Python Device Examples, plib.Device Python Examples

Example #1

0

Show file

def main():
    script_path = os.path.dirname(os.path.abspath(__file__))
    working_dir = os.path.join(script_path, '.')
    os.chdir(working_dir)
    sys.path.append(working_dir)

    import plib
    import plib.mmc
    import config
    assert config.LK_PAYLOAD_OFFSET % BLOCK_SIZE == 0

    parser = ArgumentParser()
    parser.add_argument('payload')
    parser.add_argument('-b',
                        '--brom',
                        action='store_true',
                        help='Use this if your device already is in BROM')
    parser.add_argument('--skip-handshake', action='store_true')
    args = parser.parse_args()

    with open(args.payload, 'rb') as file:
        payload = file.read()

    #assert len(payload) % BLOCK_SIZE == 0
    while len(payload) % BLOCK_SIZE != 0:
        payload += b'\x00'
    assert len(payload) <= MAX_PAYLOAD_LEN

    if not args.brom:
        d = plib.Device(config.PL_DEV_PATH, True)
        if not args.skip_handshake:
            d.handshake()
        switch_device_to_brom_mode(d)

    d = plib.Device(config.BR_DEV_PATH, True, brom_mode=True)
    d.handshake()

    d.run_ext_cmd(0xB1)

    mmc = plib.mmc.Mmc(d, config.MMC0_BASE, True)
    mmc.mmc_init()
    mmc.mmc_set_part(1)

    blocks_left = len(payload) // BLOCK_SIZE
    for block in range(len(payload) // BLOCK_SIZE):
        print('%d       ' % blocks_left, flush=True, end='\r')
        mmc.mmc_write_single_block(
            block + (config.LK_PAYLOAD_OFFSET // BLOCK_SIZE),
            payload[:BLOCK_SIZE])
        payload = payload[BLOCK_SIZE:]
        blocks_left -= 1

    print('\x1b[0;33mREBOOT\x1b[0m', flush=True)
    d.wdt_reboot()

Example #2

0

Show file

def main():
    parser = ArgumentParser()
    parser.add_argument('file')
    parser.add_argument('-b',
                        '--brom',
                        action='store_true',
                        help='Use this if your device already is in BROM')
    parser.add_argument('--skip-handshake', action='store_true')
    args = parser.parse_args()

    if not args.brom:
        d = plib.Device(config.PL_DEV_PATH, True)
        if not args.skip_handshake:
            d.handshake()
        switch_device_to_brom_mode(d)

    device = plib.Device(config.BR_DEV_PATH, True, brom_mode=True)
    if not args.skip_handshake and args.brom:
        device.handshake()

    # disable caches
    device.run_ext_cmd(0xb1)

    mmc = plib.mmc.Mmc(device, config.MMC0_BASE, True)
    mmc.mmc_init()
    mmc.mmc_set_part(1)

    i = open(args.file, 'rb')
    assert config.BOOT0_SIZE % mmc.block_size == 0
    blocks_left = config.BOOT0_SIZE // mmc.block_size
    for block in range(config.BOOT0_SIZE // mmc.block_size):
        print('%d      ' % blocks_left, end='\r', flush=True)
        mmc.mmc_write_single_block(block, i.read(mmc.block_size))
        blocks_left -= 1
    i.close()

    print('\x1b[0;33mREBOOT\x1b[0m', flush=True)
    device.wdt_reboot()

Example #3

0

Show file

File: flash-uefi.py Project: R0rt1z2/lgk10exploit

def main():
    parser = ArgumentParser()
    parser.add_argument('fd', type=str)
    args = parser.parse_args()

    fd_path = os.path.abspath(args.fd)

    script_path = os.path.dirname(os.path.abspath(__file__))
    working_dir = os.path.join(script_path, '..')
    os.chdir(working_dir)
    sys.path.append(working_dir)

    import plib
    import cdalib

    assert os.path.getsize('microloader/microloader.bin') == LOADER_SIZE
    f = open('microloader/microloader.bin', 'rb')
    microloader = f.read()
    f.close()
    f = open(fd_path, 'rb')
    fd = f.read()
    f.close()

    d = plib.Device(PL_DEV_PATH, True)
    d.handshake()
    d.test()

    payload_length = len(microloader) + len(fd)
    if payload_length % BLOCK_SIZE != 0:
        padding_length = BLOCK_SIZE - (payload_length % BLOCK_SIZE)
    else:
        padding_length = 0

    d = cdalib.Device(AG_DEV_PATH, True)
    d.mmc_init(0)
    d.partition_write('boot', microloader + fd + b'\x00' * padding_length)
    d.reboot()

Example #4

0

Show file

def main():
    parser = ArgumentParser()
    parser.add_argument('-w',
                        '--wait',
                        action='store_true',
                        help='Wait for device')
    parser.add_argument("-v", "--verbose", action="store_true")
    parser.add_argument("--skip-handshake", action="store_true")
    parser.add_argument("-b",
                        '--brom',
                        action='store_true',
                        help='Use BROM mode')
    parser.add_argument("-p", "--port", type=str)
    parser.add_argument("--da-base-address", type=int, default=0x00200000)
    parser.add_argument("--da", type=str)
    parser.add_argument("--meta", action="store_true", help="Use META Mode")
    parser.add_argument("--identify", action="store_true")
    parser.add_argument(
        "--unlock",
        action="store_true",
        help=
        "Try to disable signature verification (temporary) must be run from bootrom"
    )
    parser.add_argument("--read32", type=str, help="Read memory eg, 0x0,1")
    parser.add_argument("--write32",
                        type=str,
                        help="Write memory eg, 0x0:0xff00ff3f,0x00000004,...")
    parser.add_argument('--bootcda', action='store_true')
    parser.add_argument('--test2', action='store_true')
    parser.add_argument(
        '--crash-preloader',
        action='store_true',
        help=
        "On nougat this can be used to enter BootROM mode, on oreo it enters demigod crash handler"
    )
    args = parser.parse_args()

    if args.port:
        port = args.port
    else:
        port = select_default_port(args.brom)

    device = plib.Device(port, args.wait, brom_mode=args.brom)
    if not args.skip_handshake:
        if args.meta:
            device.meta_mode()
        device.handshake()

    if args.crash_preloader:
        device.crash_preloader()
        sys.exit(0)

    if args.unlock:
        device.unlock()

    if args.identify:
        device.identify()

    if args.read32:
        s = args.read32
        n = s.find(',')
        if n == -1:
            try:
                addr = parse_int(s)
                hexdump(device.read32(addr, 1))
            except ValueError:
                print("Invalid argument: %s" % s)
        else:
            s1 = s[:n]
            s2 = s[n + 1:]
            try:
                addr = parse_int(s1)
                size = parse_int(s2)
                hexdump(device.read32(addr, size))
            except ValueError:
                print("Invalid argument: %s" % s)

    if args.write32:
        s = args.write32
        n = s.find(':')
        if n == -1:
            print("Invalid argument: %s" % s)
        else:
            addr = parse_int(s[:n])
            wordlist_str = s[n + 1:].split(",")
            if len(wordlist_str) == 0 or (len(wordlist_str) == 1
                                          and wordlist_str[0] == ''):
                print("Invalid argument: %s" % s)
            else:
                wordlist = []
                try:
                    for word_str in wordlist_str:
                        word = parse_int(word_str)
                        if word > 0xffffffff:
                            raise RuntimeError()
                        wordlist.append(word)
                    device.write32(addr, wordlist)
                except (ValueError, RuntimeError):
                    print("Invalid word: %s" % word_str)

    if args.da:
        with open(args.da, "rb") as f:
            payload = f.read()
            device.upload_da(args.da_base_address, payload)
            f.close()
    if args.bootcda:
        device.bootcda()
    if args.test2:
        device.test2()