chipmunkmc/edl
1
0
Fork 0
mirror of https://github.com/bkerler/edl.git synced 2024-11-14 19:14:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixes

Browse source
This commit is contained in:
Bjoern Kerler 2020-06-15 14:40:36 +02:00
parent fd301d5c6b
commit 987956afe1
11 changed files with 466 additions and 319 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
Library/asmtools.py Normal file → Executable file
View file

0
Library/cryptutils.py Normal file → Executable file
View file

2
Library/firehose.py
View file

@ -572,7 +572,7 @@ class qualcomm_firehose:
header = guid_gpt.parseheader(data, self.cfg.SECTOR_SIZE_IN_BYTES)
if "backup_lba" in header:
sectors = header["first_usable_lba"] - 1
data = self.cmd_read_buffer(lun, header["last_usable_lba"] + 1, sectors, False)
data = self.cmd_read_buffer(lun, header["backup_lba"], sectors, False)
if data==b"":
return None
return data

329
Library/qualcomm_config.py Normal file
View file

@ -0,0 +1,329 @@
msmids = {
0x009440E1: "QDF2432", #7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x006220E1: "MSM7227A",
0x009780E1: "IPQ4018", #7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x009790E1: "IPQ4019", #7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x000160E1: "QCA4020", #7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x000AB0E1: "QCA6290", #0x40040100 soc_hw_version #afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581
0x000D90E1: "QCA6390", #0x400A0000 soc_hw_version #afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581
0x000D70E1: "QCA6595", #0x400B0000 soc_hw_version #afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581
0x000D30E1: "QCN7605", #0x400B0000 soc_hw_version #afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581
0x000D50E1: "QCN7606", #0x400B0000 soc_hw_version #afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581
0x009680E1: "APQ8009",
0x007060E1: "APQ8016",
0x008040E1: "APQ8026",
0x000550E1: "APQ8017",
0x0090C0E1: "APQ8036",
0x0090F0E1: "APQ8037",
0x0090D0E1: "APQ8039",
0x009770E1: "APQ8052",
0x000660E1: "APQ8053",
0x009F00E1: "APQ8056",
0x007190E1: "APQ8064",
0x009D00E1: "APQ8076",
0x009000E1: "APQ8084",
0x009300E1: "APQ8092",
0x000620E1: "APQ8098",
0x008110E1: "MSM8210",
0x008140E1: "MSM8212",
0x008120E1: "MSM8610",
0x008150E1: "MSM8612",
0x008010E1: "MSM8626",
0x000940E1: "MSM8905",
0x009600E1: "MSM8909", # SnapDragon 210
0x007050E1: "MSM8916", # SnapDragon 410
0x000560E1: "MSM8917",
0x000860E1: "MSM8920",
0x008050E1: "MSM8926", # SnapDragon 400
0x009180E1: "MSM8928", # SnapDragon 400
0x0091B0E1: "MSM8929", # SnapDragon 415
0x007210E1: "MSM8930",
0x0072C0E1: "MSM8960",
# 0x000000E1: "MSM8936",
0x0004F0E1: "MSM8937",
0x0090B0E1: "MSM8939", # SnapDragon 610 #7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x0006B0E1: "MSM8940",
0x009720E1: "MSM8952", # SnapDragon 652
0x000460E1: "MSM8953",
0x009B00E1: "MSM8956", # SnapDragon 652
0x009100E1: "MSM8962",
0x007B00E1: "MSM8974", # Snapdragon 800
0x007B30E1: "MSM8974A",
0x007B40E1: "MSM8974AB",
0x007B80E1: "MSM8974Pro",
0x007BC0E1: "MSM8974ABv3",
0x006B10E1: "MSM8974AC",
0x009900E1: "MSM8976", # SnapDragon 652
0x009690E1: "MSM8992", # SnapDragon 82x
0x009400E1: "MSM8994", # SnapDragon 808
0x009470E1: "MSM8996", # SnapDragon 820
0x0006F0E1: "MSM8996AU",
0x1006F0E1: "MSM8996AU",
0x4006F0E1: "MSM8996AU",
0x0005F0E1: "MSM8996Pro", # SnapDragon 821
0x0005E0E1: "MSM8998_SDM835",
0x0094B0E1: "MSM9055",
0x009730E1: "MDM9206_MDM9607tx",
0x000480E1: "MDM9207",
0x0004A0E1: "MDM9607",
0x007F50E1: "MDM9x25",
0x009500E1: "MDM9x40",
0x009540E1: "MDM9x45",
0x009210E1: "MDM9x35",
0x000320E1: "MDM9250",
0x000340E1: "MDM9255",
0x000390E1: "MDM9350",
0x0003A0E1: "MDM9650",
0x0003B0E1: "MDM9655",
0x0007D0E1: "MDM9x60",
0x0007F0E1: "MDM9x65",
0x008090E1: "MDM9916",
0x0080B0E1: "MDM9955",
0x000BE0E1: "SDM429",
0x000BF0E1: "SDM439",
0x0009A0E1: "SDM450",
0x000AC0E1: "SDM630", # 0x30070x00 #afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581
0x000BA0E1: "SDM632",
0x000BB0E1: "SDA632",
0x000CC0E1: "SDM636",
0x0008C0E1: "SDM660", # 0x30060000 soc_hw_version
0x000910E1: "SDM670", # 0x60040100 soc_hw_version
0x000930E1: "SDA670", # 0x60040100 soc_hw_version
# 0x000930E1: "SDA835", # 0x30020000 => HW_ID1 3002000000290022
0x0008B0E1: "SDM845", # 0x60000100 => HW_ID1 6000000000010000
0x000960E1: "SDX24", # 0x60020100 soc_hw_version, 0x8fff7000 dbgpolicy 32Bit, 0x8FCFD000 sec.elf 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000970E1: "SDX24M", # 0x60020100 soc_hw_version, 0x8fff7000 dbgpolicy 32Bit, 0x8FCFD000 sec.elf 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x0007B0E1: "SDX50M", # 0x soc_hw_version, #7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x000E50E1: "SDX55:CD90-PG591", # 0x600b0100 soc_hw_version, 0x8fff7000 dbgpolicy 32Bit, 0x8FCFD000 sec.elf 64Bit #7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x000CF0E1: "SDX55:CD90-PH809", # 0x600b0100 soc_hw_version, 0x8fff7000 dbgpolicy 32Bit, 0x8FCFD000 sec.elf 64Bit #7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x000950E1: "SM6150",
# 0x60070100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000EC0E1: "SM6150p",
# 0x60070100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000E60E1: "SM7150",
# 0x600C0100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000E70E1: "SM7150p",
# 0x600C0100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000A50E1: "SDM855_SM8150",
# 0x60030100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000A60E1: "SDM855p_SM8150p",
# 0x60030100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000C30E1: "SM8250:CD90-PH805-1A",
# 0x60080100 soc_hw_version, 0x808FF000 sec.elf 64Bit, 0x1C000000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000CE0E1: "SM8250:CD90-PH806-1A",
# 0x60080100 soc_hw_version, 0x808FF000 sec.elf 64Bit, 0x1C000000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x0011E0E1: "Saipan_Sc8180x",
# 0x600D0100 soc_hw_version, 0x808FF000 sec.elf 64Bit, 0x1C000000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000AF0E1: "qcs405",
# 0x20140000 soc_hw_version, 0x863DB000 sec.elf 64Bit, 0x863DE000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x000E40E1: "qcs403",
# 0x20140000 soc_hw_version, 0x863DB000 sec.elf 64Bit, 0x863DE000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
0x0010A0E1: "Nicobar",
# 0x90010100 soc_hw_version, 0x45FFF000 sec.elf 64Bit, 0x101FF000 dbgpolicy, 64Bit #d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87
}
sochw = {
0x20130100: "MDM9205",
0x20140000: "qcs403,qcs405",
0x20140100: "qcs403,qcs405",
0x30020000: "MSM8998_SDM835,SDA835",
0x30060000: "SDM660",
0x30070000: "SDM630",
0x40030000: "QCA4020",
0x40040100: "IPQ8074,QCA6290",
0x400A0000: "QCA6390",
0x400B0000: "QCN7605,QCA6595,QCN7606",
#: "SDM632",
#: "SDA632",
#: "SDM636",
0x60000000: "SDM845",
0x60000100: "SDM845",
0x60020100: "SDX24,SDX24M",
0x60030100: "SDM855_SM8150,SDM855p_SM8150p",
0x60040000: "SDA670,SDM670,SDM710",
0x60040100: "SDA670,SDM670,SDM710",
#: "SDX50M",
0x60070100: "SM6150,SM6150p",
0x60080100: "SM8250:CD90-PH805-1A,SM8250:CD90-PH806-1A",
0x600B0100: "SDX55:CD90-PG591,SDX55:CD90-PH809",
0x600C0100: "SM7150,SM7150p",
0x600D0100: "Saipan_Sc8180x",
0x90010100: "Nicobar",
}
infotbl = {
"QDF2432": [[], [0x01900000, 0x100000], []],
"QCA6290": [[],[0x01e20000,0x1000],[]],
"QCA6390": [[],[0x01e20000,0x1000],[]],
"IPQ4018": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"IPQ4019": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"APQ8009": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"APQ8016": [[0x100000, 0x18000], [0x0005C000, 0x1000], [0x200000, 0x24000]],
"APQ8017": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8036": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"APQ8037": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8039": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"APQ8053": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8056": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8076": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8084": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"APQ8092": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"APQ8098": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"MSM7227A": [[], [], []],
"MSM8210": [[], [], []],
"MSM8212": [[], [], []],
"MSM8905": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8909": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8916": [[0x100000, 0x18000], [0x0005C000, 0x1000], [0x200000, 0x24000]],
"MSM8917": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8920": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8926": [[], [], []],
"MSM8928": [[], [], []],
"MSM8929": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8930": [[0x100000, 0x18000], [0x700000, 0x1000], []],
"MSM8936": [[0x100000, 0x18000], [0x700000, 0x1000], []],
"MSM8937": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8939": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8940": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8952": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8953": [[0x100000, 0x18000], [0xA0000, 0x1000], [0x200000, 0x24000]],
"MSM8956": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8974": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8974Pro": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8974AB": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8974ABv3": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8974AC": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8976": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8992": [[0xFC010000, 0x18000], [0xFC4B8000, 0x6FFF], [0xFE800000, 0x24000]],
"MSM8994": [[0xFC010000, 0x18000], [0xFC4B8000, 0x6FFF], [0xFE800000, 0x24000]],
"MSM8996": [[0x100000, 0x18000], [0x70000, 0x6158], [0x200000, 0x24000]],
"MSM8996AU": [[0x100000, 0x18000], [0x70000, 0x6158], [0x200000, 0x24000]],
"MSM8996Pro": [[0x100000, 0x18000], [0x70000, 0x6158], [0x200000, 0x24000]],
"MSM8998": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"MSM9206": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM9207": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MDM9250": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MDM9350": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM9607": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MDM9650": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MDM9x50": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM429": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM439": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM450": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM632": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDA632": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM630": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDM636": [[0x300000, 0x3c000], [0x780000, 0x10000], [0x14009003, 0x24000]],
"SDM660": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDM670": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDA670": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDM845": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDX24": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDX24M": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDX55:CD90-PG591": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDX55:CD90-PH809": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDX50M": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SM6150": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SM6150p": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SM7150": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SM7150p": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDM855_SM8150": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDM855p_SM8150p": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SM8250": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SM8250p": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SM8250:CD90-PH805-1A": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SM8250:CD90-PH806-1A": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"Saipan_Sc8180x": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"qcs403": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"qcs405": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"Nicobar": [[0x300000, 0x3c000], [0x01B40000, 0x10000], []],
}
secureboottbl = {
"QDF2432": 0x019018c8,
# "MSM7227A":[[], [], []],
# "MSM8210": [[], [], []],
# "MSM8212":
"QCA6290": 0x01e20030,
"QCA6390": 0x01e20010,
"IPQ4018": 0x00058098,
"IPQ4019": 0x00058098,
"APQ8009": 0x00058098,
"APQ8016": 0x0005C098,
"APQ8036": 0x00058098,
"APQ8039": 0x00058098,
"APQ8037": 0x000a01d0,
"APQ8053": 0x000a01d0,
"APQ8052": 0x00058098,
"APQ8056": 0x000a01d0,
"APQ8076": 0x000a01d0,
"APQ8084": 0xFC4B83E8,
"APQ8092": 0xFC4B83E8,
"APQ8098": 0x00780350,
"MSM8226": 0xFC4B83E8,
"MSM8610": 0xFC4B83E8,
"MSM8909": 0x00058098,
"MSM8916": 0x0005C098,
"MSM8917": 0x000A01D0,
"MSM8920": 0x000A01D0,
# "MSM8926": [[], [], []],
# "MSM8928": [[], [], []],
"MSM8929": 0x00058098,
"MSM8930": 0x700310,
"MSM8936": 0x700310,
"MSM8937": 0x000A01D0,
"MSM8939": 0x00058098,
"MSM8940": 0x000A01D0,
"MSM8952": 0x00058098,
"MSM8953": 0x000a01d0,
"MSM8956": 0x000a01d0,
"MSM8974": 0xFC4B83F8,
"MSM8974AB": 0xFC4B83F8,
"MSM8974ABv3": 0xFC4B83F8,
"MSM8974AC": 0xFC4B83F8,
"MSM8976": 0x000a01d0,
"MSM8992": 0xFC4B83F8,
"MSM8994": 0xFC4B83F8,
"MSM8996": 0x00070378,
"MSM8996AU": 0x00070378,
"MSM8996Pro": 0x00070378,
"MSM8998_SDM835": 0x00780350,
"MDM9206_MDM9207tx": 0x000a01d0,
"MDM9207": 0x000a01d0,
"MDM9250": 0x000a01d0,
"MDM9350": 0x000a01d0,
"MDM9607": 0x000a01d0,
"MDM9650": 0x000a01d0,
"MDM9x50": 0x000a01d0,
"SDM429": 0x000a01d0,
"SDM439": 0x000a01d0,
"SDM450": 0x000a01d0,
# "SDM636": 0x70378,
"SDM630": 0x00780350,
"SDM632": 0x000a01d0,
"SDA632": 0x000a01d0,
"SDM636": 0x00780350,
"SDM660": 0x00780350,
"SDM670": 0x00780350,
"SDA670": 0x00780350,
"SDM845": 0x00780350,
"SDX24" : 0x00780390,
"SDX24M": 0x00780390,
"SDX50M": 0x000a01e0,
"SDX55:CD90-PG591": 0x007805E8,
"SDX55:CD90-PH809": 0x007805E8,
"SM6150": 0x00780360,
"SM6150p": 0x00780360,
"SM7150": 0x00780460,
"SM7150p": 0x00780460,
"SDM855_SM8150": 0x007804D0,
"SDM855p_SM8150p": 0x007804D0,
"SM8250:CD90-PH805-1A": 0x007805E8,
"SM8250:CD90-PH806-1A": 0x007805E8,
"Saipan_Sc8180x": 0x007805E8,
"qcs403": 0x000a0310,
"qcs405": 0x000a0310,
"Nicobar": 0x01B40458,
}

26
Library/sahara.py
View file

@ -1,6 +1,7 @@
import binascii
import time
from Library.utils import *
from Library.qualcomm_config import *
logger = logging.getLogger(__name__)
class qualcomm_sahara():
@ -142,11 +143,26 @@ class qualcomm_sahara():
continue
try:
hwid = filename.split("_")[0].lower()
msmid=hwid[:8]
devid=hwid[8:]
pkhash = filename.split("_")[1].lower()
if hwid not in self.loaderdb:
self.loaderdb[hwid] = {}
if pkhash not in self.loaderdb[hwid]:
self.loaderdb[hwid][pkhash] = fn
if int(msmid,16) in sochw:
names=sochw[int(msmid,16)].split(",")
for name in names:
for ids in msmids:
if msmids[ids]==name:
msmid=hex(ids)[2:].lower()
while (len(msmid)<8):
msmid='0'+msmid
if msmid not in self.loaderdb:
self.loaderdb[msmid + devid] = {}
if pkhash not in self.loaderdb[msmid + devid]:
self.loaderdb[msmid + devid][pkhash] = fn
else:
if msmid not in self.loaderdb:
self.loaderdb[msmid+devid] = {}
if pkhash not in self.loaderdb[msmid+devid]:
self.loaderdb[msmid+devid][pkhash] = fn
except:
continue
return self.loaderdb
@ -422,7 +438,7 @@ class qualcomm_sahara():
#print("Couldn't find a loader for given hwid and pkhash :(")
#exit(0)
else:
logger.error(f"Couldn't find a loader for given hwid and pkhash ({self.hwidstr}_{self.pkhash[0:16]}_FHPRG.bin) :(")
logger.error("Couldn't find a loader for given hwid and pkhash :(")
exit(0)
with open(fname,"rb") as rf:
self.programmer=rf.read()

0
Library/streaming.py Normal file → Executable file
View file

0
Library/tcpclient.py Normal file → Executable file
View file

0
Library/xmlparser.py Normal file → Executable file
View file

290
edl.py
View file

@ -11,7 +11,7 @@ Usage:
edl.py [--memory=memtype] [--skipstorageinit] [--maxpayload=bytes] [--sectorsize==bytes]
edl.py server [--tcpport=portnumber] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid] [--prjid=projid]
edl.py printgpt [--memory=memtype] [--lun=lun] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
edl.py gpt <directory> [--memory=memtype] [--lun=lun] [--genxml] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
edl.py gpt <filename> [--memory=memtype] [--lun=lun] [--genxml] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
edl.py r <partitionname> <filename> [--memory=memtype] [--lun=lun] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
edl.py rl <directory> [--memory=memtype] [--lun=lun] [--skip=partnames] [--genxml] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
edl.py rf <filename> [--memory=memtype] [--lun=lun] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
@ -44,7 +44,8 @@ Usage:
edl.py reset [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
edl.py nop [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
edl.py oemunlock [--memory=memtype] [--lun=lun] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid]
edl.py ops <mode> [--memory=memtype] [--lun=lun] [--loader=filename] [--debugmode] [--vid=vid] [--pid=pid] [--prjid=projid]
Description:
server [--tcpport=portnumber] # Run tcp/ip server
printgpt [--memory=memtype] [--lun=lun] # Print GPT Table information
@ -108,6 +109,7 @@ from Library.usblib import usb_class
from Library.sahara import qualcomm_sahara
from Library.firehose import qualcomm_firehose
from Library.streaming import qualcomm_streaming
from Library.qualcomm_config import *
from struct import unpack, pack
from Library.xmlparser import xmlparser
logger = logging.getLogger(__name__)
@ -115,224 +117,6 @@ logger = logging.getLogger(__name__)
print("Qualcomm Sahara / Firehose Client (c) B.Kerler 2018-2020.")
msmids = {
0x009440E1: "2432", # 7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x006220E1: "MSM7227A",
0x009680E1: "APQ8009",
0x007060E1: "APQ8016",
0x008040E1: "APQ8026",
0x000550E1: "APQ8017",
0x0090C0E1: "APQ8036",
0x0090F0E1: "APQ8037",
0x0090D0E1: "APQ8039",
0x009770E1: "APQ8052",
0x000660E1: "APQ8053",
0x009F00E1: "APQ8056",
0x007190E1: "APQ8064",
0x009D00E1: "APQ8076",
0x009000E1: "APQ8084",
0x009300E1: "APQ8092",
0x000620E1: "APQ8098",
0x008110E1: "MSM8210",
0x008140E1: "MSM8212",
0x008120E1: "MSM8610",
0x008150E1: "MSM8612",
0x008010E1: "MSM8626",
0x000940E1: "MSM8905",
0x009600E1: "MSM8909",
0x007050E1: "MSM8916",
0x000560E1: "MSM8917",
0x000860E1: "MSM8920",
0x008050E1: "MSM8926",
0x009180E1: "MSM8928",
0x0091B0E1: "MSM8929",
0x007210E1: "MSM8930",
0x0072C0E1: "MSM8930",
# 0x000000E1: "MSM8936",
0x0004F0E1: "MSM8937",
0x0090B0E1: "MSM8939", # 7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09
0x0006B0E1: "MSM8940",
0x009720E1: "MSM8952", # 0x9B00E1
0x000460E1: "MSM8953",
0x009B00E1: "MSM8956",
0x009100E1: "MSM8962",
0x007B00E1: "MSM8974",
0x007B40E1: "MSM8974AB",
0x007B80E1: "MSM8974Pro",
0x007BC0E1: "MSM8974ABv3",
0x006B10E1: "MSM8974AC",
0x009900E1: "MSM8976",
0x009690E1: "MSM8992",
0x009400E1: "MSM8994",
0x009470E1: "MSM8996",
0x0006F0E1: "MSM8996AU",
0x1006F0E1: "MSM8996AU",
0x4006F0E1: "MSM8996AU",
0x0005F0E1: "MSM8996Pro",
0x0005E0E1: "MSM8998",
0x0094B0E1: "MSM9055",
0x009730E1: "MDM9206",
0x000480E1: "MDM9207",
0x0004A0E1: "MDM9607",
0x007F50E1: "MDM9x25",
0x009500E1: "MDM9x40",
0x009540E1: "MDM9x45",
0x009210E1: "MDM9x35",
0x000320E1: "MDM9250",
0x000340E1: "MDM9255",
0x000390E1: "MDM9350",
0x0003A0E1: "MDM9650",
0x0003B0E1: "MDM9655",
0x0007D0E1: "MDM9x60",
0x0007F0E1: "MDM9x65",
0x008090E1: "MDM9916",
0x0080B0E1: "MDM9955",
0x000BE0E1: "SDM429",
0x000BF0E1: "SDM439",
0x0009A0E1: "SDM450",
0x000AC0E1: "SDM630", # 0x30070x00 #afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581
0x000BA0E1: "SDM632",
0x000BB0E1: "SDA632",
0x000CC0E1: "SDM636",
0x0008C0E1: "SDM660", # 0x30060000
0x000910E1: "SDM670", # 0x60040100
0x000930E1: "SDA670", # 0x60040100
# 0x000930E1: "SDA835", # 0x30020000 => HW_ID1 3002000000290022
0x0008B0E1: "SDM845", # 0x60000100 => HW_ID1 6000000000010000
0x000A50E1: "SDM855"
}
infotbl = {
"2432": [[], [0x01900000, 0x100000], []],
"APQ8009": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"APQ8016": [[0x100000, 0x18000], [0x0005C000, 0x1000], [0x200000, 0x24000]],
"APQ8017": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8036": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"APQ8037": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8039": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"APQ8053": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8056": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8076": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"APQ8084": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"APQ8092": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"APQ8098": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"MSM7227A": [[], [], []],
"MSM8210": [[], [], []],
"MSM8212": [[], [], []],
"MSM8905": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8909": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8916": [[0x100000, 0x18000], [0x0005C000, 0x1000], [0x200000, 0x24000]],
"MSM8917": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8920": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8926": [[], [], []],
"MSM8928": [[], [], []],
"MSM8929": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8930": [[0x100000, 0x18000], [0x700000, 0x1000], []],
"MSM8936": [[0x100000, 0x18000], [0x700000, 0x1000], []],
"MSM8937": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8939": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8940": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8952": [[0x100000, 0x18000], [0x00058000, 0x1000], [0x200000, 0x24000]],
"MSM8953": [[0x100000, 0x18000], [0xA0000, 0x1000], [0x200000, 0x24000]],
"MSM8956": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8974": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8974Pro": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8974AB": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8974ABv3": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8974AC": [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
"MSM8976": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM8992": [[0xFC010000, 0x18000], [0xFC4B8000, 0x6FFF], [0xFE800000, 0x24000]],
"MSM8994": [[0xFC010000, 0x18000], [0xFC4B8000, 0x6FFF], [0xFE800000, 0x24000]],
"MSM8996": [[0x100000, 0x18000], [0x70000, 0x6158], [0x200000, 0x24000]],
"MSM8996AU": [[0x100000, 0x18000], [0x70000, 0x6158], [0x200000, 0x24000]],
"MSM8996Pro": [[0x100000, 0x18000], [0x70000, 0x6158], [0x200000, 0x24000]],
"MSM8998": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"MSM9206": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM9207": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MDM9250": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MDM9350": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MSM9607": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MDM9650": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"MDM9x50": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM429": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM439": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM450": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM632": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDA632": [[0x100000, 0x18000], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
"SDM630": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDM636": [[0x300000, 0x3c000], [0x780000, 0x10000], [0x14009003, 0x24000]],
"SDM660": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDM670": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDA670": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
"SDM845": [[0x300000, 0x3c000], [0x780000, 0x10000], []],
}
secureboottbl = {
"2432": 0x019018c8,
# "MSM7227A":[[], [], []],
# "MSM8210": [[], [], []],
# "MSM8212":
"APQ8009": 0x00058098,
"APQ8016": 0x0005C098,
"APQ8036": 0x00058098,
"APQ8039": 0x00058098,
"APQ8037": 0x000a01d0,
"APQ8053": 0x000a01d0,
"APQ8052": 0x00058098,
"APQ8056": 0x000a01d0,
"APQ8076": 0x000a01d0,
"APQ8084": 0xFC4B83E8,
"APQ8092": 0xFC4B83E8,
"APQ8098": 0x00780350,
"MSM8226": 0xFC4B83E8,
"MSM8610": 0xFC4B83E8,
"MSM8909": 0x00058098,
"MSM8916": 0x0005C098,
"MSM8917": 0x000A01D0,
"MSM8920": 0x000A01D0,
# "MSM8926": [[], [], []],
# "MSM8928": [[], [], []],
"MSM8929": 0x00058098,
"MSM8930": 0x700310,
"MSM8936": 0x700310,
"MSM8937": 0x000A01D0,
"MSM8939": 0x00058098,
"MSM8940": 0x000A01D0,
"MSM8952": 0x00058098,
"MSM8953": 0x000a01d0,
"MSM8956": 0x000a01d0,
"MSM8974": 0xFC4B83F8,
"MSM8974AB": 0xFC4B83F8,
"MSM8974ABv3": 0xFC4B83F8,
"MSM8974AC": 0xFC4B83F8,
"MSM8976": 0x000a01d0,
"MSM8992": 0xFC4B83F8,
"MSM8994": 0xFC4B83F8,
"MSM8996": 0x00070378,
"MSM8996AU": 0x00070378,
"MSM8996Pro": 0x00070378,
"MSM8998": 0x00780350,
"MDM9206": 0x000a01d0,
"MDM9207": 0x000a01d0,
"MDM9250": 0x000a01d0,
"MDM9350": 0x000a01d0,
"MDM9607": 0x000a01d0,
"MDM9650": 0x000a01d0,
"MDM9x50": 0x000a01d0,
"SDM429": 0x000a01d0,
"SDM439": 0x000a01d0,
"SDM450": 0x000a01d0,
# "SDM636": 0x70378,
"SDM630": 0x00780350,
"SDM632": 0x000a01d0,
"SDA632": 0x000a01d0,
"SDM636": 0x00780350,
"SDM660": 0x00780350,
"SDM670": 0x00780350,
"SDA670": 0x00780350,
"SDM845": 0x00780350
}
def check_cmd(supported_funcs, func):
if not supported_funcs:
@ -1160,7 +944,8 @@ def handle_firehose(arguments, cdc, sahara, verbose):
hwid = sahara.hwid >> 32
if hwid in msmids:
TargetName = msmids[hwid]
elif hwid in sochw:
TargetName = sochw[hwid].split(",")[0]
if arguments["gpt"]:
luns = getluns(arguments)
directory = arguments["<directory>"]
@ -1175,23 +960,19 @@ def handle_firehose(arguments, cdc, sahara, verbose):
data, guid_gpt = fh.get_gpt(lun, int(arguments["--gpt-num-part-entries"]),
int(arguments["--gpt-part-entry-size"]),
int(arguments["--gpt-part-entry-start-lba"]))
if guid_gpt is not None:
if guid_gpt is None:
break
else:
with open(sfilename,"wb") as wf:
wf.write(data)
print(f"Dumped GPT from Lun {str(lun)} to {sfilename}")
sfilename = os.path.join(directory, f"gpt_backup{str(lun)}.bin")
data = fh.get_backup_gpt(lun, int(arguments["--gpt-num-part-entries"]),
int(arguments["--gpt-part-entry-size"]),
int(arguments["--gpt-part-entry-start-lba"]))
if data is not None:
sfilename = os.path.join(directory, f"gpt_backup{str(lun)}.bin")
with open(sfilename,"wb") as wf:
wf.write(data)
wf.write(data[fh.cfg.SECTOR_SIZE_IN_BYTES*2:])
print(f"Dumped Backup GPT from Lun {str(lun)} to {sfilename}")
if genxml:
guid_gpt.generate_rawprogram(lun, cfg.SECTOR_SIZE_IN_BYTES, directory)
if genxml:
guid_gpt.generate_rawprogram(lun, cfg.SECTOR_SIZE_IN_BYTES, directory)
exit(0)
elif arguments["printgpt"]:
@ -1739,6 +1520,51 @@ def handle_firehose(arguments, cdc, sahara, verbose):
else:
logger.error(lun + ":\t" + rpartition)
exit(0)
elif arguments["ops"]:
if fh.ops==None:
logger.error("Feature is not supported")
exit(0)
partition = "param"
mode=arguments["<mode>"]
enable=False
if mode=="enable":
enable=True
elif mode=="disable":
enable=False
else:
logger.error("Unknown mode given. Available are: enable, disable.")
exit(0)
res=detect_partition(fh, arguments, partition)
if res[0]==True:
lun=res[1]
rpartition=res[2]
paramdata=fh.cmd_read_buffer(lun,rpartition.sector,rpartition.sectors,False)
if paramdata==b"":
logger.error("Error on reading param partition.")
exit(1)
paramdata=fh.ops.enable_ops(paramdata,enable)
if fh.oppoprjid is not None and fh.ops is not None:
if fh.oppoprjid != "":
if "demacia" in fh.supported_functions:
if not fh.ops.run(True):
exit(0)
elif "setprojmodel" in fh.supported_functions:
if not fh.ops.run(False):
exit(0)
if fh.cmd_program_buffer(lun,rpartition.sector,paramdata,False):
print("Successfully set mode")
else:
logger.error("Error on writing param partition")
else:
fpartitions=res[1]
logger.error(f"Error: Couldn't detect partition: {partition}\nAvailable partitions:")
for lun in fpartitions:
for rpartition in fpartitions[lun]:
if arguments["--memory"].lower() == "emmc":
logger.error("\t"+rpartition)
else:
logger.error(lun + ":\t" + rpartition)
exit(0)
else:
logger.error("Unknown/Missing command, a command is required.")
exit(0)

134
fhloaderparse.py
View file

@ -34,38 +34,6 @@ vendor["143A"] = "Asus "
vendor["1978"] = "Blackphone "
vendor["2A70"] = "Oxygen "
hwid = {}
hwid["000460E1"] = "MSM8953 " # SnapDragon 625
hwid["0004F0E1"] = "MSM8937 " # SnapDragon 430
hwid["0006B0E1"] = "MSM8940 "
hwid["000560E1"] = "MSM8917 " # SnapDragon 425
hwid["0005F0E1"] = "MSM8996 Pro " # SnapDragon 821
hwid["007050E1"] = "MSM8916 " # SnapDragon 410
hwid["0072C0E1"] = "MSM8960 "
# 007B20E100010004 MSM8274 OEM1 Sony, Hash 49109A8016C239CD8F76540FE4D5138C87B2297E49C6B30EC31852330BDDB177
hwid["007B00E1"] = "MSM8974 " # Snapdragon 800 Nexus 5
hwid["007B30E1"] = "MSM8974 "
hwid[
"007B40E1"] = "MSM8974AC " # SnapDragon 801, 007B40E100010004, Hash CF19D6FAD8029B66B15246BF3C9D216FC1D2235D87706E0458C7125BB1E436EC
# hwid["007B80E1"] = "MSM8974AB " #HTC M8
hwid["008050E1"] = "MSM8x26 " # SnapDragon 400
hwid["009180E1"] = "MSM8x26/28 " # SnapDragon 400
hwid["008110E1"] = "MSM8x10/2 " # SnapDragon 2x/4x|00
hwid["008140E1"] = "MSM8x10/2 " # SnapDragon 2x/4x|00 Lenovo S580
hwid["0090B0E1"] = "MSM8936/9 " # SnapDragon 610
hwid["0091B0E1"] = "MSM8929 " # SnapDragon 415
hwid["009400E1"] = "MSM8994 " # SnapDragon 808 E6833 009400E100040001 setool S1_Boot_MSM8994_LA1.2_114, MSM8994_50
hwid["009470E1"] = "MSM8996 " # SnapDragon 820
hwid["009600E1"] = "MSM8909 " # SnapDragon 210
hwid["009690E1"] = "MSM8992 " # SnapDragon 82x
hwid["009720E1"] = "MSM8952 " # SnapDragon 652
hwid["009900E1"] = "MSM8976 " # SnapDragon 652
hwid["009B00E1"] = "MSM8956 " # SnapDragon 652
hwid["30020000"] = "MSM8998 "
hwid["30060000"] = "SDM660 "
# hwid["006220E1"] = "MSM7227A "
class Signed:
filename = ''
filesize = 0
@ -95,49 +63,52 @@ def grabtext(data):
def extract_hdr(memsection,si,mm,code_size,signature_size):
md_size = struct.unpack("<I", mm[memsection.file_start_addr + 0x2C:memsection.file_start_addr + 0x2C + 0x4])[0]
md_offset=memsection.file_start_addr + 0x2C + 0x4
major,minor,sw_id,hw_id,oem_id,model_id,app_id=struct.unpack("<IIIIIII",mm[md_offset:md_offset+(7*4)])
si.hw_id="%08X" % hw_id
si.sw_id = "%08X" % sw_id
si.oem_id="%04X" % oem_id
si.model_id="%04X" % model_id
si.hw_id += si.oem_id + si.model_id
si.app_id="%08X" % app_id
md_offset+=(7 * 4)
v=struct.unpack("<I", mm[md_offset:md_offset + 4])[0]
rot_en=(v >> 0) & 1
in_use_soc_hw_version=(v >> 1) & 1
use_serial_number_in_signing=(v >> 2) & 1
oem_id_independent=(v >> 3) & 1
root_revoke_activate_enable=(v >> 4) & 0b11
uie_key_switch_enable=(v >> 6) & 0b11
debug=(v >> 8) & 0b11
md_offset+=4
soc_vers=hexlify(mm[md_offset:md_offset + (12*4)])
md_offset+=12*4
multi_serial_numbers=hexlify(mm[md_offset:md_offset + (8*4)])
md_offset += 8 * 4
mrc_index=struct.unpack("<I", mm[md_offset:md_offset + 4])[0]
md_offset+=4
anti_rollback_version=struct.unpack("<I", mm[md_offset:md_offset + 4])[0]
signatureoffset = memsection.file_start_addr + 0x30 + md_size + code_size + signature_size
try:
if mm[signatureoffset] != 0x30:
print("Error on " + si.filename + ", unknown signaturelength")
md_size = struct.unpack("<I", mm[memsection.file_start_addr + 0x2C:memsection.file_start_addr + 0x2C + 0x4])[0]
md_offset=memsection.file_start_addr + 0x2C + 0x4
major,minor,sw_id,hw_id,oem_id,model_id,app_id=struct.unpack("<IIIIIII",mm[md_offset:md_offset+(7*4)])
si.hw_id="%08X" % hw_id
si.sw_id = "%08X" % sw_id
si.oem_id="%04X" % oem_id
si.model_id="%04X" % model_id
si.hw_id += si.oem_id + si.model_id
si.app_id="%08X" % app_id
md_offset+=(7 * 4)
v=struct.unpack("<I", mm[md_offset:md_offset + 4])[0]
rot_en=(v >> 0) & 1
in_use_soc_hw_version=(v >> 1) & 1
use_serial_number_in_signing=(v >> 2) & 1
oem_id_independent=(v >> 3) & 1
root_revoke_activate_enable=(v >> 4) & 0b11
uie_key_switch_enable=(v >> 6) & 0b11
debug=(v >> 8) & 0b11
md_offset+=4
soc_vers=hexlify(mm[md_offset:md_offset + (12*4)])
md_offset+=12*4
multi_serial_numbers=hexlify(mm[md_offset:md_offset + (8*4)])
md_offset += 8 * 4
mrc_index=struct.unpack("<I", mm[md_offset:md_offset + 4])[0]
md_offset+=4
anti_rollback_version=struct.unpack("<I", mm[md_offset:md_offset + 4])[0]
signatureoffset = memsection.file_start_addr + 0x30 + md_size + code_size + signature_size
try:
if mm[signatureoffset] != 0x30:
print("Error on " + si.filename + ", unknown signaturelength")
return None
except:
return None
if len(mm) < signatureoffset + 4:
print("Signature error on " + si.filename)
return None
len1 = struct.unpack(">H", mm[signatureoffset + 2:signatureoffset + 4])[0] + 4
casignature2offset = signatureoffset + len1
len2 = struct.unpack(">H", mm[casignature2offset + 2:casignature2offset + 4])[0] + 4
rootsignature3offset = casignature2offset + len2
len3 = struct.unpack(">H", mm[rootsignature3offset + 2:rootsignature3offset + 4])[0] + 4
si.pk_hash = hashlib.sha384(mm[rootsignature3offset:rootsignature3offset + len3]).hexdigest()
except:
return None
if len(mm) < signatureoffset + 4:
print("Signature error on " + si.filename)
return None
len1 = struct.unpack(">H", mm[signatureoffset + 2:signatureoffset + 4])[0] + 4
casignature2offset = signatureoffset + len1
len2 = struct.unpack(">H", mm[casignature2offset + 2:casignature2offset + 4])[0] + 4
rootsignature3offset = casignature2offset + len2
len3 = struct.unpack(">H", mm[rootsignature3offset + 2:rootsignature3offset + 4])[0] + 4
si.pk_hash = hashlib.sha384(mm[rootsignature3offset:rootsignature3offset + len3]).hexdigest()
return si
@ -260,15 +231,18 @@ def main(argv):
elfheader = elf(mm,si.filename)
if 'memorylayout' in dir(elfheader):
memsection=elfheader.memorylayout[1]
version=struct.unpack("<I",mm[memsection.file_start_addr + 0x04:memsection.file_start_addr + 0x04+0x4])[0]
code_size = \
struct.unpack("<I", mm[memsection.file_start_addr + 0x14:memsection.file_start_addr + 0x14 + 0x4])[
0]
signature_size = \
struct.unpack("<I", mm[memsection.file_start_addr + 0x1C:memsection.file_start_addr + 0x1C + 0x4])[
0]
cert_chain_size=struct.unpack("<I", mm[memsection.file_start_addr + 0x24:memsection.file_start_addr + 0x24 + 0x4])[
0]
try:
version=struct.unpack("<I",mm[memsection.file_start_addr + 0x04:memsection.file_start_addr + 0x04+0x4])[0]
code_size = \
struct.unpack("<I", mm[memsection.file_start_addr + 0x14:memsection.file_start_addr + 0x14 + 0x4])[
0]
signature_size = \
struct.unpack("<I", mm[memsection.file_start_addr + 0x1C:memsection.file_start_addr + 0x1C + 0x4])[
0]
cert_chain_size=struct.unpack("<I", mm[memsection.file_start_addr + 0x24:memsection.file_start_addr + 0x24 + 0x4])[
0]
except:
continue
if signature_size==0:
print("%s has no signature." % filename)
continue

4
requirements.txt Normal file → Executable file
View file

@ -2,4 +2,6 @@ pyusb
pyserial
docopt
pylzma
pycryptodome
pycryptodome
qrcode