FreeCalypso > hg > freecalypso-sw
annotate rvinterf/lowlevel/tfc139.c @ 983:7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
| author | Mychaela Falconia <falcon@ivan.Harhan.ORG> |
|---|---|
| date | Thu, 10 Dec 2015 08:07:47 +0000 |
| parents | 0d7cc054ef72 |
| children | 8c83777f856c |
| rev | line source |
|---|---|
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
1 /* |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
2 * This program is a contender for the title of the ugliest hack |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
3 * in the FreeCalypso project. It will attempt to break into a |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
4 * locked-down TracFone C139 by mimicking the actions of the |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
5 * mot931c.exe TF "unlocker". |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
6 */ |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
7 |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
8 #include <sys/types.h> |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
9 #include <sys/errno.h> |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
10 #include <stdio.h> |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
11 #include <string.h> |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
12 #include <strings.h> |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
13 #include <stdlib.h> |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
14 #include <unistd.h> |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
15 #include <time.h> |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
16 #include "../include/pktmux.h" |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
17 #include "../include/limits.h" |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
18 |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
19 extern int target_fd; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
20 extern char *baudrate_name; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
21 |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
22 extern u_char rxpkt[]; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
23 extern size_t rxpkt_len; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
24 |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
25 char *logfname; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
26 FILE *logF; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
27 time_t logtime; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
28 int no_output; /* for output.c */ |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
29 |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
30 int wakeup_after_sec = 1; |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
31 |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
32 /* see ../../target-utils/tf-breakin/payload.S for the source */ |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
33 static u_char shellcode[114] = { |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
34 0x78, 0x47, 0xC0, 0x46, 0xD3, 0xF0, 0x21, 0xE3, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
35 0x50, 0x10, 0x9F, 0xE5, 0xF5, 0x00, 0xA0, 0xE3, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
36 0xB2, 0x00, 0xC1, 0xE1, 0xA0, 0x00, 0xA0, 0xE3, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
37 0xB2, 0x00, 0xC1, 0xE1, 0x40, 0x60, 0x9F, 0xE5, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
38 0x05, 0x00, 0xD6, 0xE5, 0x20, 0x00, 0x10, 0xE3, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
39 0xFC, 0xFF, 0xFF, 0x0A, 0x38, 0x10, 0x8F, 0xE2, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
40 0x06, 0x20, 0xA0, 0xE3, 0x01, 0x00, 0xD1, 0xE4, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
41 0x00, 0x00, 0xC6, 0xE5, 0x01, 0x20, 0x52, 0xE2, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
42 0xFB, 0xFF, 0xFF, 0x1A, 0x05, 0x00, 0xD6, 0xE5, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
43 0x40, 0x00, 0x10, 0xE3, 0xFC, 0xFF, 0xFF, 0x0A, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
44 0x10, 0x10, 0x9F, 0xE5, 0x01, 0x2C, 0xA0, 0xE3, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
45 0xB0, 0x20, 0xC1, 0xE1, 0x00, 0xF0, 0xA0, 0xE3, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
46 0x02, 0xF8, 0xFF, 0xFF, 0x00, 0x58, 0xFF, 0xFF, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
47 0x10, 0xFB, 0xFF, 0xFF, 0x02, 0x02, 0x02, 0x4F, |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
48 0x4B, 0x02 |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
49 }; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
50 |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
51 static unsigned shellcode_load_addr = 0x800000; |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
52 static unsigned stack_smash_addr = 0x837C54; |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
53 static int thumb_entry = 0; |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
54 |
|
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
55 static u_char stack_smash_payload[4]; |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
56 |
|
418
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
57 static char *target_tty_port; |
|
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
58 |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
59 static void |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
60 send_compal_memwrite(addr, payload, payload_len) |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
61 unsigned addr; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
62 u_char *payload; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
63 { |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
64 u_char pkt[MAX_PKT_TO_TARGET]; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
65 int i, csum, csum_offset; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
66 |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
67 pkt[0] = RVT_TM_HEADER; |
|
975
0d7cc054ef72
rvinterf/lowlevel: updates for the new knowledge of TM predating ETM
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
432
diff
changeset
|
68 pkt[1] = 0x40; /* old TM3 MEM_WRITE command */ |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
69 pkt[2] = addr; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
70 pkt[3] = addr >> 8; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
71 pkt[4] = addr >> 16; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
72 pkt[5] = addr >> 24; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
73 bcopy(payload, pkt + 6, payload_len); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
74 csum_offset = payload_len + 6; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
75 csum = 0; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
76 for (i = 1; i < csum_offset; i++) |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
77 csum ^= pkt[i]; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
78 pkt[i] = csum; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
79 send_pkt_to_target(pkt, i + 1); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
80 } |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
81 |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
82 static void |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
83 build_stack_smash_payload() |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
84 { |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
85 unsigned jump_addr; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
86 |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
87 jump_addr = shellcode_load_addr; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
88 if (thumb_entry) |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
89 jump_addr += 1; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
90 else |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
91 jump_addr += 4; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
92 stack_smash_payload[0] = jump_addr; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
93 stack_smash_payload[1] = jump_addr >> 8; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
94 stack_smash_payload[2] = jump_addr >> 16; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
95 stack_smash_payload[3] = jump_addr >> 24; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
96 } |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
97 |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
98 main(argc, argv) |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
99 char **argv; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
100 { |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
101 extern char *optarg; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
102 extern int optind; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
103 int c; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
104 fd_set fds; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
105 |
|
432
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
106 baudrate_name = "57600"; /* what C139 firmware uses */ |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
107 while ((c = getopt(argc, argv, "a:B:l:s:tw:")) != EOF) |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
108 switch (c) { |
|
419
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
109 case 'a': |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
110 shellcode_load_addr = strtoul(optarg, 0, 16); |
|
419
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
111 continue; |
|
432
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
112 case 'B': |
|
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
113 baudrate_name = optarg; |
|
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
114 continue; |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
115 case 'l': |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
116 logfname = optarg; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
117 continue; |
|
419
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
118 case 's': |
|
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
119 stack_smash_addr = strtoul(optarg, 0, 16); |
|
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
120 continue; |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
121 case 't': |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
122 thumb_entry = 1; |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
123 continue; |
|
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
124 case 'w': |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
125 wakeup_after_sec = strtoul(optarg, 0, 0); |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
126 continue; |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
127 case '?': |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
128 default: |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
129 usage: fprintf(stderr, |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
130 "usage: %s [options] ttyport\n", argv[0]); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
131 exit(1); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
132 } |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
133 if (argc - optind != 1) |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
134 goto usage; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
135 open_target_serial(argv[optind]); |
|
418
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
136 target_tty_port = argv[optind]; |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
137 |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
138 set_serial_nonblock(0); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
139 setlinebuf(stdout); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
140 if (logfname) { |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
141 logF = fopen(logfname, "w"); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
142 if (!logF) { |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
143 perror(logfname); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
144 exit(1); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
145 } |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
146 setlinebuf(logF); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
147 fprintf(logF, "*** Log of TFC139 break-in session ***\n"); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
148 } |
|
361
62f850da5d49
tfc139: log timestamp buglet
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
360
diff
changeset
|
149 time(&logtime); |
|
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
150 output_line("Sending shellcode RAM write"); |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
151 send_compal_memwrite(shellcode_load_addr, shellcode, sizeof shellcode); |
|
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
975
diff
changeset
|
152 build_stack_smash_payload(); |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
153 for (;;) { |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
154 FD_ZERO(&fds); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
155 FD_SET(target_fd, &fds); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
156 c = select(target_fd+1, &fds, 0, 0, 0); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
157 time(&logtime); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
158 if (c < 0) { |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
159 if (errno == EINTR) |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
160 continue; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
161 perror("select"); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
162 exit(1); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
163 } |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
164 if (FD_ISSET(target_fd, &fds)) |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
165 process_serial_rx(); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
166 } |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
167 } |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
168 |
|
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
169 static void |
|
975
0d7cc054ef72
rvinterf/lowlevel: updates for the new knowledge of TM predating ETM
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
432
diff
changeset
|
170 handle_tm_response() |
|
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
171 { |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
172 char msgbuf[80]; |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
173 |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
174 if (rxpkt_len != 4 || rxpkt[1] != 0x40 || rxpkt[2] || rxpkt[3] != 0x40){ |
|
975
0d7cc054ef72
rvinterf/lowlevel: updates for the new knowledge of TM predating ETM
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
432
diff
changeset
|
175 output_line("TM response differs from expected"); |
|
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
176 return; |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
177 } |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
178 sprintf(msgbuf, "Sending stack smash write at 0x%x", stack_smash_addr); |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
179 output_line(msgbuf); |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
180 send_compal_memwrite(stack_smash_addr, stack_smash_payload, 4); |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
181 stack_smash_addr += 4; |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
182 } |
|
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
183 |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
184 handle_rx_packet() |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
185 { |
|
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
186 if (rxpkt_len == 2 && rxpkt[0] == 'O' && rxpkt[1] == 'K') { |
|
418
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
187 output_line( |
|
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
188 "Success: target should now be in boot ROM download wait"); |
|
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
189 printf("You can now run fc-loadtool -h compal -c none %s\n", |
|
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
190 target_tty_port); |
|
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
191 exit(0); |
|
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
192 } |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
193 switch (rxpkt[0]) { |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
194 case RVT_RV_HEADER: |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
195 if (rxpkt_len < 6) |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
196 goto unknown; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
197 print_rv_trace(); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
198 return; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
199 case RVT_L1_HEADER: |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
200 print_l1_trace(); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
201 return; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
202 case RVT_L23_HEADER: |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
203 print_g23_trace(); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
204 return; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
205 case RVT_TM_HEADER: |
|
975
0d7cc054ef72
rvinterf/lowlevel: updates for the new knowledge of TM predating ETM
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
432
diff
changeset
|
206 print_tm_output_raw(); |
|
0d7cc054ef72
rvinterf/lowlevel: updates for the new knowledge of TM predating ETM
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
432
diff
changeset
|
207 handle_tm_response(); |
|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
208 return; |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
209 default: |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
210 unknown: |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
211 print_unknown_packet(); |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
212 } |
|
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
213 } |