├── LICENSE ├── README.md ├── bootloaders ├── .DS_Store ├── huawei_p8 │ └── fastboot.img ├── nexus_9 │ └── hboot.img ├── qualcomm_lk │ ├── lk_latest │ └── lk_unpatched └── xperia_xa │ ├── lk.img │ ├── lk_trim.img │ └── mkimage ├── config ├── config.hboot ├── config.huawei ├── config.qualcomm.patch ├── config.qualcomm.unpatch ├── config.sample └── config.xperia ├── docker └── Dockerfile ├── evaluation ├── .DS_Store ├── huawei_p8 │ ├── taint_analysis.txt │ ├── taint_analysis_filtered.txt │ ├── taint_info.txt │ └── taint_info.txt_post ├── nexus_9 │ ├── taint_analysis.txt │ ├── taint_analysis_filtered.txt │ └── taint_info.txt ├── qualcomm_lk │ ├── .DS_Store │ ├── latest │ │ ├── taint_analysis.txt │ │ └── taint_info.txt │ └── unpatched │ │ ├── taint_analysis.txt │ │ ├── taint_analysis_filtered.txt │ │ └── taint_info.txt └── xperia_xa │ ├── taint_analysis.txt │ └── taint_info.txt ├── taint_analysis ├── __init__.py ├── _coretaint.py ├── analyze_ast.py ├── bootloadertaint.py ├── coverage_test.py ├── find_function_size.py ├── find_instr.py ├── find_taint.py ├── find_taint_sinks.py ├── find_taint_sources.py ├── helper.py ├── path_analysis.py ├── result_pretty_print.py ├── summary_functions.py ├── traverse_ast.py └── unlock_checker.py └── tools ├── README.md ├── bootsplitter └── bootsplitter.py └── huawei_tools ├── README.md ├── dump_nvme.py ├── dump_oeminfo.py ├── huawei_p8backup ├── actual_oeminfo.img ├── ale_23_backup │ └── fresh_nvme.img ├── nvme.img └── oeminfo_root_type_modified.img └── oeminfo_exploit.py /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/README.md -------------------------------------------------------------------------------- /bootloaders/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/bootloaders/.DS_Store -------------------------------------------------------------------------------- /bootloaders/huawei_p8/fastboot.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/bootloaders/huawei_p8/fastboot.img -------------------------------------------------------------------------------- /bootloaders/nexus_9/hboot.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/bootloaders/nexus_9/hboot.img -------------------------------------------------------------------------------- /bootloaders/qualcomm_lk/lk_latest: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/bootloaders/qualcomm_lk/lk_latest -------------------------------------------------------------------------------- /bootloaders/qualcomm_lk/lk_unpatched: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/bootloaders/qualcomm_lk/lk_unpatched -------------------------------------------------------------------------------- /bootloaders/xperia_xa/lk.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/bootloaders/xperia_xa/lk.img -------------------------------------------------------------------------------- /bootloaders/xperia_xa/lk_trim.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/bootloaders/xperia_xa/lk_trim.img -------------------------------------------------------------------------------- /bootloaders/xperia_xa/mkimage: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/bootloaders/xperia_xa/mkimage -------------------------------------------------------------------------------- /config/config.hboot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/config/config.hboot -------------------------------------------------------------------------------- /config/config.huawei: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/config/config.huawei -------------------------------------------------------------------------------- /config/config.qualcomm.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/config/config.qualcomm.patch -------------------------------------------------------------------------------- /config/config.qualcomm.unpatch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/config/config.qualcomm.unpatch -------------------------------------------------------------------------------- /config/config.sample: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/config/config.sample -------------------------------------------------------------------------------- /config/config.xperia: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/config/config.xperia -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM badnack/bootstomp -------------------------------------------------------------------------------- /evaluation/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/.DS_Store -------------------------------------------------------------------------------- /evaluation/huawei_p8/taint_analysis.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/huawei_p8/taint_analysis.txt -------------------------------------------------------------------------------- /evaluation/huawei_p8/taint_analysis_filtered.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/huawei_p8/taint_analysis_filtered.txt -------------------------------------------------------------------------------- /evaluation/huawei_p8/taint_info.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/huawei_p8/taint_info.txt -------------------------------------------------------------------------------- /evaluation/huawei_p8/taint_info.txt_post: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/huawei_p8/taint_info.txt_post -------------------------------------------------------------------------------- /evaluation/nexus_9/taint_analysis.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/nexus_9/taint_analysis.txt -------------------------------------------------------------------------------- /evaluation/nexus_9/taint_analysis_filtered.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/nexus_9/taint_analysis_filtered.txt -------------------------------------------------------------------------------- /evaluation/nexus_9/taint_info.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/nexus_9/taint_info.txt -------------------------------------------------------------------------------- /evaluation/qualcomm_lk/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/qualcomm_lk/.DS_Store -------------------------------------------------------------------------------- /evaluation/qualcomm_lk/latest/taint_analysis.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/qualcomm_lk/latest/taint_analysis.txt -------------------------------------------------------------------------------- /evaluation/qualcomm_lk/latest/taint_info.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/qualcomm_lk/latest/taint_info.txt -------------------------------------------------------------------------------- /evaluation/qualcomm_lk/unpatched/taint_analysis.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/qualcomm_lk/unpatched/taint_analysis.txt -------------------------------------------------------------------------------- /evaluation/qualcomm_lk/unpatched/taint_analysis_filtered.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/qualcomm_lk/unpatched/taint_analysis_filtered.txt -------------------------------------------------------------------------------- /evaluation/qualcomm_lk/unpatched/taint_info.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/qualcomm_lk/unpatched/taint_info.txt -------------------------------------------------------------------------------- /evaluation/xperia_xa/taint_analysis.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/xperia_xa/taint_analysis.txt -------------------------------------------------------------------------------- /evaluation/xperia_xa/taint_info.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/evaluation/xperia_xa/taint_info.txt -------------------------------------------------------------------------------- /taint_analysis/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /taint_analysis/_coretaint.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/_coretaint.py -------------------------------------------------------------------------------- /taint_analysis/analyze_ast.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/analyze_ast.py -------------------------------------------------------------------------------- /taint_analysis/bootloadertaint.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/bootloadertaint.py -------------------------------------------------------------------------------- /taint_analysis/coverage_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/coverage_test.py -------------------------------------------------------------------------------- /taint_analysis/find_function_size.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/find_function_size.py -------------------------------------------------------------------------------- /taint_analysis/find_instr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/find_instr.py -------------------------------------------------------------------------------- /taint_analysis/find_taint.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/find_taint.py -------------------------------------------------------------------------------- /taint_analysis/find_taint_sinks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/find_taint_sinks.py -------------------------------------------------------------------------------- /taint_analysis/find_taint_sources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/find_taint_sources.py -------------------------------------------------------------------------------- /taint_analysis/helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/helper.py -------------------------------------------------------------------------------- /taint_analysis/path_analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/path_analysis.py -------------------------------------------------------------------------------- /taint_analysis/result_pretty_print.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/result_pretty_print.py -------------------------------------------------------------------------------- /taint_analysis/summary_functions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/summary_functions.py -------------------------------------------------------------------------------- /taint_analysis/traverse_ast.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/traverse_ast.py -------------------------------------------------------------------------------- /taint_analysis/unlock_checker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/taint_analysis/unlock_checker.py -------------------------------------------------------------------------------- /tools/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/README.md -------------------------------------------------------------------------------- /tools/bootsplitter/bootsplitter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/bootsplitter/bootsplitter.py -------------------------------------------------------------------------------- /tools/huawei_tools/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/huawei_tools/README.md -------------------------------------------------------------------------------- /tools/huawei_tools/dump_nvme.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/huawei_tools/dump_nvme.py -------------------------------------------------------------------------------- /tools/huawei_tools/dump_oeminfo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/huawei_tools/dump_oeminfo.py -------------------------------------------------------------------------------- /tools/huawei_tools/huawei_p8backup/actual_oeminfo.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/huawei_tools/huawei_p8backup/actual_oeminfo.img -------------------------------------------------------------------------------- /tools/huawei_tools/huawei_p8backup/ale_23_backup/fresh_nvme.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/huawei_tools/huawei_p8backup/ale_23_backup/fresh_nvme.img -------------------------------------------------------------------------------- /tools/huawei_tools/huawei_p8backup/nvme.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/huawei_tools/huawei_p8backup/nvme.img -------------------------------------------------------------------------------- /tools/huawei_tools/huawei_p8backup/oeminfo_root_type_modified.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/huawei_tools/huawei_p8backup/oeminfo_root_type_modified.img -------------------------------------------------------------------------------- /tools/huawei_tools/oeminfo_exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/BootStomp/HEAD/tools/huawei_tools/oeminfo_exploit.py --------------------------------------------------------------------------------