forked from axi0mX/ipwndfu
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdevice_platform.py
132 lines (130 loc) · 5.72 KB
/
device_platform.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
class DevicePlatform:
def __init__(self, cpid, cprv, scep, arch, srtg, rom_base, rom_size, rom_sha1, sram_base, sram_size, dram_base, nonce_length, sep_nonce_length, demotion_reg):
self.cpid = cpid
self.cprv = cprv
self.scep = scep
self.arch = arch
self.srtg = srtg
self.rom_base = rom_base
self.rom_size = rom_size
self.rom_sha1 = rom_sha1
self.sram_base = sram_base
self.sram_size = sram_size
self.dram_base = dram_base
self.nonce_length = nonce_length
self.sep_nonce_length = sep_nonce_length
self.demotion_reg = demotion_reg
if self.cpid in [0x8940, 0x8947]:
self.dfu_image_base = 0x34000000
self.dfu_load_base = 0x9FF00000
self.recovery_image_base = 0x9FF00000
self.recovery_load_base = 0x80000000
if self.cpid in [0x8950, 0x8955]:
self.dfu_image_base = 0x10000000
self.dfu_load_base = 0xBFF00000
self.recovery_image_base = 0xBFF00000
self.recovery_load_base = 0x80000000
if self.cpid == 0x8960:
self.dfu_image_base = 0x180380000
self.dfu_load_base = 0x180000000 # varies (HACK: test purposes)
self.recovery_image_base = 0x83D7F7000 # varies
self.recovery_load_base = 0x800000000
if self.cpid in [0x8002, 0x8004]:
self.dfu_image_base = 0x48818000
self.dfu_load_base = 0x80000000
self.recovery_image_base = 0x48818000
self.recovery_load_base = 0x80000000
if self.cpid in [0x8010, 0x8011]:
self.dfu_image_base = 0x1800B0000
self.dfu_load_base = 0x800000000
self.recovery_image_base = 0x1800B0000
self.recovery_load_base = 0x800000000
if self.cpid in [0x8015]:
self.dfu_image_base = 0x18001C000
self.dfu_load_base = 0x800000000
self.recovery_image_base = 0x18001C000
self.recovery_load_base = 0x800000000
if self.cpid in [0x8003]:
self.dfu_image_base = 0x1800B0000
self.dfu_load_base = 0x800000000
self.recovery_image_base = 0x1800B0000
self.recovery_load_base = 0x800000000
def name(self):
if 0x8720 <= self.cpid <= 0x8960:
return 's5l%xxsi' % self.cpid
elif self.cpid in [0x7002, 0x8000, 0x8001, 0x8003]:
return 's%xsi' % self.cpid
else:
return 't%xsi' % self.cpid
all_platforms = [
DevicePlatform(cpid=0x8947, cprv=0x00, scep=0x10, arch='armv7', srtg='iBoot-1458.2',
rom_base=0x3F000000, rom_size=0x10000, rom_sha1='d9320ddd4bdb1de79ae0601f20e7db23441ab1a7',
sram_base=0x34000000, sram_size=0x40000,
dram_base=0x80000000,
nonce_length=20, sep_nonce_length=None,
demotion_reg=0x3F500000,
),
DevicePlatform(cpid=0x8950, cprv=0x20, scep=0x10, arch='armv7s', srtg='iBoot-1145.3',
rom_base=0x3F000000, rom_size=0x10000, rom_sha1='50a8dd9863868c971aaf95a96e5152378784e4db',
sram_base=0x10000000, sram_size=0x80000,
dram_base=0x80000000,
nonce_length=20, sep_nonce_length=None,
demotion_reg=0x3F500000,
),
DevicePlatform(cpid=0x8955, cprv=0x20, scep=0x10, arch='armv7s', srtg='iBoot-1145.3.3',
rom_base=0x3F000000, rom_size=0x10000, rom_sha1='3af575cc84e54f951db2a83227737664abdc8f40',
sram_base=0x10000000, sram_size=0x80000,
dram_base=0x80000000,
nonce_length=20, sep_nonce_length=None,
demotion_reg=0x3F500000,
),
DevicePlatform(cpid=0x8002, cprv=0x10, scep=0x01, arch='armv7k', srtg='iBoot-2651.0.0.1.31',
rom_base=0x40000000, rom_size=0x100000, rom_sha1='46c14a17f54ec6079260e9253e813084ab1e634b',
sram_base=0x48800000, sram_size=0x120000,
dram_base=0x80000000,
nonce_length=32, sep_nonce_length=20,
demotion_reg=0x481BC000,
),
DevicePlatform(cpid=0x8004, cprv=0x10, scep=0x01, arch='armv7k', srtg='iBoot-2651.0.0.3.3',
rom_base=0x40000000, rom_size=0x20000, rom_sha1='8afdcd6c147ac63fddadd1b92536d1f80c0b8a21',
sram_base=0x48800000, sram_size=0x140000,
dram_base=0x80000000,
nonce_length=32, sep_nonce_length=20,
demotion_reg=0x481BC000,
),
DevicePlatform(cpid=0x8960, cprv=0x11, scep=0x01, arch='arm64', srtg='iBoot-1704.10',
rom_base=0x100000000, rom_size=0x80000, rom_sha1='2ae035c46e02ca40ae777f89a6637be694558f0a',
sram_base=0x180000000, sram_size=0x400000,
dram_base=0x800000000,
nonce_length=20, sep_nonce_length=20,
demotion_reg=0x20E02A000,
),
DevicePlatform(cpid=0x8010, cprv=0x11, scep=0x01, arch='arm64', srtg='iBoot-2696.0.0.1.33',
rom_base=0x100000000, rom_size=0x20000, rom_sha1='41a488b3c46ff06c1a2376f3405b079fb0f15316',
sram_base=0x180000000, sram_size=0x200000,
dram_base=0x800000000,
nonce_length=32, sep_nonce_length=20,
demotion_reg=0x2102BC000,
),
DevicePlatform(cpid=0x8011, cprv=0x10, scep=0x01, arch='arm64', srtg='iBoot-3135.0.0.2.3',
rom_base=0x100000000, rom_size=0x100000, rom_sha1='2fae20a11860b0e3ce1d8a6df7d3961f610ab70d',
sram_base=0x180000000, sram_size=0x200000,
dram_base=0x800000000,
nonce_length=32, sep_nonce_length=20,
demotion_reg=0x2102BC000,
),
DevicePlatform(cpid=0x8015, cprv=0x11, scep=0x01, arch='arm64', srtg='iBoot-3332.0.0.1.23',
rom_base=0x100000000, rom_size=0x100000, rom_sha1='96fccb1a63de1a2d50ff14555d3898a5af46e9b1',
sram_base=0x180000000, sram_size=0x200000,
dram_base=0x800000000,
nonce_length=32, sep_nonce_length=20,
demotion_reg=0x2352BC000,
),
DevicePlatform(cpid=0x8003, cprv=0x01, scep=0x01, arch='arm64', srtg='iBoot-2234.0.0.2.22',
rom_base=0x100000000, rom_size=0x20000, rom_sha1='93d69e2430e2f0c161e3e1144b69b4da1859169b',
sram_base=0x180000000, sram_size=0x200000,
dram_base=0x800000000,
nonce_length=32, sep_nonce_length=20,
demotion_reg=0x2102BC000,
),
]