi-1H$a7uOP{-`d3KtQNtDN=F!IY$g!*G9(uUmbQ$|O z-dw=}rdz5w97Mu%Kp(G~+vpD#c4iC|xEy(j5+_?PV3@Vm0#5Q)BF2$uKSuf1-p7wo z1z#-MHi$D~OKl1hVsEsa)0St!%3)gUk~N4K`Lo&;X0_QYw0oErThn%4tTEy%s^Hi#c zFRY||e3h+~R@mlb+Q&C(%T@TnZr8^z-Mze#F}dkFp;{elt{*Z$*UGV)4C^J22L5$p o{FFHsYWY9d9OyiVU0m$Eh$!uB2??Ifj>8E)WP1T4i0nCye}sv|9{>OV diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/arm_emulator.py b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/arm_emulator.py index 92ad68a..daa0385 100644 --- a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/arm_emulator.py +++ b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/arm_emulator.py @@ -8,6 +8,7 @@ from ...utils import * class ARM_Emulator: ''' Class that will interact with the unicorn engine for emulating ARM code. + Supports both ARM and Thumb modes. ''' def __init__(self, init_uc = True): if init_uc: diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/arm64_emulator.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/arm64_emulator.cpython-310.pyc index e7eb61a5d231398692d98e6c3b85624b30beae65..9f94ecb05540d5c8230479ff504b6c186ed849b5 100644 GIT binary patch delta 24 ecmZo)&)B}6kvE^0mx}=itPW?SxoqUE3I_mEu?DRG delta 24 ecmZo)&)B}6kvE^0mx}=if)<6QP1(p>6%GJXj0WKV diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/arm64_processor_state.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/arm64_processor_state.cpython-310.pyc index 30e8a0f1b93027821321e2d4c70badb6285d9aaa..d866a911c08cbfea35ca861737bd888de9da3708 100644 GIT binary patch delta 22 ccmaFAmht^sM(%uGUM>b8usWQvk^4y)09P0XGynhq delta 22 ccmaFAmht^sM(%uGUM>b82wD`nk^4y)09Km^7ytkO diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/asm_arm64.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/asm_arm64.cpython-310.pyc index 7688043921ddc3bf3a32695f75d97082a72a6b36..4f950a0a9e83f862c3d243838a645077b9b84f54 100644 GIT binary patch delta 20 acmbOyHcyN@pO=@50SK%PXKdsa<^}*R?gT~v delta 20 acmbOyHcyN@pO=@50SJN?g>K{)<^}*RaRe#= diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/uc_emulator.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/uc_emulator.cpython-310.pyc index 1647c5de6c896f80b634f7c654fe4fea82864a65..1ac0f150ec45df2501bc80452dbf5e89b31ca38a 100644 GIT binary patch delta 22 ccmX@Jf$_`+M(%uGUM>b8usWQvk=ro>08p+5Qvd(} delta 22 ccmX@Jf$_`+M(%uGUM>b82wD`nk=ro>08lXoHvj+t diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/arm64_emulator.py b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/arm64_emulator.py index fba811f..762b87b 100644 --- a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/arm64_emulator.py +++ b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/arm64_emulator.py @@ -22,7 +22,7 @@ class ARM64UC_Emulator(): def setup_shellcode(self): self.sc = ShellcodeCrafter(self.ks, self.cs) - + def get_mapping(self, address): for mem in self.uc.mem_regions(): if address >= mem[0] and address < mem[1]: @@ -33,7 +33,7 @@ class ARM64UC_Emulator(): if self.get_mapping(address) != None: return True return False - + def read_string(self, at): if at == 0: return b'' @@ -45,13 +45,13 @@ class ARM64UC_Emulator(): return s s += b return s - + def write_ptr(self, at, ptr): return self.uc.mem_write(at, p32(ptr)) def read_ptr(self, at): return u32(self.uc.mem_read(at, 4)) - + def add_breakpoint(self, at, target_fun): self.uc.hook_add(UC_HOOK_CODE, target_fun, None, at, at + 1) @@ -106,7 +106,7 @@ class ARM64UC_Emulator(): @sp.setter def sp(self, value): self.uc.reg_write(UC_ARM64_REG_SP, value) - + @property def lr(self): return self.uc.reg_read(UC_ARM64_REG_LR) @@ -114,7 +114,7 @@ class ARM64UC_Emulator(): @lr.setter def lr(self, value): self.uc.reg_write(UC_ARM64_REG_LR, value) - + @property def vbar_el1(self): return self.uc.reg_read(UC_ARM64_REG_VBAR_EL1) @@ -122,7 +122,7 @@ class ARM64UC_Emulator(): @vbar_el1.setter def vbar_el1(self, value): self.uc.reg_write(UC_ARM64_REG_VBAR_EL1, value) - + @property def vbar_el2(self): return self.uc.reg_read(UC_ARM64_REG_VBAR_EL2) @@ -130,7 +130,7 @@ class ARM64UC_Emulator(): @vbar_el2.setter def vbar_el2(self, value): self.uc.reg_write(UC_ARM64_REG_VBAR_EL2, value) - + @property def vbar_el3(self): return self.uc.reg_read(UC_ARM64_REG_VBAR_EL3) @@ -138,7 +138,7 @@ class ARM64UC_Emulator(): @vbar_el3.setter def vbar_el3(self, value): self.uc.reg_write(UC_ARM64_REG_VBAR_EL3, value) - + @property def elr_el0(self): return self.uc.reg_read(UC_ARM64_REG_ELR_EL0) @@ -146,7 +146,7 @@ class ARM64UC_Emulator(): @elr_el0.setter def elr_el0(self, value): self.uc.reg_write(UC_ARM64_REG_ELR_EL0, value) - + @property def elr_el1(self): return self.uc.reg_read(UC_ARM64_REG_ELR_EL1) @@ -154,7 +154,7 @@ class ARM64UC_Emulator(): @elr_el1.setter def elr_el1(self, value): self.uc.reg_write(UC_ARM64_REG_ELR_EL1, value) - + @property def elr_el2(self): return self.uc.reg_read(UC_ARM64_REG_ELR_EL2) @@ -162,7 +162,7 @@ class ARM64UC_Emulator(): @elr_el2.setter def elr_el2(self, value): self.uc.reg_write(UC_ARM64_REG_ELR_EL2, value) - + @property def elr_el3(self): return self.uc.reg_read(UC_ARM64_REG_ELR_EL3) diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_mmu.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_mmu.cpython-310.pyc index 67fb59de923b1cd2f569856b120a1bd35a0eb247..a6aaa1970072bebcfc1f326a2308b158c8db9e81 100644 GIT binary patch delta 20 acmdnSv5kW}pO=@50SK%PXKduwW&r>&uLNrV delta 20 acmdnSv5kW}pO=@50SJN?g>K~5W&r>&G6YWm diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_pte.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_pte.cpython-310.pyc index 5d0b0b7da8b63d3fb837cab84d17d3b2e00ce324..a844929afd77f375df9df7a55c06e553abf16dcc 100644 GIT binary patch delta 20 acmca;ebJgbpO=@50SK%PXKds?CJO*PECss& delta 20 acmca;ebJgbpO=@50SJN?g>K|NCJO*OuLYj~ diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/mair_eln.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/mair_eln.cpython-310.pyc index 77295e100eb4cffb9d81bb365d42d53f4ed3531d..cedb47ba470c677bf6c55516330da1a776c3bc73 100644 GIT binary patch delta 20 acmeyw^NEK$pO=@50SK%PXKdt7X9EB_p#>=b delta 20 acmeyw^NEK$pO=@50SJN?g>K|dX9EB_Bn1rs diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/pagetable_arm64.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/pagetable_arm64.cpython-310.pyc index 2291f5b7734465e6fb813fea7f82f5502b318287..2b7a4bfb483f617abd38be52dadc5ae02e1bf7bc 100644 GIT binary patch delta 20 ZcmeA*=r!QZ=jG*M00OJS85_BoBmgh_1XKV3 delta 20 ZcmeA*=r!QZ=jG*M0D_=Jp&PlGBmggd1ULWy diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/ttbr0_eln.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/ttbr0_eln.cpython-310.pyc index 4a7bae292b79a205e1a7b77c58f46038ab6e93f1..a5210b01c8c55ccff72e7ef570617ad9c2b49139 100644 GIT binary patch delta 20 acmdnNwS$X0pO=@50SK%PXKduwWd#5+NCb8O delta 20 acmdnNwS$X0pO=@50SJN?g>K~5Wd#5*%LG~g diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/current_el.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/current_el.cpython-310.pyc index 5e92b0e8c858a1463b630c2480ee2d974b320722..248a853d9a48bd853c0375aeb25390cb89152e6b 100644 GIT binary patch delta 20 acmX@fagu{OpO=@50SK%PXKduQV*vm&rv#(` delta 20 acmX@fagu{OpO=@50SJN?g>K}wV*vm&Dg=lC diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/sctlr_el1.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/sctlr_el1.cpython-310.pyc index ff0a1d39f4cd54175c3500ea615b254f5c5a4b55..46dbd7e17e2bf71e66542129680d53c4b5d86503 100644 GIT binary patch delta 20 acmca5a!Z6epO=@50SK%PXKdv5=K=sY1qAf~ delta 20 acmca5a!Z6epO=@50SJN?g>K~b=K=sXhy>XH diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/sctlr_el3.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/sctlr_el3.cpython-310.pyc index 7435cadf90ad408398ccd189620e386dbd212ff5..37671718e6899a30e48813973ac18566d8f9ab92 100644 GIT binary patch delta 20 ZcmZpaZj|QE=jG*M00OJS85_CFcmXUN1bYAg delta 20 ZcmZpaZj|QE=jG*M0D_=Jp&Pl&cmXS)1YZCE diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/tcr_el/__pycache__/tcr_el3.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/tcr_el/__pycache__/tcr_el3.cpython-310.pyc index 0bf4dcaeb3a0673484f5a850be2b71bd33f77e75..94ec00493dc7cbab3242c72da1e4e9ede227429b 100644 GIT binary patch delta 20 acmbPaI?0qfpO=@50SK%PXKdtdmjVDXc?9nO delta 20 acmbPaI?0qfpO=@50SJN?g>K|-mjVDW`~=eg diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/tcr_el/__pycache__/tcr_elx.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/tcr_el/__pycache__/tcr_elx.cpython-310.pyc index 2123d089df899446e3c22f62222f6a7b6eb230fd..1e099c21057de1a383fcfb7ac2ab5ba8b5444045 100644 GIT binary patch delta 20 acmbQpIgyh)pO=@50SK%PXKdtdV*vmx3j}@u delta 20 acmbQpIgyh)pO=@50SJN?g>K|-V*vmwjs#)= diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/base_arch.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/base_arch.cpython-310.pyc index 35ccad1ef4a3617b3c9ecabd0af1753d629127a5..797516f3f3820b314286b398d7dd7c7bc35a6cc4 100644 GIT binary patch delta 20 acmca9bW?~spO=@50SK%QXKdv5;{*UVn*{Cv delta 20 acmca9bW?~spO=@50SJN?g>K~b;{*UV7X;A& diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/ga_arm.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/ga_arm.cpython-310.pyc index 6959c3ef5368855b3ae9a8805b2686512979b9ff..47eaa245f93c062e22b55b8394f24435c054f3b9 100644 GIT binary patch delta 20 acmZ1?wM2?LpO=@50SK%QXKdt_K}QK|dR004&Fa?JI diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/ga_arm_thumb.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/ga_arm_thumb.cpython-310.pyc index d85d65c13af5dc34f215fcb637bcc61d465f4363..c0c5f7504d0dc285767deed1dd6d81931dc837ae 100644 GIT binary patch delta 1224 zcmZvb&ukUs`Nl!U(Y^|GwgfzO7k~xIQjDv0;PFUzSFI}rb}3emag8U? z7h8aKX0h$$!>D>Q3N1B=Q#@z5wLbd7!ksR3?sLZj*FNo4r-K=L*0+ON%|2bLPTNy8 zVVB12b7D5|LUrWJ(%9eXo>HkK0OMW~*b5usXkiS)!+50B{6Nf22BG?mJ9#Qph39fP zAMY4-RIvipVZ!BHc)lO1+zs4NBbgV7)wmX64XKi6yfe*wmD!q!4nKvkz<_qJ6a!58 zhwrNDU_6+EJcN^=Z@1rN*69FRa^*_NWtkr2yD2-t;6?&$*%+oiAnh=c|(yKX3zYL5j>F z_(DF;%;O&hk9>r1lXNypjKV_e0DLEEPuP(Zr6U_p@&lNz* zA9I(oln`70rijhFRm7AYZ*Zr^kZ@6a)I-!E@pl$0Pb6Jhn(z-RGEA$YpUlVjcJxm+84bTKlavP-W zG-Zb79W+gw)|`5nHq#cquhLd}gxkmyK@{}pw4fceqOc`L%PS=9C^tH{N#>8(H#$1X z2v1tUIw~T^+2JuklPu>lyIC?VsaRr5b0te$H0Ex@s+jUxH4A3m5}9dG2*|U(g%e`V8`c?F597?D1!&Zs8CQm(v@n=iZbB+FC~0c zx}gvp+Q}ZWwC+@#6`@{CUIHS`J#rUN9az& z54Dpd!58@)MnzsE&WdFaIlFC@NSr(aZ}ff`1^E#6GVhALkE&!HK1C<@_h}eXv4r#z zrTTdv>*0E=R!X8s3?9VVr;p*u2}BQ~4>5okL<}L$A|38=DCoUQK;;keNbMeRj04-_C;s5{u diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/ga_arm_thumb.py b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/ga_arm_thumb.py index b1500f3..961ec88 100644 --- a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/ga_arm_thumb.py +++ b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/ga_arm_thumb.py @@ -10,6 +10,15 @@ class GA_arm_thumb_debugger(BaseArch_debugger): self.ks = Ks(KS_MODE_ARM, KS_MODE_THUMB) self.sc = ShellcodeCrafterARMThumb(self.ks, self.cs) self.state = ARMThumb_Concrete_State(storage_addr, self) + + def memwrite_io(self, address, data): + assert len(data) < (0x20 - 12), "Data length is too long for IO write" + self.write("HWIO") + packet = struct.pack('4KWB?L3IS=;&W{;*t=$S z2(Y-TeYQ9X{DC_py$lm z=8=)^H)qbAd*;k}&7GYmA(EXnE3DyI``*aV>2(()+pI_%(=<;TV4w}?uvzZ6o+v;) z#3rsI`{^z=fQgTCe99Y!3LaLU?X(nJRdgoX{m3O zcLt7!hIDiQeckxwYy_eCc!NHT(;~$x*4`t+%cXQ4!F9y|SMXY-s!&I~;GTU-<^V2k zlP;U(Bae@yfxAm4x8!g2=<5_4D_{q2IwW7X=I`@)9B@|pj#b{`S`RI4_xj}OrENZwGA35IW;UK$a)o>tw;#1$jEO; z4f(&CIUOdNsH2eqUq7co@Vw!hV84t8qnzm*5K_j6(Z4g~s^~I{zl=KM;pipyg6yc> zGLn2I=ZTH(;QnErJ(vL%fHoI^cRKlK${EUXhgMEHmhe{*D%K!{v!bJiUX!);v*ql%Sj5L2m1bcx$r{Ql>-rdbQGS1RiJg$0^

) z#Qjq;9=pO`lfRE$OPnWluOp<4s%jPJvr6C9c#NHuH{&A~KaLWzFR_9BsQhZeX6%xD zz2OM^ak*iR$=JnmQ*xosF3ax5wYXD2JS*R6e3rc>8=DTX8yKku`HQAR=y!D3OQh;* z({A>r;%{z_vJd3b%`aKM!Ho;@PtD8ON9DQm0<7ax68{OoS%T*YK14_bs-`L~G58m9 ztFwyzu{`0d)ffJpI9&vkp!`LGKNH+UsF;Ubp5dqE&H1b1bYjI!XNIyBo8m-;$dAiq zt*htW(|v}7Lhf^Jdeq%J>fu@F>zQE;+nzCREX$AlQ@+uOylA&@i zEL<*5FvRP+udRX-jwT1FK@yPq)j?wN<%~Cnf|3dy( zb+APh$9HJ03cZUcRVFF}ZqZU@02TZLEl0)qAH@BF;0#qkA*Aj}bw~73Gf?46&v6S_vf`?KVoMGQMalJ0q_wTFKUw z|Fx)-vAeRRZ5`WM-ra_a%ko6(NtTw^Q_Eu#6{Hw1tEnet^!N9qTIIWDOt!T*7f#R_ z>hP09{ea*cLd72E*>R7HBb-`#C4eQ0mBxQY0>31g(anQ6dHW*_O$aL`sx;Qk`?jO57#{@|`ujdHJ zG83zDV=$ISvt*kJ>P&F{qxYZD&8Ufq35f>dViWz(m?awH^dJ34p9f6vF7N00_1^b= z?tR}S{QHPe3I+oTKZoCXd?MNZfpN%d{K=uE|h4TiCyqPz(CpcR}l za1a|g28l6(O%)}77e=v}Z7s&Ig>4<~!#E}?kPl%J+c;B??I)B86;s$z(ehzTM2VjID3%&=|3A zbH;(vbjhA9o=8ql7OgT}3w;Qu=!yCVyu(M!mP6l!!;wsKs&J~1EzCIC&Dq%}?;9IC zbcAly$M31umYss_JZ2Y)<-&1ivQ)Hpb31m4Q8lb0{;y(cwjs51Qd1q=D810=Z9Bhq-FO*${o#e zaGi>|hhT(0%Juo*V*wKmnsNG6YoJI^{LBT>y(qf+NxO8?vYlC5&b8{}OXgU%{f10< zTd*ehSn#=EL-4KOJArJ;*5=$6?{~ppf`0^jxfQ!kylsRyr1hS_-hJ%oN&xhox}kgi jdo|s!`U0SNYC!ktnyv>tdX3@JW1DqfAgre;*89i59akIL diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/ghidra/__pycache__/pyhidra.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/ghidra/__pycache__/pyhidra.cpython-310.pyc index 9298aa0ad0655b60706788e01b4a6274d84b037b..5f4c1f7dc18f5daf6d191b377a128af4d334b2f7 100644 GIT binary patch delta 20 ZcmZo?Z)fMu=jG*M00Qg785_B4m;ov|1Y7_B delta 20 ZcmZo?Z)fMu=jG*M0D_=Jp&Pktm;ouZ1U~=( diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/ghidra/ghidra_connect.py b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/ghidra/ghidra_connect.py index eafa74c..ecad3e5 100644 --- a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/ghidra/ghidra_connect.py +++ b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/ghidra/ghidra_connect.py @@ -109,14 +109,25 @@ class Ghidra: def _jaddr(self, addr): # The string that's fed to getAddress NEEDS to be hex for some godawful reason return self.address_factory.getAddress(hex(addr)) + + def _jbytes(self, dat): + return bytes(dat) + + def startTransaction(self, name): + self.stopTransaction() + self.transaction = currentProgram.startTransaction(f"Coloring lines") + + def stopTransaction(self): + if hasattr(self, "transaction"): + currentProgram.endTransaction(self.transaction, True) - def set_background_color(self, addresses): + def set_background_color(self, addresses, color="java.awt.Color.YELLOW"): ''' Highlight a list of addresses ''' tr = currentProgram.startTransaction(f"Coloring lines") d = self.bridge.remote_eval("[currentProgram.getAddressFactory().getAddress(addr) for addr in addresses]", addresses=[hex(addr) for addr in addresses]) - self.bridge.remote_eval("[setBackgroundColor(addr, java.awt.Color.YELLOW) for addr in d]", d=d) + self.bridge.remote_eval(f"[setBackgroundColor(addr, {color}) for addr in d]", d=d) currentProgram.endTransaction(tr, True) def clear_background_color(self): @@ -264,6 +275,36 @@ class Ghidra: #name: unicode, start: ghidra.program.model.address.Address, fileBytes: ghidra.program.database.mem.FileBytes, offset: long, size: long, overlay: bool) -> ghidra.program.model.mem.MemoryBlock: self.memory.setBytes(toAddr(start), bytes(data)) currentProgram.endTransaction(tr, True) + + def mmap_region(self, addr, name, size, read=True, write=True, execute=False): + tr = currentProgram.startTransaction(f"Mapping memory region {name} at {hex(addr)}") + self.memory.createInitializedBlock(name, toAddr(addr), size, 0, monitor, False) + block = self.memory.getBlock(toAddr(hex(addr))) + block.setPermissions(read, write, execute) + currentProgram.endTransaction(tr, True) + + def write_mem(self, addr, data): + ''' + write data to memory, if region is available + ''' + # check if address is in a block + block = self.get_memory_block(addr) + if block is None: + warn(f"Address {hex(addr)} is not in a block") + return + # check if len(data) is too big + if len(data) > block.getSize(): + warn(f"Data is too big for block {block.name}") + return + tr = currentProgram.startTransaction(f"Writing memory at {hex(addr)}") + self.memory.setBytes(toAddr(addr), bytes(data)) + currentProgram.endTransaction(tr, True) + + def get_memory_block(self, addr): + for block in self.memory.getBlocks(): + if block.contains(toAddr(hex(addr))): + return block + return None def get_function_decompiled_code(self, func): # decompile the function and print the pseudo C diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2html.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2html.cpython-310.pyc index aa076982d6fd17fa731a2d431449fc814d8a446c..7e883810c3d5b064ba380c5090d57be792c2d40d 100644 GIT binary patch delta 20 acmey&@|lG@pO=@50SK%QXKduoU;+R+tOXeW delta 20 acmey&@|lG@pO=@50SJN?g>K}|U;+R+CK}2!~_62Tm@_Z diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2html5.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2html5.cpython-310.pyc index 761a4bf880533a1a7e86c9c8bec9ae5bd304c9b0..f9edf06abfc8bf0c6ebaa0a16ed35155696d6aca 100644 GIT binary patch delta 20 acmbQuI-8X{pO=@50SK%QXKdu2zyts-5CoF| delta 20 acmbQuI-8X{pO=@50SJN?g>K}Yzyts+j0AQ7 diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2latex.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2latex.cpython-310.pyc index 74eac09d9b679697a396ca36bef9a6249209b8c1..4840eec5850b4315819bc48549b1f5f429a1f458 100644 GIT binary patch delta 20 acmeyt`h%4_pO=@50SK%QXKdtt%LD*Bm<6f; delta 20 acmeyt`h%4_pO=@50SJN?g>K}2%LD*B6a|d{ diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2man.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2man.cpython-310.pyc index fdf96e2c75e508892453a7a034f438da399a5efa..db459b2377cc46c20cd3d66b7d0f6a7053ea0978 100644 GIT binary patch delta 20 acmX@ldY+X#pO=@50SK%QXKds?!UO;{Fa<9F delta 20 acmX@ldY+X#pO=@50SJN?g>K|N!UO;`tOXJP diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2odt.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2odt.cpython-310.pyc index 73833b9fd7bc1947dc93904438cd2a572e32c304..022a36ac55a196a7fb6b4e80b875665d65198ed6 100644 GIT binary patch delta 20 acmZo=Yh~lk=jG*M00Qg785_BOF#!N7#01j- delta 20 acmZo=Yh~lk=jG*M0D_=Jp&Pk>F#!N7Km@h` diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2odt_prepstyles.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2odt_prepstyles.cpython-310.pyc index 3eee140776d587b95ec5ebe6232b80b96a302792..0bb3fbd923718dc5364ab55e7f7b5a2562d7b414 100644 GIT binary patch delta 20 acmZo+YhmNg=jG*M00Qg785_BOG64W8oCMGS delta 20 acmZo+YhmNg=jG*M0D_=Jp&Pk>G64W87zDEb diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2pseudoxml.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2pseudoxml.cpython-310.pyc index 2a89816f35a600e77ff35158b811407868afbf3f..7344c1d7fc665d5ac692a4c0171d55dce0cf8ac0 100644 GIT binary patch delta 20 acmey#@{@%-pO=@50SK%QXKduoV*&s=oCPZY delta 20 acmey#@{@%-pO=@50SJN?g>K}|V*&s=7zGXh diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2s5.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2s5.cpython-310.pyc index c6768195b4a7ff0eb72dc8802580d2e3d67e62ab..41623d484af12f00e6ea95af514fc35eabfdb6f2 100644 GIT binary patch delta 20 acmZ3$x`35CpO=@50SK%QXKdu2$^-x{*aV^g delta 20 acmZ3$x`35CpO=@50SJN?g>K}Y$^-x{R0M?p diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2xetex.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2xetex.cpython-310.pyc index 01ba4aa50a1c2fa053f58db7fc55041ea25b3576..945d60ce7193477d3dee9cddfdc0d396a50d390d 100644 GIT binary patch delta 20 acmX@dc8-lZpO=@50SK%QXKdtlW(EK>Ed;Ls delta 20 acmX@dc8-lZpO=@50SJN?g>K|_W(EK=sRWV$ diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2xml.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2xml.cpython-310.pyc index c821c79a3bb43e34ba606163abcf4563056efc04..867c9bb76dc2db8a0f0af893f6d593a4002f92be 100644 GIT binary patch delta 20 acmey(@|%S_pO=@50SK%QXKdsyU;+R->;*9Z delta 20 acmey(@|%S_pO=@50SJN?g>K|7U;+R-Xay7i diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rstpep2html.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rstpep2html.cpython-310.pyc index d692a0d8b3af53f84028ead04bb9daf87371d73d..3515c4adfc760633a2e890fcbd45477691a9b633 100644 GIT binary patch delta 20 acmdnax}B9fpO=@50SK%QXKdtN!vp{^a0KT7 delta 20 acmdnax}B9fpO=@50SJN?g>K|t!vp{@>;%dH