nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | /*************************************************************************** |
| 2 | * * |
||
| 3 | * ########### ########### ########## ########## * |
||
| 4 | * ############ ############ ############ ############ * |
||
| 5 | * ## ## ## ## ## ## ## * |
||
| 6 | * ## ## ## ## ## ## ## * |
||
| 7 | * ########### #### ###### ## ## ## ## ###### * |
||
| 8 | * ########### #### # ## ## ## ## # # * |
||
| 9 | * ## ## ###### ## ## ## ## # # * |
||
| 10 | * ## ## # ## ## ## ## # # * |
||
| 11 | * ############ ##### ###### ## ## ## ##### ###### * |
||
| 12 | * ########### ########### ## ## ## ########## * |
||
| 13 | * * |
||
| 14 | * S E C U R E M O B I L E N E T W O R K I N G * |
||
| 15 | * * |
||
| 16 | * This file is part of NexMon. * |
||
| 17 | * * |
||
| 18 | * Copyright (c) 2016 NexMon Team * |
||
| 19 | * * |
||
| 20 | * NexMon is free software: you can redistribute it and/or modify * |
||
| 21 | * it under the terms of the GNU General Public License as published by * |
||
| 22 | * the Free Software Foundation, either version 3 of the License, or * |
||
| 23 | * (at your option) any later version. * |
||
| 24 | * * |
||
| 25 | * NexMon is distributed in the hope that it will be useful, * |
||
| 26 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * |
||
| 27 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * |
||
| 28 | * GNU General Public License for more details. * |
||
| 29 | * * |
||
| 30 | * You should have received a copy of the GNU General Public License * |
||
| 31 | * along with NexMon. If not, see <http://www.gnu.org/licenses/>. * |
||
| 32 | * * |
||
| 33 | **************************************************************************/ |
||
| 34 | |||
| 35 | #pragma NEXMON targetregion "patch" |
||
| 36 | |||
| 37 | #include <firmware_version.h> // definition of firmware version macros |
||
| 38 | #include <debug.h> // contains macros to access the debug hardware |
||
| 39 | #include <wrapper.h> // wrapper definitions for functions that already exist in the firmware |
||
| 40 | #include <structs.h> // structures that are used by the code in the firmware |
||
| 41 | #include <helper.h> // useful helper functions |
||
| 42 | #include <patcher.h> // macros used to craete patches such as BLPatch, BPatch, ... |
||
| 43 | #include <rates.h> // rates used to build the ratespec for frame injection |
||
| 44 | #include <nexioctls.h> // ioctls added in the nexmon patch |
||
| 45 | #include <capabilities.h> // capabilities included in a nexmon patch |
||
| 46 | #include <sendframe.h> // sendframe functionality |
||
| 47 | #include <version.h> // version information |
||
| 48 | //#include <bcmpcie.h> |
||
| 49 | #include <argprintf.h> // allows to execute argprintf to print into the arg buffer |
||
| 50 | |||
| 51 | extern unsigned int fp_orig_data[][2]; |
||
| 52 | extern unsigned int fp_orig_data_len; |
||
| 53 | |||
| 54 | int |
||
| 55 | wlc_ioctl_hook(struct wlc_info *wlc, int cmd, char *arg, int len, void *wlc_if) |
||
| 56 | { |
||
| 57 | int ret = IOCTL_ERROR; |
||
| 58 | argprintf_init(arg, len); |
||
| 59 | |||
| 60 | switch (cmd) { |
||
| 61 | case 0x600: |
||
| 62 | if (len >= 4) |
||
| 63 | *(int *) arg = 0x11223344; |
||
| 64 | ret = IOCTL_SUCCESS; |
||
| 65 | break; |
||
| 66 | |||
| 67 | // dump stored ROM values that were stored before flash patching |
||
| 68 | case 0x601: |
||
| 69 | memcpy(arg, fp_orig_data, len); |
||
| 70 | ret = IOCTL_SUCCESS; |
||
| 71 | break; |
||
| 72 | |||
| 73 | // dump ROM contents starting from address stored in arg |
||
| 74 | // automatically removes flash patches |
||
| 75 | case 0x602: |
||
| 76 | { |
||
| 77 | unsigned int start_addr = *(unsigned int *) arg; |
||
| 78 | memcpy(arg, *(char **) arg, len); |
||
| 79 | int i; |
||
| 80 | for (i = 0; i < fp_orig_data_len; i++) { |
||
| 81 | if ((fp_orig_data[i][0] >= start_addr) && (fp_orig_data[i][0] < start_addr + len)) { |
||
| 82 | ((unsigned int *) arg)[(fp_orig_data[i][0] - start_addr) / 4] = fp_orig_data[i][1]; |
||
| 83 | } |
||
| 84 | } |
||
| 85 | ret = IOCTL_SUCCESS; |
||
| 86 | break; |
||
| 87 | } |
||
| 88 | |||
| 89 | case 0x603: // read from memory |
||
| 90 | { |
||
| 91 | memcpy(arg, *(char **) arg, len); |
||
| 92 | ret = IOCTL_SUCCESS; |
||
| 93 | break; |
||
| 94 | } |
||
| 95 | |||
| 96 | case 0x604: // write to console |
||
| 97 | { |
||
| 98 | arg[len-1] = 0; |
||
| 99 | printf("%s\n", arg); |
||
| 100 | ret = IOCTL_SUCCESS; |
||
| 101 | break; |
||
| 102 | } |
||
| 103 | |||
| 104 | case 0x605: // dump console |
||
| 105 | { |
||
| 106 | unsigned int *config = *(unsigned int **) 0x208e38; |
||
| 107 | if (len >= config[3]) { |
||
| 108 | memcpy(arg, (char *) (config[2] + config[4]), config[3] - config[4]); |
||
| 109 | memcpy(arg + config[3] - config[4], (char *) config[2], config[4]); |
||
| 110 | ret = IOCTL_SUCCESS; |
||
| 111 | } |
||
| 112 | break; |
||
| 113 | } |
||
| 114 | |||
| 115 | default: |
||
| 116 | ret = wlc_ioctl(wlc, cmd, arg, len, wlc_if); |
||
| 117 | } |
||
| 118 | |||
| 119 | return ret; |
||
| 120 | } |
||
| 121 | |||
| 122 | __attribute__((at(0x1F1DE8, "", CHIP_VER_BCM4358, FW_VER_7_112_200_17))) |
||
| 123 | __attribute__((at(0x1F1EE8, "", CHIP_VER_BCM4358, FW_VER_7_112_201_3))) |
||
| 124 | __attribute__((at(0x210258, "", CHIP_VER_BCM43451b1, FW_VER_7_63_43_0))) |
||
| 125 | __attribute__((at(0x208F20, "", CHIP_VER_BCM43455c0, FW_VER_7_45_154))) |
||
| 126 | GenericPatch4(wlc_ioctl_hook, wlc_ioctl_hook + 1); |