FreeCalypso > hg > freecalypso-reveng
comparison mot931c/emu.c @ 157:9082f3991fe5
mot931c break-in procedure cracked
| author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
|---|---|
| date | Wed, 14 May 2014 05:34:37 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 156:275d0f71a014 | 157:9082f3991fe5 |
|---|---|
| 1 #include <sys/types.h> | |
| 2 #include <sys/file.h> | |
| 3 #include <stdio.h> | |
| 4 #include <stdlib.h> | |
| 5 #include <string.h> | |
| 6 #include <strings.h> | |
| 7 | |
| 8 static int fd; | |
| 9 | |
| 10 static u_char verquery[13] = {0x02, 0x14, 0x41, 0x20, 0x20, 0x00, 0x00, | |
| 11 0x04, 0x00, 0x00, 0x00, 0x45, 0x02}; | |
| 12 | |
| 13 static u_char verquery_resp[10] = {0x41, 0x00, 0x04, 0x00, 0x00, 0x00, | |
| 14 '8', '.', '8', '.'}; | |
| 15 | |
| 16 static u_char download_hdr[3] = {0x02, 0x14, 0x40}; | |
| 17 static u_char download_resp[2] = {0x40, 0x00}; | |
| 18 | |
| 19 send_stx() | |
| 20 { | |
| 21 static u_char stx = 0x02; | |
| 22 | |
| 23 write(fd, &stx, 1); | |
| 24 } | |
| 25 | |
| 26 send_rvtmux_byte(b) | |
| 27 { | |
| 28 u_char buf[2]; | |
| 29 int l, o; | |
| 30 | |
| 31 buf[0] = 0x10; | |
| 32 buf[1] = b; | |
| 33 if (b == 0x02 || b == 0x10) { | |
| 34 o = 0; | |
| 35 l = 2; | |
| 36 } else { | |
| 37 o = 1; | |
| 38 l = 1; | |
| 39 } | |
| 40 write(fd, buf + o, l); | |
| 41 } | |
| 42 | |
| 43 send_etm_resp(data, datalen) | |
| 44 u_char *data; | |
| 45 { | |
| 46 u_char csum; | |
| 47 int i; | |
| 48 | |
| 49 printf("Responding with:"); | |
| 50 send_stx(); | |
| 51 send_rvtmux_byte(0x14); | |
| 52 csum = 0; | |
| 53 for (i = 0; i < datalen; i++) { | |
| 54 printf(" %02X", data[i]); | |
| 55 send_rvtmux_byte(data[i]); | |
| 56 csum ^= data[i]; | |
| 57 } | |
| 58 send_rvtmux_byte(csum); | |
| 59 send_stx(); | |
| 60 putchar('\n'); | |
| 61 } | |
| 62 | |
| 63 main(argc, argv) | |
| 64 char **argv; | |
| 65 { | |
| 66 u_char buf[1024]; | |
| 67 int cc, i; | |
| 68 | |
| 69 if (argc != 2) { | |
| 70 fprintf(stderr, "usage: %s pty\n", argv[0]); | |
| 71 exit(1); | |
| 72 } | |
| 73 fd = open(argv[1], O_RDWR); | |
| 74 if (fd < 0) { | |
| 75 perror(argv[1]); | |
| 76 exit(1); | |
| 77 } | |
| 78 for (;;) { | |
| 79 cc = read(fd, buf, sizeof buf); | |
| 80 if (cc < 0) { | |
| 81 perror("read error"); | |
| 82 exit(1); | |
| 83 } | |
| 84 if (cc == 0) { | |
| 85 fprintf(stderr, "read EOF\n"); | |
| 86 exit(1); | |
| 87 } | |
| 88 printf("read %d bytes:", cc); | |
| 89 for (i = 0; i < cc; i++) | |
| 90 printf(" %02X", buf[i]); | |
| 91 putchar('\n'); | |
| 92 if (cc == sizeof(verquery) && !bcmp(buf, verquery, cc)) | |
| 93 send_etm_resp(verquery_resp, sizeof verquery_resp); | |
| 94 if (cc > 3 && !bcmp(buf, download_hdr, 3)) | |
| 95 send_etm_resp(download_resp, sizeof download_resp); | |
| 96 } | |
| 97 } |