summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-12-28add script to change EC20 USB compositionHEADmasterHarald Welte1-0/+26
2016-12-25atcop_test: Make example actually workHarald Welte1-1/+8
The reason it wasn't working so far is that the baseband firmware appears have a compile-time white-list of AT commands for which the AT command forwarding is permitted. Any other commands are rejected with error 48 (invalid argument) :/
2016-12-25qmuxd_wrapper: Fix stream_append()Harald Welte1-1/+1
we want to copy to the actual buffer... One ampersand less.
2016-12-25qmuxd_wrapper: reduce logging by adding a compile-time DEBUG optionHarald Welte1-5/+11
2016-12-25qmuxd_wrapper: Make hexdump buffer thread-local, to be on the safe sideHarald Welte2-2/+2
2016-12-25qmuxd_wrapper: Add some protocol decode logic; fix recv/read bugsHarald Welte2-20/+201
we need to actually first call libc's read/recv and then interpret the data, rathe than interpretting the uninitialized buffer ;)
2016-12-25qmuxd_wrapper: Reduce dlsym() load (don't call it again and again)Harald Welte1-6/+12
2016-12-25add .gitignoreHarald Welte1-0/+6
2016-12-25qmi_test: some more debug output so it can be correlated with qmuxd tracesHarald Welte1-5/+11
2016-12-25add a LD_PRELOAD wrapper to trace client <-> qmuxd communicationsHarald Welte2-0/+140
2016-12-18Add utility to build a delta file with a single insertHolger Hans Peter Freyther1-0/+124
For hijacking build a complete delta for a single insert. Need to externalize the parameters. It could work for multiple files too.
2016-12-17Add crashing exampleHolger Hans Peter Freyther1-0/+0
bt #0 0x000133f4 in RB_FileSystemUpdate () #1 0x0000bf60 in RB_ComponentDeltaOperation () #2 0x0000c574 in RB_ComponentDeltaUpdate () #3 0x0000cc08 in RB_DeltaTraverse () #4 0x0000ccc8 in RB_vRM_Update () │0x133c4 <RB_FileSystemUpdate+6864> b 0x12a1c <RB_FileSystemUpdate+4392> │ │0x133c8 <RB_FileSystemUpdate+6868> ldr r3, [pc, #-2616] ; 0x12998 <RB_FileSystemU│ │0x133cc <RB_FileSystemUpdate+6872> mov r0, r10 │ │0x133d0 <RB_FileSystemUpdate+6876> ldr r2, [r3, #1620] ; 0x654 │ │0x133d4 <RB_FileSystemUpdate+6880> ldr r3, [r5, #-20] ; 0xffffffec │ │0x133d8 <RB_FileSystemUpdate+6884> ldr r1, [pc, #-2648] ; 0x12988 <RB_FileSystemU│ │0x133dc <RB_FileSystemUpdate+6888> bic r3, r3, #-1073741824 ; 0xc0000000 │ │0x133e0 <RB_FileSystemUpdate+6892> cmp r3, r2 │ │0x133e4 <RB_FileSystemUpdate+6896> movcs r3, #0 │ │0x133e8 <RB_FileSystemUpdate+6900> movcc r3, #1 │ │0x133ec <RB_FileSystemUpdate+6904> bl 0x8e54 <RB_Trace> │ │0x133f0 <RB_FileSystemUpdate+6908> b 0x130a4 <RB_FileSystemUpdate+6064> │ >│0x133f4 <RB_FileSystemUpdate+6912> ldrb r2, [r3], #1
2016-12-17Further document the format and produce a rogue system updateHolger Hans Peter Freyther3-1/+11
* Truncate filesize to 20 bytes in hacked.toc (001b? IIRC) * Add various 0x00 as well.. firsy 0x80... gets turned into the compressed length but that fails.. needs to be bigger than 0x2000 to succeed. * LZMA size and trailer overlap.. I was too lazy to add/deal with padding so kept it short.. can be fixed... * Modified path for /etc/rc2.d.. to extract new script We seem lucky with file permissions.. that it is somehow executable even if SetFileAttributes is not set...
2016-12-17add general EC21/EC25 patchHarald Welte1-0/+98
This was introduced in commit 9a765881bf3dcd32847d7108cf48cb04a4ed993f of mainline linux, but not everyone may be running 4.9-rc1 or later at this point ;)
2016-12-17add kernel patches for better support of EC2x in linuxHarald Welte2-0/+211
2016-12-17remove qmi.txt it has moved to wikiHarald Welte1-276/+0
2016-12-13Figure out where the first lzma data will start...Holger Hans Peter Freyther2-1/+26
Not sure what is inside these other bits...offsets? lengths? crc? who knows..
2016-12-12Add some notes for lzma..Holger Hans Peter Freyther1-0/+61
2016-12-11dissect: Print the header of the actual update formatHolger Hans Peter Freyther1-3/+38
2016-12-11start to dissect the update header itself..Holger Hans Peter Freyther1-17/+37
2016-12-11ec20: Alignment is just 16bit.. needed for userdata.diff handlingHolger Hans Peter Freyther1-1/+1
2016-12-11update: First discovery of information about the file format..Holger Hans Peter Freyther2-0/+76
2016-11-07add patch to change IDL minor + tool versions of ↵Harald Welte1-0/+147
android_vendor_qulcomm_proprietary
2016-11-06add (non-functional) example registering an AT commandHarald Welte2-3/+117
2016-11-06initial import of qmi_test.c reading out the device IMEIHarald Welte3-0/+364
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 20:58:25 +0000