TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-04-22 15:31:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use memmem for searching byte patterns

Browse Source
This commit is contained in:
topjohnwu 2021-02-28 14:36:48 -08:00
parent 0d42f937dd
commit 55fdee4d65
3 changed files with 80 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
native/jni/magiskboot/bootimg.cpp
View File

@ -198,27 +198,31 @@ boot_img::~boot_img() {
} }
static int find_dtb_offset(uint8_t *buf, unsigned sz) { static int find_dtb_offset(uint8_t *buf, unsigned sz) {
for (int off = 0; off + sizeof(fdt_header) < sz; ++off) { uint8_t * const end = buf + sz;
auto fdt_hdr = reinterpret_cast<fdt_header *>(buf + off);
if (fdt32_to_cpu(fdt_hdr->magic) != FDT_MAGIC) for (uint8_t *curr = buf; curr < end; curr += sizeof(fdt_header)) {
continue; curr = static_cast<uint8_t*>(memmem(curr, end - curr, DTB_MAGIC, sizeof(fdt32_t)));
if (curr == nullptr)
return -1;
auto fdt_hdr = reinterpret_cast<fdt_header *>(curr);
// Check that fdt_header.totalsize does not overflow kernel image size // Check that fdt_header.totalsize does not overflow kernel image size
uint32_t totalsize = fdt32_to_cpu(fdt_hdr->totalsize); uint32_t totalsize = fdt32_to_cpu(fdt_hdr->totalsize);
if (totalsize + off > sz) if (curr + totalsize > end)
continue; continue;
// Check that fdt_header.off_dt_struct does not overflow kernel image size // Check that fdt_header.off_dt_struct does not overflow kernel image size
uint32_t off_dt_struct = fdt32_to_cpu(fdt_hdr->off_dt_struct); uint32_t off_dt_struct = fdt32_to_cpu(fdt_hdr->off_dt_struct);
if (off_dt_struct + off > sz) if (curr + off_dt_struct > end)
continue; continue;
// Check that fdt_node_header.tag of first node is FDT_BEGIN_NODE // Check that fdt_node_header.tag of first node is FDT_BEGIN_NODE
auto fdt_node_hdr = reinterpret_cast<fdt_node_header *>(buf + off + off_dt_struct); auto fdt_node_hdr = reinterpret_cast<fdt_node_header *>(curr + off_dt_struct);
if (fdt32_to_cpu(fdt_node_hdr->tag) != FDT_BEGIN_NODE) if (fdt32_to_cpu(fdt_node_hdr->tag) != FDT_BEGIN_NODE)
continue; continue;
return off; return curr - buf;
} }
return -1; return -1;
} }

36
native/jni/magiskboot/dtb.cpp
View File

@ -103,9 +103,11 @@ static void dtb_print(const char *file, bool fstab) {
mmap_ro(file, dtb, size); mmap_ro(file, dtb, size);
// Loop through all the dtbs // Loop through all the dtbs
int dtb_num = 0; int dtb_num = 0;
for (int i = 0; i < size; ++i) { uint8_t * const end = dtb + size;
if (memcmp(dtb + i, FDT_MAGIC_STR, 4) == 0) { for (uint8_t *fdt = dtb; fdt < end;) {
auto fdt = dtb + i; fdt = static_cast<uint8_t*>(memmem(fdt, end - fdt, FDT_MAGIC_STR, sizeof(fdt32_t)));
if (fdt == nullptr)
break;
if (fstab) { if (fstab) {
int node = find_fstab(fdt); int node = find_fstab(fdt);
if (node >= 0) { if (node >= 0) {
@ -117,8 +119,7 @@ static void dtb_print(const char *file, bool fstab) {
print_node(fdt); print_node(fdt);
} }
++dtb_num; ++dtb_num;
i += fdt_totalsize(fdt) - 1; fdt += fdt_totalsize(fdt);
}
} }
fprintf(stderr, "\n"); fprintf(stderr, "\n");
munmap(dtb, size); munmap(dtb, size);
@ -136,9 +137,11 @@ static bool dtb_patch(const char *file) {
mmap_rw(file, dtb, size); mmap_rw(file, dtb, size);
bool patched = false; bool patched = false;
for (int i = 0; i < size; ++i) { uint8_t * const end = dtb + size;
if (memcmp(dtb + i, FDT_MAGIC_STR, 4) == 0) { for (uint8_t *fdt = dtb; fdt < end;) {
auto fdt = dtb + i; fdt = static_cast<uint8_t*>(memmem(fdt, end - fdt, FDT_MAGIC_STR, sizeof(fdt32_t)));
if (fdt == nullptr)
break;
if (int fstab = find_fstab(fdt); fstab >= 0) { if (int fstab = find_fstab(fdt); fstab >= 0) {
int node; int node;
fdt_for_each_subnode(node, fdt, fstab) { fdt_for_each_subnode(node, fdt, fstab) {
@ -149,8 +152,7 @@ static bool dtb_patch(const char *file) {
} }
} }
} }
i += fdt_totalsize(fdt) - 1; fdt += fdt_totalsize(fdt);
}
} }
munmap(dtb, size); munmap(dtb, size);
@ -312,18 +314,20 @@ static bool blob_patch(uint8_t *dtb, size_t dtb_sz, const char *out) {
vector<uint8_t *> fdt_list; vector<uint8_t *> fdt_list;
vector<uint32_t> padding_list; vector<uint32_t> padding_list;
for (int i = 0; i < dtb_sz; ++i) { uint8_t * const end = dtb + dtb_sz;
if (memcmp(dtb + i, FDT_MAGIC_STR, 4) == 0) { for (uint8_t *curr = dtb; curr < end;) {
auto len = fdt_totalsize(dtb + i); curr = static_cast<uint8_t*>(memmem(curr, end - curr, FDT_MAGIC_STR, sizeof(fdt32_t)));
if (curr == nullptr)
break;
auto len = fdt_totalsize(curr);
auto fdt = static_cast<uint8_t *>(xmalloc(len + MAX_FDT_GROWTH)); auto fdt = static_cast<uint8_t *>(xmalloc(len + MAX_FDT_GROWTH));
memcpy(fdt, dtb + i, len); memcpy(fdt, curr, len);
fdt_pack(fdt); fdt_pack(fdt);
uint32_t padding = len - fdt_totalsize(fdt); uint32_t padding = len - fdt_totalsize(fdt);
padding_list.push_back(padding); padding_list.push_back(padding);
fdt_open_into(fdt, fdt, len + MAX_FDT_GROWTH); fdt_open_into(fdt, fdt, len + MAX_FDT_GROWTH);
fdt_list.push_back(fdt); fdt_list.push_back(fdt);
i += len - 1; curr += len;
}
} }
bool modified = false; bool modified = false;

49
native/jni/magiskboot/hexpatch.cpp
View File

@ -1,43 +1,44 @@
#include <stdlib.h>
#include <ctype.h>
#include <string.h>
#include <sys/mman.h> #include <sys/mman.h>
#include <utils.hpp> #include <utils.hpp>
#include "magiskboot.hpp" #include "magiskboot.hpp"
static void hex2byte(uint8_t *hex, uint8_t *str) { using namespace std;
static void hex2byte(const char *hex, uint8_t *buf) {
char high, low; char high, low;
for (int i = 0, length = strlen((char *) hex); i < length; i += 2) { for (int i = 0, length = strlen(hex); i < length; i += 2) {
high = toupper(hex[i]) - '0'; high = toupper(hex[i]) - '0';
low = toupper(hex[i + 1]) - '0'; low = toupper(hex[i + 1]) - '0';
str[i / 2] = ((high > 9 ? high - 7 : high) << 4) + (low > 9 ? low - 7 : low); buf[i / 2] = ((high > 9 ? high - 7 : high) << 4) + (low > 9 ? low - 7 : low);
} }
} }
int hexpatch(const char *image, const char *from, const char *to) { int hexpatch(const char *image, const char *from, const char *to) {
int patternsize = strlen(from) / 2, patchsize = strlen(to) / 2;
int patched = 1; int patched = 1;
size_t filesize;
uint8_t *file, *pattern, *patch; uint8_t *buf;
mmap_rw(image, file, filesize); size_t sz;
pattern = (uint8_t *) xmalloc(patternsize); mmap_rw(image, buf, sz);
patch = (uint8_t *) xmalloc(patchsize); run_finally f([=]{ munmap(buf, sz); });
hex2byte((uint8_t *) from, pattern);
hex2byte((uint8_t *) to, patch); vector<uint8_t> pattern(strlen(from) / 2);
for (size_t i = 0; filesize > 0 && i < filesize - patternsize; ++i) { vector<uint8_t> patch(strlen(to) / 2);
if (memcmp(file + i, pattern, patternsize) == 0) {
fprintf(stderr, "Patch @ %08X [%s]->[%s]\n", (unsigned) i, from, to); hex2byte(from, pattern.data());
memset(file + i, 0, patternsize); hex2byte(to, patch.data());
memcpy(file + i, patch, patchsize);
i += patternsize - 1; uint8_t * const end = buf + sz;
for (uint8_t *curr = buf; curr < end; curr += pattern.size()) {
curr = static_cast<uint8_t*>(memmem(curr, end - curr, pattern.data(), pattern.size()));
if (curr == nullptr)
return patched;
fprintf(stderr, "Patch @ %08X [%s] -> [%s]\n", curr - buf, from, to);
memset(curr, 0, pattern.size());
memcpy(curr, patch.data(), patch.size());
patched = 0; patched = 0;
} }
}
munmap(file, filesize);
free(pattern);
free(patch);
return patched; return patched;
} }