hardsploit_gui 2.3 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -22
- data/Rakefile +1 -1
- data/bin/hardsploit_gui +3 -3
- data/lib/Firmwares/FPGA/I2C/I2C_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_I2C_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/PARALLEL/NO_MUX_PARALLEL_MEMORY/HARDSPLOIT_FIRMWARE_FPGA_NO_MUX_PARALLEL_MEMORY.rpd +0 -0
- data/lib/Firmwares/FPGA/SPI/SPI_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SPI_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/SPI/SPI_SNIFFER/HARDSPLOIT_FIRMWARE_FPGA_SPI_SNIFFER.rpd +0 -0
- data/lib/Firmwares/FPGA/SWD/SWD_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SWD_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/UART/UART_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_UART_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/VersionFPGA.rb +5 -5
- data/lib/Firmwares/UC/VersionUC.rb +12 -12
- data/lib/HardsploitAPI/Core/HardsploitAPI.rb +210 -210
- data/lib/HardsploitAPI/Core/HardsploitAPI_CONSTANT.rb +150 -150
- data/lib/HardsploitAPI/Core/HardsploitAPI_ERROR.rb +109 -109
- data/lib/HardsploitAPI/Core/HardsploitAPI_FIRMWARE.rb +305 -305
- data/lib/HardsploitAPI/Core/HardsploitAPI_PROGRESS.rb +28 -28
- data/lib/HardsploitAPI/Core/HardsploitAPI_USB_COMMUNICATION.rb +166 -166
- data/lib/HardsploitAPI/Modules/I2C/HardsploitAPI_I2C.rb +356 -356
- data/lib/HardsploitAPI/Modules/NO_MUX_PARALLEL_MEMORY/HardsploitAPI_NO_MUX_PARALLEL_MEMORY.rb +206 -206
- data/lib/HardsploitAPI/Modules/NRF24L01/HardsploitAPI_NRF24L01.rb +306 -306
- data/lib/HardsploitAPI/Modules/SPI/HardsploitAPI_SPI.rb +340 -340
- data/lib/HardsploitAPI/Modules/SPI_SNIFFER/HardsploitAPI_SPI_SNIFFER.rb +83 -83
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD.rb +367 -367
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_DEBUG.rb +89 -89
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_MEM_AP.rb +61 -61
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb +121 -121
- data/lib/HardsploitAPI/Modules/TEST/HardsploitAPI_TEST_INTERACT.rb +98 -98
- data/lib/HardsploitAPI/Modules/UART/HardsploitAPI_UART.rb +196 -196
- data/lib/Hardsploit_gui.rb +96 -96
- data/lib/LICENSE.txt +674 -674
- data/lib/README.md +22 -22
- data/lib/TRADEMARK +2 -2
- data/lib/class/Chip_editor.rb +304 -304
- data/lib/class/Chip_management.rb +496 -496
- data/lib/class/Command_editor.rb +216 -216
- data/lib/class/Command_table.rb +233 -233
- data/lib/class/Console.rb +26 -26
- data/lib/class/ErrorMsg.rb +312 -312
- data/lib/class/Export.rb +140 -140
- data/lib/class/Export_manager.rb +124 -124
- data/lib/class/Firmware.rb +70 -70
- data/lib/class/Generic_commands.rb +260 -260
- data/lib/class/{i2c → I2C}/I2c_command.rb +51 -51
- data/lib/class/{i2c → I2C}/I2c_export.rb +95 -95
- data/lib/class/{i2c → I2C}/I2c_import.rb +117 -117
- data/lib/class/{i2c → I2C}/I2c_scanner.rb +114 -114
- data/lib/class/{i2c → I2C}/I2c_settings.rb +148 -148
- data/lib/class/Import.rb +193 -193
- data/lib/class/{parallel → PARALLEL}/Parallel_export.rb +118 -118
- data/lib/class/{parallel → PARALLEL}/Parallel_import.rb +113 -113
- data/lib/class/{parallel → PARALLEL}/Parallel_settings.rb +81 -81
- data/lib/class/Progress_bar.rb +32 -32
- data/lib/class/{spi → SPI}/Spi_export.rb +108 -108
- data/lib/class/{spi → SPI}/Spi_import.rb +159 -159
- data/lib/class/{spi → SPI}/Spi_settings.rb +108 -108
- data/lib/class/{spi → SPI}/Spi_sniffer.rb +101 -101
- data/lib/class/Signal_mapper.rb +120 -120
- data/lib/class/Wire_helper.rb +230 -230
- data/lib/class/swd/Swd.rb +125 -125
- data/lib/class/swd/Swd_scanner.rb +121 -121
- data/lib/class/swd/Swd_settings.rb +76 -76
- data/lib/class/uart/Uart_baudrate.rb +62 -62
- data/lib/class/uart/Uart_console.rb +115 -115
- data/lib/class/uart/Uart_settings.rb +102 -102
- data/lib/db/associations.rb +138 -138
- data/lib/db/database.rb +4 -4
- data/lib/db/development.sqlite3 +0 -0
- data/lib/db/migrate/004_create_manufacturers.rb +13 -13
- data/lib/db/migrate/005_create_packages.rb +13 -13
- data/lib/db/migrate/006_create_chip_types.rb +11 -11
- data/lib/db/migrate/007_create_buses.rb +11 -11
- data/lib/db/migrate/008_create_signals.rb +14 -14
- data/lib/db/migrate/009_create_chips.rb +25 -25
- data/lib/db/migrate/010_create_commands.rb +21 -21
- data/lib/db/migrate/011_create_bytes.rb +19 -19
- data/lib/db/migrate/012_create_i2c_settings.rb +21 -21
- data/lib/db/migrate/013_create_spi_settings.rb +26 -26
- data/lib/db/migrate/014_create_parallel_settings.rb +21 -21
- data/lib/db/migrate/015_create_pins.rb +19 -19
- data/lib/db/migrate/016_create_uses.rb +17 -17
- data/lib/db/migrate/017_create_swd_settings.rb +19 -19
- data/lib/db/migrate/018_create_uart_settings.rb +22 -22
- data/lib/db/schema.rb +157 -157
- data/lib/db/seeds.rb +161 -161
- data/lib/gui/gui_chip_editor.rb +349 -349
- data/lib/gui/gui_chip_management.rb +377 -377
- data/lib/gui/gui_command_editor.rb +219 -219
- data/lib/gui/gui_export.rb +132 -132
- data/lib/gui/gui_export_manager.rb +93 -93
- data/lib/gui/gui_generic_commands.rb +202 -202
- data/lib/gui/gui_generic_export.rb +164 -164
- data/lib/gui/gui_generic_import.rb +142 -142
- data/lib/gui/gui_i2c_command.rb +116 -116
- data/lib/gui/gui_i2c_settings.rb +230 -230
- data/lib/gui/gui_import.rb +131 -131
- data/lib/gui/gui_parallel_settings.rb +195 -195
- data/lib/gui/gui_progress_bar.rb +85 -85
- data/lib/gui/gui_signal_mapper.rb +121 -121
- data/lib/gui/gui_signal_scanner.rb +146 -146
- data/lib/gui/gui_spi_import.rb +126 -126
- data/lib/gui/gui_spi_settings.rb +313 -313
- data/lib/gui/gui_spi_sniffer.rb +112 -112
- data/lib/gui/gui_swd_settings.rb +166 -166
- data/lib/gui/gui_uart_baudrate.rb +114 -114
- data/lib/gui/gui_uart_console.rb +164 -164
- data/lib/gui/gui_uart_settings.rb +243 -243
- data/lib/gui/gui_wire_helper.rb +99 -99
- data/lib/gui_designer/gui_chip_editor.ui +549 -549
- data/lib/gui_designer/gui_chip_management.ui +886 -886
- data/lib/gui_designer/gui_command_editor.ui +350 -350
- data/lib/gui_designer/gui_export.ui +171 -171
- data/lib/gui_designer/gui_export_manager.ui +115 -115
- data/lib/gui_designer/gui_generic_commands.ui +342 -342
- data/lib/gui_designer/gui_generic_export.ui +202 -202
- data/lib/gui_designer/gui_generic_import.ui +165 -165
- data/lib/gui_designer/gui_i2c_command.ui +148 -148
- data/lib/gui_designer/gui_i2c_settings.ui +292 -292
- data/lib/gui_designer/gui_import.ui +168 -168
- data/lib/gui_designer/gui_parallel_settings.ui +247 -247
- data/lib/gui_designer/gui_progress_bar.ui +86 -86
- data/lib/gui_designer/gui_signal_mapper.ui +179 -179
- data/lib/gui_designer/gui_signal_scanner.ui +261 -261
- data/lib/gui_designer/gui_spi_settings.ui +446 -446
- data/lib/gui_designer/gui_spi_sniffer.ui +156 -156
- data/lib/gui_designer/gui_swd_settings.ui +189 -189
- data/lib/gui_designer/gui_uart_baudrate.ui +161 -161
- data/lib/gui_designer/gui_uart_console.ui +284 -284
- data/lib/gui_designer/gui_uart_settings.ui +280 -280
- data/lib/gui_designer/gui_wire_helper.ui +117 -117
- data/lib/images/search.png +0 -0
- data/lib/logs/error.log +0 -63
- data/lib/models/bus.rb +19 -19
- data/lib/models/byte.rb +29 -29
- data/lib/models/chip.rb +41 -41
- data/lib/models/chip_type.rb +14 -14
- data/lib/models/command.rb +20 -20
- data/lib/models/i2c_setting.rb +41 -41
- data/lib/models/manufacturer.rb +14 -14
- data/lib/models/package.rb +26 -26
- data/lib/models/parallel_setting.rb +37 -37
- data/lib/models/pin.rb +14 -14
- data/lib/models/signall.rb +20 -20
- data/lib/models/spi_setting.rb +67 -67
- data/lib/models/swd_setting.rb +25 -25
- data/lib/models/uart_setting.rb +52 -52
- data/lib/models/use.rb +6 -6
- data/lib/startHardsploit.rb +10 -10
- metadata +14 -14
@@ -1,89 +1,89 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
#===================================================
|
3
|
-
# Hardsploit API - By Opale Security
|
4
|
-
# www.opale-security.com || www.hardsploit.io
|
5
|
-
# License: GNU General Public License v3
|
6
|
-
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
-
#===================================================
|
8
|
-
class SWD_DEBUG_PORT
|
9
|
-
|
10
|
-
def initialize(swdAPI)
|
11
|
-
@swdAPI = swdAPI
|
12
|
-
sleep(0.5)
|
13
|
-
@swdAPI.resetSWD
|
14
|
-
|
15
|
-
@curAP = -1
|
16
|
-
@curBank = -1
|
17
|
-
abort(1,1,1,1,1)
|
18
|
-
select(0,0)
|
19
|
-
|
20
|
-
# power shit up
|
21
|
-
HardsploitAPI.instance.consoleInfo "Power shit up"
|
22
|
-
|
23
|
-
@swdAPI.writeSWD(FALSE, 1, 0x54000000)
|
24
|
-
if (status() >> 24) != 0xF4 then
|
25
|
-
raise "error powering up system"
|
26
|
-
exit(0)
|
27
|
-
else
|
28
|
-
HardsploitAPI.instance.consoleInfo "POWERING UP SYTEM OK"
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
def getAPI
|
33
|
-
return @swdAPI
|
34
|
-
end
|
35
|
-
|
36
|
-
def idcode
|
37
|
-
return @swdAPI.readSWD(FALSE, 0)
|
38
|
-
end
|
39
|
-
|
40
|
-
def abort (orunerr, wdataerr, stickyerr, stickycmp, dap)
|
41
|
-
value = 0x00000000
|
42
|
-
(orunerr ? value |= 0x10 : value |= 0x00)
|
43
|
-
(wdataerr ? value |= 0x08 : value |= 0x00)
|
44
|
-
(stickyerr ? value |= 0x04 : value |= 0x00)
|
45
|
-
(stickycmp ? value |= 0x02 : value |= 0x00)
|
46
|
-
(dap ? value |= 0x01 : value |= 0x00)
|
47
|
-
@swdAPI.writeSWD(FALSE, 0, value)
|
48
|
-
end
|
49
|
-
|
50
|
-
def status
|
51
|
-
val= @swdAPI.readSWD(FALSE,1)
|
52
|
-
return val
|
53
|
-
end
|
54
|
-
|
55
|
-
def control (trnCount = 0, trnMode = 0, maskLane = 0, orunDetect = 0)
|
56
|
-
value = 0x54000000
|
57
|
-
value = value | ((trnCount & 0xFFF) << 12)
|
58
|
-
value = value | ((maskLane & 0x00F) << 8)
|
59
|
-
value = value | ((trnMode & 0x003) << 2)
|
60
|
-
(orunDetect ? value |= 0x01 : value |= 0x00)
|
61
|
-
@swdAPI.writeSWD(False, 1, value)
|
62
|
-
end
|
63
|
-
|
64
|
-
def select (apsel, apbank)
|
65
|
-
if apsel != @curAP or apbank != @curBank then
|
66
|
-
@curAP = apsel
|
67
|
-
@curBank = apbank
|
68
|
-
value = 0 | ((apsel & 0xFF) << 24) | ((apbank & 0x0F) << 4)
|
69
|
-
@swdAPI.writeSWD(FALSE, 2, value)
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
def readRB
|
74
|
-
return @swdAPI.readSWD(FALSE, 3)
|
75
|
-
end
|
76
|
-
def readAP ( apsel, address)
|
77
|
-
adrBank = (address >> 4) & 0xF
|
78
|
-
adrReg = (address >> 2) & 0x3
|
79
|
-
select(apsel, adrBank)
|
80
|
-
return @swdAPI.readSWD(TRUE, adrReg)
|
81
|
-
end
|
82
|
-
|
83
|
-
def writeAP (apsel, address, data)
|
84
|
-
adrBank = (address >> 4) & 0xF
|
85
|
-
adrReg = (address >> 2) & 0x3
|
86
|
-
select(apsel, adrBank)
|
87
|
-
@swdAPI.writeSWD(TRUE, adrReg, data)
|
88
|
-
end
|
89
|
-
end
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
class SWD_DEBUG_PORT
|
9
|
+
|
10
|
+
def initialize(swdAPI)
|
11
|
+
@swdAPI = swdAPI
|
12
|
+
sleep(0.5)
|
13
|
+
@swdAPI.resetSWD
|
14
|
+
|
15
|
+
@curAP = -1
|
16
|
+
@curBank = -1
|
17
|
+
abort(1,1,1,1,1)
|
18
|
+
select(0,0)
|
19
|
+
|
20
|
+
# power shit up
|
21
|
+
HardsploitAPI.instance.consoleInfo "Power shit up"
|
22
|
+
|
23
|
+
@swdAPI.writeSWD(FALSE, 1, 0x54000000)
|
24
|
+
if (status() >> 24) != 0xF4 then
|
25
|
+
raise "error powering up system"
|
26
|
+
exit(0)
|
27
|
+
else
|
28
|
+
HardsploitAPI.instance.consoleInfo "POWERING UP SYTEM OK"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def getAPI
|
33
|
+
return @swdAPI
|
34
|
+
end
|
35
|
+
|
36
|
+
def idcode
|
37
|
+
return @swdAPI.readSWD(FALSE, 0)
|
38
|
+
end
|
39
|
+
|
40
|
+
def abort (orunerr, wdataerr, stickyerr, stickycmp, dap)
|
41
|
+
value = 0x00000000
|
42
|
+
(orunerr ? value |= 0x10 : value |= 0x00)
|
43
|
+
(wdataerr ? value |= 0x08 : value |= 0x00)
|
44
|
+
(stickyerr ? value |= 0x04 : value |= 0x00)
|
45
|
+
(stickycmp ? value |= 0x02 : value |= 0x00)
|
46
|
+
(dap ? value |= 0x01 : value |= 0x00)
|
47
|
+
@swdAPI.writeSWD(FALSE, 0, value)
|
48
|
+
end
|
49
|
+
|
50
|
+
def status
|
51
|
+
val= @swdAPI.readSWD(FALSE,1)
|
52
|
+
return val
|
53
|
+
end
|
54
|
+
|
55
|
+
def control (trnCount = 0, trnMode = 0, maskLane = 0, orunDetect = 0)
|
56
|
+
value = 0x54000000
|
57
|
+
value = value | ((trnCount & 0xFFF) << 12)
|
58
|
+
value = value | ((maskLane & 0x00F) << 8)
|
59
|
+
value = value | ((trnMode & 0x003) << 2)
|
60
|
+
(orunDetect ? value |= 0x01 : value |= 0x00)
|
61
|
+
@swdAPI.writeSWD(False, 1, value)
|
62
|
+
end
|
63
|
+
|
64
|
+
def select (apsel, apbank)
|
65
|
+
if apsel != @curAP or apbank != @curBank then
|
66
|
+
@curAP = apsel
|
67
|
+
@curBank = apbank
|
68
|
+
value = 0 | ((apsel & 0xFF) << 24) | ((apbank & 0x0F) << 4)
|
69
|
+
@swdAPI.writeSWD(FALSE, 2, value)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def readRB
|
74
|
+
return @swdAPI.readSWD(FALSE, 3)
|
75
|
+
end
|
76
|
+
def readAP ( apsel, address)
|
77
|
+
adrBank = (address >> 4) & 0xF
|
78
|
+
adrReg = (address >> 2) & 0x3
|
79
|
+
select(apsel, adrBank)
|
80
|
+
return @swdAPI.readSWD(TRUE, adrReg)
|
81
|
+
end
|
82
|
+
|
83
|
+
def writeAP (apsel, address, data)
|
84
|
+
adrBank = (address >> 4) & 0xF
|
85
|
+
adrReg = (address >> 2) & 0x3
|
86
|
+
select(apsel, adrBank)
|
87
|
+
@swdAPI.writeSWD(TRUE, adrReg, data)
|
88
|
+
end
|
89
|
+
end
|
@@ -1,61 +1,61 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
#===================================================
|
3
|
-
# Hardsploit API - By Opale Security
|
4
|
-
# www.opale-security.com || www.hardsploit.io
|
5
|
-
# License: GNU General Public License v3
|
6
|
-
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
-
#===================================================
|
8
|
-
|
9
|
-
class SWD_MEM_AP
|
10
|
-
|
11
|
-
def initialize( dp, apsel)
|
12
|
-
@dp = dp
|
13
|
-
@apsel = apsel
|
14
|
-
csw(1,2) # 32-bit auto-incrementing addressing
|
15
|
-
end
|
16
|
-
|
17
|
-
def csw ( addrInc, size)
|
18
|
-
@dp.readAP(@apsel, 0x00)
|
19
|
-
val = @dp.readRB() & 0xFFFFFF00
|
20
|
-
@dp.writeAP(@apsel, 0x00, val + (addrInc << 4) + size)
|
21
|
-
end
|
22
|
-
|
23
|
-
def idcode
|
24
|
-
@dp.readAP(@apsel, 0xFC)
|
25
|
-
id = @dp.readRB()
|
26
|
-
@dp.select(0,0)
|
27
|
-
return id
|
28
|
-
end
|
29
|
-
|
30
|
-
def readWord (addr)
|
31
|
-
@dp.writeAP(@apsel, 0x04, addr)
|
32
|
-
@dp.readAP(@apsel, 0x0C)
|
33
|
-
return @dp.readRB()
|
34
|
-
end
|
35
|
-
|
36
|
-
def writeWord (addr, data)
|
37
|
-
@dp.writeAP(@apsel, 0x04, addr)
|
38
|
-
@dp.writeAP(@apsel, 0x0C, data)
|
39
|
-
return @dp.readRB()
|
40
|
-
end
|
41
|
-
|
42
|
-
def readBlock ( address, size)#1K boundaries and return 4K of data word alignement
|
43
|
-
if size < 1 then
|
44
|
-
raise "readBlock error : count must be >= 1"
|
45
|
-
end
|
46
|
-
if size > 1024 then
|
47
|
-
raise "readBlock error : size must be <= 1024 "
|
48
|
-
end
|
49
|
-
return @dp.getAPI.read_mem32(address,size)
|
50
|
-
end
|
51
|
-
|
52
|
-
def writeBlock (address,data) #1K boundaries
|
53
|
-
if data.length < 1 then
|
54
|
-
raise "readBlock error : count must be >= 1"
|
55
|
-
end
|
56
|
-
if data.length > 1024 then
|
57
|
-
raise "readBlock error : size must be <= 1024 "
|
58
|
-
end
|
59
|
-
@dp.getAPI.write_mem16Packed(address,data)
|
60
|
-
end
|
61
|
-
end
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
|
9
|
+
class SWD_MEM_AP
|
10
|
+
|
11
|
+
def initialize( dp, apsel)
|
12
|
+
@dp = dp
|
13
|
+
@apsel = apsel
|
14
|
+
csw(1,2) # 32-bit auto-incrementing addressing
|
15
|
+
end
|
16
|
+
|
17
|
+
def csw ( addrInc, size)
|
18
|
+
@dp.readAP(@apsel, 0x00)
|
19
|
+
val = @dp.readRB() & 0xFFFFFF00
|
20
|
+
@dp.writeAP(@apsel, 0x00, val + (addrInc << 4) + size)
|
21
|
+
end
|
22
|
+
|
23
|
+
def idcode
|
24
|
+
@dp.readAP(@apsel, 0xFC)
|
25
|
+
id = @dp.readRB()
|
26
|
+
@dp.select(0,0)
|
27
|
+
return id
|
28
|
+
end
|
29
|
+
|
30
|
+
def readWord (addr)
|
31
|
+
@dp.writeAP(@apsel, 0x04, addr)
|
32
|
+
@dp.readAP(@apsel, 0x0C)
|
33
|
+
return @dp.readRB()
|
34
|
+
end
|
35
|
+
|
36
|
+
def writeWord (addr, data)
|
37
|
+
@dp.writeAP(@apsel, 0x04, addr)
|
38
|
+
@dp.writeAP(@apsel, 0x0C, data)
|
39
|
+
return @dp.readRB()
|
40
|
+
end
|
41
|
+
|
42
|
+
def readBlock ( address, size)#1K boundaries and return 4K of data word alignement
|
43
|
+
if size < 1 then
|
44
|
+
raise "readBlock error : count must be >= 1"
|
45
|
+
end
|
46
|
+
if size > 1024 then
|
47
|
+
raise "readBlock error : size must be <= 1024 "
|
48
|
+
end
|
49
|
+
return @dp.getAPI.read_mem32(address,size)
|
50
|
+
end
|
51
|
+
|
52
|
+
def writeBlock (address,data) #1K boundaries
|
53
|
+
if data.length < 1 then
|
54
|
+
raise "readBlock error : count must be >= 1"
|
55
|
+
end
|
56
|
+
if data.length > 1024 then
|
57
|
+
raise "readBlock error : size must be <= 1024 "
|
58
|
+
end
|
59
|
+
@dp.getAPI.write_mem16Packed(address,data)
|
60
|
+
end
|
61
|
+
end
|
@@ -1,121 +1,121 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
#===================================================
|
3
|
-
# Hardsploit API - By Opale Security
|
4
|
-
# www.opale-security.com || www.hardsploit.io
|
5
|
-
# License: GNU General Public License v3
|
6
|
-
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
-
#===================================================
|
8
|
-
|
9
|
-
require_relative 'HardsploitAPI_SWD_MEM_AP'
|
10
|
-
|
11
|
-
class SWD_STM32
|
12
|
-
attr_accessor :ahb
|
13
|
-
|
14
|
-
def initialize(debugPort)
|
15
|
-
@ahb = SWD_MEM_AP.new(debugPort, 0)
|
16
|
-
@debugPort = debugPort
|
17
|
-
end
|
18
|
-
|
19
|
-
def halt
|
20
|
-
# halt the processor core
|
21
|
-
@ahb.writeWord(0xE000EDF0, 0xA05F0003)
|
22
|
-
end
|
23
|
-
def unhalt
|
24
|
-
# unhalt the processor core
|
25
|
-
@ahb.writeWord(0xE000EDF0, 0xA05F0000)
|
26
|
-
end
|
27
|
-
def sysReset
|
28
|
-
# restart the processor and peripherals
|
29
|
-
@ahb.writeWord(0xE000ED0C, 0x05FA0004)
|
30
|
-
end
|
31
|
-
|
32
|
-
def flashRead(address,size)
|
33
|
-
data = Array.new
|
34
|
-
# Read a word of 32bits (4 Bytes in same time)
|
35
|
-
size = size / 4
|
36
|
-
#Chunk to 1k block for SWD
|
37
|
-
# ARM_debug_interface_v5 Automatic address increment is only guaranteed to operate on the bottom 10-bits of the
|
38
|
-
# address held in the TAR. Auto address incrementing of bit [10] and beyond is
|
39
|
-
# IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary
|
40
|
-
# is IMPLEMENTATION DEFINED
|
41
|
-
|
42
|
-
#But for hardsploit max 8192 so chuck to 1k due to swd limitation
|
43
|
-
|
44
|
-
packet_size = 1024
|
45
|
-
number_complet_packet = (size / packet_size).floor
|
46
|
-
size_last_packet = size % packet_size
|
47
|
-
startTime = Time.now
|
48
|
-
#number_complet_packet
|
49
|
-
for i in 0..number_complet_packet - 1 do
|
50
|
-
data.push(*self.ahb.readBlock(i * 4 * packet_size + address, packet_size))
|
51
|
-
#puts "Read #{packet_size} KB : #{i}"
|
52
|
-
HardsploitAPI.instance.consoleProgress(
|
53
|
-
percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
|
54
|
-
startTime: startTime,
|
55
|
-
endTime: Time.new
|
56
|
-
)
|
57
|
-
end
|
58
|
-
#Last partial packet
|
59
|
-
if size_last_packet > 0 then
|
60
|
-
data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet))
|
61
|
-
#puts "Read last packet : #{size_last_packet} packet of 4 bytes"
|
62
|
-
HardsploitAPI.instance.consoleProgress(
|
63
|
-
percent: 100,
|
64
|
-
startTime: startTime,
|
65
|
-
endTime: Time.new
|
66
|
-
)
|
67
|
-
end
|
68
|
-
return data
|
69
|
-
end
|
70
|
-
|
71
|
-
def flashWrite(address,data)
|
72
|
-
#Chunk to 1k block for SWD
|
73
|
-
packet_size = 1024 #1024
|
74
|
-
number_complet_packet = (data.size/packet_size).floor
|
75
|
-
size_last_packet = data.size % packet_size
|
76
|
-
startTime = Time.now
|
77
|
-
#ahb.csw(2, 1) # 16-bit packed incrementing addressing
|
78
|
-
#number_complet_packet
|
79
|
-
for i in 0..number_complet_packet-1 do
|
80
|
-
self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size])
|
81
|
-
#puts "Write #{packet_size} KB : #{i}"
|
82
|
-
HardsploitAPI.instance.consoleProgress(
|
83
|
-
percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
|
84
|
-
startTime: startTime,
|
85
|
-
endTime:Time.new
|
86
|
-
)
|
87
|
-
end
|
88
|
-
#Last partial packet
|
89
|
-
if size_last_packet > 0 then
|
90
|
-
self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet])
|
91
|
-
#puts "Write last packet : #{size_last_packet} packet"
|
92
|
-
HardsploitAPI.instance.consoleProgress(percent:100,startTime:startTime,endTime:Time.new)
|
93
|
-
end
|
94
|
-
ahb.csw(1, 2) # set to default 32-bit incrementing addressing
|
95
|
-
end
|
96
|
-
|
97
|
-
def flashUnlock
|
98
|
-
# unlock main flash
|
99
|
-
@ahb.writeWord(0x40022004, 0x45670123)
|
100
|
-
@ahb.writeWord(0x40022004, 0xCDEF89AB)
|
101
|
-
end
|
102
|
-
def flashErase
|
103
|
-
HardsploitAPI.instance.consoleInfo "Flash unlock"
|
104
|
-
flashUnlock
|
105
|
-
# start the mass erase
|
106
|
-
@ahb.writeWord(0x40022010, 0x00000204)
|
107
|
-
@ahb.writeWord(0x40022010, 0x00000244)
|
108
|
-
# check the BSY flag
|
109
|
-
while (@ahb.readWord(0x4002200C) & 1) == 1
|
110
|
-
HardsploitAPI.instance.consoleInfo "waiting for erase completion..."
|
111
|
-
end
|
112
|
-
@ahb.writeWord(0x40022010, 0x00000200)
|
113
|
-
HardsploitAPI.instance.consoleInfo "Finish unlock flash"
|
114
|
-
end
|
115
|
-
def flashProgram
|
116
|
-
@ahb.writeWord(0x40022010, 0x00000201)
|
117
|
-
end
|
118
|
-
def flashProgramEnd
|
119
|
-
@ahb.writeWord(0x40022010, 0x00000200)
|
120
|
-
end
|
121
|
-
end
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
|
9
|
+
require_relative 'HardsploitAPI_SWD_MEM_AP'
|
10
|
+
|
11
|
+
class SWD_STM32
|
12
|
+
attr_accessor :ahb
|
13
|
+
|
14
|
+
def initialize(debugPort)
|
15
|
+
@ahb = SWD_MEM_AP.new(debugPort, 0)
|
16
|
+
@debugPort = debugPort
|
17
|
+
end
|
18
|
+
|
19
|
+
def halt
|
20
|
+
# halt the processor core
|
21
|
+
@ahb.writeWord(0xE000EDF0, 0xA05F0003)
|
22
|
+
end
|
23
|
+
def unhalt
|
24
|
+
# unhalt the processor core
|
25
|
+
@ahb.writeWord(0xE000EDF0, 0xA05F0000)
|
26
|
+
end
|
27
|
+
def sysReset
|
28
|
+
# restart the processor and peripherals
|
29
|
+
@ahb.writeWord(0xE000ED0C, 0x05FA0004)
|
30
|
+
end
|
31
|
+
|
32
|
+
def flashRead(address,size)
|
33
|
+
data = Array.new
|
34
|
+
# Read a word of 32bits (4 Bytes in same time)
|
35
|
+
size = size / 4
|
36
|
+
#Chunk to 1k block for SWD
|
37
|
+
# ARM_debug_interface_v5 Automatic address increment is only guaranteed to operate on the bottom 10-bits of the
|
38
|
+
# address held in the TAR. Auto address incrementing of bit [10] and beyond is
|
39
|
+
# IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary
|
40
|
+
# is IMPLEMENTATION DEFINED
|
41
|
+
|
42
|
+
#But for hardsploit max 8192 so chuck to 1k due to swd limitation
|
43
|
+
|
44
|
+
packet_size = 1024
|
45
|
+
number_complet_packet = (size / packet_size).floor
|
46
|
+
size_last_packet = size % packet_size
|
47
|
+
startTime = Time.now
|
48
|
+
#number_complet_packet
|
49
|
+
for i in 0..number_complet_packet - 1 do
|
50
|
+
data.push(*self.ahb.readBlock(i * 4 * packet_size + address, packet_size))
|
51
|
+
#puts "Read #{packet_size} KB : #{i}"
|
52
|
+
HardsploitAPI.instance.consoleProgress(
|
53
|
+
percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
|
54
|
+
startTime: startTime,
|
55
|
+
endTime: Time.new
|
56
|
+
)
|
57
|
+
end
|
58
|
+
#Last partial packet
|
59
|
+
if size_last_packet > 0 then
|
60
|
+
data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet))
|
61
|
+
#puts "Read last packet : #{size_last_packet} packet of 4 bytes"
|
62
|
+
HardsploitAPI.instance.consoleProgress(
|
63
|
+
percent: 100,
|
64
|
+
startTime: startTime,
|
65
|
+
endTime: Time.new
|
66
|
+
)
|
67
|
+
end
|
68
|
+
return data
|
69
|
+
end
|
70
|
+
|
71
|
+
def flashWrite(address,data)
|
72
|
+
#Chunk to 1k block for SWD
|
73
|
+
packet_size = 1024 #1024
|
74
|
+
number_complet_packet = (data.size/packet_size).floor
|
75
|
+
size_last_packet = data.size % packet_size
|
76
|
+
startTime = Time.now
|
77
|
+
#ahb.csw(2, 1) # 16-bit packed incrementing addressing
|
78
|
+
#number_complet_packet
|
79
|
+
for i in 0..number_complet_packet-1 do
|
80
|
+
self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size])
|
81
|
+
#puts "Write #{packet_size} KB : #{i}"
|
82
|
+
HardsploitAPI.instance.consoleProgress(
|
83
|
+
percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
|
84
|
+
startTime: startTime,
|
85
|
+
endTime:Time.new
|
86
|
+
)
|
87
|
+
end
|
88
|
+
#Last partial packet
|
89
|
+
if size_last_packet > 0 then
|
90
|
+
self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet])
|
91
|
+
#puts "Write last packet : #{size_last_packet} packet"
|
92
|
+
HardsploitAPI.instance.consoleProgress(percent:100,startTime:startTime,endTime:Time.new)
|
93
|
+
end
|
94
|
+
ahb.csw(1, 2) # set to default 32-bit incrementing addressing
|
95
|
+
end
|
96
|
+
|
97
|
+
def flashUnlock
|
98
|
+
# unlock main flash
|
99
|
+
@ahb.writeWord(0x40022004, 0x45670123)
|
100
|
+
@ahb.writeWord(0x40022004, 0xCDEF89AB)
|
101
|
+
end
|
102
|
+
def flashErase
|
103
|
+
HardsploitAPI.instance.consoleInfo "Flash unlock"
|
104
|
+
flashUnlock
|
105
|
+
# start the mass erase
|
106
|
+
@ahb.writeWord(0x40022010, 0x00000204)
|
107
|
+
@ahb.writeWord(0x40022010, 0x00000244)
|
108
|
+
# check the BSY flag
|
109
|
+
while (@ahb.readWord(0x4002200C) & 1) == 1
|
110
|
+
HardsploitAPI.instance.consoleInfo "waiting for erase completion..."
|
111
|
+
end
|
112
|
+
@ahb.writeWord(0x40022010, 0x00000200)
|
113
|
+
HardsploitAPI.instance.consoleInfo "Finish unlock flash"
|
114
|
+
end
|
115
|
+
def flashProgram
|
116
|
+
@ahb.writeWord(0x40022010, 0x00000201)
|
117
|
+
end
|
118
|
+
def flashProgramEnd
|
119
|
+
@ahb.writeWord(0x40022010, 0x00000200)
|
120
|
+
end
|
121
|
+
end
|