private bool _loadAssemblyToSourceInfo(TextWriter outputWriter, string binaryPath, ulong loadingVa, ulong binaryVa)
{
try {
_binInfo = BinInfoFactory.GetBinInfo(binaryPath);
}
catch (Exception e) {
outputWriter.WriteLine(e);
return(false);
}
return(true);
}
public static void Main(string[] args)
{
_initProcess();
var projectName = "Example";
var runMode = RunMode.NormalExecution;
if (args.Length == 2)
{
projectName = args[0];
switch (args[1].ToLower())
{
case "r":
case "run":
runMode = RunMode.NormalExecution;
break;
case "v":
case "verify":
runMode = RunMode.VerifyExecution;
break;
case "fault":
runMode = RunMode.FaultSimTUI;
break;
case "fault-gui":
runMode = RunMode.FaultSimGUI;
break;
default:
throw new Exception("Unknown run mode \"" + args[1] + "\" provided!");
}
}
string rootPath;
if (Directory.Exists("Content"))
{
rootPath = Path.GetFullPath("Content");
}
else if (Directory.Exists("../../../Content"))
{
rootPath = Path.GetFullPath("../../../Content");
}
else
{
throw new Exception(
$"Cannot find exercise folder ({Path.GetFullPath("Content")} or {Path.GetFullPath("../../../Content")})");
}
var projectPath = Path.Combine(rootPath, projectName);
if (!Directory.Exists(Path.Combine(projectPath, "bin")))
{
throw new Exception("Project path missing: " + projectPath);
}
var flashBin = File.ReadAllBytes(Path.Combine(projectPath, "bin/aarch32/bl1.bin"));
var binInfo = BinInfoFactory.GetBinInfo(Path.Combine(projectPath, "bin/aarch32/bl1.elf"));
var otpPeripheral = new OtpPeripheral(Path.Combine(projectPath, "bin/otp.bin"));
if (!File.Exists(Path.Combine(projectPath, "bin/otp.bin")))
{
byte[] defaultOtpContent =
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x72, 0x67, 0x44, 0xC0,
0x80, 0x7D, 0xA5, 0x82, 0xD5, 0xEA, 0xB0, 0xF7, 0xFA, 0x68, 0xD1, 0x8B,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
File.WriteAllBytes(Path.Combine(projectPath, "bin/otp.bin"), defaultOtpContent);
}
var simConfig = new MyConfig {
Platform = Architecture.AArch32,
EntryPoint = binInfo.Symbols["_start"].Address,
StackBase = 0x80100000,
MaxInstructions = 20000000,
AddressSpace = new AddressSpace {
// OTP
{ 0x12000000, otpPeripheral },
// Next boot stage mem
{ 0x32000000, new MemoryRegion {
Size = 0x1000, Permission = MemoryPermission.RW
} },
// Code
{ 0x80000000, new MemoryRegion {
Data = flashBin, Size = 0x20000, Permission = MemoryPermission.RWX
} },
// Stack
{ 0x80100000, new MemoryRegion {
Size = 0x10000, Permission = MemoryPermission.RW
} },
// Auth success / failed trigger
{ 0xAA01000, new HwPeripheral((eng, address, size, value) => { eng.RequestStop(value == 1 ? Result.Completed : Result.Failed); }) },
},
BreakPoints =
{
{ binInfo.Symbols["flash_load_img"].Address, eng => {
var useAltData = ((MyConfig)eng.Config).UseAltData;
if (useAltData)
{
eng.Write(0x32000000, Encoding.ASCII.GetBytes("!! Pwned boot !!"));
}
else
{
eng.Write(0x32000000, Encoding.ASCII.GetBytes("Test Payload!!!!"));
}
} },
// { binInfo.Symbols["memcmp"].Address, eng => {
// var reg_r0 = eng.RegRead(Arm.UC_ARM_REG_R0);
// var reg_r1 = eng.RegRead(Arm.UC_ARM_REG_R1);
// var reg_r2 = eng.RegRead(Arm.UC_ARM_REG_R2);
//
// var buf1 = eng.Read(reg_r0, new byte[reg_r2]);
// var buf2 = eng.Read(reg_r1, new byte[reg_r2]);
//
// Console.WriteLine(Utils.HexDump(buf1, reg_r0));
// Console.WriteLine(Utils.HexDump(buf2, reg_r1));
// } },
},
Patches =
{
{ binInfo.Symbols["serial_putc"].Address, AArch32Info.A32_RET },
},
//OnCodeExecutionTraceEvent = eng => {
// Console.WriteLine($"I: {eng.CurrentInstruction.Address:x16} {eng.CurrentInstruction} {Utils.HexDump(eng.CurrentInstruction.Data)}");
// Console.WriteLine($"I: {eng.CurrentInstruction.Address:x16} {eng.CurrentInstruction}");
//}
};
try {
switch (runMode)
{
case RunMode.NormalExecution:
otpPeripheral.PersistentChanges = true;
_doNormalExecutionSim(simConfig, binInfo);
break;
case RunMode.VerifyExecution:
otpPeripheral.PersistentChanges = true;
_doABVerificationTestSim(simConfig, binInfo);
break;
case RunMode.FaultSimGUI:
case RunMode.FaultSimTUI:
var glitchRange = new List <TraceRange>();
// Only simulate faults in glitchRange
// glitchRange.Add(new SymbolTraceRange(binInfo.Symbols["some_func"]));
// Simulate faults using the following fault models:
var faultModels = new IFaultModel[] {
//new CachedNopFetchInstructionModel(),
new TransientNopInstructionModel(),
//new CachedSingleBitFlipInstructionModel(),
new TransientSingleBitFlipInstructionModel(),
//new CachedBusFetchNopInstructionModel()
};
if (runMode == RunMode.FaultSimGUI)
{
_doGUIFaultSim(simConfig, binInfo, faultModels, glitchRange);
}
else
{
_doTUIFaultSim(simConfig, binInfo, faultModels, glitchRange);
}
break;
default:
Console.WriteLine("Internal error: not supported run mode");
Environment.Exit(-1);
break;
}
}
catch (SimulationException ex) when(!Debugger.IsAttached)
{
Console.Error.WriteLine();
Console.Error.WriteLine("Error: " + ex.Message);
Console.Error.WriteLine();
if (ex is PlatformEngineException exception)
{
exception.Engine.DumpState(Console.Error, binInfo);
}
}
catch (Exception e) when(!Debugger.IsAttached)
{
Console.Out.WriteLine("Internal error: " + e.Message);
Console.Out.WriteLine(e);
Environment.Exit(-1);
}
}