From a1ab8650bc16d10a1f20e8aac3e67ccf958a990f Mon Sep 17 00:00:00 2001 From: Eljakim Herrewijnen Date: Thu, 30 May 2024 10:15:36 +0200 Subject: [PATCH] added hw device in the loop emulator --- GA_debugger.py | 23 ++ __pycache__/hw_in_the_loop.cpython-310.pyc | Bin 0 -> 861 bytes __pycache__/partial_emulation.cpython-310.pyc | Bin 0 -> 7116 bytes blog/part2.md | 37 +++ hw_in_the_loop.py | 19 ++ partial_emulation.py | 203 ++++++++++++ .../ghidra_assistant-0.0.1.dist-info/RECORD | 4 +- .../__pycache__/__init__.cpython-310.pyc | Bin 216 -> 216 bytes .../concrete_device.cpython-310.pyc | Bin 8551 -> 8551 bytes .../ghidra_assistant.cpython-310.pyc | Bin 1046 -> 1046 bytes .../__pycache__/__init__.cpython-310.pyc | Bin 222 -> 222 bytes .../__pycache__/bit_helper.cpython-310.pyc | Bin 2777 -> 2777 bytes .../__pycache__/definitions.cpython-310.pyc | Bin 4768 -> 4768 bytes .../__pycache__/ga_client.cpython-310.pyc | Bin 2712 -> 2712 bytes .../__pycache__/ga_server.cpython-310.pyc | Bin 5366 -> 5366 bytes .../utils/__pycache__/utils.cpython-310.pyc | Bin 8515 -> 8515 bytes .../__pycache__/asm_utils.cpython-310.pyc | Bin 3615 -> 3615 bytes .../armT_processor_state.cpython-310.pyc | Bin 10885 -> 10885 bytes .../__pycache__/arm_emulator.cpython-310.pyc | Bin 0 -> 10059 bytes .../utils/archs/arm/arm_emulator.py | 291 ++++++++++++++++++ .../arm64_emulator.cpython-310.pyc | Bin 22412 -> 22407 bytes .../arm64_processor_state.cpython-310.pyc | Bin 22255 -> 22255 bytes .../__pycache__/asm_arm64.cpython-310.pyc | Bin 2846 -> 2846 bytes .../__pycache__/uc_emulator.cpython-310.pyc | Bin 22604 -> 22604 bytes .../utils/archs/arm64/arm64_emulator.py | 4 +- .../MMU/__pycache__/arm64_mmu.cpython-310.pyc | Bin 1078 -> 1078 bytes .../MMU/__pycache__/arm64_pte.cpython-310.pyc | Bin 7633 -> 7633 bytes .../MMU/__pycache__/mair_eln.cpython-310.pyc | Bin 1650 -> 1650 bytes .../pagetable_arm64.cpython-310.pyc | Bin 6157 -> 6157 bytes .../MMU/__pycache__/ttbr0_eln.cpython-310.pyc | Bin 1336 -> 1336 bytes .../__pycache__/current_el.cpython-310.pyc | Bin 1097 -> 1097 bytes .../__pycache__/sctlr_el1.cpython-310.pyc | Bin 2650 -> 2650 bytes .../__pycache__/sctlr_el3.cpython-310.pyc | Bin 3457 -> 3457 bytes .../__pycache__/tcr_el3.cpython-310.pyc | Bin 6802 -> 6802 bytes .../__pycache__/tcr_elx.cpython-310.pyc | Bin 1169 -> 1169 bytes .../__pycache__/base_arch.cpython-310.pyc | Bin 2393 -> 2393 bytes .../__pycache__/ga_arm.cpython-310.pyc | Bin 3364 -> 3364 bytes .../__pycache__/ga_arm64.cpython-310.pyc | Bin 8812 -> 8812 bytes .../__pycache__/ga_arm_thumb.cpython-310.pyc | Bin 5761 -> 5761 bytes .../ghidra_connect.cpython-310.pyc | Bin 11258 -> 11258 bytes .../__pycache__/pyhidra.cpython-310.pyc | Bin 903 -> 903 bytes .../bin/__pycache__/rst2html.cpython-310.pyc | Bin 627 -> 627 bytes .../bin/__pycache__/rst2html4.cpython-310.pyc | Bin 749 -> 749 bytes .../bin/__pycache__/rst2html5.cpython-310.pyc | Bin 667 -> 667 bytes .../bin/__pycache__/rst2latex.cpython-310.pyc | Bin 760 -> 760 bytes .../bin/__pycache__/rst2man.cpython-310.pyc | Bin 719 -> 719 bytes .../bin/__pycache__/rst2odt.cpython-310.pyc | Bin 773 -> 773 bytes .../rst2odt_prepstyles.cpython-310.pyc | Bin 772 -> 772 bytes .../__pycache__/rst2pseudoxml.cpython-310.pyc | Bin 633 -> 633 bytes .../bin/__pycache__/rst2s5.cpython-310.pyc | Bin 672 -> 672 bytes .../bin/__pycache__/rst2xetex.cpython-310.pyc | Bin 846 -> 846 bytes .../bin/__pycache__/rst2xml.cpython-310.pyc | Bin 635 -> 635 bytes .../__pycache__/rstpep2html.cpython-310.pyc | Bin 695 -> 695 bytes 53 files changed, 578 insertions(+), 3 deletions(-) create mode 100644 __pycache__/hw_in_the_loop.cpython-310.pyc create mode 100644 __pycache__/partial_emulation.cpython-310.pyc create mode 100644 blog/part2.md create mode 100644 hw_in_the_loop.py create mode 100644 partial_emulation.py create mode 100644 venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/arm_emulator.cpython-310.pyc create mode 100644 venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/arm_emulator.py diff --git a/GA_debugger.py b/GA_debugger.py index ba70ff5..edcb408 100644 --- a/GA_debugger.py +++ b/GA_debugger.py @@ -6,6 +6,8 @@ from ghidra_assistant.utils.debugger.debugger_archs.ga_arm_thumb import GA_arm_t from exploit import * from keystone import * from t210 import * +from hw_in_the_loop import * +from partial_emulation import * ks_arm = Ks(KS_ARCH_ARM, KS_MODE_ARM) ks_thumb = Ks(KS_ARCH_ARM, KS_MODE_THUMB) @@ -447,11 +449,32 @@ def hw_init(cd : "ConcreteDevice"): # coldboot() pass +def relocate_debugger(cd : ConcreteDevice): + ''' + Works, relocates the debugger to the end of IRAM + ''' + reloc = open('/home/eljakim/Source/gupje/source/bin/nvidia_shield_t/debugger_reloc.bin', 'rb').read() + cd.memwrite_region(0x4003c000, reloc) + cd.restore_stack_and_jump(0x4003c000 | 1) + assert cd.read(0x100) == b"GiAs" + + # And relocate the debugger + cd.relocate_debugger(0x40011000, 0x4003c000, 0x4003e000) + + + def device_main(cd : "ConcreteDevice", args): ''' Main function that will do execution for the device. ''' cd.test_connection() + partial_emu = True + if partial_emu: + relocate_debugger(cd) + do_partial_emu(cd) + + sys.exit(0) + hw_in_the_loop() hw_init(cd) attempt_boot_bct(cd) test_arm_asm(cd) diff --git a/__pycache__/hw_in_the_loop.cpython-310.pyc b/__pycache__/hw_in_the_loop.cpython-310.pyc new file mode 100644 index 0000000000000000000000000000000000000000..a1d0180abd96fda041e0d658dcf83fbc7f7d06f8 GIT binary patch literal 861 zcmZ`%&2G~`5Z+xoj@$e|1?3&ep;jx72oRmg5^myK=KHjrN1N8ly$ zN_*wRxi?PCtQ9u}b)*^1k7o9pZ#Ewc_6f+RpYNCFl#pK-?1~G)8EA<{5J44*h$NR( z_aI`5&B%lZN4PgcxYsOlAnFJYB2PNkPUMQN@NY=e5p+t9_I|?@5*|@QpD)ne6$gSd z(A#HVB#EdX5rbhk+>IQ;V1Q@*ix21WTe^_O)3T~{7A^pHE9j$+KyMMeAXBoT;RcLx zOR1LHhpaV!!XU|4GLY(W{v}-n)4bLT8B{XX^B*U?P<0uUO>UaxOQ}xz?Bw(XFV9vrx~vj$yJ^g$Hm(C95QLec^6-2U|f22umya)t!|j^KrP(3*pbawl5?}q`6?H+ zLch=X*Ltp+itcam-XYgL%;9<-sNK^iLuxY*@~V+wV6Z>Z>!QlXS)69FLGmDl8s}?V zr+Iv@^(>1P2I8~M0GzAC-RbShdWemW?swmfcnSslhx!Q`jQ-nVd(?jswbyI_A`mmY zf0_fxmG&A;AA%1Yc-6W{v)Bw~AK#7n=wdv2`zD;2-sCkG@^c->Qd=@D7TdH#ev8}q WFPodaLUbh(;S-PfbjTjN{qA2HzNJI} literal 0 HcmV?d00001 diff --git a/__pycache__/partial_emulation.cpython-310.pyc b/__pycache__/partial_emulation.cpython-310.pyc new file mode 100644 index 0000000000000000000000000000000000000000..df42c765fdf796352d002a7166e90943869780c1 GIT binary patch literal 7116 zcmb7JOK==V8J?b*ot=GZEz6eVIPuz!L)Ij+V+WD~6C}&)2aZ>cw2q0YQsdF~NLqPc z?wPfvWffA$sRRm##|bK=Np;`+xu4TTi9p8lGSL^!oDahcxYP^wIx};bR)F|1$utaaPe5!;&pB^{p@JDD{d_ zq;{iXRwIiMMs>4dRilehrg_?$Esm;Dv7+Y1dBjU_%S-a8m*TdU<}q)C$Gr?sczbx# z8|5i)FHe`_i(`C*XYOi?`z~mF4(2QjsuKbSS@qm&iH=W58PUSru1yRRuW#|o%3#&OP)+zn{}?_uQ>DhnR7DP`M5rR zshID5ozE9%FUqmLfzGwUm6@wo^XKHgevIAC3U#M>&%o%b^K(U+>7Q1$bO(jF15LC^ zXXbn{KVM=*Xy>82iFX#Sp9BcBZN^z!yRU;MdZDGCIh)g^!D_vBqT!05>{cAF+N`)ixn7%UY)HNF;(pqa4v=Jm)To4a;E8m;{C83DG}0&N z(qVq&ZEcxxlSl5R77cFkC^W!?o`5Z7EkabTBAJ0(ASZ*?krX6rJKH>6{WSJG#t`3eXp`C zqYATGdcb7NaY_}}_Z>$GSnS1kF$r)0ub&1;G7CSQrB&J5yF=_$cMH4pjObN*_9QB8 zZCkq!I#9Assdq|)N}}@tE96XU9lUEeRj*nX8*(K465a~z(i6T+gbl0p`b}S^+(x6a z;WXT!wCec}n0OpZg*1?+Dnh_3n(!#TeH*}L^h>fMv0V zjrYD%owl~7Z-bTCnu&U3+v0i<4Q$lSEw;siSP(y}-8V=C=uL2)dhY8ioW)SHB+-`a z%#u>$EHbPRH%JfQ(<&*#=hi0U(O_gu+oUaT*`QLL3rr&MvevOZ9pn>QyIz zN0?eF*WiUSnv9hp?$gdvDJX-iX#i8J5V`c|+CyT0E+eB5^lGKNB+aX+$YggiYL;=~ zxzPBH!1HCa(EyqepWXRVPCiDM zcSJex!X1*LtxA(ND^u{s3NMTR`h~MOLn(laotvMz;+&mX$aks>mlpFw8X=B=qG$2? zEknc$;K3FX8n`@5lu}Uk~isR?j+1Q4H%o zR40Q|>PkK!puHJff6v6e%=ZxS11QR*_MY~>wM9OV_8BR(4qmH4Tn&$BLwd8JQ_H$R z_T;)`>yHxIJLOz7+z_E9qH)_8Xayj!Fp%C$ho6q18LmWzglc?w&QR>wg`UCsr0 zN|R<0d#Eqg^gZElH*km8AXDUSoMvZRiXe)jS!S}3T^PNV5FXTM_(TmQ6 z=|2NtvExkFDIATmF=nRizpFBC|I3CSFeCQIX&9Wz>^JpKT9dNnm*d+)A^6+Y$Ive6RAZnRLF0BM4ZN)!WtULg(dvR{= zvP#62=iNz}2l|H6X-dg^c-@p-T*gA;G=Ucgd=)@t*}ah}3Q(5aYf)>8Ycw()`ec=O z!9B=5;kVjrC-HiUrd63pFC7u&2_3vDuR5rY83)*yet_9JQj-0BGTxcZ-z8wO4<%qq zBT2w(NaDH9je9ybC#gku$XcmAGSqG=H)|DI@oN2cR-Ak$d-P-xNucfeVe}Mac#k4W z>)DFPMWl{A%W(ZFA_k%baGaBlI0>n(I~DP%LE{+kYj{=An9wIoQy=h>14-KeZ4}6Q zUb2XfR)VNNk_?Kt@^N8G3}0hxNIOolxHZ;0q}iJZ%$)4adJ41JTt}37rJcn1MB8fHle8miOINsGM?b|ccc?$w z*KeTz)=+2p=CUPcZOfCY64-4MXmySGQN7N>8`bwxQ8hT%@tw__uxnHbd17Z$M7M)_Yo^Z%27Tw$85~sIivQA-@}6+1J1zaQiYu70 zWn{mS^(o#i@M^V`ok!lEU3SaJ5sHWyb#zF59v-SxZz2(l2)DL^EiadA9O)nON|gHi zb9hhTJuSWj1kp2kMXA(Zp6>*oz7S86kOl|@{bI#OiYZnc;)gG-`tmYJlB_K4k`sQ2 zTQspxNKqOIrV8accA|pfTNvFy^LH@Rp9V-WUB!J9K4g^61@zNRI|)us^j=-h=yCQG zGe1e=+yFoG?+N4*I_0Ea{69FYcq(4SvZ4e~6fRXsJ#$u=AH9aUIvJ@bI6HSPAEr#4 z26{BGbMi@Do0%^#YC*2$oD2*brdK1CZ0ZG4CFS0nla!iDLjxX zQ?Bv}RFqRe;DehaH>mO)*hkm>8HEAQ*F~j`d^83?=5$~AJ|OF7U}OuL7)J-rN2wJr zP-&mKb`X!DRkQ&fm?2YkGCxv_VOxmrWC0(b+oz>7IwW&)mt=NE`a4R$(+J*DloCn^ zbm&w9B;#cQ&H7j{wH8|V;&huGcg+_8v$=8Ly5c~{d%=4UP~+ z9J9Uo&dfuCpn1w4{FzOcZ~T=_E7z1W#Sdxbo+*UV=v=w|h`I(1KpqO2|Cww47C1@{ z7C9lab^P;hH^)dZ>8_=a+e>$_HMi>F4mR#M)jDrhsGfA3TTQnT_Ncp5@der?DW}L0 zI6~kk0d)+aBZWE}h+|Z%5FlqMZV>nZfgc0NROha?Dn>s}9J!^o*>3mS%YpfUc@Hk$qAoPB|HB z;q@(}+rlv03@<~?a7sm@qL?TFyPigYGhVeB3QBERg}*ef<6f=zpTO^FNgIIfn&_TZ z{DdZ$lolc_k`h6;W?}?DJ{#U>JGi+H|FoHE2IY!B<%-fO!79C-{~78+9^N&4xFNhK z&ki?Fl{$X};rf>T2~t9osp4x_^UmzW{OsjRg$puqVWxMxt1b`1y9dhb1(73S1mXk| z1d;?&1Sla7Z!5?%%H+)a6$k$!;Lnk|2$@M7=wsUs@9Z<7!o5V{+9!uFfrN|F1q-Qw TX_#<>L%)C6sf?k0dvxkQi1CYn literal 0 HcmV?d00001 diff --git a/blog/part2.md b/blog/part2.md new file mode 100644 index 0000000..034e380 --- /dev/null +++ b/blog/part2.md @@ -0,0 +1,37 @@ +``` +1073803520:b'Checking whether Onsemi FG present \n' +1073813020:b'%s(): error code 0x%08x %s\n' +1073811068:b'%s(): error code 0x%08x %s\n' +1073811120:b'NvTbootI2c: Read failed for slave 0x%02x, offset 0x%02x with error code 0x%08x\n' +1073799404:b'[TegraBoot] (version %s)\n' +1073799412:b'Processing in cold boot mode\n' +1073799416:b'Reset reason: %s\n' +1073847520:b'Battery Present\n' +1073813020:b'%s(): error code 0x%08x %s\n' +1073811068:b'%s(): error code 0x%08x %s\n' +1073811120:b'NvTbootI2c: Read failed for slave 0x%02x, offset 0x%02x with error code 0x%08x\n' +1073806920:b'Error MAX17048 vcell read failed.\n' +1073801444:b'Failed to determine battery voltage\n' +1073818392:b'Error getting nvdumper carve out address! Booting normally!\n' +1073818500:b'Sdram initialization is successful \n' +1073801672:b'PMU BoardId: %d\n' +1073843272:b'CPU power rail is up \n' +1073813604:b'Performing RAM repair\n' +1073843308:b'CPU clock init successful \n' +1073863832:b'%s with error 0x%x in %s func at %d line \n' +1073863916:b'Command complete wait failed with error 0x%x Interrupt 0x%x\n' +1073866976:b'Number of retries left %d\n' +1073863832:b'%s with error 0x%x in %s func at %d line \n' +1073863916:b'Command complete wait failed with error 0x%x Interrupt 0x%x\n' +1073866976:b'Number of retries left %d\n' +1073863832:b'%s with error 0x%x in %s func at %d line \n' +1073863916:b'Command complete wait failed with error 0x%x Interrupt 0x%x\n' +1073866976:b'Number of retries left %d\n' +1073867180:b'Send command failed with 0x%x\n' +1073870972:b'%s with error 0x%x in %s func at %d line \n' +1073870844:b'Identify card failed with 0x%x\n' +1073862468:b'%s with error 0x%x in %s func at %d line \n' +1073862636:b'Sdmmc Init failed with 0x%x error\n' +1073844216:b'Error in %s: 0x%x !\n' +1073799640:b'Error is %x \n' +``` \ No newline at end of file diff --git a/hw_in_the_loop.py b/hw_in_the_loop.py new file mode 100644 index 0000000..b27a62b --- /dev/null +++ b/hw_in_the_loop.py @@ -0,0 +1,19 @@ +import typing + +if typing.TYPE_CHECKING: + from GA_debugger import * + +class HWDevice(): + def __init__(self) -> None: + pass + +class CryptoEngine(HWDevice): + def __init__(self) -> None: + pass + + # NvBootSeAesCmacGenerateSubkey + # NvBootSeAesEncrypt + +def hw_in_the_loop(): + + pass \ No newline at end of file diff --git a/partial_emulation.py b/partial_emulation.py new file mode 100644 index 0000000..d23224d --- /dev/null +++ b/partial_emulation.py @@ -0,0 +1,203 @@ +import typing, pathlib, struct +from ghidra_assistant.utils.archs.arm.arm_emulator import * +from ghidra_assistant.ghidra_assistant import GhidraAssistant +from ghidra_assistant.concrete_device import ConcreteDevice + +if typing.TYPE_CHECKING: + from GA_debugger import * + +acces_str = { + UC_MEM_READ : "UC_MEM_READ", + UC_MEM_WRITE : "UC_MEM_WRITE", + UC_MEM_FETCH : "UC_MEM_FETCH", + UC_MEM_READ_UNMAPPED : "UC_MEM_READ_UNMAPPED", + UC_MEM_WRITE_UNMAPPED : "UC_MEM_WRITE_UNMAPPED", + UC_MEM_FETCH_UNMAPPED : "UC_MEM_FETCH_UNMAPPED", + UC_MEM_WRITE_PROT : "UC_MEM_WRITE_PROT", + UC_MEM_READ_PROT : "UC_MEM_READ_PROT", + UC_MEM_FETCH_PROT : "UC_MEM_FETCH_PROT", + UC_MEM_READ_AFTER : "UC_MEM_READ_AFTER", +} + +def p8(value): + return struct.pack(" None: + super().__init__(init_uc) + self.log_hw_access = True + self.saved_blocks = {} + try: + self.ghidra = GhidraAssistant() + except: + pass + + def setup(self): + self.setup_memory() + self.setup_registers() + self.setup_hooks() + self.apply_patches() + + + def install_debugger(self, debugger : ConcreteDevice): + self.debugger = debugger + + def setup_memory(self): + self.bootrom_path = pathlib.Path("bootrom_t124.bin") + self.bootrom = self.bootrom_path.read_bytes() + self.uc.mem_map(0x100000, page_align_top(len(self.bootrom)), UC_PROT_EXEC | UC_PROT_READ) + self.uc.mem_write(0x100000, self.bootrom) + + # map IMEM + self.imem_path = pathlib.Path("imem3_bct") + self.imem = self.imem_path.read_bytes() + self.uc.mem_map(0x40000000, 0x40000, UC_PROT_EXEC | UC_PROT_READ | UC_PROT_WRITE) + self.uc.mem_write(0x40000000, self.imem) + + # DRAM + DRAM_BASE = 0x80000000 + DRAM_SIZE = 2 * GB + self.uc.mem_map(DRAM_BASE, DRAM_SIZE, UC_PROT_READ | UC_PROT_WRITE | UC_PROT_EXEC) + + def setup_registers(self): + self.sp = 0x4000d000 + self.pc = 0x4000e000 + self.is_thumb = False + + def hook_unmapped(self, uc, access, address, size, value, user_data): + print(f"Unmapped memory access at 0x{address:x} with size {size} and access {acces_str[access]}") + pass + + def hook_hw_access(self, uc, access, address, size, value, user_data): + if self.log_hw_access: + p_info(f"{hex(self.pc)} HW access at 0x{address:x} with size {size} and access {acces_str[access]}") + # All unmapped memory is send to the debugger + try: + if access == UC_MEM_WRITE: + if size == 4: + self.debugger.memwrite_region(address, p32(value)) + self.uc.mem_write(address, p32(value)) + # self.uc.mem_write(address, self.debugger.memdump_region(address, size)) + elif size == 1: + self.debugger.memwrite_region(address, p8(value)) + self.uc.mem_write(address, p8(value)) + # self.uc.mem_write(address, self.debugger.memdump_region(address, size)) + else: + raise Exception("Unhandled write!") + elif access == UC_MEM_READ: + uc.mem_write(address, self.debugger.memdump_region(address, size)) + else: + raise Exception("Not handled!") + except Exception as e: + pass + return True + + def setup_hooks(self): + # hook unmapped + self.uc.hook_add(UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_FETCH_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_UNMAPPED, self.hook_unmapped) + + # 0x6000f000 + self.uc.mem_map(0x60000000, 0x10000, UC_PROT_READ | UC_PROT_WRITE) + self.uc.hook_add(UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE, self.hook_hw_access, begin=0x60000000, end=0x60000000 + 0x10000) + + self.uc.mem_map(0x70000000, 0x100000, UC_PROT_READ | UC_PROT_WRITE) + self.uc.hook_add(UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE, self.hook_hw_access, begin=0x70000000, end=0x70000000 + 0x100000) + + self.setup_log_hook() + self.setup_hook_blocks() + # self.setup_hook_EmmcValidateResponse() + + def apply_patches(self): + # Nop out 400101f0 to 0x40010220, maybe this is restricting access to IMEM and ROM? + self.sc.mov_0_r0 = self.ks.asm("mov r0, #0", as_bytes=True)[0] + # self.uc.mem_write(0x400101e4, self.sc.mov_0_r0 * ((0x40010220 - 0x400101e4) // 4)) + + # Patch EMMCVerifyResponse + self.sc.bx_lr = self.ks.asm("bx lr", as_bytes=True)[0] + # self.uc.mem_write(0x4001dfb0, self.sc.mov_0_r0 + self.sc.bx_lr) + pass + + def run(self): + try: + self.uc.emu_start(self.pc, 0) + except Exception as e: + print(str(e)) + self.print_ctx(print) + pass + + def setup_log_hook(self): + UART_LOG_HOOK = 0x4001cadc + def hook_log(uc, address, size, user_data): + msg = self.read_string(self.R0) + try: + args = msg.count(b"%") + arg_types = [] + offset = 0 + for i in range(args): + c_offset = msg[offset:].find(b"%") + mtype = msg[c_offset:offset + 2] + offset += c_offset + 2 + arg_types.append(mtype) + + def read_msg_var(mtype, addr): + if mtype == b"%s": + return self.read_string(addr) + elif mtype == b"%d": + return eval('b"'+ str(addr) +'"')# As int + else: + return eval('b"'+ hex(addr)[2:] +'"')# As hex + + arg_str = [] + for i in range(args): + if i == 0: + arg_str.append(read_msg_var(arg_types[i], self.R1)) + elif i == 1: + arg_str.append(read_msg_var(arg_types[i], self.R2)) + elif i == 2: + arg_str.append(read_msg_var(arg_types[i], self.R3)) + else: + break + + for i in range(len(arg_str)): + offset = msg.find(b"%") + msg = msg[:offset] + arg_str[i] + msg[offset + 2:] + except Exception as e: + pass + + print(f"{hex(self.LR)} : {msg}") + if(b"Sdmmc Read failed" in msg): + pass + return True + self.uc.hook_add(UC_HOOK_CODE, hook_log, begin=UART_LOG_HOOK, end=UART_LOG_HOOK + 1) + + # And patch function to just return + self.uc.mem_write(UART_LOG_HOOK, self.ks.asm("bx lr", as_bytes=True)[0]) + + def setup_hook_blocks(self): + def hook_block(uc, address, size, user_data): + # print(f"Block at {hex(self.LR)}") + self.saved_blocks[self.LR] = self.get_registers() + return True + self.uc.hook_add(UC_HOOK_BLOCK, hook_block) + + def setup_interrupt_hook(self): + RAISE_INTERRUPT = 0x4001cab8 + def hook_interrupt(uc, address, size, user_data): + print(f"Interrupt at {self.LR}") + return True + + self.uc.hook_add(UC_HOOK_CODE, hook_interrupt, begin=RAISE_INTERRUPT, end=RAISE_INTERRUPT + 1) + + def setup_hook_EmmcValidateResponse(self): + self.saved_emmc_responses = {} + def hook_emmc(uc, address, size, user_data): + self.saved_emmc_responses[self.pc] = self.get_registers() + return True + + self.uc.hook_add(UC_HOOK_CODE, hook_emmc, begin=0x4001dfb0, end=0x4001e160) + +def do_partial_emu(debugger : ConcreteDevice): + emu = PartialEmu() + emu.install_debugger(debugger) + emu.setup() + emu.run() \ No newline at end of file diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant-0.0.1.dist-info/RECORD b/venv/lib/python3.10/site-packages/ghidra_assistant-0.0.1.dist-info/RECORD index 88874be..0b1172a 100644 --- a/venv/lib/python3.10/site-packages/ghidra_assistant-0.0.1.dist-info/RECORD +++ b/venv/lib/python3.10/site-packages/ghidra_assistant-0.0.1.dist-info/RECORD @@ -20,12 +20,14 @@ ghidra_assistant/utils/__pycache__/ga_server.cpython-310.pyc,, ghidra_assistant/utils/__pycache__/utils.cpython-310.pyc,, ghidra_assistant/utils/archs/__pycache__/asm_utils.cpython-310.pyc,, ghidra_assistant/utils/archs/arm/__pycache__/armT_processor_state.cpython-310.pyc,, +ghidra_assistant/utils/archs/arm/__pycache__/arm_emulator.cpython-310.pyc,, ghidra_assistant/utils/archs/arm/armT_processor_state.py,sha256=ZdsI6Q9mLv-YZEmJSEwKUmsh7903--nfa-dlhfi8QtQ,9466 +ghidra_assistant/utils/archs/arm/arm_emulator.py,sha256=Wq7Tyiph3KYmvmMnRG8dl4TFKJEeNP8dtDrm_XpBLew,7798 ghidra_assistant/utils/archs/arm64/__pycache__/arm64_emulator.cpython-310.pyc,, ghidra_assistant/utils/archs/arm64/__pycache__/arm64_processor_state.cpython-310.pyc,, ghidra_assistant/utils/archs/arm64/__pycache__/asm_arm64.cpython-310.pyc,, ghidra_assistant/utils/archs/arm64/__pycache__/uc_emulator.cpython-310.pyc,, -ghidra_assistant/utils/archs/arm64/arm64_emulator.py,sha256=Ncn3KcxfLgBuhvO6L7S8mLurRZeETnO3uxoc_6XHQd0,17049 +ghidra_assistant/utils/archs/arm64/arm64_emulator.py,sha256=MtAM0DjxagGJZfN5SQuzKJ2tf7kqcYs4r_9a07pZg9o,17044 ghidra_assistant/utils/archs/arm64/arm64_processor_state.py,sha256=GqKoqwbCDhznJEbIgefvlsTcn6ensMD-q70bQMWsgvo,17633 ghidra_assistant/utils/archs/arm64/asm_arm64.py,sha256=k96Xp7hEhQWD6lbbmT2bAKuwJCz5VDRF6gx2koMuDW8,2562 ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_mmu.cpython-310.pyc,, diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/__pycache__/__init__.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/__pycache__/__init__.cpython-310.pyc index f5c68038347d3655a4909083f4e5156d00913190..859477e588173286dc789d9681cde8663fa018ae 100644 GIT binary patch delta 19 Zcmcb?c!QBUpO=@50SJN?g-+x?3jiK}IQ3L=$9|dy& delta 20 acmaFv^xTO%pO=@50SH#V4&2BcqX+;*Fa{9- diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/__pycache__/ghidra_assistant.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/__pycache__/ghidra_assistant.cpython-310.pyc index 381372b62a1cc3d09cb42fd917d2efa8446a3b01..7e2e6b468341bbc816990e7f1b8b10e4d3b8ee83 100644 GIT binary patch delta 20 acmbQnF^z*epO=@50SJN?g>K~LW&r>zG6U}b delta 20 acmbQnF^z*epO=@50SH#V4&2Di%>n=~Lj;Wg diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/__init__.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/__init__.cpython-310.pyc index b6bdc8b27212e688d533923ba449f1f3bacebd0d..691d9e70752d5c802ac91b8d4b59014c139c8f53 100644 GIT binary patch delta 19 Zcmcb|c#n}gpO=@50SJN?g-+zY3;;0Q1r-1Q delta 19 Zcmcb|c#n}gpO=@50SH#V4xGq+82~g;1+xGE diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/bit_helper.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/bit_helper.cpython-310.pyc index c0904d378d37a19ce64e3154dbb80e2980666035..81372c681caee7efe60ec9ec2d4de371733cbd23 100644 GIT binary patch delta 20 acmca9dQ+4;pO=@50SJN?g>K|N#{~d5gaudt delta 20 acmca9dQ+4;pO=@50SH#V4&2Cnjtc-hl?CK}YDg*#AK~T delta 20 acmbOsIzyB@pO=@50SH#V4&2Dy%LM>3Z3Qy` diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/ga_server.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/ga_server.cpython-310.pyc index 04e663db729f2645936c15e950ed2b83de962c30..0fcd17dd4f2f957e6727524d395627e723e8f57a 100644 GIT binary patch delta 20 acmeyS`Aw5MpO=@50SJN?g>K}2Edl^P<^|yZ delta 20 acmeyS`Aw5MpO=@50SH#V4&2E7S_A+?_Xd9e diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/utils.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/__pycache__/utils.cpython-310.pyc index 726af0ec967a5f62fe688b202b1bf52d379405f4..8f51c221ea6e92a849879625827df9f10a33ffed 100644 GIT binary patch delta 20 acmX@?bl8bIpO=@50SJN?g>K}wPy_%ve+35s delta 20 acmX@?bl8bIpO=@50SH#V4&2CXp$GszkOidx diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/__pycache__/asm_utils.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/__pycache__/asm_utils.cpython-310.pyc index a1cfeafef2b19f249aa6fd467206ad9e6fece8da..18629211e04a0e56ea888cfdd42b7a79f9246b4c 100644 GIT binary patch delta 20 acmbO)Ghc=~pO=@50SJN?g>K{);R66KbObyA delta 20 acmbO)Ghc=~pO=@50SH#V4&2Bs!Uq5|g#_9F diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/armT_processor_state.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/armT_processor_state.cpython-310.pyc index d8e731e655359e04f295e252747f90e8718a26c6..2916e226e63d7052ae1b0d74d0fe9bf93c88918b 100644 GIT binary patch delta 20 ZcmZn-Z4Kql=jG*M0D_=Jp&PlYv;Z`O1pEL1 delta 20 acmZn-Z4Kql=jG*M0D{%812=M4X#oH@l?9pr diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/arm_emulator.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/__pycache__/arm_emulator.cpython-310.pyc new file mode 100644 index 0000000000000000000000000000000000000000..f3bb444001b9e0e7750c97dee6d2cb5c6af0cf20 GIT binary patch literal 10059 zcmdT~OK==V8J?Ma&8}9`=wVxaZ{kP1P9kX~*_MNG?5tmjEm>K~2`GfgdV3_TwJ-O~ zI<{CtK!yYYm2z?5kOLMRC>I9~95`^ufddB)95_%l98yINl#2rgAE=4}^Zh-u%X5nv(?_-goID-XIGYP?2)9;2(*4e0H+YlbBLJ4Mwt%3_Sg=B2dy0Ch=e*_IDKP@I%Dzhab1 zg(@?$JilZa`~ev*P`=iWr{;5%Go(eCNs9`T7ej1`g;@BGycl+@Ek;<3sduEsD2uZM zt})iblDMj@m-XQqXZ=jWHNghhAg(=Zhz;YKWXo(D8$nIIM&FXmwzC~b_Zu49$#&h5 z*5$@a&?Fx!l6U|#T$#$IHjf*CPJz>IlFW8*9%nC-@PFcTiq*d&`0%noA* zm?Iw2*im*&FguN%V5U8!vE%F|!R#`2f%%e$G;ZGy zLmGR9Wd*a>*bC;2hctGUofAyTNP#);A&p&NuL|ZF;~6loc}Qay*(Jd|Ydi~P#zPvL zWtRoB&)5fM&O;h|o#h0x-`Edk-a{H&U{?flz&HTr4G(GTP4*SR95fDs`KpIBw#eQR z%yY(bV7}%djlIpjE|^2cAuzg!H1-b53np!(!Cdu_#tMuH=CE-XjL}4F3ue%YojjeJ z(a)CarMy+;Yi}e{?k8Kyn`X*d$y=#+i=|SkSixk<7YJD^xNoHDm13dFD=DM0T&x(W zr7BMuqMl-9IfYtNGz&*Xg$o6mp3M)XX#!>uOopf-bJdb8*;3Y(hNOqAuobZ|&5@3Y zv?|i^hIB24dkI{T)_bg^)ob+$u3w}zkse?&<0w*BQm}ij zWcAaz>;*(K0?b@Kb5;PQUa*y{Y4>F3TXFzA$x&u@Z}Y~&g)1|!*r768u$6*ohYBVV z7g79TYjJ=l#aB(cw|T=YzKT*&W?1=R$?i7|t6tO1<|39>?67H+mh4!uQnd7X;l9Lo z!(*R+G`3PL8)HW4T7I=y9-FV$dBGU7jAfp`nbB*dx;bV#_vTlsOGarzU&u^M>9t$d zO0_a}!>HUCD;2MfIe2n3Gd^Y(E#t*nzOb5KHq5c*l_KML9b=$qTKS4KR=0{Jb1csb zD-@S0=uUT6`DpEyt?Igvs3)mchY^M4q?`;TWffnfC|1_Cv<|n?W|@MF{LK%gz2UJR zz>?6N)TPbgK{$*M5#1f7?!7P1rei#e+n6Vd1{achU{=p%Y=R zlK2ipbl;>3GsCdy7nhbUTtQkerCx`J}+v=0!W%G$4&wAcH3DA(4ysGdh zNnpxtCGPqg_d^@X?GRm$Nw?(&wsGX!(Llb2(x7|F^>{ks`1v7flK6f^55>@Hx?FW! zo@eQ><8LKz*|KTNSKFJ_!;L)CO^d_Vhf$9h@~UWuX9=7-V| z1Tls&$E3AGwaE#0eDD{M1vf0-t~W07>R^r{ z%R}nq!S*ijviQ1yvig)c^YI>rHiNEpj0Y^P52%;YAv;u`oDd563v|OB7$mD*kt$pP zLC1+af~akEX!2k1lZw2;PrHzC{6t=27#yT&o3ugaMrY9%o!oSqx>BvK>X<@y5_`af z%ar>U`2ue2-fLrMKAWUbb!*bh&@x=G&IC9m!Djb(qnFRX5~I#Pd| z(}>=emY|s_cib(|a<@M#W~o-(N?7hTXZ2f}HDC=c4V}U1QOrMI#m#OSqKawNTZU`i zR&UE6i1mmj@LlCP4I^6oyaA8(1#1ijykaY(PM!u9 z4IYu!Mtuz?htW!9;*emDo+wod`I31OiDuFCklib`-5EW1_Pm}O_rr`IPWa)ZA5Qt< z5kEZYhsXSI+7FN0eXXi8<83(8h9}zaWE-Ap!+ve^b3W^ray~ehZE?Nm1mXW)pKo7o zcEPl=wqx@yn0@dbGWsSCO<`Jm#l(3DiH2-OX!6{amnE#5*kUoIrE8&kVcMrQFugYv z>|wFn;YR3Qq!HebW$F4*Bh*}oqP9{i@IKUp<4e)Zo8>3--i~4yGAb+`d9pFsVOBCK zcCuK(s#z~sw5{1aEvRj}@i&`l=|~ZlqgY&b;T(aTW60NX$GC6JqS@uGSrb^|nS2iu zf+=_D9Dyz3|tNtUa9e4PGb@L*|y19TTfvJ&r>f3tg2t_lFmX?P!Suv|{1h$k7>{H^@a^E?%@Gpbp z^Azo)$loUZ2JX?M7pD{aSm^gn^IE|-#c985o(vy8IWXZMfOX3m!mXz5IPG-egd+sp zcTOgDWyHpt5Oe`3+C@-=u^%$s$3Y)-HJ>(me+`-S9fH1q#lCSSB(+@ci6U2yUAB22~==1c@gz ztCXV~@i{6OOFi8AW5Mmq!h(Gr0<#FH73<0-{A`%}!`)0>H>f%q*V1H|XXJN3LU6C|F@tdp5;#J@rXgFMebyia71 z_)Mqbg_$7nWadLM(~bBn6$}z@fcS{WAn_BOiWg>r#FLpHlbLSBpP_<5;+H`DgvcQA zlbwneW`e|%nUBd#H{#Dy!65OpO#YO}An{Y3iWg>r#FLqylbLSBpQD07;#WZYg2*88 zM>-WR%mj%iGruG=-H1O=1%t#FLHvryAn`{#6)(&Li6=9^CNtfLzd!|p#9ssP8zO_m zAL~@SFcT!6%>0(jbR+&%Di|c5_UuoH3=%)xsd!-~NIaSO9hvDy{A*M&NPG#z?}-c& zf4o!i!c35OGV=#A(~bCxR4_<<8N?rn6yi1C=@`E$I#n<11gR%GeliFGN12O5Z7Fh6)BLrnBRxLh1oP$DP@^`CL#->~NuG^2c6N27C(*ahOo(prw}rS)+p@k{Tke49*|aSR*et@s1R{Dq!sJuV8;S?G zaSAUc$rpj$p{ypl6g-94@$`3Wl6!42zt2Z-ce?} zJ9wSPzlZ$A$B!R>!rvz?K^^u1h#?XaMIx*W$^j2YnoZ^3MIL%Jl)}}iav!Dq4>4>N zZ~m;6dim-Oa^ClmqwPIVli#$V{0AsR4fr9h#ZS?K%^UC|WZ6T8KBO}80`&1Klzg6E zVOR2HL)Yzuu9vH=U_MRJ35w{! zoOqILM{9UPj(| zzlsE&D~8m5HLOO}h?-PG^i715s*=QW$52965dJT(QPSNfi}uc@ReQkwW6LQ0#i4+g z6qX%xZ`o=gUo)+0#jw>?xo=^ literal 0 HcmV?d00001 diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/arm_emulator.py b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/arm_emulator.py new file mode 100644 index 0000000..92ad68a --- /dev/null +++ b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm/arm_emulator.py @@ -0,0 +1,291 @@ +from unicorn.arm_const import * +from unicorn import * +from capstone import * +from keystone import * +from ..asm_utils import ShellcodeCrafter +from ...utils import * + +class ARM_Emulator: + ''' + Class that will interact with the unicorn engine for emulating ARM code. + ''' + def __init__(self, init_uc = True): + if init_uc: + self.uc = Uc(UC_ARCH_ARM, UC_MODE_ARM) + + # Disassembler configuration + self.md = Cs(CS_ARCH_ARM, CS_MODE_ARM) + self.mdT = Cs(CS_ARCH_ARM, CS_MODE_THUMB) + self.cs = self.md + self.csT = self.mdT + self.ks = Ks(KS_ARCH_ARM, KS_MODE_ARM) + self.ksT = Ks(KS_ARCH_ARM, KS_MODE_THUMB) + self.md.detail = True + + self.setup_shellcode() + + def setup_shellcode(self): + self.sc = ShellcodeCrafter(self.ks, self.cs) + self.scT = ShellcodeCrafter(self.ksT, self.csT) + + def get_mapping(self, address): + for mem in self.uc.mem_regions(): + if address >= mem[0] and address < mem[1]: + return mem + return None + + def is_mapped(self, address): + if self.get_mapping(address) != None: + return True + return False + + def read_string(self, at): + if at == 0: + return b'' + s = b'' + while 1: + b = self.uc.mem_read(at, 1) + at += 1 + if b == b'\0': + return s + s += b + return s + + def write_ptr(self, at, ptr): + return self.uc.mem_write(at, p32(ptr)) + + def read_ptr(self, at): + return u32(self.uc.mem_read(at, 4)) + + def add_breakpoint(self, at, target_fun): + self.uc.hook_add(UC_HOOK_CODE, target_fun, None, at, at + 1) + + def get_registers(self): + # X0 - X32 + return [self.uc.reg_read(x) for x in [UC_ARM_REG_R0, UC_ARM_REG_R1, UC_ARM_REG_R2, UC_ARM_REG_R3, UC_ARM_REG_R4, UC_ARM_REG_R5, UC_ARM_REG_R6, UC_ARM_REG_R7, UC_ARM_REG_R8, UC_ARM_REG_R9, UC_ARM_REG_R10, UC_ARM_REG_R11, UC_ARM_REG_R12, UC_ARM_REG_R13, UC_ARM_REG_R14, UC_ARM_REG_R15, UC_ARM_REG_SP, UC_ARM_REG_LR, UC_ARM_REG_PC]] + + def disasm(self, address = None, dlen=0x80): + if not address: + address = self.pc + instructions = [] + for instruction in self.md.disasm(self.uc.mem_read(address, dlen), address): + instructions.append(instruction) + return instructions + + def print_ctx(self, print_fn=p_info): + state = f""" + PC: 0x{self.PC:8x}\t LR: 0x{self.LR:8x}\t SP: 0x{self.SP:8x}\t FP: 0x{self.FP:8x}\t + R0: 0x{self.R0:8x}\t R1: 0x{self.R1:8x}\t R2: 0x{self.R2:8x}\t R3: 0x{self.R3:8x}\t + R4: 0x{self.R4:8x}\t R5: 0x{self.R5:8x}\t R6: 0x{self.R6:8x}\t R7: 0x{self.R7:8x}\t + R8: 0x{self.R8:8x}\t R9: 0x{self.R9:8x}\tR10: 0x{self.R10:8x}\tR11: 0x{self.R11:8x}\t + R12: 0x{self.R12:8x}\tR13: 0x{self.R13:8x}\tR14: 0x{self.R14:8x}\tR15: 0x{self.R15:8x}\t + """ + print_fn(state) + + # ========= Registers ========= + + @property + def pc(self): + return self.uc.reg_read(UC_ARM_REG_PC) + + @pc.setter + def pc(self, value): + self.uc.reg_write(UC_ARM_REG_PC, value) + + @property + def PC(self): + return self.uc.reg_read(UC_ARM_REG_PC) + + @PC.setter + def PC(self, value): + self.uc.reg_write(UC_ARM_REG_PC, value) + + @property + def SP(self): + return self.uc.reg_read(UC_ARM_REG_SP) + + @SP.setter + def SP(self, value): + self.uc.reg_write(UC_ARM_REG_SP, value) + + @property + def LR(self): + return self.uc.reg_read(UC_ARM_REG_LR) + + @LR.setter + def LR(self, value): + self.uc.reg_write(UC_ARM_REG_LR, value) + + @property + def FP(self): + return self.uc.reg_read(UC_ARM_REG_R11) + + @FP.setter + def FP(self, value): + self.uc.reg_write(UC_ARM_REG_R11, value) + + @property + def R0(self): + return self.uc.reg_read(UC_ARM_REG_R0) + + @R0.setter + def R0(self, value): + self.uc.reg_write(UC_ARM_REG_R0, value) + + @property + def R1(self): + return self.uc.reg_read(UC_ARM_REG_R1) + + @R1.setter + def R1(self, value): + self.uc.reg_write(UC_ARM_REG_R1, value) + + @property + def R2(self): + return self.uc.reg_read(UC_ARM_REG_R2) + + @R2.setter + def R2(self, value): + self.uc.reg_write(UC_ARM_REG_R2, value) + + @property + def R3(self): + return self.uc.reg_read(UC_ARM_REG_R3) + + @R3.setter + def R3(self, value): + self.uc.reg_write(UC_ARM_REG_R3, value) + + @property + def R4(self): + return self.uc.reg_read(UC_ARM_REG_R4) + + @R4.setter + def R4(self, value): + self.uc.reg_write(UC_ARM_REG_R4, value) + + @property + def R5(self): + return self.uc.reg_read(UC_ARM_REG_R5) + + @R5.setter + def R5(self, value): + self.uc.reg_write(UC_ARM_REG_R5, value) + + @property + def R6(self): + return self.uc.reg_read(UC_ARM_REG_R6) + + @R6.setter + def R6(self, value): + self.uc.reg_write(UC_ARM_REG_R6, value) + + @property + def R7(self): + return self.uc.reg_read(UC_ARM_REG_R7) + + @R7.setter + def R7(self, value): + self.uc.reg_write(UC_ARM_REG_R7, value) + + @property + def R8(self): + return self.uc.reg_read(UC_ARM_REG_R8) + + @R8.setter + def R8(self, value): + self.uc.reg_write(UC_ARM_REG_R8, value) + + @property + def R9(self): + return self.uc.reg_read(UC_ARM_REG_R9) + + @R9.setter + def R9(self, value): + self.uc.reg_write(UC_ARM_REG_R9, value) + + @property + def R10(self): + return self.uc.reg_read(UC_ARM_REG_R10) + + @R10.setter + def R10(self, value): + self.uc.reg_write(UC_ARM_REG_R10, value) + + @property + def R11(self): + return self.uc.reg_read(UC_ARM_REG_R11) + + @R11.setter + def R11(self, value): + self.uc.reg_write(UC_ARM_REG_R11, value) + + @property + def R12(self): + return self.uc.reg_read(UC_ARM_REG_R12) + + @R12.setter + def R12(self, value): + self.uc.reg_write(UC_ARM_REG_R12, value) + + @property + def R13(self): + return self.uc.reg_read(UC_ARM_REG_R13) + + @R13.setter + def R13(self, value): + self.uc.reg_write(UC_ARM_REG_R13, value) + + @property + def R14(self): + return self.uc.reg_read(UC_ARM_REG_R14) + + @R14.setter + def R14(self, value): + self.uc.reg_write(UC_ARM_REG_R14, value) + + @property + def R15(self): + return self.uc.reg_read(UC_ARM_REG_R15) + + @R15.setter + def R15(self, value): + self.uc.reg_write(UC_ARM_REG_R15, value) + + @property + def cpsr(self): + return self.uc.reg_read(UC_ARM_REG_CPSR) + + @cpsr.setter + def cpsr(self, value): + self.uc.reg_write(UC_ARM_REG_CPSR, value) + + @property + def spsr(self): + return self.uc.reg_read(UC_ARM_REG_SPSR) + + @spsr.setter + def spsr(self, value): + self.uc.reg_write(UC_ARM_REG_SPSR, value) + + @property + def zf(self): + return self.cpsr & 0x40000000 + + @zf.setter + def zf(self, value): + if value: + self.cpsr |= 0x40000000 + else: + self.cpsr &= ~0x40000000 + + @property + def is_thumb(self): + return self.cpsr & 0x20 + + @is_thumb.setter + def is_thumb(self, value): + if value: + self.cpsr |= 0x20 # Set the thumb bit + else: + self.cpsr &= ~0x20 # Clear the thumb bit \ No newline at end of file diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/arm64_emulator.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/arm64_emulator.cpython-310.pyc index dc8a9d8bb861b97b3ce8b9c2874e87aba9ac0489..e7eb61a5d231398692d98e6c3b85624b30beae65 100644 GIT binary patch delta 1263 zcmXw(Uu;ul7{>RV%`GxoW7dqlXXwsm+p%_KYrA!&WnH(j{@F%*z75Q7gq7$-r;eTx zO_rGeUYHPq;DZT&mJm?m4GDpT8^DDiWQioA!AR0%b6$9{7>#H&dIje@{Z22QyyyM> zo_sl{$#>!^`}itz%sL#Ks?6W`<-OBqt~tt^ebs$cAF_q&*K1}JLtRiNsuq+5u~SOV zcRZIjm?{4)8b%u$9X~NYes`R7_{>FzVvyMT@k>hsE;yYmj8C>U;*PV#{7a!1mTQ;~ zPa3l9z*5Y$##j%i@rtssd1OMSb@;djMW4U&E)_Avg*f@YX^16y*rOX{F zEAJTP8sm*O=Zt9#(pPpZnBJloMbxP?Y#-*-R#wDk>JApiL-mfCrYjP^f=QFK$E9VR#m~O)1HqHj{L%0cRZBbL%^2&n>P73^~o8x{P z;cd5IpSvX+w5lgO9NbO#*CSw;_ko$So))O>1+01q$J)jIR=X^vtkM_TINoX}I6DN) zbV#_%g55rjf3^|M`viRClW^FAxBVPPeFSf(fcrbeaTon97zq^M=p|KcT+%(x#Si_6GI=&AR=6h|n(ks}L9u1cxI*Pr7`aYXY_T8*}>fP3Xp(w{+ z5yE2B7B-?%$XmiUJ2*ay5&|(>n2$-JU4=Wy9O2+-g^7Rq=MfF3#&i@$3IC7To%C+e zIW(rBHLqiRjBq?}v&VVCSYE^Rf{s$2(5&0+pe|qFHS+~j3~>%cCtTq|I2~%hfBYhw h!rAeJx?S8HArTP~F%jYlF|Uq4$B7k}HccF>c?PiNj8gyr delta 1303 zcmXw(UuauZ9LIZZyWmEX;aY1>I-A@7Nt!Hao3v?@#-y=nlV-`ejsG@fThskPT32`H zKs5D1kUr=-;k#LUaGNmcgVQPvjh=F1 zyW5h}i6KAW6MBmg{;0*1)}M(NzgriqT}H#L=#)b*h_enK+iWC=&u#O>yW-pVT@C5N zy}B_nwGyhoO?HF~@olE6Zw0aTR6V*I&M3NjWxc_oSfczM2eE1IupKhevgPQk{`%yb z`VVV>WkxU8=tqv7)Q=%bm*m*};M0m;gyNVc2XWldOp5r(F;Jn$VNl$0 zT&k3_qFidcM54&<{#8VZD{2GwJ@b`WH8=fWWNS`49yhIvtZdd-)Jko~nP#5dZgt{B zOCH%aieFm7MrT*+MrBdLSY*e4tr~8&QygjI@O+yIhXtH(*KoL#;(j}ao(>Zx1+44T z@VAR%u9L&7of}59d7Svnl}E`#vE9x4!)|kEL=1I#G(6#@IOpMT(__MvfZuj$IP0Tm z_Hwx2Yr;_hlRgcqpW;g&hj)B@T`b_ljXil>4p0pEd0+RNLuoPeNX=IOIGOT?81PGJz<8OgA|Kl$+p6r1tKcGA7Ho`p>PdW*rw56i>hD| zhVCJX)rg$2M6Xr8pC(@7wb82wD`nk^4y)09Km^7ytkO delta 22 ccmaFAmht^sM(%uGUM>b8Sp7P1BlnXq09vdEwg3PC diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/asm_arm64.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/asm_arm64.cpython-310.pyc index b10a487ef872b6c568688bcd138bac032d818912..7688043921ddc3bf3a32695f75d97082a72a6b36 100644 GIT binary patch delta 20 acmbOyHcyN@pO=@50SJN?g>K{)<^}*RaRe#= delta 20 acmbOyHcyN@pO=@50SH#V4&2Bs%nblCf&|C_ diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/uc_emulator.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/__pycache__/uc_emulator.cpython-310.pyc index 9133394f903b2ef710e20a312dee5f04c22d7824..1647c5de6c896f80b634f7c654fe4fea82864a65 100644 GIT binary patch delta 22 ccmX@Jf$_`+M(%uGUM>b82wD`nk=ro>08lXoHvj+t delta 22 ccmX@Jf$_`+M(%uGUM>b8Sp7P1Be!D&08~N-)c^nh diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/arm64_emulator.py b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/arm64_emulator.py index 15241cc..fba811f 100644 --- a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/arm64_emulator.py +++ b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/arm64_emulator.py @@ -27,7 +27,7 @@ class ARM64UC_Emulator(): for mem in self.uc.mem_regions(): if address >= mem[0] and address < mem[1]: return mem - return None + return None def is_mapped(self, address): if self.get_mapping(address) != None: @@ -40,7 +40,7 @@ class ARM64UC_Emulator(): s = b'' while 1: b = self.uc.mem_read(at, 1) - at += 12 + at += 1 if b == b'\0': return s s += b diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_mmu.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_mmu.cpython-310.pyc index ed2e05cb4f36a9ddb75243998fcc7f95478c2ee8..67fb59de923b1cd2f569856b120a1bd35a0eb247 100644 GIT binary patch delta 20 acmdnSv5kW}pO=@50SJN?g>K~5W&r>&G6YWm delta 20 acmdnSv5kW}pO=@50SH#V4&2DC%>n>4Lj>&r diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_pte.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/arm64_pte.cpython-310.pyc index b6a44e947f19169a79c3e7b30cf6c0ffa3239ff1..5d0b0b7da8b63d3fb837cab84d17d3b2e00ce324 100644 GIT binary patch delta 20 acmca;ebJgbpO=@50SJN?g>K|NCJO*OuLYj~ delta 20 acmca;ebJgbpO=@50SH#V4&2CnOcnq@zy>`4 diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/mair_eln.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/mair_eln.cpython-310.pyc index a0ad6c833598e5ec341d0ee0f3de849157845a3a..77295e100eb4cffb9d81bb365d42d53f4ed3531d 100644 GIT binary patch delta 20 acmeyw^NEK$pO=@50SJN?g>K|dX9EB_Bn1rs delta 20 acmeyw^NEK$pO=@50SH#V4&2C{&ISNJH3h2x diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/pagetable_arm64.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/pagetable_arm64.cpython-310.pyc index 535f210e93538766be3f99acb7c5d828cf49aac4..2291f5b7734465e6fb813fea7f82f5502b318287 100644 GIT binary patch delta 20 ZcmeA*=r!QZ=jG*M0D_=Jp&PlGBmggd1ULWy delta 20 acmeA*=r!QZ=jG*M0D{%812=LrNdN#dj|A2L diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/ttbr0_eln.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/MMU/__pycache__/ttbr0_eln.cpython-310.pyc index 3e98daca0d1b61866887ebb7e13ebe589d51c187..4a7bae292b79a205e1a7b77c58f46038ab6e93f1 100644 GIT binary patch delta 20 acmdnNwS$X0pO=@50SJN?g>K~5Wd#5*%LG~g delta 20 acmdnNwS$X0pO=@50SH#V4&2DC%L)KA+ywXl diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/current_el.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/current_el.cpython-310.pyc index 564de699ff066a9ff38101e9fe13d85f5e3fb0e7..5e92b0e8c858a1463b630c2480ee2d974b320722 100644 GIT binary patch delta 20 acmX@fagu{OpO=@50SJN?g>K}wV*vm&Dg=lC delta 20 acmX@fagu{OpO=@50SH#V4&2CX#{vL1I|U{H diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/sctlr_el1.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/sctlr_el1.cpython-310.pyc index 578dafefb7b36166a2c860a7cf0d2db2a8db9973..ff0a1d39f4cd54175c3500ea615b254f5c5a4b55 100644 GIT binary patch delta 20 acmca5a!Z6epO=@50SJN?g>K~b=K=sXhy>XH delta 20 acmca5a!Z6epO=@50SH#V4&2D?&jkQGnFV(M diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/sctlr_el3.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/__pycache__/sctlr_el3.cpython-310.pyc index a20911d93b642920aabe28803f00f9387530e4a3..7435cadf90ad408398ccd189620e386dbd212ff5 100644 GIT binary patch delta 20 ZcmZpaZj|QE=jG*M0D_=Jp&Pl&cmXS)1YZCE delta 20 acmZpaZj|QE=jG*M0D{%812=M)@d5xZumt@8 diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/tcr_el/__pycache__/tcr_el3.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/tcr_el/__pycache__/tcr_el3.cpython-310.pyc index f288ff8632d59ba2d98339729357f26bf64a8859..0bf4dcaeb3a0673484f5a850be2b71bd33f77e75 100644 GIT binary patch delta 20 acmbPaI?0qfpO=@50SJN?g>K|-mjVDW`~=eg delta 20 acmbPaI?0qfpO=@50SH#V4&2DyE(HKK4Fz!k diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/tcr_el/__pycache__/tcr_elx.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/archs/arm64/misc/tcr_el/__pycache__/tcr_elx.cpython-310.pyc index a30511278e07d47ca572eb2973372b85bc33b5bc..2123d089df899446e3c22f62222f6a7b6eb230fd 100644 GIT binary patch delta 20 acmbQpIgyh)pO=@50SJN?g>K|-V*vmwjs#)= delta 20 acmbQpIgyh)pO=@50SH#V4&2Dy#sUB@p9KH_ diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/base_arch.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/base_arch.cpython-310.pyc index db2dfd84c99c71f0d7b8e76ddbaf0cf7966eb26e..35ccad1ef4a3617b3c9ecabd0af1753d629127a5 100644 GIT binary patch delta 20 acmca9bW?~spO=@50SJN?g>K~b;{*UV7X;A& delta 20 acmca9bW?~spO=@50SH#V4&2D?#|Z#CCK}QK|dR004&Fa?JI delta 20 acmaFk^2UWbpO=@50SH#V4&2C{s008-K?WrN diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/ga_arm_thumb.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/debugger/debugger_archs/__pycache__/ga_arm_thumb.cpython-310.pyc index c6b9c4a73882c1c8af0b1577043bc21997e3f428..d85d65c13af5dc34f215fcb637bcc61d465f4363 100644 GIT binary patch delta 20 ZcmZqFZPew?=jG*M0D_=Jp&Pl&!~iZZ1dIRx delta 20 acmZqFZPew?=jG*M0D{%812=M)i2(pIK?N!R diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/utils/ghidra/__pycache__/ghidra_connect.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/utils/ghidra/__pycache__/ghidra_connect.cpython-310.pyc index 80e627335eb8c98cfe2f752b5fc70a2b3752705a..e8a9ca498d80fddd5465b1fb332e05adfd6c0ff6 100644 GIT binary patch delta 20 acmewr{wth2pO=@50SJN?g>K}2uMGf46$W4c delta 20 acmewr{wth2pO=@50SH#V4&2E7UK;>QCIK}|U;+R+CK}2!~_62Tm@_Z delta 20 acmaFM`j(YDpO=@50SH#V4&2E7hzS5aZ3YSe diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2html5.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2html5.cpython-310.pyc index 83c9bc0c1eacd21516c504c667ec6347e4765ed2..761a4bf880533a1a7e86c9c8bec9ae5bd304c9b0 100644 GIT binary patch delta 20 acmbQuI-8X{pO=@50SJN?g>K}Yzyts+j0AQ7 delta 20 acmbQuI-8X{pO=@50SH#V4&2B+fe8RGodpyC diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2latex.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2latex.cpython-310.pyc index 091f48dfc5b9dd37450544a3bfce408f206cfdaf..74eac09d9b679697a396ca36bef9a6249209b8c1 100644 GIT binary patch delta 20 acmeyt`h%4_pO=@50SJN?g>K}2%LD*B6a|d{ delta 20 acmeyt`h%4_pO=@50SH#V4&2E7mI(kqB?c=1 diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2man.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2man.cpython-310.pyc index df78255ba12bbaa418332e21aa1eb031507083d7..fdf96e2c75e508892453a7a034f438da399a5efa 100644 GIT binary patch delta 20 acmX@ldY+X#pO=@50SJN?g>K|N!UO;`tOXJP delta 20 acmX@ldY+X#pO=@50SH#V4&2Cngb4sRy#=rU diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2odt.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2odt.cpython-310.pyc index f65b666f3e68d205f006899a3bebcec00e555b18..73833b9fd7bc1947dc93904438cd2a572e32c304 100644 GIT binary patch delta 20 acmZo=Yh~lk=jG*M0D_=Jp&Pk>F#!N7Km@h` delta 20 acmZo=Yh~lk=jG*M0D{%812=O2VgdjzQ3X^0 diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2odt_prepstyles.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2odt_prepstyles.cpython-310.pyc index c6ad0077805ff5842244d42a3650257690501254..3eee140776d587b95ec5ebe6232b80b96a302792 100644 GIT binary patch delta 20 acmZo+YhmNg=jG*M0D_=Jp&Pk>G64W87zDEb delta 20 acmZo+YhmNg=jG*M0D{%812=O2WC8##DFsmg diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2pseudoxml.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2pseudoxml.cpython-310.pyc index af7c27454713020ae2475856628cb834f172fb29..2a89816f35a600e77ff35158b811407868afbf3f 100644 GIT binary patch delta 20 acmey#@{@%-pO=@50SJN?g>K}|V*&s=7zGXh delta 20 acmey#@{@%-pO=@50SH#V4&2C{#{>XADFv(m diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2s5.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2s5.cpython-310.pyc index 6cf4840a0249aaa2d29db6dd56e8ed2fe17c7bee..c6768195b4a7ff0eb72dc8802580d2e3d67e62ab 100644 GIT binary patch delta 20 acmZ3$x`35CpO=@50SJN?g>K}Y$^-x{R0M?p delta 20 acmZ3$x`35CpO=@50SH#V4&2B+l?ebbWd$Pu diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2xetex.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2xetex.cpython-310.pyc index c134ea30acd4259c63302d26090f5f88292e1a2f..01ba4aa50a1c2fa053f58db7fc55041ea25b3576 100644 GIT binary patch delta 20 acmX@dc8-lZpO=@50SJN?g>K|_W(EK=sRWV$ delta 20 acmX@dc8-lZpO=@50SH#V4&2D?%nSfGx&<%* diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2xml.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rst2xml.cpython-310.pyc index 6dcdd51b0593a45ac518d7c3787a22594bf96dfe..c821c79a3bb43e34ba606163abcf4563056efc04 100644 GIT binary patch delta 20 acmey(@|%S_pO=@50SJN?g>K|7U;+R-Xay7i delta 20 acmey(@|%S_pO=@50SH#V4&2CHzytt3c?Gfn diff --git a/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rstpep2html.cpython-310.pyc b/venv/lib/python3.10/site-packages/ghidra_assistant/venv/bin/__pycache__/rstpep2html.cpython-310.pyc index 8180c6dd376c44898c82a1070dad0d5b49cccb6c..d692a0d8b3af53f84028ead04bb9daf87371d73d 100644 GIT binary patch delta 20 acmdnax}B9fpO=@50SJN?g>K|t!vp{@>;%dH delta 20 acmdnax}B9fpO=@50SH#V4&2DSh6w;P{RL