mirror of
https://github.com/bkerler/mtkclient.git
synced 2024-11-14 19:25:05 -05:00
Add missing packages to requirements.txt and reformat Some Codes
This commit is contained in:
ColdWindScholar
parent
f8ced92bdf
commit
9478832620
4 changed files with 111 additions and 99 deletions
|
|
@ -561,7 +561,7 @@ class Main(metaclass=LogBase):
|
||||||
for pos in range(offset, offset + length, rlen):
|
for pos in range(offset, offset + length, rlen):
|
||||||
print("Reading pos %08X" % pos)
|
print("Reading pos %08X" % pos)
|
||||||
res = mtk.preloader.read32(pos, rlen // 4)
|
res = mtk.preloader.read32(pos, rlen // 4)
|
||||||
if res == []:
|
if not res:
|
||||||
break
|
break
|
||||||
print(hexlify(b"".join([pack("<I", val) for val in res])).decode('utf-8'))
|
print(hexlify(b"".join([pack("<I", val) for val in res])).decode('utf-8'))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -63,24 +63,24 @@ def main():
|
||||||
data = rf.read()
|
data = rf.read()
|
||||||
base = 0
|
base = 0
|
||||||
mpos = find_binary(data, b"\xA0\x0A\x50\x05.\x00\x00\x00", 0)
|
mpos = find_binary(data, b"\xA0\x0A\x50\x05.\x00\x00\x00", 0)
|
||||||
usbdl_get_dword=None
|
usbdl_get_dword = None
|
||||||
usbdl_put_dword=None
|
usbdl_put_dword = None
|
||||||
usbdl_put_word=None
|
usbdl_put_word = None
|
||||||
if mpos is not None:
|
if mpos is not None:
|
||||||
usbdl_put_data = unpack("<I", data[mpos - 0xC:mpos - 0xC + 4])[0]
|
usbdl_put_data = unpack("<I", data[mpos - 0xC:mpos - 0xC + 4])[0]
|
||||||
base = (((usbdl_put_data >> 16) & 0xFFFFF)<<16)
|
base = (((usbdl_put_data >> 16) & 0xFFFFF) << 16)
|
||||||
usbdl_get_data = unpack("<I", data[mpos - 0x10:mpos - 0x10 + 4])[0]
|
usbdl_get_data = unpack("<I", data[mpos - 0x10:mpos - 0x10 + 4])[0]
|
||||||
usbdl_put_dword = unpack("<I", data[mpos - 0x14:mpos - 0x14 + 4])[0]
|
usbdl_put_dword = unpack("<I", data[mpos - 0x14:mpos - 0x14 + 4])[0]
|
||||||
usbdl_get_dword = unpack("<I", data[mpos - 0x18:mpos - 0x18 + 4])[0]
|
usbdl_get_dword = unpack("<I", data[mpos - 0x18:mpos - 0x18 + 4])[0]
|
||||||
usbdl_put_word = unpack("<I", data[mpos - 0x1C:mpos - 0x1C + 4])[0]
|
usbdl_put_word = unpack("<I", data[mpos - 0x1C:mpos - 0x1C + 4])[0]
|
||||||
else:
|
else:
|
||||||
usbdl_get_data = find_binary(data,"2DE9F04780460F46")
|
usbdl_get_data = find_binary(data, "2DE9F04780460F46")
|
||||||
usbdl_put_data = find_binary(data,"10B5064AD4689368")
|
usbdl_put_data = find_binary(data, "10B5064AD4689368")
|
||||||
usbdl_put_word = find_binary(data, b"\x2D\xE9\xF8\x4F\x80\x46\x8a\x46.\x48")
|
usbdl_put_word = find_binary(data, b"\x2D\xE9\xF8\x4F\x80\x46\x8a\x46.\x48")
|
||||||
|
|
||||||
usbdl_ptr = None
|
usbdl_ptr = None
|
||||||
if usbdl_put_word:
|
if usbdl_put_word:
|
||||||
mpos=(usbdl_put_word&0xFFFFF)+7
|
mpos = (usbdl_put_word & 0xFFFFF) + 7
|
||||||
offset, Rn = ldr_lit(mpos,
|
offset, Rn = ldr_lit(mpos,
|
||||||
unpack("<H", data[mpos:mpos + 2])[0])
|
unpack("<H", data[mpos:mpos + 2])[0])
|
||||||
usbdl_ptr = (base | offset)
|
usbdl_ptr = (base | offset)
|
||||||
|
|
@ -96,12 +96,12 @@ def main():
|
||||||
pos -= 0x4
|
pos -= 0x4
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos += 1
|
pos += 1
|
||||||
send_usb_response=base|pos
|
send_usb_response = base | pos
|
||||||
pos = find_binary(data, b"\x10\xB5.\xF0...\x46", 0)
|
pos = find_binary(data, b"\x10\xB5.\xF0...\x46", 0)
|
||||||
if pos is None:
|
if pos is None:
|
||||||
pos = find_binary(data, b"\xB5.\xF0...\x49", 0)
|
pos = find_binary(data, b"\xB5.\xF0...\x49", 0)
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos-=1
|
pos -= 1
|
||||||
else:
|
else:
|
||||||
pos2 = find_binary(data, "46FFF7", pos + 8)
|
pos2 = find_binary(data, "46FFF7", pos + 8)
|
||||||
if pos2 != None:
|
if pos2 != None:
|
||||||
|
|
@ -120,58 +120,58 @@ def main():
|
||||||
startpos = posr + 2
|
startpos = posr + 2
|
||||||
|
|
||||||
pattern = b"\xB5.\xF0"
|
pattern = b"\xB5.\xF0"
|
||||||
sla=None
|
sla = None
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
sbcpos = pos
|
sbcpos = pos
|
||||||
print("sbc:\t\t\t\t\t\t0x%08X" % (base|pos))
|
print("sbc:\t\t\t\t\t\t0x%08X" % (base | pos))
|
||||||
pos = find_binary(data, pattern, pos + 8)
|
pos = find_binary(data, pattern, pos + 8)
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos -= 1
|
pos -= 1
|
||||||
print("sla:\t\t\t\t\t\t0x%08X" % (base|pos))
|
print("sla:\t\t\t\t\t\t0x%08X" % (base | pos))
|
||||||
sla=pos
|
sla = pos
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos = find_binary(data, pattern, ((base|pos) + 2))
|
pos = find_binary(data, pattern, ((base | pos) + 2))
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos -= 1
|
pos -= 1
|
||||||
print("daa:\t\t\t\t\t\t0x%08X" % (base|pos))
|
print("daa:\t\t\t\t\t\t0x%08X" % (base | pos))
|
||||||
sec_mode=None
|
sec_mode = None
|
||||||
sec_sbc=None
|
sec_sbc = None
|
||||||
if sla is not None:
|
if sla is not None:
|
||||||
if data[sla+9]&0xF0==0x60:
|
if data[sla + 9] & 0xF0 == 0x60:
|
||||||
offset, Rn = ldr_lit(sla + 6,
|
offset, Rn = ldr_lit(sla + 6,
|
||||||
unpack("<H", data[sla + 6:sla + 6 + 2])[0])
|
unpack("<H", data[sla + 6:sla + 6 + 2])[0])
|
||||||
sec_sbc=unpack("<I",data[offset:offset+4])[0]
|
sec_sbc = unpack("<I", data[offset:offset + 4])[0]
|
||||||
if data[sla+8]==0x51:
|
if data[sla + 8] == 0x51:
|
||||||
sec_sbc+=4
|
sec_sbc += 4
|
||||||
sec_mode=0
|
sec_mode = 0
|
||||||
else:
|
else:
|
||||||
mpos = find_binary(data, "48C16809B1", 0)
|
mpos = find_binary(data, "48C16809B1", 0)
|
||||||
if mpos is not None:
|
if mpos is not None:
|
||||||
mpos-=1
|
mpos -= 1
|
||||||
sec_mode = 1
|
sec_mode = 1
|
||||||
offset, Rn = ldr_lit(mpos,
|
offset, Rn = ldr_lit(mpos,
|
||||||
unpack("<H", data[mpos:mpos+2])[0])
|
unpack("<H", data[mpos:mpos + 2])[0])
|
||||||
rbase=unpack("<I",data[offset:offset+4])[0]
|
rbase = unpack("<I", data[offset:offset + 4])[0]
|
||||||
simm5, sRt, sRn = ldr_imm(unpack("<H", data[mpos+2:mpos + 4])[0])
|
simm5, sRt, sRn = ldr_imm(unpack("<H", data[mpos + 2:mpos + 4])[0])
|
||||||
sec_sbc = (rbase+(simm5*4))
|
sec_sbc = (rbase + (simm5 * 4))
|
||||||
instr=unpack("<H", data[sla+0x12:sla+0x12+2])[0]
|
instr = unpack("<H", data[sla + 0x12:sla + 0x12 + 2])[0]
|
||||||
offset, Rn = ldr_lit(sla+0x12,instr)
|
offset, Rn = ldr_lit(sla + 0x12, instr)
|
||||||
rbase=unpack("<I",data[offset:offset+4])[0]
|
rbase = unpack("<I", data[offset:offset + 4])[0]
|
||||||
simm5, sRt, sRn = ldr_imm(unpack("<H", data[sla+0x12+2:sla+0x12 + 4])[0])
|
simm5, sRt, sRn = ldr_imm(unpack("<H", data[sla + 0x12 + 2:sla + 0x12 + 4])[0])
|
||||||
sec_sla = (rbase + (simm5 * 4))
|
sec_sla = (rbase + (simm5 * 4))
|
||||||
|
|
||||||
func_wdt=None
|
func_wdt = None
|
||||||
func_acm=None
|
func_acm = None
|
||||||
pos = find_binary(data, "70B50646A648", 0)
|
pos = find_binary(data, "70B50646A648", 0)
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos += 1
|
pos += 1
|
||||||
func_acm = base|pos
|
func_acm = base | pos
|
||||||
pos = find_binary(data, "0F4941F6", 0)
|
pos = find_binary(data, "0F4941F6", 0)
|
||||||
if pos is None:
|
if pos is None:
|
||||||
pos = find_binary(data, "124941F6", 0)
|
pos = find_binary(data, "124941F6", 0)
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos += 1
|
pos += 1
|
||||||
func_wdt=base|pos
|
func_wdt = base | pos
|
||||||
|
|
||||||
pos = find_binary(data, "F8B50024", 0)
|
pos = find_binary(data, "F8B50024", 0)
|
||||||
if pos is None:
|
if pos is None:
|
||||||
|
|
@ -187,8 +187,8 @@ def main():
|
||||||
usb_buffer = unpack("<I", data[offset:offset + 4])[0]
|
usb_buffer = unpack("<I", data[offset:offset + 4])[0]
|
||||||
break
|
break
|
||||||
|
|
||||||
vulnaddr=None
|
vulnaddr = None
|
||||||
var1=None
|
var1 = None
|
||||||
pos = find_binary(data, b"\xA1..\xD0\x21", 0)
|
pos = find_binary(data, b"\xA1..\xD0\x21", 0)
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
for i in range(0, 0x100, 2):
|
for i in range(0, 0x100, 2):
|
||||||
|
|
@ -209,7 +209,8 @@ def main():
|
||||||
unpack("<H", data[vuln_ctrl_handler + i:vuln_ctrl_handler + i + 2])[0])
|
unpack("<H", data[vuln_ctrl_handler + i:vuln_ctrl_handler + i + 2])[0])
|
||||||
vulnaddr = unpack("<I", data[offset:offset + 4])[0]
|
vulnaddr = unpack("<I", data[offset:offset + 4])[0]
|
||||||
if data[vuln_ctrl_handler + i + 1] == 0x6A and usb_buffer != 0:
|
if data[vuln_ctrl_handler + i + 1] == 0x6A and usb_buffer != 0:
|
||||||
simm5, sRt, sRn = ldr_imm(unpack("<H", data[vuln_ctrl_handler + i:vuln_ctrl_handler + i + 2])[0])
|
simm5, sRt, sRn = ldr_imm(
|
||||||
|
unpack("<H", data[vuln_ctrl_handler + i:vuln_ctrl_handler + i + 2])[0])
|
||||||
vulnoff = (simm5 * 4)
|
vulnoff = (simm5 * 4)
|
||||||
var1 = (usb_buffer - vulnaddr - vulnoff) / 0x34
|
var1 = (usb_buffer - vulnaddr - vulnoff) / 0x34
|
||||||
if int(var1) != var1:
|
if int(var1) != var1:
|
||||||
|
|
@ -225,19 +226,19 @@ def main():
|
||||||
pos = find_binary(data, b"\x10\xB5..\xF4.\x00\x21", 0)
|
pos = find_binary(data, b"\x10\xB5..\xF4.\x00\x21", 0)
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos += 1
|
pos += 1
|
||||||
cmd_handler=base|pos
|
cmd_handler = base | pos
|
||||||
|
|
||||||
uart_info = None
|
uart_info = None
|
||||||
pos = find_binary(data, "10B5114A")
|
pos = find_binary(data, "10B5114A")
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
uart_info=pos
|
uart_info = pos
|
||||||
|
|
||||||
uart_addr = None
|
uart_addr = None
|
||||||
pos = find_binary(data, "315F454E930F0E00")
|
pos = find_binary(data, "315F454E930F0E00")
|
||||||
if pos is None:
|
if pos is None:
|
||||||
pos = find_binary(data, "0070315F454E00")
|
pos = find_binary(data, "0070315F454E00")
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos+=6
|
pos += 6
|
||||||
uart_addr = unpack("<I", data[pos:pos + 4])[0]
|
uart_addr = unpack("<I", data[pos:pos + 4])[0]
|
||||||
else:
|
else:
|
||||||
pos += 8
|
pos += 8
|
||||||
|
|
@ -266,8 +267,8 @@ def main():
|
||||||
pos += 8
|
pos += 8
|
||||||
instr = unpack("<H", data[pos:pos + 2])[0]
|
instr = unpack("<H", data[pos:pos + 2])[0]
|
||||||
offset, Rn = ldr_lit(pos, instr)
|
offset, Rn = ldr_lit(pos, instr)
|
||||||
blacklist_ptr = unpack("<I", data[offset:offset + 4])[0]&0xFFFFF
|
blacklist_ptr = unpack("<I", data[offset:offset + 4])[0] & 0xFFFFF
|
||||||
blacklist = unpack("<I", data[blacklist_ptr-4:blacklist_ptr-4 + 4])[0]
|
blacklist = unpack("<I", data[blacklist_ptr - 4:blacklist_ptr - 4 + 4])[0]
|
||||||
else:
|
else:
|
||||||
pos += 10
|
pos += 10
|
||||||
else:
|
else:
|
||||||
|
|
@ -282,16 +283,16 @@ def main():
|
||||||
pos = find_binary(data, b"\x02\x4A\x02\x60")
|
pos = find_binary(data, b"\x02\x4A\x02\x60")
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos += 4
|
pos += 4
|
||||||
blacklistcount = unpack("<H", data[pos:pos + 2])[0]&0xF
|
blacklistcount = unpack("<H", data[pos:pos + 2])[0] & 0xF
|
||||||
|
|
||||||
blacklist2 = None
|
blacklist2 = None
|
||||||
pos = find_binary(data, b"\x10\xB5..\xD2\xF8\x90\x30\x10\x32")
|
pos = find_binary(data, b"\x10\xB5..\xD2\xF8\x90\x30\x10\x32")
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos+=2
|
pos += 2
|
||||||
instr = unpack("<H", data[pos:pos + 2])[0]
|
instr = unpack("<H", data[pos:pos + 2])[0]
|
||||||
offset, Rn = ldr_lit(pos, instr)
|
offset, Rn = ldr_lit(pos, instr)
|
||||||
bl2 = unpack("<I", data[offset:offset + 4])[0]
|
bl2 = unpack("<I", data[offset:offset + 4])[0]
|
||||||
blacklist2 = bl2+0x90
|
blacklist2 = bl2 + 0x90
|
||||||
|
|
||||||
pos = 0
|
pos = 0
|
||||||
memread = None
|
memread = None
|
||||||
|
|
@ -314,14 +315,14 @@ def main():
|
||||||
payload_addr = unpack("<I", data[pos:pos + 4])[0]
|
payload_addr = unpack("<I", data[pos:pos + 4])[0]
|
||||||
break
|
break
|
||||||
|
|
||||||
coffs=(usbdl_put_data&0xFFFFF)+1
|
coffs = (usbdl_put_data & 0xFFFFF) + 1
|
||||||
try:
|
try:
|
||||||
offset, Rn = ldr_lit(coffs,
|
offset, Rn = ldr_lit(coffs,
|
||||||
unpack("<H", data[coffs:coffs + 2])[0])
|
unpack("<H", data[coffs:coffs + 2])[0])
|
||||||
except:
|
except:
|
||||||
print("Err:"+sys.argv[1])
|
print("Err:" + sys.argv[1])
|
||||||
send_ptr_offset=offset
|
send_ptr_offset = offset
|
||||||
send_ptr=unpack("<I",data[offset:offset+4])[0]+8
|
send_ptr = unpack("<I", data[offset:offset + 4])[0] + 8
|
||||||
send_ptr_offset = base | offset
|
send_ptr_offset = base | offset
|
||||||
ctrl_addr = None
|
ctrl_addr = None
|
||||||
pos = find_binary(data, "41434D2043")
|
pos = find_binary(data, "41434D2043")
|
||||||
|
|
@ -329,7 +330,6 @@ def main():
|
||||||
pos -= 0x10
|
pos -= 0x10
|
||||||
ctrl_addr = unpack("<I", data[pos:pos + 4])[0]
|
ctrl_addr = unpack("<I", data[pos:pos + 4])[0]
|
||||||
|
|
||||||
|
|
||||||
socid_addr = None
|
socid_addr = None
|
||||||
pos = find_binary(data, "10B501212020FF")
|
pos = find_binary(data, "10B501212020FF")
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
|
|
@ -346,18 +346,18 @@ def main():
|
||||||
offset, Rn = ldr_lit(pos, instr)
|
offset, Rn = ldr_lit(pos, instr)
|
||||||
meid_addr = unpack("<I", data[offset:offset + 4])[0]
|
meid_addr = unpack("<I", data[offset:offset + 4])[0]
|
||||||
|
|
||||||
brom_register_access=None
|
brom_register_access = None
|
||||||
brom_register_access_ptr=None
|
brom_register_access_ptr = None
|
||||||
pos2 = find_binary(data, "2DE9F04100244FF001")
|
pos2 = find_binary(data, "2DE9F04100244FF001")
|
||||||
if pos2 is not None:
|
if pos2 is not None:
|
||||||
brom_register_access = base|pos2
|
brom_register_access = base | pos2
|
||||||
pos = find_binary(data, b"\xA9\x07.\x48", pos2)
|
pos = find_binary(data, b"\xA9\x07.\x48", pos2)
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
pos += 2
|
pos += 2
|
||||||
instr = unpack("<H", data[pos:pos + 2])[0]
|
instr = unpack("<H", data[pos:pos + 2])[0]
|
||||||
offset, Rn = ldr_lit(pos, instr)
|
offset, Rn = ldr_lit(pos, instr)
|
||||||
brom_register_access_ptr=base|pos2
|
brom_register_access_ptr = base | pos2
|
||||||
brom_register_access_ptr_offset=base|offset
|
brom_register_access_ptr_offset = base | offset
|
||||||
else:
|
else:
|
||||||
pos = find_binary(data, "194D1B49", pos2)
|
pos = find_binary(data, "194D1B49", pos2)
|
||||||
if pos is not None:
|
if pos is not None:
|
||||||
|
|
@ -379,7 +379,7 @@ def main():
|
||||||
print("*sec_mode:\t\t\t\t\t0x%08X" % sec_mode)
|
print("*sec_mode:\t\t\t\t\t0x%08X" % sec_mode)
|
||||||
if sec_sbc:
|
if sec_sbc:
|
||||||
print("*sec_sbc:\t\t\t\t\t0x%08X" % sec_sbc)
|
print("*sec_sbc:\t\t\t\t\t0x%08X" % sec_sbc)
|
||||||
if sec_mode==1:
|
if sec_mode == 1:
|
||||||
print("*sec_sla:\t\t\t\t\t0x%08X" % sec_sla)
|
print("*sec_sla:\t\t\t\t\t0x%08X" % sec_sla)
|
||||||
print("*func_usb_buffer:\t\t\t0x%08X" % (func_usb_buffer + 1 | base))
|
print("*func_usb_buffer:\t\t\t0x%08X" % (func_usb_buffer + 1 | base))
|
||||||
print("usb_buffer:\t\t\t\t\t0x%08X" % usb_buffer)
|
print("usb_buffer:\t\t\t\t\t0x%08X" % usb_buffer)
|
||||||
|
|
@ -394,7 +394,7 @@ def main():
|
||||||
if usbdl_ptr:
|
if usbdl_ptr:
|
||||||
print("usbdl_ptr:\t\t\t\t\t\t0x%08X" % usbdl_ptr)
|
print("usbdl_ptr:\t\t\t\t\t\t0x%08X" % usbdl_ptr)
|
||||||
else:
|
else:
|
||||||
print("Uhoh: "+sys.argv[1])
|
print("Uhoh: " + sys.argv[1])
|
||||||
if memread:
|
if memread:
|
||||||
print("memread:\t\t\t\t\t0x%08X" % memread)
|
print("memread:\t\t\t\t\t0x%08X" % memread)
|
||||||
if payload_addr:
|
if payload_addr:
|
||||||
|
|
@ -422,26 +422,27 @@ def main():
|
||||||
if cmd_handler:
|
if cmd_handler:
|
||||||
print("*cmd_handler:\t\t\t\t0x%08X" % cmd_handler)
|
print("*cmd_handler:\t\t\t\t0x%08X" % cmd_handler)
|
||||||
if brom_register_access_ptr:
|
if brom_register_access_ptr:
|
||||||
print(f"brom_register_access_ptr:\t\t\t\t\t({hex(brom_register_access_ptr)},{hex(brom_register_access_ptr_offset)}),")
|
print(
|
||||||
|
f"brom_register_access_ptr:\t\t\t\t\t({hex(brom_register_access_ptr)},{hex(brom_register_access_ptr_offset)}),")
|
||||||
if meid_addr:
|
if meid_addr:
|
||||||
print(f"meid_addr:\t\t\t\t\t{hex(meid_addr)}")
|
print(f"meid_addr:\t\t\t\t\t{hex(meid_addr)}")
|
||||||
if socid_addr:
|
if socid_addr:
|
||||||
print(f"socid_addr:\t\t\t\t\t{hex(socid_addr)}")
|
print(f"socid_addr:\t\t\t\t\t{hex(socid_addr)}")
|
||||||
print("da_range:\t\t\t\t\t0x%08X" % offset)
|
print("da_range:\t\t\t\t\t0x%08X" % offset)
|
||||||
|
|
||||||
if sec_mode==1:
|
if sec_mode == 1:
|
||||||
sec_offset=0x28
|
sec_offset = 0x28
|
||||||
else:
|
else:
|
||||||
sec_offset=0x40
|
sec_offset = 0x40
|
||||||
sec_sla=0
|
sec_sla = 0
|
||||||
|
|
||||||
if blacklist2 is None:
|
if blacklist2 is None:
|
||||||
blacklist2 = 0
|
blacklist2 = 0
|
||||||
import os
|
import os
|
||||||
socname=os.path.basename(sys.argv[1]).replace(".bin","")[:6]
|
socname = os.path.basename(sys.argv[1]).replace(".bin", "")[:6]
|
||||||
try:
|
try:
|
||||||
if usbdl_ptr:
|
if usbdl_ptr:
|
||||||
header =f"""
|
header = f"""
|
||||||
#include <inttypes.h>
|
#include <inttypes.h>
|
||||||
#define PAYLOAD_2_0
|
#define PAYLOAD_2_0
|
||||||
char SOC_NAME[] = "{socname}";
|
char SOC_NAME[] = "{socname}";
|
||||||
|
|
@ -455,7 +456,7 @@ volatile uint32_t **SEC_REG2=(volatile uint32_t **){hex(sec_sla)};
|
||||||
volatile uint32_t SEC_OFFSET={hex(sec_offset)};
|
volatile uint32_t SEC_OFFSET={hex(sec_offset)};
|
||||||
volatile uint32_t *bladdr=(volatile uint32_t *){hex(blacklist)};
|
volatile uint32_t *bladdr=(volatile uint32_t *){hex(blacklist)};
|
||||||
volatile uint32_t *bladdr2=(volatile uint32_t *){hex(blacklist2)};
|
volatile uint32_t *bladdr2=(volatile uint32_t *){hex(blacklist2)};
|
||||||
volatile uint32_t *uart_reg0 = (volatile uint32_t*){hex(uart_addr+0x14)};
|
volatile uint32_t *uart_reg0 = (volatile uint32_t*){hex(uart_addr + 0x14)};
|
||||||
volatile uint32_t *uart_reg1 = (volatile uint32_t*){hex(uart_addr)};
|
volatile uint32_t *uart_reg1 = (volatile uint32_t*){hex(uart_addr)};
|
||||||
|
|
||||||
int (*cmd_handler)() = (void*){hex(cmd_handler)};
|
int (*cmd_handler)() = (void*){hex(cmd_handler)};
|
||||||
|
|
@ -464,9 +465,10 @@ int (*cmd_handler)() = (void*){hex(cmd_handler)};
|
||||||
print(header)
|
print(header)
|
||||||
if not os.path.exists("headers"):
|
if not os.path.exists("headers"):
|
||||||
os.mkdir("headers")
|
os.mkdir("headers")
|
||||||
open(os.path.join("headers",socname+".h"),"w").write(header)
|
open(os.path.join("headers", socname + ".h"), "w").write(header)
|
||||||
except:
|
except:
|
||||||
print(sys.argv[1])
|
print(sys.argv[1])
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
main()
|
main()
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ from struct import unpack
|
||||||
from mtkclient.config.payloads import pathconfig
|
from mtkclient.config.payloads import pathconfig
|
||||||
from mtkclient.Library.utils import read_object
|
from mtkclient.Library.utils import read_object
|
||||||
from mtkclient.Library.utils import find_binary
|
from mtkclient.Library.utils import find_binary
|
||||||
|
|
||||||
entry_region = [
|
entry_region = [
|
||||||
('m_buf', 'I'),
|
('m_buf', 'I'),
|
||||||
('m_len', 'I'),
|
('m_len', 'I'),
|
||||||
|
|
@ -27,7 +28,8 @@ DA = [
|
||||||
# vector<entry_region> LoadRegion
|
# vector<entry_region> LoadRegion
|
||||||
]
|
]
|
||||||
|
|
||||||
efusedb={}
|
efusedb = {}
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
da_setup = []
|
da_setup = []
|
||||||
|
|
@ -54,7 +56,8 @@ def main():
|
||||||
da.append(entry_tmp)
|
da.append(entry_tmp)
|
||||||
da_setup.append(da)
|
da_setup.append(da)
|
||||||
print(f"Loader: {os.path.basename(loader)}")
|
print(f"Loader: {os.path.basename(loader)}")
|
||||||
dadb[da[0]["hw_code"]]=[("da_payload_addr",da[2]["m_start_addr"]),("pl_payload_addr", da[3]["m_start_addr"])]
|
dadb[da[0]["hw_code"]] = [("da_payload_addr", da[2]["m_start_addr"]),
|
||||||
|
("pl_payload_addr", da[3]["m_start_addr"])]
|
||||||
print("hwcode: 0x%04X" % da[0]["hw_code"])
|
print("hwcode: 0x%04X" % da[0]["hw_code"])
|
||||||
print("hw_sub_code: 0x%04X" % da[0]["hw_sub_code"])
|
print("hw_sub_code: 0x%04X" % da[0]["hw_sub_code"])
|
||||||
print("hw_version: 0x%04X" % da[0]["hw_version"])
|
print("hw_version: 0x%04X" % da[0]["hw_version"])
|
||||||
|
|
@ -62,56 +65,60 @@ def main():
|
||||||
print("Reserved1: 0x%04X" % da[0]["reserved1"])
|
print("Reserved1: 0x%04X" % da[0]["reserved1"])
|
||||||
print("Reserved3: 0x%04X" % da[0]["reserved3"])
|
print("Reserved3: 0x%04X" % da[0]["reserved3"])
|
||||||
for i in range(da[0]["entry_region_count"]):
|
for i in range(da[0]["entry_region_count"]):
|
||||||
entry=da[i+1]
|
entry = da[i + 1]
|
||||||
print(f"\t{i}: "+hex(entry['m_start_addr']))
|
print(f"\t{i}: " + hex(entry['m_start_addr']))
|
||||||
mbuf=da[3]["m_buf"]
|
mbuf = da[3]["m_buf"]
|
||||||
m_len=da[3]["m_len"]
|
m_len = da[3]["m_len"]
|
||||||
startaddr=da[3]["m_start_addr"]
|
startaddr = da[3]["m_start_addr"]
|
||||||
with open(loader,"rb") as rf:
|
with open(loader, "rb") as rf:
|
||||||
rf.seek(mbuf)
|
rf.seek(mbuf)
|
||||||
da2data=rf.read(m_len)
|
da2data = rf.read(m_len)
|
||||||
fname=os.path.join("loaders",hex(da[0]["hw_code"])[2:]+"_"+hex(startaddr)[2:]+os.path.basename(loader))
|
fname = os.path.join("loaders",
|
||||||
open(fname,"wb").write(da2data)
|
hex(da[0]["hw_code"])[2:] + "_" + hex(startaddr)[2:] + os.path.basename(
|
||||||
mbuf=da[2]["m_buf"]
|
loader))
|
||||||
m_len=da[2]["m_len"]
|
open(fname, "wb").write(da2data)
|
||||||
startaddr=da[2]["m_start_addr"]
|
mbuf = da[2]["m_buf"]
|
||||||
|
m_len = da[2]["m_len"]
|
||||||
|
startaddr = da[2]["m_start_addr"]
|
||||||
sys.stdout.flush()
|
sys.stdout.flush()
|
||||||
with open(loader,"rb") as rf:
|
with open(loader, "rb") as rf:
|
||||||
rf.seek(mbuf)
|
rf.seek(mbuf)
|
||||||
data=rf.read(m_len)
|
data = rf.read(m_len)
|
||||||
hashidx=data.find(int.to_bytes(0xC0070004,4,'little'))
|
hashidx = data.find(int.to_bytes(0xC0070004, 4, 'little'))
|
||||||
if hashidx!=-1:
|
if hashidx != -1:
|
||||||
print("Hash check found.")
|
print("Hash check found.")
|
||||||
else:
|
else:
|
||||||
hashidx = data.find(b"\xCC\xF2\x07\x09") # => b"\x4F\xF0\x00\x09""
|
hashidx = data.find(b"\xCC\xF2\x07\x09") # => b"\x4F\xF0\x00\x09""
|
||||||
if hashidx != -1:
|
if hashidx != -1:
|
||||||
print("Hash check 2 found.")
|
print("Hash check 2 found.")
|
||||||
else:
|
else:
|
||||||
hashidx = find_binary(data,b"\x14\x2C\xF6.\xFE\xE7") # => b"\x14\x2C\xF6\xD1\x00\x00"
|
hashidx = find_binary(data, b"\x14\x2C\xF6.\xFE\xE7") # => b"\x14\x2C\xF6\xD1\x00\x00"
|
||||||
if hashidx is not None:
|
if hashidx is not None:
|
||||||
print("Hash check 3 found.")
|
print("Hash check 3 found.")
|
||||||
else:
|
else:
|
||||||
print("HASH ERROR !!!!")
|
print("HASH ERROR !!!!")
|
||||||
|
|
||||||
fname=os.path.join("loaders",hex(da[0]["hw_code"])[2:]+"_"+hex(startaddr)[2:]+os.path.basename(loader))
|
fname = os.path.join("loaders",
|
||||||
open(fname,"wb").write(data)
|
hex(da[0]["hw_code"])[2:] + "_" + hex(startaddr)[2:] + os.path.basename(
|
||||||
|
loader))
|
||||||
|
open(fname, "wb").write(data)
|
||||||
print(f"Offset: {hex(mbuf)}")
|
print(f"Offset: {hex(mbuf)}")
|
||||||
print(f"Length: {hex(m_len)}")
|
print(f"Length: {hex(m_len)}")
|
||||||
print(f"Addr: {hex(startaddr)}")
|
print(f"Addr: {hex(startaddr)}")
|
||||||
bootldr.seek(da[2]["m_buf"])
|
bootldr.seek(da[2]["m_buf"])
|
||||||
tt=bootldr.read(da[2]["m_len"])
|
tt = bootldr.read(da[2]["m_len"])
|
||||||
idx = tt.find(bytes.fromhex("70BB442D27D244A7"))
|
idx = tt.find(bytes.fromhex("70BB442D27D244A7"))
|
||||||
#idx = tt.find(bytes.fromhex("01279360D36013615361"))
|
#idx = tt.find(bytes.fromhex("01279360D36013615361"))
|
||||||
if idx!=-1:
|
if idx != -1:
|
||||||
print("V3 Enabled")
|
print("V3 Enabled")
|
||||||
bootldr.seek(da[3]["m_buf"])
|
bootldr.seek(da[3]["m_buf"])
|
||||||
tt=bootldr.read(da[3]["m_len"])
|
tt = bootldr.read(da[3]["m_len"])
|
||||||
idx2 = tt.find(bytes.fromhex("03 29 0D D9 07 4B 1B 68 03 60"))
|
idx2 = tt.find(bytes.fromhex("03 29 0D D9 07 4B 1B 68 03 60"))
|
||||||
if idx2!=-1:
|
if idx2 != -1:
|
||||||
efusedb[da[0]["hw_code"]]=hex(int.from_bytes(tt[idx2+0x24:idx2+0x28],'little')&0xFFFFF000)
|
efusedb[da[0]["hw_code"]] = hex(int.from_bytes(tt[idx2 + 0x24:idx2 + 0x28], 'little') & 0xFFFFF000)
|
||||||
else:
|
else:
|
||||||
if not da[0]["hw_code"] in efusedb:
|
if not da[0]["hw_code"] in efusedb:
|
||||||
efusedb[da[0]["hw_code"]]="None"
|
efusedb[da[0]["hw_code"]] = "None"
|
||||||
print()
|
print()
|
||||||
|
|
||||||
sorted_dict = dict(sorted(efusedb.items()))
|
sorted_dict = dict(sorted(efusedb.items()))
|
||||||
|
|
@ -135,5 +142,6 @@ def main():
|
||||||
print(str(idx)+" "+name+": "+hex(fields[2]))
|
print(str(idx)+" "+name+": "+hex(fields[2]))
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if __name__=="__main__":
|
|
||||||
|
if __name__ == "__main__":
|
||||||
main()
|
main()
|
||||||
|
|
@ -9,3 +9,5 @@ mock >= 4.0.3
|
||||||
pyserial >= 3.5
|
pyserial >= 3.5
|
||||||
flake8
|
flake8
|
||||||
fusepy
|
fusepy
|
||||||
|
unicorn
|
||||||
|
capstone
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue