-
Notifications
You must be signed in to change notification settings - Fork 1
/
call_exploit.s43
51 lines (44 loc) · 1.74 KB
/
call_exploit.s43
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
.include "pmem_defs.asm"
.include "sancus_macros.asm"
.set dma_done, DMEM_260
.set foo_secret_start, DMEM_262
.set foo_secret_end, DMEM_268
.global main
main:
clr r15
disable_wdt
eint
mov #42, &foo_secret_start
sancus_enable #1234, #foo_text_start, #foo_text_end, #foo_secret_start, #foo_secret_end
; secret should be protected at this point
;mov #41, &foo_secret_start
mov #foo_secret_start+2, r1
call #foo_text_start
/* ---------------------- SANCUS MODULE --------------- */
; empty enclave
foo_text_start:
nop
foo_text_end:
/* ---------------------- SAVE DMA TRACES --------------- */
end_of_test:
nop
mov #0x2000, r15
fail_test:
br #0xffff
.section .vectors, "a"
.word end_of_test ; Interrupt 0 (lowest priority) <unused>
.word end_of_test ; Interrupt 1 <unused>
.word end_of_test ; Interrupt 2 <unused>
.word end_of_test ; Interrupt 3 <unused>
.word end_of_test ; Interrupt 4 <unused>
.word end_of_test ; Interrupt 5 <unused>
.word end_of_test ; Interrupt 6 <unused>
.word end_of_test ; Interrupt 7 <unused>
.word end_of_test ; Interrupt 8 <unused>
.word end_of_test ; Interrupt 9 TEST IRQ
.word end_of_test ; Interrupt 10 Watchdog timer
.word end_of_test ; Interrupt 11 <unused>
.word end_of_test ; Interrupt 12 <unused>
.word end_of_test ; Interrupt 13 SM_IRQ
.word end_of_test ; Interrupt 14 NMI
.word main ; Interrupt 15 (highest priority) RESET