FreeCalypso > hg > freecalypso-reveng

annotate mot931c/hack-payload.disasm @ 406:1a852266ba74

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tfo moved to gsm-net-reveng repository
author Mychaela Falconia <falcon@freecalypso.org>
date Fri, 24 May 2024 21:19:59 +0000
parents 9082f3991fe5
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
157
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
1 ; This hack payload must be receiving control in the ARM state,
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
2 ; as the instruction at 0 makes sense as ARM, but not as Thumb.
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
3
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
4 ; SVC mode, IRQ & FIQ disabled
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
5 0: e321f0d3 msr CPSR_c, #211 ; 0xd3
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
6 ; disable the watchdog
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
7 4: e59f10b4 ldr r1, =0xfffff802 ; via 0xc0
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
8 8: e3a000f5 mov r0, #245 ; 0xf5
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
9 c: e1c100b2 strh r0, [r1, #2]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
10 10: e3a000a0 mov r0, #160 ; 0xa0
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
11 14: e1c100b2 strh r0, [r1, #2]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
12 ; MODEM UART
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
13 18: e59f60a4 ldr r6, =0xffff5800 ; via 0xc4
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
14 ; wait for "INT" input
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
15 1c: e5d60005 ldrb r0, [r6, #5]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
16 20: e3100001 tst r0, #1
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
17 24: 0afffffc beq 0x1c
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
18 28: e5d65000 ldrb r5, [r6]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
19 2c: e3550049 cmp r5, #73 ; 0x49
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
20 30: 1afffff9 bne 0x1c
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
21 34: e5d60005 ldrb r0, [r6, #5]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
22 38: e3100001 tst r0, #1
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
23 3c: 0afffffc beq 0x34
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
24 40: e5d65000 ldrb r5, [r6]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
25 44: e355004e cmp r5, #78 ; 0x4e
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
26 48: 1afffff3 bne 0x1c
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
27 4c: e5d60005 ldrb r0, [r6, #5]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
28 50: e3100001 tst r0, #1
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
29 54: 0afffffc beq 0x4c
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
30 58: e5d65000 ldrb r5, [r6]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
31 5c: e3550054 cmp r5, #84 ; 0x54
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
32 60: 1affffed bne 0x1c
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
33 ; send 'X'
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
34 64: e3a00058 mov r0, #88 ; 0x58
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
35 68: e5c60000 strb r0, [r6]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
36 ; receive 2 bytes of length (LSB first)
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
37 6c: e1a00000 mov r0, r0
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
38 70: e5d60005 ldrb r0, [r6, #5]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
39 74: e3100001 tst r0, #1
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
40 78: 0afffffc beq 0x70
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
41 7c: e5d65000 ldrb r5, [r6]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
42 80: e5d60005 ldrb r0, [r6, #5]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
43 84: e3100001 tst r0, #1
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
44 88: 0afffffc beq 0x80
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
45 8c: e5d60000 ldrb r0, [r6]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
46 90: e1855400 orr r5, r5, r0, lsl #8
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
47 ; receive next stage payload
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
48 94: e59f402c ldr r4, =0x800100 ; via 0xc8
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
49 98: e1a03004 mov r3, r4
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
50 9c: e5d60005 ldrb r0, [r6, #5]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
51 a0: e3100001 tst r0, #1
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
52 a4: 0afffffc beq 0x9c
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
53 a8: e5d60000 ldrb r0, [r6]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
54 ac: e5c40000 strb r0, [r4]
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
55 b0: e2844001 add r4, r4, #1
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
56 b4: e2555001 subs r5, r5, #1
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
57 b8: 1afffff7 bne 0x9c
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
58 ; jump to it
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
59 bc: e12fff13 bx r3
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
60
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
61 ; literal pool
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
62 c0: fffff802
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
63 c4: ffff5800
9082f3991fe5 mot931c break-in procedure cracked
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
64 c8: 00800100