Restructure

README.md

@@ -33,10 +33,24 @@ sudo python3 -m pip install -r requirements.txt
 ```
 
 Windows:
-- Boot device into 9008 mode, install Qualcomm_Diag_QD_Loader_2016_driver.exe from Drivers\Windows
-- Use Zadig 2.5 or higher, list all devices, select QUSB_BULK device and replace
-  driver with libusb >= 1.2.6.0 one (will replace original driver)
-- Get latest Zadig release [here] (https://zadig.akeo.ie/)
+#### Install python + git
+- Install python 3.9 and git
+- If you install python from microsoft store, "python setup.py install" will fail, but that step isn't required.
+- WIN+R ```cmd```
+
+#### Grab files and install
+```
+git clone https://github.com/bkerler/edl
+cd edl
+pip3 install -r requirements.txt
+```
+
+#### Get latest UsbDk 64-Bit
+- Install normal QC 9008 Serial Port driver (or use default Windows COM Port one, make sure no exclamation is seen)
+- Get usbdk installer (.msi) from [here](https://github.com/daynix/UsbDk/releases/) and install it
+- Test on device connect using "UsbDkController -n" if you see a device with pid 0x9008
+- Works fine under Windows 10 and 11 :D
+
 
 ## Convert EDL loaders for automatic usage
 

edl.py

@@ -119,28 +119,18 @@ import logging
 import subprocess
 import re
 from docopt import docopt
-from Library.utils import LogBase
-from Library.usblib import UsbClass
-from Library.sahara import sahara
-from Library.streaming_client import streaming_client
-from Library.firehose_client import firehose_client
-from Library.streaming import Streaming
+from edl.Config.usb_ids import default_ids
+from edl.Library.utils import LogBase
+from edl.Library.usblib import UsbClass
+from edl.Library.sahara import sahara
+from edl.Library.streaming_client import streaming_client
+from edl.Library.firehose_client import firehose_client
+from edl.Library.streaming import Streaming
 from binascii import hexlify
 
 args = docopt(__doc__, version='3')
 
-default_ids = [
-    [0x05c6, 0x9008, -1],
-    [0x05c6, 0x900e, -1],
-    [0x05c6, 0x9025, -1],
-    [0x1199, 0x9062, -1],
-    [0x1199, 0x9070, -1],
-    [0x1199, 0x9090, -1],
-    [0x0846, 0x68e0, -1],
-    [0x19d2, 0x0076, -1]
-]
-
-print("Qualcomm Sahara / Firehose Client V3.4 (c) B.Kerler 2018-2021.")
+print("Qualcomm Sahara / Firehose Client V3.5 (c) B.Kerler 2018-2021.")
 
 
 def parse_cmd(rargs):

edl/Config/qualcomm_config.py

@@ -0,0 +1,677 @@
+vendor = {
+    0x0000: "Qualcomm     ",
+    0x0001: "Foxconn/Sony ",
+    0x0004: "ZTE          ",
+    0x0011: "Smartisan    ",
+    0x0015: "Huawei       ",
+    0x0017: "Lenovo       ",
+    0x0020: "Samsung      ",
+    0x0029: "Asus         ",
+    0x0030: "Haier        ",
+    0x0031: "LG           ",
+    0x0035: "Foxconn/Nokia",
+    0x0042: "Alcatel      ",
+    0x0045: "Nokia        ",
+    0x0048: "YuLong       ",
+    0x0051: "Oppo/Oneplus ",
+    0x0072: "Xiaomi       ",
+    0x0073: "Vivo         ",
+    0x0130: "GlocalMe     ",
+    0x0139: "Lyf          ",
+    0x0168: "Motorola     ",
+    0x01B0: "Motorola     ",
+    0x0208: "Motorola     ",
+    0x0228: "Motorola     ",
+    0x2A96: "Micromax     ",
+    0x02E8: "Lenovo       ",
+    0x0328: "Motorola     ",
+    0x0368: "Motorola     ",
+    0x03C8: "Motorola     ",
+    0x00C8: "Motorola     ",
+    0x0348: "Motorola     ",
+    0x1043: "Asus         ",
+    0x1111: "Asus         ",
+    0x143A: "Asus         ",
+    0x1978: "Blackphone   ",
+    0x2A70: "Oxygen       "
+}
+
+root_cert_hash = {
+    "secboot_sha2_pss_subca1" : "afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581",
+    "secboot_sha2_pss_subca2" : "d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87",
+    "old" : "cc3153a80293939b90d02d3bf8b23e0292e452fef662c74998421adad42a380f",
+    "new" : "7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09",
+    "mdm9x60_tel" : "36c886068d9a6634e9c55185044344e9e756dcc3b5960874942c7a1a1550dee0"
+}
+
+msmids = {
+    # cc3153a80293939b90d02d3bf8b23e0292e452fef662c74998421adad42a380f pkhash/root-cert
+    # 7be49b72f9e4337223ccb84d6eccca4e61ce16e3602ac2008cb18b75babe6d09 pkhash/root-cert
+    0x9440E1: "QDF2432",
+    0x9780E1: "IPQ4018",
+    0x9790E1: "IPQ4019",
+    0x0160E1: "QCA4020",
+    0x9680E1: "APQ8009",
+    0x7060E1: "APQ8016",
+    0x8100E1: "APQ806x",
+    0x9D00E1: "APQ8076",
+    0x08A0E1: "APQ807x",
+    0x9000E1: "APQ8084",
+    0x9630E1: "APQ8092",
+    0x0940E1: "MSM8905",
+    0x9600E1: "MSM8909", # SnapDragon 210
+    0x0510E1: "MSM8909W",
+    0x7050E1: "MSM8916", # SnapDragon 410
+    0x0560E1: "MSM8917",
+    0x0860E1: "MSM8920",
+    0x91B0E1: "MSM8929",  # SnapDragon 415
+    0x04F0E1: "MSM8937",
+    0x90B0E1: "MSM8939",  # SnapDragon 610
+    0x90C0E1: "APQ8036",
+    0x90D0E1: "APQ8039",
+    0x06B0E1: "MSM8940",
+    0x9720E1: "MSM8952",  # SnapDragon 652
+    0x0460E1: "MSM8953",  # 8053lat
+    0x0660E1: "APQ8053",
+    0x9900E1: "MSM8976",  # SnapDragon 652
+    0x9690E1: "MSM8992",  # SnapDragon 82x
+    0x9400E1: "MSM8994",  # SnapDragon 808
+    0x9470E1: "MSM8996",  # SnapDragon 820
+    0x06F0E1: "MSM8996AU",
+    0x05E0E1: "MSM8998_SDM835",
+    0x94B0E1: "MSM9055",
+    0x9730E1: "MDM9206_MDM9607tx",
+    0x04A0E1: "MDM9607",
+    0x8090E1: "MDM9916",
+    0x80B0E1: "MDM9955",
+    0x9210E1: "MDM9x35",
+    0x9500E1: "MDM9x40",
+    0x9540E1: "MDM9x45",
+    0x03A0E1: "MDM9x50",
+    0x7F50E1: "MDM9x25",
+    0x0320E1: "MDM9250",  # MDM9x50
+    0x0340E1: "MDM9255",  # MDM9x55
+    0x0390E1: "MDM9350",  # MDM9x50
+    0x03B0E1: "MDM9x55",
+    0x07D0E1: "MDM9x60",  # SDX20
+    0x07F0E1: "MDM9x65",
+    0x1280E1: "fsm100xx",
+    0x1650E1: "FSM10000",
+    0x1680E1: "FSM10005",
+    0x1690E1: "FSM10010",
+    0x16A0E1: "FSM10051",
+    0x16B0E1: "FSM10056",
+    0x1530E1: "ipq5018",
+    0x1610E1: "olympic_manar",
+    0x1060E1: "qm215",
+    0x0BE0E1: "SDM429",
+    0x0BF0E1: "SDM439",
+    0x09A0E1: "SDM450",
+    0x0AC0E1: "SDM630",  #0x30070x00
+    0x0BA0E1: "SDM632",
+    0x0BB0E1: "SDA632",
+    0x08C0E1: "SDM660",  # 0x30060000 soc_hw_version
+    0x07B0E1: "SDX50M",  # 0x soc_hw_version,
+    0x0E50E1: "SDX55:CD90-PG591", # 0x600b0100 soc_hw_version, 0x8fff7000 dbgpolicy 32Bit, 0x8FCFD000 sec.elf 64Bit
+    0x0CF0E1: "SDX55M:CD90-PH809", # 0x600b0100 soc_hw_version, 0x8fff7000 dbgpolicy 32Bit, 0x8FCFD000 sec.elf 64Bit, # Netgear MR5100, sdxprairie
+    0x1250E1: "SA515M",
+
+    # afca69d4235117e5bfc21467068b20df85e0115d7413d5821883a6d244961581
+    0x0AB0E1: "QCA6290",  # 0x40040100 soc_hw_version
+    0x0D90E1: "QCA6390",  # 0x400A0000 soc_hw_version
+    0x1310E1: "QCA6480",
+    0x12E0E1: "QCA6481",
+    0x12D0E1: "QCA6491",
+    0x0D70E1: "QCA6595",  # 0x400B0000 soc_hw_version
+    0x0D30E1: "QCN7605",  # 0x400B0000 soc_hw_version
+    0x0D50E1: "QCN7606",  # 0x400B0000 soc_hw_version
+    0x0910E1: "SDM670",  # 0x60040100 soc_hw_version
+    0x0DB0E1: "SDM710",
+    0x0AA0E1: "QCS605",
+    0x0ED0E1: "SXR1120",
+    0x0EA0E1: "SXR1130",
+    0x08E0E1: "SDA845",
+
+    # d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955
+    # d40eee56f3194665574109a39267724ae7944134cd53cb767e293d3c40497955bc8a4519ff992b031fadc6355015ac87 pk-hash/root-cert
+    0x1260E1: "IPQ6018",
+    0x1070E1: "MDM9205", # 0x20130100
+    0x1450E1: "agatti", # soc_vers 0x9003
+    0x13F0E1: "bitra_SDM", # soc_vers 0x6012
+    0x1410E1: "bitra_SDA",
+    0x1590E1: "cedros", # soc_vers 0x6017
+    0x1360E1: "kamorta", # soc_vers 0x9002 SnapDragon 662/460 SM4250/SM4350, bengal
+    0x1350E1: "lahaina", # soc_vers 0x600F sm8350, SDM875
+    0x1420E1: "lahaina_premier",
+    0x14A0E1: "makena", # soc_vers 0x6014
+    0x14B0E1: "SA8295P",
+    0x14C0E1: "SA8540P",
+    #0x1610E1: "mannar", # soc_vers 0x9004
+    0x1470E1: "moselle", # soc_vers 0x4014
+    0x10A0E1: "nicobar",  # 0x90010100 soc_hw_version, 0x45FFF000 sec.elf 64Bit, 0x101FF000 dbgpolicy, 64Bit
+    0x10B0E1: "qcn90xx", # soc_vers 0x400D
+    0x10C0E1: "QCN9001",
+    0x1150E1: "QCN9002",
+    0x10D0E1: "QCN9003",
+    0x10E0E1: "QCN9010",
+    0x10F0E1: "QCN9011",
+    0x1110E1: "QCN9012",
+    0x1140E1: "QCN9013",
+    0x0AF0E1: "qcs405",  # 0x20140000 soc_hw_version, 0x863DB000 sec.elf 64Bit, 0x863DE000 dbgpolicy, 64Bit
+    0x0400E1: "rennell", # soc_vers 0x600E7T A11 CB
+    0x12A0E1: "rennell",
+    0x12B0E1: "rennell_premier",
+    0x1490E1: "rennell_v1.1",
+    0x1630E1: "sd7250",
+    0x11E0E1: "saipan", # 0x600D0100 soc_hw_version, 0x808FF000 sec.elf 64Bit, 0x1C000000 dbgpolicy, 64Bit, SM7250 Snapdragon 765G
+    0x0950E1: "SM6150",  # 0x60070100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit
+    0x0EC0E1: "SM6150p",  # 0x60070100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit
+    0x0E60E1: "SM7150",  # 0x600C0100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit
+    0x0A50E1: "SDM855_SM8150", # Hana 0x60030100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit
+    0x0A60E1: "SDM855p_SM8150p", # Hana 0x60030100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit
+    0x0C30E1: "SM8250:CD90-PH805-1A", # Kona, 0x60080100 soc_hw_version, 0x808FF000 sec.elf 64Bit, 0x1C000000 dbgpolicy, 64Bit
+    0x0CE0E1: "SM8250:CD90-PH806-1A", # Kona 0x60080100 soc_hw_version, 0x808FF000 sec.elf 64Bit, 0x1C000000 dbgpolicy, 64Bit
+    0x0B80E1: "sc8180x", # Snapdragon 8CX
+    0x1560E1: "SM8250", # HDK 8250
+
+    # Unknown root hash
+    0x0B70E1: "SDM850",
+    0x0960E1: "SDX24",  # 0x60020100 soc_hw_version, 0x8fff7000 dbgpolicy 32Bit, 0x8FCFD000 sec.elf 64Bit
+    0x0970E1: "SDX24M", # 0x60020100 soc_hw_version, 0x8fff7000 dbgpolicy 32Bit, 0x8FCFD000 sec.elf 64Bit
+    0x0E70E1: "SM7150p", # 0x600C0100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit
+    0x0E80E1: "SA8155", # 0x60030100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit
+    0x0E90E1: "SA8155p", # 0x60030100 soc_hw_version, 0x85FFF000 sec.elf 64Bit, 0x1C1FF000 dbgpolicy, 64Bit
+    0x0E40E1: "qcs403", # 0x20140000 soc_hw_version, 0x863DB000 sec.elf 64Bit, 0x863DE000 dbgpolicy, 64Bit
+    0x1440E1: "chitwan", # soc_vers 0x6013
+    0x1370E1: "kamortap",
+    0x6220E1: "MSM7227A",
+    0x8040E1: "APQ8026",
+    0x0550E1: "APQ8017",
+    0x90F0E1: "APQ8037",
+    0x9770E1: "APQ8052",
+    0x9F00E1: "APQ8056",
+    0x7190E1: "APQ8064",
+    0x9300E1: "APQ8092",
+    0x0620E1: "APQ8098",
+    0x8110E1: "MSM8210",
+    0x8140E1: "MSM8212",
+    0x8120E1: "MSM8610",
+    0x8150E1: "MSM8612",
+    0x8010E1: "MSM8626",
+    0x8050E1: "MSM8926", # SnapDragon 400
+    0x9180E1: "MSM8928", # SnapDragon 400
+    0x7210E1: "MSM8930",
+    0x72C0E1: "MSM8960",
+    0x9B00E1: "MSM8956", # SnapDragon 652
+    0x9100E1: "MSM8962",
+    0x7B00E1: "MSM8974", # Snapdragon 800
+    0x7B30E1: "MSM8974A",
+    0x7B40E1: "MSM8974AB",
+    0x7B80E1: "MSM8974Pro",
+    0x7BC0E1: "MSM8974ABv3",
+    0x6B10E1: "MSM8974AC",
+    0x05F0E1: "MSM8996Pro", # SnapDragon 821
+    0x0480E1: "MDM9207",
+    0x0CC0E1: "SDM636",
+    0x0930E1: "SDA670",  # 0x60040100 soc_hw_version
+    #0x0930E1: "SDA835", # 0x30020000 => HW_ID1 3002000000290022
+    0x08B0E1: "SDM845",  # Napali 0x60000100 => HW_ID1 6000000000010000
+    #SDM840 NapaliQ ?
+    #SDM640 Talos ?
+}
+
+sochw = {
+    0x2013: "MDM9205",
+    0x2014: "qcs405",
+    0x2017: "IPQ6018",
+    0x3002: "MSM8998_SDM835,SDA835",
+    0x3006: "SDM660",
+    0x3007: "SDM630",
+    0x4003: "QCA4020",
+    0x4004: "IPQ8074,QCA6290",
+    0x400A: "QCA6390",
+    0x400B: "QCN7605,QCA6595,QCN7606",
+    0x400D: "qcn90xx",
+    0x4014: "moselle",
+
+    #: "SDM632",
+    #: "SDA632",
+    #: "SDM636",
+    0x6000: "SDM845",
+    0x6001: "SDA845",
+    0x6002: "SDX24,SDX24M",
+    0x6003: "SDM855_SM8150,SDM855p_SM8150p",
+    0x6004: "SDA670,SDM670,SDM710",
+    0x6005: "SDM670",
+    #: "SDX50M",
+    0x6006: "sc8180x",
+    0x6007: "SM6150,SM6150p",
+    0x6008: "SM8250:CD90-PH805-1A,SM8250:CD90-PH806-1A,SM8250",
+    0x6009: "SDM670",
+    0x600B: "SDX55:CD90-PG591,SDX55:CD90-PH809",
+    0x600C: "SM7150,SM7150p",
+    0x600D: "saipan",
+    0x600E: "rennell",
+    0x600F: "lahaina",
+    0x6012: "bitra_SDM",
+    0x6013: "chitwan",
+    0x6014: "makena",
+    0x6016: "olympic",
+    0x6017: "cedros",
+    0x9001: "nicobar",
+    0x9002: "kamorta",
+    0x9003: "agatti",
+    0x9004: "mannar"
+}
+
+secgen=[
+    # BOOT_ROM_BASE_PHYS, SECURITY_CONTROL_BASE_PHYS, MEMORY_MAP
+    [[], [0x01900000, 0x100000], []],
+    [[],[0x01e20000,0x1000],[]],
+    [[0xFC010000, 0x18000], [0xFC4B8000, 0x60F0], [0x200000, 0x24000]],
+    [[0x100000, 0x1ffb0], [0x70000, 0x6158], [0x200000, 0x24000]],
+    [[0x100000, 0x1ffb0], [0x00058000, 0x1000], [0x200000, 0x24000]],
+    [[0x100000, 0x1ffb0], [0x000A0000, 0x6FFF], [0x200000, 0x24000]],
+    [[0x100000, 0x1ffb0], [0x00700000, 0x6158], [0x200000, 0x24000]],
+    [[0x300000, 0x3c000], [0x00780000, 0x10000], [0x14009003, 0x24000]],
+    [[0x300000, 0x3c000], [0x01B40000, 0x10000], []],
+]
+
+infotbl = {
+    "QDF2432": secgen[0],
+    "QCA6290": secgen[1],
+    "QCA6390": secgen[1],
+    "QCA6480": secgen[1],
+    "QCA6481": secgen[1],
+    "QCA6490": secgen[1],
+    "QCA6491": secgen[1],
+
+    "APQ8084": secgen[2],
+    "APQ8092": secgen[2],
+    "MSM8962": secgen[2],
+    "MSM8974": secgen[2],
+    "MSM8974Pro": secgen[2],
+    "MSM8974AB": secgen[2],
+    "MSM8974ABv3": secgen[2],
+    "MSM8974AC": secgen[2],
+    "MSM8992": secgen[2],
+    "MSM8994": secgen[2],
+    "MDM9x25": secgen[2],
+    "MDM9x35": secgen[2],
+
+    "MSM8996": secgen[3],
+    "MSM8996AU": secgen[3],
+    "MSM8996Pro": secgen[3],
+
+    "IPQ4018": secgen[4],
+    "IPQ4019": secgen[4],
+    "APQ8009": secgen[4],
+    "APQ8016": secgen[4],
+    "APQ8036": secgen[4],
+    "APQ8039": secgen[4],
+    "MSM8905": secgen[4],
+    "MSM8909": secgen[4],
+    "MSM8909W": secgen[4],
+    "MSM8916": secgen[4],
+    "MSM8929": secgen[4],
+    "MSM8939": secgen[4],
+    "MSM8952": secgen[4],
+    "MDM9x40": secgen[4],
+    "MDM9x45": secgen[4],
+
+    "APQ8017": secgen[5],
+    "APQ8037": secgen[5],
+    "APQ8053": secgen[5],
+    "APQ8056": secgen[5],
+    "APQ8076": secgen[5],
+    "MSM8917": secgen[5],
+    "MSM8920": secgen[5],
+    "MSM8937": secgen[5],
+    "MSM8940": secgen[5],
+    "MSM8953": secgen[5],
+    "MSM8956": secgen[5],
+    "MSM8976": secgen[5],
+    "MSM9206": secgen[5],
+    "MDM9207": secgen[5],
+    "MDM9607": secgen[5],
+    "MDM9x50": secgen[5],
+    "MDM9x55": secgen[5],
+    "MDM9x60": secgen[5],
+    "MDM9x65": secgen[5],
+    "MDM9250": secgen[5],
+    "MDM9350": secgen[5],
+    "MDM9650": secgen[5],
+    "SDM429": secgen[5],
+    "SDM439": secgen[5],
+    "SDM450": secgen[5],
+    "SDM632": secgen[5],
+    "SDA632": secgen[5],
+    "SDX50M": secgen[5],
+    "qcs403": secgen[5],
+    "qcs405": secgen[5],
+    "ipq5018": secgen[5],
+    "ipq6018": secgen[5],
+    "qm215": secgen[5],
+
+    "APQ806x": secgen[6],
+    "MSM8930": secgen[6],
+    "MSM8936": secgen[6],
+
+    "APQ8098": secgen[7],
+    "MSM8998": secgen[7],
+    "SDM630": secgen[7],
+    "SDM636": secgen[7],
+    "SDM660": secgen[7],
+    "SDM670": secgen[7],
+    "SDA670": secgen[7],
+    "SDM710": secgen[7],
+    "QCS605": secgen[7],
+    "SXR1120": secgen[7],
+    "SXR1130": secgen[7],
+    "SDM845": secgen[7],
+    "SDA845": secgen[7],
+    "SDM850": secgen[7],
+    "SDX24": secgen[7],
+    "SDX24M": secgen[7],
+    "SDX55M": secgen[7],
+    "SDX55:CD90-PG591": secgen[7],
+    "SDX55:CD90-PH809": secgen[7],
+    "SA515M": secgen[7],
+    "SM6150": secgen[7],
+    "SM6150p": secgen[7],
+    "SM7150": secgen[7],
+    "SM7150p": secgen[7],
+    "SDM855_SM8150": secgen[7],
+    "SDM855p_SM8150p": secgen[7],
+    "SM8250": secgen[7],
+    "SM8250p": secgen[7],
+    "SM8250:CD90-PH805-1A": secgen[7],
+    "SM8250:CD90-PH806-1A": secgen[7],
+    "saipan": secgen[7],
+    "sc8180x": secgen[7],
+    "bitra": secgen[7],
+    "cedros": secgen[7],
+    "chitwan": secgen[7],
+    "lahaina": secgen[7],
+    "lahaina_premier": secgen[7],
+    "mannar": secgen[7],
+    "rennell": secgen[7],
+    "sd7250": secgen[7],
+
+    "nicobar": secgen[8],
+    "agatti": secgen[8],
+    "kamorta": secgen[8],
+    "kamortap": secgen[8],
+
+
+    # "MSM7227A": [[], [], []],
+    # "MSM8210": [[], [0xFC4B8000,0x6FFF], []],
+    # "MSM8212": [[], [], []],
+    # "MSM8610": [[], [0xFC4B8000,0x6FFF], []],
+    # "MSM8226": [[], [0xFC4B8000,0x6FFF], []],
+    # "MSM8926": [[], [0xFC4B8000,0x6FFF], []],
+    # "MSM8928": [[], [], []],
+}
+
+class memory_type:
+    nand = 0
+    emmc = 1
+    ufs = 2
+    spinor = 3
+
+    preferred_memory = {
+        "QDF2432": emmc,
+        "QCA6290": emmc,
+        "QCA6390": emmc,
+        "QCA6480": emmc,
+        "QCA6481": emmc,
+        "QCA6490": emmc,
+        "QCA6491": emmc,
+
+        "APQ8084": emmc,
+        "APQ8092": emmc,
+        "MSM8962": emmc,
+        "MSM8974": emmc,
+        "MSM8974Pro": emmc,
+        "MSM8974AB": emmc,
+        "MSM8974ABv3": emmc,
+        "MSM8974AC": emmc,
+        "MSM8992": emmc,
+        "MSM8994": emmc,
+        "MDM9x25": emmc,
+        "MDM9x35": emmc,
+
+        "MSM8996": ufs,
+        "MSM8996AU": ufs,
+        "MSM8996Pro": ufs,
+
+        "IPQ4018": emmc,
+        "IPQ4019": emmc,
+        "APQ8009": emmc,
+        "APQ8016": emmc,
+        "APQ8036": emmc,
+        "APQ8039": emmc,
+        "MSM8905": emmc,
+        "MSM8909": emmc,
+        "MSM8909W": emmc,
+        "MSM8916": emmc,
+        "MSM8929": emmc,
+        "MSM8939": emmc,
+        "MSM8952": emmc,
+        "MDM9x40": emmc,
+        "MDM9x45": emmc,
+
+        "APQ8017": emmc,
+        "APQ8037": emmc,
+        "APQ8053": emmc,
+        "APQ8056": emmc,
+        "APQ8076": emmc,
+        "MSM8917": emmc,
+        "MSM8920": emmc,
+        "MSM8937": emmc,
+        "MSM8940": emmc,
+        "MSM8953": emmc,
+        "MSM8956": emmc,
+        "MSM8976": emmc,
+        "MSM9206": emmc,
+        "MDM9207": nand,
+        "MDM9607": nand,
+        "MDM9x50": emmc,
+        "MDM9x55": emmc,
+        "MDM9x60": emmc,
+        "MDM9x65": emmc,
+        "MDM9250": emmc,
+        "MDM9350": emmc,
+        "MDM9650": emmc,
+        "SDM429": emmc,
+        "SDM439": emmc,
+        "SDM450": emmc,
+        "SDM632": emmc,
+        "SDA632": emmc,
+        "SDX50M": emmc,
+        "qcs403": emmc,
+        "qcs405": emmc,
+        "ipq5018": emmc,
+        "ipq6018": emmc,
+        "qm215": emmc,
+
+        "APQ806x": emmc,
+        "MSM8930": emmc,
+        "MSM8936": emmc,
+
+        "APQ8098": emmc,
+        "MSM8998": ufs,
+        "SDM630": emmc,
+        "SDM636": emmc,
+        "SDM660": emmc,
+        "SDM670": emmc,
+        "SDA670": emmc,
+        "SDM710": emmc,
+        "QCS605": emmc,
+        "SXR1120": emmc,
+        "SXR1130": emmc,
+        "SDM845": ufs,
+        "SDA845": ufs,
+        "SDM850": ufs,
+        "SDX24": emmc,
+        "SDX24M": emmc,
+        "SDX55M": ufs,
+        "SDX55:CD90-PG591": ufs,
+        "SDX55:CD90-PH809": ufs,
+        "SA515M": emmc,
+        "SM6150": emmc,
+        "SM6150p": emmc,
+        "SM7150": emmc,
+        "SM7150p": emmc,
+        "SDM855_SM8150": ufs,
+        "SDM855p_SM8150p": ufs,
+        "SM8250": ufs,
+        "SM8250p": ufs,
+        "SM8250:CD90-PH805-1A": ufs,
+        "SM8250:CD90-PH806-1A": ufs,
+        "saipan": ufs,
+        "sc8180x": ufs,
+        "bitra": ufs,
+        "cedros": ufs,
+        "chitwan": ufs,
+        "lahaina": ufs,
+        "lahaina_premier": ufs,
+        "mannar": ufs,
+        "rennell": ufs,
+        "sd7250": ufs,
+
+        "nicobar": ufs,
+        "agatti": ufs,
+        "kamorta": ufs,
+        "kamortap": ufs,
+
+        # "MSM7227A": [[], [], []],
+        # "MSM8210": [[], [0xFC4B8000,0x6FFF], []],
+        # "MSM8212": [[], [], []],
+        # "MSM8610": [[], [0xFC4B8000,0x6FFF], []],
+        # "MSM8226": [[], [0xFC4B8000,0x6FFF], []],
+        # "MSM8926": [[], [0xFC4B8000,0x6FFF], []],
+        # "MSM8928": [[], [], []],
+    }
+
+
+secureboottbl = {
+    "QDF2432": 0x019018c8,
+    "QCA6290": 0x01e20030,
+    "QCA6390": 0x01e20010,
+    "IPQ4018": 0x00058098,
+    "IPQ4019": 0x00058098,
+    "APQ8009": 0x00058098,
+    "APQ8016": 0x00058098,
+    "APQ8036": 0x00058098,
+    "APQ8039": 0x00058098,
+    "APQ8037": 0x000a01d0,
+    "APQ8053": 0x000a01d0,
+    "APQ8052": 0x00058098,
+    "APQ8056": 0x000a01d0,
+    "APQ8076": 0x000a01d0,
+    "APQ8084": 0xFC4B83F8,
+    "APQ8092": 0xFC4B83F8,
+    "APQ8098": 0x00780350,
+    "MSM8226": 0xFC4B83E8,
+    "MSM8610": 0xFC4B83E8,
+    "MSM8905": 0x00058098,
+    "MSM8909": 0x00058098,
+    "MSM8909W": 0x00058098,
+    "MSM8916": 0x00058098,
+    "MSM8917": 0x000A01D0,
+    "MSM8920": 0x000A01D0,
+    "MSM8929": 0x00058098,
+    "MSM8930": 0x700310,
+    "MSM8936": 0x700310,
+    "MSM8937": 0x000A01D0,
+    "MSM8939": 0x00058098,
+    "MSM8940": 0x000A01D0,
+    "MSM8952": 0x00058098,
+    "MSM8953": 0x000a01d0,
+    "MSM8956": 0x000a01d0,
+    "MSM8974": 0xFC4B83F8,
+    "MSM8974AB": 0xFC4B83F8,
+    "MSM8974ABv3": 0xFC4B83F8,
+    "MSM8974AC": 0xFC4B83F8,
+    "MSM8976": 0x000a01d0,
+    "MSM8992": 0xFC4B83F8,
+    "MSM8994": 0xFC4B83F8,
+    "MSM8996": 0x00070378,
+    "MSM8996AU": 0x00070378,
+    "MSM8996Pro": 0x00070378,
+    "MSM8998_SDM835": 0x00780350,
+    "MDM9205": 0x000a0320,
+    "MDM9206_MDM9207tx": 0x000a01d0,
+    "MDM9250": 0x000a01d0,
+    "MDM9350": 0x000a01d0,
+    "MDM9207": 0x000a01d0,
+    "MDM9607": 0x000a01d0,
+    "MDM9x25": 0xFC4B6028,
+    "MDM9x30": 0xFC4B6028,
+    "MDM9x35": 0xFC4B6028,
+    "MDM9x40": 0x00058098,
+    "MDM9x45": 0x00058098,
+    "MDM9650": 0x000a01d0,
+    "MDM9x50": 0x000a01d0,
+    "MDM9x55": 0x000a01d0,
+    "MDM9x60": 0x000a01d0,
+    "MDM9x65": 0x000a01d0,
+    "SDM429": 0x000a01d0,
+    "SDM439": 0x000a01d0,
+    "SDM450": 0x000a01d0,
+    "SDM630": 0x00780350,
+    "SDM632": 0x000a01d0,
+    "SDA632": 0x000a01d0,
+    "SDM636": 0x00780350,
+    "SDM660": 0x00780350,
+    "SDM670": 0x00780350, # Warlock
+    "SDA670": 0x00780350,
+    "SDM710": 0x00780350,
+    "QCS605": 0x00780350,
+    "SXR1120": 0x00780350,
+    "SXR1130": 0x00780350,
+    "SDM845": 0x00780350,
+    "SDA845": 0x00780350,
+    "SDX24" : 0x00780390,
+    "SDX24M": 0x00780390,
+    "SDX50M": 0x000a01e0,
+    "SDX55:CD90-PG591":  0x007805E8,
+    "SDX55:CD90-PH809":  0x007805E8,
+    "SDX55M" : 0x007804D0,
+    "SA515M" : 0x007804D0,
+    "SM6150": 0x00780360,
+    "SM6150p": 0x00780360,
+    "SM7150": 0x00780460,
+    "SM7150p": 0x00780460,
+    "SDM855_SM8150": 0x007804D0,
+    "SDM855p_SM8150p": 0x007804D0,
+    "SM8250:CD90-PH805-1A": 0x007805E8,
+    "SM8250:CD90-PH806-1A": 0x007805E8,
+    "agatti": 0x01B40458,
+    "bitra": 0x007804D8,
+    "bitra_SDM": 0x007804D8,
+    "bitra_SDA": 0x007804D8,
+    "cedros": 0x00780728,
+    "chitwan": 0x00780668,
+    "ipq5018": 0x000A01D0,
+    "ipq6018": 0x000A01D0,
+    "saipan": 0x007805E8,
+    "sd7250": 0x007805E8,
+    "sc8180x": 0x007805E8,
+    "qcs403": 0x000a0310,
+    "qcs405": 0x000a0310,
+    "nicobar": 0x01B40458,
+    "kamorta": 0x01B40458,
+    "kamorta_p": 0x01B40458,
+    "lahaina": 0x780668,
+    "lahaina_premier": 0x780668,
+    "mannar": 0x01B40458,
+    "qm215": 0x000a01d0,
+    "rennell":0x000780498
+    # "MSM7227A":[[], [], []],
+    # "MSM8210": [[], [], []],
+    # "MSM8212":
+    # "MSM8926": [[], [], []],
+    # "MSM8928": [[], [], []],
+}

edl/Config/usb_ids.py

@@ -0,0 +1,10 @@
+default_ids = [
+    [0x05c6, 0x9008, -1],
+    [0x05c6, 0x900e, -1],
+    [0x05c6, 0x9025, -1],
+    [0x1199, 0x9062, -1],
+    [0x1199, 0x9070, -1],
+    [0x1199, 0x9090, -1],
+    [0x0846, 0x68e0, -1],
+    [0x19d2, 0x0076, -1]
+]

edl/Library/Modules/generic.py

@@ -0,0 +1,113 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+
+import logging
+from edl.Library.utils import LogBase
+
+
+class generic(metaclass=LogBase):
+    def __init__(self, fh, serial, args, loglevel):
+        self.fh = fh
+        self.serial = serial
+        self.args = args
+        self.__logger.setLevel(loglevel)
+        self.error=self.__logger.error
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+    def oem_unlock(self, enable):
+        res = self.fh.detect_partition(self.args, "config")
+        if res[0]:
+            lun = res[1]
+            rpartition = res[2]
+            offsettopatch = 0x7FFFF
+            sector = rpartition.sector + (offsettopatch // self.fh.cfg.SECTOR_SIZE_IN_BYTES)
+            offset = offsettopatch % self.fh.cfg.SECTOR_SIZE_IN_BYTES
+            if enable:
+                value = 0x1
+            else:
+                value = 0x0
+            size_in_bytes = 1
+            if self.fh.cmd_patch(lun, sector, offset, value, size_in_bytes, True):
+                print(f"Patched sector {str(rpartition.sector)}, offset {str(offset)} with value {value}, " +
+                      f"size in bytes {size_in_bytes}.")
+            else:
+                print(f"Error on writing sector {str(rpartition.sector)}, offset {str(offset)} with value {value}, " +
+                      f"size in bytes {size_in_bytes}.")
+        else:
+            """
+            #define DEVICE_MAGIC "ANDROID-BOOT!"
+            #define DEVICE_MAGIC_SIZE 13
+            #define MAX_PANEL_ID_LEN 64
+            #define MAX_VERSION_LEN  64
+            #if VBOOT_MOTA
+            struct device_info
+            {
+                unsigned char magic[DEVICE_MAGIC_SIZE];
+                bool is_unlocked;
+                bool is_tampered;
+                bool is_verified;
+                bool charger_screen_enabled;
+                char display_panel[MAX_PANEL_ID_LEN];
+                char bootloader_version[MAX_VERSION_LEN];
+                char radio_version[MAX_VERSION_LEN];
+                bool is_unlock_critical;
+            };
+            #else
+            struct device_info
+            {
+                unsigned char magic[DEVICE_MAGIC_SIZE];
+                bool is_unlocked; #0x10
+                bool is_tampered; #0x14
+                bool charger_screen_enabled; #0x18
+                char display_panel[MAX_PANEL_ID_LEN];
+                char bootloader_version[MAX_VERSION_LEN];
+                char radio_version[MAX_VERSION_LEN];
+                bool verity_mode; // 1 = enforcing, 0 = logging
+                bool is_unlock_critical;
+            };
+            #endif
+            """
+            res = self.fh.detect_partition(self.args, "devinfo")
+            if res[0]:
+                lun = res[1]
+                rpartition = res[2]
+                offsettopatch1 = 0x10  # is_unlocked
+                offsettopatch2 = 0x18  # is_critical_unlocked
+                offsettopatch3 = 0x7FFE10  # zte
+                offsettopatch4 = 0x7FFE18  # zte
+                sector1, offset1 = self.fh.calc_offset(rpartition.sector, offsettopatch1)
+                sector2, offset2 = self.fh.calc_offset(rpartition.sector, offsettopatch2)
+                sector3, offset3 = self.fh.calc_offset(rpartition.sector, offsettopatch3)
+                sector4, offset4 = self.fh.calc_offset(rpartition.sector, offsettopatch4)
+                value = 0x1
+                size_in_bytes = 1
+                if self.fh.cmd_patch(lun, sector1, offset1, 0x1, size_in_bytes, True):
+                    if self.fh.cmd_patch(lun, sector2, offset2, 0x1, size_in_bytes, True):
+                        print(
+                            f"Patched sector {str(rpartition.sector)}, offset {str(offset1)} with value {value}, " +
+                            f"size in bytes {size_in_bytes}.")
+                        data = self.fh.cmd_read_buffer(lun, rpartition.sector, rpartition.sectors)
+                        if (len(data) > 0x7FFE20) and data[0x7FFE00:0x7FFE10] == b"ANDROID-BOOT!\x00\x00\x00":
+                            if self.fh.cmd_patch(lun, sector3, offset3, value, size_in_bytes, True):
+                                if self.fh.cmd_patch(lun, sector4, offset4, value, size_in_bytes, True):
+                                    print(
+                                        f"Patched sector {str(rpartition.sector)}, offset {str(offset1)} with " +
+                                        f"value {value}, size in bytes {size_in_bytes}.")
+                        return True
+                print(
+                    f"Error on writing sector {str(rpartition.sector)}, offset {str(offset1)} with value {value}, " +
+                    f"size in bytes {size_in_bytes}.")
+                return False
+            else:
+                fpartitions = res[1]
+                self.error(f"Error: Couldn't detect partition: \"devinfo\"\nAvailable partitions:")
+                for lun in fpartitions:
+                    for rpartition in fpartitions[lun]:
+                        if self.args["--memory"].lower() == "emmc":
+                            self.error("\t" + rpartition)
+                        else:
+                            self.error(lun + ":\t" + rpartition)

edl/Library/Modules/init.py

@@ -0,0 +1,99 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+
+import logging
+from edl.Library.utils import LogBase
+
+try:
+    from edl.Library.Modules.generic import generic
+except ImportError as e:
+    generic = None
+    pass
+
+try:
+    from edl.Library.Modules.oneplus import oneplus
+except ImportError as e:
+    oneplus = None
+    pass
+
+try:
+    from edl.Library.Modules.xiaomi import xiaomi
+except ImportError as e:
+    xiaomi = None
+    pass
+
+class modules(metaclass=LogBase):
+    def __init__(self, fh, serial, supported_functions, loglevel, devicemodel, args):
+        self.fh = fh
+        self.args = args
+        self.serial = serial
+        self.error = self.__logger.error
+        self.supported_functions = supported_functions
+        self.__logger.setLevel(loglevel)
+        if loglevel==logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+        self.options = {}
+        self.devicemodel = devicemodel
+        self.generic = None
+        try:
+            self.generic = generic(fh=self.fh, serial=self.serial, args=self.args, loglevel=loglevel)
+        except Exception as e:
+            pass
+        self.ops = None
+        try:
+            self.ops = oneplus(fh=self.fh, projid=self.devicemodel, serial=self.serial,
+                               supported_functions=self.supported_functions, args=self.args,loglevel=loglevel)
+        except Exception as e:
+            pass
+        self.xiaomi=None
+        try:
+            self.xiaomi = xiaomi(fh=self.fh)
+        except Exception as e:
+            pass
+
+    def addpatch(self):
+        if self.ops is not None:
+            return self.ops.addpatch()
+        return ""
+
+    def addprogram(self):
+        if self.ops is not None:
+            return self.ops.addprogram()
+        return ""
+
+    def edlauth(self):
+        if self.xiaomi is not None:
+            return self.xiaomi.edl_auth()
+        return True
+
+    def writeprepare(self):
+        if self.ops is not None:
+            return self.ops.run()
+        return True
+
+    def run(self, command, args):
+        args = args.split(",")
+        options = {}
+        for i in range(len(args)):
+            if "=" in args[i]:
+                option = args[i].split("=")
+                if len(option) > 1:
+                    options[option[0]] = option[1]
+            else:
+                options[args[i]] = True
+        if command=="":
+            print("Valid commands are:\noemunlock\n")
+            return False
+        if self.generic is not None and command == "oemunlock":
+            if "enable" in options:
+                enable = True
+            elif "disable" in options:
+                enable = False
+            else:
+                self.error("Unknown mode given. Available are: enable, disable.")
+                return False
+            return self.generic.oem_unlock(enable)
+        return False

edl/Library/Modules/oneplus.py

@@ -0,0 +1,602 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+
+"""
+Usage:
+    oneplus.py rawxml [--projid=value] [--serial=value]
+    oneplus.py rawnewxml [--projid=value] [--ts=value] [--serial=value]
+    oneplus.py setprojmodel_verify <token> <pk> [--projid=value]
+    oneplus.py setswprojmodel_verify <token> <pk> [--projid=value] [--ts=value]
+    oneplus.py program_verify <token> <prog_token> <pk> [--projid=value]
+Options:
+    --projid=value   Set the appropriate projid  [default: 18825]
+    --serial=value   Set the appropriate serial  [default: 123456]
+    --ts=value       Set the device timestamp    [default: 1604949411]
+"""
+
+import time
+import random
+from struct import pack
+import logging
+from edl.Library.utils import LogBase
+
+try:
+    from edl.Library.cryptutils import cryptutils
+except Exception as e:
+    print(e)
+    from ..cryptutils import cryptutils
+from binascii import unhexlify, hexlify
+
+deviceconfig = {
+    # OP5, cheeseburger
+    "16859": dict(version=1, cm=None, param_mode=0),
+    # OP5t, dumpling
+    "17801": dict(version=1, cm=None, param_mode=0),
+    # OP6, enchilada
+    "17819": dict(version=1, cm=None, param_mode=0),
+    # OP6t, fajita
+    "18801": dict(version=1, cm=None, param_mode=0),
+    # OP6t T-Mo, fajitat
+    "18811": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7, guacamoleb
+    "18857": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7 Pro, guacamole
+    "18821": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7 Pro 5G Sprint, guacamoles
+    "18825": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7 Pro 5G EE and Elisa, guacamoleg
+    "18827": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7 Pro T-Mo, guacamolet
+    "18831": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7t, hotdogb
+    "18865": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7t T-Mo, hotdogt
+    "19863": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7t Pro, hotdog
+    "19801": dict(version=1, cm=None, param_mode=0),
+    # Oneplus 7t Pro 5G T-Mo, hotdogg
+    "19861": dict(version=1, cm=None, param_mode=0),
+
+    # OP8, instantnoodle
+    "19821": dict(version=2, cm="0cffee8a", param_mode=0),
+    # OP8 T-Mo, instantnoodlet
+    "19855": dict(version=2, cm="6d9215b4", param_mode=0),
+    # OP8 Verizon, instantnoodlev
+    "19867": dict(version=2, cm="4107b2d4", param_mode=0),
+    # OP8 Visible, instantnoodlevis
+    "19868": dict(version=-1, cm="178d8213", param_mode=0),
+    # OP8 Pro, instantnoodlep
+    "19811": dict(version=2, cm="40217c07", param_mode=0),
+    # OP8t, kebab
+    "19805": dict(version=2, cm="1a5ec176", param_mode=0),
+    # OP8t T-Mo, kebabt
+    "20809": dict(version=2, cm="d6bc8c36", param_mode=0),
+
+    # OP Nord, avicii
+    "20801": dict(version=2, cm="eacf50e7", param_mode=0),
+    # OP N10 5G Metro, billie8t
+    "20885": dict(version=3, cm="3a403a71", param_mode=1),
+    # OP N10 5G Global, billie8
+    "20886": dict(version=3, cm="b8bd9e39", param_mode=1),
+    # billie8t, OP N10 5G TMO
+    "20888": dict(version=3, cm="142f1bd7", param_mode=1),
+    # OP N10 5G Europe, billie8
+    "20889": dict(version=3, cm="f2056ae1", param_mode=1),
+
+    # OP N100 Metro, billie2t
+    "20880": dict(version=3, cm="6ccf5913", param_mode=1),
+    # OP N100 Global, billie2 
+    "20881": dict(version=3, cm="fa9ff378", param_mode=1),
+    # OP N100 TMO, billie2t
+    "20882": dict(version=3, cm="4ca1e84e", param_mode=1),
+    # OP N100 Europe, billie2
+    "20883": dict(version=3, cm="ad9dba4a", param_mode=1),
+
+    # OP9 Pro, lemonadep
+    "19815": dict(version=2, cm="9c151c7f", param_mode=0),
+    "20859": dict(version=2, cm="9c151c7f", param_mode=0),
+    # OP9, lemonade
+    "19825": dict(version=2, cm="0898dcd6", param_mode=1),
+    # OP9R, lemonades
+    "20828": dict(version=2, cm=None, param_mode=1),
+    # OP9 TMO, lemonadet
+    "20854": dict(version=2, cm="16225d4e", param_mode=1),
+    # OP9 Pro TMO, lemonadept
+    "2085A": dict(version=2, cm="7f19519a", param_mode=1),
+
+    # dre8t
+    "20818": dict(version=2, cm=None, param_mode=1),
+    # dre8m
+    "2083C": dict(version=2, cm=None, param_mode=1),
+    # dre9
+    "2083D": dict(version=2, cm=None, param_mode=1)
+}
+
+
+class oneplus(metaclass=LogBase):
+    def __init__(self, fh, projid="18825", serial=123456, ATOBuild=0, Flash_Mode=0, cf=0, supported_functions=None,
+                 args=None, loglevel=logging.INFO):
+        self.fh = fh
+        self.__logger=self.__logger
+        self.args = args
+        self.ATOBuild = ATOBuild
+        self.Flash_Mode = Flash_Mode
+        self.cf = cf  # CustFlag
+        self.supported_functions = supported_functions
+        self.__logger.setLevel(loglevel)
+        self.info = self.__logger.info
+        self.debug = self.__logger.debug
+        self.error = self.__logger.error
+        if projid == "":
+            res = self.fh.detect_partition(arguments=args, partitionname="param")
+            if res[0]:
+                lun = res[1]
+                rpartition = res[2]
+                data = self.fh.cmd_read_buffer(lun, rpartition.sector, 1, False)
+                value = data[24:24 + 5]
+                try:
+                    test = int(value.decode('utf-8'))
+                    self.info("Oneplus protection with prjid %d detected" % test)
+                    projid = value.decode('utf-8')
+                except:
+                    pass
+
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            filehandler = logging.FileHandler(logfilename)
+            self.__logger.addHandler(filehandler)
+        self.ops_parm = None
+        self.ops = self.convert_projid(fh, projid, serial)
+
+    def getprodkey(self, projid):
+        if projid in ["18825", "18801"]:  # key_guacamoles, fajiita
+            prodkey = "b2fad511325185e5"
+        else:  # key_op7t/op8/N10
+            prodkey = "7016147d58e8c038"
+        return prodkey
+
+    def convert_projid(self, fh, projid, serial):
+        prodkey = self.getprodkey(projid)
+        pk = ""
+        val = bytearray(b"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")
+        for i in range(0, 16):
+            rand = int(random.randint(0, 0x100))
+            nr = (rand & 0xFF) % 0x3E
+            pk += chr(val[nr])
+
+        if projid in deviceconfig:
+            version = deviceconfig[projid]["version"]
+            cm = deviceconfig[projid]["cm"]
+            if version == 1:
+                return oneplus1(fh, projid, serial, pk, prodkey, self.cf)
+            elif version == 2:
+                if cm is not None:
+                    return oneplus1(fh, cm, serial, pk, prodkey, self.cf)
+                else:
+                    assert "Device is not supported"
+                    exit(0)
+            elif version == 3:
+                if cm is not None:
+                    oneplus2(fh, cm, serial, pk, prodkey, self.ATOBuild, self.Flash_Mode, self.cf)
+                else:
+                    assert "Device is not supported"
+                    exit(0)
+        return None
+
+    def run(self):
+        if self.ops is not None:
+            if "demacia" in self.supported_functions:
+                if not self.ops.run("demacia"):
+                    exit(0)
+            if "SetNetType" in self.supported_functions:
+                self.fh.cmd_send(f"SetNetType")
+            elif "setprojmodel" in self.supported_functions:
+                if not self.ops.run(""):
+                    exit(0)
+            if "setprocstart" in self.supported_functions:
+                if not self.ops.run(""):
+                    exit(0)
+        return True
+
+    def setprojmodel_verify(self, pk, token):
+        if self.ops.setprojmodel_verify:
+            return self.ops.setprojmodel_verify(pk, token)
+
+    def setswprojmodel_verify(self, pk, token, device_timestamp):
+        if self.ops.setswprojmodel_verify:
+            return self.ops.setswprojmodel_verify(pk, token, device_timestamp)
+
+    def program_verify(self, pk, token, tokendata):
+        if self.ops.program_verify:
+            return self.ops.program_verify(pk, token, tokendata)
+
+    def generatetoken(self, program=False, device_timestamp="123456789"):
+        return self.ops.generatetoken(program=program, device_timestamp=device_timestamp)
+
+    def demacia(self):
+        if self.ops.demacia():
+            return self.ops.demacia()
+
+    def enable_ops(self, data, enable, projid, serial):
+        return None
+
+    def addpatch(self):
+        if "setprojmodel" in self.supported_functions or "setswprojmodel" in self.supported_functions:
+            pk, token = self.ops.generatetoken(True)
+            return f"pk=\"{pk}\" token=\"{token}\" "
+        else:
+            return ""
+
+    def addprogram(self):
+        if "setprojmodel" in self.supported_functions or "setswprojmodel" in self.supported_functions:
+            pk, token = self.ops.generatetoken(True)
+            return f"pk=\"{pk}\" token=\"{token}\" "
+        else:
+            return ""
+
+
+class oneplus1:
+    def __init__(self, fh, ModelVerifyPrjName="18825", serial=123456, pk="", prodkey="", cf=0):
+        self.pk = pk
+        self.prodkey = prodkey
+        self.ModelVerifyPrjName = ModelVerifyPrjName
+        self.fh = fh
+        self.random_postfix = "8MwDdWXZO7sj0PF3"
+        self.Version = "guacamoles_21_O.22_191107"
+        self.cf = str(cf)
+        self.soc_sn = str(serial)
+
+    def crypt_token(self, data, pk, decrypt=False, demacia=False):
+        aes = cryptutils().aes()
+        if demacia:
+            aeskey = b"\x01\x63\xA0\xD1\xFD\xE2\x67\x11" + bytes(pk, 'utf-8') + b"\x48\x27\xC2\x08\xFB\xB0\xE6\xF0"
+            aesiv = b"\x96\xE0\x79\x0C\xAE\x2B\xB4\xAF\x68\x4C\x36\xCB\x0B\xEC\x49\xCE"
+        else:
+            aeskey = b"\x10\x45\x63\x87\xE3\x7E\x23\x71" + bytes(pk, 'utf-8') + b"\xA2\xD4\xA0\x74\x0f\xD3\x28\x96"
+            aesiv = b"\x9D\x61\x4A\x1E\xAC\x81\xC9\xB2\xD3\x76\xD7\x49\x31\x03\x63\x79"
+        if decrypt:
+            cdata = unhexlify(data)
+            result = aes.aes_cbc(aeskey, aesiv, cdata)
+            result = result.rstrip(b'\x00')
+            if result[:16] == b"907heavyworkload":
+                return result
+            else:
+                return result.decode('utf-8').split(',')
+        else:
+            if not demacia:
+                while len(data) < 256:
+                    data += "\x00"
+                pdata = bytes(data, 'utf-8')
+            else:
+                while len(data) < 256:
+                    data += b"\x00"
+                pdata = data
+            result = aes.aes_cbc(aeskey, aesiv, pdata, False)
+            rdata = hexlify(result)
+            return rdata.upper().decode('utf-8')
+
+    def cmd_setpro(self):
+        pk, token = self.generatetoken(False)
+        data = "<?xml version=\"1.0\" ?>\n<data>\n<setprojmodel token=\"" + token + "\" pk=\"" + pk + "\" />\n</data>"
+        return data
+
+    def cmd_dem(self):
+        pk, token = self.demacia()
+        data = "<?xml version=\"1.0\" ?>\n<data>\n<demacia token=\"" + token + "\" pk=\"" + pk + "\" />\n</data>"
+        return data
+
+    def generatetoken(self, program=False, device_timestamp=None):
+        timestamp = str(int(time.time()))
+        ha = cryptutils().hash()
+        h1 = self.prodkey + self.ModelVerifyPrjName + self.random_postfix
+        ModelVerifyHashToken = hexlify(ha.sha256(bytes(h1, 'utf-8'))).decode('utf-8').upper()
+        # ModelVerifyPrjName=0x1C [0]
+        # random_postfix=0x2D [1]
+        # verify_hash=0x3E [2] Len:0x41
+        # ver=0x90 [3]
+        # cf=0x4 [4]
+        # sn=0x14 [5]
+        # ts=0x7f [6] Len:0x11
+        # secret=0xd1 (hash store) [7], len:0x41
+        # 0x7, Len:0x11
+        # 0x24, Len:0x41
+        #                         0x1c              0x4       0x14      0x90       0x7f        ModelVerifyHashToken
+        h2 = "c4b95538c57df231" + self.ModelVerifyPrjName + self.cf + self.soc_sn + self.Version + \
+             timestamp + ModelVerifyHashToken + "5b0217457e49381b"
+        secret = hexlify(ha.sha256(bytes(h2, 'utf-8'))).decode('utf-8').upper()  # 0xd1
+        if program:
+            items = [timestamp, secret]
+        else:
+            items = [self.ModelVerifyPrjName, self.random_postfix, ModelVerifyHashToken, self.Version, self.cf,
+                     self.soc_sn, timestamp, secret]
+        data = ""
+        for item in items:
+            data += item + ","
+        data = data[:-1]
+        token = self.crypt_token(data, self.pk)
+        return self.pk, token
+
+    def setprojmodel_verify(self, pk, token):
+        self.pk = pk
+        ha = cryptutils().hash()
+        items = self.crypt_token(token, pk, True, False)
+        info = ["Projid", "ModelVerifyHashToken", "Hash1", "FirmwareString", "CustFlag", "SOC_Serial", "Timestamp",
+                "secret"]
+        i = 0
+        print()
+        if len(info) == len(items):
+            for item in items:
+                print(info[i] + "=" + item)
+                i += 1
+        # Old
+        # 0=ModelVerifyPrjName [param+0x1C]
+        # 1=random_postfix [param+0x2D]
+        # 2=hash(key+0+1) [ModelVerifyHashToken param+0x3E]
+        # 3=ver [param_1+0x90]
+        # 4=cf [param_1+4]
+        # 5=serial? [param_1+0x14]
+        # 6=timestamp [param_1+0x7F]
+
+        hash1 = self.prodkey + items[0] + items[1]
+        res1 = hexlify(ha.sha256(bytes(hash1, 'utf-8'))).decode('utf-8').upper()
+        if items[2] != res1:
+            print("Hash1 failed !")
+            return
+        #                             ModelVerifyPrjName cf         sn         ver        ts         ModelVerifyHashToken
+        secret = "c4b95538c57df231" + items[0] + items[4] + items[5] + items[3] + items[6] + \
+                 items[2] + "5b0217457e49381b"
+        res2 = hexlify(ha.sha256(bytes(secret, 'utf-8'))).decode('utf-8').upper()
+        if items[7] != res2:
+            print("secret failed !")
+            return
+        print("setprojmodel good")
+        return items
+
+    def toSigned32(self, n):
+        n = n & 0xffffffff
+        return (n ^ 0x80000000) - 0x80000000
+
+    def demacia(self):
+        """
+        return "<?xml version=\"1.0\" ?>\n<data>\n  " + \
+               "<program SECTOR_SIZE_IN_BYTES=\"4096\" filename=\"param.bin\" " + \
+               "num_partition_sectors=\"256\" partofsingleimage=\"0\" physical_partition_number=\"0\" " + \
+               "read_back_verify=\"1\" start_sector=\"8456\" token=\""+token+"\" pk=\""+pk+"\" />\n</data>"
+        """
+        ha = cryptutils().hash()
+        serial = self.soc_sn
+        while len(serial) < 10:
+            serial = '0' + serial
+        hash1 = "2e7006834dafe8ad" + serial + "a6674c6b039707ff"
+        data = b"907heavyworkload" + ha.sha256(bytes(hash1, 'utf-8'))
+        token = self.crypt_token(data, self.pk, False, True)
+        return self.pk, token
+
+    def run(self, flag):
+        if flag == "demacia":
+            pk, token = self.demacia()
+            res = self.fh.cmd_send(f"demacia token=\"{token}\" pk=\"{pk}\"")
+            if b"verify_res=\"0\"" not in res:
+                print("Demacia failed:")
+                print(res)
+                return False
+        pk, token = self.generatetoken(False)
+        res = self.fh.cmd_send(f"setprojmodel token=\"{token}\" pk=\"{pk}\"")
+        if b"model_check=\"0\"" not in res or b"auth_token_verify=\"0\"" not in res:
+            print("Setprojmodel failed.")
+            print(res)
+            return False
+        return True
+
+    def program_verify(self, pk, token, tokendata):
+        print()
+        self.pk = pk
+        items = self.crypt_token(token, pk, True, False)
+        if len(items) == 2:
+            print("Timestamp=" + items[0])
+            print("secret=" + items[1])
+        if items[0] != tokendata[6] or items[1] != tokendata[7]:
+            print("Hash failed !")
+            return
+        print("program good")
+
+
+class oneplus2(metaclass=LogBase):
+    def __init__(self, fh, ModelVerifyPrjName="20889", serial=123456, pk="", prodkey="", ATOBuild=0, Flash_Mode=0,
+                 cf=0, loglevel=logging.INFO):
+        self.ModelVerifyPrjName = ModelVerifyPrjName
+        self.pk = pk
+        self.fh = fh
+        self.prodkey = prodkey
+        self.random_postfix = "c75oVnz8yUgLZObh"  # ModelVerifyRandom
+        self.Version = "billie8_14_E.01_201028"  # Version
+        self.device_id = str(int(ModelVerifyPrjName, 16))
+        self.flash_mode = str(Flash_Mode)
+        self.ato_build_state = str(ATOBuild)
+        self.soc_sn = str(serial)
+        self.__logger.setLevel(loglevel)
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+    def crypt_token(self, data, pk, device_timestamp, decrypt=False):
+        aes = cryptutils().aes()
+        aeskey = b"\x46\xA5\x97\x30\xBB\x0D\x41\xE8" + bytes(pk, 'utf-8') + \
+                 pack("<Q", int(device_timestamp, 10))  # we get this using setprocstart
+        aesiv = b"\xDC\x91\x0D\x88\xE3\xC6\xEE\x65\xF0\xC7\x44\xB4\x02\x30\xCE\x40"
+        if decrypt:
+            cdata = unhexlify(data)
+            result = aes.aes_cbc(aeskey, aesiv, cdata)
+            result = result.rstrip(b'\x00')
+            return result.decode('utf-8').split(',')
+        else:
+            while len(data) < 0x200:
+                data += "\x00"
+            pdata = bytes(data, 'utf-8')
+            result = aes.aes_cbc(aeskey, aesiv, pdata, False)
+            rdata = hexlify(result)
+            return rdata.upper().decode('utf-8')
+
+    def generatetoken(self, program=False, device_timestamp=None):  # setswprojmodel
+        timestamp = str(int(time.time()))
+        ha = cryptutils().hash()
+        h1 = self.prodkey + self.ModelVerifyPrjName + self.random_postfix
+        ModelVerifyHashToken = hexlify(ha.sha256(bytes(h1, 'utf-8'))).decode('utf-8').upper()
+        #    0x1c[0x10]        0x4           0x90       0x7f        0x3e ModelVerifyHashToken/verify_hash
+        h2 = self.prodkey + self.ModelVerifyPrjName + self.soc_sn + self.Version + timestamp + \
+             ModelVerifyHashToken + "8f7359c8a2951e8c"
+        secret = hexlify(ha.sha256(bytes(h2, 'utf-8'))).decode('utf-8').upper()
+        if program:
+            items = [timestamp, secret]
+        else:  # 0x1C[0x10]              0x2D[0x11]          0x3E[0x41]           0x10[0x4]
+            # 0x14[0x4]       0x90[0x40]   0x4[0x4]   0x114[0x4] 0x7F[0x10] 0xD1[0x41]
+            items = [self.ModelVerifyPrjName, self.random_postfix, ModelVerifyHashToken, self.ato_build_state,
+                     self.flash_mode, self.Version, self.soc_sn, self.device_id, timestamp, secret]
+        data = ""
+        for item in items:
+            data += item + ","
+        data = data[:-1]
+        token = self.crypt_token(data, self.pk, device_timestamp)
+        return self.pk, token
+
+    def run(self, flag):
+        res = self.fh.cmd_send(f"setprocstart")
+        if not b"device_timestamp" in res:
+            print("Setprocstart failed.")
+            print(res.decode('utf-8'))
+            return False
+        data = res.decode('utf-8')
+        device_timestamp = data[data.rfind("device_timestamp"):].split("\"")[1]
+        pk, token = self.generatetoken(False, device_timestamp)
+        res = self.fh.cmd_send(f"setswprojmodel token=\"{token}\" pk=\"{pk}\"")
+        if not b"model_check=\"0\"" in res or not b"auth_token_verify=\"0\"" in res:
+            print("Setswprojmodel failed.")
+            print(res.decode('utf-8'))
+            return False
+        return True
+
+    def setswprojmodel_verify(self, pk, token, device_timestamp):
+        self.pk = pk
+        ha = cryptutils().hash()
+        items = self.crypt_token(token, pk, device_timestamp, True)
+        info = ["ModelVerifyPrjName", "random_postfix", "ModelVerifyHashToken", "ato_build_state", "flash_mode",
+                "Version", "soc_sn", "cf", "timestamp", "secret"]
+        i = 0
+        print()
+        if len(info) == len(items):
+            for item in items:
+                print(info[i] + "=" + item)
+                i += 1
+
+        # New
+        # 0=ModelVerifyPrjName [param+0x1C]
+        # 1=random_postfix [param+0x2D]
+        # 2=hash [param_1+0xd1]
+        # 3=[ATO Build state param+0x3E]
+        # 4=[flash mode param_1+0x10]
+        # 5=[img ver param+0x14]
+        # 6=soc sn [param_1+0x90]
+        # 7=cf [param_1+4]
+        # 8=timestamp [param_1+0x114]
+        # 9=secret [param_1+0x7f]
+
+        hash1 = self.prodkey + items[0] + items[1]
+        res1 = hexlify(ha.sha256(bytes(hash1, 'utf-8'))).decode('utf-8').upper()
+        if items[2] != res1:
+            print("Hash1 failed !")
+            return
+        #                   ModelVerifyPrjName sn     ver        ts         ModelVerifyHashToken
+        secret = self.prodkey + items[0] + items[6] + items[5] + items[8] + items[2] \
+                 + "8f7359c8a2951e8c"
+        # h2 = self.prodkey + self.ModelVerifyPrjName + self.soc_sn + self.Version + timestamp +
+        # ModelVerifyHashToken + "8f7359c8a2951e8c"
+        res2 = hexlify(ha.sha256(bytes(secret, 'utf-8'))).decode('utf-8').upper()
+        if items[9] != res2:
+            print("secret failed !")
+            return
+        print("setswprojmodel good")
+        return items
+
+
+def main():
+    from docopt import docopt
+    args = docopt(__doc__, version='oneplus 1.2')
+    # filename="param_jacob_7pro.bin"
+    # filename="chris/param.bin"
+    if args["rawxml"]:
+        projid = args["--projid"][0]
+        serial = args["--serial"]
+        op = oneplus(None, projid=projid, serial=serial)
+        # 18831 2799496336,2799496336
+        # 18825
+        # 18857 7 Europe
+        pk, token = op.demacia()
+        print(
+            f"./edl.py rawxml \"<?xml version=\\\"1.0\\\" ?><data><demacia " +
+            f"token=\\\"{token}\\\" pk=\\\"{pk}\\\" /></data>\"")
+        pk, token = op.generatetoken(False)
+        print(
+            f"./edl.py rawxml \"<?xml version=\\\"1.0\\\" ?><data><setprojmodel " +
+            f"token=\\\"{token}\\\" pk=\\\"{pk}\\\" /></data>\" --debugmode")
+    elif args["rawnewxml"]:
+        serial = args["--serial"]
+        device_timestamp = args["--ts"]
+        op2 = oneplus(None, projid="20889", serial=serial, ATOBuild=0, Flash_Mode=0, cf=0)
+        # 20889 OP N10 5G Europe
+        print(f"./edl.py rawxml \"<?xml version=\\\"1.0\\\" ?><data><setprocstart /></data>\"")
+        # Response should be : <?xml version="1.0" ?><data><response value=1 device_timestamp="%llu" /></data>
+        pk, token = op2.generatetoken(False, device_timestamp)
+        print(
+            f"./edl.py rawxml \"<?xml version=\\\"1.0\\\" ?><data><setswprojmodel " +
+            f"token=\\\"{token}\\\" pk=\\\"{pk}\\\" /></data>\" --debugmode")
+    elif args["setprojmodel_verify"]:
+        projid = args["--projid"][0]
+        op = oneplus(None, projid=projid, serial=123456)
+        token = args["<token>"]
+        pk = args["<pk>"]
+        # setprojmodel_verify 2BA77B345812E4E45DDB5E407CF9B0F20BCD3E4F0C504A86A3DAA7D70643D0D86F4F5DAEE99E21093D26FF8A8A
+        #                     7C2CCFED387FA4C7D3BC6D8B8C2CC2D27D398886FC150C98CDC521699568C4A419D7E2F2C1A33F6B57AA7CCB5F
+        #                     39D69BB87463986B2CADDD55A41F0F9404C3FB08B0325BFDFCFDE05D1D8314D22F39979A289505D5050D854092
+        #                     CFC9FA3C101A267DD3ECA0442BF89066365ABA6607D43743D86B47B228BAAC5538B622644D74FD4049BE37C520
+        #                     76DE1B4BFE75187A7B0EE88E6C26E106570B8C0541C4693878BE9B23DEB8E4C530CFBFE9F25597FA3A86223711
+        #                     2CAF77F0D1EA4CC41EB201FFAE31036FC9E405BABAE43DE9C7E56FE1DC8E82 KHaJV1TfN45ofeLW 18865
+        # setprojmodel_verify 633B7E2BBE68BAC392B3E10FC8FEAC09F152853805A6D91FAADDE5A631C7B5A6081C6156F7344BDF407ABF7598
+        #                     0A9E6DA96964D472FE94311FEAADF6A9032C623A1C5D5B9BDD68C5E049F13DF9D893422C1A44047B1AC8E05A0A
+        #                     2A942B15B409A933A06BAB09F41FB0A3A5C8FEB86B98D39739FA4E2ABDF471DE181646F7AA228C6EC81DB3BAF2
+        #                     F2C3B5381FC9A722F9D11B6A101CAAE31ACD873B83B39AC07B7603EAA38B13F5D0B5E8F9236FB94B967AECE278
+        #                     FEA280E9330636F7C6C72C36A6040F6B8BC3C56AEC9CB0C07360E14EA83D2F6DEC4613FA74D79C325A320B88F2
+        #                     BF025CF9CE528E13169BA255E68909D7E902CE494B49514F6F57713D6F46BE Tgu1kbDW3NemNNqn 18831
+        op.setprojmodel_verify(pk, token)
+    elif args["program_verify"]:
+        projid = args["--projid"][0]
+        op = oneplus(None, projid=projid)
+        token = args["<token>"]
+        prog_token = args["<prog_token>"]
+        pk = args["<pk>"]
+        items = op.setprojmodel_verify(pk, token)
+        op.program_verify(pk, prog_token, items)
+    elif args["setswprojmodel_verify"]:
+        projid = args["--projid"][0]
+        device_timestamp = args["--ts"]
+        op = oneplus(None, projid=projid, serial=123456)
+        token = args["<token>"]
+        pk = args["<pk>"]
+        op.setswprojmodel_verify(pk, token, device_timestamp)
+
+
+def test_setswprojmodel_verify():
+    deviceresp = b"RX:<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\nRX:<data>\nRX:<response value=\"ACK\" " + \
+                 b"device_timestamp=\"2507003650\" /></data>\n<?xmlversion=\"1.0\" ? ><data><setprocstart /></data>"
+    projid = "20889"
+    op = oneplus(None, projid=projid, serial=123456)
+    data = deviceresp.decode('utf-8')
+    device_timestamp = data[data.rfind("device_timestamp"):].split("\"")[1]
+    pk, token = op.generatetoken(False, device_timestamp)
+    if not op.setswprojmodel_verify(pk, token, device_timestamp):
+        assert "Setswprojmodel error"
+
+
+if __name__ == "__main__":
+    main()

edl/Library/Modules/xiaomi.py

@@ -0,0 +1,45 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+
+import logging
+from edl.Library.utils import LogBase
+
+
+class xiaomi(metaclass=LogBase):
+    def __init__(self, fh, projid="18825", serial=123456, ATOBuild=0, Flash_Mode=0, cf=0, supported_functions=None,
+                 loglevel=logging.INFO):
+        self.fh = fh
+        self.xiaomi_authdata = b"\x93\x6E\x3A\x8E\x57\x3C\xAD\x07\xC1\x67\x64\x4B\x61\x21\x78\x35\xD8\x5A\xD4\xFD" + \
+                               b"\xDB\x7D\x84\x0A\x2B\x72\x25\x43\x2F\xCD\xA1\x3A\x7C\x19\x2C\xFA\x97\x9E\xD1\x65" + \
+                               b"\x17\xE6\x97\x0B\x1B\x07\xDF\x6C\x51\x6F\xEC\x81\xF6\x96\x8F\xCF\x7F\xFD\xDB\xC3" + \
+                               b"\x97\xA1\x62\xC2\xCA\x3E\x5D\x76\x12\x4A\xA1\x76\x9F\x1B\x21\x64\xB3\x9B\x76\x93" + \
+                               b"\x0B\x4C\xC6\x75\x19\xF7\xF3\x39\x87\x76\x77\xF4\xE8\xAF\x25\x82\x86\x82\xBC\xBF" + \
+                               b"\x4E\x59\x3A\x57\xE7\xE3\x05\x32\x69\x92\x53\xE0\xB1\xCC\x5D\x9D\x0D\x55\x4A\xF2" + \
+                               b"\xBD\x46\xD5\x6F\x18\xD6\xE5\x29\x0B\xA4\xA0\xCA\xC2\x43\x1F\x9F\x19\xC4\xC1\xA3" + \
+                               b"\x9D\x76\x64\xFF\xAB\x48\xA9\xE1\x1A\x55\x93\x86\x81\x98\x35\xB8\x4D\xF5\x67\x5E" + \
+                               b"\x70\xD2\x5F\xDB\x51\x23\xE7\xB0\x40\xFE\x21\x10\x8F\x0A\xE6\xD7\xD9\xD2\x67\xF2" + \
+                               b"\xC9\xC6\x1A\xD0\x54\xC6\x84\x93\xDC\x4D\x33\xF7\x4D\x0C\xF2\xD4\xAA\xDC\xD4\x30" + \
+                               b"\x15\x2D\xB6\x7C\x22\xA1\x81\xAD\x6D\x77\x61\x63\x7F\x70\xCB\xDA\x88\x4C\xDC\x11" + \
+                               b"\x33\x72\x03\x83\x77\x90\xE6\x84\x5C\xA5\xA8\x76\x79\x30\xB9\xC2\x6F\xDA\x71\x27" + \
+                               b"\x25\x64\xCA\x34\x76\x3D\x35\x2F\x5F\xE4\x2A\xB7\x38\xFB\x38\xA5"
+        self.__logger.setLevel(loglevel)
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+    def edl_auth(self):
+        """
+        Poco F1, Redmi 5 Pro, 6 Pro, 7 Pro, 7A, 8, 8A, 8A Dual, 8A Pro, Y2, S2
+        """
+        authcmd = b"<?xml version=\"1.0\" ?><data> <sig TargetName=\"sig\" size_in_bytes=\"256\" verbose=\"1\"/></data>"
+        rsp = self.fh.xmlsend(authcmd)
+        if rsp[0]:
+            rsp = self.fh.xmlsend(self.xiaomi_authdata)
+            if len(rsp) > 1:
+                if rsp[0]:
+                    if b"EDL Authenticated" in rsp[2] or b"ACK" in rsp[2]:
+                        return True
+            return True
+        return False

edl/Library/asmtools.py

@@ -0,0 +1,247 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+
+from capstone import *
+from keystone import *
+from binascii import unhexlify
+import argparse
+
+
+def asm(code, cpu, mode, bigendian):
+    if bigendian:
+        little = KS_MODE_BIG_ENDIAN  # big-endian mode
+    else:
+        little = KS_MODE_LITTLE_ENDIAN  # little-endian mode (default mode)
+    print("CPU: %s, MODE: %s" % (cpu, mode))
+    ks = None
+    if cpu == "arm":
+        # ARM architecture (including Thumb, Thumb-2)
+        if mode == "arm":
+            ks = Ks(KS_ARCH_ARM, KS_MODE_ARM + little)  # ARM mode
+        elif mode == "thumb":
+            ks = Ks(KS_ARCH_ARM, KS_MODE_THUMB + little)  # THUMB mode (including Thumb-2)
+        elif mode == "mclass":
+            ks = Ks(KS_ARCH_ARM, KS_MODE_THUMB + little)
+        elif mode == "v8":
+            ks = Ks(KS_ARCH_ARM, KS_MODE_ARM + KS_MODE_V8 + little)
+    elif cpu == "arm64":
+        # ARM-64, also called AArch64
+        ks = Ks(KS_ARCH_ARM64, little)  # ARM mode
+    elif cpu == "mips":
+        # Mips architecture
+        if mode == "micro":
+            ks = Ks(KS_ARCH_MIPS, KS_MODE_MICRO + little)  # MicroMips mode
+        elif mode == "3":
+            ks = Ks(KS_ARCH_MIPS, KS_MODE_MIPS3 + little)  # Mips III ISA
+        elif mode == "32R6":
+            ks = Ks(KS_ARCH_MIPS, KS_MODE_MIPS32R6 + little)  # Mips32r6 ISA
+        elif mode == "32":
+            ks = Ks(KS_ARCH_MIPS, KS_MODE_MIPS32 + little)  # Mips32 ISA
+        elif mode == "64":
+            ks = Ks(KS_ARCH_MIPS, KS_MODE_MIPS64 + little)  # Mips64 ISA
+    elif cpu == "x86":
+        # X86 architecture (including x86 & x86-64)
+        if mode == "16":
+            ks = Ks(KS_ARCH_X86, KS_MODE_16 + little)  # 16-bit mode
+        elif mode == "32":
+            ks = Ks(KS_ARCH_X86, KS_MODE_32 + little)  # 32-bit mode
+        elif mode == "64":
+            ks = Ks(KS_ARCH_X86, KS_MODE_64 + little)  # 64-bit mode
+    elif cpu == "ppc":
+        # PowerPC architecture (currently unsupported)
+        if mode == "32":
+            ks = Ks(KS_ARCH_PPC, KS_MODE_PPC32 + little)  # 32-bit mode
+        elif mode == "64":
+            ks = Ks(KS_ARCH_PPC, KS_MODE_PPC64 + little)  # 64-bit mode
+        elif mode == "qpx":
+            ks = Ks(KS_ARCH_PPC, KS_MODE_QPX + little)  # Quad Processing eXtensions mode
+    elif cpu == "sparc":
+        # Sparc architecture
+        if mode == "32":
+            ks = Ks(KS_ARCH_SPARC, KS_MODE_SPARC32 + little)  # 32-bit mode
+        elif mode == "64":
+            ks = Ks(KS_ARCH_SPARC, KS_MODE_SPARC64 + little)  # 64-bit mode
+        elif mode == "v9":
+            ks = Ks(KS_ARCH_SPARC, KS_MODE_V9 + little)  # SparcV9 mode
+    elif cpu == "systemz":
+        ks = Ks(KS_ARCH_SYSTEMZ, KS_MODE_BIG_ENDIAN)  # SystemZ architecture (S390X)
+    elif cpu == "hexagon":
+        ks = Ks(KS_ARCH_HEXAGON, KS_MODE_LITTLE_ENDIAN)  # QDSP6 Hexagon Qualcomm
+
+    if ks is None:
+        print("CPU and/or Mode not supported!")
+        exit(0)
+
+    encoding, count = ks.asm(code)
+    return encoding
+
+
+def disasm(code, cpu, mode, bigendian, size):
+    cs = None
+    if bigendian:
+        little = CS_MODE_BIG_ENDIAN  # big-endian mode
+    else:
+        little = CS_MODE_LITTLE_ENDIAN  # little-endian mode (default mode)
+
+    if cpu == "arm":
+        if mode == "arm":
+            cs = Cs(CS_ARCH_ARM, CS_MODE_ARM + little)  # ARM mode
+        elif mode == "thumb":
+            cs = Cs(CS_ARCH_ARM, CS_MODE_THUMB + little)  # THUMB mode (including Thumb-2)
+        elif mode == "mclass":
+            cs = Cs(CS_ARCH_ARM, CS_MODE_THUMB + CS_MODE_MCLASS + little)  # ARM Cortex-M
+        elif mode == "v8":
+            cs = Cs(CS_ARCH_ARM, CS_MODE_ARM + CS_MODE_V8 + little)  # ARMv8 A32 encodings for ARM
+    elif cpu == "arm64":
+        cs = Cs(CS_ARCH_ARM64, CS_MODE_ARM + little)
+    elif cpu == "mips":
+        if mode == "micro":
+            cs = Cs(CS_ARCH_MIPS, CS_MODE_MICRO + little)  # MicroMips mode
+        elif mode == "32":
+            cs = Cs(CS_ARCH_MIPS, CS_MODE_MIPS32 + little)  # Mips III ISA
+        elif mode == "64":
+            cs = Cs(CS_ARCH_MIPS, CS_MODE_MIPS64 + little)  # Mips III ISA
+        elif mode == "32R6-Micro":
+            cs = Cs(CS_ARCH_MIPS, CS_MODE_MIPS32R6 + CS_MODE_MICRO + little)  # Mips32r6 ISA
+        elif mode == "32R6":
+            cs = Cs(CS_ARCH_MIPS, CS_MODE_MIPS32R6 + little)  # General Purpose Registers are 64bit wide
+    elif cpu == "x86":
+        # X86 architecture (including x86 & x86-64)
+        if mode == "16":
+            cs = Cs(CS_ARCH_X86, CS_MODE_16 + little)  # 16-bit mode
+        elif mode == "32":
+            cs = Cs(CS_ARCH_X86, CS_MODE_32 + little)  # 32-bit mode
+        elif mode == "64":
+            cs = Cs(CS_ARCH_X86, CS_MODE_64 + little)  # 64-bit mode
+    elif cpu == "ppc":
+        # PowerPC architecture (currently unsupported)
+        if mode == "64":
+            cs = Cs(CS_ARCH_PPC, little)  # 64-bit mode
+    elif cpu == "sparc":
+        # Sparc architecture
+        if mode == "None":
+            cs = Cs(CS_ARCH_SPARC, CS_MODE_BIG_ENDIAN)  # 32-bit mode
+        elif mode == "v9":
+            cs = Cs(CS_ARCH_SPARC, CS_MODE_BIG_ENDIAN + CS_MODE_V9)  # SparcV9 mode
+    elif cpu == "systemz":
+        cs = Cs(CS_ARCH_SYSZ, 0)  # SystemZ architecture (S390X)
+    elif cpu == "xcore":
+        cs = Cs(CS_ARCH_XCORE, 0)  # XCore architecture
+
+    if cs is not None:
+        print("CPU and/or mode not supported!")
+        exit(0)
+
+    instr = []
+    for i in cs.disasm(code, size):
+        # print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str))
+        instr.append("%s\t%s" % (i.mnemonic, i.op_str))
+    return instr
+
+
+def main():
+    parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter,
+                                     description='Disasm/Asm Tool (c) B. Kerler 2018')
+
+    parser.add_argument(
+        '--infile', '-in',
+        help='Input File',
+        default='')
+    parser.add_argument(
+        '--outfile', '-out',
+        help='Output File',
+        default='')
+
+    parser.add_argument(
+        '--cstyle', '-cstyle',
+        help='Print in c style',
+        action="store_true")
+
+    parser.add_argument(
+        '--bigendian', '-bigendian',
+        help='Big endian',
+        action="store_true")
+
+    parser.add_argument(
+        '--disasm', '-disasm',
+        help='Disasm: arm[arm,thumb,mclass,v8],arm64[arm],mips[micro,3,32R6,GP64],x86[16,32,64],ppc[64],sparc[32,64,'
+             'v9],systemz,xcore',
+        default='')
+
+    parser.add_argument(
+        '--asm', '-asm',
+        help='Asm: arm[arm,thumb,mclass,v8],arm64[arm],mips[micro,32,64,32R6,32R6-Micro],x86[16,32,64],ppc[32,64,'
+             'qpx],sparc[None,v9],systemz,hexagon',
+        default='')
+
+    parser.add_argument(
+        '--inp', '-input',
+        help='Disasm: hexstring, Asm: instruction string input ',
+        default='')
+
+    args = parser.parse_args()
+
+    if args.asm == '' and args.disasm == '':
+        print("[asmtools] Usage: -asm cpu,mode or -disasm cpu,mode")
+        exit(0)
+
+    if args.infile == '' and args.inp == '':
+        print("[asmtools] I must have an infile to work on (-in)")
+        exit(0)
+
+    if args.asm != "":
+        cpu, mode = args.asm.split(",")
+    else:
+        cpu, mode = args.disasm.split(",")
+
+    if args.inp != "":
+        args.inp = args.inp.replace("\\n", "\n")
+        if args.asm != "":
+            aa = asm(args.inp, cpu, mode, args.bigendian)
+        else:
+            aa = disasm(unhexlify(args.inp), cpu, mode, args.bigendian, len(args.inp))
+    else:
+        with open(args.infile, "rb") as rf:
+            code = rf.read()
+            if args.asm != "":
+                aa = asm(code, cpu, mode, args.bigendian)
+            else:
+                aa = disasm(code, cpu, mode, args.bigendian, len(code))
+
+    if args.outfile != "":
+        with open(args.outfile, "wb") as wf:
+            if args.asm != "":
+                ba = bytearray()
+                for i in aa:
+                    ba.append(i)
+                wf.write(ba)
+            else:
+                wf.write(aa)
+    else:
+        if args.asm != "":
+            sc = ""
+            count = 0
+            out = ""
+            for i in aa:
+                if args.cstyle:
+                    out += ("\\x%02x" % i)
+                else:
+                    out += ("%02x" % i)
+                sc += "%02x" % i
+                count += 1
+            print(out)
+        else:
+            print(aa)
+        '''
+        segment=bytearray(code[0x01C97C:0x01C990])
+        segment[7]=0xE1
+        segment[11]=0xE1
+        segment[15]=0xE5
+        segment[19]=0xEA
+        print(hex(segment[7]))
+        print(disasm(bytes(segment),len(segment)))
+        '''
+
+
+main()

edl/Library/cryptutils.py

@@ -0,0 +1,500 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2019
+
+import hashlib
+from Crypto.Cipher import AES
+from Crypto.Util import Counter
+from Crypto.Hash import CMAC
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from binascii import hexlify, unhexlify
+
+
+class PKCS1BaseException(Exception):
+    pass
+
+
+class DecryptionError(PKCS1BaseException):
+    pass
+
+
+class MessageTooLong(PKCS1BaseException):
+    pass
+
+
+class WrongLength(PKCS1BaseException):
+    pass
+
+
+class MessageTooShort(PKCS1BaseException):
+    pass
+
+
+class InvalidSignature(PKCS1BaseException):
+    pass
+
+
+class RSAModulusTooShort(PKCS1BaseException):
+    pass
+
+
+class IntegerTooLarge(PKCS1BaseException):
+    pass
+
+
+class MessageRepresentativeOutOfRange(PKCS1BaseException):
+    pass
+
+
+class CiphertextRepresentativeOutOfRange(PKCS1BaseException):
+    pass
+
+
+class SignatureRepresentativeOutOfRange(PKCS1BaseException):
+    pass
+
+
+class EncodingError(PKCS1BaseException):
+    pass
+
+
+class InvalidInputException(Exception):
+    def __init__(self, msg):
+        self.msg = msg
+
+    def __str__(self):
+        return str(self.msg)
+
+
+class InvalidTagException(Exception):
+    def __str__(self):
+        return 'The authentication tag is invalid.'
+
+
+class cryptutils:
+    class aes:
+        class AES_GCM:
+            # Galois/Counter Mode with AES-128 and 96-bit IV
+            """
+            Example:
+            master_key = 0x0ADAABC70895E008147A48C27791F654 #54F69177C2487A1408E09508C7ABDA0A
+            init_value = 0x2883B4173F9A838437C1CD86CCFAA5ED #EDA5FACC86CDC13784839A3F17B48328
+            auth_tag = 46D1FA806ADA1A916E6D0D0B55A40C1F94D7820D110F3DFC984AA3EEC9D67521
+            ciphertext = b"\x8A\x40\x9D\xF8\x76\x09\xCA\x10\x36\xB3\xFA\x86\x20\xC5\x85\xA3"+ \
+                        b"\xE3\x8E\x17\x14\x40\xBD\x6B\xA7\x26\x1F\x0B\xFE\xC5\x0A\xB0\xF0"+\
+                        b"\xCF\x69\x2E\x76\x18\x6D\x96\x9E\x83\x87\x63\xC7\x15\x7C\x1F\x28"+\
+                        b"\xEE\xE8\xF1\xD6\x1F\x02\x2A\xF1\xA2\x43\x8A\xCF\x7C\xF2\x66\x37"+\
+                        b"\x8B\x49\x1D\xC5\xDC\xE2\x54\x77\xED\x2F\x17\x5B\xA9\xFC\x8A\x81"+\
+                        b"\x60\xF6\x5A\x22\x39\xCA\x79\x32\x9B\xDB\x49\x50\xCE\x74\x2C\x56"+\
+                        b"\xDB\x97\xCA\x13\xDD\x25\xA3\x3C\x0F\x53\xDD\x38\xBF\x7B\x8B\xDA"+\
+                        b"\xD6\x74\x38\x87\x96\xA8\x10\x5A\x96\x38\x39\x7F\xFD\xEC\xC7\x62"+\
+                        b"\x06\x44\xF4\x0F\x78\xD6\x3D\x1A\xC5\x40\x4B\x3B\x8C\xBE\xE6\x76"+\
+                        b"\x65\xFA\x40\xDA\xD3\xF0\xF2\x19\x35\xB7\xB2\x91\xFC\x18\x2C\x53"+\
+                        b"\xA2\x3F\x1A\xA7\x4F\xFC\x42\xAE\xC1\x97\x89\xAB\x7E\x9B\xA1\x5C"+\
+                        b"\x3A\x3B\x2F\x01\x60\xB1\xC5\x30\x7C\xB7\x2B\xD5\xAF\x27\xA0\x4C"+\
+                        b"\xE9\x80\xC5\xB4\xEC\xFB\xD7\x59\xE8\x5D\xEE\xB5\x6F\x3B\xA7\xDE"+\
+                        b"\xDA\xD8\x55\x09\x7A\x5A\xAD\x6C\x13\x2D\xD1\x23\x7C\x13\x5F\x84"+\
+                        b"\x35\x29\x51\x55\xF4\x53\x12\x9C\x86\x7A\x77\x2B\xE2\x7B\x01\xA2"+\
+                        b"\x6B\xC8\x5D\xD8\xCA\x92\xFB\x32\x0A\x09\xAE\xB3\x45\x8D\x0B\x60"+\
+                        b"\x9D\xEB\xB7\x02\x07\xAB\x4A\x24\xF6\xA1\xE7\x59\xA0\xC4\xB1\xFB"+\
+                        b"\x44\xAD\x32\xC7\xD4\x8F\xC6\x0C\x33\xD5\x88\x82\xF4\x9A\xA2\x7C"+\
+                        b"\xDC\x56\x90\x96\x3C\xBC\xCF\x95\x17\x22\x55\x64\x67\x62\x52\x86"+\
+                        b"\xFA\x3B\xFC\xAA\xC7\x1B\xDE\x7F\x01\xB3\x61\x8C\x28\xAE\x64\x7E"+\
+                        b"\x43\xF0\x5A\x50\x60\x50\x85\xD4\xC4\xA6\x92\xC7\x8B\xE5\x04\x80"+\
+                        b"\x74\x0F\xBA\xEB\x7C\x2C\x81\x07\x99\x22\x51\xD1\x9E\xE1\x59\xEE"+\
+                        b"\x77\xC2\x13\x2C\x46\x16\x92\x9A\x69\xD9\x01\x75\x31\xA6\x20\xB9"+\
+                        b"\x13\x46\x55\xF7\x8C\xC6\xB8\x7C\x8F\xAC\x00\x1A\x58\x68\xC7\xAD"+\
+                        b"\x4E\x34\xB9\xEF\x5F\xCD\x87\x12\x0E\x8A\xEA\xD2\x4D\x66\x5E\x40"+\
+                        b"\xBD\x1D\x30\x8A\x83\xB8\x4F\xC2\xAB\x28\x58\x6C\xEA\xDB\xF5\x87"+\
+                        b"\xA0\x62\x9E\xF9\xF4\xE7\xE8\x65"
+            my_gcm = AES_GCM(master_key)
+            decrypted = my_gcm.decrypt(init_value, ciphertext, auth_tag)
+            """
+
+            def __init__(self, master_key):
+                self.change_key(master_key)
+
+            # GF(2^128) defined by 1 + a + a^2 + a^7 + a^128
+            # Please note the MSB is x0 and LSB is x127
+            def gf_2_128_mul(self, x, y):
+                assert x < (1 << 128)
+                assert y < (1 << 128)
+                res = 0
+                for i in range(127, -1, -1):
+                    res ^= x * ((y >> i) & 1)  # branchless
+                    x = (x >> 1) ^ ((x & 1) * 0xE1000000000000000000000000000000)
+                assert res < 1 << 128
+                return res
+
+            def change_key(self, master_key):
+                if master_key >= (1 << 128):
+                    raise InvalidInputException('Master key should be 128-bit')
+
+                self.__master_key = long_to_bytes(master_key, 16)
+                self.__aes_ecb = AES.new(self.__master_key, AES.MODE_ECB)
+                self.__auth_key = bytes_to_long(self.__aes_ecb.encrypt(b'\x00' * 16))
+
+                # precompute the table for multiplication in finite field
+                table = []  # for 8-bit
+                for i in range(16):
+                    row = []
+                    for j in range(256):
+                        row.append(self.gf_2_128_mul(self.__auth_key, j << (8 * i)))
+                    table.append(tuple(row))
+                self.__pre_table = tuple(table)
+
+                self.prev_init_value = None  # reset
+
+            def __times_auth_key(self, val):
+                res = 0
+                for i in range(16):
+                    res ^= self.__pre_table[i][val & 0xFF]
+                    val >>= 8
+                return res
+
+            def __ghash(self, aad, txt):
+                len_aad = len(aad)
+                len_txt = len(txt)
+
+                # padding
+                if 0 == len_aad % 16:
+                    data = aad
+                else:
+                    data = aad + b'\x00' * (16 - len_aad % 16)
+                if 0 == len_txt % 16:
+                    data += txt
+                else:
+                    data += txt + b'\x00' * (16 - len_txt % 16)
+
+                tag = 0
+                assert len(data) % 16 == 0
+                for i in range(len(data) // 16):
+                    tag ^= bytes_to_long(data[i * 16: (i + 1) * 16])
+                    tag = self.__times_auth_key(tag)
+                    # print 'X\t', hex(tag)
+                tag ^= ((8 * len_aad) << 64) | (8 * len_txt)
+                tag = self.__times_auth_key(tag)
+
+                return tag
+
+            def encrypt(self, init_value, plaintext, auth_data=b''):
+                if init_value >= (1 << 96):
+                    raise InvalidInputException('IV should be 96-bit')
+                # a naive checking for IV reuse
+                if init_value == self.prev_init_value:
+                    raise InvalidInputException('IV must not be reused!')
+                self.prev_init_value = init_value
+
+                len_plaintext = len(plaintext)
+                # len_auth_data = len(auth_data)
+
+                if len_plaintext > 0:
+                    counter = Counter.new(
+                        nbits=32,
+                        prefix=long_to_bytes(init_value, 12),
+                        initial_value=2,  # notice this
+                        allow_wraparound=False)
+                    aes_ctr = AES.new(self.__master_key, AES.MODE_CTR, counter=counter)
+
+                    if 0 != len_plaintext % 16:
+                        padded_plaintext = plaintext + \
+                                           b'\x00' * (16 - len_plaintext % 16)
+                    else:
+                        padded_plaintext = plaintext
+                    ciphertext = aes_ctr.encrypt(padded_plaintext)[:len_plaintext]
+
+                else:
+                    ciphertext = b''
+
+                auth_tag = self.__ghash(auth_data, ciphertext)
+                # print 'GHASH\t', hex(auth_tag)
+                auth_tag ^= bytes_to_long(self.__aes_ecb.encrypt(
+                    long_to_bytes((init_value << 32) | 1, 16)))
+
+                # assert len(ciphertext) == len(plaintext)
+                assert auth_tag < (1 << 128)
+                return ciphertext, auth_tag
+
+            def decrypt(self, init_value, ciphertext, auth_tag, auth_data=b''):
+                # if init_value >= (1 << 96):
+                #    raise InvalidInputException('IV should be 96-bit')
+                # if auth_tag >= (1 << 128):
+                #    raise InvalidInputException('Tag should be 128-bit')
+
+                if auth_tag != self.__ghash(auth_data, ciphertext) ^ \
+                        bytes_to_long(self.__aes_ecb.encrypt(
+                            long_to_bytes((init_value << 32) | 1, 16))):
+                    raise InvalidTagException
+
+                len_ciphertext = len(ciphertext)
+                if len_ciphertext > 0:
+                    counter = Counter.new(
+                        nbits=32,
+                        prefix=long_to_bytes(init_value, 12),
+                        initial_value=2,
+                        allow_wraparound=True)
+                    aes_ctr = AES.new(self.__master_key, AES.MODE_CTR, counter=counter)
+
+                    if 0 != len_ciphertext % 16:
+                        padded_ciphertext = ciphertext + \
+                                            b'\x00' * (16 - len_ciphertext % 16)
+                    else:
+                        padded_ciphertext = ciphertext
+                    plaintext = aes_ctr.decrypt(padded_ciphertext)[:len_ciphertext]
+
+                else:
+                    plaintext = b''
+
+                return plaintext
+
+        def aes_gcm(self, ciphertext, nounce, aes_key, hdr, tag_auth, decrypt=True):
+            cipher = AES.new(aes_key, AES.MODE_GCM, nounce)
+            if hdr is not None:
+                cipher.update(hdr)
+            if decrypt:
+                plaintext = cipher.decrypt(ciphertext)
+                try:
+                    cipher.verify(tag_auth)
+                    return plaintext
+                except ValueError:
+                    return None
+            return None
+
+        def aes_cbc(self, key, iv, data, decrypt=True):
+            if decrypt:
+                return AES.new(key, AES.MODE_CBC, IV=iv).decrypt(data)
+            else:
+                return AES.new(key, AES.MODE_CBC, IV=iv).encrypt(data)
+
+        def aes_ecb(self, key, data, decrypt=True):
+            if decrypt:
+                return AES.new(key, AES.MODE_ECB).decrypt(data)
+            else:
+                return AES.new(key, AES.MODE_ECB).encrypt(data)
+
+        def aes_ctr(self, key, counter, enc_data, decrypt=True):
+            ctr = Counter.new(128, initial_value=counter)
+            # Create the AES cipher object and decrypt the ciphertext, basically this here is just aes ctr 256 :)
+            cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
+            if decrypt:
+                data = cipher.decrypt(enc_data)
+            else:
+                data = cipher.encrypt(enc_data)
+            return data
+
+        def aes_ccm(self, key, nounce, tag_auth, data, decrypt=True):
+            cipher = AES.new(key, AES.MODE_CCM, nounce)
+            if decrypt:
+                plaintext = cipher.decrypt(data)
+                try:
+                    cipher.verify(tag_auth)
+                    return plaintext
+                except ValueError:
+                    return None
+            else:
+                ciphertext = cipher.encrypt(data)
+                return ciphertext
+
+        def aes_cmac_verify(self, key, plain, compare):
+            ctx = CMAC.new(key, ciphermod=AES)
+            ctx.update(plain)
+            result = ctx.hexdigest()
+            if result != compare:
+                print("AES-CMAC failed !")
+            else:
+                print("AES-CMAC ok !")
+
+    class rsa:  # RFC8017
+        def __init__(self, hashtype="SHA256"):
+            if hashtype == "SHA1":
+                self.hash = hashlib.sha1
+                self.digestLen = 0x14
+            elif hashtype == "SHA256":
+                self.hash = hashlib.sha256
+                self.digestLen = 0x20
+
+        def pss_test(self):
+            N = "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5"
+            e = "010001"
+            D = "050e2c3e38d886110288dfc68a9533e7e12e27d2aa56d2cdb3fb6efa990bcff29e1d2987fb711962860e7391b1ce01ebadb9e812d2fbdfaf25df4ae26110a6d7a26f0b810f54875e17dd5c9fb6d641761245b81e79f8c88f0e55a6dcd5f133abd35f8f4ec80adf1bf86277a582894cb6ebcd2162f1c7534f1f4947b129151b71"
+            MSG = "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc "
+            salt = "e3b5d5d002c1bce50c2b65ef88a188d83bce7e61"
+
+            N = int(N, 16)
+            e = int(e, 16)
+            D = int(D, 16)
+            MSG = unhexlify(MSG)
+            salt = unhexlify(salt)
+            signature = self.pss_sign(D, N, self.hash(MSG), salt, 1024)  # pkcs_1_pss_encode_sha256
+            isvalid = self.pss_verify(e, N, self.hash(MSG), signature, 1024)
+            if isvalid:
+                print("Test passed.")
+            else:
+                print("Test failed.")
+
+        def i2osp(self, x, x_len):
+            """Converts the integer x to its big-endian representation of length
+               x_len.
+            """
+            if x > 256 ** x_len:
+                raise IntegerTooLarge
+            h = hex(x)[2:]
+            if h[-1] == 'L':
+                h = h[:-1]
+            if len(h) & 1 == 1:
+                h = '0%s' % h
+            x = unhexlify(h)
+            return b'\x00' * int(x_len - len(x)) + x
+
+        def os2ip(self, x):
+            """Converts the byte string x representing an integer reprented using the
+               big-endian convient to an integer.
+            """
+            h = hexlify(x)
+            return int(h, 16)
+
+        # def os2ip(self, X):
+        #    return int.from_bytes(X, byteorder='big')
+
+        def mgf1(self, input, length):
+            counter = 0
+            output = b''
+            while len(output) < length:
+                C = self.i2osp(counter, 4)
+                output += self.hash(input + C)
+                counter += 1
+            return output[:length]
+
+        def assert_int(self, var: int, name: str):
+            if isinstance(var, int):
+                return
+            raise TypeError('%s should be an integer, not %s' % (name, var.__class__))
+
+        def sign(self, tosign, D, N, emBits=1024):
+            self.assert_int(tosign, 'message')
+            self.assert_int(D, 'D')
+            self.assert_int(N, 'n')
+
+            if tosign < 0:
+                raise ValueError('Only non-negative numbers are supported')
+
+            if tosign > N:
+                tosign1 = divmod(tosign, N)[1]
+                signature = pow(tosign1, D, N)
+                raise OverflowError("The message %i is too long for n=%i" % (tosign, N))
+
+            signature = pow(tosign, D, N)
+            hexsign = self.i2osp(signature, emBits // 8)
+            return hexsign
+
+        def pss_sign(self, D, N, msghash, salt, emBits=1024):
+            if isinstance(D, str):
+                D = unhexlify(D)
+                D = self.os2ip(D)
+            if isinstance(N, str):
+                N = unhexlify(N)
+                N = self.os2ip(N)
+            slen = len(salt)
+            emLen = self.ceil_div(emBits, 8)
+            inBlock = b"\x00" * 8 + msghash + salt
+            hhash = self.hash(inBlock)
+            PSlen = emLen - self.digestLen - slen - 1 - 1
+            DB = (PSlen * b"\x00") + b"\x01" + salt
+            rlen = emLen - len(hhash) - 1
+            dbMask = self.mgf1(hhash, rlen)
+            maskedDB = bytearray()
+            for i in range(0, len(dbMask)):
+                maskedDB.append(dbMask[i] ^ DB[i])
+            maskedDB[0] = maskedDB[0] & 0x7F
+            EM = maskedDB + hhash + b"\xbc"
+            tosign = self.os2ip(EM)
+            # EM=hexlify(EM).decode('utf-8')
+            # tosign = int(EM,16)
+            return self.sign(tosign, D, N, emBits)
+            # 6B1EAA2042A5C8DA8B1B4A8320111A70A0CBA65233D1C6E418EF8156E82A8F96BD843F047FF25AB9702A6582C8387298753E628F23448B4580E09CBD2A483C623B888F47C4BD2C5EFF09013C6DFF67DB59BAB3037F0BEE05D5660264D28CC6251631FE75CE106D931A04FA032FEA31259715CE0FAB1AE0E2F8130807AF4019A61B9C060ECE59104F22156FEE8108F17DC80D7C2F8397AFB9780994F7C5A0652F93D1B48010B0B248AB9711235787D797FBA4D10A29BCF09628585D405640A866B15EE9D7526A2703E72A19811EF447F6E5C43F915B3808EBC79EA4BCF78903DBDE32E47E239CFB5F2B5986D0CBBFBE6BACDC29B2ADE006D23D0B90775B1AE4DD
+
+        def ceil_div(self, a, b):
+            (q, r) = divmod(a, b)
+            if r:
+                return q + 1
+            else:
+                return q
+
+        def pss_verify(self, e, N, msghash, signature, emBits=1024, salt=None):
+            if salt == None:
+                slen = self.digestLen
+            else:
+                slen = len(salt)
+            sig = self.os2ip(signature)
+
+            EM = pow(sig, e, N)
+            # EM = unhexlify(hex(EM)[2:])
+            EM = self.i2osp(EM, emBits // 8)
+
+            emLen = len(signature)
+
+            valBC = EM[-1]
+            if valBC != 0xbc:
+                print("[rsa_pss] : 0xbc check failed")
+                return False
+            mhash = EM[emLen - self.digestLen - 1:-1]
+            maskedDB = EM[:emLen - self.digestLen - 1]
+
+            lmask = ~(0xFF >> (8 * emLen + 1 - emBits))
+            if EM[0] & lmask:
+                print("[rsa_pss] : lmask check failed")
+                return False
+
+            dbMask = self.mgf1(mhash, emLen - self.digestLen - 1)
+
+            DB = bytearray()
+            for i in range(0, len(dbMask)):
+                DB.append(dbMask[i] ^ maskedDB[i])
+
+            TS = bytearray()
+            TS.append(DB[0] & ~lmask)
+            TS.extend(DB[1:])
+
+            PS = (b"\x00" * (emLen - self.digestLen - slen - 2)) + b"\x01"
+            if TS[:len(PS)] != PS:
+                print(TS[:len(PS)])
+                print(PS)
+                print("[rsa_pss] : 0x01 check failed")
+                return False
+
+            if salt is not None:
+                inBlock = b"\x00" * 8 + msghash + salt
+                mhash = self.hash(inBlock)
+                if mhash == mhash:
+                    return True
+                else:
+                    return False
+            else:
+                salt = TS[-self.digestLen:]
+                inBlock = b"\x00" * 8 + msghash + salt
+                mhash = self.hash(inBlock)
+                if mhash == mhash:
+                    return True
+                else:
+                    return False
+
+    class hash():
+        def __init__(self, hashtype="SHA256"):
+            if hashtype == "SHA1":
+                self.hash = self.sha1
+                self.digestLen = 0x14
+            elif hashtype == "SHA256":
+                self.hash = self.sha256
+                self.digestLen = 0x20
+            elif hashtype == "MD5":
+                self.hash = self.md5
+                self.digestLen = 0x10
+
+        def sha1(self, msg):
+            return hashlib.sha1(msg).digest()
+
+        def sha256(self, msg):
+            return hashlib.sha256(msg).digest()
+
+        def md5(self, msg):
+            return hashlib.md5(msg).digest()

edl/Library/firehose_client.py

@@ -0,0 +1,920 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2019
+
+import os
+import sys
+import logging
+import json
+from binascii import hexlify, unhexlify
+from struct import unpack, pack
+from edl.Library.firehose import firehose
+from edl.Library.xmlparser import xmlparser
+from edl.Library.utils import do_tcp_server
+from edl.Library.utils import LogBase, getint
+from edl.Config.qualcomm_config import memory_type
+from edl.Config.qualcomm_config import infotbl, msmids, secureboottbl, sochw
+
+try:
+    import xml.etree.cElementTree as ET
+    from xml.etree import cElementTree as ElementTree
+except ImportError:
+    import xml.etree.ElementTree as ET
+    from xml.etree import ElementTree
+
+try:
+    from edl.Library.Modules.init import modules
+except ImportError as e:
+    pass
+
+
+class firehose_client(metaclass=LogBase):
+    def __init__(self, arguments, cdc, sahara, loglevel, printer):
+        self.cdc = cdc
+        self.sahara = sahara
+        self.arguments = arguments
+        self.printer = printer
+        self.info = self.__logger.info
+        self.error = self.__logger.error
+        self.warning = self.__logger.warning
+        self.__logger.setLevel(loglevel)
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+        self.cfg = firehose.cfg()
+        if not arguments["--memory"] is None:
+            self.cfg.MemoryName = arguments["--memory"].lower()
+        else:
+            self.cfg.MemoryName = ""
+        self.cfg.ZLPAwareHost = 1
+        self.cfg.SkipStorageInit = arguments["--skipstorageinit"]
+        self.cfg.SkipWrite = arguments["--skipwrite"]
+        self.cfg.MaxPayloadSizeToTargetInBytes = getint(arguments["--maxpayload"])
+        self.cfg.SECTOR_SIZE_IN_BYTES = getint(arguments["--sectorsize"])
+        self.cfg.bit64 = sahara.bit64
+        devicemodel = ""
+        skipresponse = False
+        if "--skipresponse" in arguments:
+            if arguments["--skipresponse"]:
+                skipresponse = True
+        if "--devicemodel" in arguments:
+            if arguments["--devicemodel"] is not None:
+                devicemodel = arguments["--devicemodel"]
+        self.firehose = firehose(cdc, xmlparser(), self.cfg, self.__logger.level, devicemodel, sahara.serial,
+                                 skipresponse,
+                                 self.getluns(arguments), arguments)
+        self.connected = False
+        self.firehose.connect()
+        if "hwid" in dir(sahara):
+            if sahara.hwid is not None:
+                hwid = (sahara.hwid >> 32) & 0xFFFFFF
+                socid = ((sahara.hwid >> 32) >> 16)
+                if hwid in msmids:
+                    self.target_name = msmids[hwid]
+                    self.info(f"Target detected: {self.target_name}")
+                    if self.cfg.MemoryName == "":
+                        if self.target_name in memory_type.preferred_memory:
+                            type = memory_type.preferred_memory[self.target_name]
+                            if type == memory_type.nand:
+                                self.cfg.MemoryName = "nand"
+                            if type == memory_type.spinor:
+                                self.cfg.MemoryName = "spinor"
+                            elif type == memory_type.emmc:
+                                self.cfg.MemoryName = "eMMC"
+                            elif type == memory_type.ufs:
+                                self.cfg.MemoryName = "UFS"
+                            self.warning("Based on the chipset, we assume " +
+                                self.cfg.MemoryName + " as default memory type..., if it fails, try using " +
+                                "--memory\" with \"UFS\",\"NAND\" or \"spinor\" instead !")
+                elif socid in sochw:
+                    self.target_name = sochw[socid].split(",")[0]
+
+        # We assume ufs is fine (hopefully), set it as default
+        if self.cfg.MemoryName == "":
+            self.warning(
+                "No --memory option set, we assume \"eMMC\" as default ..., if it fails, try using \"--memory\" " +
+                "with \"UFS\",\"NAND\" or \"spinor\" instead !")
+            self.cfg.MemoryName = "eMMC"
+
+        if self.firehose.configure(0):
+            funcs = "Supported functions:\n-----------------\n"
+            for function in self.firehose.supported_functions:
+                funcs += function + ","
+            funcs = funcs[:-1]
+            self.info(funcs)
+            self.target_name = self.firehose.cfg.TargetName
+            self.connected = True
+            try:
+                if self.firehose.modules is None:
+                    self.firehose.modules = modules(fh=self.firehose, serial=self.firehose.serial,
+                                                    supported_functions=self.firehose.supported_functions,
+                                                    loglevel=self.__logger.level,
+                                                    devicemodel=self.firehose.devicemodel, args=self.arguments)
+            except Exception as err:  # pylint: disable=broad-except
+                self.firehose.modules = None
+
+    def check_cmd(self, func):
+        if not self.firehose.supported_functions:
+            return True
+        for sfunc in self.firehose.supported_functions:
+            if func.lower() == sfunc.lower():
+                return True
+        return False
+
+    def find_bootable_partition(self, rawprogram):
+        part = -1
+        for xml in rawprogram:
+            with open(xml, "r") as fl:
+                for evt, elem in ET.iterparse(fl, events=["end"]):
+                    if elem.tag == "program":
+                        label = elem.get("label")
+                        if label in ['xbl', 'xbl_a', 'sbl1']:
+                            if part != -1:
+                                self.error("[FIREHOSE] multiple bootloader found!")
+                                return -1
+                            part = elem.get("physical_partition_number")
+        return part
+
+    def getluns(self, argument):
+        if argument["--lun"] is not None:
+            return [int(argument["--lun"])]
+
+        luns = []
+        if self.cfg.MemoryName.lower() == "ufs":
+            for i in range(0, self.cfg.maxlun):
+                luns.append(i)
+        else:
+            luns = [0]
+        return luns
+
+    def check_param(self, parameters):
+        error = False
+        params = ""
+        for parameter in parameters:
+            params += parameter + " "
+            if parameter not in parameters:
+                error = True
+        if error:
+            if len(parameters) == 1:
+                self.printer("Argument " + params + "required.")
+            else:
+                self.printer("Arguments " + params + "required.")
+            return False
+        return True
+
+    def get_storage_info(self):
+        if "getstorageinfo" in self.firehose.supported_functions:
+            storageinfo = self.firehose.cmd_getstorageinfo()
+            for info in storageinfo:
+                if "storage_info" in info:
+                    rs = info.replace("INFO: ", "")
+                    field = json.loads(rs)
+                    if "storage_info" in field:
+                        info = field["storage_info"]
+                        return info
+        return None
+
+    def handle_firehose(self, cmd, options):
+        if cmd == "gpt":
+            luns = self.getluns(options)
+            directory = options["<directory>"]
+            if directory is None:
+                directory = ""
+            genxml = False
+            if "--genxml" in options:
+                if options["--genxml"]:
+                    genxml = True
+            for lun in luns:
+                sfilename = os.path.join(directory, f"gpt_main{str(lun)}.bin")
+                data, guid_gpt = self.firehose.get_gpt(lun, int(options["--gpt-num-part-entries"]),
+                                                       int(options["--gpt-part-entry-size"]),
+                                                       int(options["--gpt-part-entry-start-lba"]))
+                if guid_gpt is None:
+                    break
+                with open(sfilename, "wb") as write_handle:
+                    write_handle.write(data)
+
+                self.printer(f"Dumped GPT from Lun {str(lun)} to {sfilename}")
+                sfilename = os.path.join(directory, f"gpt_backup{str(lun)}.bin")
+                with open(sfilename, "wb") as write_handle:
+                    write_handle.write(data[self.firehose.cfg.SECTOR_SIZE_IN_BYTES * 2:])
+                self.printer(f"Dumped Backup GPT from Lun {str(lun)} to {sfilename}")
+                if genxml:
+                    guid_gpt.generate_rawprogram(lun, self.firehose.cfg.SECTOR_SIZE_IN_BYTES, directory)
+            return True
+        elif cmd == "printgpt":
+            luns = self.getluns(options)
+            for lun in luns:
+                data, guid_gpt = self.firehose.get_gpt(lun, int(options["--gpt-num-part-entries"]),
+                                                       int(options["--gpt-part-entry-size"]),
+                                                       int(options["--gpt-part-entry-start-lba"]))
+                if guid_gpt is None:
+                    break
+                self.printer(f"\nParsing Lun {str(lun)}:")
+                guid_gpt.print()
+            return True
+        elif cmd == "r":
+            if not self.check_param(["<partitionname>", "<filename>"]):
+                return False
+            partitionname = options["<partitionname>"]
+            filename = options["<filename>"]
+            filenames = filename.split(",")
+            partitions = partitionname.split(",")
+            if len(partitions) != len(filenames):
+                self.error("You need to gives as many filenames as given partitions.")
+                return False
+            i = 0
+            for partition in partitions:
+                if partition=="gpt":
+                    luns = self.getluns(options)
+                    for lun in luns:
+                        partfilename=filenames[i]+".lun%d" % lun
+                        if self.firehose.cmd_read(lun, 0, 32, partfilename):
+                            self.printer(
+                                f"Dumped sector {str(0)} with sector count {str(32)} " +
+                                f"as {partfilename}.")
+                    continue
+                partfilename = filenames[i]
+                i += 1
+                res = self.firehose.detect_partition(options, partition)
+                if res[0]:
+                    lun = res[1]
+                    rpartition = res[2]
+                    if self.firehose.cmd_read(lun, rpartition.sector, rpartition.sectors, partfilename):
+                        self.printer(
+                            f"Dumped sector {str(rpartition.sector)} with sector count {str(rpartition.sectors)} " +
+                            f"as {partfilename}.")
+                else:
+                    fpartitions = res[1]
+                    self.error(f"Error: Couldn't detect partition: {partition}\nAvailable partitions:")
+                    for lun in fpartitions:
+                        for rpartition in fpartitions[lun]:
+                            if self.cfg.MemoryName == "emmc":
+                                self.error("\t" + rpartition)
+                            else:
+                                self.error(lun + ":\t" + rpartition)
+                    return False
+            return True
+        elif cmd == "rl":
+            if not self.check_param(["<directory>"]):
+                return False
+            directory = options["<directory>"]
+            if options["--skip"]:
+                skip = options["--skip"].split(",")
+            else:
+                skip = []
+            genxml = False
+            if "--genxml" in options:
+                if options["--genxml"]:
+                    genxml = True
+            if not os.path.exists(directory):
+                os.mkdir(directory)
+
+            luns = self.getluns(options)
+
+            for lun in luns:
+                data, guid_gpt = self.firehose.get_gpt(lun, int(options["--gpt-num-part-entries"]),
+                                                       int(options["--gpt-part-entry-size"]),
+                                                       int(options["--gpt-part-entry-start-lba"]))
+                if guid_gpt is None:
+                    break
+                if len(luns) > 1:
+                    storedir = os.path.join(directory, "lun" + str(lun))
+                else:
+                    storedir = directory
+                if not os.path.exists(storedir):
+                    os.mkdir(storedir)
+                sfilename = os.path.join(storedir, f"gpt_main{str(lun)}.bin")
+                with open(sfilename, "wb") as write_handle:
+                    write_handle.write(data)
+
+                sfilename = os.path.join(storedir, f"gpt_backup{str(lun)}.bin")
+                with open(sfilename, "wb") as write_handle:
+                    write_handle.write(data[self.firehose.cfg.SECTOR_SIZE_IN_BYTES * 2:])
+
+                if genxml:
+                    guid_gpt.generate_rawprogram(lun, self.firehose.cfg.SECTOR_SIZE_IN_BYTES, storedir)
+
+                for partition in guid_gpt.partentries:
+                    partitionname = partition.name
+                    if partition.name in skip:
+                        continue
+                    filename = os.path.join(storedir, partitionname + ".bin")
+                    self.info(
+                        f"Dumping partition {str(partition.name)} with sector count {str(partition.sectors)} " +
+                        f"as {filename}.")
+                    if self.firehose.cmd_read(lun, partition.sector, partition.sectors, filename):
+                        self.info(f"Dumped partition {str(partition.name)} with sector count " +
+                                  f"{str(partition.sectors)} as {filename}.")
+            return True
+        elif cmd == "rf":
+            if not self.check_param(["<filename>"]):
+                return False
+            filename = options["<filename>"]
+            storageinfo = self.get_storage_info()
+            if storageinfo is not None and self.cfg.MemoryName.lower() in ["spinor" , "nand"]:
+                totalsectors = None
+                if "total_blocks" in storageinfo:
+                    totalsectors = storageinfo["total_blocks"]
+                if "num_physical" in storageinfo:
+                    num_physical = storageinfo["num_physical"]
+                    luns = [0]
+                    if num_physical > 0:
+                        luns=[]
+                        for i in range(num_physical):
+                            luns.append(i)
+                if totalsectors is not None:
+                    for lun in luns:
+                        buffer=self.firehose.cmd_read_buffer(physical_partition_number=lun,
+                                                      start_sector=0, num_partition_sectors=1, display=False)
+                        storageinfo = self.get_storage_info()
+                        if "total_blocks" in storageinfo:
+                            totalsectors = storageinfo["total_blocks"]
+                        if len(luns) > 1:
+                            sfilename = filename + f".lun{str(lun)}"
+                        else:
+                            sfilename = filename
+                        self.printer(f"Dumping sector 0 with sector count {str(totalsectors)} as {filename}.")
+                        if self.firehose.cmd_read(lun, 0, totalsectors, sfilename):
+                            self.printer(
+                                f"Dumped sector 0 with sector count {str(totalsectors)} as {filename}.")
+            else:
+                luns = self.getluns(options)
+                for lun in luns:
+                    data, guid_gpt = self.firehose.get_gpt(lun, int(options["--gpt-num-part-entries"]),
+                                                           int(options["--gpt-part-entry-size"]),
+                                                           int(options["--gpt-part-entry-start-lba"]))
+                    if guid_gpt is None:
+                        break
+                    if len(luns) > 1:
+                        sfilename = filename + f".lun{str(lun)}"
+                    else:
+                        sfilename = filename
+                    self.printer(f"Dumping sector 0 with sector count {str(guid_gpt.totalsectors)} as {filename}.")
+                    if self.firehose.cmd_read(lun, 0, guid_gpt.totalsectors, sfilename):
+                        self.printer(f"Dumped sector 0 with sector count {str(guid_gpt.totalsectors)} as {filename}.")
+                return True
+        elif cmd == "pbl":
+            if not self.check_param(["<filename>"]):
+                return False
+            if not self.check_cmd("peek"):
+                self.error("Peek command isn't supported by edl loader")
+                return False
+            else:
+                filename = options["<filename>"]
+                if self.target_name in infotbl:
+                    target_name = infotbl[self.target_name]
+                    if len(target_name[0]) > 0:
+                        if self.firehose.cmd_peek(target_name[0][0], target_name[0][1], filename, True):
+                            self.printer(f"Dumped pbl at offset {hex(target_name[0][0])} as {filename}.")
+                            return True
+                    else:
+                        self.error("No known pbl offset for this chipset")
+                else:
+                    self.error("Unknown target chipset")
+                self.error("Error on dumping pbl")
+            return False
+        elif cmd == "qfp":
+            if not self.check_param(["<filename>"]):
+                return False
+            if not self.check_cmd("peek"):
+                self.error("Peek command isn't supported by edl loader")
+                return False
+            else:
+                filename = options["<filename>"]
+                if self.target_name not in infotbl:
+                    self.error("Unknown target chipset")
+                else:
+                    target_name = infotbl[self.target_name]
+                    if len(target_name[1]) > 0:
+                        if self.firehose.cmd_peek(target_name[1][0], target_name[1][1], filename):
+                            self.printer(f"Dumped qfprom at offset {hex(target_name[1][0])} as {filename}.")
+                            return True
+                    else:
+                        self.error("No known qfprom offset for this chipset")
+                self.error("Error on dumping qfprom")
+            return False
+        elif cmd == "secureboot":
+            if not self.check_cmd("peek"):
+                self.error("Peek command isn't supported by edl loader")
+                return False
+            else:
+                if self.target_name in secureboottbl:
+                    self.target_name = secureboottbl[self.target_name]
+                    value = unpack("<I", self.firehose.cmd_peek(self.target_name, 4))[0]
+                    is_secure = False
+                    for area in range(0, 4):
+                        sec_boot = (value >> (area * 8)) & 0xFF
+                        pk_hashindex = sec_boot & 3
+                        oem_pkhash = True if ((sec_boot >> 4) & 1) == 1 else False
+                        auth_enabled = True if ((sec_boot >> 5) & 1) == 1 else False
+                        use_serial = True if ((sec_boot >> 6) & 1) == 1 else False
+                        if auth_enabled:
+                            is_secure = True
+                        self.printer(f"Sec_Boot{str(area)} " +
+                                     f"PKHash-Index:{str(pk_hashindex)} " +
+                                     f"OEM_PKHash: {str(oem_pkhash)} " +
+                                     f"Auth_Enabled: {str(auth_enabled)}" +
+                                     f"Use_Serial: {str(use_serial)}")
+                    if is_secure:
+                        self.printer("Secure boot enabled.")
+                    else:
+                        self.printer("Secure boot disabled.")
+                    return True
+                else:
+                    self.error("Unknown target chipset")
+                    return False
+        elif cmd == "memtbl":
+            if not self.check_param(["<filename>"]):
+                return False
+            if not self.check_cmd("peek"):
+                self.error("Peek command isn't supported by edl loader")
+                return False
+            else:
+                filename = options["<filename>"]
+                if self.target_name in infotbl:
+                    self.target_name = infotbl[self.target_name]
+                    if len(self.target_name[2]) > 0:
+                        if self.firehose.cmd_peek(self.target_name[2][0], self.target_name[2][1], filename):
+                            self.printer(f"Dumped memtbl at offset {hex(self.target_name[2][0])} as {filename}.")
+                            return True
+                    else:
+                        self.error("No known memtbl offset for this chipset")
+                else:
+                    self.error("Unknown target chipset")
+                self.error("Error on dumping memtbl")
+            return False
+        elif cmd == "footer":
+            if not self.check_param(["<filename>"]):
+                return False
+            luns = self.getluns(options)
+            filename = options["<filename>"]
+            for lun in luns:
+                data, guid_gpt = self.firehose.get_gpt(lun, int(options["--gpt-num-part-entries"]),
+                                                       int(options["--gpt-part-entry-size"]),
+                                                       int(options["--gpt-part-entry-start-lba"]))
+                if guid_gpt is None:
+                    break
+                pnames = ["userdata2", "metadata", "userdata", "reserved1", "reserved2", "reserved3"]
+                for partition in guid_gpt.partentries:
+                    if partition.name in pnames:
+                        self.printer(f"Detected partition: {partition.name}")
+                        data = self.firehose.cmd_read_buffer(lun,
+                                                             partition.sector +
+                                                             (partition.sectors -
+                                                              (0x4000 // self.firehose.cfg.SECTOR_SIZE_IN_BYTES)),
+                                                             (0x4000 // self.firehose.cfg.SECTOR_SIZE_IN_BYTES), False)
+                        if data == b"":
+                            continue
+                        val = unpack("<I", data[:4])[0]
+                        if (val & 0xFFFFFFF0) == 0xD0B5B1C0:
+                            with open(filename, "wb") as write_handle:
+                                write_handle.write(data)
+                                self.printer(f"Dumped footer from {partition.name} as {filename}.")
+                                return True
+            self.error("Error: Couldn't detect footer partition.")
+            return False
+        elif cmd == "rs":
+            if options["--lun"] is not None:
+                lun = int(options["--lun"])
+            else:
+                lun = 0
+            if not self.check_param(["<filename>", "<sectors>", "<start_sector>"]):
+                return False
+            start = int(options["<start_sector>"])
+            sectors = int(options["<sectors>"])
+            filename = options["<filename>"]
+            if self.firehose.cmd_read(lun, start, sectors, filename, True):
+                self.printer(f"Dumped sector {str(start)} with sector count {str(sectors)} as {filename}.")
+                return True
+        elif cmd == "peek":
+            if not self.check_param(["<offset>", "<length>", "<filename>"]):
+                return False
+            if not self.check_cmd("peek"):
+                self.error("Peek command isn't supported by edl loader")
+                return False
+            else:
+                offset = getint(options["<offset>"])
+                length = getint(options["<length>"])
+                filename = options["<filename>"]
+                self.firehose.cmd_peek(offset, length, filename, True)
+                self.info(
+                    f"Peek data from offset {hex(offset)} and length {hex(length)} was written to {filename}")
+                return True
+        elif cmd == "peekhex":
+            if not self.check_param(["<offset>", "<length>"]):
+                return False
+            if not self.check_cmd("peek"):
+                self.error("Peek command isn't supported by edl loader")
+                return False
+            else:
+                offset = getint(options["<offset>"])
+                length = getint(options["<length>"])
+                resp = self.firehose.cmd_peek(offset, length, "", True)
+                self.printer("\n")
+                self.printer(hexlify(resp))
+                return True
+        elif cmd == "peekqword":
+            if not self.check_param(["<offset>"]):
+                return False
+            if not self.check_cmd("peek"):
+                self.error("Peek command isn't supported by edl loader")
+                return False
+            else:
+                offset = getint(options["<offset>"])
+                resp = self.firehose.cmd_peek(offset, 8, "", True)
+                self.printer("\n")
+                self.printer(hex(unpack("<Q", resp[:8])[0]))
+                return True
+        elif cmd == "peekdword":
+            if not self.check_param(["<offset>"]):
+                return False
+            if not self.check_cmd("peek"):
+                self.error("Peek command isn't supported by edl loader")
+                return False
+            else:
+                offset = getint(options["<offset>"])
+                resp = self.firehose.cmd_peek(offset, 4, "", True)
+                self.printer("\n")
+                self.printer(hex(unpack("<I", resp[:4])[0]))
+                return True
+        elif cmd == "poke":
+            if not self.check_param(["<offset>", "<filename>"]):
+                return False
+            if not self.check_cmd("poke"):
+                self.error("Poke command isn't supported by edl loader")
+                return False
+            else:
+                offset = getint(options["<offset>"])
+                filename = options["<filename>"]
+                return self.firehose.cmd_poke(offset, "", filename, True)
+        elif cmd == "pokehex":
+            if not self.check_param(["<offset>", "<data>"]):
+                return False
+            if not self.check_cmd("poke"):
+                self.error("Poke command isn't supported by edl loader")
+                return False
+            else:
+                offset = getint(options["<offset>"])
+                data = unhexlify(options["<data>"])
+                return self.firehose.cmd_poke(offset, data, "", True)
+        elif cmd == "pokeqword":
+            if not self.check_param(["<offset>", "<data>"]):
+                return False
+            if not self.check_cmd("poke"):
+                self.error("Poke command isn't supported by edl loader")
+                return False
+            else:
+                offset = getint(options["<offset>"])
+                data = pack("<Q", getint(options["<data>"]))
+                return self.firehose.cmd_poke(offset, data, "", True)
+        elif cmd == "pokedword":
+            if not self.check_param(["<offset>", "<data>"]):
+                return False
+            if not self.check_cmd("poke"):
+                self.error("Poke command isn't supported by edl loader")
+                return False
+            else:
+                offset = getint(options["<offset>"])
+                data = pack("<I", getint(options["<data>"]))
+                return self.firehose.cmd_poke(offset, data, "", True)
+        elif cmd == "memcpy":
+            if not self.check_param(["<offset>", "<size>"]):
+                return False
+            if not self.check_cmd("poke"):
+                self.printer("Poke command isn't supported by edl loader")
+            else:
+                srcoffset = getint(options["<offset>"])
+                size = getint(options["<size>"])
+                dstoffset = srcoffset + size
+                if self.firehose.cmd_memcpy(dstoffset, srcoffset, size):
+                    self.printer(f"Memcpy from {hex(srcoffset)} to {hex(dstoffset)} succeeded")
+                    return True
+                else:
+                    return False
+        elif cmd == "reset":
+            return self.firehose.cmd_reset()
+        elif cmd == "nop":
+            if not self.check_cmd("nop"):
+                self.error("Nop command isn't supported by edl loader")
+                return False
+            else:
+                return self.firehose.cmd_nop()
+        elif cmd == "setbootablestoragedrive":
+            if not self.check_param(["<lun>"]):
+                return False
+            if not self.check_cmd("setbootablestoragedrive"):
+                self.error("setbootablestoragedrive command isn't supported by edl loader")
+                return False
+            else:
+                return self.firehose.cmd_setbootablestoragedrive(int(options["<lun>"]))
+        elif cmd == "getstorageinfo":
+            if not self.check_cmd("getstorageinfo"):
+                self.error("getstorageinfo command isn't supported by edl loader")
+                return False
+            else:
+                return self.firehose.cmd_getstorageinfo_string()
+        elif cmd == "w":
+            if not self.check_param(["<partitionname>", "<filename>"]):
+                return False
+            partitionname = options["<partitionname>"]
+            filename = options["<filename>"]
+            if options["--lun"] is not None:
+                lun = int(options["--lun"])
+            else:
+                lun = 0
+            startsector = 0
+            if not os.path.exists(filename):
+                self.error(f"Error: Couldn't find file: {filename}")
+                return False
+            if partitionname.lower() == "gpt":
+                sectors = os.stat(filename).st_size // self.firehose.cfg.SECTOR_SIZE_IN_BYTES
+                res = [True, lun, sectors]
+            else:
+                res = self.firehose.detect_partition(options, partitionname)
+            if res[0]:
+                lun = res[1]
+                sectors = os.stat(filename).st_size // self.firehose.cfg.SECTOR_SIZE_IN_BYTES
+                if (os.stat(filename).st_size % self.firehose.cfg.SECTOR_SIZE_IN_BYTES) > 0:
+                    sectors += 1
+                if partitionname.lower() != "gpt":
+                    partition = res[2]
+                    if sectors > partition.sectors:
+                        self.error(
+                            f"Error: {filename} has {sectors} sectors but partition only has {partition.sectors}.")
+                        return False
+                    startsector = partition.sector
+                if self.firehose.modules is not None:
+                    self.firehose.modules.writeprepare()
+                if self.firehose.cmd_program(lun, startsector, filename):
+                    self.printer(f"Wrote {filename} to sector {str(startsector)}.")
+                    return True
+                else:
+                    self.printer(f"Error writing {filename} to sector {str(startsector)}.")
+                    return False
+            else:
+                if len(res) > 0:
+                    fpartitions = res[1]
+                    self.error(f"Error: Couldn't detect partition: {partitionname}\nAvailable partitions:")
+                    for lun in fpartitions:
+                        for partition in fpartitions[lun]:
+                            if self.cfg.MemoryName == "emmc":
+                                self.error("\t" + partition)
+                            else:
+                                self.error(lun + ":\t" + partition)
+            return False
+        elif cmd == "wl":
+            if not self.check_param(["<directory>"]):
+                return False
+            directory = options["<directory>"]
+            if options["--skip"]:
+                skip = options["--skip"].split(",")
+            else:
+                skip = []
+            luns = self.getluns(options)
+
+            if not os.path.exists(directory):
+                self.error(f"Error: Couldn't find directory: {directory}")
+                sys.exit()
+            filenames = []
+            if self.firehose.modules is not None:
+                self.firehose.modules.writeprepare()
+            for dirName, subdirList, fileList in os.walk(directory):
+                for fname in fileList:
+                    filenames.append(os.path.join(dirName, fname))
+            for lun in luns:
+                data, guid_gpt = self.firehose.get_gpt(lun, int(options["--gpt-num-part-entries"]),
+                                                       int(options["--gpt-part-entry-size"]),
+                                                       int(options["--gpt-part-entry-start-lba"]))
+                if guid_gpt is None:
+                    break
+                if "partentries" in dir(guid_gpt):
+                    for filename in filenames:
+                        for partition in guid_gpt.partentries:
+                            partname = filename[filename.rfind("/") + 1:]
+                            if ".bin" in partname[-4:] or ".img" in partname[-4:] or ".mbn" in partname[-4:]:
+                                partname = partname[:-4]
+                            if partition.name == partname:
+                                if partition.name in skip:
+                                    continue
+                                sectors = os.stat(filename).st_size // self.firehose.cfg.SECTOR_SIZE_IN_BYTES
+                                if (os.stat(filename).st_size % self.firehose.cfg.SECTOR_SIZE_IN_BYTES) > 0:
+                                    sectors += 1
+                                if sectors > partition.sectors:
+                                    self.error(f"Error: {filename} has {sectors} sectors but partition " +
+                                               f"only has {partition.sectors}.")
+                                    return False
+                                self.printer(f"Writing {filename} to partition {str(partition.name)}.")
+                                self.firehose.cmd_program(lun, partition.sector, filename)
+                else:
+                    self.printer("Couldn't write partition. Either wrong memorytype given or no gpt partition.")
+                    return False
+            return True
+        elif cmd == "ws":
+            if not self.check_param(["<start_sector>"]):
+                return False
+            if options["--lun"] is not None:
+                lun = int(options["--lun"])
+            else:
+                lun = 0
+            start = int(options["<start_sector>"])
+            filename = options["<filename>"]
+            if not os.path.exists(filename):
+                self.error(f"Error: Couldn't find file: {filename}")
+                return False
+            if self.firehose.modules is not None:
+                self.firehose.modules.writeprepare()
+            if self.firehose.cmd_program(lun, start, filename):
+                self.printer(f"Wrote {filename} to sector {str(start)}.")
+                return True
+            else:
+                self.error(f"Error on writing {filename} to sector {str(start)}")
+                return False
+        elif cmd == "wf":
+            if not self.check_param(["<filename>"]):
+                return False
+            if options["--lun"] is not None:
+                lun = int(options["--lun"])
+            else:
+                lun = 0
+            start = 0
+            filename = options["<filename>"]
+            if not os.path.exists(filename):
+                self.error(f"Error: Couldn't find file: {filename}")
+                return False
+            if self.firehose.modules is not None:
+                self.firehose.modules.writeprepare()
+            if self.firehose.cmd_program(lun, start, filename):
+                self.printer(f"Wrote {filename} to sector {str(start)}.")
+                return True
+            else:
+                self.error(f"Error on writing {filename} to sector {str(start)}")
+                return False
+        elif cmd == "e":
+            if not self.check_param(["<partitionname>"]):
+                return False
+            luns = self.getluns(options)
+            partitionname = options["<partitionname>"]
+            for lun in luns:
+                data, guid_gpt = self.firehose.get_gpt(lun, int(options["--gpt-num-part-entries"]),
+                                                       int(options["--gpt-part-entry-size"]),
+                                                       int(options["--gpt-part-entry-start-lba"]))
+                if guid_gpt is None:
+                    break
+                if self.firehose.modules is not None:
+                    self.firehose.modules.writeprepare()
+                if "partentries" in dir(guid_gpt):
+                    for partition in guid_gpt.partentries:
+                        if partition.name == partitionname:
+                            self.firehose.cmd_erase(lun, partition.sector, partition.sectors)
+                            self.printer(
+                                f"Erased {partitionname} starting at sector {str(partition.sector)} " +
+                                f"with sector count {str(partition.sectors)}.")
+                            return True
+                else:
+                    self.printer("Couldn't erase partition. Either wrong memorytype given or no gpt partition.")
+                    return False
+            self.error(f"Error: Couldn't detect partition: {partitionname}")
+            return False
+        elif cmd == "ep":
+            if not self.check_param(["<partitionname>", "<sectors>"]):
+                return False
+            luns = self.getluns(options)
+            partitionname = options["<partitionname>"]
+            sectors = int(options["<sectors>"])
+
+            for lun in luns:
+                data, guid_gpt = self.firehose.get_gpt(lun, int(options["--gpt-num-part-entries"]),
+                                                       int(options["--gpt-part-entry-size"]),
+                                                       int(options["--gpt-part-entry-start-lba"]))
+                if guid_gpt is None:
+                    break
+                if self.firehose.modules is not None:
+                    self.firehose.modules.writeprepare()
+                if "partentries" in dir(guid_gpt):
+                    for partition in guid_gpt.partentries:
+                        if partition.name == partitionname:
+                            self.firehose.cmd_erase(lun, partition.sector, sectors)
+                            self.printer(
+                                f"Erased {partitionname} starting at sector {str(partition.sector)} " +
+                                f"with sector count {str(sectors)}.")
+                            return True
+                else:
+                    self.printer("Couldn't erase partition. Either wrong memorytype given or no gpt partition.")
+                    return False
+            self.error(f"Error: Couldn't detect partition: {partitionname}")
+            return False
+        elif cmd == "es":
+            if not self.check_param(["<start_sector>", "<sectors>"]):
+                return False
+            if options["--lun"] is not None:
+                lun = int(options["--lun"])
+            else:
+                lun = 0
+            start = int(options["<start_sector>"])
+            sectors = int(options["<sectors>"])
+            if self.firehose.modules is not None:
+                self.firehose.modules.writeprepare()
+            if self.firehose.cmd_erase(lun, start, sectors):
+                self.printer(f"Erased sector {str(start)} with sector count {str(sectors)}.")
+                return True
+            return False
+        elif cmd == "xml":
+            if not self.check_param(["<xmlfile>"]):
+                return False
+            return self.firehose.cmd_xml(options["<xmlfile>"])
+        elif cmd == "rawxml":
+            if not self.check_param(["<xmlstring>"]):
+                return False
+            return self.firehose.cmd_rawxml(options["<xmlstring>"])
+        elif cmd == "send":
+            if not self.check_param(["<command>"]):
+                return False
+            command = options["<command>"]
+            resp = self.firehose.cmd_send(command, True)
+            self.printer("\n")
+            self.printer(resp)
+            return True
+        elif cmd == "server":
+            return do_tcp_server(self, options, self.handle_firehose)
+        elif cmd == "modules":
+            if not self.check_param(["<command>", "<options>"]):
+                return False
+            mcommand = options["<command>"]
+            moptions = options["<options>"]
+            if self.firehose.modules is None:
+                self.error("Feature is not supported")
+                return False
+            else:
+                return self.firehose.modules.run(command=mcommand, args=moptions)
+        elif cmd == "qfil":
+            self.info("[qfil] raw programming...")
+            rawprogram = options["<rawprogram>"].split(",")
+            imagedir = options["<imagedir>"]
+            patch = options["<patch>"].split(",")
+            for xml in rawprogram:
+                filename = os.path.join(imagedir, xml)
+                if os.path.exists(filename):
+                    self.info("[qfil] programming %s" % xml)
+                    fl = open(filename, "r")
+                    for evt, elem in ET.iterparse(fl, events=["end"]):
+                        if elem.tag == "program":
+                            if elem.get("filename", ""):
+                                filename = os.path.join(imagedir, elem.get("filename"))
+                                if not os.path.isfile(filename):
+                                    self.error("%s doesn't exist!" % filename)
+                                    continue
+                                partition_number = int(elem.get("physical_partition_number"))
+                                num_disk_sectors = self.firehose.getlunsize(partition_number)
+                                start_sector = elem.get("start_sector")
+                                if "NUM_DISK_SECTORS" in start_sector:
+                                    start_sector = start_sector.replace("NUM_DISK_SECTORS", str(num_disk_sectors))
+                                if "-" in start_sector or "*" in start_sector or "/" in start_sector or \
+                                        "+" in start_sector:
+                                    start_sector = start_sector.replace(".", "")
+                                    start_sector = eval(start_sector)
+                                self.info(f"[qfil] programming {filename} to partition({partition_number})" +
+                                          f"@sector({start_sector})...")
+
+                                self.firehose.cmd_program(int(partition_number), int(start_sector), filename)
+                else:
+                    self.warning(f"File : {filename} not found.")
+            self.info("[qfil] raw programming ok.")
+
+            self.info("[qfil] patching...")
+            for xml in patch:
+                filename = os.path.join(imagedir, xml)
+                self.info("[qfil] patching with %s" % xml)
+                if os.path.exists(filename):
+                    fl = open(filename, "r")
+                    for evt, elem in ET.iterparse(fl, events=["end"]):
+                        if elem.tag == "patch":
+                            filename = elem.get("filename")
+                            if filename != "DISK":
+                                continue
+                            start_sector = elem.get("start_sector")
+                            size_in_bytes = elem.get("size_in_bytes")
+                            self.info(
+                                f"[qfil] patching {filename} sector({start_sector}), size={size_in_bytes}".format(
+                                    filename=filename, start_sector=start_sector, size_in_bytes=size_in_bytes))
+                            content = ElementTree.tostring(elem).decode("utf-8")
+                            CMD = "<?xml version=\"1.0\" ?><data>\n {content} </data>".format(
+                                content=content)
+                            print(CMD)
+                            self.firehose.xmlsend(CMD)
+                else:
+                    self.warning(f"File : {filename} not found.")
+            self.info("[qfil] patching ok")
+            bootable = self.find_bootable_partition(rawprogram)
+            if bootable != -1:
+                if self.firehose.cmd_setbootablestoragedrive(bootable):
+                    self.info("[qfil] partition({partition}) is now bootable\n".format(partition=bootable))
+                else:
+                    self.info(
+                        "[qfil] set partition({partition}) as bootable failed\n".format(partition=bootable))
+
+        else:
+            self.error("Unknown/Missing command, a command is required.")
+            return False

edl/Library/gpt.py

@@ -0,0 +1,357 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+import argparse
+import os
+import sys
+import logging
+from enum import Enum
+from struct import unpack, pack
+from binascii import hexlify
+
+try:
+    from edl.Library.utils import LogBase, structhelper
+except:
+    from utils import LogBase, structhelper
+
+
+class gpt(metaclass=LogBase):
+    class gpt_header:
+        def __init__(self, data):
+            sh = structhelper(data)
+            self.signature = sh.bytes(8)
+            self.revision = sh.dword()
+            self.header_size = sh.dword()
+            self.crc32 = sh.dword()
+            self.reserved = sh.dword()
+            self.current_lba = sh.qword()
+            self.backup_lba = sh.qword()
+            self.first_usable_lba = sh.qword()
+            self.last_usable_lba = sh.qword()
+            self.disk_guid = sh.bytes(16)
+            self.part_entry_start_lba = sh.qword()
+            self.num_part_entries = sh.dword()
+            self.part_entry_size = sh.dword()
+
+    class gpt_partition:
+        def __init__(self, data):
+            sh = structhelper(data)
+            self.type = sh.bytes(16)
+            self.unique = sh.bytes(16)
+            self.first_lba = sh.qword()
+            self.last_lba = sh.qword()
+            self.flags = sh.qword()
+            self.name = sh.string(72)
+
+    class efi_type(Enum):
+        EFI_UNUSED = 0x00000000
+        EFI_MBR = 0x024DEE41
+        EFI_SYSTEM = 0xC12A7328
+        EFI_BIOS_BOOT = 0x21686148
+        EFI_IFFS = 0xD3BFE2DE
+        EFI_SONY_BOOT = 0xF4019732
+        EFI_LENOVO_BOOT = 0xBFBFAFE7
+        EFI_MSR = 0xE3C9E316
+        EFI_BASIC_DATA = 0xEBD0A0A2
+        EFI_LDM_META = 0x5808C8AA
+        EFI_LDM = 0xAF9B60A0
+        EFI_RECOVERY = 0xDE94BBA4
+        EFI_GPFS = 0x37AFFC90
+        EFI_STORAGE_SPACES = 0xE75CAF8F
+        EFI_HPUX_DATA = 0x75894C1E
+        EFI_HPUX_SERVICE = 0xE2A1E728
+        EFI_LINUX_DAYA = 0x0FC63DAF
+        EFI_LINUX_RAID = 0xA19D880F
+        EFI_LINUX_ROOT32 = 0x44479540
+        EFI_LINUX_ROOT64 = 0x4F68BCE3
+        EFI_LINUX_ROOT_ARM32 = 0x69DAD710
+        EFI_LINUX_ROOT_ARM64 = 0xB921B045
+        EFI_LINUX_SWAP = 0x0657FD6D
+        EFI_LINUX_LVM = 0xE6D6D379
+        EFI_LINUX_HOME = 0x933AC7E1
+        EFI_LINUX_SRV = 0x3B8F8425
+        EFI_LINUX_DM_CRYPT = 0x7FFEC5C9
+        EFI_LINUX_LUKS = 0xCA7D7CCB
+        EFI_LINUX_RESERVED = 0x8DA63339
+        EFI_FREEBSD_BOOT = 0x83BD6B9D
+        EFI_FREEBSD_DATA = 0x516E7CB4
+        EFI_FREEBSD_SWAP = 0x516E7CB5
+        EFI_FREEBSD_UFS = 0x516E7CB6
+        EFI_FREEBSD_VINUM = 0x516E7CB8
+        EFI_FREEBSD_ZFS = 0x516E7CBA
+        EFI_OSX_HFS = 0x48465300
+        EFI_OSX_UFS = 0x55465300
+        EFI_OSX_ZFS = 0x6A898CC3
+        EFI_OSX_RAID = 0x52414944
+        EFI_OSX_RAID_OFFLINE = 0x52414944
+        EFI_OSX_RECOVERY = 0x426F6F74
+        EFI_OSX_LABEL = 0x4C616265
+        EFI_OSX_TV_RECOVERY = 0x5265636F
+        EFI_OSX_CORE_STORAGE = 0x53746F72
+        EFI_SOLARIS_BOOT = 0x6A82CB45
+        EFI_SOLARIS_ROOT = 0x6A85CF4D
+        EFI_SOLARIS_SWAP = 0x6A87C46F
+        EFI_SOLARIS_BACKUP = 0x6A8B642B
+        EFI_SOLARIS_USR = 0x6A898CC3
+        EFI_SOLARIS_VAR = 0x6A8EF2E9
+        EFI_SOLARIS_HOME = 0x6A90BA39
+        EFI_SOLARIS_ALTERNATE = 0x6A9283A5
+        EFI_SOLARIS_RESERVED1 = 0x6A945A3B
+        EFI_SOLARIS_RESERVED2 = 0x6A9630D1
+        EFI_SOLARIS_RESERVED3 = 0x6A980767
+        EFI_SOLARIS_RESERVED4 = 0x6A96237F
+        EFI_SOLARIS_RESERVED5 = 0x6A8D2AC7
+        EFI_NETBSD_SWAP = 0x49F48D32
+        EFI_NETBSD_FFS = 0x49F48D5A
+        EFI_NETBSD_LFS = 0x49F48D82
+        EFI_NETBSD_RAID = 0x49F48DAA
+        EFI_NETBSD_CONCAT = 0x2DB519C4
+        EFI_NETBSD_ENCRYPT = 0x2DB519EC
+        EFI_CHROMEOS_KERNEL = 0xFE3A2A5D
+        EFI_CHROMEOS_ROOTFS = 0x3CB8E202
+        EFI_CHROMEOS_FUTURE = 0x2E0A753D
+        EFI_HAIKU = 0x42465331
+        EFI_MIDNIGHTBSD_BOOT = 0x85D5E45E
+        EFI_MIDNIGHTBSD_DATA = 0x85D5E45A
+        EFI_MIDNIGHTBSD_SWAP = 0x85D5E45B
+        EFI_MIDNIGHTBSD_UFS = 0x0394EF8B
+        EFI_MIDNIGHTBSD_VINUM = 0x85D5E45C
+        EFI_MIDNIGHTBSD_ZFS = 0x85D5E45D
+        EFI_CEPH_JOURNAL = 0x45B0969E
+        EFI_CEPH_ENCRYPT = 0x45B0969E
+        EFI_CEPH_OSD = 0x4FBD7E29
+        EFI_CEPH_ENCRYPT_OSD = 0x4FBD7E29
+        EFI_CEPH_CREATE = 0x89C57F98
+        EFI_CEPH_ENCRYPT_CREATE = 0x89C57F98
+        EFI_OPENBSD = 0x824CC7A0
+        EFI_QNX = 0xCEF5A9AD
+        EFI_PLAN9 = 0xC91818F9
+        EFI_VMWARE_VMKCORE = 0x9D275380
+        EFI_VMWARE_VMFS = 0xAA31E02A
+        EFI_VMWARE_RESERVED = 0x9198EFFC
+
+    def __init__(self, num_part_entries=0, part_entry_size=0, part_entry_start_lba=0, loglevel=logging.INFO, *args,
+                 **kwargs):
+        self.num_part_entries = num_part_entries
+        self.__logger = self.__logger
+        self.part_entry_size = part_entry_size
+        self.part_entry_start_lba = part_entry_start_lba
+        self.totalsectors = None
+        self.header = None
+        self.sectorsize = None
+        self.partentries = []
+
+        self.error = self.__logger.error
+        self.__logger.setLevel(loglevel)
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+    def parseheader(self, gptdata, sectorsize=512):
+        return self.gpt_header(gptdata[sectorsize:sectorsize + 0x5C])
+
+    def parse(self, gptdata, sectorsize=512):
+        self.header = self.gpt_header(gptdata[sectorsize:sectorsize + 0x5C])
+        self.sectorsize = sectorsize
+        if self.header.signature != b"EFI PART":
+            return False
+        if self.header.revision != 0x10000:
+            self.error("Unknown GPT revision.")
+            return False
+        if self.part_entry_start_lba != 0:
+            start = self.part_entry_start_lba
+        else:
+            start = self.header.part_entry_start_lba * sectorsize
+
+        entrysize = self.header.part_entry_size
+        self.partentries = []
+
+        class partf:
+            unique = b""
+            first_lba = 0
+            last_lba = 0
+            flags = 0
+            sector = 0
+            sectors = 0
+            type = b""
+            name = ""
+
+        num_part_entries = self.header.num_part_entries
+
+        for idx in range(0, num_part_entries):
+            data = gptdata[start + (idx * entrysize):start + (idx * entrysize) + entrysize]
+            if int(hexlify(data[16:32]), 16) == 0:
+                break
+            partentry = self.gpt_partition(data)
+            pa = partf()
+            guid1 = unpack("<I", partentry.unique[0:0x4])[0]
+            guid2 = unpack("<H", partentry.unique[0x4:0x6])[0]
+            guid3 = unpack("<H", partentry.unique[0x6:0x8])[0]
+            guid4 = unpack("<H", partentry.unique[0x8:0xA])[0]
+            guid5 = hexlify(partentry.unique[0xA:0x10]).decode('utf-8')
+            pa.unique = "{:08x}-{:04x}-{:04x}-{:04x}-{}".format(guid1, guid2, guid3, guid4, guid5)
+            pa.sector = partentry.first_lba
+            pa.sectors = partentry.last_lba - partentry.first_lba + 1
+            pa.flags = partentry.flags
+            type = int(unpack("<I", partentry.type[0:0x4])[0])
+            try:
+                pa.type = self.efi_type(type).name
+            except:
+                pa.type = hex(type)
+            pa.name = partentry.name.replace(b"\x00\x00", b"").decode('utf-16')
+            if pa.type == "EFI_UNUSED":
+                continue
+            self.partentries.append(pa)
+        self.totalsectors = self.header.last_usable_lba + 34
+        return True
+
+    def print(self):
+        print(self.tostring())
+
+    def tostring(self):
+        mstr = "\nGPT Table:\n-------------\n"
+        for partition in self.partentries:
+            mstr += ("{:20} Offset 0x{:016x}, Length 0x{:016x}, Flags 0x{:08x}, UUID {}, Type {}\n".format(
+                partition.name + ":", partition.sector * self.sectorsize, partition.sectors * self.sectorsize,
+                partition.flags, partition.unique, partition.type))
+        mstr += ("\nTotal disk size:0x{:016x}, sectors:0x{:016x}\n".format(self.totalsectors * self.sectorsize,
+                                                                           self.totalsectors))
+        return mstr
+
+    def generate_rawprogram(self, lun, sectorsize, directory):
+        fname = "rawprogram" + str(lun) + ".xml"
+        with open(os.path.join(directory, fname), "wb") as wf:
+            mstr = "<?xml version=\"1.0\" ?>\n<data>\n"
+            partofsingleimage = "false"
+            readbackverify = "false"
+            sparse = "false"
+            for partition in self.partentries:
+                filename = partition.name + ".bin"
+                mstr += f"\t<program SECTOR_SIZE_IN_BYTES=\"{sectorsize}\" " + \
+                        f"file_sector_offset=\"0\" " \
+                        f"filename=\"{filename}\" " + \
+                        f"label=\"{partition.name}\" " \
+                        f"num_partition_sectors=\"{partition.sectors}\" " + \
+                        f"partofsingleimage=\"{partofsingleimage}\" " \
+                        f"physical_partition_number=\"{str(lun)}\" " + \
+                        f"readbackverify=\"{readbackverify}\" " \
+                        f"size_in_KB=\"{(partition.sectors * sectorsize / 1024):.1f}\" " \
+                        f"sparse=\"{sparse}\" " + \
+                        f"start_byte_hex=\"{hex(partition.sector * sectorsize)}\" " \
+                        f"start_sector=\"{partition.sector}\"/>\n"
+            partofsingleimage = "true"
+            sectors = self.header.first_usable_lba
+            mstr += f"\t<program SECTOR_SIZE_IN_BYTES=\"{sectorsize}\" " + \
+                    f"file_sector_offset=\"0\" " + \
+                    f"filename=\"gpt_main{str(lun)}.bin\" " + \
+                    f"label=\"PrimaryGPT\" " + \
+                    f"num_partition_sectors=\"{sectors}\" " + \
+                    f"partofsingleimage=\"{partofsingleimage}\" " + \
+                    f"physical_partition_number=\"{str(lun)}\" " + \
+                    f"readbackverify=\"{readbackverify}\" " + \
+                    f"size_in_KB=\"{(sectors * sectorsize / 1024):.1f}\" " + \
+                    f"sparse=\"{sparse}\" " + \
+                    f"start_byte_hex=\"0x0\" " + \
+                    f"start_sector=\"0\"/>\n"
+            sectors = self.header.first_usable_lba - 1
+            mstr += f"\t<program SECTOR_SIZE_IN_BYTES=\"{sectorsize}\" " + \
+                    f"file_sector_offset=\"0\" " + \
+                    f"filename=\"gpt_backup{str(lun)}.bin\" " + \
+                    f"label=\"BackupGPT\" " + \
+                    f"num_partition_sectors=\"{sectors}\" " + \
+                    f"partofsingleimage=\"{partofsingleimage}\" " + \
+                    f"physical_partition_number=\"{str(lun)}\" " + \
+                    f"readbackverify=\"{readbackverify}\" " + \
+                    f"size_in_KB=\"{(sectors * sectorsize / 1024):.1f}\" " + \
+                    f"sparse=\"{sparse}\" " + \
+                    f"start_byte_hex=\"({sectorsize}*NUM_DISK_SECTORS)-{sectorsize * sectors}.\" " + \
+                    f"start_sector=\"NUM_DISK_SECTORS-{sectors}.\"/>\n"
+            mstr += "</data>"
+            wf.write(bytes(mstr, 'utf-8'))
+            print(f"Wrote partition xml as {fname}")
+
+    def print_gptfile(self, filename):
+        try:
+            filesize = os.stat(filename).st_size
+            with open(filename, "rb") as rf:
+                size = min(32 * 4096, filesize)
+                data = rf.read(size)
+                for sectorsize in [512, 4096]:
+                    result = self.parse(data, sectorsize)
+                    if result:
+                        break
+                if result:
+                    print(self.tostring())
+                return result
+        except Exception as e:
+            self.error(str(e))
+        return ""
+
+    def test_gpt(self):
+        res = self.print_gptfile(os.path.join("TestFiles", "gpt_sm8180x.bin"))
+        assert res, "GPT Partition wasn't decoded properly"
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="GPT utils")
+    subparsers = parser.add_subparsers(dest="command", help='sub-command help')
+
+    parser_print = subparsers.add_parser("print", help="Print the gpt table")
+    parser_print.add_argument("image", help="The path of the GPT disk image")
+
+    parser_test = subparsers.add_parser("test", help="Run self-test")
+
+    parser_extract = subparsers.add_parser("extract", help="Extract the partitions")
+    parser_extract.add_argument("image", help="The path of the GPT disk image")
+    parser_extract.add_argument("-out", "-o", help="The path to extract the partitions")
+    parser_extract.add_argument("-partition", "-p", help="Extract specific partitions (separated by comma)")
+
+    args = parser.parse_args()
+    if args.command not in ["print", "extract", "test"]:
+        parser.error("Command is mandatory")
+
+    gp = gpt()
+    if args.command == "print":
+        if not os.path.exists(args.image):
+            print(f"File {args.image} does not exist. Aborting.")
+            sys.exit(1)
+        gp.print_gptfile(args.image)
+    elif args.command == "test":
+        gp.test_gpt()
+    elif args.command == "extract":
+        if not os.path.exists(args.image):
+            print(f"File {args.image} does not exist. Aborting.")
+            sys.exit(1)
+        filesize = os.stat(args.image).st_size
+        with open(args.image, "rb", buffering=1024 * 1024) as rf:
+            data = rf.read(min(32 * 4096, filesize))
+            ssize = None
+            for sectorsize in [512, 4096]:
+                result = gp.parse(data, sectorsize)
+                if result:
+                    ssize = sectorsize
+                    break
+            if ssize is not None:
+                for partition in gp.partentries:
+                    if args.partition is not None:
+                        if partition != args.partition:
+                            continue
+                    name = partition.name
+                    start = partition.sector * ssize
+                    length = partition.sectors * ssize
+                    out = args.out
+                    if out is None:
+                        out = "."
+                    if not os.path.exists(out):
+                        os.makedirs(out)
+                    filename = os.path.join(out, name)
+                    rf.seek(start)
+                    bytestoread = length
+                    with open(filename, "wb", buffering=1024 * 1024) as wf:
+                        while bytestoread > 0:
+                            size = min(bytestoread, 0x200000)
+                            rf.read(size)
+                            wf.write(size)
+                            bytestoread -= size
+                    print(f"Extracting {name} to {filename} at {hex(start)}, length {hex(length)}")

edl/Library/hdlc.py

@@ -0,0 +1,240 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2019
+
+import logging
+from binascii import hexlify
+from struct import unpack
+import time
+
+MAX_PACKET_LEN = 4096
+
+crcTbl = (
+    0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
+    0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
+    0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
+    0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
+    0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
+    0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
+    0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
+    0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
+    0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
+    0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
+    0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
+    0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
+    0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
+    0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
+    0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
+    0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
+    0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
+    0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
+    0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
+    0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
+    0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
+    0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
+    0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
+    0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
+    0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
+    0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
+    0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
+    0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
+    0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
+    0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
+    0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
+    0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78)
+
+
+def serial16le(data):
+    out = bytearray()
+    out.append(data & 0xFF)
+    out.append((data >> 8) & 0xFF)
+    return out
+
+
+def serial16(data):
+    out = bytearray()
+    out.append((data >> 8) & 0xFF)
+    out.append(data & 0xFF)
+    return out
+
+
+def serial32le(data):
+    out = bytearray()
+    out += serial16le(data & 0xFFFF)
+    out += serial16le((data >> 16) & 0xFFFF)
+    return out
+
+
+def crc16(iv, data):
+    for byte in data:
+        iv = ((iv >> 8) & 0xFFFF) ^ crcTbl[(iv ^ byte) & 0xFF]
+    return ~iv & 0xFFFF
+
+
+def serial32(data):
+    out = bytearray()
+    out += serial16((data >> 16) & 0xFFFF)
+    out += serial16(data & 0xFFFF)
+    return out
+
+
+def escape(indata):
+    outdata = bytearray()
+    for i in range(0, len(indata)):
+        buf = indata[i]
+        if buf == 0x7e:
+            outdata.append(0x7d)
+            outdata.append(0x5e)
+        elif buf == 0x7d:
+            outdata.append(0x7d)
+            outdata.append(0x5d)
+        else:
+            outdata.append(buf)
+    return outdata
+
+
+def unescape(indata):
+    mescape = False
+    out = bytearray()
+    for buf in indata:
+        if mescape:
+            if buf == 0x5e:
+                out.append(0x7e)
+            elif buf == 0x5d:
+                out.append(0x7d)
+            else:
+                logging.error("Fatal error unescaping buffer!")
+                return None
+            mescape = False
+        else:
+            if buf == 0x7d:
+                mescape = True
+            else:
+                out.append(buf)
+    if len(out) == 0:
+        return None
+    return out
+
+
+def convert_cmdbuf(indata):
+    crc16val = crc16(0xFFFF, indata)
+    indata.extend(bytearray(serial16le(crc16val)))
+    outdata = escape(indata)
+    outdata.append(0x7E)
+    return outdata
+
+
+class hdlc:
+    def __init__(self, cdc):
+        self.cdc = cdc
+        self.programmer = None
+        self.timeout = 1500
+
+    def receive_reply(self, timeout=None):
+        replybuf = bytearray()
+        if timeout is None:
+            timeout = self.timeout
+        tmp = self.cdc.read(MAX_PACKET_LEN, timeout)
+        if tmp == bytearray():
+            return 0
+        if tmp == b"":
+            return 0
+        retry = 0
+        while tmp[-1] != 0x7E:
+            time.sleep(0.01)
+            tmp += self.cdc.read(MAX_PACKET_LEN, timeout)
+            retry += 1
+            if retry > 5:
+                break
+        replybuf.extend(tmp)
+        data = unescape(replybuf)
+        # print(hexlify(data))
+        if len(data) > 3:
+            crc16val = crc16(0xFFFF, data[:-3])
+            reccrc = int(data[-3]) + (int(data[-2]) << 8)
+            if crc16val != reccrc:
+                return -1
+        else:
+            time.sleep(0.01)
+            data = self.cdc.read(MAX_PACKET_LEN, timeout)
+            if len(data) > 3:
+                crc16val = crc16(0xFFFF, data[:-3])
+                reccrc = int(data[-3]) + (int(data[-2]) << 8)
+                if crc16val != reccrc:
+                    return -1
+                return data
+        return data[:-3]
+
+    def receive_reply_nocrc(self, timeout=None):
+        replybuf = bytearray()
+        if timeout is None:
+            timeout = self.timeout
+        tmp = self.cdc.read(MAX_PACKET_LEN, timeout)
+        if tmp == bytearray():
+            return 0
+        if tmp == b"":
+            return 0
+        retry = 0
+        while tmp[-1] != 0x7E:
+            # time.sleep(0.05)
+            tmp += self.cdc.read(MAX_PACKET_LEN, timeout)
+            retry += 1
+            if retry > 5:
+                break
+        replybuf.extend(tmp)
+        data = unescape(replybuf)
+        # print(hexlify(data))
+        if len(data) > 3:
+            # crc16val = self.crc16(0xFFFF, data[:-3])
+            # reccrc = int(data[-3]) + (int(data[-2]) << 8)
+            return data[:-3]
+        else:
+            time.sleep(0.5)
+            data = self.cdc.read(MAX_PACKET_LEN, timeout)
+            if len(data) > 3:
+                # crc16val = self.crc16(0xFFFF, data[:-3])
+                # reccrc = int(data[-3]) + (int(data[-2]) << 8)
+                return data[:-3]
+            else:
+                return data
+
+    def send_unframed_buf(self, outdata, prefixflag):
+        # ttyflush()
+        if prefixflag:
+            tmp = bytearray()
+            tmp.append(0x7E)
+            tmp.extend(outdata)
+            outdata = tmp
+        return self.cdc.write(outdata[:MAX_PACKET_LEN])
+        # FlushFileBuffers(ser)
+
+    def send_cmd_base(self, outdata, prefixflag, nocrc=False):
+        if isinstance(outdata, str):
+            outdata = bytes(outdata, 'utf-8')
+        packet = convert_cmdbuf(bytearray(outdata))
+        if self.send_unframed_buf(packet, prefixflag):
+            if nocrc:
+                return self.receive_reply_nocrc()
+            else:
+                return self.receive_reply()
+        return b""
+
+    def send_cmd(self, outdata, nocrc=False):
+        return self.send_cmd_base(outdata, 1, nocrc)
+
+    def send_cmd_np(self, outdata, nocrc=False):
+        return self.send_cmd_base(outdata, 0, nocrc)
+
+    def show_errpacket(self, descr, pktbuf):
+        if len(pktbuf) == 0:
+            return
+        logging.error("Error: %s " % descr)
+
+        if pktbuf[1] == 0x0e:
+            pktbuf[-4] = 0
+            # puts(pktbuf+2)
+            ret = self.receive_reply()
+            errorcode = unpack("<I", ret[2:2 + 4])
+            logging.error("Error code = %08x\n\n", errorcode)
+        else:
+            print(hexlify(pktbuf))

edl/Library/memparse.py

@@ -0,0 +1,78 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+
+import os
+import pt64
+import pt
+import argparse
+
+
+def pt64_walk(data, ttbr, tnsz, levels=3):
+    print("Dumping page tables (levels=%d)" % levels)
+    print("First level (ptbase = %016x)" % ttbr)
+    print("---------------------------------------------")
+    fl = data[ttbr - ttbr:ttbr - ttbr + 0x1000]
+
+    if levels <= 1:
+        return
+
+    for (va, fle) in pt64.parse_pt(fl, 0, tnsz, 1):
+        if "TABLE" in str(fle):
+            print("Second level (ptbase = %016x)" % fle.output)
+            print("---------------------------------------------")
+
+            sl = data[fle.output - ttbr:fle.output - ttbr + 0x4000]
+            sl = pt64.parse_pt(sl, va, tnsz, 2)
+
+            if levels <= 2:
+                continue
+
+            for (mva, sle) in sl:
+                if "TABLE" in str(sle):
+                    print("Third level (ptbase = %016x)" % sle.output)
+                    print("---------------------------------------------")
+                    tl = data[sle.output - ttbr:sle.output - ttbr + 0x1000]
+                    pt64.parse_pt(tl, mva, tnsz, 3)
+
+
+def pt32_walk(data, ttbr, skip):
+    print("First level (va = %08x)" % ttbr)
+    print("---------------------------------------------")
+    fl = data[ttbr - ttbr:ttbr - ttbr + 0x4000]
+
+    i = 0
+    for (va, fl) in pt.parse_pt(fl):
+        i += 1
+        if i <= skip:
+            continue
+        if type(fl) == pt.pt_desc:
+            print("")
+            print("Second level (va = %08x)" % va)
+            print("---------------------------------------------")
+            sldata = data[fl.coarse_base - ttbr:fl.coarse_base - ttbr + 0x400]
+            pt.parse_spt(sldata, va)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        prog="memparse",
+        usage="python memparse.py -arch <32,64> -in <filename> -mem <offset>",
+        formatter_class=argparse.RawTextHelpFormatter)
+    parser.add_argument('-in', '--in', dest='infile', help='memory dump', default="")
+    parser.add_argument('-arch', '--arch', dest='arch', help='architecture=32,64', default="32")
+    parser.add_argument('-mem', '--mem', dest='mem', help='memoryoffset', default="0x200000")
+    args = parser.parse_args()
+    if args.infile == "":
+        print("You need to add an -in [memorydump filename]")
+        return
+
+    with open(args.infile, "rb") as rf:
+        data = rf.read()
+        if args.arch == "32":
+            pt32_walk(data, int(args.mem, 16), False)
+        else:
+            pt64_walk(data, int(args.mem, 16), 0, 3)
+
+
+main()

edl/Library/nand_config.py

@@ -0,0 +1,789 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2019
+import ctypes
+from enum import Enum
+from edl.Config.qualcomm_config import secgen, secureboottbl
+
+c_uint8 = ctypes.c_uint8
+
+# nandbase MSM_NAND_BASE
+# qfprom SECURITY_CONTROL_BASE_PHYS
+config_tbl = {
+    #           bam nandbase bcraddr    secureboot          pbl                   qfprom                memtbl
+    3: ["9x25", 1, 0xf9af0000, 0xfc401a40, secureboottbl["MDM9x25"], secgen[2][0], secgen[2][1], secgen[2][2]],
+    8: ["9x35", 1, 0xf9af0000, 0xfc401a40, secureboottbl["MDM9x35"], secgen[2][0], secgen[2][1], secgen[2][2]],
+    10: ["9x45", 1, 0x79B0000, 0x183f000, secureboottbl["MDM9x45"], secgen[2][0], secgen[2][1], secgen[2][2]],
+    16: ["9x55", 0, 0x79B0000, 0x183f000, secureboottbl["MDM9x45"], secgen[5][0], secgen[5][1], secgen[5][2]],
+    17: ["9x60", 0, 0x79B0000, 0x183f000, secureboottbl["MDM9x60"], secgen[5][0], secgen[5][1], secgen[5][2]],
+    12: ["9x07", 0, 0x79B0000, 0x183f000, secureboottbl["MDM9607"], secgen[5][0], secgen[5][1], secgen[5][2]]
+}
+
+supported_flash = {
+    # Flash ID   Density(MB)  Wid Pgsz  Blksz        oobsz onenand   Manuf */
+    0x2690ac2c: [(512 << 20), 0, 4096, (4096 << 6), 224, 0],  # QUECTEL_NAND_FM6BD4G2GXA
+    0x2690ac98: [(512 << 20), 0, 4096, (4096 << 6), 256, 0],  # QUECTEL_NAND_NM14FSK2LAXCL
+    0x1500aa98: [(256 << 20), 0, 2048, (2048 << 6), 64, 0],
+    0x5500ba98: [(256 << 20), 1, 2048, (2048 << 6), 64, 0],
+    0xd580b12c: [(256 << 20), 1, 2048, (2048 << 6), 64, 0],
+    0x5590bc2c: [(512 << 20), 1, 2048, (2048 << 6), 64, 0],
+    0x1580aa2c: [(256 << 20), 0, 2048, (2048 << 6), 64, 0],
+    0x1590aa2c: [(256 << 20), 0, 2048, (2048 << 6), 64, 0],
+    0x1590ac2c: [(512 << 20), 0, 2048, (2048 << 6), 64, 0],
+    0x5580baad: [(256 << 20), 1, 2048, (2048 << 6), 64, 0],
+    0x5510baad: [(256 << 20), 1, 2048, (2048 << 6), 64, 0],
+    # 0x004000ec: [(256 << 20), 0, 2048, (2048 << 6), 64, 1],
+    # 0x005c00ec: [(256 << 20), 0, 2048, (2048 << 6), 64, 1],
+    # 0x005800ec: [(256 << 20), 0, 2048, (2048 << 6), 64, 1],
+    0x5580ba2c: [(256 << 20), 1, 2048, (2048 << 6), 64, 0],
+    0x6600b3ec: [(1024 << 20), 1, 4096, (4096 << 6), 128, 0],
+    0x55d1b32c: [(1024 << 20), 1, 2048, (2048 << 6), 64, 0]
+    # 0x1500aaec: 0xFF00FFFF, (256 << 20), 0, 2048, (2048 << 6), 64, 0],
+    # 0x5500baec: 0xFF00FFFF, (256 << 20), 1, 2048, (2048 << 6), 64, 0},	/*Sams */
+    # 0x6600bcec: 0xFF00FFFF, (512 << 20), 1, 4096, (4096 << 6), 128, 0},	/*Sams */
+    # 0x2600482c: 0xFF00FFFF, (2048 << 20), 0, 4096, (4096 << 7), 224, 0},	/*8bit bch ecc */
+}
+
+
+class BadFlags(Enum):
+    BAD_UNDEF = 0
+    BAD_FILL = 1
+    BAD_SKIP = 2
+    BAD_IGNORE = 3
+    BAD_DISABLE = 4
+
+
+nand_ids = [
+    ("NAND 16MiB 1,8V 8-bit", 0x33, 16),
+    ("NAND 16MiB 3,3V 8-bit", 0x73, 16),
+    ("NAND 16MiB 1,8V 16-bit", 0x43, 16),
+    ("NAND 16MiB 3,3V 16-bit", 0x53, 16),
+
+    ("NAND 32MiB 1,8V 8-bit", 0x35, 32),
+    ("NAND 32MiB 3,3V 8-bit", 0x75, 32),
+    ("NAND 32MiB 1,8V 16-bit", 0x45, 32),
+    ("NAND 32MiB 3,3V 16-bit", 0x55, 32),
+
+    ("NAND 64MiB 1,8V 8-bit", 0x36, 64),
+    ("NAND 64MiB 3,3V 8-bit", 0x76, 64),
+    ("NAND 64MiB 1,8V 16-bit", 0x46, 64),
+    ("NAND 64MiB 3,3V 16-bit", 0x56, 64),
+
+    ("NAND 128MiB 1,8V 8-bit", 0x78, 128),
+    ("NAND 128MiB 1,8V 8-bit", 0x39, 128),
+    ("NAND 128MiB 3,3V 8-bit", 0x79, 128),
+    ("NAND 128MiB 1,8V 16-bit", 0x72, 128),
+    ("NAND 128MiB 1,8V 16-bit", 0x49, 128),
+    ("NAND 128MiB 3,3V 16-bit", 0x74, 128),
+    ("NAND 128MiB 3,3V 16-bit", 0x59, 128),
+    ("NAND 256MiB 3,3V 8-bit", 0x71, 256),
+
+    # 512 Megabit
+    ("NAND 64MiB 1,8V 8-bit", 0xA2, 64),
+    ("NAND 64MiB 1,8V 8-bit", 0xA0, 64),
+    ("NAND 64MiB 3,3V 8-bit", 0xF2, 64),
+    ("NAND 64MiB 3,3V 8-bit", 0xD0, 64),
+    ("NAND 64MiB 1,8V 16-bit", 0xB2, 64),
+    ("NAND 64MiB 1,8V 16-bit", 0xB0, 64),
+    ("NAND 64MiB 3,3V 16-bit", 0xC2, 64),
+    ("NAND 64MiB 3,3V 16-bit", 0xC0, 64),
+
+    # 1 Gigabit
+    ("NAND 128MiB 1,8V 8-bit", 0xA1, 128),
+    ("NAND 128MiB 3,3V 8-bit", 0xF1, 128),
+    ("NAND 128MiB 3,3V 8-bit", 0xD1, 128),
+    ("NAND 128MiB 1,8V 16-bit", 0xB1, 128),
+    ("NAND 128MiB 3,3V 16-bit", 0xC1, 128),
+    ("NAND 128MiB 1,8V 16-bit", 0xAD, 128),
+
+    # 2 Gigabit
+    ("NAND 256MiB 1.8V 8-bit", 0xAA, 256),
+    ("NAND 256MiB 3.3V 8-bit", 0xDA, 256),
+    ("NAND 256MiB 1.8V 16-bit", 0xBA, 256),
+    ("NAND 256MiB 3.3V 16-bit", 0xCA, 256),
+
+    # 4 Gigabit
+    ("NAND 512MiB 1.8V 8-bit", 0xAC, 512),
+    ("NAND 512MiB 3.3V 8-bit", 0xDC, 512),
+    ("NAND 512MiB 1.8V 16-bit", 0xBC, 512),
+    ("NAND 512MiB 3.3V 16-bit", 0xCC, 512),
+
+    # 8 Gigabit
+    ("NAND 1GiB 1.8V 8-bit", 0xA3, 1024),
+    ("NAND 1GiB 3.3V 8-bit", 0xD3, 1024),
+    ("NAND 1GiB 1.8V 16-bit", 0xB3, 1024),
+    ("NAND 1GiB 3.3V 16-bit", 0xC3, 1024),
+
+    # 16 Gigabit
+    ("NAND 2GiB 1.8V 8-bit", 0xA5, 2048),
+    ("NAND 2GiB 3.3V 8-bit", 0xD5, 2048),
+    ("NAND 2GiB 1.8V 16-bit", 0xB5, 2048),
+    ("NAND 2GiB 3.3V 16-bit", 0xC5, 2048),
+
+    # 32 Gigabit
+    ("NAND 4GiB 1.8V 8-bit", 0xA7, 4096),
+    ("NAND 4GiB 3.3V 8-bit", 0xD7, 4096),
+    ("NAND 4GiB 1.8V 16-bit", 0xB7, 4096),
+    ("NAND 4GiB 3.3V 16-bit", 0xC7, 4096),
+
+    # 64 Gigabit
+    ("NAND 8GiB 1.8V 8-bit", 0xAE, 8192),
+    ("NAND 8GiB 3.3V 8-bit", 0xDE, 8192),
+    ("NAND 8GiB 1.8V 16-bit", 0xBE, 8192),
+    ("NAND 8GiB 3.3V 16-bit", 0xCE, 8192),
+
+    # 128 Gigabit
+    ("NAND 16GiB 1.8V 8-bit", 0x1A, 16384),
+    ("NAND 16GiB 3.3V 8-bit", 0x3A, 16384),
+    ("NAND 16GiB 1.8V 16-bit", 0x2A, 16384),
+    ("NAND 16GiB 3.3V 16-bit", 0x4A, 16384),
+
+    # 256 Gigabit
+    ("NAND 32GiB 1.8V 8-bit", 0x1C, 32768),
+    ("NAND 32GiB 3.3V 8-bit", 0x3C, 32768),
+    ("NAND 32GiB 1.8V 16-bit", 0x2C, 32768),
+    ("NAND 32GiB 3.3V 16-bit", 0x4C, 32768),
+
+    # 512 Gigabit
+    ("NAND 64GiB 1.8V 8-bit", 0x1E, 65536),
+    ("NAND 64GiB 3.3V 8-bit", 0x3E, 65536),
+    ("NAND 64GiB 1.8V 16-bit", 0x2E, 65536),
+    ("NAND 64GiB 3.3V 16-bit", 0x4E, 65536),
+    (0, 0, 0),
+]
+
+nand_manuf_ids = [
+    (0x98, "Toshiba"),
+    (0xec, "Samsung"),
+    (0x04, "Fujitsu"),
+    (0x8f, "National"),
+    (0x07, "Renesas"),
+    (0x20, "ST Micro"),
+    (0xad, "Hynix"),
+    (0x2c, "Micron"),
+    (0xc8, "Elite Semiconductor"),
+    (0x01, "Spansion/AMD"),
+    (0xef, "Winbond"),
+    (0x0, "")
+]
+
+toshiba_tbl = {
+    # small_slc,device_width,density_mbits
+    0x36: [True, 8, 512],
+    0x46: [True, 16, 512],
+    0x79: [True, 8, 1024],
+    0xA0: [False, -1, 512],
+    0xB0: [False, -1, 512],
+    0xC0: [False, -1, 512],
+    0xD0: [False, -1, 512],
+    0xA1: [False, -1, 1024],
+    0xB1: [False, -1, 1024],
+    0xC1: [False, -1, 1024],
+    0xD1: [False, -1, 1024],
+    0xAA: [False, -1, 2048],
+    0xBA: [False, -1, 2048],
+    0xCA: [False, -1, 2048],
+    0xDA: [False, -1, 2048],
+    0xAC: [False, -1, 4096],
+    0xBC: [False, -1, 4096],
+    0xCC: [False, -1, 4096],
+    0xDC: [False, -1, 4096],
+    0xA3: [False, -1, 8192],
+    0xB3: [False, -1, 8192],
+    0xC3: [False, -1, 8192],
+    0xD3: [False, -1, 8192],
+    0xA5: [False, -1, 16384],
+    0xB5: [False, -1, 16384],
+    0xC5: [False, -1, 16384],
+    0xD5: [False, -1, 16384],
+}
+
+samsung_tbl = {
+    # small_slc,device_width,density_mbits
+    0x45: [True, 16, 256],
+    0x55: [True, 16, 256],
+    0x35: [True, 8, 256],
+    0x75: [True, 8, 256],
+    0x46: [True, 16, 512],
+    0x56: [True, 16, 512],
+    0x76: [True, 8, 512],
+    0x36: [True, 8, 512],
+    0x72: [True, 16, 1024],
+    0x74: [True, 16, 1024],
+    0x79: [True, 8, 1024],
+    0x78: [True, 8, 1024],
+    0x71: [True, 8, 2048],
+    0xDC: [True, 8, 4096],
+    0xA1: [False, -1, 1024],
+    0xB1: [False, -1, 1024],
+    0xC1: [False, -1, 1024],
+    0xD1: [False, -1, 1024],
+    0xAA: [False, -1, 2048],
+    0xBA: [False, -1, 2048],
+    0xCA: [False, -1, 2048],
+    0xDA: [False, -1, 2048],
+    0xAC: [False, -1, 4096],
+    0xBC: [False, -1, 4096],
+    0xCC: [False, -1, 4096],
+    0xA3: [False, -1, 8192],
+    0xB3: [False, -1, 8192],
+    0xC3: [False, -1, 8192],
+    0xD3: [False, -1, 8192],
+    0xA5: [False, -1, 16384],
+    0xB5: [False, -1, 16384],
+    0xC5: [False, -1, 16384],
+    0xD5: [False, -1, 16384]
+}
+
+
+class SettingsOpt:
+    def __init__(self, parent, chipset):
+        self.PAGESIZE = 4096
+        self.parent = parent
+        self.bad_loader = 0
+        self.sectors_per_page = 0
+        self.sectorsize = 512
+        self.flash_mfr = ""
+        self.flash_descr = ""
+        self.IsWideFlash = 0
+        self.badsector = 0
+        self.badflag = 0
+        self.badposition = 0
+        self.badplace = 0
+        self.bch_mode = 0
+        self.ecc_size = 0
+        self.ecc_bit = 0
+        self.num_pages_per_blk = 64
+        self.udflag = 0
+        self.sahara = 1
+        self.args_disable_ecc = 0  # 0=enable, 1=disable
+        self.bad_processing_flag = BadFlags.BAD_SKIP.value
+        self.cwsize = 0
+        self.rflag = 0
+        self.cfg1_enable_bch_ecc = 0
+        self.bad_loader = 0
+        self.OOBSIZE = 0
+        self.MAXBLOCK = 0
+        self.UD_SIZE_BYTES = 516
+        self.BAD_BLOCK_BYTE_NUM = 0
+        self.BAD_BLOCK_IN_SPARE_AREA = 0
+        self.ECC_MODE = 0
+        self.bad_loader = 1
+        self.secureboot = secureboottbl["MDM9607"]
+        self.pbl = secgen[5][0]
+        self.qfprom = secgen[5][1]
+        self.memtbl = secgen[5][2]
+        self.chipname = "Unknown"
+        if chipset in config_tbl:
+            self.chipname, self.bam, self.nandbase, self.bcraddr, self.secureboot, self.pbl, \
+                self.qfprom, self.memtbl = config_tbl[chipset]
+            self.bad_loader = 0
+        else:
+            loadername = parent.sahara.programmer.lower()
+            for chipid in config_tbl:
+                if config_tbl[chipid][0] in loadername:
+                    self.chipname, self.bam, self.nandbase, self.bcraddr, self.secureboot, \
+                        self.pbl, self.qfprom, self.memtbl = config_tbl[chipid]
+                    self.bad_loader = 0
+        if chipset == 0xFF:
+            self.bad_loader = 0
+
+
+class nand_toshiba_ids(ctypes.LittleEndianStructure):
+    _fields_ = [
+        ("mid", c_uint8, 8),
+        ("did", c_uint8, 8),
+        ("icn", c_uint8, 2),
+        ("bpc", c_uint8, 2),
+        ("rsvd0", c_uint8, 4),
+        ("page_size", c_uint8, 2),
+        ("spare_size", c_uint8, 2),
+        ("block_size", c_uint8, 2),
+        ("org", c_uint8, 1),
+        ("rsvd1", c_uint8, 1),
+        ("rsvd2", c_uint8, 8),
+    ]
+
+
+class nand_toshiba_id_t(ctypes.Union):
+    _anonymous_ = ("bit",)
+    _fields_ = [
+        ("bit", nand_toshiba_ids),
+        ("asDword", ctypes.c_uint32)
+    ]
+
+
+class nand_samsung_ids(ctypes.LittleEndianStructure):
+    _fields_ = [
+        ("mid", c_uint8, 8),
+        ("did", c_uint8, 8),
+        ("icn", c_uint8, 2),
+        ("bpc", c_uint8, 2),
+        ("nspp", c_uint8, 2),
+        ("ip", c_uint8, 1),
+        ("cp", c_uint8, 1),
+        ("page_size", c_uint8, 2),
+        ("spare_size", c_uint8, 2),
+        ("sam0", c_uint8, 1),
+        ("block_size", c_uint8, 2),
+        ("org", c_uint8, 1),
+        ("sam1", c_uint8, 1),
+        ("ecc", c_uint8, 2),
+        ("plane", c_uint8, 2),
+        ("plane_size", c_uint8, 3),
+        ("rsvd", c_uint8, 1),
+    ]
+
+
+class nand_samsung_id_t(ctypes.Union):
+    _anonymous_ = ("bit",)
+    _fields_ = [
+        ("bit", nand_toshiba_ids),
+        ("asDword", ctypes.c_uint32)
+    ]
+
+
+class NandDevice:
+    # NAND_DEVn_CFG0 bits
+    DISABLE_STATUS_AFTER_WRITE = 4
+    CW_PER_PAGE = 6
+    UD_SIZE_BYTES = 9
+    ECC_PARITY_SIZE_BYTES_RS = 19
+    SPARE_SIZE_BYTES = 23
+    NUM_ADDR_CYCLES = 27
+    STATUS_BFR_READ = 30
+    SET_RD_MODE_AFTER_STATUS = 31
+
+    # NAND_DEV1_CFG0 bits
+    DEV0_CFG1_ECC_DISABLE = 0
+    WIDE_FLASH = 1
+    NAND_RECOVERY_CYCLES = 2
+    CS_ACTIVE_BSY = 5
+    BAD_BLOCK_BYTE_NUM = 6
+    BAD_BLOCK_IN_SPARE_AREA = 16
+    WR_RD_BSY_GAP = 17
+    ENABLE_BCH_ECC = 27
+    ECC_ENCODER_CGC_EN = 23
+    ECC_DECODER_CGC_EN = 24
+    DISABLE_ECC_RESET_AFTER_OPDONE = 25
+    ENABLE_NEW_ECC = 27
+    ECC_MODE_DEV1 = 28  # 28:29
+
+    # NAND_DEV0_ECC_CFG bits
+    ECC_CFG_ECC_DISABLE = 0
+    ECC_SW_RESET = 1
+    ECC_MODE = 4
+    ECC_PARITY_SIZE_BYTES_BCH = 8
+    ECC_NUM_DATA_BYTES = 16
+    ECC_ENC_CLK_SHUTDOWN = 28
+    ECC_DEC_CLK_SHUTDOWN = 29
+    ECC_FORCE_CLK_OPEN = 30
+
+    # NAND_DEV_CMD1 bits
+    READ_ADDR = 0
+
+    # NAND_DEV_CMD_VLD bits
+    READ_START_VLD = 0
+    READ_STOP_VLD = 1
+    WRITE_START_VLD = 2
+    ERASE_START_VLD = 3
+    SEQ_READ_START_VLD = 4
+
+    NAND_CMD_PARAM = 0xec
+    ECC_BCH_4BIT = 2
+
+    def __init__(self, settings):
+        self.settings = settings
+        # device commands
+        self.NAND_CMD_SOFT_RESET = 0x01
+        self.NAND_CMD_PAGE_READ = 0x32
+        self.NAND_CMD_PAGE_READ_ECC = 0x33
+        self.NAND_CMD_PAGE_READ_ALL = 0x34
+        self.NAND_CMD_SEQ_PAGE_READ = 0x15
+        self.NAND_CMD_PRG_PAGE = 0x36
+        self.NAND_CMD_PRG_PAGE_ECC = 0x37
+        self.NAND_CMD_PRG_PAGE_ALL = 0x39
+        self.NAND_CMD_BLOCK_ERASE = 0x3A
+        self.NAND_CMD_FETCH_ID = 0x0B
+        self.NAND_CMD_STATUS = 0x0C
+        self.NAND_CMD_RESET = 0x0D
+
+        # addr offsets
+        self.NAND_FLASH_CMD = settings.nandbase + 0
+        self.NAND_ADDR0 = settings.nandbase + 4
+        self.NAND_ADDR1 = settings.nandbase + 8
+        self.NAND_FLASH_CHIP_SELECT = settings.nandbase + 0xc
+        self.NAND_EXEC_CMD = settings.nandbase + 0x10
+        self.NAND_FLASH_STATUS = settings.nandbase + 0x14
+        self.NAND_BUFFER_STATUS = settings.nandbase + 0x18
+        self.NAND_DEV0_CFG0 = settings.nandbase + 0x20
+        self.NAND_DEV0_CFG1 = settings.nandbase + 0x24
+        self.NAND_DEV0_ECC_CFG = settings.nandbase + 0x28
+        self.NAND_DEV1_ECC_CFG = settings.nandbase + 0x2C
+        self.NAND_DEV1_CFG0 = settings.nandbase + 0x30
+        self.NAND_DEV1_CFG1 = settings.nandbase + 0x34
+        self.NAND_SFLASHC_CMD = settings.nandbase + 0x38
+        self.NAND_SFLASHC_EXEC = settings.nandbase + 0x3C
+        self.NAND_READ_ID = settings.nandbase + 0x40
+        self.NAND_READ_STATUS = settings.nandbase + 0x44
+        self.NAND_CONFIG_DATA = settings.nandbase + 0x50
+        self.NAND_CONFIG = settings.nandbase + 0x54
+        self.NAND_CONFIG_MODE = settings.nandbase + 0x58
+        self.NAND_CONFIG_STATUS = settings.nandbase + 0x60
+        self.NAND_DEV_CMD0 = settings.nandbase + 0xA0
+        self.NAND_DEV_CMD1 = settings.nandbase + 0xA4
+        self.NAND_DEV_CMD2 = settings.nandbase + 0xA8
+        self.NAND_DEV_CMD_VLD = settings.nandbase + 0xAC
+        self.SFLASHC_BURST_CFG = settings.nandbase + 0xE0
+        self.NAND_EBI2_ECC_BUF_CFG = settings.nandbase + 0xF0
+        self.NAND_HW_INFO = settings.nandbase + 0xFC
+        self.NAND_FLASH_BUFFER = settings.nandbase + 0x100
+
+        self.PAGE_ACC = 1 << 4
+        self.LAST_PAGE = 1 << 5
+        self.CW_PER_PAGE = 6
+        self.ECC_CFG_ECC_DISABLE = 0
+        self.flashinfo = None
+
+    def gettbl(self, nandid, tbl):
+        flashinfo = {}
+        tid = nand_toshiba_id_t()
+        tid.asDword = nandid
+        # did,slc_small_device,device_width,density_mbits
+        if tid.did in tbl:
+            fdev = tbl[tid.did]
+            small_slc = fdev[0]
+            slc_device_width = fdev[1]
+            density_mbits = fdev[2]
+        else:
+            return None
+
+        if small_slc:
+            flashinfo["page_size"] = 512
+            flashinfo["feature_flags1_ecc"] = 2
+            flashinfo["block_size_kbytes"] = 16
+            flashinfo["param_per_block"] = 32
+            flashinfo["spare_size"] = 16
+            flashinfo["otp_sequence_cfg"] = "FLASH_NAND_OTP_SEQUENCE_CFG6"
+            flashinfo["dev_width"] = slc_device_width
+        else:
+            if tid.org == 0:
+                flashinfo["dev_width"] = 8
+            else:
+                flashinfo["dev_width"] = 16
+            if tid.spare_size == 0 or tid.spare_size == 1:
+                flashinfo["feature_flags1_ecc"] = 1
+            elif tid.spare_size == 2:
+                flashinfo["feature_flags1_ecc"] = 8
+            else:
+                flashinfo["feature_flags1_ecc"] = 0
+            flashinfo["page_size"] = 1024 << tid.page_size
+            flashinfo["page_size_kb"] = flashinfo["page_size"] >> 10
+            flashinfo["block_size_kb"] = 64 << tid.block_size
+            flashinfo["pages_per_block"] = flashinfo["block_size_kb"] // flashinfo["page_size_kb"]
+            flashinfo["spare_size"] = (8 << tid.spare_size) * (flashinfo["page_size"] // 512)
+            if flashinfo["page_size"] == 2048 or flashinfo["page_size"] == 4096:
+                flashinfo["otp_sequence_cfg"] = "FLASH_NAND_OTP_SEQUENCE_CFG2"
+            else:
+                flashinfo["otp_sequence_cfg"] = "FLASH_NAND_OTP_SEQUENCE_UNKNOWN"
+            flashinfo["block_count"] = (1024 // 8 * density_mbits) // flashinfo["block_size_kb"]
+            if flashinfo["page_size"] == 2048 and flashinfo["feature_flags1_ecc"] > 0:
+                flashinfo["bad_block_info_byte_offset"] = 2048
+                flashinfo["udata_max"] = 16
+                flashinfo["max_corrected_udata_bytes"] = 16
+                flashinfo["bad_block_info_byte_length"] = 1 if flashinfo["dev_width"] == 8 else 2
+            elif flashinfo["page_size"] == 4096 and flashinfo["feature_flags1_ecc"] > 0:
+                flashinfo["bad_block_info_byte_offset"] = 4096
+                flashinfo["udata_max"] = 32
+                flashinfo["max_corrected_udata_bytes"] = 32
+                flashinfo["bad_block_info_byte_length"] = 1 if flashinfo["dev_width"] == 8 else 2
+        self.settings.PAGESIZE = flashinfo["page_size"]
+        self.settings.BLOCKSIZE = flashinfo["block_size_kb"] * 1024
+        if flashinfo["dev_width"] == 8:
+            self.settings.IsWideFlash = 0
+        else:
+            self.settings.IsWideFlash = 1
+        self.settings.MAXBLOCK = flashinfo["block_count"]
+
+        self.settings.BAD_BLOCK_IN_SPARE_AREA = flashinfo["bad_block_info_byte_offset"]
+        return flashinfo
+
+    def toshiba_config(self, nandid):
+        flashinfo = self.gettbl(nandid, toshiba_tbl)
+        self.flashinfo = flashinfo
+        if (nandid >> 8) & 0xFF == 0xac:
+            self.settings.OOBSIZE = 256
+            self.settings.PAGESIZE = 4096
+            self.settings.MAXBLOCK = 2048
+            # 8Bit_HW_ECC
+        elif (nandid >> 8) & 0xFF == 0xaa:
+            self.settings.OOBSIZE = 128
+            self.settings.PAGESIZE = 2048
+            self.settings.MAXBLOCK = 2048
+            # 8Bit_HW_ECC
+        elif (nandid >> 8) & 0xFF == 0xa1:
+            self.settings.OOBSIZE = 128
+            self.settings.PAGESIZE = 2048
+            self.settings.MAXBLOCK = 1024
+            # 8Bit_HW_ECC
+
+        self.settings.CW_PER_PAGE = (self.settings.PAGESIZE >> 9) - 1
+        self.settings.SPARE_SIZE_BYTES = 0
+
+    def samsung_config(self, nandid):
+        flashinfo = self.gettbl(nandid, samsung_tbl)
+        self.flashinfo = flashinfo
+
+        # self.settings.SPARE_SIZE_BYTES = flashinfo["spare_size"]
+        self.settings.CW_PER_PAGE = (self.settings.PAGESIZE >> 9) - 1
+        self.settings.SPARE_SIZE_BYTES = 0
+
+    def generic_config(self, nandid, chipsize):
+        devcfg = (nandid >> 24) & 0xff
+        self.settings.PAGESIZE = 1024 << (devcfg & 0x3)
+        self.settings.BLOCKSIZE = 64 << ((devcfg >> 4) & 0x3)
+
+        if chipsize != 0:
+            self.settings.MAXBLOCK = chipsize * 1024 // self.settings.BLOCKSIZE
+        else:
+            self.settings.MAXBLOCK = 0x800
+        self.settings.CW_PER_PAGE = (self.settings.PAGESIZE >> 9) - 1
+
+    def nand_setup(self, nandid):
+        """
+        qcommand -p%qdl% -k11 -c "m 79b0020 295409c0" #NAND_DEV0_CFG0
+        qcommand -p%qdl% -k11 -c "m 79b0024 08065d5d" #NAND_DEV0_CFG1
+        qcommand -p%qdl% -k11 -c "m 79b0028 42040d10" #NAND_DEV0_ECC_CFG
+        qcommand -p%qdl% -k11 -c "m 79b00f0 00000203" NAND_EBI2_ECC_BUF_CFG
+        """
+
+        fid = (nandid >> 8) & 0xff
+        pid = nandid & 0xff
+
+        self.settings.flash_mfr = ""
+        for info in nand_manuf_ids:
+            if info[0] == pid:
+                self.settings.flash_mfr = info[1]
+                break
+
+        chipsize = 0
+        for info in nand_ids:
+            if info[1] == fid:
+                chipsize = info[2]
+                self.settings.flash_descr = info[0]
+                break
+
+        self.settings.cfg1_enable_bch_ecc = 1
+        self.settings.IsWideFlash = 0
+        self.settings.SPARE_SIZE_BYTES = 0
+        self.settings.OOBSIZE = 0
+        self.settings.ECC_PARITY_SIZE_BYTES = 0
+        self.settings.BAD_BLOCK_BYTE_NUM = 0
+        self.settings.ecc_bit = 4
+
+        if pid == 0x98:  # Toshiba
+            self.toshiba_config(nandid)
+            if nandid == 0x2690AC98:
+                self.settings.ecc_bit = 8
+        elif pid == 0xEC:  # Samsung
+            self.samsung_config(nandid)
+        elif pid == 0x2C:  # Micron
+            self.generic_config(nandid, chipsize)
+            # MT29AZ5A3CHHWD
+            if nandid == 0x2690AC2C or nandid == 0x26D0A32C:
+                self.settings.ecc_bit = 8
+        elif pid == 0x01:
+            self.generic_config(nandid, chipsize)
+            if nandid == 0x1590AC01:  # jsfc 4G
+                self.settings.OOBSIZE = 128
+                self.settings.PAGESIZE = 2048
+                self.settings.SPARE_SIZE_BYTES = 4
+        else:
+            self.generic_config(nandid, chipsize)
+
+        if nandid in supported_flash:
+            nd = supported_flash[nandid]
+            # density = nd[]
+            # width
+            chipsize = nd[0] // 1024
+            self.settings.IsWideFlash = nd[1]
+            self.settings.PAGESIZE = nd[2]
+            self.settings.BLOCKSIZE = nd[3]
+            self.settings.OOBSIZE = nd[4]
+            self.settings.IsOneNand = nd[5]
+
+        if chipsize != 0:
+            self.settings.MAXBLOCK = chipsize * 1024 // self.settings.BLOCKSIZE
+        else:
+            self.settings.MAXBLOCK = 0x800
+
+        self.settings.sectorsize = 512
+        self.settings.sectors_per_page = self.settings.PAGESIZE // self.settings.sectorsize
+
+        if self.settings.ecc_bit == 4:
+            self.settings.ECC_MODE = 0  # 0=4 bit ECC error
+        elif self.settings.ecc_bit == 8:
+            self.settings.ECC_MODE = 1  # 1=8 bit ECC error
+        elif self.settings.ecc_bit == 16:
+            self.settings.ECC_MODE = 2  # 2=16 bit ECC error
+
+        if self.settings.ecc_size == 0:
+            if self.settings.ecc_bit == 4:
+                self.settings.ecc_size = 1
+            elif self.settings.ecc_bit == 8 or self.settings.ecc_bit == 16:
+                self.settings.ecc_size = 2
+
+        if self.settings.OOBSIZE == 0:
+            self.settings.OOBSIZE = (8 << self.settings.ecc_size) * (self.settings.CW_PER_PAGE + 1)
+
+        if 256 >= self.settings.OOBSIZE > 128:
+            self.settings.OOBSIZE = 256
+
+        if self.settings.SPARE_SIZE_BYTES == 0:
+            # HAM1
+            if self.settings.ECC_MODE == 0:
+                self.settings.SPARE_SIZE_BYTES = 4
+            else:
+                self.settings.SPARE_SIZE_BYTES = 2
+
+        if self.settings.cfg1_enable_bch_ecc:
+            hw_ecc_bytes = 0
+            self.settings.UD_SIZE_BYTES = self.settings.SPARE_SIZE_BYTES + self.settings.sectorsize  # 516 or 517
+            if self.settings.SPARE_SIZE_BYTES == 2:
+                self.settings.UD_SIZE_BYTES += 2
+            if self.settings.IsWideFlash:
+                self.settings.UD_SIZE_BYTES += 1
+        else:
+            hw_ecc_bytes = 10
+            self.settings.UD_SIZE_BYTES = 512
+
+        if self.settings.ECC_PARITY_SIZE_BYTES == 0:
+            self.settings.ECC_PARITY_SIZE_BYTES = 3  # HAM1
+            if self.settings.ecc_bit == 4:  # BCH4
+                self.settings.ECC_PARITY_SIZE_BYTES = 7
+            elif self.settings.ecc_bit == 8:  # BCH8
+                self.settings.ECC_PARITY_SIZE_BYTES = 13
+            elif self.settings.ecc_bit == 16:  # BCH16
+                self.settings.ECC_PARITY_SIZE_BYTES = 26
+
+        linuxcwsize = 528
+        if self.settings.cfg1_enable_bch_ecc and self.settings.ecc_bit == 8:
+            linuxcwsize = 532
+        if nandid == 0x1590AC2C:  # fixme
+            linuxcwsize = 532
+        if self.settings.BAD_BLOCK_BYTE_NUM == 0:
+            self.settings.BAD_BLOCK_BYTE_NUM = (
+                    self.settings.PAGESIZE - (linuxcwsize * (self.settings.sectors_per_page - 1)) + 1)
+
+        # UD_SIZE_BYTES must be 512, 516 or 517. If ECC-Protection 516 for x16Bit-Nand and 517 for x8-bit Nand
+        cfg0 = 0 << self.SET_RD_MODE_AFTER_STATUS \
+            | 0 << self.STATUS_BFR_READ \
+            | 5 << self.NUM_ADDR_CYCLES \
+            | self.settings.SPARE_SIZE_BYTES << self.SPARE_SIZE_BYTES \
+            | hw_ecc_bytes << self.ECC_PARITY_SIZE_BYTES_RS \
+            | self.settings.UD_SIZE_BYTES << self.UD_SIZE_BYTES \
+            | self.settings.CW_PER_PAGE << self.CW_PER_PAGE \
+            | 0 << self.DISABLE_STATUS_AFTER_WRITE
+
+        bad_block_byte = self.settings.BAD_BLOCK_BYTE_NUM
+        wide_bus = self.settings.IsWideFlash
+        bch_disabled = self.settings.args_disable_ecc  # option in gui, implemented
+
+        cfg1 = 0 << self.ECC_MODE_DEV1 \
+            | 1 << self.ENABLE_NEW_ECC \
+            | 0 << self.DISABLE_ECC_RESET_AFTER_OPDONE \
+            | 0 << self.ECC_DECODER_CGC_EN \
+            | 0 << self.ECC_ENCODER_CGC_EN \
+            | 2 << self.WR_RD_BSY_GAP \
+            | 0 << self.BAD_BLOCK_IN_SPARE_AREA \
+            | bad_block_byte << self.BAD_BLOCK_BYTE_NUM \
+            | 0 << self.CS_ACTIVE_BSY \
+            | 7 << self.NAND_RECOVERY_CYCLES \
+            | wide_bus << self.WIDE_FLASH \
+            | bch_disabled << self.ENABLE_BCH_ECC
+
+        """
+        cfg0_raw = (self.settings.CW_PER_PAGE-1) << CW_PER_PAGE \
+                    | self.settings.UD_SIZE_BYTES << UD_SIZE_BYTES \
+                    | 5 << NUM_ADDR_CYCLES \
+                    | 0 << SPARE_SIZE_BYTES
+
+        cfg1_raw = 7 << NAND_RECOVERY_CYCLES \
+                    | 0 << CS_ACTIVE_BSY \
+                    | 17 << BAD_BLOCK_BYTE_NUM \
+                    | 1 << BAD_BLOCK_IN_SPARE_AREA \
+                    | 2 << WR_RD_BSY_GAP \
+                    | wide_bus << WIDE_FLASH \
+                    | 1 << DEV0_CFG1_ECC_DISABLE
+        """
+        ecc_bch_cfg = 1 << self.ECC_FORCE_CLK_OPEN \
+            | 0 << self.ECC_DEC_CLK_SHUTDOWN \
+            | 0 << self.ECC_ENC_CLK_SHUTDOWN \
+            | self.settings.UD_SIZE_BYTES << self.ECC_NUM_DATA_BYTES \
+            | self.settings.ECC_PARITY_SIZE_BYTES << self.ECC_PARITY_SIZE_BYTES_BCH \
+            | self.settings.ECC_MODE << self.ECC_MODE \
+            | 0 << self.ECC_SW_RESET \
+            | bch_disabled << self.ECC_CFG_ECC_DISABLE
+
+        if self.settings.UD_SIZE_BYTES == 516:
+            ecc_buf_cfg = 0x203
+        elif self.settings.UD_SIZE_BYTES == 517:
+            ecc_buf_cfg = 0x204
+        else:
+            ecc_buf_cfg = 0x1FF
+
+        return cfg0, cfg1, ecc_buf_cfg, ecc_bch_cfg
+
+
+class nandregs:
+    def __init__(self, parent):
+        self.register_mapping = {
+        }
+        self.reverse_mapping = {}
+        self.create_reverse_mapping()
+        self.parent = parent
+
+    def __getattribute__(self, name):
+        if name in ("register_mapping", "parent"):
+            return super(nandregs, self).__getattribute__(name)
+
+        if name in self.register_mapping:
+            return self.parent.mempeek(self.register_mapping[name])
+
+        return super(nandregs, self).__getattribute__(name)
+
+    def __setattr__(self, name, value):
+        if name in ("register_mapping", "parent"):
+            super(nandregs, self).__setattr__(name, value)
+
+        if name in self.register_mapping:
+            self.parent.mempoke(self.register_mapping[name], value)
+        else:
+            super(nandregs, self).__setattr__(name, value)
+
+    def read(self, register):
+        if isinstance(register, str):
+            register = self.register_mapping.get(register.lower(), None)
+        return self.parent.mempeek(register)
+
+    def write(self, register, value):
+        if isinstance(register, str):
+            register = self.register_mapping.get(register.lower(), None)
+        return self.parent.mempoke(register, value)
+
+    def save(self):
+        reg_dict = {}
+        for reg in self.register_mapping:
+            reg_v = self.read(reg)
+            reg_dict[reg] = reg_v
+        return reg_dict
+
+    def restore(self, value=None):
+        if value is None:
+            value = {}
+        for reg in self.register_mapping:
+            reg_v = value[reg]
+            self.write(reg, reg_v)
+
+    def create_reverse_mapping(self):
+        self.reverse_mapping = {v: k for k, v in self.register_mapping.items()}

edl/Library/pt.py

@@ -0,0 +1,171 @@
+import struct
+
+
+def get_n(x):
+    return int(x[6:8] + x[4:6] + x[2:4] + x[0:2], 16)
+
+
+def parse_pt(data):
+    va = 0
+    entries = []
+    while va < len(data):
+        entry = struct.unpack("<L", data[va:va + 4])[0]
+        f = get_fld(entry)
+
+        if f is None:
+            va += 4
+            continue
+
+        entries.append((int(va / 4) << 20, f))
+        print("%08x %s" % ((int(va / 4) << 20), str(f)))
+        va += 4
+
+    return entries
+
+
+def parse_spt(data, base):
+    va = 0
+    while va < 0x400:
+        entry = struct.unpack("<L", data[va:va + 4])[0]
+
+        f = get_sld(entry)
+        if f != 'UNSUPPORTED' and f.apx == 0 and f.ap == 3 and f.nx == 0:
+            print("%08x %s - WX !!" % (base + (int(va / 4) << 12), f))
+        else:
+            print("%08x %s" % (base + (int(va / 4) << 12), f))
+        va += 4
+
+
+def get_fld(mfld):
+    s = mfld & 3
+    if s == 0:
+        return fault_desc(mfld)
+
+    if s == 1:
+        return pt_desc(mfld)
+
+    if s == 2:
+        return section_desc(mfld)
+
+    if s == 3:
+        return reserved_desc(mfld)
+    return None
+
+
+def get_sld(msld):
+    s = msld & 3
+    if s == 1:
+        return sld_lp(msld)
+
+    if s > 1:
+        return sld_xsp(msld)
+
+    return "UNSUPPORTED"
+
+
+class descriptor(object):
+    def __init__(self, mfld):
+        pass
+
+    def get_name(self):
+        pass
+
+    def __repr__(self):
+        s = "%8s " % self.get_name()
+        for attr, value in self.__dict__.items():
+            try:
+                s += "%s=%s, " % (attr, hex(value))
+            except:
+                s += "%s=%s, " % (attr, value)
+
+        return s
+
+
+class fld(descriptor):
+    pass
+
+
+class fault_desc(fld):
+
+    def get_name(self):
+        return "FAULT"
+
+
+class reserved_desc(fld):
+
+    def get_name(self):
+        return "RESERVED"
+
+
+class pt_desc(fld):
+
+    def __init__(self, desc):
+        self.coarse_base = (desc >> 10) << 10
+        self.p = (desc >> 9) & 1
+        self.domain = (desc >> 5) & 15
+        self.sbz1 = (desc >> 4) & 1
+        self.ns = (desc >> 3) & 1
+        self.sbz2 = (desc >> 2) & 1
+
+    def get_name(self):
+        return "PT"
+
+
+class section_desc(fld):
+    def __init__(self, desc):
+        self.section_base = (desc >> 20) << 20
+        self.ns = (desc >> 19) & 1
+        self.zero = ns = (desc >> 18) & 1
+        self.ng = (desc >> 17) & 1
+        self.s = (desc >> 16) & 1
+        self.apx = (desc >> 15) & 1
+        self.tex = (desc >> 12) & 7
+        self.ap = (desc >> 10) & 3
+        self.p = (desc >> 9) & 1
+        self.domain = (desc >> 5) & 15
+        self.nx = (desc >> 4) & 1
+        self.c = (desc >> 3) & 1
+        self.b = (desc >> 2) & 1
+
+    def get_name(self):
+        return "SECTION"
+
+
+class sld(descriptor):
+    pass
+
+
+class sld_lp(sld):
+
+    def __init__(self, desc):
+        self.page_base = (desc >> 16) << 16
+        self.nx = (desc >> 15) & 1
+        self.tex = (desc >> 12) & 7
+        self.ng = (desc >> 11) & 1
+        self.s = (desc >> 10) & 1
+        self.apx = (desc >> 9) & 1
+        self.sbz = (desc >> 6) & 7
+        self.ap = (desc >> 4) & 3
+        self.c = (desc >> 3) & 1
+        self.b = (desc >> 2) & 1
+
+    def get_name(self):
+        return "LARGEPAGE"
+
+
+class sld_xsp(sld):
+
+    def __init__(self, desc):
+        self.desc = desc
+        self.page_base = (desc >> 12) << 12
+        self.ng = (desc >> 11) & 1
+        self.s = (desc >> 10) & 1
+        self.apx = (desc >> 9) & 1
+        self.tex = (desc >> 6) & 7
+        self.ap = (desc >> 4) & 3
+        self.c = (desc >> 3) & 1
+        self.b = (desc >> 2) & 1
+        self.nx = desc & 1
+
+    def get_name(self):
+        return "XSMALLPAGE"

edl/Library/pt64.py

@@ -0,0 +1,153 @@
+import struct
+
+"""
+only supports 4KB granule w/ 25<=TnSZ<=33
+https://armv8-ref.codingbelief.com/en/chapter_d4/d42_7_the_algorithm_for_finding_the_translation_table_entries.html
+
+"""
+
+
+def get_level_index(va, level):
+    if level == 1:
+        return (va >> 30) & 0x3F
+
+    if level == 2:
+        return (va >> 21) & 0x1FF
+
+    if level == 3:
+        return (va >> 12) & 0x1FF
+
+    raise NotImplementedError()
+
+
+def get_level_bits(level, tnsz):
+    if level == 1:
+        return 37 - tnsz + 26 + 1 - 30
+
+    if level == 2:
+        return 9
+
+    if level == 3:
+        return 9
+
+    raise NotImplementedError()
+
+
+def get_level_size(tnsz, level):
+    return 2 ** get_level_bits(level, tnsz) * 8
+
+
+def get_va_for_level(va, index, level):
+    if level == 1:
+        return va + (index << 30)
+
+    if level == 2:
+        return va + (index << 21)
+
+    if level == 3:
+        return va + (index << 12)
+
+    return va
+
+
+def parse_pt(data, base, tnsz, level=1):
+    i = 0
+    entries = []
+    while i < min(len(data), get_level_size(tnsz, level)):
+        mentry = struct.unpack("<Q", data[i:i + 8])[0]
+
+        f = get_fld(mentry, level)
+        if f is None:
+            i += 8
+            continue
+        va = get_va_for_level(base, int(i / 8), level)
+        if f != 'UNSUPPORTED' and f.apx == 0 and f.ap == 3 and f.xn == 0:
+            print("%016x %s - WX !!" % (va, f))
+        else:
+            print("%016x %s" % (va, f))
+
+        entries.append((va, f))
+        i += 8
+
+    return entries
+
+
+def get_fld(mfld, level):
+    s = mfld & 3
+    if s == 0:
+        return None
+
+    if s == 1:
+        return block_entry4k(mfld, level)
+
+    if s == 2:
+        return None
+
+    if s == 3:
+        return table_entry4k(mfld, level)
+    return None
+
+class descriptor(object):
+    def get_name(self):
+        pass
+
+    def __repr__(self):
+        s = "%8s " % self.get_name()
+        for attr, value in self.__dict__.items():
+            try:
+                s += "%s=%s, " % (attr, hex(value))
+            except:
+                s += "%s=%s, " % (attr, value)
+
+        return s
+
+
+class fld(descriptor):
+    pass
+
+
+class entry(fld):
+    def __init__(self, desc, level):
+        self.level = level
+        self.nshigh = desc >> 63
+        self.apx = (desc >> 61) & 3
+        self.xn = (desc >> 60) & 1
+        self.pxn = (desc >> 59) & 1
+        self.attrindex = (desc >> 2) & 7
+        self.ns = (desc >> 5) & 1
+        self.ap = (desc >> 6) & 3
+        self.sh = (desc >> 8) & 3
+        self.af = (desc >> 10) & 1
+        self.nG = (desc >> 11) & 1
+
+
+class entry4k(entry):
+    def __init__(self, desc, level):
+        entry.__init__(self, desc, level)
+        self.output = ((desc & 0xFFFFFFFFFFFF) >> 12) << 12
+
+
+class fault_entry(fld):
+
+    def get_name(self):
+        return "FAULT"
+
+
+class block_entry4k(entry4k):
+
+    def __init__(self, desc, level):
+        entry4k.__init__(self, desc, level)
+        # shift = 39-9*level
+        # self.output = ((desc & 0xFFFFFFFFFFFFL) >> shift) << shift
+
+    def get_name(self):
+        return "BLOCK4"
+
+
+class table_entry4k(entry4k):
+
+    def __init__(self, desc, level):
+        entry4k.__init__(self, desc, level)
+
+    def get_name(self):
+        return "TABLE4"

edl/Library/sahara.py

@@ -0,0 +1,834 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+import binascii
+import time
+import os
+import sys
+import logging
+import inspect
+from struct import unpack, pack
+current_dir = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
+parent_dir = os.path.dirname(current_dir)
+sys.path.insert(0, parent_dir)
+from edl.Library.utils import read_object, print_progress, rmrf, LogBase
+from edl.Config.qualcomm_config import sochw, msmids, root_cert_hash
+
+
+
+
+def convertmsmid(msmid):
+    msmiddb = []
+    if int(msmid, 16) & 0xFF == 0xe1 or msmid == '00000000':
+        return [msmid]
+    socid = int(msmid, 16) >> 16
+    if socid in sochw:
+        names = sochw[socid].split(",")
+        for name in names:
+            for ids in msmids:
+                if msmids[ids] == name:
+                    rmsmid = hex(ids)[2:].lower()
+                    while len(rmsmid) < 8:
+                        rmsmid = '0' + rmsmid
+                    msmiddb.append(rmsmid)
+    return msmiddb
+
+
+class sahara(metaclass=LogBase):
+    SAHARA_VERSION = 2
+    SAHARA_MIN_VERSION = 1
+
+    class cmd:
+        SAHARA_HELLO_REQ = 0x1
+        SAHARA_HELLO_RSP = 0x2
+        SAHARA_READ_DATA = 0x3
+        SAHARA_END_TRANSFER = 0x4
+        SAHARA_DONE_REQ = 0x5
+        SAHARA_DONE_RSP = 0x6
+        SAHARA_RESET_REQ = 0x7
+        SAHARA_RESET_RSP = 0x8
+        SAHARA_MEMORY_DEBUG = 0x9
+        SAHARA_MEMORY_READ = 0xA
+        SAHARA_CMD_READY = 0xB
+        SAHARA_SWITCH_MODE = 0xC
+        SAHARA_EXECUTE_REQ = 0xD
+        SAHARA_EXECUTE_RSP = 0xE
+        SAHARA_EXECUTE_DATA = 0xF
+        SAHARA_64BIT_MEMORY_DEBUG = 0x10
+        SAHARA_64BIT_MEMORY_READ = 0x11
+        SAHARA_64BIT_MEMORY_READ_DATA = 0x12
+        SAHARA_RESET_STATE_MACHINE_ID = 0x13
+
+    class exec_cmd:
+        SAHARA_EXEC_CMD_NOP = 0x00
+        SAHARA_EXEC_CMD_SERIAL_NUM_READ = 0x01
+        SAHARA_EXEC_CMD_MSM_HW_ID_READ = 0x02
+        SAHARA_EXEC_CMD_OEM_PK_HASH_READ = 0x03
+        SAHARA_EXEC_CMD_SWITCH_TO_DMSS_DLOAD = 0x04
+        SAHARA_EXEC_CMD_SWITCH_TO_STREAM_DLOAD = 0x05
+        SAHARA_EXEC_CMD_READ_DEBUG_DATA = 0x06
+        SAHARA_EXEC_CMD_GET_SOFTWARE_VERSION_SBL = 0x07
+
+    class sahara_mode:
+        SAHARA_MODE_IMAGE_TX_PENDING = 0x0
+        SAHARA_MODE_IMAGE_TX_COMPLETE = 0x1
+        SAHARA_MODE_MEMORY_DEBUG = 0x2
+        SAHARA_MODE_COMMAND = 0x3
+
+    class status:
+        SAHARA_STATUS_SUCCESS = 0x00  # Invalid command received in current state
+        SAHARA_NAK_INVALID_CMD = 0x01  # Protocol mismatch between host and target
+        SAHARA_NAK_PROTOCOL_MISMATCH = 0x02  # Invalid target protocol version
+        SAHARA_NAK_INVALID_TARGET_PROTOCOL = 0x03  # Invalid host protocol version
+        SAHARA_NAK_INVALID_HOST_PROTOCOL = 0x04  # Invalid packet size received
+        SAHARA_NAK_INVALID_PACKET_SIZE = 0x05  # Unexpected image ID received
+        SAHARA_NAK_UNEXPECTED_IMAGE_ID = 0x06  # Invalid image header size received
+        SAHARA_NAK_INVALID_HEADER_SIZE = 0x07  # Invalid image data size received
+        SAHARA_NAK_INVALID_DATA_SIZE = 0x08  # Invalid image type received
+        SAHARA_NAK_INVALID_IMAGE_TYPE = 0x09  # Invalid tranmission length
+        SAHARA_NAK_INVALID_TX_LENGTH = 0x0A  # Invalid reception length
+        SAHARA_NAK_INVALID_RX_LENGTH = 0x0B  # General transmission or reception error
+        SAHARA_NAK_GENERAL_TX_RX_ERROR = 0x0C  # Error while transmitting READ_DATA packet
+        SAHARA_NAK_READ_DATA_ERROR = 0x0D  # Cannot receive specified number of program headers
+        SAHARA_NAK_UNSUPPORTED_NUM_PHDRS = 0x0E  # Invalid data length received for program headers
+        SAHARA_NAK_INVALID_PDHR_SIZE = 0x0F  # Multiple shared segments found in ELF image
+        SAHARA_NAK_MULTIPLE_SHARED_SEG = 0x10  # Uninitialized program header location
+        SAHARA_NAK_UNINIT_PHDR_LOC = 0x11  # Invalid destination address
+        SAHARA_NAK_INVALID_DEST_ADDR = 0x12  # Invalid data size received in image header
+        SAHARA_NAK_INVALID_IMG_HDR_DATA_SIZE = 0x13  # Invalid ELF header received
+        SAHARA_NAK_INVALID_ELF_HDR = 0x14  # Unknown host error received in HELLO_RESP
+        SAHARA_NAK_UNKNOWN_HOST_ERROR = 0x15  # Timeout while receiving data
+        SAHARA_NAK_TIMEOUT_RX = 0x16  # Timeout while transmitting data
+        SAHARA_NAK_TIMEOUT_TX = 0x17  # Invalid mode received from host
+        SAHARA_NAK_INVALID_HOST_MODE = 0x18  # Invalid memory read access
+        SAHARA_NAK_INVALID_MEMORY_READ = 0x19  # Host cannot handle read data size requested
+        SAHARA_NAK_INVALID_DATA_SIZE_REQUEST = 0x1A  # Memory debug not supported
+        SAHARA_NAK_MEMORY_DEBUG_NOT_SUPPORTED = 0x1B  # Invalid mode switch
+        SAHARA_NAK_INVALID_MODE_SWITCH = 0x1C  # Failed to execute command
+        SAHARA_NAK_CMD_EXEC_FAILURE = 0x1D  # Invalid parameter passed to command execution
+        SAHARA_NAK_EXEC_CMD_INVALID_PARAM = 0x1E  # Unsupported client command received
+        SAHARA_NAK_EXEC_CMD_UNSUPPORTED = 0x1F  # Invalid client command received for data response
+        SAHARA_NAK_EXEC_DATA_INVALID_CLIENT_CMD = 0x20  # Failed to authenticate hash table
+        SAHARA_NAK_HASH_TABLE_AUTH_FAILURE = 0x21  # Failed to verify hash for a given segment of ELF image
+        SAHARA_NAK_HASH_VERIFICATION_FAILURE = 0x22  # Failed to find hash table in ELF image
+        SAHARA_NAK_HASH_TABLE_NOT_FOUND = 0x23  # Target failed to initialize
+        SAHARA_NAK_TARGET_INIT_FAILURE = 0x24  # Failed to authenticate generic image
+        SAHARA_NAK_IMAGE_AUTH_FAILURE = 0x25  # Invalid ELF hash table size.  Too bit or small.
+        SAHARA_NAK_INVALID_IMG_HASH_TABLE_SIZE = 0x26
+        SAHARA_NAK_MAX_CODE = 0x7FFFFFFF  # To ensure 32-bits wide */
+
+    ErrorDesc = {
+        0x00: "Invalid command received in current state",
+        0x01: "Protocol mismatch between host and target",
+        0x02: "Invalid target protocol version",
+        0x03: "Invalid host protocol version",
+        0x04: "Invalid packet size received",
+        0x05: "Unexpected image ID received",
+        0x06: "Invalid image header size received",
+        0x07: "Invalid image data size received",
+        0x08: "Invalid image type received",
+        0x09: "Invalid tranmission length",
+        0x0A: "Invalid reception length",
+        0x0B: "General transmission or reception error",
+        0x0C: "Error while transmitting READ_DATA packet",
+        0x0D: "Cannot receive specified number of program headers",
+        0x0E: "Invalid data length received for program headers",
+        0x0F: "Multiple shared segments found in ELF image",
+        0x10: "Uninitialized program header location",
+        0x11: "Invalid destination address",
+        0x12: "Invalid data size received in image header",
+        0x13: "Invalid ELF header received",
+        0x14: "Unknown host error received in HELLO_RESP",
+        0x15: "Timeout while receiving data",
+        0x16: "Timeout while transmitting data",
+        0x17: "Invalid mode received from host",
+        0x18: "Invalid memory read access",
+        0x19: "Host cannot handle read data size requested",
+        0x1A: "Memory debug not supported",
+        0x1B: "Invalid mode switch",
+        0x1C: "Failed to execute command",
+        0x1D: "Invalid parameter passed to command execution",
+        0x1E: "Unsupported client command received",
+        0x1F: "Invalid client command received for data response",
+        0x20: "Failed to authenticate hash table",
+        0x21: "Failed to verify hash for a given segment of ELF image",
+        0x22: "Failed to find hash table in ELF image",
+        0x23: "Target failed to initialize",
+        0x24: "Failed to authenticate generic image",
+        0x25: "Invalid ELF hash table size.  Too bit or small.",
+        0x26: "Invalid IMG Hash Table Size"
+    }
+
+    def init_loader_db(self):
+        loaderdb = {}
+        for (dirpath, dirnames, filenames) in os.walk(os.path.join(parent_dir,"Loaders")):
+            for filename in filenames:
+                fn = os.path.join(dirpath, filename)
+                found = False
+                for ext in [".bin", ".mbn", ".elf"]:
+                    if ext in filename[-4:]:
+                        found = True
+                        break
+                if not found:
+                    continue
+                try:
+                    hwid = filename.split("_")[0].lower()
+                    msmid = hwid[:8]
+                    devid = hwid[8:]
+                    pkhash = filename.split("_")[1].lower()
+                    for msmid in convertmsmid(msmid):
+                        mhwid = msmid + devid
+                        mhwid = mhwid.lower()
+                        if mhwid not in loaderdb:
+                            loaderdb[mhwid] = {}
+                        if pkhash not in loaderdb[mhwid]:
+                            loaderdb[mhwid][pkhash] = fn
+                        else:
+                            loaderdb[mhwid][pkhash].append(fn)
+                except Exception as e:  # pylint: disable=broad-except
+                    self.debug(str(e))
+                    continue
+        self.loaderdb = loaderdb
+        return loaderdb
+
+    def get_error_desc(self, status):
+        if status in self.ErrorDesc:
+            return "Error: " + self.ErrorDesc[status]
+        else:
+            return "Unknown error"
+
+    pkt_hello_req = [
+        ('cmd', 'I'),
+        ('len', 'I'),
+        ('version', 'I'),
+        ('version_min', 'I'),
+        ('max_cmd_len', 'I'),
+        ('mode', 'I'),
+        ('res1', 'I'),
+        ('res2', 'I'),
+        ('res3', 'I'),
+        ('res4', 'I'),
+        ('res5', 'I'),
+        ('res6', 'I')]
+
+    pkt_cmd_hdr = [
+        ('cmd', 'I'),
+        ('len', 'I')
+    ]
+
+    pkt_read_data = [
+        ('id', 'I'),
+        ('data_offset', 'I'),
+        ('data_len', 'I')
+    ]
+
+    pkt_read_data_64 = [
+        ('id', 'Q'),
+        ('data_offset', 'Q'),
+        ('data_len', 'Q')
+    ]
+
+    pkt_memory_debug = [
+        ('memory_table_addr', 'I'),
+        ('memory_table_length', 'I')
+    ]
+
+    pkt_memory_debug_64 = [
+        ('memory_table_addr', 'Q'),
+        ('memory_table_length', 'Q')
+    ]
+    '''
+    execute_cmd=[
+        ('cmd', 'I'),
+        ('len', 'I'),
+        ('client_cmd','I')
+    ]
+    '''
+
+    pkt_execute_rsp_cmd = [
+        ('cmd', 'I'),
+        ('len', 'I'),
+        ('client_cmd', 'I'),
+        ('data_len', 'I')
+    ]
+
+    pkt_image_end = [
+        ('id', 'I'),
+        ('status', 'I')
+    ]
+
+    pkt_done = [
+        ('cmd', 'I'),
+        ('len', 'I'),
+        ('status', 'I')
+    ]
+
+    pbl_info = [
+        ('serial', 'I'),
+        ('msm_id', 'I'),
+        ('pk_hash', '32s'),
+        ('pbl_sw', 'I')
+    ]
+
+    parttbl = [
+        ('save_pref', 'I'),
+        ('mem_base', 'I'),
+        ('length', 'I'),
+        ('desc', '20s'),
+        ('filename', '20s')
+    ]
+
+    parttbl_64bit = [
+        ('save_pref', 'Q'),
+        ('mem_base', 'Q'),
+        ('length', 'Q'),
+        ('desc', '20s'),
+        ('filename', '20s')
+    ]
+
+    def __init__(self, cdc, loglevel):
+        self.cdc = cdc
+        self.__logger = self.__logger
+        self.info = self.__logger.info
+        self.debug = self.__logger.debug
+        self.error = self.__logger.error
+        self.warning = self.__logger.warning
+        self.id = None
+        self.loaderdb = None
+        self.version = 2.1
+        self.programmer = None
+        self.mode = ""
+        self.serial = None
+
+        self.serials = None
+        self.sblversion = None
+        self.hwid = None
+        self.pkhash = None
+        self.hwidstr = None
+        self.msm_id = None
+        self.oem_id = None
+        self.model_id = None
+        self.oem_str = None
+        self.msm_str = None
+        self.bit64 = False
+        self.pktsize = None
+
+        self.init_loader_db()
+
+        self.__logger.setLevel(loglevel)
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+    def get_rsp(self):
+        data = []
+        try:
+            v = self.cdc.read()
+            if v == b'':
+                return [None, None]
+            if b"<?xml" in v:
+                return ["firehose", None]
+            pkt = read_object(v[0:0x2 * 0x4], self.pkt_cmd_hdr)
+            if "cmd" in pkt:
+                cmd = pkt["cmd"]
+                if cmd == self.cmd.SAHARA_HELLO_REQ:
+                    data = read_object(v[0x0:0xC * 0x4], self.pkt_hello_req)
+                elif cmd == self.cmd.SAHARA_DONE_RSP:
+                    data = read_object(v[0x0:0x3 * 4], self.pkt_done)
+                elif cmd == self.cmd.SAHARA_END_TRANSFER:
+                    data = read_object(v[0x8:0x8 + 0x2 * 0x4], self.pkt_image_end)
+                elif cmd == self.cmd.SAHARA_64BIT_MEMORY_READ_DATA:
+                    self.bit64 = True
+                    data = read_object(v[0x8:0x8 + 0x3 * 0x8], self.pkt_read_data_64)
+                elif cmd == self.cmd.SAHARA_READ_DATA:
+                    self.bit64 = False
+                    data = read_object(v[0x8:0x8 + 0x3 * 0x4], self.pkt_read_data)
+                elif cmd == self.cmd.SAHARA_64BIT_MEMORY_DEBUG:
+                    self.bit64 = True
+                    data = read_object(v[0x8:0x8 + 0x2 * 0x8], self.pkt_memory_debug_64)
+                elif cmd == self.cmd.SAHARA_MEMORY_DEBUG:
+                    self.bit64 = False
+                    data = read_object(v[0x8:0x8 + 0x2 * 0x4], self.pkt_memory_debug)
+                elif cmd == self.cmd.SAHARA_EXECUTE_RSP:
+                    data = read_object(v[0:0x4 * 0x4], self.pkt_execute_rsp_cmd)
+                elif cmd == self.cmd.SAHARA_CMD_READY or cmd == self.cmd.SAHARA_RESET_RSP:
+                    data = []
+                else:
+                    return [None,None]
+            return [pkt, data]
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(str(e))
+            return [None,None]
+
+    def cmd_hello(self, mode, version_min=1, max_cmd_len=0):  # CMD 0x1, RSP 0x2
+        cmd = self.cmd.SAHARA_HELLO_RSP
+        length = 0x30
+        version = self.SAHARA_VERSION
+        responsedata = pack("<IIIIIIIIIIII", cmd, length, version, version_min, max_cmd_len, mode, 0, 0, 0, 0, 0, 0)
+        try:
+            self.cdc.write(responsedata)
+            return True
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(str(e))
+            return False
+
+    def connect(self):
+        try:
+            v = self.cdc.read()
+            if len(v) > 1:
+                if v[0] == 0x01:
+                    cmd = read_object(v[0:0x2 * 0x4], self.pkt_cmd_hdr)
+                    if cmd['cmd'] == self.cmd.SAHARA_HELLO_REQ:
+                        data = read_object(v[0x0:0xC * 0x4], self.pkt_hello_req)
+                        self.pktsize = data['max_cmd_len']
+                        self.version = float(str(data['version']) + "." + str(data['version_min']))
+                        return ["sahara", data]
+                elif v[0] == self.cmd.SAHARA_END_TRANSFER:
+                    return ["sahara", None]
+                elif b"<?xml" in v:
+                    return ["firehose", None]
+                elif v[0] == 0x7E:
+                    return ["nandprg", None]
+            else:
+                data = b"<?xml version=\"1.0\" ?><data><nop /></data>"
+                self.cdc.write(data)
+                res = self.cdc.read()
+                if res == b"":
+                    try:
+                        data = b"\x7E\x06\x4E\x95\x7E"  # Streaming nop
+                        self.cdc.write(data)
+                        res = self.cdc.read()
+                        if b"\x7E\x0D\x16\x00\x00\x00\x00" in res or b"Invalid Command" in res:
+                            return ["nandprg", None]
+                        else:
+                            return ["", None]
+                    except Exception as e:  # pylint: disable=broad-except
+                        self.error(str(e))
+                        return ["", None]
+                if b"<?xml" in res:
+                    return ["firehose", None]
+                elif len(res) > 0 and res[0] == self.cmd.SAHARA_END_TRANSFER:
+                    print("Device is in Sahara error state, please reboot the device.")
+                    return ["sahara", None]
+                else:
+                    data = b"\x7E\x11\x00\x12\x00\xA0\xE3\x00\x00\xC1\xE5\x01\x40\xA0\xE3\x1E\xFF\x2F\xE1\x4B\xD9\x7E"
+                    self.cdc.write(data)
+                    res = self.cdc.read()
+                    if len(res) > 0 and res[1] == 0x12:
+                        return ["nandprg", None]
+                    else:
+                        self.cmd_modeswitch(self.sahara_mode.SAHARA_MODE_COMMAND)
+                        return ["sahara", None]
+
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(str(e))
+
+        self.cmd_modeswitch(self.sahara_mode.SAHARA_MODE_MEMORY_DEBUG)
+        cmd, pkt = self.get_rsp()
+        if None in [cmd , pkt]:
+            return ["", None]
+        return ["sahara", pkt]
+
+    def enter_command_mode(self):
+        if not self.cmd_hello(self.sahara_mode.SAHARA_MODE_COMMAND):
+            return False
+        cmd, pkt = self.get_rsp()
+        if cmd["cmd"] == self.cmd.SAHARA_CMD_READY:
+            return True
+        elif "status" in pkt:
+            self.error(self.get_error_desc(pkt["status"]))
+            return False
+        return False
+
+    def cmdexec_nop(self):
+        res = self.cmd_exec(self.exec_cmd.SAHARA_EXEC_CMD_NOP)
+        return res
+
+    def cmdexec_get_serial_num(self):
+        res = self.cmd_exec(self.exec_cmd.SAHARA_EXEC_CMD_SERIAL_NUM_READ)
+        return unpack("<I", res)[0]
+
+    def cmdexec_get_msm_hwid(self):
+        res = self.cmd_exec(self.exec_cmd.SAHARA_EXEC_CMD_MSM_HW_ID_READ)
+        try:
+            return unpack("<Q", res[0:0x8])[0]
+        except Exception as e:  # pylint: disable=broad-except
+            self.debug(str(e))
+            return None
+
+    def cmdexec_get_pkhash(self):
+        try:
+            res = self.cmd_exec(self.exec_cmd.SAHARA_EXEC_CMD_OEM_PK_HASH_READ)[0:0x20]
+            return binascii.hexlify(res).decode('utf-8')
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(str(e))
+            return None
+
+    def cmdexec_get_sbl_version(self):
+        res = self.cmd_exec(self.exec_cmd.SAHARA_EXEC_CMD_GET_SOFTWARE_VERSION_SBL)
+        return unpack("<I", res)[0]
+
+    def cmdexec_switch_to_dmss_dload(self):
+        res = self.cmd_exec(self.exec_cmd.SAHARA_EXEC_CMD_SWITCH_TO_DMSS_DLOAD)
+        return res
+
+    def cmdexec_switch_to_stream_dload(self):
+        res = self.cmd_exec(self.exec_cmd.SAHARA_EXEC_CMD_SWITCH_TO_STREAM_DLOAD)
+        return res
+
+    def cmdexec_read_debug_data(self):
+        res = self.cmd_exec(self.exec_cmd.SAHARA_EXEC_CMD_READ_DEBUG_DATA)
+        return res
+
+    def cmd_info(self):
+        if self.enter_command_mode():
+            self.serial = self.cmdexec_get_serial_num()
+            self.serials = "{:08x}".format(self.serial)
+            self.hwid = self.cmdexec_get_msm_hwid()
+            self.pkhash = self.cmdexec_get_pkhash()
+            # if self.version>=2.4:
+            #    self.sblversion = "{:08x}".format(self.cmdexec_get_sbl_version())
+            if self.hwid is not None:
+                self.hwidstr = "{:016x}".format(self.hwid)
+                self.msm_id = int(self.hwidstr[2:8], 16)
+                self.oem_id = int(self.hwidstr[-8:-4], 16)
+                self.model_id = int(self.hwidstr[-4:], 16)
+                self.oem_str = "{:04x}".format(self.oem_id)
+                self.model_id = "{:04x}".format(self.model_id)
+                self.msm_str = "{:08x}".format(self.msm_id)
+                if self.msm_id in msmids:
+                    cpustr = f"CPU detected:      \"{msmids[self.msm_id]}\"\n"
+                else:
+                    cpustr = "Unknown CPU, please send log as issue to https://github.com/bkerler/edl\n"
+                """
+                if self.version >= 2.4:
+                    self.info(f"\n------------------------\n" +
+                                f"HWID:              0x{self.hwidstr} (MSM_ID:0x{self.msm_str}," +
+                                f"OEM_ID:0x{self.oem_str}," +
+                                f"MODEL_ID:0x{self.model_id})\n" +
+                                f"PK_HASH:           0x{self.pkhash}\n" +
+                                f"Serial:            0x{self.serials}\n" +
+                                f"SBL Version:       0x{self.sblversion}\n")
+                else:
+                """
+                self.info(f"\n------------------------\n" +
+                          f"HWID:              0x{self.hwidstr} (MSM_ID:0x{self.msm_str}," +
+                          f"OEM_ID:0x{self.oem_str}," +
+                          f"MODEL_ID:0x{self.model_id})\n" +
+                          cpustr +
+                          f"PK_HASH:           0x{self.pkhash}\n" +
+                          f"Serial:            0x{self.serials}\n")
+            if self.programmer == "":
+                if self.hwidstr in self.loaderdb:
+                    mt = self.loaderdb[self.hwidstr]
+                    unfused = False
+                    for rootcert in root_cert_hash:
+                        if self.pkhash[0:16] in root_cert_hash[rootcert]:
+                            unfused = True
+                    if unfused:
+                        self.info("Possibly unfused device detected, so any loader should be fine...")
+                        if self.pkhash[0:16] in mt:
+                            self.programmer = mt[self.pkhash[0:16]]
+                            self.info(f"Trying loader: {self.programmer}")
+                        else:
+                            for loader in mt:
+                                self.programmer = mt[loader]
+                                self.info(f"Possible loader available: {self.programmer}")
+                            for loader in mt:
+                                self.programmer = mt[loader]
+                                self.info(f"Trying loader: {self.programmer}")
+                                break
+                    elif self.pkhash[0:16] in mt:
+                        self.programmer = self.loaderdb[self.hwidstr][self.pkhash[0:16]]
+                        self.info(f"Detected loader: {self.programmer}")
+                    else:
+                        for loader in self.loaderdb[self.hwidstr]:
+                            self.programmer = self.loaderdb[self.hwidstr][loader]
+                            self.info(f"Trying loader: {self.programmer}")
+                            break
+                        # print("Couldn't find a loader for given hwid and pkhash :(")
+                        # exit(0)
+                elif self.hwidstr is not None and self.pkhash is not None:
+                    msmid = self.hwidstr[:8]
+                    for hwidstr in self.loaderdb:
+                        if msmid == hwidstr[:8]:
+                            for pkhash in self.loaderdb[hwidstr]:
+                                if self.pkhash[0:16] == pkhash:
+                                    self.programmer = self.loaderdb[hwidstr][pkhash]
+                                    self.info(f"Trying loader: {self.programmer}")
+                                    self.cmd_modeswitch(self.sahara_mode.SAHARA_MODE_COMMAND)
+                                    return True
+                    self.error(
+                        f"Couldn't find a loader for given hwid and pkhash ({self.hwidstr}_{self.pkhash[0:16]}" +
+                        "_[FHPRG/ENPRG].bin) :(")
+                    return False
+                else:
+                    self.error(f"Couldn't find a suitable loader :(")
+                    return False
+
+            self.cmd_modeswitch(self.sahara_mode.SAHARA_MODE_COMMAND)
+            return True
+        return False
+
+    def streaminginfo(self):
+        if self.enter_command_mode():
+            self.serial = self.cmdexec_get_serial_num()
+            self.info(f"Device serial : {hex(self.serial)}")
+            self.cmd_modeswitch(self.sahara_mode.SAHARA_MODE_COMMAND)
+            return True
+        return False
+
+    def cmd_done(self):
+        if self.cdc.write(pack("<II", self.cmd.SAHARA_DONE_REQ, 0x8)):
+            cmd, pkt = self.get_rsp()
+            time.sleep(0.3)
+            if cmd["cmd"] == self.cmd.SAHARA_DONE_RSP:
+                return True
+            elif cmd["cmd"] == self.cmd.SAHARA_END_TRANSFER:
+                if pkt["status"] == self.status.SAHARA_NAK_INVALID_CMD:
+                    self.error("Invalid Transfer command received.")
+                    return False
+            return True
+        return False
+
+    def cmd_reset(self):
+        self.cdc.write(pack("<II", self.cmd.SAHARA_RESET_REQ, 0x8))
+        try:
+            cmd, pkt = self.get_rsp()
+        except Exception as e:  # pylint: disable=broad-except
+            self.debug(str(e))
+            return False
+        if cmd["cmd"] == self.cmd.SAHARA_RESET_RSP:
+            return True
+        elif "status" in pkt:
+            self.error(self.get_error_desc(pkt["status"]))
+            return False
+        return False
+
+    def read_memory(self, addr, bytestoread, display=False, wf=None):
+        data = b""
+        old = 0
+        pos = 0
+        total = bytestoread
+        if display:
+            print_progress(0, 100, prefix='Progress:', suffix='Complete', bar_length=50)
+        while bytestoread > 0:
+            if bytestoread > 0x080000:
+                length = 0x080000
+            else:
+                length = bytestoread
+            bytesread = 0
+            try:
+                self.cdc.read(1, 1)
+            except Exception as e:  # pylint: disable=broad-except
+                self.debug(str(e))
+                pass
+            if self.bit64:
+                if not self.cdc.write(pack("<IIQQ", self.cmd.SAHARA_64BIT_MEMORY_READ, 0x8 + 8 + 8, addr + pos,
+                                           length)):
+                    return None
+            else:
+                if not self.cdc.write(
+                        pack("<IIII", self.cmd.SAHARA_MEMORY_READ, 0x8 + 4 + 4, addr + pos, length)):
+                    return None
+            while length > 0:
+                try:
+                    tmp = self.cdc.read(length)
+                except Exception as e:  # pylint: disable=broad-except
+                    self.debug(str(e))
+                    return None
+                length -= len(tmp)
+                pos += len(tmp)
+                bytesread += len(tmp)
+                if wf is not None:
+                    wf.write(tmp)
+                else:
+                    data += tmp
+                if display:
+                    prog = round(float(pos) / float(total) * float(100), 1)
+                    if prog > old:
+                        if display:
+                            print_progress(prog, 100, prefix='Progress:', suffix='Complete', bar_length=50)
+                            old = prog
+            bytestoread -= bytesread
+        if display:
+            print_progress(100, 100, prefix='Progress:', suffix='Complete', bar_length=50)
+        '''
+        try:
+            self.cdc.read(0)
+        except:
+            return data
+        '''
+        return data
+
+    def dump_partitions(self, partition):
+        for part in partition:
+            filename = part["filename"]
+            desc = part["desc"]
+            mem_base = part["mem_base"]
+            length = part["length"]
+            print(f"Dumping {filename}({desc}) at {hex(mem_base)}, length {hex(length)}")
+            fname = os.path.join("memory", filename)
+            with open(fname, "wb") as wf:
+                if self.read_memory(mem_base, length, True, wf):
+                    print("Done dumping memory")
+                else:
+                    self.error("Error dumping memory")
+        self.cmd_reset()
+        return True
+
+    def debug_mode(self):
+        if not self.cmd_hello(self.sahara_mode.SAHARA_MODE_MEMORY_DEBUG):
+            return False
+        if os.path.exists("memory"):
+            rmrf("memory")
+        os.mkdir("memory")
+        cmd, pkt = self.get_rsp()
+        if cmd["cmd"] == self.cmd.SAHARA_MEMORY_DEBUG or cmd["cmd"] == self.cmd.SAHARA_64BIT_MEMORY_DEBUG:
+            memory_table_addr = pkt["memory_table_addr"]
+            memory_table_length = pkt["memory_table_length"]
+            if self.bit64:
+                pktsize = 8 + 8 + 8 + 20 + 20
+                if memory_table_length % pktsize == 0:
+                    if memory_table_length != 0:
+                        print(
+                            f"Reading 64-Bit partition from {hex(memory_table_addr)} with length of " +
+                            "{hex(memory_table_length)}")
+                        ptbldata = self.read_memory(memory_table_addr, memory_table_length)
+                        num_entries = len(ptbldata) // pktsize
+                        partitions = []
+                        for id_entry in range(0, num_entries):
+                            pd = read_object(ptbldata[id_entry * pktsize:(id_entry * pktsize) + pktsize],
+                                             self.parttbl_64bit)
+                            desc = pd["desc"].replace(b"\x00", b"").decode('utf-8')
+                            filename = pd["filename"].replace(b"\x00", b"").decode('utf-8')
+                            mem_base = pd["mem_base"]
+                            save_pref = pd["save_pref"]
+                            length = pd["length"]
+                            partitions.append(dict(desc=desc, filename=filename, mem_base=mem_base, length=length,
+                                                   save_pref=save_pref))
+                            print(
+                                f"{filename}({desc}): Offset {hex(mem_base)}, Length {hex(length)}, " +
+                                "SavePref {hex(save_pref)}")
+
+                        self.dump_partitions(partitions)
+                        return True
+
+                    return True
+            else:
+                pktsize = (4 + 4 + 4 + 20 + 20)
+                if memory_table_length % pktsize == 0:
+                    if memory_table_length != 0:
+                        print(f"Reading 32-Bit partition from {hex(memory_table_addr)} " +
+                              f"with length of {hex(memory_table_length)}")
+                        ptbldata = self.read_memory(memory_table_addr, memory_table_length)
+                        num_entries = len(ptbldata) // pktsize
+                        partitions = []
+                        for id_entry in range(0, num_entries):
+                            pd = read_object(ptbldata[id_entry * pktsize:(id_entry * pktsize) + pktsize], self.parttbl)
+                            desc = pd["desc"].replace(b"\x00", b"").decode('utf-8')
+                            filename = pd["filename"].replace(b"\x00", b"").decode('utf-8')
+                            mem_base = pd["mem_base"]
+                            save_pref = pd["save_pref"]
+                            length = pd["length"]
+                            partitions.append(dict(desc=desc, filename=filename, mem_base=mem_base, length=length,
+                                                   save_pref=save_pref))
+                            print(f"{filename}({desc}): Offset {hex(mem_base)}, " +
+                                  f"Length {hex(length)}, SavePref {hex(save_pref)}")
+
+                        self.dump_partitions(partitions)
+                    return True
+        elif "status" in pkt:
+            self.error(self.get_error_desc(pkt["status"]))
+            return False
+        return False
+
+    def upload_loader(self):
+        if self.programmer == "":
+            return ""
+        try:
+            self.info(f"Uploading loader {self.programmer} ...")
+            with open(self.programmer, "rb") as rf:
+                programmer = rf.read()
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(str(e))
+            sys.exit()
+
+        if not self.cmd_hello(self.sahara_mode.SAHARA_MODE_IMAGE_TX_PENDING):
+            return ""
+
+        try:
+            datalen = len(programmer)
+            done = False
+            while datalen > 0 or done:
+                cmd, pkt = self.get_rsp()
+                if cmd == -1 or pkt == -1:
+                    if self.cmd_done():
+                        return self.mode  # Do NOT remove
+                    else:
+                        self.error("Timeout while uploading loader. Wrong loader ?")
+                        return ""
+                if cmd["cmd"] == self.cmd.SAHARA_64BIT_MEMORY_READ_DATA:
+                    self.bit64 = True
+                elif cmd["cmd"] == self.cmd.SAHARA_READ_DATA:
+                    self.bit64 = False
+                elif cmd["cmd"] == self.cmd.SAHARA_END_TRANSFER:
+                    if pkt["status"] == self.status.SAHARA_STATUS_SUCCESS:
+                        self.cmd_done()
+                        return self.mode
+                    else:
+                        return ""
+                elif "status" in pkt:
+                    self.error(self.get_error_desc(pkt["status"]))
+                    return ""
+                else:
+                    self.error("Unexpected error on uploading")
+                    return ""
+                self.id = pkt["id"]
+                if self.id == 0x7:
+                    self.mode = "nandprg"
+                elif self.id == 0xB:
+                    self.mode = "enandprg"
+                elif self.id >= 0xC:
+                    self.mode = "firehose"
+
+                data_offset = pkt["data_offset"]
+                data_len = pkt["data_len"]
+                if data_offset + data_len > len(programmer):
+                    while len(programmer) < data_offset + data_len:
+                        programmer += b"\xFF"
+                data_to_send = programmer[data_offset:data_offset + data_len]
+                self.cdc.write(data_to_send)
+                datalen -= data_len
+            self.info("Loader uploaded.")
+            cmd, pkt = self.get_rsp()
+            if cmd["cmd"] == self.cmd.SAHARA_END_TRANSFER:
+                if pkt["status"] == self.status.SAHARA_STATUS_SUCCESS:
+                    self.cmd_done()
+                    return self.mode
+            return ""
+        except Exception as e:  # pylint: disable=broad-except
+            self.error("Unexpected error on uploading, maybe signature of loader wasn't accepted ?\n" + str(e))
+            return ""
+
+    def cmd_modeswitch(self, mode):
+        data = pack("<III", self.cmd.SAHARA_SWITCH_MODE, 0xC, mode)
+        self.cdc.write(data)
+
+    def cmd_exec(self, mcmd):  # CMD 0xD, RSP 0xE, CMD2 0xF
+        # Send request
+        data = pack("<III", self.cmd.SAHARA_EXECUTE_REQ, 0xC, mcmd)
+        self.cdc.write(data)
+        # Get info about request
+        cmd, pkt = self.get_rsp()
+        if cmd["cmd"] == self.cmd.SAHARA_EXECUTE_RSP:
+            # Ack
+            data = pack("<III", self.cmd.SAHARA_EXECUTE_DATA, 0xC, mcmd)
+            self.cdc.write(data)
+            payload = self.cdc.read(pkt["data_len"])
+            return payload
+        elif "status" in pkt:
+            self.error(self.get_error_desc(pkt["status"]))
+            return None
+        return [cmd, pkt]

edl/Library/sparse.py

@@ -0,0 +1,236 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+import logging
+import sys
+import os
+import sys
+import inspect
+from queue import Queue
+from struct import unpack
+current_dir = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
+parent_dir = os.path.dirname(current_dir)
+sys.path.insert(0, parent_dir)
+from edl.Library.utils import LogBase, print_progress
+
+
+class QCSparse(metaclass=LogBase):
+    def __init__(self, filename, loglevel):
+        self.rf = open(filename, 'rb')
+        self.data = Queue()
+        self.__logger = self.__logger
+        self.offset = 0
+        self.tmpdata = bytearray()
+        self.__logger.setLevel(loglevel)
+
+        self.major_version = None
+        self.minor_version = None
+        self.file_hdr_sz = None
+        self.chunk_hdr_sz = None
+        self.blk_sz = None
+        self.total_blks = None
+        self.total_chunks = None
+        self.image_checksum = None
+
+        self.info = self.__logger.info
+        self.debug = self.__logger.debug
+        self.error = self.__logger.error
+        self.warning = self.__logger.warning
+
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+    def readheader(self):
+        header = unpack("<I4H4I", self.rf.read(0x1C))
+        magic = header[0]
+        self.major_version = header[1]
+        self.minor_version = header[2]
+        self.file_hdr_sz = header[3]
+        self.chunk_hdr_sz = header[4]
+        self.blk_sz = header[5]
+        self.total_blks = header[6]
+        self.total_chunks = header[7]
+        self.image_checksum = header[8]
+        if magic != 0xED26FF3A:
+            return False
+        if self.file_hdr_sz != 28:
+            self.error("The file header size was expected to be 28, but is %u." % self.file_hdr_sz)
+            return False
+        if self.chunk_hdr_sz != 12:
+            self.error("The chunk header size was expected to be 12, but is %u." % self.chunk_hdr_sz)
+            return False
+        self.info("Sparse Format detected. Using unpacked image.")
+        return True
+
+    def get_chunk_size(self):
+        if self.total_blks < self.offset:
+            self.error(
+                "The header said we should have %u output blocks, but we saw %u" % (self.total_blks, self.offset))
+            return -1
+        header = unpack("<2H2I", self.rf.read(self.chunk_hdr_sz))
+        chunk_type = header[0]
+        chunk_sz = header[2]
+        total_sz = header[3]
+        data_sz = total_sz - 12
+        if chunk_type == 0xCAC1:
+            if data_sz != (chunk_sz * self.blk_sz):
+                self.error(
+                    "Raw chunk input size (%u) does not match output size (%u)" % (data_sz, chunk_sz * self.blk_sz))
+                return -1
+            else:
+                self.rf.seek(self.rf.tell() + chunk_sz * self.blk_sz)
+                return chunk_sz * self.blk_sz
+        elif chunk_type == 0xCAC2:
+            if data_sz != 4:
+                self.error("Fill chunk should have 4 bytes of fill, but this has %u" % data_sz)
+                return -1
+            else:
+                return chunk_sz * self.blk_sz // 4
+        elif chunk_type == 0xCAC3:
+            return chunk_sz * self.blk_sz
+        elif chunk_type == 0xCAC4:
+            if data_sz != 4:
+                self.error("CRC32 chunk should have 4 bytes of CRC, but this has %u" % data_sz)
+                return -1
+            else:
+                self.rf.seek(self.rf.tell() + 4)
+                return 0
+        else:
+            self.debug("Unknown chunk type 0x%04X" % chunk_type)
+            return -1
+
+    def unsparse(self):
+        if self.total_blks < self.offset:
+            self.error(
+                "The header said we should have %u output blocks, but we saw %u" % (self.total_blks, self.offset))
+            return -1
+        header = unpack("<2H2I", self.rf.read(self.chunk_hdr_sz))
+        chunk_type = header[0]
+        chunk_sz = header[2]
+        total_sz = header[3]
+        data_sz = total_sz - 12
+        if chunk_type == 0xCAC1:
+            if data_sz != (chunk_sz * self.blk_sz):
+                self.error(
+                    "Raw chunk input size (%u) does not match output size (%u)" % (data_sz, chunk_sz * self.blk_sz))
+                return -1
+            else:
+                self.debug("Raw data")
+                data = self.rf.read(chunk_sz * self.blk_sz)
+                self.offset += chunk_sz
+                return data
+        elif chunk_type == 0xCAC2:
+            if data_sz != 4:
+                self.error("Fill chunk should have 4 bytes of fill, but this has %u" % data_sz)
+                return -1
+            else:
+                fill_bin = self.rf.read(4)
+                fill = unpack("<I", fill_bin)
+                self.debug(format("Fill with 0x%08X" % fill))
+                data = fill_bin * (chunk_sz * self.blk_sz // 4)
+                self.offset += chunk_sz
+                return data
+        elif chunk_type == 0xCAC3:
+            data = b'\x00' * chunk_sz * self.blk_sz
+            self.offset += chunk_sz
+            return data
+        elif chunk_type == 0xCAC4:
+            if data_sz != 4:
+                self.error("CRC32 chunk should have 4 bytes of CRC, but this has %u" % data_sz)
+                return -1
+            else:
+                crc_bin = self.rf.read(4)
+                crc = unpack("<I", crc_bin)
+                self.debug(format("Unverified CRC32 0x%08X" % crc))
+                return b""
+        else:
+            self.debug("Unknown chunk type 0x%04X" % chunk_type)
+            return -1
+
+    def getsize(self):
+        self.rf.seek(0x1C)
+        length = 0
+        chunk = 0
+        while chunk < self.total_chunks:
+            tlen = self.get_chunk_size()
+            if tlen == -1:
+                break
+            length += tlen
+            chunk += 1
+        self.rf.seek(0x1C)
+        return length
+
+    def read(self, length=None):
+        if length is None:
+            return self.unsparse()
+        if length <= len(self.tmpdata):
+            tdata = self.tmpdata[:length]
+            self.tmpdata = self.tmpdata[length:]
+            return tdata
+        while len(self.tmpdata) < length:
+            self.tmpdata.extend(self.unsparse())
+            if length <= len(self.tmpdata):
+                tdata = self.tmpdata[:length]
+                self.tmpdata = self.tmpdata[length:]
+                return tdata
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 3:
+        print("./sparse.py <sparse_partition.img> <outfile>")
+        sys.exit()
+    sp = QCSparse(sys.argv[1], logging.INFO)
+    if sp.readheader():
+        print("Extracting sectors to " + sys.argv[2])
+        with open(sys.argv[2], "wb") as wf:
+            """
+            old=0
+            while sp.offset<sp.total_blks:
+                prog=int(sp.offset / sp.total_blks * 100)
+                if prog>old:
+                    print_progress(prog, 100, prefix='Progress:', suffix='Complete', bar_length=50)
+                    old=prog
+                data=sp.read()
+                if data==b"" or data==-1:
+                    break
+                wf.write(data)
+            if len(sp.tmpdata)>0:
+                wf.write(sp.tmpdata)
+                sp.tmpdata=bytearray()
+            print_progress(100, 100, prefix='Progress:', suffix='Complete', bar_length=50)
+            """
+
+            fsize = sp.getsize()
+            SECTOR_SIZE_IN_BYTES = 4096
+            num_partition_sectors = 5469709
+            MaxPayloadSizeToTargetInBytes = 0x200000
+            bytesToWrite = SECTOR_SIZE_IN_BYTES * num_partition_sectors
+            total = SECTOR_SIZE_IN_BYTES * num_partition_sectors
+            old = 0
+            pos = 0
+            while fsize > 0:
+                wlen = MaxPayloadSizeToTargetInBytes // SECTOR_SIZE_IN_BYTES * SECTOR_SIZE_IN_BYTES
+                if fsize < wlen:
+                    wlen = fsize
+                wdata = sp.read(wlen)
+                bytesToWrite -= wlen
+                fsize -= wlen
+                pos += wlen
+                pv = wlen % SECTOR_SIZE_IN_BYTES
+                if pv != 0:
+                    filllen = (wlen // SECTOR_SIZE_IN_BYTES * SECTOR_SIZE_IN_BYTES) + \
+                              SECTOR_SIZE_IN_BYTES
+                    wdata += b"\x00" * (filllen - wlen)
+                    wlen = len(wdata)
+
+                wf.write(wdata)
+
+                prog = round(float(pos) / float(total) * float(100), 1)
+                if prog > old:
+                    print_progress(prog, 100, prefix='Progress:', suffix='Complete (Sector %d)'
+                                                                         % (pos // SECTOR_SIZE_IN_BYTES),
+                                   bar_length=50)
+
+        print("Done.")

edl/Library/streaming_client.py

@@ -0,0 +1,436 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+import sys
+import os
+import logging
+from binascii import hexlify, unhexlify
+from struct import unpack, pack
+from edl.Library.streaming import Streaming
+from edl.Library.utils import do_tcp_server, LogBase, getint
+
+
+class streaming_client(metaclass=LogBase):
+    def __init__(self, arguments, cdc, sahara, loglevel, printer):
+        self.cdc = cdc
+        self.__logger = self.__logger
+        self.sahara = sahara
+        self.arguments = arguments
+        self.streaming = Streaming(cdc, sahara, loglevel)
+        self.printer = printer
+        self.__logger.setLevel(loglevel)
+        self.error = self.__logger.error
+        self.info = self.__logger.info
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+    def disconnect(self):
+        self.cdc.close()
+        sys.exit(0)
+
+    def check_param(self, parameters):
+        error = False
+        params = ""
+        for parameter in parameters:
+            params += parameter + " "
+            if parameter not in parameters:
+                error = True
+        if error:
+            if len(parameters) == 1:
+                self.printer("Argument " + params + "required.")
+            else:
+                self.printer("Arguments " + params + "required.")
+            return False
+        return True
+
+    def print_partitions(self, partitions):
+        self.printer("Name            Offset\t\tLength\t\tAttr\t\t\tFlash")
+        self.printer("-------------------------------------------------------------")
+        for name in partitions:
+            partition = partitions[name]
+            for i in range(0x10 - len(name)):
+                name += " "
+            offset = partition[
+                         "offset"] * self.streaming.settings.num_pages_per_blk * self.streaming.settings.PAGESIZE
+            length = partition[
+                         "length"] * self.streaming.settings.num_pages_per_blk * self.streaming.settings.PAGESIZE
+            attr1 = partition["attr1"]
+            attr2 = partition["attr2"]
+            attr3 = partition["attr3"]
+            which_flash = partition["which_flash"]
+            self.printer(
+                f"{name}\t%08X\t%08X\t{hex(attr1)}/{hex(attr2)}/{hex(attr3)}\t{which_flash}" % (offset, length))
+
+    def handle_streaming(self, cmd, options):
+        mode = 0
+        """
+        offset = getint(options["<offset>"])
+        length = getint(options["<length>"])
+        filename = options["<filename>"]
+        self.streaming.streaming_mode=self.streaming.Qualcomm
+        self.streaming.memread=self.streaming.qc_memread
+        self.streaming.memtofile(offset, length, filename)
+        """
+
+        if "<mode>" in options:
+            mode = options["<mode>"]
+        if self.streaming.connect(mode):
+            xflag = 0
+            self.streaming.hdlc.receive_reply(5)
+            if self.streaming.streaming_mode == self.streaming.Patched:
+                self.streaming.nand_init(xflag)
+            if cmd == "gpt":
+                directory = options["<directory>"]
+                if directory is None:
+                    directory = ""
+                data = self.streaming.read_partition_table()
+                sfilename = os.path.join(directory, f"partition.bin")
+                if data != b"":
+                    with open(sfilename, "wb") as write_handle:
+                        write_handle.write(data)
+                    self.printer(f"Dumped Partition Table to {sfilename}")
+                else:
+                    self.error(f"Error on dumping partition table to {sfilename}")
+            elif cmd == "printgpt":
+                partitions = self.streaming.get_partitions()
+                self.print_partitions(partitions)
+                self.streaming.nand_post()
+            elif cmd == "r":
+                partitionname = options["<partitionname>"]
+                filename = options["<filename>"]
+                filenames = filename.split(",")
+                partitions = partitionname.split(",")
+                if len(partitions) != len(filenames):
+                    self.error("You need to gives as many filenames as given partitions.")
+                    return
+                i = 0
+                rpartitions = self.streaming.get_partitions()
+                for partition in partitions:
+                    if partition.lower() in rpartitions:
+                        spartition = rpartitions[partition]
+                        offset = spartition["offset"]
+                        length = spartition["length"]
+                        # attr1 = spartition["attr1"]
+                        # attr2 = spartition["attr2"]
+                        # attr3 = spartition["attr3"]
+                        partfilename = filenames[i]
+                        self.printer(f"Dumping Partition {partition}...")
+                        self.streaming.read_raw(offset, length, self.streaming.settings.UD_SIZE_BYTES, partfilename)
+                        self.printer(f"Dumped sector {str(offset)} with sector count {str(length)} as {partfilename}.")
+                    else:
+                        self.error(f"Error: Couldn't detect partition: {partition}\nAvailable partitions:")
+                        self.print_partitions(rpartitions)
+            elif cmd == "rs":
+                sector = getint(options["<start_sector>"])  # Page
+                sectors = getint(options["<sectors>"])
+                filename = options["<filename>"]
+                self.printer(f"Dumping at Sector {hex(sector)} with Sectorcount {hex(sectors)}...")
+                if self.streaming.read_sectors(sector, sectors, filename, True):
+                    self.printer(f"Dumped sector {str(sector)} with sector count {str(sectors)} as {filename}.")
+            elif cmd == "rf":
+                sector = 0
+                sectors = self.streaming.settings.MAXBLOCK * self.streaming.settings.num_pages_per_blk * \
+                    self.streaming.settings.sectors_per_page
+                filename = options["<filename>"]
+                self.printer(f"Dumping Flash from sector 0 to sector {hex(sectors)}...")
+                if self.streaming.read_sectors(sector, sectors, filename, True):
+                    self.printer(f"Dumped sector {str(sector)} with sector count {str(sectors)} as {filename}.")
+            elif cmd == "rl":
+                directory = options["<directory>"]
+                if options["--skip"]:
+                    skip = options["--skip"].split(",")
+                else:
+                    skip = []
+                if not os.path.exists(directory):
+                    os.mkdir(directory)
+                storedir = directory
+                if not os.path.exists(storedir):
+                    os.mkdir(storedir)
+                sfilename = os.path.join(storedir, f"partition.bin")
+                partdata = self.streaming.read_partition_table()
+                if partdata != -1:
+                    with open(sfilename, "wb") as write_handle:
+                        write_handle.write(partdata)
+                else:
+                    self.error(f"Couldn't detect partition header.")
+                    return
+                partitions = self.streaming.get_partitions()
+                for partition in partitions:
+                    if partition in skip:
+                        continue
+                    filename = os.path.join(storedir, partition + ".bin")
+                    spartition = partitions[partition]
+                    offset = spartition["offset"]
+                    length = spartition["length"]
+                    # attr1 = spartition["attr1"]
+                    # attr2 = spartition["attr2"]
+                    # attr3 = spartition["attr3"]
+                    partfilename = filename
+                    self.info(f"Dumping partition {str(partition)} with block count {str(length)} as " +
+                              f"{filename}.")
+                    self.streaming.read_raw(offset, length, self.streaming.settings.UD_SIZE_BYTES, partfilename)
+            elif cmd == "peek":
+                offset = getint(options["<offset>"])
+                length = getint(options["<length>"])
+                filename = options["<filename>"]
+                if self.streaming.memtofile(offset, length, filename):
+                    self.info(
+                        f"Peek data from offset {hex(offset)} and length {hex(length)} was written to {filename}")
+            elif cmd == "peekhex":
+                offset = getint(options["<offset>"])
+                length = getint(options["<length>"])
+                resp = self.streaming.memread(offset, length)
+                self.printer("\n")
+                self.printer(hexlify(resp))
+            elif cmd == "peekqword":
+                offset = getint(options["<offset>"])
+                resp = self.streaming.memread(offset, 8)
+                self.printer("\n")
+                self.printer(hex(unpack("<Q", resp[:8])[0]))
+            elif cmd == "peekdword":
+                offset = getint(options["<offset>"])
+                resp = self.streaming.mempeek(offset)
+                self.printer("\n")
+                self.printer(hex(resp))
+            elif cmd == "poke":
+                offset = getint(options["<offset>"])
+                filename = unhexlify(options["<filename>"])
+                try:
+                    with open(filename, "rb") as rf:
+                        data = rf.read()
+                        if self.streaming.memwrite(offset, data):
+                            self.info("Poke succeeded.")
+                        else:
+                            self.error("Poke failed.")
+                except Exception as e:
+                    self.error(str(e))
+            elif cmd == "pokehex":
+                offset = getint(options["<offset>"])
+                data = unhexlify(options["<data>"])
+                if self.streaming.memwrite(offset, data):
+                    self.info("Poke succeeded.")
+                else:
+                    self.error("Poke failed.")
+            elif cmd == "pokeqword":
+                offset = getint(options["<offset>"])
+                data = pack("<Q", getint(options["<data>"]))
+                if self.streaming.memwrite(offset, data):
+                    self.info("Poke succeeded.")
+                else:
+                    self.error("Poke failed.")
+            elif cmd == "pokedword":
+                offset = getint(options["<offset>"])
+                data = pack("<I", getint(options["<data>"]))
+                if self.streaming.mempoke(offset, data):
+                    self.info("Poke succeeded.")
+                else:
+                    self.error("Poke failed.")
+            elif cmd == "reset":
+                if self.streaming.reset():
+                    self.info("Reset succeeded.")
+            elif cmd == "memtbl":
+                filename = options["<filename>"]
+                memtbl = self.streaming.settings.memtbl
+                data = self.streaming.memread(memtbl[0], memtbl[1])
+                if data != b"":
+                    with open(filename, "wb") as wf:
+                        wf.write(data)
+                        self.printer(f"Dumped memtbl at offset {hex(memtbl[0])} as {filename}.")
+                else:
+                    self.error("Error on dumping memtbl")
+            elif cmd == "secureboot":
+                value = self.streaming.mempeek(self.streaming.settings.secureboot)
+                if value != -1:
+                    is_secure = False
+                    for area in range(0, 4):
+                        sec_boot = (value >> (area * 8)) & 0xFF
+                        pk_hashindex = sec_boot & 3
+                        oem_pkhash = True if ((sec_boot >> 4) & 1) == 1 else False
+                        auth_enabled = True if ((sec_boot >> 5) & 1) == 1 else False
+                        use_serial = True if ((sec_boot >> 6) & 1) == 1 else False
+                        if auth_enabled:
+                            is_secure = True
+                        self.printer(f"Sec_Boot{str(area)} PKHash-Index:{str(pk_hashindex)} " +
+                                     f"OEM_PKHash: {str(oem_pkhash)} " +
+                                     f"Auth_Enabled: {str(auth_enabled)} " +
+                                     f"Use_Serial: {str(use_serial)}")
+                    if is_secure:
+                        self.printer("Secure boot enabled.")
+                    else:
+                        self.printer("Secure boot disabled.")
+                else:
+                    self.error("Unknown target chipset")
+            elif cmd == "pbl":
+                filename = options["<filename>"]
+                pbl = self.streaming.settings.pbl
+                self.printer("Dumping pbl....")
+                data = self.streaming.memread(pbl[0], pbl[1])
+                if data != b"":
+                    with open(filename, "wb") as wf:
+                        wf.write(data)
+                        self.printer(f"Dumped pbl at offset {hex(pbl[0])} as {filename}.")
+                else:
+                    self.error("Error on dumping pbl")
+            elif cmd == "qfp":
+                filename = options["<filename>"]
+                qfp = self.streaming.settings.qfprom
+                self.printer("Dumping qfprom....")
+                data = self.streaming.memread(qfp[0], qfp[1])
+                if data != b"":
+                    with open(filename, "wb") as wf:
+                        wf.write(data)
+                        self.printer(f"Dumped qfprom at offset {hex(qfp[0])} as {filename}.")
+                else:
+                    self.error("Error on dumping qfprom")
+            elif cmd == "memcpy":
+                if not self.check_param(["<offset>", "<size>"]):
+                    return False
+                srcoffset = getint(options["<offset>"])
+                size = getint(options["<size>"])
+                dstoffset = srcoffset + size
+                if self.streaming.cmd_memcpy(dstoffset, srcoffset, size):
+                    self.printer(f"Memcpy from {hex(srcoffset)} to {hex(dstoffset)} succeeded")
+                    return True
+                else:
+                    return False
+            ###############################
+            elif cmd == "nop":
+                # resp=self.streaming.send(b"\x7E\x09")
+                self.error("Nop command isn't supported by streaming loader")
+                return True
+            elif cmd == "setbootablestoragedrive":
+                self.error("setbootablestoragedrive command isn't supported by streaming loader")
+                return True
+            elif cmd == "getstorageinfo":
+                self.error("getstorageinfo command isn't supported by streaming loader")
+                return True
+            elif cmd == "w":
+                if not self.check_param(["<partitionname>", "<filename>"]):
+                    return False
+                partitionname = options["<partitionname>"]
+                filename = options["<filename>"]
+                partitionfilename = ""
+                if "--partitionfilename" in options:
+                    partitionfilename = options["--partitionfilename"]
+                    if not os.path.exists(partitionfilename):
+                        self.error(f"Error: Couldn't find partition file: {partitionfilename}")
+                        return False
+                if not os.path.exists(filename):
+                    self.error(f"Error: Couldn't find file: {filename}")
+                    return False
+                if partitionfilename == "":
+                    rpartitions = self.streaming.get_partitions()
+                else:
+                    rpartitions = self.streaming.get_partitions(partitionfilename)
+                if self.streaming.enter_flash_mode():
+                    if partitionname in rpartitions:
+                        spartition = rpartitions[partitionname]
+                        offset = spartition["offset"]
+                        length = spartition["length"]
+                        # attr1 = spartition["attr1"]
+                        # attr2 = spartition["attr2"]
+                        # attr3 = spartition["attr3"]
+                        sectors = int(os.stat(
+                            filename).st_size / self.streaming.settings.num_pages_per_blk /
+                                      self.streaming.settings.PAGESIZE)
+                        if sectors > length:
+                            self.error(
+                                f"Error: {filename} has {sectors} sectors but partition only has {length}.")
+                            return False
+                        if self.streaming.modules is not None:
+                            self.streaming.modules.writeprepare()
+                        if self.streaming.write_flash(partitionname, filename):
+                            self.printer(f"Wrote {filename} to sector {str(offset)}.")
+                            return True
+                        else:
+                            self.printer(f"Error writing {filename} to sector {str(offset)}.")
+                            return False
+                    else:
+                        self.error(f"Error: Couldn't detect partition: {partitionname}\nAvailable partitions:")
+                        self.print_partitions(rpartitions)
+                return False
+            elif cmd == "wl":
+                if not self.check_param(["<directory>"]):
+                    return False
+                directory = options["<directory>"]
+                if options["--skip"]:
+                    skip = options["--skip"].split(",")
+                else:
+                    skip = []
+                if not os.path.exists(directory):
+                    self.error(f"Error: Couldn't find directory: {directory}")
+                    return False
+                filenames = []
+                if self.streaming.enter_flash_mode():
+                    if self.streaming.modules is not None:
+                        self.streaming.modules.writeprepare()
+                    rpartitions = self.streaming.get_partitions()
+                    for dirName, subdirList, fileList in os.walk(directory):
+                        for fname in fileList:
+                            filenames.append(os.path.join(dirName, fname))
+                            for filename in filenames:
+                                for partition in rpartitions:
+                                    partname = filename[filename.rfind("/") + 1:]
+                                    if ".bin" in partname[-4:]:
+                                        partname = partname[:-4]
+                                    if partition == partname:
+                                        if partition in skip:
+                                            continue
+                                        spartition = rpartitions[partition]
+                                        offset = spartition["offset"]
+                                        length = spartition["length"]
+                                        # attr1 = spartition["attr1"]
+                                        # attr2 = spartition["attr2"]
+                                        # attr3 = spartition["attr3"]
+                                        sectors = int(os.stat(filename).st_size /
+                                                      self.streaming.settings.num_pages_per_blk /
+                                                      self.streaming.settings.PAGESIZE)
+                                        if sectors > length:
+                                            self.error(
+                                                f"Error: {filename} has {sectors} sectors but partition only has {length}.")
+                                            return False
+                                        self.printer(f"Writing {filename} to partition {str(partition)}.")
+                                        self.streaming.write_flash(partition, filename)
+                        else:
+                            self.printer("Couldn't write partition. Either wrong memorytype given or no gpt partition.")
+                            return False
+                return True
+            elif cmd == "ws":
+                self.error("ws command isn't supported by streaming loader")  # todo
+                return False
+            elif cmd == "wf":
+                self.error("wf command isn't supported by streaming loader")  # todo
+                return False
+            elif cmd == "e":
+                self.error("e command isn't supported by streaming loader")  # todo
+                return False
+            elif cmd == "es":
+                self.error("es command isn't supported by streaming loader")  # todo
+                return False
+            elif cmd == "xml":
+                self.error("xml command isn't supported by streaming loader")
+                return False
+            elif cmd == "rawxml":
+                self.error("rawxml command isn't supported by streaming loader")
+                return False
+            elif cmd == "send":
+                self.error("send command isn't supported by streaming loader")
+                return False
+            ###############################
+            elif cmd == "server":
+                return do_tcp_server(self, options, self.handle_streaming)
+            elif cmd == "modules":
+                if not self.check_param(["<command>", "<options>"]):
+                    return False
+                command = options["<command>"]
+                options = options["<options>"]
+                if self.streaming.modules is None:
+                    self.error("Feature is not supported")
+                    return False
+                else:
+                    return self.streaming.modules.run(mainargs=options, command=command)
+            else:
+                self.error("Unknown/Missing command, a command is required.")
+                return False

edl/Library/usblib.py

@@ -0,0 +1,658 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+import io
+import logging
+
+import usb.core  # pyusb
+import usb.util
+import time
+import inspect
+import array
+import usb.backend.libusb0
+import usb.backend.libusb1
+from enum import Enum
+from binascii import hexlify
+from ctypes import c_void_p, c_int
+from edl.Library.utils import *
+
+USB_DIR_OUT = 0  # to device
+USB_DIR_IN = 0x80  # to host
+
+# USB types, the second of three bRequestType fields
+USB_TYPE_MASK = (0x03 << 5)
+USB_TYPE_STANDARD = (0x00 << 5)
+USB_TYPE_CLASS = (0x01 << 5)
+USB_TYPE_VENDOR = (0x02 << 5)
+USB_TYPE_RESERVED = (0x03 << 5)
+
+# USB recipients, the third of three bRequestType fields
+USB_RECIP_MASK = 0x1f
+USB_RECIP_DEVICE = 0x00
+USB_RECIP_INTERFACE = 0x01
+USB_RECIP_ENDPOINT = 0x02
+USB_RECIP_OTHER = 0x03
+# From Wireless USB 1.0
+USB_RECIP_PORT = 0x04
+USB_RECIP_RPIPE = 0x05
+
+tag = 0
+
+CDC_CMDS = {
+    "SEND_ENCAPSULATED_COMMAND": 0x00,
+    "GET_ENCAPSULATED_RESPONSE": 0x01,
+    "SET_COMM_FEATURE": 0x02,
+    "GET_COMM_FEATURE": 0x03,
+    "CLEAR_COMM_FEATURE": 0x04,
+    "SET_LINE_CODING": 0x20,
+    "GET_LINE_CODING": 0x21,
+    "SET_CONTROL_LINE_STATE": 0x22,
+    "SEND_BREAK": 0x23,  # wValue is break time
+}
+
+
+class UsbClass(metaclass=LogBase):
+    
+    def load_windows_dll(self):
+        if os.name == 'nt':
+            windows_dir = None
+            try:
+                # add pygame folder to Windows DLL search paths
+                windows_dir = os.path.join(os.path.abspath(os.path.dirname(__file__)), "..", "Windows")
+                try:
+                    os.add_dll_directory(windows_dir)
+                except Exception:
+                    pass
+                os.environ['PATH'] = windows_dir + ';' + os.environ['PATH']
+            except Exception:
+                pass
+            del windows_dir
+
+    def __init__(self, loglevel=logging.INFO, portconfig=None, devclass=-1):
+        self.load_windows_dll()
+        self.connected = False
+        self.timeout = None
+        self.vid = None
+        self.pid = None
+        self.device = None
+        self.EP_IN = None
+        self.EP_OUT = None
+        self.interface = None
+        self.stopbits = None
+        self.databits = None
+        self.baudrate = None
+        self.parity = None
+        self.configuration = None
+        self.backend = None
+        self.loglevel = loglevel
+        self.portconfig = portconfig
+        self.devclass = devclass
+        self.__logger = self.__logger
+        self.info = self.__logger.info
+        self.error = self.__logger.error
+        self.warning = self.__logger.warning
+        self.debug = self.__logger.debug
+        self.__logger.setLevel(loglevel)
+        self.buffer = array.array('B', [0]) * 1048576
+        if loglevel == logging.DEBUG:
+            logfilename = "log.txt"
+            fh = logging.FileHandler(logfilename)
+            self.__logger.addHandler(fh)
+
+        if sys.platform.startswith('freebsd') or sys.platform.startswith('linux'):
+            self.backend = usb.backend.libusb1.get_backend(find_library=lambda x: "libusb-1.0.so")
+        elif sys.platform.startswith('win32'):
+            self.backend = usb.backend.libusb1.get_backend(find_library=lambda x: "libusb-1.0.dll")
+        if self.backend is not None:
+            self.backend.lib.libusb_set_option.argtypes = [c_void_p, c_int]
+            self.backend.lib.libusb_set_option(self.backend.ctx, 1)
+
+    def verify_data(self, data, pre="RX:"):
+        self.debug("", stack_info=True)
+        if isinstance(data, bytes) or isinstance(data, bytearray):
+            if data[:5] == b"<?xml":
+                try:
+                    rdata = b""
+                    for line in data.split(b"\n"):
+                        try:
+                            self.debug(pre + line.decode('utf-8'))
+                            rdata += line + b"\n"
+                        except Exception as e:  # pylint: disable=broad-except
+                            v = hexlify(line)
+                            self.debug(str(e))
+                            self.debug(pre + v.decode('utf-8'))
+                    return rdata
+                except Exception as e:  # pylint: disable=broad-except
+                    self.debug(str(e))
+                    pass
+            if logging.DEBUG >= self.__logger.level:
+                self.debug(pre + hexlify(data).decode('utf-8'))
+        else:
+            if logging.DEBUG >= self.__logger.level:
+                self.debug(pre + data)
+        return data
+
+    def getinterfacecount(self):
+        if self.vid is not None:
+            self.device = usb.core.find(idVendor=self.vid, idProduct=self.pid)
+            if self.device is None:
+                self.debug("Couldn't detect the device. Is it connected ?")
+                return False
+            try:
+                self.device.set_configuration()
+            except Exception as e:
+                self.debug(str(e))
+                pass
+            self.configuration = self.device.get_active_configuration()
+            self.debug(2, self.configuration)
+            return self.configuration.bNumInterfaces
+        else:
+            self.error("No device detected. Is it connected ?")
+        return 0
+
+    def setlinecoding(self, baudrate=None, parity=0, databits=8, stopbits=1):
+        sbits = {1: 0, 1.5: 1, 2: 2}
+        dbits = {5, 6, 7, 8, 16}
+        pmodes = {0, 1, 2, 3, 4}
+        brates = {300, 600, 1200, 2400, 4800, 9600, 14400,
+                  19200, 28800, 38400, 57600, 115200, 230400}
+
+        if stopbits is not None:
+            if stopbits not in sbits.keys():
+                valid = ", ".join(str(k) for k in sorted(sbits.keys()))
+                raise ValueError("Valid stopbits are " + valid)
+            self.stopbits = stopbits
+        else:
+            self.stopbits = 0
+
+        if databits is not None:
+            if databits not in dbits:
+                valid = ", ".join(str(d) for d in sorted(dbits))
+                raise ValueError("Valid databits are " + valid)
+            self.databits = databits
+        else:
+            self.databits = 0
+
+        if parity is not None:
+            if parity not in pmodes:
+                valid = ", ".join(str(pm) for pm in sorted(pmodes))
+                raise ValueError("Valid parity modes are " + valid)
+            self.parity = parity
+        else:
+            self.parity = 0
+
+        if baudrate is not None:
+            if baudrate not in brates:
+                brs = sorted(brates)
+                dif = [abs(br - baudrate) for br in brs]
+                best = brs[dif.index(min(dif))]
+                raise ValueError(
+                    "Invalid baudrates, nearest valid is {}".format(best))
+            self.baudrate = baudrate
+
+        linecode = [
+            self.baudrate & 0xff,
+            (self.baudrate >> 8) & 0xff,
+            (self.baudrate >> 16) & 0xff,
+            (self.baudrate >> 24) & 0xff,
+            sbits[self.stopbits],
+            self.parity,
+            self.databits]
+
+        txdir = 0  # 0:OUT, 1:IN
+        req_type = 1  # 0:std, 1:class, 2:vendor
+        recipient = 1  # 0:device, 1:interface, 2:endpoint, 3:other
+        req_type = (txdir << 7) + (req_type << 5) + recipient
+        data = bytearray(linecode)
+        wlen = self.device.ctrl_transfer(
+            req_type, CDC_CMDS["SET_LINE_CODING"],
+            data_or_wlength=data, windex=1)
+        self.debug("Linecoding set, {}b sent".format(wlen))
+
+    def setbreak(self):
+        txdir = 0  # 0:OUT, 1:IN
+        req_type = 1  # 0:std, 1:class, 2:vendor
+        recipient = 1  # 0:device, 1:interface, 2:endpoint, 3:other
+        req_type = (txdir << 7) + (req_type << 5) + recipient
+        wlen = self.device.ctrl_transfer(
+            bmrequesttype=req_type, brequest=CDC_CMDS["SEND_BREAK"],
+            wvalue=0, data_or_wlength=0, windex=1)
+        self.debug("Break set, {}b sent".format(wlen))
+
+    def setcontrollinestate(self, rts=None, dtr=None, isftdi=False):
+        ctrlstate = (2 if rts else 0) + (1 if dtr else 0)
+        if isftdi:
+            ctrlstate += (1 << 8) if dtr is not None else 0
+            ctrlstate += (2 << 8) if rts is not None else 0
+        txdir = 0  # 0:OUT, 1:IN
+        req_type = 2 if isftdi else 1  # 0:std, 1:class, 2:vendor
+        # 0:device, 1:interface, 2:endpoint, 3:other
+        recipient = 0 if isftdi else 1
+        req_type = (txdir << 7) + (req_type << 5) + recipient
+
+        wlen = self.device.ctrl_transfer(
+            bmrequesttype=req_type,
+            brequest=1 if isftdi else CDC_CMDS["SET_CONTROL_LINE_STATE"],
+            wvalue=ctrlstate,
+            windex=1,
+            data_or_wlength=0)
+        self.debug("Linecoding set, {}b sent".format(wlen))
+
+    def connect(self, EP_IN=-1, EP_OUT=-1):
+        if self.connected:
+            self.close()
+            self.connected = False
+        for usbid in self.portconfig:
+            vid = usbid[0]
+            pid = usbid[1]
+            interface = usbid[2]
+            self.device = usb.core.find(idVendor=vid, idProduct=pid, backend=self.backend)
+            if self.device is not None:
+                self.vid = vid
+                self.pid = pid
+                self.interface = interface
+                break
+
+        if self.device is None:
+            self.debug("Couldn't detect the device. Is it connected ?")
+            return False
+
+
+        try:
+            if self.device is not None:
+                self.configuration = self.device.get_active_configuration()
+        except usb.core.USBError as e:
+                if e.strerror == "Configuration not set":
+                    self.device.set_configuration()
+                    self.configuration = self.device.get_active_configuration()
+                if e.errno == 13:
+                    self.backend = usb.backend.libusb0.get_backend()
+                    self.device = usb.core.find(idVendor=vid, idProduct=pid, backend=self.backend)
+
+        if self.interface == -1:
+            for interfacenum in range(0, self.configuration.bNumInterfaces):
+                itf = usb.util.find_descriptor(self.configuration, bInterfaceNumber=interfacenum)
+                try:
+                    if self.device.is_kernel_driver_active(interfacenum):
+                        self.debug("Detaching kernel driver")
+                        self.device.detach_kernel_driver(interfacenum)
+                except Exception as err:
+                    self.debug("No kernel driver supported: " + str(err))
+
+                usb.util.claim_interface(self.device, interfacenum)
+                if self.devclass != -1:
+                    if itf.bInterfaceClass == self.devclass:  # MassStorage
+                        self.interface = interfacenum
+                        break
+                else:
+                    self.interface = interfacenum
+                    break
+
+        self.debug(self.configuration)
+        if self.interface > self.configuration.bNumInterfaces:
+            print("Invalid interface, max number is %d" % self.configuration.bNumInterfaces)
+            return False
+        if self.interface != -1:
+            itf = usb.util.find_descriptor(self.configuration, bInterfaceNumber=self.interface)
+            if EP_OUT == -1:
+                # match the first OUT endpoint
+                self.EP_OUT = usb.util.find_descriptor(itf,
+                                                       custom_match=lambda em: usb.util.endpoint_direction(
+                                                           em.bEndpointAddress) == usb.util.ENDPOINT_OUT)
+            else:
+                self.EP_OUT = EP_OUT
+            if EP_IN == -1:
+                # match the first OUT endpoint
+                self.EP_IN = usb.util.find_descriptor(itf,
+                                                      custom_match=lambda em: usb.util.endpoint_direction(
+                                                          em.bEndpointAddress) == usb.util.ENDPOINT_IN)
+            else:
+                self.EP_IN = EP_IN
+
+            self.connected = True
+            return True
+        else:
+            print("Couldn't find MassStorage interface. Aborting.")
+            self.connected = False
+            return False
+
+    def close(self, reset=False):
+        if self.connected:
+            usb.util.dispose_resources(self.device)
+            try:
+                if not self.device.is_kernel_driver_active(self.interface):
+                    # self.device.attach_kernel_driver(self.interface) #Do NOT uncomment
+                    self.device.attach_kernel_driver(0)
+                if reset:
+                    self.device.reset()
+            except Exception as e:  # pylint: disable=broad-except
+                self.debug(str(e))
+                pass
+            del self.device
+
+    def write(self, command):
+        pktsize=self.EP_OUT.wMaxPacketSize
+        if isinstance(command, str):
+            command = bytes(command, 'utf-8')
+        if command == b'':
+            try:
+                self.EP_OUT.write(b'')
+            except usb.core.USBError as e:
+                error = str(e.strerror)
+                if "timeout" in error:
+                    time.sleep(0.01)
+                    try:
+                        self.EP_OUT.write(b'')
+                    except Exception as e:  # pylint: disable=broad-except
+                        self.debug(str(e))
+                        return False
+                return True
+        else:
+            i = 0
+            try:
+                buffer=array.array('B',command)
+                self.EP_OUT.write(buffer)
+            except Exception as e:  # pylint: disable=broad-except
+                # print("Error while writing")
+                if "timed out" in str(e):
+                    self.debug(str(e))
+                    time.sleep(0.01)
+                    i += 1
+                    if i == 3:
+                        return False
+                    pass
+                else:
+                    self.error(str(e))
+                    return False
+        if self.loglevel == logging.DEBUG:
+            self.verify_data(bytearray(command), "TX:")
+        return True
+
+    def read(self, length=0x80, timeout=None):
+        if self.loglevel==logging.DEBUG:
+            self.debug(inspect.currentframe().f_back.f_code.co_name + ":" + hex(length))
+        tmp = bytearray()
+        extend = tmp.extend
+        if timeout is None:
+            timeout = self.timeout
+        buffer = self.buffer
+        ep_read = self.EP_IN.read
+        while len(tmp) == 0:
+            try:
+                length=ep_read(buffer, timeout)
+                extend(buffer[:length])
+                if len(tmp)>0:
+                    return tmp
+            except usb.core.USBError as e:
+                error = str(e.strerror)
+                if "timed out" in error:
+                    # if platform.system()=='Windows':
+                    # time.sleep(0.05)
+                    # print("Waiting...")
+                    self.debug("Timed out")
+                    self.debug(tmp)
+                    return tmp
+                elif "Overflow" in error:
+                    self.error("USB Overflow")
+                    sys.exit(0)
+                elif e.errno is not None:
+                    print(repr(e), type(e), e.errno)
+                    sys.exit(0)
+                else:
+                    break
+        if self.loglevel == logging.DEBUG:
+            self.verify_data(tmp, "RX:")
+        return tmp
+
+    def ctrl_transfer(self, bmrequesttype, brequest, wvalue, windex, data_or_wlength):
+        ret = self.device.ctrl_transfer(bmrequesttype=bmrequesttype, brequest=brequest, wvalue=wvalue, windex=windex,
+                                        data_or_wlength=data_or_wlength)
+        return ret[0] | (ret[1] << 8)
+
+
+class ScsiCmds(Enum):
+    SC_TEST_UNIT_READY = 0x00,
+    SC_REQUEST_SENSE = 0x03,
+    SC_FORMAT_UNIT = 0x04,
+    SC_READ_6 = 0x08,
+    SC_WRITE_6 = 0x0a,
+    SC_INQUIRY = 0x12,
+    SC_MODE_SELECT_6 = 0x15,
+    SC_RESERVE = 0x16,
+    SC_RELEASE = 0x17,
+    SC_MODE_SENSE_6 = 0x1a,
+    SC_START_STOP_UNIT = 0x1b,
+    SC_SEND_DIAGNOSTIC = 0x1d,
+    SC_PREVENT_ALLOW_MEDIUM_REMOVAL = 0x1e,
+    SC_READ_FORMAT_CAPACITIES = 0x23,
+    SC_READ_CAPACITY = 0x25,
+    SC_WRITE_10 = 0x2a,
+    SC_VERIFY = 0x2f,
+    SC_READ_10 = 0x28,
+    SC_SYNCHRONIZE_CACHE = 0x35,
+    SC_READ_TOC = 0x43,
+    SC_READ_HEADER = 0x44,
+    SC_MODE_SELECT_10 = 0x55,
+    SC_MODE_SENSE_10 = 0x5a,
+    SC_READ_12 = 0xa8,
+    SC_WRITE_12 = 0xaa,
+    SC_PASCAL_MODE = 0xff
+
+
+command_block_wrapper = [
+    ('dCBWSignature', '4s'),
+    ('dCBWTag', 'I'),
+    ('dCBWDataTransferLength', 'I'),
+    ('bmCBWFlags', 'B'),
+    ('bCBWLUN', 'B'),
+    ('bCBWCBLength', 'B'),
+    ('CBWCB', '16s'),
+]
+command_block_wrapper_len = 31
+
+command_status_wrapper = [
+    ('dCSWSignature', '4s'),
+    ('dCSWTag', 'I'),
+    ('dCSWDataResidue', 'I'),
+    ('bCSWStatus', 'B')
+]
+command_status_wrapper_len = 13
+
+
+class Scsi:
+    """
+    FIHTDC, PCtool
+    """
+    SC_READ_NV = 0xf0
+    SC_SWITCH_STATUS = 0xf1
+    SC_SWITCH_PORT = 0xf2
+    SC_MODEM_STATUS = 0xf4
+    SC_SHOW_PORT = 0xf5
+    SC_MODEM_DISCONNECT = 0xf6
+    SC_MODEM_CONNECT = 0xf7
+    SC_DIAG_RUT = 0xf8
+    SC_READ_BATTERY = 0xf9
+    SC_READ_IMAGE = 0xfa
+    SC_ENABLE_ALL_PORT = 0xfd
+    SC_MASS_STORGE = 0xfe
+    SC_ENTER_DOWNLOADMODE = 0xff
+    SC_ENTER_FTMMODE = 0xe0
+    SC_SWITCH_ROOT = 0xe1
+    """
+    //Div2-5-3-Peripheral-LL-ADB_ROOT-00+/* } FIHTDC, PCtool */
+    //StevenCPHuang 2011/08/12 porting base on 1050 --
+    //StevenCPHuang_20110820,add Moto's mode switch cmd to support PID switch function ++
+    """
+    SC_MODE_SWITCH = 0xD6
+
+    # /StevenCPHuang_20110820,add Moto's mode switch cmd to support PID switch function --
+
+    def __init__(self, loglevel=logging.INFO, vid=None, pid=None, interface=-1):
+        self.vid = vid
+        self.pid = pid
+        self.interface = interface
+        self.Debug = False
+        self.usb = None
+        self.loglevel = loglevel
+
+    def connect(self):
+        self.usb = UsbClass(loglevel=self.loglevel, portconfig=[self.vid, self.pid, self.interface], devclass=8)
+        if self.usb.connect():
+            return True
+        return False
+
+    # htcadb = "55534243123456780002000080000616687463800100000000000000000000";
+    # Len 0x6, Command 0x16, "HTC" 01 = Enable, 02 = Disable
+    def send_mass_storage_command(self, lun, cdb, direction, data_length):
+        global tag
+        cmd = cdb[0]
+        if 0 <= cmd < 0x20:
+            cdb_len = 6
+        elif 0x20 <= cmd < 0x60:
+            cdb_len = 10
+        elif 0x60 <= cmd < 0x80:
+            cdb_len = 0
+        elif 0x80 <= cmd < 0xA0:
+            cdb_len = 16
+        elif 0xA0 <= cmd < 0xC0:
+            cdb_len = 12
+        else:
+            cdb_len = 6
+
+        if len(cdb) != cdb_len:
+            print("Error, cdb length doesn't fit allowed cbw packet length")
+            return 0
+
+        if (cdb_len == 0) or (cdb_len > command_block_wrapper_len):
+            print("Error, invalid data packet length, should be max of 31 bytes.")
+            return 0
+        else:
+            data = write_object(command_block_wrapper, b"USBC", tag, data_length, direction, lun, cdb_len, cdb)[
+                'raw_data']
+            print(hexlify(data))
+            if len(data) != 31:
+                print("Error, invalid data packet length, should be 31 bytes, but length is %d" % len(data))
+                return 0
+            tag += 1
+            self.usb.write(data, 31)
+        return tag
+
+    def send_htc_adbenable(self):
+        # do_reserve from f_mass_storage.c
+        print("Sending HTC adb enable command")
+        common_cmnd = b"\x16htc\x80\x01"  # reserve_cmd + 'htc' + len + flag
+        '''
+        Flag values:
+            1: Enable adb daemon from mass_storage
+            2: Disable adb daemon from mass_storage
+            3: cancel unmount BAP cdrom
+            4: cancel unmount HSM rom
+        '''
+        lun = 0
+        datasize = common_cmnd[4]
+        timeout = 5000
+        ret_tag = self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, datasize)
+        ret_tag += self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, datasize)
+        if datasize > 0:
+            data = self.usb.read(datasize, timeout)
+            print("DATA: " + hexlify(data).decode('utf-8'))
+        print("Sent HTC adb enable command")
+
+    def send_htc_ums_adbenable(self):  # HTC10
+        # ums_ctrlrequest from f_mass_storage.c
+        print("Sending HTC ums adb enable command")
+        brequesttype = USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE
+        brequest = 0xa0
+        wvalue = 1
+        '''
+        wValue:
+            0: Disable adb daemon
+            1: Enable adb daemon
+        '''
+        windex = 0
+        w_length = 1
+        ret = self.usb.ctrl_transfer(brequesttype, brequest, wvalue, windex, w_length)
+        print("Sent HTC ums adb enable command: %x" % ret)
+
+    def send_zte_adbenable(self):  # zte blade
+        common_cmnd = b"\x86zte\x80\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"  # reserve_cmd + 'zte' + len + flag
+        common_cmnd2 = b"\x86zte\x80\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"  # reserve_cmd + 'zte' + len + flag
+        '''
+        Flag values:
+            0: disable adbd ---for 736T
+            1: enable adbd ---for 736T
+            2: disable adbd ---for All except 736T
+            3: enable adbd ---for All except 736T
+        '''
+        lun = 0
+        datasize = common_cmnd[4]
+        timeout = 5000
+        ret_tag = self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, datasize)
+        ret_tag += self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, datasize)
+        ret_tag = self.send_mass_storage_command(lun, common_cmnd2, USB_DIR_IN, datasize)
+        ret_tag += self.send_mass_storage_command(lun, common_cmnd2, USB_DIR_IN, datasize)
+        if datasize > 0:
+            data = self.usb.read(datasize, timeout)
+            print("DATA: " + hexlify(data).decode('utf-8'))
+        print("Send HTC adb enable command")
+
+    def send_fih_adbenable(self):  # motorola xt560, nokia 3.1, #f_mass_storage.c
+        if self.usb.connect():
+            print("Sending FIH adb enable command")
+            datasize = 0x24
+            # reserve_cmd + 'FI' + flag + len + none
+            common_cmnd = bytes([self.SC_SWITCH_PORT]) + b"FI1" + struct.pack("<H", datasize)
+            '''
+            Flag values:
+                common_cmnd[3]->1: Enable adb daemon from mass_storage
+                common_cmnd[3]->0: Disable adb daemon from mass_storage
+            '''
+            lun = 0
+            # datasize=common_cmnd[4]
+            timeout = 5000
+            ret_tag = None
+            ret_tag += self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, 0x600)
+            # ret_tag+=self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, 0x600)
+            if datasize > 0:
+                data = self.usb.read(datasize, timeout)
+                print("DATA: " + hexlify(data).decode('utf-8'))
+            print("Sent FIH adb enable command")
+            self.usb.close()
+
+    def send_alcatel_adbenable(self):  # Alcatel MW41
+        if self.usb.connect():
+            print("Sending alcatel adb enable command")
+            datasize = 0x24
+            common_cmnd = b"\x16\xf9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+            lun = 0
+            timeout = 5000
+            ret_tag = None
+            ret_tag += self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, 0x600)
+            if datasize > 0:
+                data = self.usb.read(datasize, timeout)
+                print("DATA: " + hexlify(data).decode('utf-8'))
+            print("Sent alcatel adb enable command")
+            self.usb.close()
+
+    def send_fih_root(self):
+        # motorola xt560, nokia 3.1, huawei u8850, huawei Ideos X6,
+        # lenovo s2109, triumph M410, viewpad 7, #f_mass_storage.c
+        if self.usb.connect():
+            print("Sending FIH root command")
+            datasize = 0x24
+            # reserve_cmd + 'FIH' + len + flag + none
+            common_cmnd = bytes([self.SC_SWITCH_ROOT]) + b"FIH" + struct.pack("<H", datasize)
+            lun = 0
+            # datasize = common_cmnd[4]
+            timeout = 5000
+            ret_tag = self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, 0x600)
+            ret_tag += self.send_mass_storage_command(lun, common_cmnd, USB_DIR_IN, 0x600)
+            if datasize > 0:
+                data = self.usb.read(datasize, timeout)
+                print("DATA: " + hexlify(data).decode('utf-8'))
+            print("Sent FIH root command")
+            self.usb.close()
+
+    def close(self):
+        self.usb.close()
+        return True

edl/Library/usbscsi.py

@@ -0,0 +1,52 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+import argparse
+from edl.Library.usblib import *
+
+
+def main():
+    info = 'MassStorageBackdoor (c) B.Kerler 2019.'
+    parser = argparse.ArgumentParser(description=info)
+    print("\n" + info + "\n\n")
+    parser.add_argument('-vid', metavar="<vid>", help='[Option] Specify vid, default=0x2e04)', default="0x2e04")
+    parser.add_argument('-pid', metavar="<pid>", help='[Option] Specify pid, default=0xc025)', default="0xc025")
+    parser.add_argument('-interface', metavar="<pid>", help='[Option] Specify interface number)', default="")
+    parser.add_argument('-nokia', help='[Option] Enable Nokia adb backdoor', action='store_true')
+    parser.add_argument('-alcatel', help='[Option] Enable alcatel adb backdoor', action='store_true')
+    parser.add_argument('-zte', help='[Option] Enable zte adb backdoor', action='store_true')
+    parser.add_argument('-htc', help='[Option] Enable htc adb backdoor', action='store_true')
+    parser.add_argument('-htcums', help='[Option] Enable htc ums adb backdoor', action='store_true')
+    args = parser.parse_args()
+    vid = None
+    pid = None
+    if args.vid != "":
+        vid = int(args.vid, 16)
+    if args.pid != "":
+        pid = int(args.pid, 16)
+    if args.interface != "":
+        interface = int(args.interface, 16)
+    else:
+        interface = -1
+
+    usbscsi = Scsi(vid, pid, interface)
+    if usbscsi.connect():
+        if args.nokia:
+            usbscsi.send_fih_adbenable()
+            usbscsi.send_fih_root()
+        elif args.zte:
+            usbscsi.send_zte_adbenable()
+        elif args.htc:
+            usbscsi.send_htc_adbenable()
+        elif args.htcums:
+            usbscsi.send_htc_ums_adbenable()
+        elif args.alcatel:
+            usbscsi.send_alcatel_adbenable()
+        else:
+            print("A command is required. Use -h to see options.")
+            exit(0)
+        usbscsi.close()
+
+
+if __name__ == '__main__':
+    main()

edl/Library/utils.py

@@ -0,0 +1,587 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+import sys
+import logging
+import logging.config
+import codecs
+import struct
+import os
+import shutil
+import stat
+import colorama
+import copy
+from struct import unpack, pack
+
+try:
+    from capstone import *
+except ImportError:
+    print("Capstone library is missing (optional).")
+try:
+    from keystone import *
+except ImportError:
+    print("Keystone library is missing (optional).")
+
+
+
+
+
+class structhelper:
+    pos = 0
+
+    def __init__(self, data, pos=0):
+        self.pos = 0
+        self.data = data
+
+    def qword(self):
+        dat = unpack("<Q", self.data[self.pos:self.pos + 8])[0]
+        self.pos += 8
+        return dat
+
+    def dword(self):
+        dat = unpack("<I", self.data[self.pos:self.pos + 4])[0]
+        self.pos += 4
+        return dat
+
+    def dwords(self, dwords=1):
+        dat = unpack("<" + str(dwords) + "I", self.data[self.pos:self.pos + 4 * dwords])
+        self.pos += 4 * dwords
+        return dat
+
+    def short(self):
+        dat = unpack("<H", self.data[self.pos:self.pos + 2])[0]
+        self.pos += 2
+        return dat
+
+    def shorts(self, shorts):
+        dat = unpack("<" + str(shorts) + "H", self.data[self.pos:self.pos + 2*shorts])
+        self.pos += 2 * shorts
+        return dat
+
+    def bytes(self, rlen=1):
+        dat = self.data[self.pos:self.pos + rlen]
+        self.pos += rlen
+        if rlen == 1: return dat[0]
+        return dat
+
+    def string(self, rlen=1):
+        dat = self.data[self.pos:self.pos + rlen]
+        self.pos += rlen
+        return dat
+
+    def getpos(self):
+        return self.pos
+
+    def seek(self, pos):
+        self.pos = pos
+
+def do_tcp_server(client, arguments, handler):
+    def tcpprint(arg):
+        if isinstance(arg, bytes) or isinstance(arg, bytearray):
+            return connection.sendall(arg)
+        else:
+            return connection.sendall(bytes(str(arg), 'utf-8'))
+
+    client.printer = tcpprint
+    import socket
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    port = int(arguments["--tcpport"])
+    server_address = ('localhost', port)
+    print('starting up on %s port %s' % server_address)
+    sock.bind(server_address)
+    sock.listen(1)
+    response = None
+    while True:
+        print('waiting for a connection')
+        connection, client_address = sock.accept()
+        try:
+            print('connection from', client_address)
+            while True:
+                data = connection.recv(4096).decode('utf-8')
+                if data == '':
+                    break
+                print('received %s' % data)
+                if data:
+                    print('handling request')
+                    lines = data.split("\n")
+                    for line in lines:
+                        if ":" in line:
+                            cmd = line.split(":")[0]
+                            marguments = line.split(":")[1]
+                            try:
+                                opts = parse_args(cmd, marguments, arguments)
+                            except:
+                                response = "Wrong arguments\n<NAK>\n"
+                                opts = None
+                            if opts is not None:
+                                if handler(cmd, opts):
+                                    response = "<ACK>\n"
+                                else:
+                                    response = "<NAK>\n"
+                            connection.sendall(bytes(response, 'utf-8'))
+        finally:
+            connection.close()
+
+
+def parse_args(cmd, args, mainargs):
+    options = {}
+    opts = None
+    if "," in args:
+        opts = args.split(",")
+    else:
+        opts = [args]
+    for arg in mainargs:
+        if "--" in arg:
+            options[arg] = mainargs[arg]
+    if cmd == "gpt":
+        options["<directory>"] = opts[0]
+    elif cmd == "r":
+        options["<partitionname>"] = opts[0]
+        options["<filename>"] = opts[1]
+    elif cmd == "rl":
+        options["<directory>"] = opts[0]
+    elif cmd == "rf":
+        options["<filename>"] = opts[0]
+    elif cmd == "rs":
+        options["<start_sector>"] = opts[0]
+        options["<sectors>"] = opts[1]
+        options["<filename>"] = opts[2]
+    elif cmd == "w":
+        options["<partitionname>"] = opts[0]
+        options["<filename>"] = opts[0]
+    elif cmd == "wl":
+        options["<directory>"] = opts[0]
+    elif cmd == "wf":
+        options["<filename>"] = opts[0]
+    elif cmd == "ws":
+        options["<start_sector>"] = opts[0]
+        options["<filename>"] = opts[1]
+    elif cmd == "e":
+        options["<partitionname>"] = opts[0]
+    elif cmd == "es":
+        options["<start_sector>"] = opts[0]
+        options["<sectors>"] = opts[1]
+    elif cmd == "footer":
+        options["<filename>"] = opts[0]
+    elif cmd == "peek":
+        options["<offset>"] = opts[0]
+        options["<length>"] = opts[1]
+        options["<filename>"] = opts[2]
+    elif cmd == "peekhex":
+        options["<offset>"] = opts[0]
+        options["<length>"] = opts[1]
+    elif cmd == "peekdword":
+        options["<offset>"] = opts[0]
+    elif cmd == "peekqword":
+        options["<offset>"] = opts[0]
+    elif cmd == "memtbl":
+        options["<filename>"] = opts[0]
+    elif cmd == "poke":
+        options["<offset>"] = opts[0]
+        options["<filename>"] = opts[1]
+    elif cmd == "pokehex":
+        options["<offset>"] = opts[0]
+        options["<data>"] = opts[1]
+    elif cmd == "pokedword":
+        options["<offset>"] = opts[0]
+        options["<data>"] = opts[1]
+    elif cmd == "pokeqword":
+        options["<offset>"] = opts[0]
+        options["<data>"] = opts[1]
+    elif cmd == "memcpy":
+        options["<offset>"] = opts[0]
+        options["<size>"] = opts[1]
+    elif cmd == "pbl":
+        options["<filename>"] = opts[0]
+    elif cmd == "qfp":
+        options["<filename>"] = opts[0]
+    elif cmd == "setbootablestoragedrive":
+        options["<lun>"] = opts[0]
+    elif cmd == "send":
+        options["<command>"] = opts[0]
+    elif cmd == "xml":
+        options["<xmlfile>"] = opts[0]
+    elif cmd == "rawxml":
+        options["<xmlstring>"] = opts[0]
+    return options
+
+
+def getint(valuestr):
+    try:
+        return int(valuestr)
+    except:
+        try:
+            return int(valuestr, 16)
+        except:
+            return 0
+
+
+class ColorFormatter(logging.Formatter):
+    LOG_COLORS = {
+        logging.ERROR: colorama.Fore.RED,
+        logging.DEBUG: colorama.Fore.LIGHTMAGENTA_EX,
+        logging.WARNING: colorama.Fore.YELLOW,
+    }
+
+    def format(self, record, *args, **kwargs):
+        # if the corresponding logger has children, they may receive modified
+        # record, so we want to keep it intact
+        new_record = copy.copy(record)
+        if new_record.levelno in self.LOG_COLORS:
+            pad = ""
+            if new_record.name != "root":
+                print(new_record.name)
+                pad = "[LIB]: "
+            # we want levelname to be in different color, so let's modify it
+            new_record.msg = "{pad}{color_begin}{msg}{color_end}".format(
+                pad=pad,
+                msg=new_record.msg,
+                color_begin=self.LOG_COLORS[new_record.levelno],
+                color_end=colorama.Style.RESET_ALL,
+            )
+        # now we can let standart formatting take care of the rest
+        return super(ColorFormatter, self).format(new_record, *args, **kwargs)
+
+
+class LogBase(type):
+    debuglevel = logging.root.level
+
+    def __init__(cls, *args):
+        super().__init__(*args)
+        logger_attribute_name = '_' + cls.__name__ + '__logger'
+        logger_debuglevel_name = '_' + cls.__name__ + '__debuglevel'
+        logger_name = '.'.join([c.__name__ for c in cls.mro()[-2::-1]])
+        LOG_CONFIG = {
+            "version": 1,
+            "disable_existing_loggers": False,
+            "formatters": {
+                "root": {
+                    "()": ColorFormatter,
+                    "format": "%(name)s - %(message)s",
+                }
+            },
+            "handlers": {
+                "root": {
+                    # "level": cls.__logger.level,
+                    "formatter": "root",
+                    "class": "logging.StreamHandler",
+                    "stream": "ext://sys.stdout",
+                }
+            },
+            "loggers": {
+                "": {
+                    "handlers": ["root"],
+                    # "level": cls.debuglevel,
+                    "propagate": False
+                }
+            },
+        }
+        logging.config.dictConfig(LOG_CONFIG)
+        logger = logging.getLogger(logger_name)
+
+        setattr(cls, logger_attribute_name, logger)
+        setattr(cls, logger_debuglevel_name, cls.debuglevel)
+
+
+def del_rw(action, name, exc):
+    os.chmod(name, stat.S_IWRITE)
+    os.remove(name)
+
+
+def rmrf(path):
+    if os.path.exists(path):
+        if os.path.isfile(path):
+            del_rw("", path, "")
+        else:
+            shutil.rmtree(path, onerror=del_rw)
+
+
+class elf:
+    class memorysegment:
+        phy_addr = 0
+        virt_start_addr = 0
+        virt_end_addr = 0
+        file_start_addr = 0
+        file_end_addr = 0
+
+    def __init__(self, indata, filename):
+        self.data = indata
+        self.filename = filename
+        self.header, self.pentry = self.parse()
+        self.memorylayout = []
+        for entry in self.pentry:
+            ms = self.memorysegment()
+            ms.phy_addr = entry.phy_addr
+            ms.virt_start_addr = entry.virt_addr
+            ms.virt_end_addr = entry.virt_addr + entry.seg_mem_len
+            ms.file_start_addr = entry.from_file
+            ms.file_end_addr = entry.from_file + entry.seg_file_len
+            self.memorylayout.append(ms)
+
+    def getfileoffset(self, offset):
+        for memsegment in self.memorylayout:
+            if memsegment.virt_end_addr >= offset >= memsegment.virt_start_addr:
+                return offset - memsegment.virt_start_addr + memsegment.file_start_addr
+        return None
+
+    def getvirtaddr(self, fileoffset):
+        for memsegment in self.memorylayout:
+            if memsegment.file_end_addr >= fileoffset >= memsegment.file_start_addr:
+                return memsegment.virt_start_addr + fileoffset - memsegment.file_start_addr
+        return None
+
+    def getbaseaddr(self, offset):
+        for memsegment in self.memorylayout:
+            if memsegment.virt_end_addr >= offset >= memsegment.virt_start_addr:
+                return memsegment.virt_start_addr
+        return None
+
+    class programentry:
+        p_type = 0
+        from_file = 0
+        virt_addr = 0
+        phy_addr = 0
+        seg_file_len = 0
+        seg_mem_len = 0
+        p_flags = 0
+        p_align = 0
+
+    def parse_programentry(self, dat):
+        pe = self.programentry()
+        if self.elfclass == 1:
+            (pe.p_type, pe.from_file, pe.virt_addr, pe.phy_addr, pe.seg_file_len, pe.seg_mem_len, pe.p_flags,
+             pe.p_align) = struct.unpack("<IIIIIIII", dat)
+        elif self.elfclass == 2:
+            (pe.p_type, pe.p_flags, pe.from_file, pe.virt_addr, pe.phy_addr, pe.seg_file_len, pe.seg_mem_len,
+             pe.p_align) = struct.unpack("<IIQQQQQQ", dat)
+        return pe
+
+    def parse(self):
+        self.elfclass = self.data[4]
+        if self.elfclass == 1:  # 32Bit
+            start = 0x28
+        elif self.elfclass == 2:  # 64Bit
+            start = 0x34
+        else:
+            print("Error on parsing " + self.filename)
+            return ['', '']
+        elfheadersize, programheaderentrysize, programheaderentrycount = struct.unpack("<HHH",
+                                                                                       self.data[start:start + 3 * 2])
+        programheadersize = programheaderentrysize * programheaderentrycount
+        header = self.data[0:elfheadersize + programheadersize]
+        pentry = []
+        for i in range(0, programheaderentrycount):
+            start = elfheadersize + (i * programheaderentrysize)
+            end = start + programheaderentrysize
+            pentry.append(self.parse_programentry(self.data[start:end]))
+
+        return [header, pentry]
+
+
+class patchtools:
+    cstyle = False
+    bDebug = False
+
+    def __init__(self, bdebug=False):
+        self.bDebug = bdebug
+
+    def has_bad_uart_chars(self, data):
+        badchars = [b'\x00', b'\n', b'\r', b'\x08', b'\x7f', b'\x20', b'\x09']
+        for idx, c in enumerate(data):
+            c = bytes([c])
+            if c in badchars:
+                return True
+        return False
+
+    def generate_offset(self, offset):
+        div = 0
+        found = False
+        while not found and div < 0x606:
+            data = struct.pack("<I", offset + div)
+            data2 = struct.pack("<H", div)
+            badchars = self.has_bad_uart_chars(data)
+            if not badchars:
+                badchars = self.has_bad_uart_chars(data2)
+                if not (badchars):
+                    return div
+            div += 4
+
+        # if div is not found within positive offset, try negative offset
+        div = 0
+        while not found and div < 0x606:
+            data = struct.pack("<I", offset - div)
+            data2 = struct.pack("<H", div)
+            badchars = self.has_bad_uart_chars(data)
+            if not badchars:
+                badchars = self.has_bad_uart_chars(data2)
+                if not badchars:
+                    return -div
+            div += 4
+        return 0
+
+    # Usage: offset, "X24"
+    def generate_offset_asm(self, offset, reg):
+        div = self.generate_offset(offset)
+        abase = ((offset + div) & 0xFFFF0000) >> 16
+        a = ((offset + div) & 0xFFFF)
+        strasm = ""
+        if div > 0:
+            strasm += "# " + hex(offset) + "\n"
+            strasm += "mov " + reg + ", #" + hex(a) + ";\n"
+            strasm += "movk " + reg + ", #" + hex(abase) + ", LSL#16;\n"
+            strasm += "sub  " + reg + ", " + reg + ", #" + hex(div) + ";\n"
+        else:
+            strasm += "# " + hex(offset) + "\n"
+            strasm += "mov " + reg + ", #" + hex(a) + ";\n"
+            strasm += "movk " + reg + ", #" + hex(abase) + ", LSL#16;\n"
+            strasm += "add  " + reg + ", " + reg + ", #" + hex(-div) + ";\n"
+        return strasm
+
+    def uart_valid_sc(self, sc):
+        badchars = [b'\x00', b'\n', b'\r', b'\x08', b'\x7f', b'\x20', b'\x09']
+        for idx, c in enumerate(sc):
+            c = bytes([c])
+            if c in badchars:
+                print("bad char 0x%s in SC at offset %d, opcode # %d!\n" % (codecs.encode(c, 'hex'), idx, idx / 4))
+                print(codecs.encode(sc, 'hex'))
+                return False
+        return True
+
+    def disasm(self, code, size):
+        cs = Cs(CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN)
+        instr = []
+        for i in cs.disasm(code, size):
+            # print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str))
+            instr.append("%s\t%s" % (i.mnemonic, i.op_str))
+        return instr
+
+    def assembler(self, code):
+        ks = Ks(KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN)
+        if self.bDebug:
+            try:
+                encoding, count = ks.asm(code)
+            except KsError as e:
+                print(e)
+                print(e.stat_count)
+                print(code[e.stat_count:e.stat_count + 10])
+                exit(0)
+                if self.bDebug:
+                    # walk every line to find the (first) error
+                    for idx, line in enumerate(code.splitlines()):
+                        print("%02d: %s" % (idx, line))
+                        if len(line) and line[0] != '.':
+                            try:
+                                encoding, count = ks.asm(line)
+                            except Exception as e:
+                                print("bummer: " + str(e))
+                else:
+                    exit(0)
+        else:
+            encoding, count = ks.asm(code)
+
+        sc = ""
+        count = 0
+        out = ""
+        for i in encoding:
+            if self.cstyle:
+                out += ("\\x%02x" % i)
+            else:
+                out += ("%02x" % i)
+            sc += "%02x" % i
+
+            count += 1
+            # if bDebug and count % 4 == 0:
+            #    out += ("\n")
+
+        return out
+
+    def find_binary(self, data, strf, pos=0):
+        t = strf.split(b".")
+        pre = 0
+        offsets = []
+        while pre != -1:
+            pre = data[pos:].find(t[0], pre)
+            if pre == -1:
+                if len(offsets) > 0:
+                    for offset in offsets:
+                        error = 0
+                        rt = offset + len(t[0])
+                        for i in range(1, len(t)):
+                            if t[i] == b'':
+                                rt += 1
+                                continue
+                            rt += 1
+                            prep = data[rt:].find(t[i])
+                            if (prep != 0):
+                                error = 1
+                                break
+                            rt += len(t[i])
+                        if error == 0:
+                            return offset
+                else:
+                    return None
+            else:
+                offsets.append(pre)
+                pre += 1
+        return None
+
+
+def read_object(data: object, definition: object) -> object:
+    """
+    Unpacks a structure using the given data and definition.
+    """
+    obj = {}
+    object_size = 0
+    pos = 0
+    for (name, stype) in definition:
+        object_size += struct.calcsize(stype)
+        obj[name] = struct.unpack(stype, data[pos:pos + struct.calcsize(stype)])[0]
+        pos += struct.calcsize(stype)
+    obj['object_size'] = object_size
+    obj['raw_data'] = data
+    return obj
+
+
+def write_object(definition, *args):
+    """
+    Unpacks a structure using the given data and definition.
+    """
+    obj = {}
+    object_size = 0
+    data = b""
+    i = 0
+    for (name, stype) in definition:
+        object_size += struct.calcsize(stype)
+        arg = args[i]
+        try:
+            data += struct.pack(stype, arg)
+        except Exception as e:
+            print("Error:" + str(e))
+            break
+        i += 1
+    obj['object_size'] = len(data)
+    obj['raw_data'] = data
+    return obj
+
+
+def print_progress(iteration, total, prefix='', suffix='', decimals=1, bar_length=100):
+    """
+    Call in a loop to create terminal progress bar
+    @params:
+        iteration   - Required  : current iteration (Int)
+        total       - Required  : total iterations (Int)
+        prefix      - Optional  : prefix string (Str)
+        suffix      - Optional  : suffix string (Str)
+        decimals    - Optional  : positive number of decimals in percent complete (Int)
+        bar_length  - Optional  : character length of bar (Int)
+    """
+    str_format = "{0:." + str(decimals) + "f}"
+    percents = str_format.format(100 * (iteration / float(total)))
+    filled_length = int(round(bar_length * iteration / float(total)))
+    bar = '█' * filled_length + '-' * (bar_length - filled_length)
+
+    sys.stdout.write('\r%s |%s| %s%s %s' % (prefix, bar, percents, '%', suffix))
+
+    if iteration == total:
+        sys.stdout.write('\n')
+    sys.stdout.flush()

edl/Library/xmlparser.py

@@ -0,0 +1,36 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# (c) B.Kerler 2018-2021
+import xml.etree.ElementTree as ET
+
+
+class xmlparser:
+    def getresponse(self, input):
+        lines = input.split(b"<?xml")
+        content = {}
+        for line in lines:
+            if line == b'':
+                continue
+            line = b"<?xml" + line
+            parser = ET.XMLParser(encoding="utf-8")
+            tree = ET.fromstring(line, parser=parser)
+            e = ET.ElementTree(tree).getroot()
+            for atype in e.findall('response'):
+                for field in atype.attrib:
+                    content[field] = atype.attrib[field]
+        return content
+
+    def getlog(self, input):
+        lines = input.split(b"<?xml")
+        data = []
+        for line in lines:
+            if line == b'':
+                continue
+            line = b"<?xml" + line
+            parser = ET.XMLParser(encoding="utf-8")
+            tree = ET.fromstring(line, parser=parser)
+            e = ET.ElementTree(tree).getroot()
+            for atype in e.findall('log'):
+                if 'value' in atype.attrib:
+                    data.append(atype.attrib['value'])
+        return data