From 72c6cfa33d23a5fa4a9de9faa441debbdd17dfb3 Mon Sep 17 00:00:00 2001
From: Eljakim Herrewijnen <eljakim.herrewijnen@gmail.com>
Date: Fri, 3 Jan 2025 16:34:13 +0100
Subject: [PATCH] update

---
 GA_debugger.py             |   6 +++---
 Readme.md                  |   7 ++++---
 imem3_bct => bin/imem3_bct | Bin
 3 files changed, 7 insertions(+), 6 deletions(-)
 rename imem3_bct => bin/imem3_bct (100%)

diff --git a/GA_debugger.py b/GA_debugger.py
index a6d4fd9..a50225a 100644
--- a/GA_debugger.py
+++ b/GA_debugger.py
@@ -139,7 +139,7 @@ def dump_full_dram_context(cd : "ConcreteDevice"):
     
 SETUP_SDRAM = 0x00101a14
 def attempt_boot_bct(cd : "ConcreteDevice"):
-    dat = open("imem_good.bin", 'rb').read()
+    dat = open("bin/imem_good.bin", 'rb').read()
     cd.memwrite_region(0x40000000, dat[:0xe000])
     cd.write(b"MAIN")
     cd.arch_dbg.state.auto_sync = False
@@ -359,7 +359,7 @@ def hw_init(cd : "ConcreteDevice"):
                     pass
                 elif cd.arch_dbg.state.R0 == 0x77:
                     # In nvtloadbinary
-                    dat = open("/tmp/bootloader.bin", 'rb').read()
+                    dat = open("bin/bootloader.bin", 'rb').read()
                     cd.memwrite_region(0x83d88000, dat[:0x90000])
                     cd.arch_dbg.state.R0 = 0
                     cd.restore_stack_and_jump(cd.arch_dbg.state.LR)
@@ -380,7 +380,7 @@ def hw_init(cd : "ConcreteDevice"):
                     elif b"corrupted" in msg or b"GPT failed" in msg:
                         # Restore bootloader
                         print(msg)
-                        dat = open("/tmp/bootloader.bin", 'rb').read()
+                        dat = open("bin/bootloader.bin", 'rb').read()
                         cd.memwrite_region(0x83d88000, dat[:0x90000])
                         cd.memwrite_region(0x83d90260, ks_thumb.asm("mov r0, r0", as_bytes=True)[0] * 2)
                         # cd.memwrite_region(0x83e130e6, b"\x00") # Fastboot unlock?
diff --git a/Readme.md b/Readme.md
index 10b989b..bb1a927 100644
--- a/Readme.md
+++ b/Readme.md
@@ -5,7 +5,8 @@ The exploitation work for this device is done by (LordRafa)[https://github.com/L
 To build gupje, see the readme in the gupje_t/ folder.
 
 ## Usage
-
+Run the exploit code with a *target* binary to run on the device.
 ```bash
-python3 exploit.py ../bin/nvidia_shield_t/
-```
\ No newline at end of file
+python3 exploit.py --ga ../bin/nvidia_shield_t/debugger.bin
+```
+
diff --git a/imem3_bct b/bin/imem3_bct
similarity index 100%
rename from imem3_bct
rename to bin/imem3_bct