# HG changeset patch # User Michael Spacefalcon # Date 1389835352 0 # Node ID b8753e705e1a55888451f2a90d659c040ed92115 # Parent 023d55d76b28adb0874ad697162a30b65bb45a6f rfcap-grep.c hack-utility written diff -r 023d55d76b28 -r b8753e705e1a .hgignore --- a/.hgignore Mon Dec 02 08:55:38 2013 +0000 +++ b/.hgignore Thu Jan 16 01:22:32 2014 +0000 @@ -6,6 +6,7 @@ ^imeibrute$ ^mokosrec2bin$ ^pirimei$ +^rfcap-grep$ ^mpffs/mpffs-cat$ ^mpffs/mpffs-dbgls$ diff -r 023d55d76b28 -r b8753e705e1a Makefile --- a/Makefile Mon Dec 02 08:55:38 2013 +0000 +++ b/Makefile Thu Jan 16 01:22:32 2014 +0000 @@ -1,6 +1,6 @@ CC= gcc CFLAGS= -O2 -STD= factdiff mokosrec2bin +STD= factdiff mokosrec2bin rfcap-grep CRYPTO= imeibrute pirimei PROGS= ${STD} ${CRYPTO} @@ -16,6 +16,7 @@ imeibrute: imeibrute.c mokosrec2bin: mokosrec2bin.c pirimei: pirimei.c +rfcap-grep: rfcap-grep.c clean: rm -f ${PROGS} *.o *errs *.out diff -r 023d55d76b28 -r b8753e705e1a rfcap-grep.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/rfcap-grep.c Thu Jan 16 01:22:32 2014 +0000 @@ -0,0 +1,65 @@ +/* + * This utility performs a memmem() binary "grep", checking to see if a given + * binary file (mokoN firmware image) contains a particular binary "string" + * of 16 bytes: namely, the 16 bytes found in the "standard" /gsm/com/rfcap + * file on GTA0x modems. + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include + +u_char needle[16] = {0x00, 0x1F, 0x41, 0x14, 0x00, 0x00, 0x00, 0x00, + 0x50, 0x00, 0x00, 0xA5, 0x05, 0x00, 0xC0, 0x00}; +u_char *haystack; +size_t haystack_size; + +read_file(filename) + char *filename; +{ + int fd; + struct stat st; + + fd = open(filename, O_RDONLY); + if (fd < 0) { + perror(filename); + exit(1); + } + fstat(fd, &st); + if (!S_ISREG(st.st_mode)) { + fprintf(stderr, "error: %s is not a regular file\n", filename); + exit(1); + } + haystack_size = st.st_size; + haystack = malloc(haystack_size); + if (!haystack) { + fprintf(stderr, "unable to malloc buffer for %s\n", filename); + exit(1); + } + read(fd, haystack, haystack_size); + close(fd); +} + +main(argc, argv) + char **argv; +{ + u_char *result; + + if (argc != 2) { + fprintf(stderr, "usage: %s mokoN.bin\n", argv[0]); + exit(1); + } + read_file(argv[1]); + result = memmem(haystack, haystack_size, needle, sizeof needle); + if (result) + printf("Found the rfcap bytes at offset 0x%x\n", + result - haystack); + else + printf("rfcap bytes not found in this image\n"); + exit(0); +}