# HG changeset patch # User Mychaela Falconia # Date 1449732575 0 # Node ID 8bdc87c0fc03d5d90cfe77be83a1ca03b22a372a # Parent e9254e0234ab86a8f25e1daa956fd8f4cf414aad memwrite-grep hack-utility written diff -r e9254e0234ab -r 8bdc87c0fc03 .hgignore --- a/.hgignore Mon Oct 19 05:07:25 2015 +0000 +++ b/.hgignore Thu Dec 10 07:29:35 2015 +0000 @@ -25,6 +25,7 @@ ^miscprog/factdiff$ ^miscprog/grokdsn$ ^miscprog/imeibrute$ +^miscprog/memwrite-grep$ ^miscprog/mokosrec2bin$ ^miscprog/pircksum$ ^miscprog/pirimei$ diff -r e9254e0234ab -r 8bdc87c0fc03 miscprog/Makefile --- a/miscprog/Makefile Mon Oct 19 05:07:25 2015 +0000 +++ b/miscprog/Makefile Thu Dec 10 07:29:35 2015 +0000 @@ -1,6 +1,7 @@ CC= gcc CFLAGS= -O2 -STD= atsc calextract factdiff grokdsn mokosrec2bin pircksum rfcap-grep +STD= atsc calextract factdiff grokdsn memwrite-grep mokosrec2bin pircksum \ + rfcap-grep CRYPTO= imeibrute pirimei PROGS= ${STD} ${CRYPTO} @@ -17,6 +18,7 @@ factdiff: factdiff.c grokdsn: grokdsn.c imeibrute: imeibrute.c +memwrite-grep: memwrite-grep.c mokosrec2bin: mokosrec2bin.c pircksum: pircksum.c pirimei: pirimei.c diff -r e9254e0234ab -r 8bdc87c0fc03 miscprog/memwrite-grep.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/miscprog/memwrite-grep.c Thu Dec 10 07:29:35 2015 +0000 @@ -0,0 +1,91 @@ +/* + * This utility performs a memmem() binary "grep", checking to see if a given + * binary file (firmware image) contains the $l1tm_mem_write implementation + * code found in our TCS211 objects and in that one C11x fw version for which + * we have the map file. + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include + +u_char needle[50] = { + 0x30, 0xb5, + 0x45, 0x68, + 0x42, 0x78, + 0x04, 0x3a, + 0x12, 0x06, + 0x13, 0x0e, + 0x00, 0x2b, + 0x09, 0xd0, + 0x00, 0x22, + 0x14, 0x18, + 0x24, 0x7a, + 0x54, 0x55, + 0x52, 0x1c, + 0x12, 0x04, + 0x12, 0x0c, + 0x01, 0x3b, + 0x00, 0x2b, + 0xf6, 0xd1, + 0x00, 0x20, + 0x88, 0x80, + 0x00, 0x06, + 0x00, 0x0e, + 0x48, 0x70, + 0x88, 0x70, + 0x30, 0xbd +}; + +u_char *haystack; +size_t haystack_size; + +read_file(filename) + char *filename; +{ + int fd; + struct stat st; + + fd = open(filename, O_RDONLY); + if (fd < 0) { + perror(filename); + exit(1); + } + fstat(fd, &st); + if (!S_ISREG(st.st_mode)) { + fprintf(stderr, "error: %s is not a regular file\n", filename); + exit(1); + } + haystack_size = st.st_size; + haystack = malloc(haystack_size); + if (!haystack) { + fprintf(stderr, "unable to malloc buffer for %s\n", filename); + exit(1); + } + read(fd, haystack, haystack_size); + close(fd); +} + +main(argc, argv) + char **argv; +{ + u_char *result; + + if (argc != 2) { + fprintf(stderr, "usage: %s firmware.bin\n", argv[0]); + exit(1); + } + read_file(argv[1]); + result = memmem(haystack, haystack_size, needle, sizeof needle); + if (result) + printf("Found the needle bytes at offset 0x%x\n", + result - haystack); + else + printf("Needle bytes not found in this image\n"); + exit(0); +}