void load_ctx(const void * ctx, const char * attr, const char * hint) { #ifdef DEBUG_ATTR load_buf(pointer2string(ctx), "ctx"); load_buf(attr, "attr"); #endif print_rhs(string_attributes[ctx][string(attr)], hint); }
void event3(const char * s, const unsigned char * buf1, size_t len1, const unsigned char * buf2, size_t len2, const unsigned char * buf3, size_t len3) { load_buf(buf1, len1, ""); load_buf(buf2, len2, ""); load_buf(buf3, len3, ""); event(s, 3); }
void copy_ctx(const void * to, const void * from) { #ifdef DEBUG_ATTR load_buf(pointer2string(from), "from"); load_buf(pointer2string(to), "to"); sym("copy_attr"); #endif string_attributes[to] = string_attributes[from]; }
void add_to_attr(const void * ctx, const char * attr, const unsigned char * buf, size_t len) { #ifdef DEBUG_ATTR load_buf(pointer2string(ctx), "ctx"); load_buf(s, "attr"); load_buf(buf, len, "value"); sym("append_attr"); #endif string_attributes[ctx][string(attr)] += buffer2string(buf, len); }
void event4(const char * s, const unsigned char * buf1, size_t len1, const unsigned char * buf2, size_t len2, const unsigned char * buf3, size_t len3, const unsigned char * buf4, size_t len4) { load_buf(buf1, len1, ""); load_buf(buf2, len2, ""); load_buf(buf3, len3, ""); load_buf(buf4, len4, ""); event(s, 4); }
void store_ctx(const void * ctx, const char * attr, const char * hint) { string sattr = string(attr); unique_attr(ctx, sattr); print_lhs(string_attributes[ctx][sattr], hint); #ifdef DEBUG_ATTR load_buf(pointer2string(ctx), "ctx"); load_buf(attr, "attr"); sym("get_attr"); #endif }
void set_attr_str(const void * ctx, const char * attr, const char * str) { if(strlen(str) == 0) cerr << "set_attr(char*): new value is empty" << endl; #ifdef DEBUG_ATTR load_buf(pointer2string(ctx), "ctx"); load_buf(s, "attr"); load_buf(string(str), "value"); sym("set_attr"); #endif string_attributes[ctx][string(attr)] = string(str); }
void set_attr_buf(const void * ctx, const char * attr, const unsigned char * buf, size_t len) { if(len == 0) cerr << "set_attr(buf, len): new value is empty" << endl; #ifdef DEBUG_ATTR load_buf(pointer2string(ctx), "ctx"); load_buf(s, "attr"); load_buf(buf, len, "value"); sym("set_attr"); #endif string_attributes[ctx][string(attr)] = buffer2string(buf, len); }
void clear_attr(const void * ctx, const char * attr) { #ifdef DEBUG_ATTR load_buf(pointer2string(ctx), "ctx"); load_buf(attr, "attr"); sym("clear_attr"); #endif string sattr = string(attr); string_attributes[ctx][sattr] = ""; int_attributes[ctx][sattr] = 0; }
extern size_t decrypt_proxy(unsigned char * key, size_t keylen, unsigned char * in, size_t inlen, unsigned char * out) { size_t ret = decrypt(key, keylen, in, inlen, out); load_buf(key, keylen, "key"); load_buf(in, inlen, "cipher"); symN("D", "msg", &ret, TRUE); store_buf(out); if(ret > decrypt_len_proxy(key, keylen, in, inlen)) fail("decrypt_proxy: bad length"); return ret; }
void copy_attr_ex(const void * to, const char * attr_to, const void * from, const char * attr_from) { string value = get_attr(from, string(attr_from)); if(value == "") cerr << "copy_attr(): new value is empty" << endl; #ifdef DEBUG_ATTR load_buf(pointer2string(ctx), "ctx"); load_buf(s, "attr"); load_buf(value, "value"); sym("copy_attr"); #endif string_attributes[to][string(attr_to)] = value; }
void do_flashall(usb_handle *usb, int erase_first) { queue_info_dump(); fb_queue_query_save("product", cur_product, sizeof(cur_product)); char* fname = find_item("info", product); if (fname == 0) die("cannot find android-info.txt"); unsigned sz; void* data = load_file(fname, &sz); if (data == 0) die("could not load android-info.txt: %s", strerror(errno)); setup_requirements(reinterpret_cast<char*>(data), sz); for (size_t i = 0; i < ARRAY_SIZE(images); i++) { fname = find_item(images[i].part_name, product); fastboot_buffer buf; if (load_buf(usb, fname, &buf)) { if (images[i].is_optional) continue; die("could not load %s\n", images[i].img_name); } do_send_signature(fname); if (erase_first && needs_erase(usb, images[i].part_name)) { fb_queue_erase(images[i].part_name); } flash_buf(images[i].part_name, &buf); } }
struct iv_config *iviewiir_configure() { struct iv_config *config; char *config_buf = NULL; ssize_t config_buf_len = load_buf(&config_buf, CONFIG_FILE); if(config_buf_len == 0) { /* Cache was stale or did not exist, so re-fetch. */ debug("Fetching configuration\n"); config_buf_len = iv_get_http_buffer(IV_CONFIG_URI, &config_buf); if(0 >= config_buf_len) { fprintf(stderr, "error retrieving config xml\n"); return NULL; } if(-1 == dump_buf(config_buf, config_buf_len, CONFIG_FILE)) { config = NULL; goto config_cleanup; } } debug("%s\n", config_buf); if(IV_OK != iv_parse_config(config_buf, config_buf_len, &config)) { return NULL; } config_cleanup: iv_destroy_http_buffer(config_buf); return config; }
/** * \brief Initiate a TCP connection with host:port * * \param fd Socket to use * \param host Host to connect to * \param port Port to connect to * * \return 0 if successful, or one of: * POLARSSL_ERR_NET_SOCKET_FAILED, * POLARSSL_ERR_NET_UNKNOWN_HOST, * POLARSSL_ERR_NET_CONNECT_FAILED */ int net_connect_proxy( int *fd, const char *host, int port ) { mute(); int ret = net_connect(fd, host, port); unmute(); load_buf(host, strlen_proxy(host), ""); output(); load_buf(&port, sizeof(port), ""); output(); // Let the attacker decide what this function returns. input("net_connect_result", sizeof(ret)); store_buf(&ret); return ret; }
static void do_flash(usb_handle* usb, const char* pname, const char* fname) { struct fastboot_buffer buf; if (load_buf(usb, fname, &buf)) { die("cannot load '%s'", fname); } flash_buf(pname, &buf); }
extern size_t encrypt_proxy(unsigned char * key, size_t keylen, unsigned char * in, size_t inlen, unsigned char * out) { size_t ret = encrypt(key, keylen, in, inlen, out); unsigned char nonce[SIZE_NONCE]; nonce_proxy(nonce); load_buf(key, keylen, "key"); // hm, it would be sensible to set length to keylen here, but right now I don't allow len() inside lens symN("isek", "key", NULL, TRUE); load_buf(in, inlen, "msg"); load_buf(nonce, SIZE_NONCE, "nonce"); symN("E", "cipher", &ret, TRUE); store_buf(out); if(ret > encrypt_len_proxy(key, keylen, in, inlen)) fail("encrypt_proxy: bad length"); return ret; }
int iviewiir_index(struct iv_config *config, struct iv_series **index) { char *index_xml_buf = NULL; ssize_t index_buf_len = load_buf(&index_xml_buf, INDEX_FILE); if(index_buf_len == 0) { debug("Didn't load index from cache, fetching it\n"); index_buf_len = iv_get_index(config, &index_xml_buf); dump_buf(index_xml_buf, index_buf_len, INDEX_FILE); } debug("index length %zd:\n%s\n", index_buf_len, index_xml_buf); int index_len = iv_parse_index(index_xml_buf, index); iv_destroy_http_buffer(index_xml_buf); return index_len; }
/** * \brief Create a listening socket on bind_ip:port. * If bind_ip == NULL, all interfaces are binded. * * \param fd Socket to use * \param bind_ip IP to bind to, can be NULL * \param port Port number to use * * \return 0 if successful, or one of: * POLARSSL_ERR_NET_SOCKET_FAILED, * POLARSSL_ERR_NET_BIND_FAILED, * POLARSSL_ERR_NET_LISTEN_FAILED */ int net_bind_proxy( int *fd, const char *bind_ip, int port ) { mute(); int ret = net_bind(fd, bind_ip, port); unmute(); SymN("socket", 0); Nondet(); assume_intype("bitstring"); size_t len = sizeof(*fd); assume_len(&len, false, sizeof(len)); store_buf(fd); load_buf(bind_ip, strlen_proxy(bind_ip), ""); output(); load_buf(&port, sizeof(port), ""); output(); // Let the attacker decide what this function returns. input("net_bind_result", sizeof(ret)); store_buf(&ret); return ret; }
int net_send_proxy( void *ctx, unsigned char *buf, int len ) { mute(); int ret = net_send(ctx, buf, len); unmute(); mute(); if(ret != len) { fail("write_proxy: ret != len not handled yet"); } unmute(); ret = len; load_buf(buf, ret, "msg"); output(); return ret; }
void event1(const char * s, const unsigned char * buf, size_t len) { load_buf(buf, len, ""); event(s, 1); }
void hint(const unsigned char * buf, size_t len, const char * name) { load_buf(buf, len, ""); Hint(name); store_buf(buf); }
void typehint(const unsigned char * buf, size_t len, const char * type) { load_buf(buf, len, ""); TypeHint(type); store_buf(buf); }
void event2(const char * s, const unsigned char * buf1, size_t len1, const unsigned char * buf2, size_t len2) { load_buf(buf1, len1, ""); load_buf(buf2, len2, ""); event(s, 2); }