FreeCalypso > hg > freecalypso-sw
annotate rvinterf/lowlevel/tfc139.c @ 545:cc584a357886
gsm-fw/L1/include/l1_varex.h: section pragmas changed to gcc attributes
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Sun, 03 Aug 2014 06:29:53 +0000 |
parents | 15e69d31c96f |
children | 0d7cc054ef72 |
rev | line source |
---|---|
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
1 /* |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
2 * This program is a contender for the title of the ugliest hack |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
3 * in the FreeCalypso project. It will attempt to break into a |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
4 * locked-down TracFone C139 by mimicking the actions of the |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
5 * mot931c.exe TF "unlocker". |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
6 */ |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
7 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
8 #include <sys/types.h> |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
9 #include <sys/errno.h> |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
10 #include <stdio.h> |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
11 #include <string.h> |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
12 #include <strings.h> |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
13 #include <stdlib.h> |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
14 #include <unistd.h> |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
15 #include <time.h> |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
16 #include "../include/pktmux.h" |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
17 #include "../include/limits.h" |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
18 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
19 extern int target_fd; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
20 extern char *baudrate_name; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
21 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
22 extern u_char rxpkt[]; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
23 extern size_t rxpkt_len; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
24 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
25 char *logfname; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
26 FILE *logF; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
27 time_t logtime; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
28 int no_output; /* for output.c */ |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
29 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
30 int wakeup_after_sec = 7; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
31 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
32 /* see ../../target-utils/tf-breakin/payload.S for the source */ |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
33 static u_char iram_payload[112] = { |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
34 0xD3, 0xF0, 0x21, 0xE3, 0x58, 0x10, 0x9F, 0xE5, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
35 0xF5, 0x00, 0xA0, 0xE3, 0xB2, 0x00, 0xC1, 0xE1, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
36 0xA0, 0x00, 0xA0, 0xE3, 0xB2, 0x00, 0xC1, 0xE1, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
37 0x48, 0x60, 0x9F, 0xE5, 0x05, 0x00, 0xD6, 0xE5, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
38 0x20, 0x00, 0x10, 0xE3, 0xFC, 0xFF, 0xFF, 0x0A, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
39 0x2C, 0x10, 0x8F, 0xE2, 0x06, 0x20, 0xA0, 0xE3, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
40 0x01, 0x00, 0xD1, 0xE4, 0x00, 0x00, 0xC6, 0xE5, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
41 0x01, 0x20, 0x52, 0xE2, 0xFB, 0xFF, 0xFF, 0x1A, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
42 0x05, 0x00, 0xD6, 0xE5, 0x40, 0x00, 0x10, 0xE3, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
43 0xFC, 0xFF, 0xFF, 0x0A, 0x18, 0x10, 0x9F, 0xE5, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
44 0x01, 0x2C, 0xA0, 0xE3, 0xB0, 0x20, 0xC1, 0xE1, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
45 0x00, 0xF0, 0xA0, 0xE3, 0x02, 0x02, 0x02, 0x4F, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
46 0x4B, 0x02, 0x00, 0x00, 0x02, 0xF8, 0xFF, 0xFF, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
47 0x00, 0x58, 0xFF, 0xFF, 0x10, 0xFB, 0xFF, 0xFF |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
48 }; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
49 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
50 static unsigned iram_load_addr = 0x800000; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
51 static unsigned stack_smash_addr = 0x837C54; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
52 |
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
53 static u_char stack_smash_payload[4]; |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
54 |
418
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
55 static char *target_tty_port; |
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
56 |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
57 static void |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
58 send_compal_memwrite(addr, payload, payload_len) |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
59 unsigned addr; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
60 u_char *payload; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
61 { |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
62 u_char pkt[MAX_PKT_TO_TARGET]; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
63 int i, csum, csum_offset; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
64 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
65 pkt[0] = RVT_TM_HEADER; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
66 pkt[1] = 0x40; /* Compal's non-standard addition */ |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
67 pkt[2] = addr; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
68 pkt[3] = addr >> 8; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
69 pkt[4] = addr >> 16; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
70 pkt[5] = addr >> 24; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
71 bcopy(payload, pkt + 6, payload_len); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
72 csum_offset = payload_len + 6; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
73 csum = 0; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
74 for (i = 1; i < csum_offset; i++) |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
75 csum ^= pkt[i]; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
76 pkt[i] = csum; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
77 send_pkt_to_target(pkt, i + 1); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
78 } |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
79 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
80 main(argc, argv) |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
81 char **argv; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
82 { |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
83 extern char *optarg; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
84 extern int optind; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
85 int c; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
86 fd_set fds; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
87 |
432
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
88 baudrate_name = "57600"; /* what C139 firmware uses */ |
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
89 while ((c = getopt(argc, argv, "a:B:l:s:w:")) != EOF) |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
90 switch (c) { |
419
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
91 case 'a': |
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
92 iram_load_addr = strtoul(optarg, 0, 16); |
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
93 continue; |
432
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
94 case 'B': |
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
95 baudrate_name = optarg; |
15e69d31c96f
tfc139: allow -B option just like rvtdump and rvinterf
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
419
diff
changeset
|
96 continue; |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
97 case 'l': |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
98 logfname = optarg; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
99 continue; |
419
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
100 case 's': |
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
101 stack_smash_addr = strtoul(optarg, 0, 16); |
3a46728e054b
tfc139: -a and -s options to override IRAM payload and stack smash addresses
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
418
diff
changeset
|
102 continue; |
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
103 case 'w': |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
104 wakeup_after_sec = strtoul(optarg, 0, 0); |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
105 continue; |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
106 case '?': |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
107 default: |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
108 usage: fprintf(stderr, |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
109 "usage: %s [options] ttyport\n", argv[0]); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
110 exit(1); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
111 } |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
112 if (argc - optind != 1) |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
113 goto usage; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
114 open_target_serial(argv[optind]); |
418
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
115 target_tty_port = argv[optind]; |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
116 |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
117 set_serial_nonblock(0); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
118 setlinebuf(stdout); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
119 if (logfname) { |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
120 logF = fopen(logfname, "w"); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
121 if (!logF) { |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
122 perror(logfname); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
123 exit(1); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
124 } |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
125 setlinebuf(logF); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
126 fprintf(logF, "*** Log of TFC139 break-in session ***\n"); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
127 } |
361
62f850da5d49
tfc139: log timestamp buglet
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
360
diff
changeset
|
128 time(&logtime); |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
129 output_line("Sending IRAM payload"); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
130 send_compal_memwrite(iram_load_addr, iram_payload, sizeof iram_payload); |
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
131 stack_smash_payload[0] = iram_load_addr; |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
132 stack_smash_payload[1] = iram_load_addr >> 8; |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
133 stack_smash_payload[2] = iram_load_addr >> 16; |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
134 stack_smash_payload[3] = iram_load_addr >> 24; |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
135 for (;;) { |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
136 FD_ZERO(&fds); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
137 FD_SET(target_fd, &fds); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
138 c = select(target_fd+1, &fds, 0, 0, 0); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
139 time(&logtime); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
140 if (c < 0) { |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
141 if (errno == EINTR) |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
142 continue; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
143 perror("select"); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
144 exit(1); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
145 } |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
146 if (FD_ISSET(target_fd, &fds)) |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
147 process_serial_rx(); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
148 } |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
149 } |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
150 |
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
151 static void |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
152 handle_etm_response() |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
153 { |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
154 char msgbuf[80]; |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
155 |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
156 if (rxpkt_len != 4 || rxpkt[1] != 0x40 || rxpkt[2] || rxpkt[3] != 0x40){ |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
157 output_line("ETM response differs from expected"); |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
158 return; |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
159 } |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
160 sprintf(msgbuf, "Sending stack smash write at 0x%x", stack_smash_addr); |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
161 output_line(msgbuf); |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
162 send_compal_memwrite(stack_smash_addr, stack_smash_payload, 4); |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
163 stack_smash_addr += 4; |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
164 } |
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
165 |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
166 handle_rx_packet() |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
167 { |
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
168 if (rxpkt_len == 2 && rxpkt[0] == 'O' && rxpkt[1] == 'K') { |
418
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
169 output_line( |
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
170 "Success: target should now be in boot ROM download wait"); |
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
171 printf("You can now run fc-loadtool -h compal -c none %s\n", |
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
172 target_tty_port); |
a9bf3e92a30c
tfc139: clean exit on success
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
361
diff
changeset
|
173 exit(0); |
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
174 } |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
175 switch (rxpkt[0]) { |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
176 case RVT_RV_HEADER: |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
177 if (rxpkt_len < 6) |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
178 goto unknown; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
179 print_rv_trace(); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
180 return; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
181 case RVT_L1_HEADER: |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
182 print_l1_trace(); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
183 return; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
184 case RVT_L23_HEADER: |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
185 print_g23_trace(); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
186 return; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
187 case RVT_TM_HEADER: |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
188 print_etm_output_raw(); |
360
f9d78057d766
tfc139 hack works!
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
359
diff
changeset
|
189 handle_etm_response(); |
359
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
190 return; |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
191 default: |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
192 unknown: |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
193 print_unknown_packet(); |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
194 } |
144b5d222de8
tfc139 hack utility started, compiles
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
195 } |