def main(): a = p.parse_args() if not a.offset.startswith('0x'): a.offset = '0x' + a.offset offset = int(a.offset, 16) bytes = unhex(a.bytes) elf = ELF(a.elf) elf.write(offset, bytes) sys.stdout.write(elf.get_data())
def patch(f, implant_elf, implant): e = ELF(f) sections_base_addr = e.symbols["sections"] implant_section_num = 3 # base 0 section_patch_addr = sections_base_addr + implant_section_num * 0x20 implant_prom_addr = 0x00220000 implant_prom_len = len(implant) implant_load_addr = 0x42800000 implant_section_flags = 0 # Not Compressed section_patch = pack(">IIII", implant_load_addr, implant_prom_addr, implant_prom_len, implant_section_flags) section_patch = section_patch + b".challenge" # Patch in Implant patch_file(implant, implant_prom_addr) # Patch Sections e.write(section_patch_addr, section_patch) patch_file(section_patch, section_patch_addr) # Patch Entry Point e.write(e.symbols["_entry"], pack(">I", implant_load_addr)) patch_file(pack(">I", implant_load_addr), e.symbols["_entry"]) e.save(f + ".patched") with open(implant_elf, "r+b") as f: data = f.read() #data = re.sub(b'\x42\x80', b'\x00,\x22', data) #data = re.sub(b'\x42\x7f', b'\x00,\x21', data) #data = re.sub(b'\x42\x81', b'\x00,\x23', data) with open(implant_elf, 'wb') as f: f.write(data[:0x18]) f.write(pack(">I", implant_prom_addr)) f.write(data[0x1c:0x3c]) f.write(pack(">II", 0x00210000, 0x00210000)) f.write(data[0x44:0x5c]) f.write(pack(">H", 0x0023)) f.write(data[0x5e:0x60]) f.write(pack(">H", 0x0023)) f.write(data[0x62:])