hardsploit_gui 2.2 → 2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/hardsploit_gui +2 -2
- data/lib/{Firmware → Firmwares}/FPGA/I2C/I2C_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_I2C_INTERACT.rpd +0 -0
- data/lib/{Firmware/FPGA/SWD/SWD_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SWD_INTERACT.rpd → Firmwares/FPGA/PARALLEL/NO_MUX_PARALLEL_MEMORY/HARDSPLOIT_FIRMWARE_FPGA_NO_MUX_PARALLEL_MEMORY.rpd} +0 -0
- data/lib/Firmwares/FPGA/SPI/SPI_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SPI_INTERACT.rpd +0 -0
- data/lib/{Firmware/FPGA/SPI/SPI_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SPI_INTERACT.rpd → Firmwares/FPGA/SPI/SPI_SNIFFER/HARDSPLOIT_FIRMWARE_FPGA_SPI_SNIFFER.rpd} +0 -0
- data/lib/Firmwares/FPGA/SWD/SWD_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SWD_INTERACT.rpd +0 -0
- data/lib/{Firmware → Firmwares}/FPGA/TEST/TEST_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_TEST_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/UART/UART_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_UART_INTERACT.rpd +0 -0
- data/lib/{Firmware → Firmwares}/FPGA/VersionFPGA.rb +1 -1
- data/lib/{Firmware → Firmwares}/UC/HARDSPLOIT_FIRMWARE_UC.bin +0 -0
- data/lib/{Firmware → Firmwares}/UC/VersionUC.rb +1 -1
- data/lib/HardsploitAPI/Core/HardsploitAPI.rb +210 -0
- data/lib/HardsploitAPI/Core/HardsploitAPI_CONSTANT.rb +150 -0
- data/lib/HardsploitAPI/Core/HardsploitAPI_ERROR.rb +109 -0
- data/lib/HardsploitAPI/Core/HardsploitAPI_FIRMWARE.rb +305 -0
- data/lib/HardsploitAPI/{HardsploitAPI_PROGRESS.rb → Core/HardsploitAPI_PROGRESS.rb} +0 -0
- data/lib/HardsploitAPI/Core/HardsploitAPI_USB_COMMUNICATION.rb +166 -0
- data/lib/HardsploitAPI/Modules/I2C/HardsploitAPI_I2C.rb +356 -0
- data/lib/HardsploitAPI/{HardsploitAPI_NO_MUX_PARALLELE_MEMORY.rb → Modules/NO_MUX_PARALLEL_MEMORY/HardsploitAPI_NO_MUX_PARALLEL_MEMORY.rb} +26 -49
- data/lib/HardsploitAPI/Modules/NRF24L01/HardsploitAPI_NRF24L01.rb +306 -0
- data/lib/HardsploitAPI/Modules/SPI/HardsploitAPI_SPI.rb +340 -0
- data/lib/HardsploitAPI/Modules/SPI_SNIFFER/HardsploitAPI_SPI_SNIFFER.rb +83 -0
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD.rb +367 -0
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_DEBUG.rb +89 -0
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_MEM_AP.rb +61 -0
- data/lib/HardsploitAPI/{SWD → Modules/SWD}/HardsploitAPI_SWD_STM32.rb +32 -15
- data/lib/HardsploitAPI/{HardsploitAPI_TEST_INTERACT.rb → Modules/TEST/HardsploitAPI_TEST_INTERACT.rb} +1 -1
- data/lib/HardsploitAPI/Modules/UART/HardsploitAPI_UART.rb +196 -0
- data/lib/Hardsploit_gui.rb +96 -0
- data/lib/class/Chip_editor.rb +186 -330
- data/lib/class/Chip_management.rb +496 -0
- data/lib/class/Command_editor.rb +130 -182
- data/lib/class/Command_table.rb +16 -22
- data/lib/class/Console.rb +0 -2
- data/lib/class/ErrorMsg.rb +312 -0
- data/lib/class/Export.rb +140 -0
- data/lib/class/Export_manager.rb +43 -43
- data/lib/class/Firmware.rb +52 -11
- data/lib/class/Generic_commands.rb +180 -190
- data/lib/class/Import.rb +193 -0
- data/lib/class/Progress_bar.rb +1 -0
- data/lib/class/Signal_mapper.rb +120 -0
- data/lib/class/Wire_helper.rb +132 -148
- data/lib/class/{I2C → i2c}/I2c_command.rb +16 -13
- data/lib/class/i2c/I2c_export.rb +95 -0
- data/lib/class/i2c/I2c_import.rb +117 -0
- data/lib/class/i2c/I2c_scanner.rb +114 -0
- data/lib/class/i2c/I2c_settings.rb +148 -0
- data/lib/class/parallel/Parallel_export.rb +118 -0
- data/lib/class/parallel/Parallel_import.rb +113 -0
- data/lib/class/parallel/Parallel_settings.rb +81 -0
- data/lib/class/spi/Spi_export.rb +108 -0
- data/lib/class/spi/Spi_import.rb +159 -0
- data/lib/class/spi/Spi_settings.rb +108 -0
- data/lib/class/spi/Spi_sniffer.rb +101 -0
- data/lib/class/swd/Swd.rb +125 -0
- data/lib/class/swd/Swd_scanner.rb +121 -0
- data/lib/class/swd/Swd_settings.rb +76 -0
- data/lib/class/uart/Uart_baudrate.rb +62 -0
- data/lib/class/uart/Uart_console.rb +115 -0
- data/lib/class/uart/Uart_settings.rb +102 -0
- data/lib/db/associations.rb +42 -29
- data/lib/db/database.rb +4 -0
- data/lib/db/development.sqlite3 +0 -0
- data/lib/db/migrate/004_create_manufacturers.rb +13 -0
- data/lib/db/migrate/005_create_packages.rb +13 -0
- data/lib/db/migrate/006_create_chip_types.rb +11 -0
- data/lib/db/migrate/007_create_buses.rb +11 -0
- data/lib/db/migrate/008_create_signals.rb +14 -0
- data/lib/db/migrate/009_create_chips.rb +25 -0
- data/lib/db/migrate/010_create_commands.rb +21 -0
- data/lib/db/migrate/011_create_bytes.rb +19 -0
- data/lib/db/migrate/012_create_i2c_settings.rb +21 -0
- data/lib/db/migrate/013_create_spi_settings.rb +26 -0
- data/lib/db/migrate/014_create_parallel_settings.rb +21 -0
- data/lib/db/migrate/015_create_pins.rb +19 -0
- data/lib/db/migrate/016_create_uses.rb +17 -0
- data/lib/db/migrate/017_create_swd_settings.rb +19 -0
- data/lib/db/migrate/018_create_uart_settings.rb +22 -0
- data/lib/db/schema.rb +157 -0
- data/lib/db/seeds.rb +161 -0
- data/lib/gui/gui_chip_editor.rb +23 -22
- data/lib/gui/gui_chip_management.rb +43 -38
- data/lib/gui/gui_command_editor.rb +2 -1
- data/lib/gui/gui_export.rb +132 -0
- data/lib/gui/gui_generic_commands.rb +69 -31
- data/lib/gui/gui_generic_export.rb +18 -2
- data/lib/gui/gui_generic_import.rb +18 -2
- data/lib/gui/gui_i2c_command.rb +2 -1
- data/lib/gui/gui_i2c_settings.rb +2 -2
- data/lib/gui/gui_import.rb +131 -0
- data/lib/gui/gui_parallel_settings.rb +2 -1
- data/lib/gui/gui_progress_bar.rb +2 -1
- data/lib/gui/gui_signal_mapper.rb +121 -0
- data/lib/gui/gui_signal_scanner.rb +146 -0
- data/lib/gui/gui_spi_settings.rb +6 -2
- data/lib/gui/gui_spi_sniffer.rb +112 -0
- data/lib/gui/gui_swd_settings.rb +166 -0
- data/lib/gui/gui_uart_baudrate.rb +114 -0
- data/lib/gui/gui_uart_console.rb +164 -0
- data/lib/gui/gui_uart_settings.rb +243 -0
- data/lib/gui_designer/gui_chip_editor.ui +9 -6
- data/lib/gui_designer/gui_chip_management.ui +79 -35
- data/lib/gui_designer/gui_command_editor.ui +3 -0
- data/lib/gui_designer/gui_export.ui +171 -0
- data/lib/gui_designer/gui_generic_commands.ui +274 -190
- data/lib/gui_designer/gui_generic_export.ui +24 -1
- data/lib/gui_designer/gui_generic_import.ui +25 -2
- data/lib/gui_designer/gui_i2c_command.ui +3 -0
- data/lib/gui_designer/gui_i2c_settings.ui +2 -2
- data/lib/gui_designer/gui_import.ui +168 -0
- data/lib/gui_designer/gui_parallel_settings.ui +4 -1
- data/lib/gui_designer/gui_progress_bar.ui +3 -0
- data/lib/gui_designer/gui_signal_mapper.ui +179 -0
- data/lib/gui_designer/gui_signal_scanner.ui +261 -0
- data/lib/gui_designer/gui_spi_settings.ui +15 -2
- data/lib/gui_designer/gui_spi_sniffer.ui +156 -0
- data/lib/gui_designer/gui_swd_settings.ui +189 -0
- data/lib/gui_designer/gui_uart_baudrate.ui +161 -0
- data/lib/gui_designer/gui_uart_console.ui +284 -0
- data/lib/gui_designer/gui_uart_settings.ui +280 -0
- data/lib/logs/error.log +63 -0
- data/lib/models/bus.rb +19 -0
- data/lib/models/byte.rb +29 -0
- data/lib/models/chip.rb +41 -0
- data/lib/models/chip_type.rb +14 -0
- data/lib/models/command.rb +20 -0
- data/lib/models/i2c_setting.rb +41 -0
- data/lib/models/manufacturer.rb +14 -0
- data/lib/models/package.rb +26 -0
- data/lib/models/parallel_setting.rb +37 -0
- data/lib/models/pin.rb +14 -0
- data/lib/models/signall.rb +20 -0
- data/lib/models/spi_setting.rb +67 -0
- data/lib/models/swd_setting.rb +25 -0
- data/lib/models/uart_setting.rb +52 -0
- data/lib/models/use.rb +6 -0
- data/lib/startHardsploit.rb +2 -2
- metadata +106 -41
- data/lib/Firmware/FPGA/PARALLEL/NO_MUX_PARALLEL_MEMORY/HARDSPLOIT_FIRMWARE_FPGA_NO_MUX_PARALLEL_MEMORY.rpd +0 -0
- data/lib/HardsploitAPI/HardsploitAPI.rb +0 -133
- data/lib/HardsploitAPI/HardsploitAPI_CONSTANT.rb +0 -145
- data/lib/HardsploitAPI/HardsploitAPI_ERROR.rb +0 -38
- data/lib/HardsploitAPI/HardsploitAPI_FIRMWARE.rb +0 -311
- data/lib/HardsploitAPI/HardsploitAPI_I2C.rb +0 -360
- data/lib/HardsploitAPI/HardsploitAPI_SPI.rb +0 -369
- data/lib/HardsploitAPI/HardsploitAPI_USB_COMMUNICATION.rb +0 -148
- data/lib/HardsploitAPI/LICENSE.txt +0 -674
- data/lib/HardsploitAPI/README.md +0 -22
- data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD.rb +0 -249
- data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD_DEBUG.rb +0 -102
- data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD_MEM_AP.rb +0 -78
- data/lib/HardsploitAPI/TRADEMARK +0 -3
- data/lib/class/HardsploitGUI.rb +0 -463
- data/lib/class/I2C/I2c_export.rb +0 -118
- data/lib/class/I2C/I2c_import.rb +0 -79
- data/lib/class/I2C/I2c_settings.rb +0 -129
- data/lib/class/PARALLEL/Parallel_export.rb +0 -146
- data/lib/class/PARALLEL/Parallel_import.rb +0 -88
- data/lib/class/PARALLEL/Parallel_settings.rb +0 -102
- data/lib/class/SPI/Spi_export.rb +0 -138
- data/lib/class/SPI/Spi_import.rb +0 -113
- data/lib/class/SPI/Spi_settings.rb +0 -134
- data/lib/db/hs.db +0 -0
- data/lib/hardsploit.rb +0 -131
@@ -0,0 +1,83 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
|
9
|
+
require_relative '../../Core/HardsploitAPI'
|
10
|
+
class HardsploitAPI_SPI_SNIFFER
|
11
|
+
public
|
12
|
+
|
13
|
+
def initialize(mode:,sniff:)
|
14
|
+
#to be sure the singleton was initialize
|
15
|
+
HardsploitAPI.instance.connect
|
16
|
+
self.mode=mode
|
17
|
+
self.sniff=sniff
|
18
|
+
spi_SetSettings
|
19
|
+
end
|
20
|
+
|
21
|
+
def mode
|
22
|
+
return @mode
|
23
|
+
end
|
24
|
+
def sniff
|
25
|
+
return @sniff
|
26
|
+
end
|
27
|
+
def mode=(mode)
|
28
|
+
if ( mode < 0 ) or ( mode > 3 ) then
|
29
|
+
raise HardsploitAPI::ERROR::SPIWrongMode
|
30
|
+
else
|
31
|
+
@mode = mode
|
32
|
+
end
|
33
|
+
end
|
34
|
+
def sniff=(sniff)
|
35
|
+
case sniff
|
36
|
+
when HardsploitAPI::SPISniffer::MISO; @sniff = sniff
|
37
|
+
when HardsploitAPI::SPISniffer::MOSI; @sniff = sniff
|
38
|
+
when HardsploitAPI::SPISniffer::MISO_MOSI; @sniff = sniff
|
39
|
+
else
|
40
|
+
raise HardsploitAPI::ERROR::SPIWrongMode
|
41
|
+
end
|
42
|
+
end
|
43
|
+
def spi_SetSettings
|
44
|
+
packet = HardsploitAPI.prepare_packet
|
45
|
+
packet.push 0x10 #Command change mode
|
46
|
+
packet.push @mode + (@sniff<<6) #Add mode
|
47
|
+
begin
|
48
|
+
HardsploitAPI.instance.sendPacket packet
|
49
|
+
rescue
|
50
|
+
raise HardsploitAPI::ERROR::USB_ERROR
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
def odds_and_evens(tab, return_odds)
|
55
|
+
tab.select.with_index{|_, i| return_odds ? i.odd? : i.even?}
|
56
|
+
end
|
57
|
+
# spi_receive_available_data
|
58
|
+
# * Return data received
|
59
|
+
def spi_receive_available_data
|
60
|
+
packet = Array.new
|
61
|
+
packet.push 0 #low byte of lenght of trame refresh automaticly before send by usb
|
62
|
+
packet.push 0 #high byte of lenght of trame refresh automaticly before send by usb
|
63
|
+
packet.push HardsploitAPI.lowByte(word:HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
|
64
|
+
packet.push HardsploitAPI.highByte(word:HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
|
65
|
+
|
66
|
+
packet.push 0x50 #Command RAW COMMUNICATION TO FPGA FIFO
|
67
|
+
packet.push 0x20 #Command receive available data
|
68
|
+
|
69
|
+
#remove header (4 bytes 2 for size 2 for type of command)
|
70
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 200).drop(4)
|
71
|
+
|
72
|
+
#if half a simple array, if fullduplex first item -> an array of MISO and second array -> an array of MOSI
|
73
|
+
case @sniff
|
74
|
+
when HardsploitAPI::SPISniffer::MISO,HardsploitAPI::SPISniffer::MOSI
|
75
|
+
return result
|
76
|
+
else
|
77
|
+
myresult = Array.new
|
78
|
+
myresult.push odds_and_evens(result,true)
|
79
|
+
myresult.push odds_and_evens(result,false)
|
80
|
+
return myresult
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,367 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
require_relative 'HardsploitAPI_SWD_DEBUG'
|
9
|
+
require_relative 'HardsploitAPI_SWD_STM32'
|
10
|
+
require_relative '../../Core/HardsploitAPI'
|
11
|
+
|
12
|
+
class HardsploitAPI_SWD
|
13
|
+
#attr_accessor :debugPort
|
14
|
+
#attr_accessor :stm32
|
15
|
+
DCRDR = 0xE000EDF8 # address of Debug Core Register Data Register
|
16
|
+
DCRSR = 0xE000EDF4 # address of Debug Core Register Selector Register
|
17
|
+
|
18
|
+
def initialize(memory_start_address:, memory_size_address:, cpu_id_address:, device_id_address:)
|
19
|
+
HardsploitAPI.instance.connect
|
20
|
+
@memory_start_address = memory_start_address.hex
|
21
|
+
@memory_size_address = memory_size_address.hex
|
22
|
+
@cpu_id_address = cpu_id_address.hex
|
23
|
+
@device_id_address = device_id_address.hex
|
24
|
+
end
|
25
|
+
|
26
|
+
def readRegs
|
27
|
+
#halt the target before read register
|
28
|
+
stop
|
29
|
+
|
30
|
+
@stm32.ahb.csw(1,2)
|
31
|
+
|
32
|
+
p read_mem8(0x1FFFF7E0,2)
|
33
|
+
#p @stm32.ahb.readWord(@memory_size_address).to_s(16)
|
34
|
+
for i in 0..36
|
35
|
+
#Write DCRSR address into TAR register
|
36
|
+
#Write core register index Rn into DRW register.
|
37
|
+
write_mem32( DCRSR,[i,0,0,0])
|
38
|
+
#@stm32.ahb.writeWord( DCRSR,i)
|
39
|
+
|
40
|
+
#Write DCRDR address into TAR register.
|
41
|
+
#Read core register value from DRW register.
|
42
|
+
#value = @stm32.ahb.readWord( DCRDR)
|
43
|
+
result = read_mem32(DCRDR,1)
|
44
|
+
value = result[0] + (result[1] << 8) + (result[2] << 16) + (result[3] << 24)
|
45
|
+
puts "R#{i} #{value.to_s(16)}"
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def stop
|
50
|
+
# halt the processor core
|
51
|
+
write_mem32(0xE000EDF0,[0x03,0x00,0x5F,0xA0])
|
52
|
+
end
|
53
|
+
|
54
|
+
def start
|
55
|
+
# start the processor core
|
56
|
+
write_mem32(0xE000EDF0,[0x00,0x00,0x5F,0xA0])
|
57
|
+
end
|
58
|
+
def obtainCodes
|
59
|
+
@debugPort = SWD_DEBUG_PORT.new(self)
|
60
|
+
@stm32 = SWD_STM32.new(@debugPort)
|
61
|
+
# Cortex M4 0x410FC241
|
62
|
+
# Cortex M3 0x411FC231
|
63
|
+
resetSWD
|
64
|
+
# code = {
|
65
|
+
# :DebugPortId => @debugPort.idcode,
|
66
|
+
# :AccessPortId => @stm32.ahb.idcode,
|
67
|
+
# :CpuId => @stm32.ahb.readWord(@cpu_id_address),
|
68
|
+
# :DeviceId => @stm32.ahb.readWord(@device_id_address)
|
69
|
+
# }
|
70
|
+
|
71
|
+
code = {
|
72
|
+
:DebugPortId => @debugPort.idcode,
|
73
|
+
:AccessPortId => @stm32.ahb.idcode,
|
74
|
+
:CpuId => @stm32.ahb.readWord(@cpu_id_address)
|
75
|
+
}
|
76
|
+
return code
|
77
|
+
end
|
78
|
+
|
79
|
+
def find(numberOfConnectedPinFromA0:)
|
80
|
+
posibility = HardsploitAPI.allPosibility(
|
81
|
+
numberOfConnectedPinFromA0: numberOfConnectedPinFromA0,
|
82
|
+
numberOfSignalsForBus: 2
|
83
|
+
)
|
84
|
+
for item in posibility
|
85
|
+
currentWiring = 0
|
86
|
+
for value in item
|
87
|
+
currentWiring += 2 ** value
|
88
|
+
end
|
89
|
+
HardsploitAPI.instance.setWiringLeds(value: currentWiring)
|
90
|
+
for i in 0..(63 - item.size)
|
91
|
+
item.push i + numberOfConnectedPinFromA0
|
92
|
+
end
|
93
|
+
HardsploitAPI.instance.setCrossWiring(value: item)
|
94
|
+
begin
|
95
|
+
code = obtainCodes
|
96
|
+
return item
|
97
|
+
rescue Exception => msg
|
98
|
+
puts msg
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
def writeFlash(path)
|
104
|
+
obtainCodes
|
105
|
+
dataWrite = IO.binread(path)
|
106
|
+
dataWrite = dataWrite.unpack("C*")
|
107
|
+
HardsploitAPI.instance.consoleInfo "Halting Processor"
|
108
|
+
@stm32.halt
|
109
|
+
HardsploitAPI.instance.consoleInfo "Erasing Flash"
|
110
|
+
@stm32.flashUnlock
|
111
|
+
@stm32.flashErase
|
112
|
+
HardsploitAPI.instance.consoleInfo "Programming Flash"
|
113
|
+
@stm32.flashProgram
|
114
|
+
time = Time.new
|
115
|
+
@stm32.flashWrite(@memory_start_address, dataWrite)
|
116
|
+
time = Time.new - time
|
117
|
+
HardsploitAPI.instance.consoleSpeed "Write #{((dataWrite.size/time)).round(2)}Bytes/s #{(dataWrite.size)}Bytes in #{time.round(4)} s"
|
118
|
+
@stm32.flashProgramEnd
|
119
|
+
HardsploitAPI.instance.consoleInfo "Resetting"
|
120
|
+
@stm32.sysReset
|
121
|
+
HardsploitAPI.instance.consoleInfo "Start"
|
122
|
+
@stm32.unhalt
|
123
|
+
end
|
124
|
+
|
125
|
+
def eraseFlash
|
126
|
+
obtainCodes
|
127
|
+
HardsploitAPI.instance.consoleInfo 'Erase'
|
128
|
+
@stm32.flashErase
|
129
|
+
end
|
130
|
+
|
131
|
+
def dumpFlash(path)
|
132
|
+
obtainCodes
|
133
|
+
@stm32.halt
|
134
|
+
flash_size = (@stm32.ahb.readWord(@memory_size_address) & 0xFFFF)
|
135
|
+
HardsploitAPI.instance.consoleInfo "Flash size : #{(flash_size)} KB"
|
136
|
+
HardsploitAPI.instance.consoleInfo "Dump flash"
|
137
|
+
time = Time.new
|
138
|
+
data = @stm32.flashRead(@memory_start_address, (flash_size * 1024))
|
139
|
+
time = Time.new - time
|
140
|
+
HardsploitAPI.instance.consoleSpeed "DUMP #{((data.size/time)).round(2)}Bytes/s #{(data.size)}Bytes in #{time.round(4)} s"
|
141
|
+
IO.binwrite(path, data.pack('C*'))
|
142
|
+
HardsploitAPI.instance.consoleInfo "Finish dump"
|
143
|
+
end
|
144
|
+
def read_mem8(address,size)
|
145
|
+
packet = HardsploitAPI.prepare_packet
|
146
|
+
packet.push 0xAA #Read mode
|
147
|
+
packet.push HardsploitAPI.lowByte(word: size)
|
148
|
+
packet.push HardsploitAPI.highByte(word: size)
|
149
|
+
packet.push ((address & 0xFF) >> 0)
|
150
|
+
packet.push ((address & 0xFF00) >> 8 )
|
151
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
152
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
153
|
+
|
154
|
+
# --[2:0] Size
|
155
|
+
# --Size of access field:
|
156
|
+
# --b000 = 8 bits
|
157
|
+
# --b001 = 16 bits
|
158
|
+
# --b010 = 32 bits
|
159
|
+
# --b011-111 are reserved.
|
160
|
+
# --Reset value: b000
|
161
|
+
#
|
162
|
+
# --[5:4] AddrInc
|
163
|
+
# --0b00 = auto increment off.
|
164
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
165
|
+
# --0b10 = increment packed.[b]
|
166
|
+
# --0b11 = reserved. No transfer.
|
167
|
+
# --Size of address increment is defined by the Size field [2:0].
|
168
|
+
# --Reset value: 0b00.
|
169
|
+
packet.push 0b00010000 # single 8 bits auto increment
|
170
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
171
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading timeout or ACK issue" unless result.class == Array
|
172
|
+
#raise HardsploitAPI::ERROR::SWD_ERROR,"We need to receive #{size } and we received #{result.size-4}" unless (result.size-4) == size # Receive all data
|
173
|
+
return result.drop(4)
|
174
|
+
end
|
175
|
+
def read_mem32(address,size)
|
176
|
+
packet = HardsploitAPI.prepare_packet
|
177
|
+
packet.push 0xAA #Read mode
|
178
|
+
packet.push HardsploitAPI.lowByte(word: size)
|
179
|
+
packet.push HardsploitAPI.highByte(word: size)
|
180
|
+
packet.push ((address & 0xFF) >> 0)
|
181
|
+
packet.push ((address & 0xFF00) >> 8 )
|
182
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
183
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
184
|
+
|
185
|
+
# --[2:0] Size
|
186
|
+
# --Size of access field:
|
187
|
+
# --b000 = 8 bits
|
188
|
+
# --b001 = 16 bits
|
189
|
+
# --b010 = 32 bits
|
190
|
+
# --b011-111 are reserved.
|
191
|
+
# --Reset value: b000
|
192
|
+
#
|
193
|
+
# --[5:4] AddrInc
|
194
|
+
# --0b00 = auto increment off.
|
195
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
196
|
+
# --0b10 = increment packed.[b]
|
197
|
+
# --0b11 = reserved. No transfer.
|
198
|
+
# --Size of address increment is defined by the Size field [2:0].
|
199
|
+
# --Reset value: 0b00.
|
200
|
+
packet.push 0b00010010 # single 32 bits auto increment
|
201
|
+
|
202
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
203
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading timeout or ACK issue" unless result.class == Array
|
204
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"We need to receive #{size +4 } and we received #{result.size}" unless (result.size-4)/4 == size # Receive all data
|
205
|
+
return result.drop(4)
|
206
|
+
end
|
207
|
+
def write_mem32(address,data)
|
208
|
+
raise "Too many data (> 2000)" if data.size > 2000
|
209
|
+
packet = HardsploitAPI.prepare_packet
|
210
|
+
packet.push 0xBB #Write ap
|
211
|
+
packet.push ((address & 0xFF) >> 0)
|
212
|
+
packet.push ((address & 0xFF00) >> 8 )
|
213
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
214
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
215
|
+
|
216
|
+
# --[2:0] Size
|
217
|
+
# --Size of access field:
|
218
|
+
# --b000 = 8 bits
|
219
|
+
# --b001 = 16 bits
|
220
|
+
# --b010 = 32 bits
|
221
|
+
# --b011-111 are reserved.
|
222
|
+
# --Reset value: b000
|
223
|
+
#
|
224
|
+
# --[5:4] AddrInc
|
225
|
+
# --0b00 = auto increment off.
|
226
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
227
|
+
# --0b10 = increment packed.[b]
|
228
|
+
# --0b11 = reserved. No transfer.
|
229
|
+
# --Size of address increment is defined by the Size field [2:0].
|
230
|
+
# --Reset value: 0b00.
|
231
|
+
packet.push 0b00010010 # single 32 bits auto increment neeed to write in flash
|
232
|
+
|
233
|
+
packet.push *data
|
234
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
235
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing, timeout" unless result.class == Array
|
236
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing" unless result.size == 5
|
237
|
+
return true if result[4] == 1
|
238
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WAIT response" if result[4] == 2
|
239
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"FAULT response" if result[4] == 4
|
240
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WRITE ERROR #{result[4]}"
|
241
|
+
end
|
242
|
+
|
243
|
+
def write_mem8(address,data)
|
244
|
+
raise "Too many data (> 2000)" if data.size > 2000
|
245
|
+
packet = HardsploitAPI.prepare_packet
|
246
|
+
packet.push 0xBB #Write ap
|
247
|
+
packet.push ((address & 0xFF) >> 0)
|
248
|
+
packet.push ((address & 0xFF00) >> 8 )
|
249
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
250
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
251
|
+
|
252
|
+
# --[2:0] Size
|
253
|
+
# --Size of access field:
|
254
|
+
# --b000 = 8 bits
|
255
|
+
# --b001 = 16 bits
|
256
|
+
# --b010 = 32 bits
|
257
|
+
# --b011-111 are reserved.
|
258
|
+
# --Reset value: b000
|
259
|
+
#
|
260
|
+
# --[5:4] AddrInc
|
261
|
+
# --0b00 = auto increment off.
|
262
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
263
|
+
# --0b10 = increment packed.[b]
|
264
|
+
# --0b11 = reserved. No transfer.
|
265
|
+
# --Size of address increment is defined by the Size field [2:0].
|
266
|
+
# --Reset value: 0b00.
|
267
|
+
packet.push 0b00010000 # single 8 bits auto increment neeed to write in flash
|
268
|
+
packet.push *data
|
269
|
+
|
270
|
+
packet.push 0 #Dummy need to be improve in VHDL
|
271
|
+
|
272
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
273
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing, timeout" unless result.class == Array
|
274
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing" unless result.size == 5
|
275
|
+
return true if result[4] == 1
|
276
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WAIT response" if result[4] == 2
|
277
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"FAULT response" if result[4] == 4
|
278
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WRITE ERROR #{result[4]}"
|
279
|
+
end
|
280
|
+
|
281
|
+
def write_mem16Packed(address,data)
|
282
|
+
raise "Too many data (> 2000)" if data.size > 2000
|
283
|
+
packet = HardsploitAPI.prepare_packet
|
284
|
+
packet.push 0xBB #Write ap
|
285
|
+
packet.push ((address & 0xFF) >> 0)
|
286
|
+
packet.push ((address & 0xFF00) >> 8 )
|
287
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
288
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
289
|
+
|
290
|
+
# --[2:0] Size
|
291
|
+
# --Size of access field:
|
292
|
+
# --b000 = 8 bits
|
293
|
+
# --b001 = 16 bits
|
294
|
+
# --b010 = 32 bits
|
295
|
+
# --b011-111 are reserved.
|
296
|
+
# --Reset value: b000
|
297
|
+
#
|
298
|
+
# --[5:4] AddrInc
|
299
|
+
# --0b00 = auto increment off.
|
300
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
301
|
+
# --0b10 = increment packed.[b]
|
302
|
+
# --0b11 = reserved. No transfer.
|
303
|
+
# --Size of address increment is defined by the Size field [2:0].
|
304
|
+
# --Reset value: 0b00.
|
305
|
+
packet.push 0b00100001 # packet 16 bits auto increment neeed to write in flash
|
306
|
+
|
307
|
+
packet.push *data
|
308
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
309
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing, timeout" unless result.class == Array
|
310
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing" unless result.size == 5
|
311
|
+
return true if result[4] == 1
|
312
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WAIT response" if result[4] == 2
|
313
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"FAULT response" if result[4] == 4
|
314
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WRITE ERROR #{result[4]}"
|
315
|
+
end
|
316
|
+
|
317
|
+
def writeSWD(ap, register, data)
|
318
|
+
packet = HardsploitAPI.prepare_packet
|
319
|
+
packet.push 0x10 #Write mode
|
320
|
+
packet.push (calcOpcode(ap, register, false)) #Send Request
|
321
|
+
packet.push ((data & 0xFF) >> 0)
|
322
|
+
packet.push ((data & 0xFF00) >> 8 )
|
323
|
+
packet.push ((data & 0xFF0000) >> 16 )
|
324
|
+
packet.push ((data & 0xFF000000) >> 24 )
|
325
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
326
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing, timeout" unless result.class == Array
|
327
|
+
raise HardsploitAPI::ERROR::SWD_ERROR, "Error during writing" unless result.size == 5
|
328
|
+
return true if result[4] == 1
|
329
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WAIT response" if result[4] == 2
|
330
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"FAULT response" if result[4] == 4
|
331
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WRITE ERROR #{result[4]}"
|
332
|
+
end
|
333
|
+
|
334
|
+
def readSWD(ap, register)
|
335
|
+
packet = HardsploitAPI.prepare_packet
|
336
|
+
packet.push 0x11 #Read mode
|
337
|
+
packet.push(calcOpcode(ap,register, true)) #Send Request
|
338
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
339
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading timeout" unless result.class == Array
|
340
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Read error ACK : #{result[4]}" if result.size == 5 # Receive ACK
|
341
|
+
return (result[7] << 24) + (result[6] << 16) + (result[5] << 8 ) + result[4] if result.size == 8 # Receive read + 4bytes for header
|
342
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading"
|
343
|
+
end
|
344
|
+
|
345
|
+
#Return array with 1 byte for ACK
|
346
|
+
#Return 32bits integer for data read here is Core ID
|
347
|
+
#Raise if error
|
348
|
+
def resetSWD
|
349
|
+
packet = HardsploitAPI.prepare_packet
|
350
|
+
packet.push 0x00 #Reset mode
|
351
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
352
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading ICCODE timeout" unless result.class == Array
|
353
|
+
return (result[7] << 24) + (result[6] << 16) + (result[5] << 8 ) + result[4] if result.size == 8
|
354
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Reset error ACK #{result[4]}" if result.size == 5 #reveice ACK
|
355
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading ICCODE result != 4"
|
356
|
+
end
|
357
|
+
|
358
|
+
def calcOpcode (ap, register, read)
|
359
|
+
opcode = 0x00
|
360
|
+
(ap ? opcode |= 0x40 : opcode |= 0x00)
|
361
|
+
(read ? opcode |= 0x20 : opcode |= 0x00)
|
362
|
+
opcode = opcode | ((register & 0x01) << 4) | ((register & 0x02) << 2) #Addr AP DP bit 2..3
|
363
|
+
opcode = opcode | (((opcode & 0x78).to_s(2).count('1').odd? ? 1 : 0) << 2) #0x78 mask to take only read ap and register to process parity bit
|
364
|
+
opcode = opcode | 0x81 #Start and Park Bit
|
365
|
+
return opcode
|
366
|
+
end
|
367
|
+
end
|