int
main(int argc, char **argv)
{
if (!backdoor_open_mmap()) {
printf("Failed to mmap due to %s.\n", strerror(errno));
printf("Run 'install_backdoor' first\n");
exit(EXIT_FAILURE);
}
if (!setup_variables()) {
print_reason_device_not_supported();
backdoor_close_mmap();
exit(EXIT_FAILURE);
}
if (!disable_ccsecurity()) {
printf("Disable ccsecurity failed\n");
backdoor_close_mmap();
exit(EXIT_FAILURE);
}
backdoor_close_mmap();
exit(EXIT_SUCCESS);
}
int
main(int argc, char **argv)
{
char* command = NULL;
int i;
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-c")) {
if (++i < argc) {
command = argv[i];
}
}
}
device_detected();
if (!setup_variables()) {
printf("Failed to setup variables.\n");
exit(EXIT_FAILURE);
}
run_exploit();
if (getuid() != 0) {
printf("Failed to obtain root privilege.\n");
exit(EXIT_FAILURE);
}
if (command == NULL) {
system("/system/bin/sh");
} else {
execl("/system/bin/sh", "/system/bin/sh", "-c", command, NULL);
}
exit(EXIT_SUCCESS);
}
bool
map_kernel_memory(void)
{
if (!kernel_physical_offset) {
if (!setup_variables()) {
return false;
}
}
fb_mmap_fd = -1;
kernel_mapped_address = PTMX_MEMORY_MAPPED_ADDRESS;
if (ptmx_map_memory(PTMX_MEMORY_MAPPED_ADDRESS, kernel_physical_offset, KERNEL_MEMORY_SIZE)) {
return true;
}
fb_mem_set_kernel_phys_offset(kernel_physical_offset - 0x8000);
printf("Attempt fb_mem_exploit...\n");
fb_mem_mmap_base = fb_mem_mmap(&fb_mmap_fd);
if (fb_mem_mmap_base) {
kernel_mapped_address = (unsigned long int)fb_mem_convert_to_mmaped_address((void *)KERNEL_BASE_ADDRESS, fb_mem_mmap_base);
return true;
}
fb_mmap_fd = -1;
return false;
}
/* ----------------------------- MNI Header -----------------------------------
@NAME : save_volume_info
@INPUT : input_icvid - input file icvid (MI_ERROR means no input volume)
outfile - output file name
arg_string - string giving argument list
volume_info - volume information
@OUTPUT : (nothing)
@RETURNS : icv of output file
@DESCRIPTION: Routine to save a 3-D volume, copying information
from an optional input file.
@METHOD :
@GLOBALS :
@CALLS :
@CREATED : August 22, 1993 (Peter Neelin)
@MODIFIED :
---------------------------------------------------------------------------- */
static int save_volume_info(int input_icvid, char *outfile, char *arg_string,
Volume_Info *volume_info)
{
int mincid, icvid, inmincid;
/* Create output file */
mincid = micreate(outfile, NC_NOCLOBBER);
/* Open the input file if it is provided */
inmincid = MI_ERROR;
if (input_icvid != MI_ERROR) {
(void) miicv_inqint(input_icvid, MI_ICV_CDFID, &inmincid);
}
/* Set up variables and put output file in data mode */
setup_variables(inmincid, mincid, volume_info, arg_string);
/* Create an icv and set it up */
icvid = miicv_create();
setup_output_icv(icvid);
/* Attach the icv to the file */
(void) miicv_attach(icvid, mincid, ncvarid(mincid, MIimage));
return icvid;
}
bool
get_address(void)
{
printf("Try without fb_mem_exploit fist...\n\n");
set_fb_mem_exploit_enable(false);
if (!setup_variables()) {
printf("\n\n");
printf("Try again with fb_mem_exploit...\n\n");
set_fb_mem_exploit_enable(true);
if (!setup_variables()) {
printf("Failed to setup variables.\n");
return false;
}
}
register_address();
return true;
}
void app_main(void)
{
nvs_flash_init();
g_pot_event_group = xEventGroupCreate();
g_wifi_event_group = xEventGroupCreate();
setup_variables();
setup_wifi();
setup_gpios();
printf("v3 size: %d\n", sizeof(struct uni_proto_v3));
xTaskCreate(main_loop, "main_loop", 2048, NULL, 10, NULL);
xTaskCreate(wifi_loop, "wifi_loop", 2048, NULL, 10, NULL);
// xTaskCreate(test_loop, "test_loop", 2048, NULL, 10, NULL);
// main_loop(NULL);
}
svalue_t *
call_function_pointer (funptr_t * funp, int num_arg)
{
static func_t *oefun_table = efun_table - BASE;
array_t *v;
if (!funp->hdr.owner || (funp->hdr.owner->flags & O_DESTRUCTED))
error("Owner (/%s) of function pointer is destructed.\n",
(funp->hdr.owner ? funp->hdr.owner->obname : "(null)"));
setup_fake_frame(funp);
if ((v=funp->hdr.args)) {
check_for_destr(v);
num_arg = merge_arg_lists(num_arg, v, 0);
}
switch (funp->hdr.type) {
case FP_SIMUL:
call_simul_efun(funp->f.simul.index, num_arg);
break;
case FP_EFUN:
{
int i, def;
fp = sp - num_arg + 1;
i = funp->f.efun.index;
if (num_arg == instrs[i].min_arg - 1 &&
((def = instrs[i].Default) != DEFAULT_NONE)) {
if (def == DEFAULT_THIS_OBJECT) {
push_object(current_object);
} else {
push_number(def);
}
num_arg++;
} else
if (num_arg < instrs[i].min_arg) {
error("Too few arguments to efun %s in efun pointer.\n", query_instr_name(i));
} else if (num_arg > instrs[i].max_arg && instrs[i].max_arg != -1) {
error("Too many arguments to efun %s in efun pointer.\n", query_instr_name(i));
}
/* possibly we should add TRACE, OPC, etc here;
also on eval_cost here, which is ok for just 1 efun */
{
int j, n = num_arg;
st_num_arg = num_arg;
if (n >= 4 || instrs[i].max_arg == -1)
n = instrs[i].min_arg;
for (j = 0; j < n; j++) {
CHECK_TYPES(sp - num_arg + j + 1, instrs[i].type[j], j + 1, i);
}
(*oefun_table[i])();
free_svalue(&apply_ret_value, "call_function_pointer");
if (instrs[i].ret_type == TYPE_NOVALUE)
apply_ret_value = const0;
else
apply_ret_value = *sp--;
remove_fake_frame();
return &apply_ret_value;
}
}
case FP_LOCAL | FP_NOT_BINDABLE: {
function_t *func;
fp = sp - num_arg + 1;
if (current_object->prog->function_flags[funp->f.local.index] & (FUNC_PROTOTYPE|FUNC_UNDEFINED))
error("Undefined lfun pointer called: %s\n", function_name(current_object->prog, funp->f.local.index));
push_control_stack(FRAME_FUNCTION);
current_prog = funp->hdr.owner->prog;
caller_type = ORIGIN_LOCAL;
csp->num_local_variables = num_arg;
func = setup_new_frame(funp->f.local.index);
call_program(current_prog, func->address);
break;
}
case FP_FUNCTIONAL:
case FP_FUNCTIONAL | FP_NOT_BINDABLE: {
fp = sp - num_arg + 1;
push_control_stack(FRAME_FUNP);
current_prog = funp->f.functional.prog;
csp->fr.funp = funp;
caller_type = ORIGIN_FUNCTIONAL;
setup_variables(num_arg, funp->f.functional.num_local,
funp->f.functional.num_arg);
function_index_offset = funp->f.functional.fio;
variable_index_offset = funp->f.functional.vio;
call_program(funp->f.functional.prog, funp->f.functional.offset);
break;
}
default:
error("Unsupported function pointer type.\n");
}
free_svalue(&apply_ret_value, "call_function_pointer");
apply_ret_value = *sp--;
remove_fake_frame();
return &apply_ret_value;
}
void retro_set_environment(retro_environment_t cb)
{
environ_cb = cb;
setup_variables();
}
void setup(void)
{
unsigned char adr, flags, d;
unsigned short i;
unsigned char *p;
_flkey = 0;
/* first disable watchdog */
watchdog_disable();
/* avoid any blocking of RS485 bus */
RS485_ENABLE = RS485_ENABLE_OFF;
/* Port and oscillator configuration */
#if defined(CPU_C8051F120)
SFRPAGE = CONFIG_PAGE;
XBR0 = 0x04; // Enable XBar, UART0 & UART1
XBR1 = 0x00;
XBR2 = 0x44;
#ifdef CLK_25MHZ
/* Select internal quartz oscillator */
SFRPAGE = LEGACY_PAGE;
FLSCL = 0x00; // set flash read time for <25 MHz
SFRPAGE = CONFIG_PAGE;
OSCICN = 0x83; // divide by 1
CLKSEL = 0x00; // select internal oscillator
#else // 98 MHz
/* Select internal quartz oscillator */
SFRPAGE = LEGACY_PAGE;
FLSCL = 0xB0; // set flash read time for 100 MHz
SFRPAGE = CONFIG_PAGE;
OSCICN = 0x83; // divide by 1
CLKSEL = 0x00; // select internal oscillator
PLL0CN |= 0x01;
PLL0DIV = 0x01;
PLL0FLT = 0x01;
PLL0MUL = 0x04;
for (i = 0 ; i < 15; i++); // Wait 5us for initialization
PLL0CN |= 0x02;
for (i = 0 ; i<50000 && ((PLL0CN & 0x10) == 0) ; i++);
CLKSEL = 0x02; // select PLL as sysclk src
#endif
#elif defined(CPU_C8051F020)
XBR0 = 0x04; // Enable UART0 & UART1
XBR1 = 0x00;
XBR2 = 0x44;
/* Select external quartz oscillator */
OSCXCN = 0x67; // Crystal mode, Power Factor 22E6
OSCICN = 0x08; // CLKSL=1 (external)
#elif defined(CPU_C8051F310) || defined(CPU_C8051F320)
XBR0 = 0x01; // Enable RX/TX
XBR1 = 0x40; // Enable crossbar
/* Select internal quartz oscillator */
OSCICN = 0x83; // IOSCEN=1, SYSCLK=24.5 MHz
CLKSEL = 0x00; // derive SYSCLK from internal source
#else
XBR0 = 0x04; // Enable RX/TX
XBR1 = 0x00;
XBR2 = 0x40; // Enable crossbar
PRT0CF = 0x01; // P0.0: TX = Push Pull
PRT1CF = 0x00; // P1
PRT2CF = 0x00; // P2 Open drain for 5V LCD
PRT3CF = 0x20; // P3.5: RS485 enable = Push Pull
/* Select external quartz oscillator */
OSCXCN = 0x67; // Crystal mode, Power Factor 22E6
OSCICN = 0x08; // CLKSL=1 (external)
#endif
#ifdef CFG_HAVE_LCD
lcd_setup();
#endif
#ifdef CFG_HAVE_EMIF
/* initialize external memory interface */
d = emif_init();
/* do memory test on cold start */
SFRPAGE = LEGACY_PAGE;
if (d > 0 && (RSTSRC & 0x02) > 0)
emif_test(d);
#endif
/* start system clock */
sysclock_init();
/* enable watchdog with default timeout */
watchdog_enable(0);
/* enable missing clock detector */
RSTSRC |= 0x04;
/* default LED mode */
for (i=0 ; i<N_LED ; i++)
led_mode(i, 1);
/* initialize all memory */
CSR = 0;
addressed = 0;
flash_param = 0;
flash_program = 0;
flash_allowed = 0;
wrong_cpu = 0;
_flkey = 0;
#ifdef CFG_HAVE_RTC
rtc_set = 0;
#endif
i_in = i_out = n_out = 0;
_cur_sub_addr = 0;
for (i=0 ; i<sizeof(in_buf) ; i++)
in_buf[i] = 0;
for (i=0 ; i<sizeof(out_buf) ; i++)
out_buf[i] = 0;
/* check if we got reset by watchdog */
#if defined(CPU_C8051F120)
SFRPAGE = LEGACY_PAGE;
#endif
WD_RESET = ((RSTSRC & 0x02) == 0 && (RSTSRC & 0x08) > 0);
/* initialize UART(s) */
uart_init(0, BD_115200);
#ifdef CFG_UART1_MSCB
uart_init(1, BD_115200);
#endif
#ifdef CFG_DYN_VARIABLES
setup_variables();
#endif
/* count variables */
for (n_variables = _var_size = 0;; n_variables++) {
_var_size += variables[n_variables].width;
if (variables[n_variables].width == 0)
break;
}
/* check if variables are in xdata and xdata is present */
if (n_variables > 0) {
p = variables[0].ud;
d = *p;
*p = 0x55;
if (*p != 0x55)
wrong_cpu = 1;
*p = 0xAA;
if (*p != 0xAA)
wrong_cpu = 1;
*p = d;
}
/* retrieve EEPROM data */
#ifdef CPU_C8051F120
SFRPAGE = LEGACY_PAGE;
#endif
if ((RSTSRC & 0x02) > 0)
flags = eeprom_retrieve(1); // vars on cold start
else
flags = eeprom_retrieve(0);
if ((flags & (1 << 0)) == 0) {
configured_addr = 0;
/* set initial values */
sys_info.node_addr = 0xFFFF;
sys_info.group_addr = 0xFFFF;
memset(sys_info.node_name, 0, sizeof(sys_info.node_name));
strncpy(sys_info.node_name, node_name, sizeof(sys_info.node_name));
} else
configured_addr = 1;
/* store SVN revision */
sys_info.svn_revision = (svn_rev_main[6]-'0')*1000+
(svn_rev_main[7]-'0')*100+
(svn_rev_main[8]-'0')*10+
(svn_rev_main[9]-'0');
if ((flags & (1 << 1)) == 0) {
/* init variables */
for (i = 0; variables[i].width; i++)
if (!(variables[i].flags & MSCBF_DATALESS)) {
/* do it for each sub-address */
for (adr = 0 ; adr < _n_sub_addr ; adr++) {
memset((char*)variables[i].ud + _var_size*adr, 0, variables[i].width);
}
}
/* call user initialization routine with initialization */
user_init(1);
/* write current variables to flash later in main routine */
configured_vars = 0;
} else {
/* call user initialization routine without initialization */
user_init(0);
configured_vars = 1;
}
/* Blink LEDs */
for (i=0 ; i<N_LED ; i++)
led_blink(i, 3, 150);
}
