注册 登录
自由的生活_软路由 返回首页

心想事成的个人空间 https://bbs.routerclub.com/?681 [收藏] [复制] [分享] [RSS]

日志

qualcomm mbn ida loader插件

已有 145 次阅读2024-10-10 10:03

 import idaapi
import idc
from idautils import *

BOOT_SEGMENT = "QCOM_BOOT"

class SBL_HEADER:
    def __init__(self, data):
        self.load_index = int.from_bytes(data[0:4], 'little')
        self.flash_partition_version = int.from_bytes(data[4:8], 'little')
        self.image_source_pointer = int.from_bytes(data[8:12], 'little')
        self.image_dest_pointer = int.from_bytes(data[12:16], 'little')
        self.image_size = int.from_bytes(data[16:20], 'little')
        self.code_size = int.from_bytes(data[20:24], 'little')
        self.signature_addr = int.from_bytes(data[24:28], 'little')
        self.signature_size = int.from_bytes(data[28:32], 'little')
        self.cert_chain_addr = int.from_bytes(data[32:36], 'little')
        self.cert_chain_size = int.from_bytes(data[36:40], 'little')

def load_file_data(li):
    size = idaapi.get_fileregion_offset(li)
    data = idaapi.get_bytes(li, size)
    return data

def accept_file(li, n):
    if n > 0:
        return 0

    data = load_file_data(li)
    if not data or len(data) < 0x100:
        return 0

    header = SBL_HEADER(data)
    idaapi.set_processor_type("ARM", idaapi.SETPROC_ALL)
    return "Qualcomm MBN Bootchain Stage"

def load_file(li, neflags, formatname):
    data = load_file_data(li)
    if not data or len(data) < 0x100:
        idaapi.loader_failure("cannot read input file\n")

    header = SBL_HEADER(data)

    idaapi.file2base(li, len(data), header.image_dest_pointer, header.image_dest_pointer + header.code_size, True)

    if not idaapi.add_segm(0, header.image_dest_pointer, header.image_dest_pointer + header.code_size, BOOT_SEGMENT, "CODE"):
        idaapi.loader_failure("cannot create code segment\n")

    seg = idaapi.get_segm_by_name(BOOT_SEGMENT)
    idaapi.set_segm_addressing(seg, 1)
    idaapi.add_entry(header.image_dest_pointer, header.image_dest_pointer, "boot_base", True)

def save_file(li, file, formatname):
    seg = idaapi.get_segm_by_name(BOOT_SEGMENT)
    if not seg:
        return 0

    idaapi.base2file(file, 0, seg.start_ea, seg.end_ea)
    return 1

def PLUGIN_ENTRY():
    return idaapi.plugin_t(
        flags=idaapi.PLUGIN_UNL,
        comment="Qualcomm MBN Bootchain Stage Loader",
        help="Loads Qualcomm MBN Bootchain Stage files",
        wanted_name="QCOM MBN Loader",
        wanted_hotkey="",
        init=lambda: idaapi.PLUGIN_OK,
        term=lambda: None,
        run=lambda arg: None
    )


路过
雷人
握手
鲜花
鸡蛋
收藏分享邀请 举报

全部作者的其他最新日志

评论 (0 个评论)

facelist doodle 涂鸦板

您需要登录后才可以评论 登录 | 注册

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-11-21 17:34 , Processed in 0.063500 second(s), 6 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

返回顶部