From: jb881122 Date: Fri, 26 Apr 2024 04:25:11 +0000 (-0500) Subject: oor: Use string matching for supported-but-modified bootloaders X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ce6448a53211d94b4cd5a4c8fa1eec162faf69b9;p=GitHub%2FLineageOS%2Fandroid_hardware_samsung.git oor: Use string matching for supported-but-modified bootloaders Change-Id: I4daf18a31f2021dd542a0b34eadd4c865fa52643 --- diff --git a/oor/Android.bp b/oor/Android.bp index ec798a9..1a37943 100644 --- a/oor/Android.bp +++ b/oor/Android.bp @@ -43,6 +43,7 @@ cc_binary { "src/cmd_list.c", "src/cmd_undo.c", "src/crc.c", + "src/bl_check.c", "src/main.c", ":patch_code", ], diff --git a/oor/Makefile b/oor/Makefile index ded950f..53bb8ae 100644 --- a/oor/Makefile +++ b/oor/Makefile @@ -5,7 +5,7 @@ ARM_CC ?= arm-linux-androideabi-gcc ARM_OBJCOPY ?= $(ARM_CC:%gcc=%)objcopy OOR_MODULES := aboot_image asm boot_image cmd_crc cmd_list cmd_patch cmd_redirect \ - cmd_undo cmd_verify config crc file_utils little_endian main + cmd_undo cmd_verify config crc file_utils little_endian bl_check main ASM_MODULES := patch_code BIN_TO_C_MODULES := bin_to_c file_utils diff --git a/oor/src/bl_check.c b/oor/src/bl_check.c new file mode 100644 index 0000000..ec8953e --- /dev/null +++ b/oor/src/bl_check.c @@ -0,0 +1,125 @@ +#include "bl_check.h" +#include "config.h" +#include "crc.h" + +#include +#include +#include +#include +#include + +char *find_bytes(char *mem, size_t mem_len, char *to_find, size_t to_find_len) { + char *ret = NULL; + + for(size_t i = 0; i <= mem_len - to_find_len; i++) { + size_t j = 0; + while(j < to_find_len && mem[i + j] == to_find[j]) { + j++; + } + if(j == to_find_len) { + ret = &mem[i]; + break; + } + } + + return ret; +} + +char *get_next_string(char *mem, size_t mem_len, char *curr_ptr) { + char *ret = NULL; + + if(!curr_ptr) { + goto out; + } + + size_t i = curr_ptr - mem; + size_t j; + + /* Get to the end of the current string */ + while(i < mem_len && mem[i] != 0) { + i++; + } + + /* Get to the start of the next string */ + while(i < mem_len && mem[i] == 0) { + i++; + } + + /* Make sure the next string terminates */ + j = i; + while(j < mem_len && mem[j] != 0) { + j++; + } + + if(i != mem_len && j != mem_len) { + ret = mem + i; + } + +out: + return ret; +} + +bootloader_config *get_config_from_crc(char *bl_code, size_t bl_code_len) { + bootloader_config *config = NULL; + uint32_t bl_crc = 0; + + bl_crc = crc32(bl_code, bl_code_len); + for(size_t i = 0; i < num_configs; i++) { + if(configs[i].code_crc == bl_crc) { + config = &configs[i]; + break; + } + } + + return config; +} + +char bl_equals_str[] = "androidboot.bootloader=%s"; + +bootloader_config *get_config_from_string(char *bl_code, size_t bl_code_len) { + bootloader_config *config = NULL; + char *bl_str = NULL; + + bl_str = find_bytes(bl_code, bl_code_len, bl_equals_str, sizeof(bl_equals_str)); + bl_str = get_next_string(bl_code, bl_code_len, bl_str); + + if(!bl_str) { + goto out; + } + + for(size_t i = 0; i < num_configs; i++) { + if(!strcmp(configs[i].name, bl_str)) { + config = &configs[i]; + break; + } + } + +out: + return config; +} + +bootloader_config *get_config(char *bl_code, size_t bl_code_len) { + bootloader_config *ret = NULL; + + if(bl_code_len < 0x40000) { + goto out; + } + + ret = get_config_from_crc(bl_code, bl_code_len); + + if(!ret) { + ret = get_config_from_string(bl_code, bl_code_len); + if(ret) { + printf("WARNING: CRC Mismatch\n"); + } + } + +out: + if(ret) { + printf("Bootloader found: %s\n", ret->name); + } else { + printf("Unsupported bootloader\n"); + } + + return ret; +} diff --git a/oor/src/bl_check.h b/oor/src/bl_check.h new file mode 100644 index 0000000..0a2d50f --- /dev/null +++ b/oor/src/bl_check.h @@ -0,0 +1,10 @@ +#ifndef _BL_CHECK_H +#define _BL_CHECK_H + +#include "config.h" + +#include + +bootloader_config *get_config(char *bl_code, size_t bl_code_len); + +#endif diff --git a/oor/src/cmd_patch.c b/oor/src/cmd_patch.c index 033b49f..cea03a6 100644 --- a/oor/src/cmd_patch.c +++ b/oor/src/cmd_patch.c @@ -5,6 +5,7 @@ #include "crc.h" #include "asm.h" #include "little_endian.h" +#include "bl_check.h" #include #include @@ -43,16 +44,8 @@ int cmd_patch_main(int argc, char *argv[]) { bl_code = bootloader->code_ptr; bl_code_len = bootloader->code_size; - bl_crc = crc32(bl_code, bl_code_len); - for(size_t i = 0; i < num_configs; i++) { - if(configs[i].code_crc == bl_crc) { - config = &configs[i]; - printf("Supported bootloader found: %s\n", config->name); - break; - } - } + config = get_config(bl_code, bl_code_len); if(!config) { - printf("Unsupported bootloader\n"); goto out; } @@ -81,7 +74,9 @@ int cmd_patch_main(int argc, char *argv[]) { printf("Failed to embed original boot image\n"); goto out; } + image_kernel[3] = 1; + bl_crc = crc32(bl_code, bl_code_len); le_uint32_write(bl_crc, image_kernel, 4); image_ramdisk = make_exploit_ramdisk(bl_code, bl_code_len, config, diff --git a/oor/src/cmd_redirect.c b/oor/src/cmd_redirect.c index bc789de..bff3713 100644 --- a/oor/src/cmd_redirect.c +++ b/oor/src/cmd_redirect.c @@ -5,6 +5,7 @@ #include "crc.h" #include "asm.h" #include "little_endian.h" +#include "bl_check.h" #include #include @@ -69,16 +70,8 @@ int cmd_redirect_main(int argc, char *argv[]) { bl_code = bootloader->code_ptr; bl_code_len = bootloader->code_size; - bl_crc = crc32(bl_code, bl_code_len); - for(size_t i = 0; i < num_configs; i++) { - if(configs[i].code_crc == bl_crc) { - config = &configs[i]; - printf("Supported bootloader found: %s\n", config->name); - break; - } - } + config = get_config(bl_code, bl_code_len); if(!config) { - printf("Unsupported bootloader\n"); goto out; } @@ -88,6 +81,7 @@ int cmd_redirect_main(int argc, char *argv[]) { goto out; } + bl_crc = crc32(bl_code, bl_code_len); image_kernel = make_redirect_binary(argv[3], bl_crc, &image_kernel_len); if(!image_kernel) { printf("Failed to generate redirect binary\n");