hardsploit_gui 2.3 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +22 -22
- data/Rakefile +1 -1
- data/bin/hardsploit_gui +3 -3
- data/lib/Firmwares/FPGA/I2C/I2C_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_I2C_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/PARALLEL/NO_MUX_PARALLEL_MEMORY/HARDSPLOIT_FIRMWARE_FPGA_NO_MUX_PARALLEL_MEMORY.rpd +0 -0
- data/lib/Firmwares/FPGA/SPI/SPI_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SPI_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/SPI/SPI_SNIFFER/HARDSPLOIT_FIRMWARE_FPGA_SPI_SNIFFER.rpd +0 -0
- data/lib/Firmwares/FPGA/SWD/SWD_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_SWD_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/UART/UART_INTERACT/HARDSPLOIT_FIRMWARE_FPGA_UART_INTERACT.rpd +0 -0
- data/lib/Firmwares/FPGA/VersionFPGA.rb +5 -5
- data/lib/Firmwares/UC/VersionUC.rb +12 -12
- data/lib/HardsploitAPI/Core/HardsploitAPI.rb +210 -210
- data/lib/HardsploitAPI/Core/HardsploitAPI_CONSTANT.rb +150 -150
- data/lib/HardsploitAPI/Core/HardsploitAPI_ERROR.rb +109 -109
- data/lib/HardsploitAPI/Core/HardsploitAPI_FIRMWARE.rb +305 -305
- data/lib/HardsploitAPI/Core/HardsploitAPI_PROGRESS.rb +28 -28
- data/lib/HardsploitAPI/Core/HardsploitAPI_USB_COMMUNICATION.rb +166 -166
- data/lib/HardsploitAPI/Modules/I2C/HardsploitAPI_I2C.rb +356 -356
- data/lib/HardsploitAPI/Modules/NO_MUX_PARALLEL_MEMORY/HardsploitAPI_NO_MUX_PARALLEL_MEMORY.rb +206 -206
- data/lib/HardsploitAPI/Modules/NRF24L01/HardsploitAPI_NRF24L01.rb +306 -306
- data/lib/HardsploitAPI/Modules/SPI/HardsploitAPI_SPI.rb +340 -340
- data/lib/HardsploitAPI/Modules/SPI_SNIFFER/HardsploitAPI_SPI_SNIFFER.rb +83 -83
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD.rb +367 -367
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_DEBUG.rb +89 -89
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_MEM_AP.rb +61 -61
- data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb +121 -121
- data/lib/HardsploitAPI/Modules/TEST/HardsploitAPI_TEST_INTERACT.rb +98 -98
- data/lib/HardsploitAPI/Modules/UART/HardsploitAPI_UART.rb +196 -196
- data/lib/Hardsploit_gui.rb +96 -96
- data/lib/LICENSE.txt +674 -674
- data/lib/README.md +22 -22
- data/lib/TRADEMARK +2 -2
- data/lib/class/Chip_editor.rb +304 -304
- data/lib/class/Chip_management.rb +496 -496
- data/lib/class/Command_editor.rb +216 -216
- data/lib/class/Command_table.rb +233 -233
- data/lib/class/Console.rb +26 -26
- data/lib/class/ErrorMsg.rb +312 -312
- data/lib/class/Export.rb +140 -140
- data/lib/class/Export_manager.rb +124 -124
- data/lib/class/Firmware.rb +70 -70
- data/lib/class/Generic_commands.rb +260 -260
- data/lib/class/{i2c → I2C}/I2c_command.rb +51 -51
- data/lib/class/{i2c → I2C}/I2c_export.rb +95 -95
- data/lib/class/{i2c → I2C}/I2c_import.rb +117 -117
- data/lib/class/{i2c → I2C}/I2c_scanner.rb +114 -114
- data/lib/class/{i2c → I2C}/I2c_settings.rb +148 -148
- data/lib/class/Import.rb +193 -193
- data/lib/class/{parallel → PARALLEL}/Parallel_export.rb +118 -118
- data/lib/class/{parallel → PARALLEL}/Parallel_import.rb +113 -113
- data/lib/class/{parallel → PARALLEL}/Parallel_settings.rb +81 -81
- data/lib/class/Progress_bar.rb +32 -32
- data/lib/class/{spi → SPI}/Spi_export.rb +108 -108
- data/lib/class/{spi → SPI}/Spi_import.rb +159 -159
- data/lib/class/{spi → SPI}/Spi_settings.rb +108 -108
- data/lib/class/{spi → SPI}/Spi_sniffer.rb +101 -101
- data/lib/class/Signal_mapper.rb +120 -120
- data/lib/class/Wire_helper.rb +230 -230
- data/lib/class/swd/Swd.rb +125 -125
- data/lib/class/swd/Swd_scanner.rb +121 -121
- data/lib/class/swd/Swd_settings.rb +76 -76
- data/lib/class/uart/Uart_baudrate.rb +62 -62
- data/lib/class/uart/Uart_console.rb +115 -115
- data/lib/class/uart/Uart_settings.rb +102 -102
- data/lib/db/associations.rb +138 -138
- data/lib/db/database.rb +4 -4
- data/lib/db/development.sqlite3 +0 -0
- data/lib/db/migrate/004_create_manufacturers.rb +13 -13
- data/lib/db/migrate/005_create_packages.rb +13 -13
- data/lib/db/migrate/006_create_chip_types.rb +11 -11
- data/lib/db/migrate/007_create_buses.rb +11 -11
- data/lib/db/migrate/008_create_signals.rb +14 -14
- data/lib/db/migrate/009_create_chips.rb +25 -25
- data/lib/db/migrate/010_create_commands.rb +21 -21
- data/lib/db/migrate/011_create_bytes.rb +19 -19
- data/lib/db/migrate/012_create_i2c_settings.rb +21 -21
- data/lib/db/migrate/013_create_spi_settings.rb +26 -26
- data/lib/db/migrate/014_create_parallel_settings.rb +21 -21
- data/lib/db/migrate/015_create_pins.rb +19 -19
- data/lib/db/migrate/016_create_uses.rb +17 -17
- data/lib/db/migrate/017_create_swd_settings.rb +19 -19
- data/lib/db/migrate/018_create_uart_settings.rb +22 -22
- data/lib/db/schema.rb +157 -157
- data/lib/db/seeds.rb +161 -161
- data/lib/gui/gui_chip_editor.rb +349 -349
- data/lib/gui/gui_chip_management.rb +377 -377
- data/lib/gui/gui_command_editor.rb +219 -219
- data/lib/gui/gui_export.rb +132 -132
- data/lib/gui/gui_export_manager.rb +93 -93
- data/lib/gui/gui_generic_commands.rb +202 -202
- data/lib/gui/gui_generic_export.rb +164 -164
- data/lib/gui/gui_generic_import.rb +142 -142
- data/lib/gui/gui_i2c_command.rb +116 -116
- data/lib/gui/gui_i2c_settings.rb +230 -230
- data/lib/gui/gui_import.rb +131 -131
- data/lib/gui/gui_parallel_settings.rb +195 -195
- data/lib/gui/gui_progress_bar.rb +85 -85
- data/lib/gui/gui_signal_mapper.rb +121 -121
- data/lib/gui/gui_signal_scanner.rb +146 -146
- data/lib/gui/gui_spi_import.rb +126 -126
- data/lib/gui/gui_spi_settings.rb +313 -313
- data/lib/gui/gui_spi_sniffer.rb +112 -112
- data/lib/gui/gui_swd_settings.rb +166 -166
- data/lib/gui/gui_uart_baudrate.rb +114 -114
- data/lib/gui/gui_uart_console.rb +164 -164
- data/lib/gui/gui_uart_settings.rb +243 -243
- data/lib/gui/gui_wire_helper.rb +99 -99
- data/lib/gui_designer/gui_chip_editor.ui +549 -549
- data/lib/gui_designer/gui_chip_management.ui +886 -886
- data/lib/gui_designer/gui_command_editor.ui +350 -350
- data/lib/gui_designer/gui_export.ui +171 -171
- data/lib/gui_designer/gui_export_manager.ui +115 -115
- data/lib/gui_designer/gui_generic_commands.ui +342 -342
- data/lib/gui_designer/gui_generic_export.ui +202 -202
- data/lib/gui_designer/gui_generic_import.ui +165 -165
- data/lib/gui_designer/gui_i2c_command.ui +148 -148
- data/lib/gui_designer/gui_i2c_settings.ui +292 -292
- data/lib/gui_designer/gui_import.ui +168 -168
- data/lib/gui_designer/gui_parallel_settings.ui +247 -247
- data/lib/gui_designer/gui_progress_bar.ui +86 -86
- data/lib/gui_designer/gui_signal_mapper.ui +179 -179
- data/lib/gui_designer/gui_signal_scanner.ui +261 -261
- data/lib/gui_designer/gui_spi_settings.ui +446 -446
- data/lib/gui_designer/gui_spi_sniffer.ui +156 -156
- data/lib/gui_designer/gui_swd_settings.ui +189 -189
- data/lib/gui_designer/gui_uart_baudrate.ui +161 -161
- data/lib/gui_designer/gui_uart_console.ui +284 -284
- data/lib/gui_designer/gui_uart_settings.ui +280 -280
- data/lib/gui_designer/gui_wire_helper.ui +117 -117
- data/lib/images/search.png +0 -0
- data/lib/logs/error.log +0 -63
- data/lib/models/bus.rb +19 -19
- data/lib/models/byte.rb +29 -29
- data/lib/models/chip.rb +41 -41
- data/lib/models/chip_type.rb +14 -14
- data/lib/models/command.rb +20 -20
- data/lib/models/i2c_setting.rb +41 -41
- data/lib/models/manufacturer.rb +14 -14
- data/lib/models/package.rb +26 -26
- data/lib/models/parallel_setting.rb +37 -37
- data/lib/models/pin.rb +14 -14
- data/lib/models/signall.rb +20 -20
- data/lib/models/spi_setting.rb +67 -67
- data/lib/models/swd_setting.rb +25 -25
- data/lib/models/uart_setting.rb +52 -52
- data/lib/models/use.rb +6 -6
- data/lib/startHardsploit.rb +10 -10
- metadata +14 -14
@@ -1,89 +1,89 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
#===================================================
|
3
|
-
# Hardsploit API - By Opale Security
|
4
|
-
# www.opale-security.com || www.hardsploit.io
|
5
|
-
# License: GNU General Public License v3
|
6
|
-
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
-
#===================================================
|
8
|
-
class SWD_DEBUG_PORT
|
9
|
-
|
10
|
-
def initialize(swdAPI)
|
11
|
-
@swdAPI = swdAPI
|
12
|
-
sleep(0.5)
|
13
|
-
@swdAPI.resetSWD
|
14
|
-
|
15
|
-
@curAP = -1
|
16
|
-
@curBank = -1
|
17
|
-
abort(1,1,1,1,1)
|
18
|
-
select(0,0)
|
19
|
-
|
20
|
-
# power shit up
|
21
|
-
HardsploitAPI.instance.consoleInfo "Power shit up"
|
22
|
-
|
23
|
-
@swdAPI.writeSWD(FALSE, 1, 0x54000000)
|
24
|
-
if (status() >> 24) != 0xF4 then
|
25
|
-
raise "error powering up system"
|
26
|
-
exit(0)
|
27
|
-
else
|
28
|
-
HardsploitAPI.instance.consoleInfo "POWERING UP SYTEM OK"
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
def getAPI
|
33
|
-
return @swdAPI
|
34
|
-
end
|
35
|
-
|
36
|
-
def idcode
|
37
|
-
return @swdAPI.readSWD(FALSE, 0)
|
38
|
-
end
|
39
|
-
|
40
|
-
def abort (orunerr, wdataerr, stickyerr, stickycmp, dap)
|
41
|
-
value = 0x00000000
|
42
|
-
(orunerr ? value |= 0x10 : value |= 0x00)
|
43
|
-
(wdataerr ? value |= 0x08 : value |= 0x00)
|
44
|
-
(stickyerr ? value |= 0x04 : value |= 0x00)
|
45
|
-
(stickycmp ? value |= 0x02 : value |= 0x00)
|
46
|
-
(dap ? value |= 0x01 : value |= 0x00)
|
47
|
-
@swdAPI.writeSWD(FALSE, 0, value)
|
48
|
-
end
|
49
|
-
|
50
|
-
def status
|
51
|
-
val= @swdAPI.readSWD(FALSE,1)
|
52
|
-
return val
|
53
|
-
end
|
54
|
-
|
55
|
-
def control (trnCount = 0, trnMode = 0, maskLane = 0, orunDetect = 0)
|
56
|
-
value = 0x54000000
|
57
|
-
value = value | ((trnCount & 0xFFF) << 12)
|
58
|
-
value = value | ((maskLane & 0x00F) << 8)
|
59
|
-
value = value | ((trnMode & 0x003) << 2)
|
60
|
-
(orunDetect ? value |= 0x01 : value |= 0x00)
|
61
|
-
@swdAPI.writeSWD(False, 1, value)
|
62
|
-
end
|
63
|
-
|
64
|
-
def select (apsel, apbank)
|
65
|
-
if apsel != @curAP or apbank != @curBank then
|
66
|
-
@curAP = apsel
|
67
|
-
@curBank = apbank
|
68
|
-
value = 0 | ((apsel & 0xFF) << 24) | ((apbank & 0x0F) << 4)
|
69
|
-
@swdAPI.writeSWD(FALSE, 2, value)
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
def readRB
|
74
|
-
return @swdAPI.readSWD(FALSE, 3)
|
75
|
-
end
|
76
|
-
def readAP ( apsel, address)
|
77
|
-
adrBank = (address >> 4) & 0xF
|
78
|
-
adrReg = (address >> 2) & 0x3
|
79
|
-
select(apsel, adrBank)
|
80
|
-
return @swdAPI.readSWD(TRUE, adrReg)
|
81
|
-
end
|
82
|
-
|
83
|
-
def writeAP (apsel, address, data)
|
84
|
-
adrBank = (address >> 4) & 0xF
|
85
|
-
adrReg = (address >> 2) & 0x3
|
86
|
-
select(apsel, adrBank)
|
87
|
-
@swdAPI.writeSWD(TRUE, adrReg, data)
|
88
|
-
end
|
89
|
-
end
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
class SWD_DEBUG_PORT
|
9
|
+
|
10
|
+
def initialize(swdAPI)
|
11
|
+
@swdAPI = swdAPI
|
12
|
+
sleep(0.5)
|
13
|
+
@swdAPI.resetSWD
|
14
|
+
|
15
|
+
@curAP = -1
|
16
|
+
@curBank = -1
|
17
|
+
abort(1,1,1,1,1)
|
18
|
+
select(0,0)
|
19
|
+
|
20
|
+
# power shit up
|
21
|
+
HardsploitAPI.instance.consoleInfo "Power shit up"
|
22
|
+
|
23
|
+
@swdAPI.writeSWD(FALSE, 1, 0x54000000)
|
24
|
+
if (status() >> 24) != 0xF4 then
|
25
|
+
raise "error powering up system"
|
26
|
+
exit(0)
|
27
|
+
else
|
28
|
+
HardsploitAPI.instance.consoleInfo "POWERING UP SYTEM OK"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def getAPI
|
33
|
+
return @swdAPI
|
34
|
+
end
|
35
|
+
|
36
|
+
def idcode
|
37
|
+
return @swdAPI.readSWD(FALSE, 0)
|
38
|
+
end
|
39
|
+
|
40
|
+
def abort (orunerr, wdataerr, stickyerr, stickycmp, dap)
|
41
|
+
value = 0x00000000
|
42
|
+
(orunerr ? value |= 0x10 : value |= 0x00)
|
43
|
+
(wdataerr ? value |= 0x08 : value |= 0x00)
|
44
|
+
(stickyerr ? value |= 0x04 : value |= 0x00)
|
45
|
+
(stickycmp ? value |= 0x02 : value |= 0x00)
|
46
|
+
(dap ? value |= 0x01 : value |= 0x00)
|
47
|
+
@swdAPI.writeSWD(FALSE, 0, value)
|
48
|
+
end
|
49
|
+
|
50
|
+
def status
|
51
|
+
val= @swdAPI.readSWD(FALSE,1)
|
52
|
+
return val
|
53
|
+
end
|
54
|
+
|
55
|
+
def control (trnCount = 0, trnMode = 0, maskLane = 0, orunDetect = 0)
|
56
|
+
value = 0x54000000
|
57
|
+
value = value | ((trnCount & 0xFFF) << 12)
|
58
|
+
value = value | ((maskLane & 0x00F) << 8)
|
59
|
+
value = value | ((trnMode & 0x003) << 2)
|
60
|
+
(orunDetect ? value |= 0x01 : value |= 0x00)
|
61
|
+
@swdAPI.writeSWD(False, 1, value)
|
62
|
+
end
|
63
|
+
|
64
|
+
def select (apsel, apbank)
|
65
|
+
if apsel != @curAP or apbank != @curBank then
|
66
|
+
@curAP = apsel
|
67
|
+
@curBank = apbank
|
68
|
+
value = 0 | ((apsel & 0xFF) << 24) | ((apbank & 0x0F) << 4)
|
69
|
+
@swdAPI.writeSWD(FALSE, 2, value)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def readRB
|
74
|
+
return @swdAPI.readSWD(FALSE, 3)
|
75
|
+
end
|
76
|
+
def readAP ( apsel, address)
|
77
|
+
adrBank = (address >> 4) & 0xF
|
78
|
+
adrReg = (address >> 2) & 0x3
|
79
|
+
select(apsel, adrBank)
|
80
|
+
return @swdAPI.readSWD(TRUE, adrReg)
|
81
|
+
end
|
82
|
+
|
83
|
+
def writeAP (apsel, address, data)
|
84
|
+
adrBank = (address >> 4) & 0xF
|
85
|
+
adrReg = (address >> 2) & 0x3
|
86
|
+
select(apsel, adrBank)
|
87
|
+
@swdAPI.writeSWD(TRUE, adrReg, data)
|
88
|
+
end
|
89
|
+
end
|
@@ -1,61 +1,61 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
#===================================================
|
3
|
-
# Hardsploit API - By Opale Security
|
4
|
-
# www.opale-security.com || www.hardsploit.io
|
5
|
-
# License: GNU General Public License v3
|
6
|
-
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
-
#===================================================
|
8
|
-
|
9
|
-
class SWD_MEM_AP
|
10
|
-
|
11
|
-
def initialize( dp, apsel)
|
12
|
-
@dp = dp
|
13
|
-
@apsel = apsel
|
14
|
-
csw(1,2) # 32-bit auto-incrementing addressing
|
15
|
-
end
|
16
|
-
|
17
|
-
def csw ( addrInc, size)
|
18
|
-
@dp.readAP(@apsel, 0x00)
|
19
|
-
val = @dp.readRB() & 0xFFFFFF00
|
20
|
-
@dp.writeAP(@apsel, 0x00, val + (addrInc << 4) + size)
|
21
|
-
end
|
22
|
-
|
23
|
-
def idcode
|
24
|
-
@dp.readAP(@apsel, 0xFC)
|
25
|
-
id = @dp.readRB()
|
26
|
-
@dp.select(0,0)
|
27
|
-
return id
|
28
|
-
end
|
29
|
-
|
30
|
-
def readWord (addr)
|
31
|
-
@dp.writeAP(@apsel, 0x04, addr)
|
32
|
-
@dp.readAP(@apsel, 0x0C)
|
33
|
-
return @dp.readRB()
|
34
|
-
end
|
35
|
-
|
36
|
-
def writeWord (addr, data)
|
37
|
-
@dp.writeAP(@apsel, 0x04, addr)
|
38
|
-
@dp.writeAP(@apsel, 0x0C, data)
|
39
|
-
return @dp.readRB()
|
40
|
-
end
|
41
|
-
|
42
|
-
def readBlock ( address, size)#1K boundaries and return 4K of data word alignement
|
43
|
-
if size < 1 then
|
44
|
-
raise "readBlock error : count must be >= 1"
|
45
|
-
end
|
46
|
-
if size > 1024 then
|
47
|
-
raise "readBlock error : size must be <= 1024 "
|
48
|
-
end
|
49
|
-
return @dp.getAPI.read_mem32(address,size)
|
50
|
-
end
|
51
|
-
|
52
|
-
def writeBlock (address,data) #1K boundaries
|
53
|
-
if data.length < 1 then
|
54
|
-
raise "readBlock error : count must be >= 1"
|
55
|
-
end
|
56
|
-
if data.length > 1024 then
|
57
|
-
raise "readBlock error : size must be <= 1024 "
|
58
|
-
end
|
59
|
-
@dp.getAPI.write_mem16Packed(address,data)
|
60
|
-
end
|
61
|
-
end
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
|
9
|
+
class SWD_MEM_AP
|
10
|
+
|
11
|
+
def initialize( dp, apsel)
|
12
|
+
@dp = dp
|
13
|
+
@apsel = apsel
|
14
|
+
csw(1,2) # 32-bit auto-incrementing addressing
|
15
|
+
end
|
16
|
+
|
17
|
+
def csw ( addrInc, size)
|
18
|
+
@dp.readAP(@apsel, 0x00)
|
19
|
+
val = @dp.readRB() & 0xFFFFFF00
|
20
|
+
@dp.writeAP(@apsel, 0x00, val + (addrInc << 4) + size)
|
21
|
+
end
|
22
|
+
|
23
|
+
def idcode
|
24
|
+
@dp.readAP(@apsel, 0xFC)
|
25
|
+
id = @dp.readRB()
|
26
|
+
@dp.select(0,0)
|
27
|
+
return id
|
28
|
+
end
|
29
|
+
|
30
|
+
def readWord (addr)
|
31
|
+
@dp.writeAP(@apsel, 0x04, addr)
|
32
|
+
@dp.readAP(@apsel, 0x0C)
|
33
|
+
return @dp.readRB()
|
34
|
+
end
|
35
|
+
|
36
|
+
def writeWord (addr, data)
|
37
|
+
@dp.writeAP(@apsel, 0x04, addr)
|
38
|
+
@dp.writeAP(@apsel, 0x0C, data)
|
39
|
+
return @dp.readRB()
|
40
|
+
end
|
41
|
+
|
42
|
+
def readBlock ( address, size)#1K boundaries and return 4K of data word alignement
|
43
|
+
if size < 1 then
|
44
|
+
raise "readBlock error : count must be >= 1"
|
45
|
+
end
|
46
|
+
if size > 1024 then
|
47
|
+
raise "readBlock error : size must be <= 1024 "
|
48
|
+
end
|
49
|
+
return @dp.getAPI.read_mem32(address,size)
|
50
|
+
end
|
51
|
+
|
52
|
+
def writeBlock (address,data) #1K boundaries
|
53
|
+
if data.length < 1 then
|
54
|
+
raise "readBlock error : count must be >= 1"
|
55
|
+
end
|
56
|
+
if data.length > 1024 then
|
57
|
+
raise "readBlock error : size must be <= 1024 "
|
58
|
+
end
|
59
|
+
@dp.getAPI.write_mem16Packed(address,data)
|
60
|
+
end
|
61
|
+
end
|
@@ -1,121 +1,121 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
#===================================================
|
3
|
-
# Hardsploit API - By Opale Security
|
4
|
-
# www.opale-security.com || www.hardsploit.io
|
5
|
-
# License: GNU General Public License v3
|
6
|
-
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
-
#===================================================
|
8
|
-
|
9
|
-
require_relative 'HardsploitAPI_SWD_MEM_AP'
|
10
|
-
|
11
|
-
class SWD_STM32
|
12
|
-
attr_accessor :ahb
|
13
|
-
|
14
|
-
def initialize(debugPort)
|
15
|
-
@ahb = SWD_MEM_AP.new(debugPort, 0)
|
16
|
-
@debugPort = debugPort
|
17
|
-
end
|
18
|
-
|
19
|
-
def halt
|
20
|
-
# halt the processor core
|
21
|
-
@ahb.writeWord(0xE000EDF0, 0xA05F0003)
|
22
|
-
end
|
23
|
-
def unhalt
|
24
|
-
# unhalt the processor core
|
25
|
-
@ahb.writeWord(0xE000EDF0, 0xA05F0000)
|
26
|
-
end
|
27
|
-
def sysReset
|
28
|
-
# restart the processor and peripherals
|
29
|
-
@ahb.writeWord(0xE000ED0C, 0x05FA0004)
|
30
|
-
end
|
31
|
-
|
32
|
-
def flashRead(address,size)
|
33
|
-
data = Array.new
|
34
|
-
# Read a word of 32bits (4 Bytes in same time)
|
35
|
-
size = size / 4
|
36
|
-
#Chunk to 1k block for SWD
|
37
|
-
# ARM_debug_interface_v5 Automatic address increment is only guaranteed to operate on the bottom 10-bits of the
|
38
|
-
# address held in the TAR. Auto address incrementing of bit [10] and beyond is
|
39
|
-
# IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary
|
40
|
-
# is IMPLEMENTATION DEFINED
|
41
|
-
|
42
|
-
#But for hardsploit max 8192 so chuck to 1k due to swd limitation
|
43
|
-
|
44
|
-
packet_size = 1024
|
45
|
-
number_complet_packet = (size / packet_size).floor
|
46
|
-
size_last_packet = size % packet_size
|
47
|
-
startTime = Time.now
|
48
|
-
#number_complet_packet
|
49
|
-
for i in 0..number_complet_packet - 1 do
|
50
|
-
data.push(*self.ahb.readBlock(i * 4 * packet_size + address, packet_size))
|
51
|
-
#puts "Read #{packet_size} KB : #{i}"
|
52
|
-
HardsploitAPI.instance.consoleProgress(
|
53
|
-
percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
|
54
|
-
startTime: startTime,
|
55
|
-
endTime: Time.new
|
56
|
-
)
|
57
|
-
end
|
58
|
-
#Last partial packet
|
59
|
-
if size_last_packet > 0 then
|
60
|
-
data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet))
|
61
|
-
#puts "Read last packet : #{size_last_packet} packet of 4 bytes"
|
62
|
-
HardsploitAPI.instance.consoleProgress(
|
63
|
-
percent: 100,
|
64
|
-
startTime: startTime,
|
65
|
-
endTime: Time.new
|
66
|
-
)
|
67
|
-
end
|
68
|
-
return data
|
69
|
-
end
|
70
|
-
|
71
|
-
def flashWrite(address,data)
|
72
|
-
#Chunk to 1k block for SWD
|
73
|
-
packet_size = 1024 #1024
|
74
|
-
number_complet_packet = (data.size/packet_size).floor
|
75
|
-
size_last_packet = data.size % packet_size
|
76
|
-
startTime = Time.now
|
77
|
-
#ahb.csw(2, 1) # 16-bit packed incrementing addressing
|
78
|
-
#number_complet_packet
|
79
|
-
for i in 0..number_complet_packet-1 do
|
80
|
-
self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size])
|
81
|
-
#puts "Write #{packet_size} KB : #{i}"
|
82
|
-
HardsploitAPI.instance.consoleProgress(
|
83
|
-
percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
|
84
|
-
startTime: startTime,
|
85
|
-
endTime:Time.new
|
86
|
-
)
|
87
|
-
end
|
88
|
-
#Last partial packet
|
89
|
-
if size_last_packet > 0 then
|
90
|
-
self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet])
|
91
|
-
#puts "Write last packet : #{size_last_packet} packet"
|
92
|
-
HardsploitAPI.instance.consoleProgress(percent:100,startTime:startTime,endTime:Time.new)
|
93
|
-
end
|
94
|
-
ahb.csw(1, 2) # set to default 32-bit incrementing addressing
|
95
|
-
end
|
96
|
-
|
97
|
-
def flashUnlock
|
98
|
-
# unlock main flash
|
99
|
-
@ahb.writeWord(0x40022004, 0x45670123)
|
100
|
-
@ahb.writeWord(0x40022004, 0xCDEF89AB)
|
101
|
-
end
|
102
|
-
def flashErase
|
103
|
-
HardsploitAPI.instance.consoleInfo "Flash unlock"
|
104
|
-
flashUnlock
|
105
|
-
# start the mass erase
|
106
|
-
@ahb.writeWord(0x40022010, 0x00000204)
|
107
|
-
@ahb.writeWord(0x40022010, 0x00000244)
|
108
|
-
# check the BSY flag
|
109
|
-
while (@ahb.readWord(0x4002200C) & 1) == 1
|
110
|
-
HardsploitAPI.instance.consoleInfo "waiting for erase completion..."
|
111
|
-
end
|
112
|
-
@ahb.writeWord(0x40022010, 0x00000200)
|
113
|
-
HardsploitAPI.instance.consoleInfo "Finish unlock flash"
|
114
|
-
end
|
115
|
-
def flashProgram
|
116
|
-
@ahb.writeWord(0x40022010, 0x00000201)
|
117
|
-
end
|
118
|
-
def flashProgramEnd
|
119
|
-
@ahb.writeWord(0x40022010, 0x00000200)
|
120
|
-
end
|
121
|
-
end
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
#===================================================
|
3
|
+
# Hardsploit API - By Opale Security
|
4
|
+
# www.opale-security.com || www.hardsploit.io
|
5
|
+
# License: GNU General Public License v3
|
6
|
+
# License URI: http://www.gnu.org/licenses/gpl.txt
|
7
|
+
#===================================================
|
8
|
+
|
9
|
+
require_relative 'HardsploitAPI_SWD_MEM_AP'
|
10
|
+
|
11
|
+
class SWD_STM32
|
12
|
+
attr_accessor :ahb
|
13
|
+
|
14
|
+
def initialize(debugPort)
|
15
|
+
@ahb = SWD_MEM_AP.new(debugPort, 0)
|
16
|
+
@debugPort = debugPort
|
17
|
+
end
|
18
|
+
|
19
|
+
def halt
|
20
|
+
# halt the processor core
|
21
|
+
@ahb.writeWord(0xE000EDF0, 0xA05F0003)
|
22
|
+
end
|
23
|
+
def unhalt
|
24
|
+
# unhalt the processor core
|
25
|
+
@ahb.writeWord(0xE000EDF0, 0xA05F0000)
|
26
|
+
end
|
27
|
+
def sysReset
|
28
|
+
# restart the processor and peripherals
|
29
|
+
@ahb.writeWord(0xE000ED0C, 0x05FA0004)
|
30
|
+
end
|
31
|
+
|
32
|
+
def flashRead(address,size)
|
33
|
+
data = Array.new
|
34
|
+
# Read a word of 32bits (4 Bytes in same time)
|
35
|
+
size = size / 4
|
36
|
+
#Chunk to 1k block for SWD
|
37
|
+
# ARM_debug_interface_v5 Automatic address increment is only guaranteed to operate on the bottom 10-bits of the
|
38
|
+
# address held in the TAR. Auto address incrementing of bit [10] and beyond is
|
39
|
+
# IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary
|
40
|
+
# is IMPLEMENTATION DEFINED
|
41
|
+
|
42
|
+
#But for hardsploit max 8192 so chuck to 1k due to swd limitation
|
43
|
+
|
44
|
+
packet_size = 1024
|
45
|
+
number_complet_packet = (size / packet_size).floor
|
46
|
+
size_last_packet = size % packet_size
|
47
|
+
startTime = Time.now
|
48
|
+
#number_complet_packet
|
49
|
+
for i in 0..number_complet_packet - 1 do
|
50
|
+
data.push(*self.ahb.readBlock(i * 4 * packet_size + address, packet_size))
|
51
|
+
#puts "Read #{packet_size} KB : #{i}"
|
52
|
+
HardsploitAPI.instance.consoleProgress(
|
53
|
+
percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
|
54
|
+
startTime: startTime,
|
55
|
+
endTime: Time.new
|
56
|
+
)
|
57
|
+
end
|
58
|
+
#Last partial packet
|
59
|
+
if size_last_packet > 0 then
|
60
|
+
data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet))
|
61
|
+
#puts "Read last packet : #{size_last_packet} packet of 4 bytes"
|
62
|
+
HardsploitAPI.instance.consoleProgress(
|
63
|
+
percent: 100,
|
64
|
+
startTime: startTime,
|
65
|
+
endTime: Time.new
|
66
|
+
)
|
67
|
+
end
|
68
|
+
return data
|
69
|
+
end
|
70
|
+
|
71
|
+
def flashWrite(address,data)
|
72
|
+
#Chunk to 1k block for SWD
|
73
|
+
packet_size = 1024 #1024
|
74
|
+
number_complet_packet = (data.size/packet_size).floor
|
75
|
+
size_last_packet = data.size % packet_size
|
76
|
+
startTime = Time.now
|
77
|
+
#ahb.csw(2, 1) # 16-bit packed incrementing addressing
|
78
|
+
#number_complet_packet
|
79
|
+
for i in 0..number_complet_packet-1 do
|
80
|
+
self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size])
|
81
|
+
#puts "Write #{packet_size} KB : #{i}"
|
82
|
+
HardsploitAPI.instance.consoleProgress(
|
83
|
+
percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
|
84
|
+
startTime: startTime,
|
85
|
+
endTime:Time.new
|
86
|
+
)
|
87
|
+
end
|
88
|
+
#Last partial packet
|
89
|
+
if size_last_packet > 0 then
|
90
|
+
self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet])
|
91
|
+
#puts "Write last packet : #{size_last_packet} packet"
|
92
|
+
HardsploitAPI.instance.consoleProgress(percent:100,startTime:startTime,endTime:Time.new)
|
93
|
+
end
|
94
|
+
ahb.csw(1, 2) # set to default 32-bit incrementing addressing
|
95
|
+
end
|
96
|
+
|
97
|
+
def flashUnlock
|
98
|
+
# unlock main flash
|
99
|
+
@ahb.writeWord(0x40022004, 0x45670123)
|
100
|
+
@ahb.writeWord(0x40022004, 0xCDEF89AB)
|
101
|
+
end
|
102
|
+
def flashErase
|
103
|
+
HardsploitAPI.instance.consoleInfo "Flash unlock"
|
104
|
+
flashUnlock
|
105
|
+
# start the mass erase
|
106
|
+
@ahb.writeWord(0x40022010, 0x00000204)
|
107
|
+
@ahb.writeWord(0x40022010, 0x00000244)
|
108
|
+
# check the BSY flag
|
109
|
+
while (@ahb.readWord(0x4002200C) & 1) == 1
|
110
|
+
HardsploitAPI.instance.consoleInfo "waiting for erase completion..."
|
111
|
+
end
|
112
|
+
@ahb.writeWord(0x40022010, 0x00000200)
|
113
|
+
HardsploitAPI.instance.consoleInfo "Finish unlock flash"
|
114
|
+
end
|
115
|
+
def flashProgram
|
116
|
+
@ahb.writeWord(0x40022010, 0x00000201)
|
117
|
+
end
|
118
|
+
def flashProgramEnd
|
119
|
+
@ahb.writeWord(0x40022010, 0x00000200)
|
120
|
+
end
|
121
|
+
end
|