Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The reason it wasn't working so far is that the baseband firmware
appears have a compile-time white-list of AT commands for which the AT
command forwarding is permitted. Any other commands are rejected with
error 48 (invalid argument) :/
|
|
we want to copy to the actual buffer... One ampersand less.
|
|
|
|
|
|
we need to actually first call libc's read/recv and then interpret the
data, rathe than interpretting the uninitialized buffer ;)
|
|
|
|
|
|
|
|
|
|
For hijacking build a complete delta for a single insert. Need to
externalize the parameters. It could work for multiple files too.
|
|
bt
#0 0x000133f4 in RB_FileSystemUpdate ()
#1 0x0000bf60 in RB_ComponentDeltaOperation ()
#2 0x0000c574 in RB_ComponentDeltaUpdate ()
#3 0x0000cc08 in RB_DeltaTraverse ()
#4 0x0000ccc8 in RB_vRM_Update ()
│0x133c4 <RB_FileSystemUpdate+6864> b 0x12a1c <RB_FileSystemUpdate+4392> │
│0x133c8 <RB_FileSystemUpdate+6868> ldr r3, [pc, #-2616] ; 0x12998 <RB_FileSystemU│
│0x133cc <RB_FileSystemUpdate+6872> mov r0, r10 │
│0x133d0 <RB_FileSystemUpdate+6876> ldr r2, [r3, #1620] ; 0x654 │
│0x133d4 <RB_FileSystemUpdate+6880> ldr r3, [r5, #-20] ; 0xffffffec │
│0x133d8 <RB_FileSystemUpdate+6884> ldr r1, [pc, #-2648] ; 0x12988 <RB_FileSystemU│
│0x133dc <RB_FileSystemUpdate+6888> bic r3, r3, #-1073741824 ; 0xc0000000 │
│0x133e0 <RB_FileSystemUpdate+6892> cmp r3, r2 │
│0x133e4 <RB_FileSystemUpdate+6896> movcs r3, #0 │
│0x133e8 <RB_FileSystemUpdate+6900> movcc r3, #1 │
│0x133ec <RB_FileSystemUpdate+6904> bl 0x8e54 <RB_Trace> │
│0x133f0 <RB_FileSystemUpdate+6908> b 0x130a4 <RB_FileSystemUpdate+6064> │
>│0x133f4 <RB_FileSystemUpdate+6912> ldrb r2, [r3], #1
|
|
* Truncate filesize to 20 bytes in hacked.toc (001b? IIRC)
* Add various 0x00 as well.. firsy 0x80... gets turned into the
compressed length but that fails.. needs to be bigger than 0x2000
to succeed.
* LZMA size and trailer overlap.. I was too lazy to add/deal with
padding so kept it short.. can be fixed...
* Modified path for /etc/rc2.d.. to extract new script
We seem lucky with file permissions.. that it is somehow executable
even if SetFileAttributes is not set...
|
|
This was introduced in commit 9a765881bf3dcd32847d7108cf48cb04a4ed993f
of mainline linux, but not everyone may be running 4.9-rc1 or later at
this point ;)
|
|
|
|
|
|
Not sure what is inside these other bits...offsets? lengths? crc?
who knows..
|
|
|
|
|
|
|
|
|
|
|
|
android_vendor_qulcomm_proprietary
|
|
|
|
|