annotate rvinterf/lowlevel/tfc139.c @ 681:461ab5b255f5

alr_nc.c compiles
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Mon, 29 Sep 2014 19:57:11 +0000
parents 15e69d31c96f
children 0d7cc054ef72
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
1 /*
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
2 * This program is a contender for the title of the ugliest hack
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
3 * in the FreeCalypso project. It will attempt to break into a
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
4 * locked-down TracFone C139 by mimicking the actions of the
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
5 * mot931c.exe TF "unlocker".
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
6 */
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
7
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
8 #include <sys/types.h>
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
9 #include <sys/errno.h>
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
10 #include <stdio.h>
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
11 #include <string.h>
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
12 #include <strings.h>
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
13 #include <stdlib.h>
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
14 #include <unistd.h>
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
15 #include <time.h>
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
16 #include "../include/pktmux.h"
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
17 #include "../include/limits.h"
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
18
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
19 extern int target_fd;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
20 extern char *baudrate_name;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
21
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
22 extern u_char rxpkt[];
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
23 extern size_t rxpkt_len;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
24
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
25 char *logfname;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
26 FILE *logF;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
27 time_t logtime;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
28 int no_output; /* for output.c */
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
29
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
30 int wakeup_after_sec = 7;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
31
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
32 /* see ../../target-utils/tf-breakin/payload.S for the source */
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
33 static u_char iram_payload[112] = {
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
34 0xD3, 0xF0, 0x21, 0xE3, 0x58, 0x10, 0x9F, 0xE5,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
35 0xF5, 0x00, 0xA0, 0xE3, 0xB2, 0x00, 0xC1, 0xE1,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
36 0xA0, 0x00, 0xA0, 0xE3, 0xB2, 0x00, 0xC1, 0xE1,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
37 0x48, 0x60, 0x9F, 0xE5, 0x05, 0x00, 0xD6, 0xE5,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
38 0x20, 0x00, 0x10, 0xE3, 0xFC, 0xFF, 0xFF, 0x0A,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
39 0x2C, 0x10, 0x8F, 0xE2, 0x06, 0x20, 0xA0, 0xE3,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
40 0x01, 0x00, 0xD1, 0xE4, 0x00, 0x00, 0xC6, 0xE5,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
41 0x01, 0x20, 0x52, 0xE2, 0xFB, 0xFF, 0xFF, 0x1A,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
42 0x05, 0x00, 0xD6, 0xE5, 0x40, 0x00, 0x10, 0xE3,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
43 0xFC, 0xFF, 0xFF, 0x0A, 0x18, 0x10, 0x9F, 0xE5,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
44 0x01, 0x2C, 0xA0, 0xE3, 0xB0, 0x20, 0xC1, 0xE1,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
45 0x00, 0xF0, 0xA0, 0xE3, 0x02, 0x02, 0x02, 0x4F,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
46 0x4B, 0x02, 0x00, 0x00, 0x02, 0xF8, 0xFF, 0xFF,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
47 0x00, 0x58, 0xFF, 0xFF, 0x10, 0xFB, 0xFF, 0xFF
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
48 };
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
49
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
50 static unsigned iram_load_addr = 0x800000;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
51 static unsigned stack_smash_addr = 0x837C54;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
52
360
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
53 static u_char stack_smash_payload[4];
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
54
418
a9bf3e92a30c tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 361
diff changeset
55 static char *target_tty_port;
a9bf3e92a30c tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 361
diff changeset
56
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
57 static void
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
58 send_compal_memwrite(addr, payload, payload_len)
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
59 unsigned addr;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
60 u_char *payload;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
61 {
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
62 u_char pkt[MAX_PKT_TO_TARGET];
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
63 int i, csum, csum_offset;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
64
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
65 pkt[0] = RVT_TM_HEADER;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
66 pkt[1] = 0x40; /* Compal's non-standard addition */
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
67 pkt[2] = addr;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
68 pkt[3] = addr >> 8;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
69 pkt[4] = addr >> 16;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
70 pkt[5] = addr >> 24;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
71 bcopy(payload, pkt + 6, payload_len);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
72 csum_offset = payload_len + 6;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
73 csum = 0;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
74 for (i = 1; i < csum_offset; i++)
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
75 csum ^= pkt[i];
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
76 pkt[i] = csum;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
77 send_pkt_to_target(pkt, i + 1);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
78 }
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
79
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
80 main(argc, argv)
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
81 char **argv;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
82 {
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
83 extern char *optarg;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
84 extern int optind;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
85 int c;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
86 fd_set fds;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
87
432
15e69d31c96f tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 419
diff changeset
88 baudrate_name = "57600"; /* what C139 firmware uses */
15e69d31c96f tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 419
diff changeset
89 while ((c = getopt(argc, argv, "a:B:l:s:w:")) != EOF)
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
90 switch (c) {
419
3a46728e054b tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 418
diff changeset
91 case 'a':
3a46728e054b tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 418
diff changeset
92 iram_load_addr = strtoul(optarg, 0, 16);
3a46728e054b tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 418
diff changeset
93 continue;
432
15e69d31c96f tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 419
diff changeset
94 case 'B':
15e69d31c96f tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 419
diff changeset
95 baudrate_name = optarg;
15e69d31c96f tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 419
diff changeset
96 continue;
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
97 case 'l':
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
98 logfname = optarg;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
99 continue;
419
3a46728e054b tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 418
diff changeset
100 case 's':
3a46728e054b tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 418
diff changeset
101 stack_smash_addr = strtoul(optarg, 0, 16);
3a46728e054b tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 418
diff changeset
102 continue;
360
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
103 case 'w':
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
104 wakeup_after_sec = strtoul(optarg, 0, 0);
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
105 continue;
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
106 case '?':
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
107 default:
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
108 usage: fprintf(stderr,
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
109 "usage: %s [options] ttyport\n", argv[0]);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
110 exit(1);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
111 }
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
112 if (argc - optind != 1)
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
113 goto usage;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
114 open_target_serial(argv[optind]);
418
a9bf3e92a30c tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 361
diff changeset
115 target_tty_port = argv[optind];
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
116
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
117 set_serial_nonblock(0);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
118 setlinebuf(stdout);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
119 if (logfname) {
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
120 logF = fopen(logfname, "w");
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
121 if (!logF) {
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
122 perror(logfname);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
123 exit(1);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
124 }
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
125 setlinebuf(logF);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
126 fprintf(logF, "*** Log of TFC139 break-in session ***\n");
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
127 }
361
62f850da5d49 tfc139: log timestamp buglet
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 360
diff changeset
128 time(&logtime);
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
129 output_line("Sending IRAM payload");
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
130 send_compal_memwrite(iram_load_addr, iram_payload, sizeof iram_payload);
360
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
131 stack_smash_payload[0] = iram_load_addr;
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
132 stack_smash_payload[1] = iram_load_addr >> 8;
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
133 stack_smash_payload[2] = iram_load_addr >> 16;
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
134 stack_smash_payload[3] = iram_load_addr >> 24;
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
135 for (;;) {
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
136 FD_ZERO(&fds);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
137 FD_SET(target_fd, &fds);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
138 c = select(target_fd+1, &fds, 0, 0, 0);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
139 time(&logtime);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
140 if (c < 0) {
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
141 if (errno == EINTR)
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
142 continue;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
143 perror("select");
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
144 exit(1);
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
145 }
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
146 if (FD_ISSET(target_fd, &fds))
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
147 process_serial_rx();
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
148 }
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
149 }
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
150
360
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
151 static void
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
152 handle_etm_response()
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
153 {
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
154 char msgbuf[80];
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
155
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
156 if (rxpkt_len != 4 || rxpkt[1] != 0x40 || rxpkt[2] || rxpkt[3] != 0x40){
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
157 output_line("ETM response differs from expected");
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
158 return;
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
159 }
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
160 sprintf(msgbuf, "Sending stack smash write at 0x%x", stack_smash_addr);
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
161 output_line(msgbuf);
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
162 send_compal_memwrite(stack_smash_addr, stack_smash_payload, 4);
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
163 stack_smash_addr += 4;
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
164 }
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
165
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
166 handle_rx_packet()
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
167 {
360
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
168 if (rxpkt_len == 2 && rxpkt[0] == 'O' && rxpkt[1] == 'K') {
418
a9bf3e92a30c tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 361
diff changeset
169 output_line(
a9bf3e92a30c tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 361
diff changeset
170 "Success: target should now be in boot ROM download wait");
a9bf3e92a30c tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 361
diff changeset
171 printf("You can now run fc-loadtool -h compal -c none %s\n",
a9bf3e92a30c tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 361
diff changeset
172 target_tty_port);
a9bf3e92a30c tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 361
diff changeset
173 exit(0);
360
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
174 }
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
175 switch (rxpkt[0]) {
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
176 case RVT_RV_HEADER:
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
177 if (rxpkt_len < 6)
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
178 goto unknown;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
179 print_rv_trace();
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
180 return;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
181 case RVT_L1_HEADER:
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
182 print_l1_trace();
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
183 return;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
184 case RVT_L23_HEADER:
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
185 print_g23_trace();
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
186 return;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
187 case RVT_TM_HEADER:
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
188 print_etm_output_raw();
360
f9d78057d766 tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 359
diff changeset
189 handle_etm_response();
359
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
190 return;
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
191 default:
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
192 unknown:
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
193 print_unknown_packet();
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
194 }
144b5d222de8 tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
195 }