Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

WIP: rename macros.h.S to pl3.h.S and make it do a lot more stuff

  • Loading branch information...
commit 6113629e72981ed218217f4941ead9d9570cabc1 1 parent 4b4a920
@kakaroto authored
View
16 firmware_symbols.h.S
@@ -60,7 +60,7 @@
// Payload bases
#define MEM_BASE2 (0x50B3C)
-#define RESIDENT_PAYLOAD_MAXSIZE (1296)
+#define RESIDENT_AREA_MAXSIZE (1296)
#ifdef KIOSK
#define HASH_TABLE_1 0xA0577BB4002C8B20
@@ -140,7 +140,7 @@
// Payload bases
#define MEM_BASE2 0x50b38
-#define RESIDENT_PAYLOAD_MAXSIZE (1296)
+#define RESIDENT_AREA_MAXSIZE (1296)
#define HASH_TABLE_1 0xa0556fed002cb89b
@@ -206,7 +206,7 @@
#define MEM_BASE2 (0x050b34)
-#define RESIDENT_PAYLOAD_MAXSIZE (1296)
+#define RESIDENT_AREA_MAXSIZE (1296)
#define HASH_TABLE_1 0xA0694B50002C638E // vsh elf
#define HASH_TABLE_2 0x6B70281A0001E3AA // pkg loader elf
@@ -268,7 +268,7 @@
#define MEM_BASE2 (0x050608)
-#define RESIDENT_PAYLOAD_MAXSIZE (1296)
+#define RESIDENT_AREA_MAXSIZE (1296)
#define HASH_TABLE_1 0xA0683FF8002C346B // vsh elf
#define HASH_TABLE_2 0x6B7028220001E56B // pkg loader elf
@@ -334,7 +334,7 @@
// Payload bases
#define MEM_BASE2 (0x50608)
-#define RESIDENT_PAYLOAD_MAXSIZE (1296)
+#define RESIDENT_AREA_MAXSIZE (1296)
#define HASH_TABLE_1 0xA06FF29B002C284A
#define HASH_TABLE_2 0x6B7028220001E53E
@@ -389,7 +389,7 @@
#define MEM_BASE2 (0x50604)
-#define RESIDENT_PAYLOAD_MAXSIZE (1296)
+#define RESIDENT_AREA_MAXSIZE (1296)
#define HASH_TABLE_1 0xA06F35DB002C221E
#define HASH_TABLE_2 0x6B7028220001E535
@@ -449,7 +449,7 @@
#define MEM_BASE2 (0x04E214)
-#define RESIDENT_PAYLOAD_MAXSIZE (1296)
+#define RESIDENT_AREA_MAXSIZE (1296)
#define HASH_TABLE_1 0xA00A6748002B0669
#define HASH_TABLE_2 0x6331A81B0001F7AC
@@ -509,7 +509,7 @@
// Payload bases
#define MEM_BASE2 (0x4A05C)
-#define RESIDENT_PAYLOAD_MAXSIZE (1296)
+#define RESIDENT_AREA_MAXSIZE (1296)
#define HASH_TABLE_1 0xB35FF0D7002B53FF
#define HASH_TABLE_2 0xF662A7ED0001A3F8
View
41 macros.h.S → pl3.h.S
@@ -10,8 +10,8 @@
*
*/
-#ifndef __MACRO_H_S__
-#define __MACRO_H_S__
+#ifndef __PL3_H_S__
+#define __PL3_H_S__
#include "config.h"
@@ -25,11 +25,10 @@
#define PAYLOAD_OFFSET_IN_PAGE 0x38
#endif
-#define PAYLOAD_SIZE ADDR_IN_PAGE(payload_end)
-#define RESIDENT_PAYLOAD_OFFSET (overwritten_kernel_function)
-#define RESIDENT_PAYLOAD_SIZE (payload_end - RESIDENT_PAYLOAD_OFFSET)
-#define ADDR_IN_PAGE(target) (PAYLOAD_OFFSET_IN_PAGE + (target) - payload_start)
-#define ADDR_IN_MEM2(target) ((target) - RESIDENT_PAYLOAD_OFFSET)
+#define RESIDENT_AREA_OFFSET (resident_area_start)
+#define RESIDENT_AREA_SIZE (resident_area_end - resident_area_start)
+#define ADDR_IN_PAGE(target) (PAYLOAD_OFFSET_IN_PAGE + (target) - payload_entry)
+#define ADDR_IN_MEM2(target) ((target) - RESIDENT_AREA_OFFSET)
/* Addressing Macros */
@@ -118,7 +117,7 @@ function: \
(function ## _end - function##_start)); \
LOAD_LABEL2 (%r6, %r30, function ##_ptr); \
std %r3, 0(%r6);
-
+
#define GET_CURRENT_PAGE(temp, dest) \
bl get_current_page; \
b got_current_page; \
@@ -148,4 +147,28 @@ got_current_page: \
bl pl3_memcpy; \
mr %r3, %r7;
-#endif /* __MACRO_H_S */
+// Copy functions that need to stay resident in memory to MEM_BASE2
+#define COPY_RESIDENT_AREA(base, page) \
+ LOAD_LABEL (MEM_BASE2, %r3, base, 0); \
+ addi %r4, page, ADDR_IN_PAGE(RESIDENT_AREA_OFFSET); \
+ li %r5, RESIDENT_AREA_SIZE; \
+ bl pl3_memcpy; \
+
+#define RESIDENT_AREA_START() \
+.align 4; \
+resident_area_start: \
+ li %r3, 1; \
+ blr;
+
+#define RESIDENT_AREA_END() \
+resident_area_end: \
+.org RESIDENT_AREA_OFFSET + RESIDENT_AREA_MAXSIZE \
+
+.org 0
+// Position 0x20 in the page
+payload_entry:
+ b payload_main
+
+#include "pl3_memcpy.h.S"
+
+#endif /* __PL3_H_S__ */
View
2  pl3_memcpy.h.S
@@ -12,8 +12,6 @@
#ifndef __PL3_MEMCPY_H_S__
#define __PL3_MEMCPY_H_S__
-
-.align 4
pl3_memcpy:
cmpldi %r5, 0 // if %r5 reaches 0, end it
beq l_pl3_memcpy_done
View
10 shellcode_egghunt.S
@@ -13,14 +13,12 @@
*
*/
-#include "macros.h.S"
+// If the egghunt is used so USE_JIG is defined and the payload offset is 0x20
+#define PAGE_SIZE 0x1000
+#define PAYLOAD_OFFSET_IN_PAGE 0x20
.org 0
-/**
- * shellcode:
- *
- *
- */
+
/* JIG payload. Must not exceed 40 bytes */
shellcode:
ld %r4, -0x10(%r3)
Please sign in to comment.
Something went wrong with that request. Please try again.