hardsploit_gui 2.2 → 2.3

data/lib/HardsploitAPI/README.md

@@ -1,22 +0,0 @@
-# Hardsploit
-
-    The essential security auditing tool for Internet of Things devices you'll need in your toolbox
-
-### [GO TO HARDSPLOIT](http://www.hardsploit.io)
-
-    TO LEARN ABOUT IT
-
-### [GO TO SHOP](https://www.shop-hardsploit.com)
-    TO BUY
-
-### [GO TO WIKI](https://github.com/OPALESECURITY/hardsploit-api/wiki)
-
-    TO UNDERSTAND HOW USE IT
-
-### [GO TO FORUM](http://forum.hardsploit.io)
-
-    FOR SUPPORT / HELP
-
-### [GO TO BUG TRACKER](https://github.com/OPALESECURITY/hardsploit-api/issues)
-
-    FOR BUGS OR IMPROVEMENTS

data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD.rb

@@ -1,249 +0,0 @@
-#!/usr/bin/ruby
-#===================================================
-#  Hardsploit API - By Opale Security
-#  www.opale-security.com || www.hardsploit.io
-#  License: GNU General Public License v3
-#  License URI: http://www.gnu.org/licenses/gpl.txt
-#===================================================
-require_relative 'HardsploitAPI_SWD_DEBUG'
-require_relative 'HardsploitAPI_SWD_STM32'
-
-class HardsploitAPI
-attr_accessor :debugPort
-attr_accessor :stm32
-
-	def runSWD
-		@debugPort = SWD_DEBUG_PORT.new(self)
-		@stm32     = SWD_STM32.new(debugPort)
-
-		resetSWD()
-		#  Cortex M4 0x410FC241
-		#  Cortex M3 0x411FC231
-	end
-
-	def obtainCodes
-		resetSWD()
-		code = {
-		  :DebugPortId => debugPort.idcode(),
-		  :AccessPortId => stm32.ahb.idcode(),
-		  :CpuId => stm32.ahb.readWord(0xE000ED00),
-			:DeviceId => stm32.ahb.readWord(0x1FFFF7E8)
-		}
-		return code
-	end
-
-
-	def writeFlash(path)
-		resetSWD()
-		dataWrite = IO.binread(path)
-	  dataWrite = dataWrite.unpack("C*")
-		puts "Halting Processor"
-		stm32.halt()
-		puts "Erasing Flash"
-		stm32.flashUnlock()
-		stm32.flashErase()
-		puts "Programming Flash"
-		stm32.flashProgram()
-		time = Time.new
-		stm32.flashWrite(0x08000000, dataWrite)
-		time = Time.new - time
-		puts "Write #{((dataWrite.size/time)).round(2)}Bytes/s #{(dataWrite.size)}Bytes in  #{time.round(4)} s"
-		stm32.flashProgramEnd()
-		puts "Resetting"
-		stm32.sysReset()
-		puts "Start"
-		stm32.unhalt
-	end
-
-	def eraseFlash
-		puts 'Erase'
-		stm32.flashErase()
-	end
-
-	def dumpFlash(path)
-		resetSWD()
-		#DUMP FLASH MEMORY TO A FILE
-		@stm32.halt
-	  flash_size = (stm32.ahb.readWord(0x1ffff7e0) & 0xFFFF)
-		puts "Flash size : #{(flash_size) } KB"
-		puts "Dump flash"
-	  time = Time.new
-		data = @stm32.flashRead(0x08000000,(flash_size*1024))
-		time = Time.new - time
-		puts "DUMP #{((data.size/time)).round(2)}Bytes/s #{(data.size)}Bytes in  #{time.round(4)} s"
-		IO.binwrite(path, data.pack('C*'))
-		puts "Finish dump"
-	end
-
-	def writeSWD(ap,register,data)
-		packet = Array.new
-		packet.push 0  #low byte of lenght of trame refresh automaticly before send by usb
-		packet.push 0  #high byte of lenght of trame refresh automaticly before send by usb
-		packet.push HardsploitAPI.lowByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-		packet.push HardsploitAPI.highByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-
-		packet.push 0x50 #Command RAW COMMUNICATION TO FPGA FIFO
-
-		packet.push 0x10 #Write mode
-
-		packet.push (calcOpcode(ap, register, false)) #Send Request
-
-		packet.push  ((data & 0xFF) >> 0)
-		packet.push  ((data & 0xFF00) >> 8 )
-		packet.push  ((data & 0xFF0000) >> 16 )
-		packet.push  ((data & 0xFF000000) >> 24 )
-
-		result = sendAndReceiveDATA(packet,1000)
-
-		if result.class == Array then
-				if result.size == 1 + 4 then #receive ACK
-					if result[4] == 1 then
-							return true
-					elsif result[4] == 2 then
-							raise "WAIT response"
-					elsif result[4] == 4 then
-						  raise "FAULT response"
-					else
-							raise "WRITE ERROR #{result[4]}"
-					end
-				else
-					raise "Error during writing}"
-				end
-		else # Receive and error
-			raise "Error during writing, timeout "
-		end
-
-		return false
-	end
-
-	def writeBlockAP(data)
-		if data.size > 8000 then
-			raise "data is too big > 8000"
-		end
-
-		packet = Array.new
-		packet.push 0  #low byte of lenght of trame refresh automaticly before send by usb
-		packet.push 0  #high byte of lenght of trame refresh automaticly before send by usb
-		packet.push HardsploitAPI.lowByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-		packet.push HardsploitAPI.highByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-
-		packet.push 0x50 #Command RAW COMMUNICATION TO FPGA FIFO
-		packet.push 0xBB #Write ap
-		packet.push *data
-
-		result = sendAndReceiveDATA(packet,1000)
-		if result.class == Array then
-				if result.size == 1 + 4 then #receive ACK
-					if result[4] == 1 then
-							return true
-					elsif result[4] == 2 then
-							raise "WAIT response"
-					elsif result[4] == 4 then
-						  raise "FAULT response"
-					else
-							raise "WRITE ERROR #{result[4]}"
-					end
-				else
-					raise "Error during writing"
-				end
-		else # Receive and error
-			raise "Error during writing, timeout "
-		end
-			return false
-	end
-
-
-	def readBlockAP(size)
-		packet = Array.new
-		packet.push 0  #low byte of lenght of trame refresh automaticly before send by usb
-		packet.push 0  #high byte of lenght of trame refresh automaticly before send by usb
-		packet.push HardsploitAPI.lowByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-		packet.push HardsploitAPI.highByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-
-		packet.push 0x50 #Command RAW COMMUNICATION TO FPGA FIFO
-
-		packet.push 0xAA #Read mode
-		packet.push HardsploitAPI.lowByte(size)
-		packet.push HardsploitAPI.highByte(size)
-
-		result = sendAndReceiveDATA(packet,1000)
-		 if result.class == Array then
-		 		if result.size >= 4   then #Receive read + 4bytes for header
-		 			return result.drop(4)
-				else
-					raise "Receive just Header where is the data ? "
-		 		end
-		 else # Receive and error
-		 		raise "Error during reading  timeout or ACK issue "
-		 end
-	end
-
-	def readSWD(ap,register)
-		packet = Array.new
-		packet.push 0  #low byte of lenght of trame refresh automaticly before send by usb
-		packet.push 0  #high byte of lenght of trame refresh automaticly before send by usb
-		packet.push HardsploitAPI.lowByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-		packet.push HardsploitAPI.highByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-
-		packet.push 0x50 #Command RAW COMMUNICATION TO FPGA FIFO
-
-		packet.push 0x11 #Read mode
-		packet.push(calcOpcode(ap,register, true)) #Send Request
-
-		result = sendAndReceiveDATA(packet,1000)
-		 if result.class == Array then
-		 		if result.size == 4 + 4  then #Receive read + 4bytes for header
-		 			convert = (result[7]  << 24)  + (result[6]  << 16) + (result[5]  << 8 ) + result[4]
-		 			return convert
-		 		elsif result.size == 4+1 then #receive ACK
-					raise "Read error  ACK : #{result[4]}"
-		 		else
-		 			raise "Error during reading"
-		 		end
-		 else # Receive and error
-		 	raise "Error during reading  timeout "
-		 end
-	end
-
-
-	#Return array with 1 byte for ACK
-	#Return 32bits integer for data read here is Core ID
-	#Raise if error
-	def resetSWD
-		packet = Array.new
-		packet.push 0  #low byte of lenght of trame refresh automaticly before send by usb
-		packet.push 0  #high byte of lenght of trame refresh automaticly before send by usb
-		packet.push HardsploitAPI.lowByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-		packet.push HardsploitAPI.highByte(HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
-
-		packet.push 0x50 #Command RAW COMMUNICATION TO FPGA FIFO
-
-		packet.push 0x00 #Reset mode
-
-		result = sendAndReceiveDATA(packet,1000)
-		if result.class == Array then
-				if result.size == 4 + 4  then #Receive read + 4bytes for header
-					convert = (result[7]  << 24)  + (result[6]  << 16) + (result[5]  << 8 ) + result[4]
-					return convert
-				elsif result.size == 4 +1 then #reveice ACK
-					raise "ERROR ACK #{result[4]}"
-				else
-					raise "Error during reading ICCODE result != 4"
-				end
-		else # Receive and error
-			raise "Error during reading ICCODE timeout "
-		end
-	end
-
-
-	def calcOpcode (ap, register, read)
-			opcode = 0x00
-			(ap ? opcode |= 0x40 : opcode |= 0x00)
-			(read ? opcode |= 0x20 : opcode |= 0x00)
-			opcode = opcode | ((register & 0x01) << 4) | ((register & 0x02) << 2) #Addr AP DP  bit 2..3
-			opcode = opcode | (((opcode & 0x78).to_s(2).count('1').odd? ? 1 : 0) << 2)  #0x78 mask to take only read ap and register to process parity bit
-			opcode = opcode | 0x81 #Start and Park Bit
-			#puts "OpCode #{opcode.to_s(16)}"
-			return opcode
-	end
-end

data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD_DEBUG.rb

@@ -1,102 +0,0 @@
-#!/usr/bin/ruby
-#===================================================
-#  Hardsploit API - By Opale Security
-#  www.opale-security.com || www.hardsploit.io
-#  License: GNU General Public License v3
-#  License URI: http://www.gnu.org/licenses/gpl.txt
-#===================================================
-class SWD_DEBUG_PORT
-
-	def initialize(hardAPI)
-		@HardAPI = hardAPI
-		@HardAPI.startFPGA
-		sleep(0.5)
-		@HardAPI.resetSWD
-		# read the IDCODE
-		# if HardAPI.resetSWD() != 0x1ba01477 then
-		#  		raise "warning: unexpected idcode"
-		# else
-		#  		puts "MCU DETECTED"
-		# end
-		abort(1,1,1,1,1)
-		select(0,0)
-		# power shit up
-		puts "Power shit up"
-		@HardAPI.writeSWD(FALSE, 1, 0x54000000)
-		if (status() >> 24) != 0xF4 then
-		 		raise "error powering up system"
-				exit(0)
-		else
-			puts "POWERING UP SYTEM OK"
-		end
-		#get the SELECT register to a known state
-		select(0,0)
-		@curAP = 0
-		@curBank = 0
-	end
-
-	def getAPI
-		return @HardAPI
-	end
-
-	def idcode
-			return @HardAPI.readSWD(FALSE, 0)
-	end
-
-	def abort (orunerr, wdataerr, stickyerr, stickycmp, dap)
-			value = 0x00000000
-			(orunerr ? value |= 0x10 : value |= 0x00)
-			(wdataerr ? value |= 0x08 : value |= 0x00)
-			(stickyerr ? value |= 0x04 : value |= 0x00)
-			(stickycmp ? value |= 0x02 : value |= 0x00)
-			(dap ? value |= 0x01 : value |= 0x00)
-			@HardAPI.writeSWD(FALSE, 0, value)
-	end
-
-	def status
-			val= @HardAPI.readSWD(FALSE,1)
-			return val
-	end
-
-	def control (trnCount = 0, trnMode = 0, maskLane = 0, orunDetect = 0)
-			value = 0x54000000
-			value = value | ((trnCount & 0xFFF) << 12)
-			value = value | ((maskLane & 0x00F) << 8)
-			value = value | ((trnMode  & 0x003) << 2)
-			(orunDetect ? value |= 0x01 : value |= 0x00)
-			@HardAPI.writeSWD(False, 1, value)
-	end
-
-	def select (apsel, apbank)
-			value = 0x00000000
-			value = value | ((apsel  & 0xFF) << 24)
-			value = value | ((apbank & 0x0F) <<  4)
-			@HardAPI.writeSWD(FALSE, 2, value)
-	end
-
-
-	def readRB
-			return @HardAPI.readSWD(FALSE, 3)
-	end
-	def readAP ( apsel, address)
-			adrBank = (address >> 4) & 0xF
-			adrReg  = (address >> 2) & 0x3
-			if apsel != @curAP or adrBank != @curBank then
-					select(apsel, adrBank)
-					@curAP = apsel
-					@curBank = adrBank
-			end
-			return @HardAPI.readSWD(TRUE, adrReg)
-	end
-
-	def writeAP (apsel, address, data)
-			adrBank = (address >> 4) & 0xF
-			adrReg  = (address >> 2) & 0x3
-			if apsel != @curAP or adrBank != @curBank then
-					select(apsel, adrBank)
-					@curAP = apsel
-					@curBank = adrBank
-			end
-		@HardAPI.writeSWD(TRUE, adrReg, data)
-	 end
-end

data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD_MEM_AP.rb

@@ -1,78 +0,0 @@
-#!/usr/bin/ruby
-#===================================================
-#  Hardsploit API - By Opale Security
-#  www.opale-security.com || www.hardsploit.io
-#  License: GNU General Public License v3
-#  License URI: http://www.gnu.org/licenses/gpl.txt
-#===================================================
-
-class SWD_MEM_AP
-
-	def initialize( dp, apsel)
-		@dp = dp
-		@apsel = apsel
-		csw(1,2) # 32-bit auto-incrementing addressing
-	end
-
-  def csw ( addrInc, size)
-      @dp.readAP(@apsel, 0x00)
-      val = @dp.readRB() & 0xFFFFFF00
-			@dp.writeAP(@apsel, 0x00, val + (addrInc << 4) + size)
-	end
-  def idcode
-      @dp.readAP(@apsel, 0xFC)
-      return @dp.readRB()
-	end
-  def readWord (adr)
-      @dp.writeAP(@apsel, 0x04, adr)
-      @dp.readAP(@apsel, 0x0C)
-      return @dp.readRB()
-	end
-  def writeWord (adr, data)
-      @dp.writeAP(@apsel, 0x04, adr)
-      @dp.writeAP(@apsel, 0x0C, data)
-      return @dp.readRB()
-	end
-  def readBlock ( adr, count)#1K boundaries and return 4K of data word alignement
-			if count < 1 then
-				raise "readBlock error : count must be >= 1"
-			end
-			if count > 1024 then
-				raise "readBlock error : count must be <= 1024 "
-			end
-			csw(1, 2) # 32-bit single-incrementing addressing
-			@dp.writeAP(@apsel, 0x04, adr)
-			vals = Array.new
-			@dp.readAP(@apsel, 0x0C) #For the first byte
-			vals.push(*@dp.getAPI.readBlockAP(count-1))  #Hardcoded function to increase speed of read block
-      return vals
-	end
-
-	# def writeBlockNonInc (adr, data)
-	#  		self.csw(0, 2) # 32-bit non-incrementing addressing
-	#  		for val in data
-	# 			@dp.writeAP(@apsel, 0x04, adr)
-	# 			@dp.writeAP(@apsel, 0x0C, val)
-	# 		end
-	# 		self.csw(1, 2) # 32-bit auto-incrementing addressing
-	# end
-
-	def writeBlock (adr, data) #1K boundaries
-    @dp.writeAP(@apsel, 0x04, adr)
-		puts "writeBlock #{adr.to_s(16)}"
-
-		@dp.getAPI.writeBlockAP(data)
-		# for i in (0..data.size-1).step(4)
-		# 		@dp.writeAP(@apsel, 0x0C, data[i].to_i + (data[i+1].to_i << 8) + (data[i+2].to_i << 16)+ (data[i+3].to_i << 24))
-		# end
-	end
-
-  def writeHalfs (adr, data)
-      self.csw(2, 1) # 16-bit packed-incrementing addressing
-      @dp.writeAP(@apsel, 0x04, adr)
-      for val in data
-          sleep(0.001)
-          @dp.writeAP(@apsel, 0x0C, val)
-			end
-	end
-end