def __init__(self, target_sim_path, comm, comp, tc, verbose):
log.setVerbose(verbose)
self.tc = tc
self.failed_testcases = 0
self.device_info = None
self.communication = Communication(comm, self)
self.comp = comp
self.target_sim_path = target_sim_path
self.metadata_file_path = target_sim_path + "/" + comp + ".mi"
self.map_file_path = target_sim_path + "/" + comp + ".map"
self.def_vector_path = target_sim_path + "/" + comp + "_df.vec"
if not os.path.exists(self.metadata_file_path):
log.fatal("Couldn't find metadata file: " + self.metadata_file_path)
if not os.path.exists(self.def_vector_path):
log.fatal("Couldn't find default vector file: " + self.def_vector_path)
if not os.path.exists(self.map_file_path):
log.fatal("Couldn't find map file: " + self.map_file_path)
def __init__(self, xml, out, scripts, target, verbose):
log.setVerbose(verbose)
self.xml = xml
self.out = out
self.scripts = scripts
self.target = target
def main():
adjustLevels()
parser = argparse.ArgumentParser("ABOOTOOL")
parser.add_argument(
'-e',
'--oem',
dest='oem',
help='Specify OEM to load ABOOT strings of, otherwise try to autodetect'
)
parser.add_argument(
'-d',
'--device',
dest='device',
help=
'Specify device to load ABOOT strings of, otherwise try to autodetect')
parser.add_argument(
'-b',
'--build',
dest='build',
help=
'Specify build to load ABOOT strings of, otherwise try to autodetect')
parser.add_argument('-r',
'--resume',
type=int,
default=0,
dest='index',
help='Resume from specified string index')
parser.add_argument('-i',
'--ignore',
dest='ignore_re',
help='Ignore pattern (regexp)')
parser.add_argument(
'-g',
'--use-strings-generator',
action='store_true',
default=False,
dest='use_strings_generator',
help=
'Use strings generator instead of loading everything a priori (fast but degrades progress)'
)
parser.add_argument(
'-o',
'--output',
action='store_true',
dest='show_output',
help=
"Show output of succeeded fastboot commands. Verbose logging overrides this"
)
parser.add_argument('-l',
'--aboots-list',
action='store_true',
dest='aboots',
help="List available ABOOTs")
parser.add_argument(
'-a',
'--images-add',
dest='images_path',
help=
"Add ABOOT strings from OTA/Factory images. Either a file or a directory."
)
parser.add_argument('-B',
'--blob',
action='store_true',
default=False,
dest='treat_as_blob',
help="Treat specified path as ABOOT blob")
parser.add_argument(
'-S',
'--string-prefix',
default="",
dest='string_prefix',
help=
"When inserting new images, only treat strings with specified prefix")
parser.add_argument('-s',
'--device-serial',
dest='serial',
help="Specify device fastboot SN")
parser.add_argument('-v',
'--verbose',
action='store_true',
dest='verbose',
help='Enable verbose logging')
parser.add_argument('-vv',
'--moreverbose',
action='store_true',
dest='moreverbose',
help='Even more logging')
parser.add_argument('-t',
'--timeout',
type=int,
default=5000,
dest='timeout',
help='USB I/O timeout (ms)')
args = parser.parse_args()
if args.verbose:
log.setVerbose()
if args.moreverbose:
log.setVerbose(True)
I("Welcome to abootool by Aleph Research, HCL technologies")
Config.overlay(args.__dict__)
T("Config = %s", Config)
if args.treat_as_blob:
if not args.oem or not args.device or not args.build:
E("Missing OEM/Device/Build specifiers")
return 1
if args.aboots:
I("BY OEM:")
I("-------")
dump_data(aboot.by_oem())
I("")
I("BY DEVICE:")
I("----------")
dump_data(aboot.by_device())
return 0
if args.images_path:
image.add(args.images_path)
return 0
dev = device.Device(args.serial)
name = dev.device()
adjustLevels()
if name:
I("Device reported name = %s", name)
OEMTester(dev).test(args.index)
return 0
def main():
adjustLevels()
parser = argparse.ArgumentParser(\
prog="firehorse",
usage="python firehorse.py -t TARGET_NAME [options] cmd [cmd_args]",
formatter_class=argparse.RawTextHelpFormatter,
epilog=textwrap.dedent('''\
target commands:
magic causes the magic function in the target_TargetName.py file to be called -
on nokia6 this will activate the secure boot exploit and the device will
boot with root adb access and SELinux in permissive mode
rop executes a rop payload (different for every device)
uart dumps uart buffer
dump_pt dumps the programmer page table
dump_pt32 [skip] dumps the programmer page table (32 bit table format), if 'skip' is passed,
skipps the first 'skip' entries in fisrt level PT
dump_pt64 dumps the programmer page table (64 bit table format)
extract_pbl dumps the device pbl (to a file in the cwd)
extract_modem_pbl dumps the device modem_pbl (to a file in the cwd)
extract_rpm_pbl dumps the device rpm_pbl (to a file in the cwd)
read_partition name dumps the partition specified by name (to a file in the cwd)
write_partition name srcpath overwrites the partition specified by name with the file specified by srcpath
fw commands:
hello send programmer to device
firehosep xml_path send the xml specified in xml_path to the programmer
upload file_path addr upload the binary file specified by file path to the address addr in 32 bit chunks
upload64 file_path addr upload the binary file specified by file path to the address addr in 64 bit chunks
sendfile file_path addr upload the binary file specified by file path to the address addr (faster then upload)
exec addr executes the code located at address addr - for 32 bit code
exec64 addr executes the code located at address addr - for 64 bit code
run file_path addr uploads the file located at file_path to address addr and executes it - for normal arm code
runt file_path addr uploads the file located at file_path to address addr and executes it - for thumb code
peek addr size [output_file] reads size bytes from address addr and prints them to screen,if output_file is passed
the output is written to file
copy dst src size copies size bytes from address src to address dst
poke addr val writes 4 bytes of data specified by the hex value val at address addr
Usage examples:
python firehorse.py -s -c COM17 -t nokia6 target magic
python firehorse.py -c COM17 -t nokia6 fw hello
python firehorse.py -c COM17 -t nokia6 fw peek 0x100000 0x10
'''))
parser.add_argument('-c',
'--com',
dest='com',
help='Specify COM port',
default=constants.COM)
parser.add_argument(
'-t',
'--target',
dest='target_name',
help=
'Specify target, can be one of the following: nokia6 | angler | ugglite | mido | cheeseburger',
required=True)
parser.add_argument(
'-s',
'--hello',
dest='hello',
action='store_true',
help=
'send programmer to device - REQUIRED on the first time you use this tool after the device booted into EDL',
default=False)
parser.add_argument('-v',
'--verbose',
action='store_true',
dest='verbose',
help='Enable verbose logging')
parser.add_argument('-vv',
'--moreverbose',
action='store_true',
dest='moreverbose',
help='Even more logging')
parser.add_argument('cmd',
nargs='*',
help='Conduct command: fw ... | target ...')
args = parser.parse_args()
if args.verbose:
lg.setVerbose()
if args.moreverbose:
lg.setVerbose(True)
if not os.path.exists("../tmp"):
os.mkdir("../tmp")
try:
target.set_target(args.target_name, args.com)
except KeyError:
E("unknown target")
sys.exit(1)
if args.hello:
i = 0
I('sending programmer...')
while True:
try:
i += 1
Framework.send_programmer()
break
except FirehorseDeviceNotConnectedException:
time.sleep(1)
if (i % 10) == 0:
I("device not connected, waiting.")
time.sleep(1)
name = args.cmd[0]
args = args.cmd[1:]
cmds = {'target': target.get().do_cmd, 'fw': fw.do_cmd}
cmds[name](args)