hardsploit_gui 2.3 → 2.4.0

data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_DEBUG.rb

@@ -1,89 +1,89 @@
-#!/usr/bin/ruby
-#===================================================
-#  Hardsploit API - By Opale Security
-#  www.opale-security.com || www.hardsploit.io
-#  License: GNU General Public License v3
-#  License URI: http://www.gnu.org/licenses/gpl.txt
-#===================================================
-class SWD_DEBUG_PORT
-
-	def initialize(swdAPI)
-		@swdAPI = swdAPI
-		sleep(0.5)
-		@swdAPI.resetSWD
-	
-		@curAP = -1
-		@curBank = -1
-		abort(1,1,1,1,1)
-		select(0,0) 
-		
-		# power shit up
-		HardsploitAPI.instance.consoleInfo "Power shit up"
-		
-		@swdAPI.writeSWD(FALSE, 1, 0x54000000)
-		if (status() >> 24) != 0xF4 then
-			raise "error powering up system"
-			exit(0)
-		else
-			HardsploitAPI.instance.consoleInfo "POWERING UP SYTEM OK"
-		end
-	end
-
-	def getAPI
-		return @swdAPI
-	end
-
-	def idcode
-		return @swdAPI.readSWD(FALSE, 0)
-	end
-
-	def abort (orunerr, wdataerr, stickyerr, stickycmp, dap)
-		value = 0x00000000
-		(orunerr ? value |= 0x10 : value |= 0x00)
-		(wdataerr ? value |= 0x08 : value |= 0x00)
-		(stickyerr ? value |= 0x04 : value |= 0x00)
-		(stickycmp ? value |= 0x02 : value |= 0x00)
-		(dap ? value |= 0x01 : value |= 0x00)
-		@swdAPI.writeSWD(FALSE, 0, value)
-	end
-
-	def status
-		val= @swdAPI.readSWD(FALSE,1)
-		return val
-	end
-
-	def control (trnCount = 0, trnMode = 0, maskLane = 0, orunDetect = 0)
-		value = 0x54000000
-		value = value | ((trnCount & 0xFFF) << 12)
-		value = value | ((maskLane & 0x00F) << 8)
-		value = value | ((trnMode  & 0x003) << 2)
-		(orunDetect ? value |= 0x01 : value |= 0x00)
-		@swdAPI.writeSWD(False, 1, value)
-	end
-
-	def select (apsel, apbank)
-		if apsel != @curAP or apbank != @curBank then
-			@curAP = apsel
-			@curBank = apbank
-			value = 0 | ((apsel  & 0xFF) << 24) | ((apbank & 0x0F) <<  4)
-			@swdAPI.writeSWD(FALSE, 2, value)
-		end
-	end
-
-	def readRB
-		return @swdAPI.readSWD(FALSE, 3)
-	end
-	def readAP ( apsel, address)
-		adrBank = (address >> 4) & 0xF
-		adrReg  = (address >> 2) & 0x3
-		select(apsel, adrBank)
-		return @swdAPI.readSWD(TRUE, adrReg)
-	end
-
-	def writeAP (apsel, address, data)
-		adrBank = (address >> 4) & 0xF
-		adrReg  = (address >> 2) & 0x3
-		select(apsel, adrBank)
-		@swdAPI.writeSWD(TRUE, adrReg, data)
-	 end
-end
+#!/usr/bin/ruby
+#===================================================
+#  Hardsploit API - By Opale Security
+#  www.opale-security.com || www.hardsploit.io
+#  License: GNU General Public License v3
+#  License URI: http://www.gnu.org/licenses/gpl.txt
+#===================================================
+class SWD_DEBUG_PORT
+
+	def initialize(swdAPI)
+		@swdAPI = swdAPI
+		sleep(0.5)
+		@swdAPI.resetSWD
+	
+		@curAP = -1
+		@curBank = -1
+		abort(1,1,1,1,1)
+		select(0,0) 
+		
+		# power shit up
+		HardsploitAPI.instance.consoleInfo "Power shit up"
+		
+		@swdAPI.writeSWD(FALSE, 1, 0x54000000)
+		if (status() >> 24) != 0xF4 then
+			raise "error powering up system"
+			exit(0)
+		else
+			HardsploitAPI.instance.consoleInfo "POWERING UP SYTEM OK"
+		end
+	end
+
+	def getAPI
+		return @swdAPI
+	end
+
+	def idcode
+		return @swdAPI.readSWD(FALSE, 0)
+	end
+
+	def abort (orunerr, wdataerr, stickyerr, stickycmp, dap)
+		value = 0x00000000
+		(orunerr ? value |= 0x10 : value |= 0x00)
+		(wdataerr ? value |= 0x08 : value |= 0x00)
+		(stickyerr ? value |= 0x04 : value |= 0x00)
+		(stickycmp ? value |= 0x02 : value |= 0x00)
+		(dap ? value |= 0x01 : value |= 0x00)
+		@swdAPI.writeSWD(FALSE, 0, value)
+	end
+
+	def status
+		val= @swdAPI.readSWD(FALSE,1)
+		return val
+	end
+
+	def control (trnCount = 0, trnMode = 0, maskLane = 0, orunDetect = 0)
+		value = 0x54000000
+		value = value | ((trnCount & 0xFFF) << 12)
+		value = value | ((maskLane & 0x00F) << 8)
+		value = value | ((trnMode  & 0x003) << 2)
+		(orunDetect ? value |= 0x01 : value |= 0x00)
+		@swdAPI.writeSWD(False, 1, value)
+	end
+
+	def select (apsel, apbank)
+		if apsel != @curAP or apbank != @curBank then
+			@curAP = apsel
+			@curBank = apbank
+			value = 0 | ((apsel  & 0xFF) << 24) | ((apbank & 0x0F) <<  4)
+			@swdAPI.writeSWD(FALSE, 2, value)
+		end
+	end
+
+	def readRB
+		return @swdAPI.readSWD(FALSE, 3)
+	end
+	def readAP ( apsel, address)
+		adrBank = (address >> 4) & 0xF
+		adrReg  = (address >> 2) & 0x3
+		select(apsel, adrBank)
+		return @swdAPI.readSWD(TRUE, adrReg)
+	end
+
+	def writeAP (apsel, address, data)
+		adrBank = (address >> 4) & 0xF
+		adrReg  = (address >> 2) & 0x3
+		select(apsel, adrBank)
+		@swdAPI.writeSWD(TRUE, adrReg, data)
+	 end
+end

data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_MEM_AP.rb

@@ -1,61 +1,61 @@
-#!/usr/bin/ruby
-#===================================================
-#  Hardsploit API - By Opale Security
-#  www.opale-security.com || www.hardsploit.io
-#  License: GNU General Public License v3
-#  License URI: http://www.gnu.org/licenses/gpl.txt
-#===================================================
-
-class SWD_MEM_AP
-
-	def initialize( dp, apsel)
-		@dp = dp
-		@apsel = apsel
-		csw(1,2) # 32-bit auto-incrementing addressing
-	end
-
-	def csw ( addrInc, size)
-	  @dp.readAP(@apsel, 0x00)
-	  val = @dp.readRB() & 0xFFFFFF00
-	  @dp.writeAP(@apsel, 0x00, val + (addrInc << 4) + size)
-	end
-
-	def idcode
-		@dp.readAP(@apsel, 0xFC)
-		id =  @dp.readRB()
-		@dp.select(0,0)
-		return id
-	end
-
-	def readWord (addr)
-	  @dp.writeAP(@apsel, 0x04, addr)
-	  @dp.readAP(@apsel, 0x0C)
-	  return @dp.readRB()
-	end
-
-	def writeWord (addr, data)
-	  @dp.writeAP(@apsel, 0x04, addr)
-	  @dp.writeAP(@apsel, 0x0C, data)
-	  return @dp.readRB()
-	end
-
-	def readBlock ( address, size)#1K boundaries and return 4K of data word alignement
-		if size < 1 then
-			raise "readBlock error : count must be >= 1"
-		end
-		if size > 1024 then
-			raise "readBlock error : size must be <= 1024 "
-		end
-		return	@dp.getAPI.read_mem32(address,size)
-	end
-
-	def writeBlock (address,data) #1K boundaries
-		if data.length < 1 then
-			raise "readBlock error : count must be >= 1"
-		end
-		if data.length > 1024 then
-			raise "readBlock error : size must be <= 1024 "
-		end
-		@dp.getAPI.write_mem16Packed(address,data)
-	end
-end
+#!/usr/bin/ruby
+#===================================================
+#  Hardsploit API - By Opale Security
+#  www.opale-security.com || www.hardsploit.io
+#  License: GNU General Public License v3
+#  License URI: http://www.gnu.org/licenses/gpl.txt
+#===================================================
+
+class SWD_MEM_AP
+
+	def initialize( dp, apsel)
+		@dp = dp
+		@apsel = apsel
+		csw(1,2) # 32-bit auto-incrementing addressing
+	end
+
+	def csw ( addrInc, size)
+	  @dp.readAP(@apsel, 0x00)
+	  val = @dp.readRB() & 0xFFFFFF00
+	  @dp.writeAP(@apsel, 0x00, val + (addrInc << 4) + size)
+	end
+
+	def idcode
+		@dp.readAP(@apsel, 0xFC)
+		id =  @dp.readRB()
+		@dp.select(0,0)
+		return id
+	end
+
+	def readWord (addr)
+	  @dp.writeAP(@apsel, 0x04, addr)
+	  @dp.readAP(@apsel, 0x0C)
+	  return @dp.readRB()
+	end
+
+	def writeWord (addr, data)
+	  @dp.writeAP(@apsel, 0x04, addr)
+	  @dp.writeAP(@apsel, 0x0C, data)
+	  return @dp.readRB()
+	end
+
+	def readBlock ( address, size)#1K boundaries and return 4K of data word alignement
+		if size < 1 then
+			raise "readBlock error : count must be >= 1"
+		end
+		if size > 1024 then
+			raise "readBlock error : size must be <= 1024 "
+		end
+		return	@dp.getAPI.read_mem32(address,size)
+	end
+
+	def writeBlock (address,data) #1K boundaries
+		if data.length < 1 then
+			raise "readBlock error : count must be >= 1"
+		end
+		if data.length > 1024 then
+			raise "readBlock error : size must be <= 1024 "
+		end
+		@dp.getAPI.write_mem16Packed(address,data)
+	end
+end

data/lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb

@@ -1,121 +1,121 @@
-#!/usr/bin/ruby
-#===================================================
-#  Hardsploit API - By Opale Security
-#  www.opale-security.com || www.hardsploit.io
-#  License: GNU General Public License v3
-#  License URI: http://www.gnu.org/licenses/gpl.txt
-#===================================================
-
-require_relative 'HardsploitAPI_SWD_MEM_AP'
-
-class SWD_STM32
-attr_accessor :ahb
-
-	def initialize(debugPort)
-		@ahb = SWD_MEM_AP.new(debugPort, 0)
-		@debugPort = debugPort
-	end
-
-	def halt
-			# halt the processor core
-			@ahb.writeWord(0xE000EDF0, 0xA05F0003)
-	end
-	def unhalt
-			# unhalt the processor core
-			@ahb.writeWord(0xE000EDF0, 0xA05F0000)
-	end
-	def sysReset
-			# restart the processor and peripherals
-			@ahb.writeWord(0xE000ED0C, 0x05FA0004)
-	end
-
-	def	flashRead(address,size)
-		data = Array.new
-		# Read a word of 32bits (4 Bytes in same time)
-		size = size / 4
-		#Chunk to 1k block for SWD
-		#	ARM_debug_interface_v5 	Automatic address increment is only guaranteed to operate on the bottom 10-bits  of the
-		# address held in the TAR. Auto address incrementing of bit [10] and beyond is
-		# IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary
-		# is IMPLEMENTATION DEFINED
-
-		#But for hardsploit max 8192  so chuck to  1k due to swd limitation
-
-		packet_size = 1024
-		number_complet_packet = (size / packet_size).floor
-		size_last_packet =  size % packet_size
-		startTime = Time.now
-		#number_complet_packet
-		for i in 0..number_complet_packet - 1 do
- 			data.push(*self.ahb.readBlock(i * 4 * packet_size + address, packet_size))
-			#puts "Read #{packet_size} KB : #{i}"
-			HardsploitAPI.instance.consoleProgress(
-				percent:	 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
-				startTime: startTime,
-				endTime:	 Time.new
-			)
-		end
-		#Last partial packet
-		if size_last_packet > 0 then
-	  	data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet))
-				#puts "Read last packet : #{size_last_packet} packet of 4 bytes"
-				HardsploitAPI.instance.consoleProgress(
-					percent:	 100,
-					startTime: startTime,
-					endTime:	 Time.new
-				)
-		end
-		return data
-	end
-
-	def	flashWrite(address,data)
-			#Chunk to 1k block for SWD
-			packet_size = 1024 #1024
-			number_complet_packet = (data.size/packet_size).floor
-			size_last_packet =  data.size % packet_size
-			startTime = Time.now
-			#ahb.csw(2, 1) # 16-bit packed incrementing addressing
-			#number_complet_packet
-			for i in 0..number_complet_packet-1 do
-				self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size])
-				#puts "Write #{packet_size} KB : #{i}"
-				HardsploitAPI.instance.consoleProgress(
-					percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
-					startTime: startTime,
-					endTime:Time.new
-				)
-			end
-			#Last partial packet
-			if size_last_packet > 0 then
-					self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet])
-					#puts "Write last packet : #{size_last_packet} packet"
-			  	HardsploitAPI.instance.consoleProgress(percent:100,startTime:startTime,endTime:Time.new)
-			end
-			ahb.csw(1, 2) # set to default 32-bit incrementing addressing
-	end
-
-	def flashUnlock
-			# unlock main flash
-			@ahb.writeWord(0x40022004, 0x45670123)
-			@ahb.writeWord(0x40022004, 0xCDEF89AB)
-	end
-	def flashErase
-			HardsploitAPI.instance.consoleInfo "Flash unlock"
-			flashUnlock
-			# start the mass erase
-			@ahb.writeWord(0x40022010, 0x00000204)
-			@ahb.writeWord(0x40022010, 0x00000244)
-			# check the BSY flag
-			while (@ahb.readWord(0x4002200C) & 1) == 1
-					HardsploitAPI.instance.consoleInfo "waiting for erase completion..."
-			end
-			@ahb.writeWord(0x40022010, 0x00000200)
-			HardsploitAPI.instance.consoleInfo "Finish unlock flash"
-	end
-	def flashProgram
-			@ahb.writeWord(0x40022010, 0x00000201)
-	end
-	def flashProgramEnd
-			@ahb.writeWord(0x40022010, 0x00000200)
-	end
-end
+#!/usr/bin/ruby
+#===================================================
+#  Hardsploit API - By Opale Security
+#  www.opale-security.com || www.hardsploit.io
+#  License: GNU General Public License v3
+#  License URI: http://www.gnu.org/licenses/gpl.txt
+#===================================================
+
+require_relative 'HardsploitAPI_SWD_MEM_AP'
+
+class SWD_STM32
+attr_accessor :ahb
+
+	def initialize(debugPort)
+		@ahb = SWD_MEM_AP.new(debugPort, 0)
+		@debugPort = debugPort
+	end
+
+	def halt
+			# halt the processor core
+			@ahb.writeWord(0xE000EDF0, 0xA05F0003)
+	end
+	def unhalt
+			# unhalt the processor core
+			@ahb.writeWord(0xE000EDF0, 0xA05F0000)
+	end
+	def sysReset
+			# restart the processor and peripherals
+			@ahb.writeWord(0xE000ED0C, 0x05FA0004)
+	end
+
+	def	flashRead(address,size)
+		data = Array.new
+		# Read a word of 32bits (4 Bytes in same time)
+		size = size / 4
+		#Chunk to 1k block for SWD
+		#	ARM_debug_interface_v5 	Automatic address increment is only guaranteed to operate on the bottom 10-bits  of the
+		# address held in the TAR. Auto address incrementing of bit [10] and beyond is
+		# IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary
+		# is IMPLEMENTATION DEFINED
+
+		#But for hardsploit max 8192  so chuck to  1k due to swd limitation
+
+		packet_size = 1024
+		number_complet_packet = (size / packet_size).floor
+		size_last_packet =  size % packet_size
+		startTime = Time.now
+		#number_complet_packet
+		for i in 0..number_complet_packet - 1 do
+ 			data.push(*self.ahb.readBlock(i * 4 * packet_size + address, packet_size))
+			#puts "Read #{packet_size} KB : #{i}"
+			HardsploitAPI.instance.consoleProgress(
+				percent:	 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
+				startTime: startTime,
+				endTime:	 Time.new
+			)
+		end
+		#Last partial packet
+		if size_last_packet > 0 then
+	  	data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet))
+				#puts "Read last packet : #{size_last_packet} packet of 4 bytes"
+				HardsploitAPI.instance.consoleProgress(
+					percent:	 100,
+					startTime: startTime,
+					endTime:	 Time.new
+				)
+		end
+		return data
+	end
+
+	def	flashWrite(address,data)
+			#Chunk to 1k block for SWD
+			packet_size = 1024 #1024
+			number_complet_packet = (data.size/packet_size).floor
+			size_last_packet =  data.size % packet_size
+			startTime = Time.now
+			#ahb.csw(2, 1) # 16-bit packed incrementing addressing
+			#number_complet_packet
+			for i in 0..number_complet_packet-1 do
+				self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size])
+				#puts "Write #{packet_size} KB : #{i}"
+				HardsploitAPI.instance.consoleProgress(
+					percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
+					startTime: startTime,
+					endTime:Time.new
+				)
+			end
+			#Last partial packet
+			if size_last_packet > 0 then
+					self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet])
+					#puts "Write last packet : #{size_last_packet} packet"
+			  	HardsploitAPI.instance.consoleProgress(percent:100,startTime:startTime,endTime:Time.new)
+			end
+			ahb.csw(1, 2) # set to default 32-bit incrementing addressing
+	end
+
+	def flashUnlock
+			# unlock main flash
+			@ahb.writeWord(0x40022004, 0x45670123)
+			@ahb.writeWord(0x40022004, 0xCDEF89AB)
+	end
+	def flashErase
+			HardsploitAPI.instance.consoleInfo "Flash unlock"
+			flashUnlock
+			# start the mass erase
+			@ahb.writeWord(0x40022010, 0x00000204)
+			@ahb.writeWord(0x40022010, 0x00000244)
+			# check the BSY flag
+			while (@ahb.readWord(0x4002200C) & 1) == 1
+					HardsploitAPI.instance.consoleInfo "waiting for erase completion..."
+			end
+			@ahb.writeWord(0x40022010, 0x00000200)
+			HardsploitAPI.instance.consoleInfo "Finish unlock flash"
+	end
+	def flashProgram
+			@ahb.writeWord(0x40022010, 0x00000201)
+	end
+	def flashProgramEnd
+			@ahb.writeWord(0x40022010, 0x00000200)
+	end
+end