hardsploit_gui 2.2 → 2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/hardsploit_gui +2 -2
- data/lib/{Firmware → Firmwares}/FPGA/I2C/I2C_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_I2C_INTERACT.rpd +0 -0
- data/lib/{Firmware/FPGA/SWD/SWD_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SWD_INTERACT.rpd → Firmwares/FPGA/PARALLEL/NO_MUX_PARALLEL_MEMORY/HARDSPLOIT_FIRMWARE_FPGA_NO_MUX_PARALLEL_MEMORY.rpd} +0 -0
- data/lib/Firmwares/FPGA/SPI/SPI_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SPI_INTERACT.rpd +0 -0
- data/lib/{Firmware/FPGA/SPI/SPI_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SPI_INTERACT.rpd → Firmwares/FPGA/SPI/SPI_SNIFFER/HARDSPLOIT_FIRMWARE_FPGA_SPI_SNIFFER.rpd} +0 -0
- data/lib/Firmwares/FPGA/SWD/SWD_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SWD_INTERACT.rpd +0 -0
- data/lib/{Firmware → Firmwares}/FPGA/TEST/TEST_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_TEST_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/UART/UART_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_UART_INTERACT.rpd +0 -0
- data/lib/{Firmware → Firmwares}/FPGA/VersionFPGA.rb +1 -1
- data/lib/{Firmware → Firmwares}/UC/HARDSPLOIT_FIRMWARE_UC.bin +0 -0
- data/lib/{Firmware → Firmwares}/UC/VersionUC.rb +1 -1
- data/lib/HardsploitAPI/Core/HardsploitAPI.rb +210 -0
- data/lib/HardsploitAPI/Core/HardsploitAPI_CONSTANT.rb +150 -0
- data/lib/HardsploitAPI/Core/HardsploitAPI_ERROR.rb +109 -0
- data/lib/HardsploitAPI/Core/HardsploitAPI_FIRMWARE.rb +305 -0
- data/lib/HardsploitAPI/{HardsploitAPI_PROGRESS.rb → Core/HardsploitAPI_PROGRESS.rb} +0 -0
- data/lib/HardsploitAPI/Core/HardsploitAPI_USB_COMMUNICATION.rb +166 -0
- data/lib/HardsploitAPI/Modules/I2C/HardsploitAPI_I2C.rb +356 -0
- data/lib/HardsploitAPI/{HardsploitAPI_NO_MUX_PARALLELE_MEMORY.rb → Modules/NO_MUX_PARALLEL_MEMORY/HardsploitAPI_NO_MUX_PARALLEL_MEMORY.rb} +26 -49
- data/lib/HardsploitAPI/Modules/NRF24L01/HardsploitAPI_NRF24L01.rb +306 -0
- data/lib/HardsploitAPI/Modules/SPI/HardsploitAPI_SPI.rb +340 -0
- data/lib/HardsploitAPI/Modules/SPI_SNIFFER/HardsploitAPI_SPI_SNIFFER.rb +83 -0
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD.rb +367 -0
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_DEBUG.rb +89 -0
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_MEM_AP.rb +61 -0
- data/lib/HardsploitAPI/{SWD → Modules/SWD}/HardsploitAPI_SWD_STM32.rb +32 -15
- data/lib/HardsploitAPI/{HardsploitAPI_TEST_INTERACT.rb → Modules/TEST/HardsploitAPI_TEST_INTERACT.rb} +1 -1
- data/lib/HardsploitAPI/Modules/UART/HardsploitAPI_UART.rb +196 -0
- data/lib/Hardsploit_gui.rb +96 -0
- data/lib/class/Chip_editor.rb +186 -330
- data/lib/class/Chip_management.rb +496 -0
- data/lib/class/Command_editor.rb +130 -182
- data/lib/class/Command_table.rb +16 -22
- data/lib/class/Console.rb +0 -2
- data/lib/class/ErrorMsg.rb +312 -0
- data/lib/class/Export.rb +140 -0
- data/lib/class/Export_manager.rb +43 -43
- data/lib/class/Firmware.rb +52 -11
- data/lib/class/Generic_commands.rb +180 -190
- data/lib/class/Import.rb +193 -0
- data/lib/class/Progress_bar.rb +1 -0
- data/lib/class/Signal_mapper.rb +120 -0
- data/lib/class/Wire_helper.rb +132 -148
- data/lib/class/{I2C → i2c}/I2c_command.rb +16 -13
- data/lib/class/i2c/I2c_export.rb +95 -0
- data/lib/class/i2c/I2c_import.rb +117 -0
- data/lib/class/i2c/I2c_scanner.rb +114 -0
- data/lib/class/i2c/I2c_settings.rb +148 -0
- data/lib/class/parallel/Parallel_export.rb +118 -0
- data/lib/class/parallel/Parallel_import.rb +113 -0
- data/lib/class/parallel/Parallel_settings.rb +81 -0
- data/lib/class/spi/Spi_export.rb +108 -0
- data/lib/class/spi/Spi_import.rb +159 -0
- data/lib/class/spi/Spi_settings.rb +108 -0
- data/lib/class/spi/Spi_sniffer.rb +101 -0
- data/lib/class/swd/Swd.rb +125 -0
- data/lib/class/swd/Swd_scanner.rb +121 -0
- data/lib/class/swd/Swd_settings.rb +76 -0
- data/lib/class/uart/Uart_baudrate.rb +62 -0
- data/lib/class/uart/Uart_console.rb +115 -0
- data/lib/class/uart/Uart_settings.rb +102 -0
- data/lib/db/associations.rb +42 -29
- data/lib/db/database.rb +4 -0
- data/lib/db/development.sqlite3 +0 -0
- data/lib/db/migrate/004_create_manufacturers.rb +13 -0
- data/lib/db/migrate/005_create_packages.rb +13 -0
- data/lib/db/migrate/006_create_chip_types.rb +11 -0
- data/lib/db/migrate/007_create_buses.rb +11 -0
- data/lib/db/migrate/008_create_signals.rb +14 -0
- data/lib/db/migrate/009_create_chips.rb +25 -0
- data/lib/db/migrate/010_create_commands.rb +21 -0
- data/lib/db/migrate/011_create_bytes.rb +19 -0
- data/lib/db/migrate/012_create_i2c_settings.rb +21 -0
- data/lib/db/migrate/013_create_spi_settings.rb +26 -0
- data/lib/db/migrate/014_create_parallel_settings.rb +21 -0
- data/lib/db/migrate/015_create_pins.rb +19 -0
- data/lib/db/migrate/016_create_uses.rb +17 -0
- data/lib/db/migrate/017_create_swd_settings.rb +19 -0
- data/lib/db/migrate/018_create_uart_settings.rb +22 -0
- data/lib/db/schema.rb +157 -0
- data/lib/db/seeds.rb +161 -0
- data/lib/gui/gui_chip_editor.rb +23 -22
- data/lib/gui/gui_chip_management.rb +43 -38
- data/lib/gui/gui_command_editor.rb +2 -1
- data/lib/gui/gui_export.rb +132 -0
- data/lib/gui/gui_generic_commands.rb +69 -31
- data/lib/gui/gui_generic_export.rb +18 -2
- data/lib/gui/gui_generic_import.rb +18 -2
- data/lib/gui/gui_i2c_command.rb +2 -1
- data/lib/gui/gui_i2c_settings.rb +2 -2
- data/lib/gui/gui_import.rb +131 -0
- data/lib/gui/gui_parallel_settings.rb +2 -1
- data/lib/gui/gui_progress_bar.rb +2 -1
- data/lib/gui/gui_signal_mapper.rb +121 -0
- data/lib/gui/gui_signal_scanner.rb +146 -0
- data/lib/gui/gui_spi_settings.rb +6 -2
- data/lib/gui/gui_spi_sniffer.rb +112 -0
- data/lib/gui/gui_swd_settings.rb +166 -0
- data/lib/gui/gui_uart_baudrate.rb +114 -0
- data/lib/gui/gui_uart_console.rb +164 -0
- data/lib/gui/gui_uart_settings.rb +243 -0
- data/lib/gui_designer/gui_chip_editor.ui +9 -6
- data/lib/gui_designer/gui_chip_management.ui +79 -35
- data/lib/gui_designer/gui_command_editor.ui +3 -0
- data/lib/gui_designer/gui_export.ui +171 -0
- data/lib/gui_designer/gui_generic_commands.ui +274 -190
- data/lib/gui_designer/gui_generic_export.ui +24 -1
- data/lib/gui_designer/gui_generic_import.ui +25 -2
- data/lib/gui_designer/gui_i2c_command.ui +3 -0
- data/lib/gui_designer/gui_i2c_settings.ui +2 -2
- data/lib/gui_designer/gui_import.ui +168 -0
- data/lib/gui_designer/gui_parallel_settings.ui +4 -1
- data/lib/gui_designer/gui_progress_bar.ui +3 -0
- data/lib/gui_designer/gui_signal_mapper.ui +179 -0
- data/lib/gui_designer/gui_signal_scanner.ui +261 -0
- data/lib/gui_designer/gui_spi_settings.ui +15 -2
- data/lib/gui_designer/gui_spi_sniffer.ui +156 -0
- data/lib/gui_designer/gui_swd_settings.ui +189 -0
- data/lib/gui_designer/gui_uart_baudrate.ui +161 -0
- data/lib/gui_designer/gui_uart_console.ui +284 -0
- data/lib/gui_designer/gui_uart_settings.ui +280 -0
- data/lib/logs/error.log +63 -0
- data/lib/models/bus.rb +19 -0
- data/lib/models/byte.rb +29 -0
- data/lib/models/chip.rb +41 -0
- data/lib/models/chip_type.rb +14 -0
- data/lib/models/command.rb +20 -0
- data/lib/models/i2c_setting.rb +41 -0
- data/lib/models/manufacturer.rb +14 -0
- data/lib/models/package.rb +26 -0
- data/lib/models/parallel_setting.rb +37 -0
- data/lib/models/pin.rb +14 -0
- data/lib/models/signall.rb +20 -0
- data/lib/models/spi_setting.rb +67 -0
- data/lib/models/swd_setting.rb +25 -0
- data/lib/models/uart_setting.rb +52 -0
- data/lib/models/use.rb +6 -0
- data/lib/startHardsploit.rb +2 -2
- metadata +106 -41
- data/lib/Firmware/FPGA/PARALLEL/NO_MUX_PARALLEL_MEMORY/HARDSPLOIT_FIRMWARE_FPGA_NO_MUX_PARALLEL_MEMORY.rpd +0 -0
- data/lib/HardsploitAPI/HardsploitAPI.rb +0 -133
- data/lib/HardsploitAPI/HardsploitAPI_CONSTANT.rb +0 -145
- data/lib/HardsploitAPI/HardsploitAPI_ERROR.rb +0 -38
- data/lib/HardsploitAPI/HardsploitAPI_FIRMWARE.rb +0 -311
- data/lib/HardsploitAPI/HardsploitAPI_I2C.rb +0 -360
- data/lib/HardsploitAPI/HardsploitAPI_SPI.rb +0 -369
- data/lib/HardsploitAPI/HardsploitAPI_USB_COMMUNICATION.rb +0 -148
- data/lib/HardsploitAPI/LICENSE.txt +0 -674
- data/lib/HardsploitAPI/README.md +0 -22
- data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD.rb +0 -249
- data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD_DEBUG.rb +0 -102
- data/lib/HardsploitAPI/SWD/HardsploitAPI_SWD_MEM_AP.rb +0 -78
- data/lib/HardsploitAPI/TRADEMARK +0 -3
- data/lib/class/HardsploitGUI.rb +0 -463
- data/lib/class/I2C/I2c_export.rb +0 -118
- data/lib/class/I2C/I2c_import.rb +0 -79
- data/lib/class/I2C/I2c_settings.rb +0 -129
- data/lib/class/PARALLEL/Parallel_export.rb +0 -146
- data/lib/class/PARALLEL/Parallel_import.rb +0 -88
- data/lib/class/PARALLEL/Parallel_settings.rb +0 -102
- data/lib/class/SPI/Spi_export.rb +0 -138
- data/lib/class/SPI/Spi_import.rb +0 -113
- data/lib/class/SPI/Spi_settings.rb +0 -134
- data/lib/db/hs.db +0 -0
- data/lib/hardsploit.rb +0 -131
@@ -0,0 +1,83 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
|
9
|
+
require_relative '../../Core/HardsploitAPI'
|
10
|
+
class HardsploitAPI_SPI_SNIFFER
|
11
|
+
public
|
12
|
+
|
13
|
+
def initialize(mode:,sniff:)
|
14
|
+
#to be sure the singleton was initialize
|
15
|
+
HardsploitAPI.instance.connect
|
16
|
+
self.mode=mode
|
17
|
+
self.sniff=sniff
|
18
|
+
spi_SetSettings
|
19
|
+
end
|
20
|
+
|
21
|
+
def mode
|
22
|
+
return @mode
|
23
|
+
end
|
24
|
+
def sniff
|
25
|
+
return @sniff
|
26
|
+
end
|
27
|
+
def mode=(mode)
|
28
|
+
if ( mode < 0 ) or ( mode > 3 ) then
|
29
|
+
raise HardsploitAPI::ERROR::SPIWrongMode
|
30
|
+
else
|
31
|
+
@mode = mode
|
32
|
+
end
|
33
|
+
end
|
34
|
+
def sniff=(sniff)
|
35
|
+
case sniff
|
36
|
+
when HardsploitAPI::SPISniffer::MISO; @sniff = sniff
|
37
|
+
when HardsploitAPI::SPISniffer::MOSI; @sniff = sniff
|
38
|
+
when HardsploitAPI::SPISniffer::MISO_MOSI; @sniff = sniff
|
39
|
+
else
|
40
|
+
raise HardsploitAPI::ERROR::SPIWrongMode
|
41
|
+
end
|
42
|
+
end
|
43
|
+
def spi_SetSettings
|
44
|
+
packet = HardsploitAPI.prepare_packet
|
45
|
+
packet.push 0x10 #Command change mode
|
46
|
+
packet.push @mode + (@sniff<<6) #Add mode
|
47
|
+
begin
|
48
|
+
HardsploitAPI.instance.sendPacket packet
|
49
|
+
rescue
|
50
|
+
raise HardsploitAPI::ERROR::USB_ERROR
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
def odds_and_evens(tab, return_odds)
|
55
|
+
tab.select.with_index{|_, i| return_odds ? i.odd? : i.even?}
|
56
|
+
end
|
57
|
+
# spi_receive_available_data
|
58
|
+
# * Return data received
|
59
|
+
def spi_receive_available_data
|
60
|
+
packet = Array.new
|
61
|
+
packet.push 0 #low byte of lenght of trame refresh automaticly before send by usb
|
62
|
+
packet.push 0 #high byte of lenght of trame refresh automaticly before send by usb
|
63
|
+
packet.push HardsploitAPI.lowByte(word:HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
|
64
|
+
packet.push HardsploitAPI.highByte(word:HardsploitAPI::USB_COMMAND::FPGA_COMMAND)
|
65
|
+
|
66
|
+
packet.push 0x50 #Command RAW COMMUNICATION TO FPGA FIFO
|
67
|
+
packet.push 0x20 #Command receive available data
|
68
|
+
|
69
|
+
#remove header (4 bytes 2 for size 2 for type of command)
|
70
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 200).drop(4)
|
71
|
+
|
72
|
+
#if half a simple array, if fullduplex first item -> an array of MISO and second array -> an array of MOSI
|
73
|
+
case @sniff
|
74
|
+
when HardsploitAPI::SPISniffer::MISO,HardsploitAPI::SPISniffer::MOSI
|
75
|
+
return result
|
76
|
+
else
|
77
|
+
myresult = Array.new
|
78
|
+
myresult.push odds_and_evens(result,true)
|
79
|
+
myresult.push odds_and_evens(result,false)
|
80
|
+
return myresult
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,367 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
require_relative 'HardsploitAPI_SWD_DEBUG'
|
9
|
+
require_relative 'HardsploitAPI_SWD_STM32'
|
10
|
+
require_relative '../../Core/HardsploitAPI'
|
11
|
+
|
12
|
+
class HardsploitAPI_SWD
|
13
|
+
#attr_accessor :debugPort
|
14
|
+
#attr_accessor :stm32
|
15
|
+
DCRDR = 0xE000EDF8 # address of Debug Core Register Data Register
|
16
|
+
DCRSR = 0xE000EDF4 # address of Debug Core Register Selector Register
|
17
|
+
|
18
|
+
def initialize(memory_start_address:, memory_size_address:, cpu_id_address:, device_id_address:)
|
19
|
+
HardsploitAPI.instance.connect
|
20
|
+
@memory_start_address = memory_start_address.hex
|
21
|
+
@memory_size_address = memory_size_address.hex
|
22
|
+
@cpu_id_address = cpu_id_address.hex
|
23
|
+
@device_id_address = device_id_address.hex
|
24
|
+
end
|
25
|
+
|
26
|
+
def readRegs
|
27
|
+
#halt the target before read register
|
28
|
+
stop
|
29
|
+
|
30
|
+
@stm32.ahb.csw(1,2)
|
31
|
+
|
32
|
+
p read_mem8(0x1FFFF7E0,2)
|
33
|
+
#p @stm32.ahb.readWord(@memory_size_address).to_s(16)
|
34
|
+
for i in 0..36
|
35
|
+
#Write DCRSR address into TAR register
|
36
|
+
#Write core register index Rn into DRW register.
|
37
|
+
write_mem32( DCRSR,[i,0,0,0])
|
38
|
+
#@stm32.ahb.writeWord( DCRSR,i)
|
39
|
+
|
40
|
+
#Write DCRDR address into TAR register.
|
41
|
+
#Read core register value from DRW register.
|
42
|
+
#value = @stm32.ahb.readWord( DCRDR)
|
43
|
+
result = read_mem32(DCRDR,1)
|
44
|
+
value = result[0] + (result[1] << 8) + (result[2] << 16) + (result[3] << 24)
|
45
|
+
puts "R#{i} #{value.to_s(16)}"
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def stop
|
50
|
+
# halt the processor core
|
51
|
+
write_mem32(0xE000EDF0,[0x03,0x00,0x5F,0xA0])
|
52
|
+
end
|
53
|
+
|
54
|
+
def start
|
55
|
+
# start the processor core
|
56
|
+
write_mem32(0xE000EDF0,[0x00,0x00,0x5F,0xA0])
|
57
|
+
end
|
58
|
+
def obtainCodes
|
59
|
+
@debugPort = SWD_DEBUG_PORT.new(self)
|
60
|
+
@stm32 = SWD_STM32.new(@debugPort)
|
61
|
+
# Cortex M4 0x410FC241
|
62
|
+
# Cortex M3 0x411FC231
|
63
|
+
resetSWD
|
64
|
+
# code = {
|
65
|
+
# :DebugPortId => @debugPort.idcode,
|
66
|
+
# :AccessPortId => @stm32.ahb.idcode,
|
67
|
+
# :CpuId => @stm32.ahb.readWord(@cpu_id_address),
|
68
|
+
# :DeviceId => @stm32.ahb.readWord(@device_id_address)
|
69
|
+
# }
|
70
|
+
|
71
|
+
code = {
|
72
|
+
:DebugPortId => @debugPort.idcode,
|
73
|
+
:AccessPortId => @stm32.ahb.idcode,
|
74
|
+
:CpuId => @stm32.ahb.readWord(@cpu_id_address)
|
75
|
+
}
|
76
|
+
return code
|
77
|
+
end
|
78
|
+
|
79
|
+
def find(numberOfConnectedPinFromA0:)
|
80
|
+
posibility = HardsploitAPI.allPosibility(
|
81
|
+
numberOfConnectedPinFromA0: numberOfConnectedPinFromA0,
|
82
|
+
numberOfSignalsForBus: 2
|
83
|
+
)
|
84
|
+
for item in posibility
|
85
|
+
currentWiring = 0
|
86
|
+
for value in item
|
87
|
+
currentWiring += 2 ** value
|
88
|
+
end
|
89
|
+
HardsploitAPI.instance.setWiringLeds(value: currentWiring)
|
90
|
+
for i in 0..(63 - item.size)
|
91
|
+
item.push i + numberOfConnectedPinFromA0
|
92
|
+
end
|
93
|
+
HardsploitAPI.instance.setCrossWiring(value: item)
|
94
|
+
begin
|
95
|
+
code = obtainCodes
|
96
|
+
return item
|
97
|
+
rescue Exception => msg
|
98
|
+
puts msg
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
def writeFlash(path)
|
104
|
+
obtainCodes
|
105
|
+
dataWrite = IO.binread(path)
|
106
|
+
dataWrite = dataWrite.unpack("C*")
|
107
|
+
HardsploitAPI.instance.consoleInfo "Halting Processor"
|
108
|
+
@stm32.halt
|
109
|
+
HardsploitAPI.instance.consoleInfo "Erasing Flash"
|
110
|
+
@stm32.flashUnlock
|
111
|
+
@stm32.flashErase
|
112
|
+
HardsploitAPI.instance.consoleInfo "Programming Flash"
|
113
|
+
@stm32.flashProgram
|
114
|
+
time = Time.new
|
115
|
+
@stm32.flashWrite(@memory_start_address, dataWrite)
|
116
|
+
time = Time.new - time
|
117
|
+
HardsploitAPI.instance.consoleSpeed "Write #{((dataWrite.size/time)).round(2)}Bytes/s #{(dataWrite.size)}Bytes in #{time.round(4)} s"
|
118
|
+
@stm32.flashProgramEnd
|
119
|
+
HardsploitAPI.instance.consoleInfo "Resetting"
|
120
|
+
@stm32.sysReset
|
121
|
+
HardsploitAPI.instance.consoleInfo "Start"
|
122
|
+
@stm32.unhalt
|
123
|
+
end
|
124
|
+
|
125
|
+
def eraseFlash
|
126
|
+
obtainCodes
|
127
|
+
HardsploitAPI.instance.consoleInfo 'Erase'
|
128
|
+
@stm32.flashErase
|
129
|
+
end
|
130
|
+
|
131
|
+
def dumpFlash(path)
|
132
|
+
obtainCodes
|
133
|
+
@stm32.halt
|
134
|
+
flash_size = (@stm32.ahb.readWord(@memory_size_address) & 0xFFFF)
|
135
|
+
HardsploitAPI.instance.consoleInfo "Flash size : #{(flash_size)} KB"
|
136
|
+
HardsploitAPI.instance.consoleInfo "Dump flash"
|
137
|
+
time = Time.new
|
138
|
+
data = @stm32.flashRead(@memory_start_address, (flash_size * 1024))
|
139
|
+
time = Time.new - time
|
140
|
+
HardsploitAPI.instance.consoleSpeed "DUMP #{((data.size/time)).round(2)}Bytes/s #{(data.size)}Bytes in #{time.round(4)} s"
|
141
|
+
IO.binwrite(path, data.pack('C*'))
|
142
|
+
HardsploitAPI.instance.consoleInfo "Finish dump"
|
143
|
+
end
|
144
|
+
def read_mem8(address,size)
|
145
|
+
packet = HardsploitAPI.prepare_packet
|
146
|
+
packet.push 0xAA #Read mode
|
147
|
+
packet.push HardsploitAPI.lowByte(word: size)
|
148
|
+
packet.push HardsploitAPI.highByte(word: size)
|
149
|
+
packet.push ((address & 0xFF) >> 0)
|
150
|
+
packet.push ((address & 0xFF00) >> 8 )
|
151
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
152
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
153
|
+
|
154
|
+
# --[2:0] Size
|
155
|
+
# --Size of access field:
|
156
|
+
# --b000 = 8 bits
|
157
|
+
# --b001 = 16 bits
|
158
|
+
# --b010 = 32 bits
|
159
|
+
# --b011-111 are reserved.
|
160
|
+
# --Reset value: b000
|
161
|
+
#
|
162
|
+
# --[5:4] AddrInc
|
163
|
+
# --0b00 = auto increment off.
|
164
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
165
|
+
# --0b10 = increment packed.[b]
|
166
|
+
# --0b11 = reserved. No transfer.
|
167
|
+
# --Size of address increment is defined by the Size field [2:0].
|
168
|
+
# --Reset value: 0b00.
|
169
|
+
packet.push 0b00010000 # single 8 bits auto increment
|
170
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
171
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading timeout or ACK issue" unless result.class == Array
|
172
|
+
#raise HardsploitAPI::ERROR::SWD_ERROR,"We need to receive #{size } and we received #{result.size-4}" unless (result.size-4) == size # Receive all data
|
173
|
+
return result.drop(4)
|
174
|
+
end
|
175
|
+
def read_mem32(address,size)
|
176
|
+
packet = HardsploitAPI.prepare_packet
|
177
|
+
packet.push 0xAA #Read mode
|
178
|
+
packet.push HardsploitAPI.lowByte(word: size)
|
179
|
+
packet.push HardsploitAPI.highByte(word: size)
|
180
|
+
packet.push ((address & 0xFF) >> 0)
|
181
|
+
packet.push ((address & 0xFF00) >> 8 )
|
182
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
183
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
184
|
+
|
185
|
+
# --[2:0] Size
|
186
|
+
# --Size of access field:
|
187
|
+
# --b000 = 8 bits
|
188
|
+
# --b001 = 16 bits
|
189
|
+
# --b010 = 32 bits
|
190
|
+
# --b011-111 are reserved.
|
191
|
+
# --Reset value: b000
|
192
|
+
#
|
193
|
+
# --[5:4] AddrInc
|
194
|
+
# --0b00 = auto increment off.
|
195
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
196
|
+
# --0b10 = increment packed.[b]
|
197
|
+
# --0b11 = reserved. No transfer.
|
198
|
+
# --Size of address increment is defined by the Size field [2:0].
|
199
|
+
# --Reset value: 0b00.
|
200
|
+
packet.push 0b00010010 # single 32 bits auto increment
|
201
|
+
|
202
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
203
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading timeout or ACK issue" unless result.class == Array
|
204
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"We need to receive #{size +4 } and we received #{result.size}" unless (result.size-4)/4 == size # Receive all data
|
205
|
+
return result.drop(4)
|
206
|
+
end
|
207
|
+
def write_mem32(address,data)
|
208
|
+
raise "Too many data (> 2000)" if data.size > 2000
|
209
|
+
packet = HardsploitAPI.prepare_packet
|
210
|
+
packet.push 0xBB #Write ap
|
211
|
+
packet.push ((address & 0xFF) >> 0)
|
212
|
+
packet.push ((address & 0xFF00) >> 8 )
|
213
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
214
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
215
|
+
|
216
|
+
# --[2:0] Size
|
217
|
+
# --Size of access field:
|
218
|
+
# --b000 = 8 bits
|
219
|
+
# --b001 = 16 bits
|
220
|
+
# --b010 = 32 bits
|
221
|
+
# --b011-111 are reserved.
|
222
|
+
# --Reset value: b000
|
223
|
+
#
|
224
|
+
# --[5:4] AddrInc
|
225
|
+
# --0b00 = auto increment off.
|
226
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
227
|
+
# --0b10 = increment packed.[b]
|
228
|
+
# --0b11 = reserved. No transfer.
|
229
|
+
# --Size of address increment is defined by the Size field [2:0].
|
230
|
+
# --Reset value: 0b00.
|
231
|
+
packet.push 0b00010010 # single 32 bits auto increment neeed to write in flash
|
232
|
+
|
233
|
+
packet.push *data
|
234
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
235
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing, timeout" unless result.class == Array
|
236
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing" unless result.size == 5
|
237
|
+
return true if result[4] == 1
|
238
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WAIT response" if result[4] == 2
|
239
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"FAULT response" if result[4] == 4
|
240
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WRITE ERROR #{result[4]}"
|
241
|
+
end
|
242
|
+
|
243
|
+
def write_mem8(address,data)
|
244
|
+
raise "Too many data (> 2000)" if data.size > 2000
|
245
|
+
packet = HardsploitAPI.prepare_packet
|
246
|
+
packet.push 0xBB #Write ap
|
247
|
+
packet.push ((address & 0xFF) >> 0)
|
248
|
+
packet.push ((address & 0xFF00) >> 8 )
|
249
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
250
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
251
|
+
|
252
|
+
# --[2:0] Size
|
253
|
+
# --Size of access field:
|
254
|
+
# --b000 = 8 bits
|
255
|
+
# --b001 = 16 bits
|
256
|
+
# --b010 = 32 bits
|
257
|
+
# --b011-111 are reserved.
|
258
|
+
# --Reset value: b000
|
259
|
+
#
|
260
|
+
# --[5:4] AddrInc
|
261
|
+
# --0b00 = auto increment off.
|
262
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
263
|
+
# --0b10 = increment packed.[b]
|
264
|
+
# --0b11 = reserved. No transfer.
|
265
|
+
# --Size of address increment is defined by the Size field [2:0].
|
266
|
+
# --Reset value: 0b00.
|
267
|
+
packet.push 0b00010000 # single 8 bits auto increment neeed to write in flash
|
268
|
+
packet.push *data
|
269
|
+
|
270
|
+
packet.push 0 #Dummy need to be improve in VHDL
|
271
|
+
|
272
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
273
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing, timeout" unless result.class == Array
|
274
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing" unless result.size == 5
|
275
|
+
return true if result[4] == 1
|
276
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WAIT response" if result[4] == 2
|
277
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"FAULT response" if result[4] == 4
|
278
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WRITE ERROR #{result[4]}"
|
279
|
+
end
|
280
|
+
|
281
|
+
def write_mem16Packed(address,data)
|
282
|
+
raise "Too many data (> 2000)" if data.size > 2000
|
283
|
+
packet = HardsploitAPI.prepare_packet
|
284
|
+
packet.push 0xBB #Write ap
|
285
|
+
packet.push ((address & 0xFF) >> 0)
|
286
|
+
packet.push ((address & 0xFF00) >> 8 )
|
287
|
+
packet.push ((address & 0xFF0000) >> 16 )
|
288
|
+
packet.push ((address & 0xFF000000) >> 24 )
|
289
|
+
|
290
|
+
# --[2:0] Size
|
291
|
+
# --Size of access field:
|
292
|
+
# --b000 = 8 bits
|
293
|
+
# --b001 = 16 bits
|
294
|
+
# --b010 = 32 bits
|
295
|
+
# --b011-111 are reserved.
|
296
|
+
# --Reset value: b000
|
297
|
+
#
|
298
|
+
# --[5:4] AddrInc
|
299
|
+
# --0b00 = auto increment off.
|
300
|
+
# --0b01 = increment single. Single transfer from corresponding byte lane.
|
301
|
+
# --0b10 = increment packed.[b]
|
302
|
+
# --0b11 = reserved. No transfer.
|
303
|
+
# --Size of address increment is defined by the Size field [2:0].
|
304
|
+
# --Reset value: 0b00.
|
305
|
+
packet.push 0b00100001 # packet 16 bits auto increment neeed to write in flash
|
306
|
+
|
307
|
+
packet.push *data
|
308
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
309
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing, timeout" unless result.class == Array
|
310
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing" unless result.size == 5
|
311
|
+
return true if result[4] == 1
|
312
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WAIT response" if result[4] == 2
|
313
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"FAULT response" if result[4] == 4
|
314
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WRITE ERROR #{result[4]}"
|
315
|
+
end
|
316
|
+
|
317
|
+
def writeSWD(ap, register, data)
|
318
|
+
packet = HardsploitAPI.prepare_packet
|
319
|
+
packet.push 0x10 #Write mode
|
320
|
+
packet.push (calcOpcode(ap, register, false)) #Send Request
|
321
|
+
packet.push ((data & 0xFF) >> 0)
|
322
|
+
packet.push ((data & 0xFF00) >> 8 )
|
323
|
+
packet.push ((data & 0xFF0000) >> 16 )
|
324
|
+
packet.push ((data & 0xFF000000) >> 24 )
|
325
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
326
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during writing, timeout" unless result.class == Array
|
327
|
+
raise HardsploitAPI::ERROR::SWD_ERROR, "Error during writing" unless result.size == 5
|
328
|
+
return true if result[4] == 1
|
329
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WAIT response" if result[4] == 2
|
330
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"FAULT response" if result[4] == 4
|
331
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"WRITE ERROR #{result[4]}"
|
332
|
+
end
|
333
|
+
|
334
|
+
def readSWD(ap, register)
|
335
|
+
packet = HardsploitAPI.prepare_packet
|
336
|
+
packet.push 0x11 #Read mode
|
337
|
+
packet.push(calcOpcode(ap,register, true)) #Send Request
|
338
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
339
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading timeout" unless result.class == Array
|
340
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Read error ACK : #{result[4]}" if result.size == 5 # Receive ACK
|
341
|
+
return (result[7] << 24) + (result[6] << 16) + (result[5] << 8 ) + result[4] if result.size == 8 # Receive read + 4bytes for header
|
342
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading"
|
343
|
+
end
|
344
|
+
|
345
|
+
#Return array with 1 byte for ACK
|
346
|
+
#Return 32bits integer for data read here is Core ID
|
347
|
+
#Raise if error
|
348
|
+
def resetSWD
|
349
|
+
packet = HardsploitAPI.prepare_packet
|
350
|
+
packet.push 0x00 #Reset mode
|
351
|
+
result = HardsploitAPI.instance.sendAndReceiveDATA(packet, 1000)
|
352
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading ICCODE timeout" unless result.class == Array
|
353
|
+
return (result[7] << 24) + (result[6] << 16) + (result[5] << 8 ) + result[4] if result.size == 8
|
354
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Reset error ACK #{result[4]}" if result.size == 5 #reveice ACK
|
355
|
+
raise HardsploitAPI::ERROR::SWD_ERROR,"Error during reading ICCODE result != 4"
|
356
|
+
end
|
357
|
+
|
358
|
+
def calcOpcode (ap, register, read)
|
359
|
+
opcode = 0x00
|
360
|
+
(ap ? opcode |= 0x40 : opcode |= 0x00)
|
361
|
+
(read ? opcode |= 0x20 : opcode |= 0x00)
|
362
|
+
opcode = opcode | ((register & 0x01) << 4) | ((register & 0x02) << 2) #Addr AP DP bit 2..3
|
363
|
+
opcode = opcode | (((opcode & 0x78).to_s(2).count('1').odd? ? 1 : 0) << 2) #0x78 mask to take only read ap and register to process parity bit
|
364
|
+
opcode = opcode | 0x81 #Start and Park Bit
|
365
|
+
return opcode
|
366
|
+
end
|
367
|
+
end
|