void load_ctx(const void * ctx, const char * attr, const char * hint)
{
#ifdef DEBUG_ATTR
load_buf(pointer2string(ctx), "ctx");
load_buf(attr, "attr");
#endif
print_rhs(string_attributes[ctx][string(attr)], hint);
}
void event3(const char * s, const unsigned char * buf1, size_t len1,
const unsigned char * buf2, size_t len2,
const unsigned char * buf3, size_t len3)
{
load_buf(buf1, len1, "");
load_buf(buf2, len2, "");
load_buf(buf3, len3, "");
event(s, 3);
}
void copy_ctx(const void * to, const void * from)
{
#ifdef DEBUG_ATTR
load_buf(pointer2string(from), "from");
load_buf(pointer2string(to), "to");
sym("copy_attr");
#endif
string_attributes[to] = string_attributes[from];
}
void add_to_attr(const void * ctx, const char * attr, const unsigned char * buf, size_t len)
{
#ifdef DEBUG_ATTR
load_buf(pointer2string(ctx), "ctx");
load_buf(s, "attr");
load_buf(buf, len, "value");
sym("append_attr");
#endif
string_attributes[ctx][string(attr)] += buffer2string(buf, len);
}
void event4(const char * s, const unsigned char * buf1, size_t len1,
const unsigned char * buf2, size_t len2,
const unsigned char * buf3, size_t len3,
const unsigned char * buf4, size_t len4)
{
load_buf(buf1, len1, "");
load_buf(buf2, len2, "");
load_buf(buf3, len3, "");
load_buf(buf4, len4, "");
event(s, 4);
}
void store_ctx(const void * ctx, const char * attr, const char * hint)
{
string sattr = string(attr);
unique_attr(ctx, sattr);
print_lhs(string_attributes[ctx][sattr], hint);
#ifdef DEBUG_ATTR
load_buf(pointer2string(ctx), "ctx");
load_buf(attr, "attr");
sym("get_attr");
#endif
}
void set_attr_str(const void * ctx, const char * attr, const char * str)
{
if(strlen(str) == 0)
cerr << "set_attr(char*): new value is empty" << endl;
#ifdef DEBUG_ATTR
load_buf(pointer2string(ctx), "ctx");
load_buf(s, "attr");
load_buf(string(str), "value");
sym("set_attr");
#endif
string_attributes[ctx][string(attr)] = string(str);
}
void set_attr_buf(const void * ctx, const char * attr, const unsigned char * buf, size_t len)
{
if(len == 0)
cerr << "set_attr(buf, len): new value is empty" << endl;
#ifdef DEBUG_ATTR
load_buf(pointer2string(ctx), "ctx");
load_buf(s, "attr");
load_buf(buf, len, "value");
sym("set_attr");
#endif
string_attributes[ctx][string(attr)] = buffer2string(buf, len);
}
void clear_attr(const void * ctx, const char * attr)
{
#ifdef DEBUG_ATTR
load_buf(pointer2string(ctx), "ctx");
load_buf(attr, "attr");
sym("clear_attr");
#endif
string sattr = string(attr);
string_attributes[ctx][sattr] = "";
int_attributes[ctx][sattr] = 0;
}
extern size_t decrypt_proxy(unsigned char * key, size_t keylen, unsigned char * in, size_t inlen, unsigned char * out)
{
size_t ret = decrypt(key, keylen, in, inlen, out);
load_buf(key, keylen, "key");
load_buf(in, inlen, "cipher");
symN("D", "msg", &ret, TRUE);
store_buf(out);
if(ret > decrypt_len_proxy(key, keylen, in, inlen))
fail("decrypt_proxy: bad length");
return ret;
}
void copy_attr_ex(const void * to, const char * attr_to, const void * from, const char * attr_from)
{
string value = get_attr(from, string(attr_from));
if(value == "")
cerr << "copy_attr(): new value is empty" << endl;
#ifdef DEBUG_ATTR
load_buf(pointer2string(ctx), "ctx");
load_buf(s, "attr");
load_buf(value, "value");
sym("copy_attr");
#endif
string_attributes[to][string(attr_to)] = value;
}
void do_flashall(usb_handle *usb, int erase_first)
{
queue_info_dump();
fb_queue_query_save("product", cur_product, sizeof(cur_product));
char* fname = find_item("info", product);
if (fname == 0) die("cannot find android-info.txt");
unsigned sz;
void* data = load_file(fname, &sz);
if (data == 0) die("could not load android-info.txt: %s", strerror(errno));
setup_requirements(reinterpret_cast<char*>(data), sz);
for (size_t i = 0; i < ARRAY_SIZE(images); i++) {
fname = find_item(images[i].part_name, product);
fastboot_buffer buf;
if (load_buf(usb, fname, &buf)) {
if (images[i].is_optional)
continue;
die("could not load %s\n", images[i].img_name);
}
do_send_signature(fname);
if (erase_first && needs_erase(usb, images[i].part_name)) {
fb_queue_erase(images[i].part_name);
}
flash_buf(images[i].part_name, &buf);
}
}
struct iv_config *iviewiir_configure() {
struct iv_config *config;
char *config_buf = NULL;
ssize_t config_buf_len = load_buf(&config_buf, CONFIG_FILE);
if(config_buf_len == 0) {
/* Cache was stale or did not exist, so re-fetch. */
debug("Fetching configuration\n");
config_buf_len = iv_get_http_buffer(IV_CONFIG_URI, &config_buf);
if(0 >= config_buf_len) {
fprintf(stderr, "error retrieving config xml\n");
return NULL;
}
if(-1 == dump_buf(config_buf, config_buf_len, CONFIG_FILE)) {
config = NULL;
goto config_cleanup;
}
}
debug("%s\n", config_buf);
if(IV_OK != iv_parse_config(config_buf, config_buf_len, &config)) {
return NULL;
}
config_cleanup:
iv_destroy_http_buffer(config_buf);
return config;
}
/**
* \brief Initiate a TCP connection with host:port
*
* \param fd Socket to use
* \param host Host to connect to
* \param port Port to connect to
*
* \return 0 if successful, or one of:
* POLARSSL_ERR_NET_SOCKET_FAILED,
* POLARSSL_ERR_NET_UNKNOWN_HOST,
* POLARSSL_ERR_NET_CONNECT_FAILED
*/
int net_connect_proxy( int *fd, const char *host, int port )
{
mute();
int ret = net_connect(fd, host, port);
unmute();
load_buf(host, strlen_proxy(host), "");
output();
load_buf(&port, sizeof(port), "");
output();
// Let the attacker decide what this function returns.
input("net_connect_result", sizeof(ret));
store_buf(&ret);
return ret;
}
static void do_flash(usb_handle* usb, const char* pname, const char* fname) {
struct fastboot_buffer buf;
if (load_buf(usb, fname, &buf)) {
die("cannot load '%s'", fname);
}
flash_buf(pname, &buf);
}
extern size_t encrypt_proxy(unsigned char * key, size_t keylen, unsigned char * in, size_t inlen, unsigned char * out)
{
size_t ret = encrypt(key, keylen, in, inlen, out);
unsigned char nonce[SIZE_NONCE];
nonce_proxy(nonce);
load_buf(key, keylen, "key");
// hm, it would be sensible to set length to keylen here, but right now I don't allow len() inside lens
symN("isek", "key", NULL, TRUE);
load_buf(in, inlen, "msg");
load_buf(nonce, SIZE_NONCE, "nonce");
symN("E", "cipher", &ret, TRUE);
store_buf(out);
if(ret > encrypt_len_proxy(key, keylen, in, inlen))
fail("encrypt_proxy: bad length");
return ret;
}
int iviewiir_index(struct iv_config *config, struct iv_series **index) {
char *index_xml_buf = NULL;
ssize_t index_buf_len = load_buf(&index_xml_buf, INDEX_FILE);
if(index_buf_len == 0) {
debug("Didn't load index from cache, fetching it\n");
index_buf_len = iv_get_index(config, &index_xml_buf);
dump_buf(index_xml_buf, index_buf_len, INDEX_FILE);
}
debug("index length %zd:\n%s\n", index_buf_len, index_xml_buf);
int index_len = iv_parse_index(index_xml_buf, index);
iv_destroy_http_buffer(index_xml_buf);
return index_len;
}
/**
* \brief Create a listening socket on bind_ip:port.
* If bind_ip == NULL, all interfaces are binded.
*
* \param fd Socket to use
* \param bind_ip IP to bind to, can be NULL
* \param port Port number to use
*
* \return 0 if successful, or one of:
* POLARSSL_ERR_NET_SOCKET_FAILED,
* POLARSSL_ERR_NET_BIND_FAILED,
* POLARSSL_ERR_NET_LISTEN_FAILED
*/
int net_bind_proxy( int *fd, const char *bind_ip, int port )
{
mute();
int ret = net_bind(fd, bind_ip, port);
unmute();
SymN("socket", 0);
Nondet();
assume_intype("bitstring");
size_t len = sizeof(*fd);
assume_len(&len, false, sizeof(len));
store_buf(fd);
load_buf(bind_ip, strlen_proxy(bind_ip), "");
output();
load_buf(&port, sizeof(port), "");
output();
// Let the attacker decide what this function returns.
input("net_bind_result", sizeof(ret));
store_buf(&ret);
return ret;
}
int net_send_proxy( void *ctx, unsigned char *buf, int len )
{
mute();
int ret = net_send(ctx, buf, len);
unmute();
mute();
if(ret != len)
{
fail("write_proxy: ret != len not handled yet");
}
unmute();
ret = len;
load_buf(buf, ret, "msg");
output();
return ret;
}
void event1(const char * s, const unsigned char * buf, size_t len)
{
load_buf(buf, len, "");
event(s, 1);
}
void hint(const unsigned char * buf, size_t len, const char * name)
{
load_buf(buf, len, "");
Hint(name);
store_buf(buf);
}
void typehint(const unsigned char * buf, size_t len, const char * type)
{
load_buf(buf, len, "");
TypeHint(type);
store_buf(buf);
}
void event2(const char * s, const unsigned char * buf1, size_t len1, const unsigned char * buf2, size_t len2)
{
load_buf(buf1, len1, "");
load_buf(buf2, len2, "");
event(s, 2);
}
