From 91273c47b7034ff34d9814935d0d684e33122afa Mon Sep 17 00:00:00 2001 From: Frederik Carlier Date: Mon, 15 Mar 2021 12:09:43 +0000 Subject: [PATCH 1/2] Accept both trst and rtsc payload types for trust cache --- hw/arm/xnu.c | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/hw/arm/xnu.c b/hw/arm/xnu.c index cfc69e37123..bba7043436f 100644 --- a/hw/arm/xnu.c +++ b/hw/arm/xnu.c @@ -156,7 +156,7 @@ static void macho_dtb_node_process(DTBNode *node) // the raw file contents are returned. Exits if an error occurs. // See https://www.theiphonewiki.com/wiki/IMG4_File_Format for an overview // of the file format. -static void extract_im4p_payload(const char* filename, const char* payload_type, uint8_t **data, uint32_t* length) { +static void extract_im4p_payload(const char* filename, char* payload_type /* must be at least 4 bytes long */, uint8_t **data, uint32_t* length) { uint8_t *file_data = NULL; unsigned long fsize; @@ -182,7 +182,6 @@ static void extract_im4p_payload(const char* filename, const char* payload_type, if ((ret = asn1_der_decoding(&img4, (const uint8_t*)file_data, (uint32_t)fsize, errorDescription)) == ASN1_SUCCESS) { char magic[4]; - char type[4]; char description[128]; int len; @@ -193,21 +192,16 @@ static void extract_im4p_payload(const char* filename, const char* payload_type, } if (strncmp(magic, "IM4P", 4) != 0) { - error_report("Could parse ASN.1 data in file '%s' because it does not start with the IM4P header.", filename); + error_report("Couldn't parse ASN.1 data in file '%s' because it does not start with the IM4P header.", filename); exit(EXIT_FAILURE); } len = 4; - if ((ret = asn1_read_value(img4, "type", type, &len)) != ASN1_SUCCESS) { + if ((ret = asn1_read_value(img4, "type", payload_type, &len)) != ASN1_SUCCESS) { error_report("Failed to read the im4p type in file '%s': %d.", filename, ret); exit(EXIT_FAILURE); } - if (strncmp(type, payload_type, 4) != 0) { - error_report("Could parse ASN.1 data in file '%s' because it is not a '%s' object, found '%s' object.", filename, payload_type, type); - exit(EXIT_FAILURE); - } - len = 128; if ((ret = asn1_read_value(img4, "description", description, &len)) != ASN1_SUCCESS) { error_report("Failed to read the im4p description in file '%s': %d.", filename, ret); @@ -267,8 +261,15 @@ DTBNode* load_dtb_from_file(char *filename) { DTBNode *root = NULL; uint8_t *file_data = NULL; uint32_t fsize; + char payload_type[4]; + + extract_im4p_payload(filename, payload_type, &file_data, &fsize); + + if (strncmp(payload_type, "dtre", 4) != 0) { + error_report("Could parse ASN.1 data in file '%s' because it is not a 'dtre' object, found '%.4s' object.", filename, payload_type); + exit(EXIT_FAILURE); + } - extract_im4p_payload(filename, "dtre", &file_data, &fsize); root = load_dtb(file_data); g_free(file_data); @@ -414,8 +415,16 @@ void macho_load_trustcache(const char *filename, AddressSpace *as, MemoryRegion uint8_t* file_data = NULL; unsigned long file_size = 0; uint32_t length = 0; + char payload_type[4]; + + extract_im4p_payload(filename, payload_type, &file_data, &length); + + if (strncmp(payload_type, "trst", 4) != 0 + && strncmp(payload_type, "rtsc", 4) != 0) { + error_report("Couldn't parse ASN.1 data in file '%s' because it is not a 'trst' or 'rtsc' object, found '%.4s' object.", filename, payload_type); + exit(EXIT_FAILURE); + } - extract_im4p_payload(filename, "trst", &file_data, &length); file_size = (unsigned long)length; trustcache_size = file_size + 8; @@ -588,8 +597,14 @@ void macho_file_highest_lowest(const char *filename, hwaddr *lowest, { uint32_t len; uint8_t *data = NULL; + char payload_type[4]; - extract_im4p_payload(filename, "krnl", &data, &len); + extract_im4p_payload(filename, payload_type, &data, &len); + + if (strncmp(payload_type, "krnl", 4) != 0) { + error_report("Couldn't parse ASN.1 data in file '%s' because it is not a 'krnl' object, found '%.4s' object.", filename, payload_type); + exit(EXIT_FAILURE); + } struct mach_header_64* mh = (struct mach_header_64*)data; @@ -609,8 +624,14 @@ void arm_load_macho(char *filename, AddressSpace *as, MemoryRegion *mem, uint8_t *data = NULL; uint32_t len; uint8_t* rom_buf = NULL; + char payload_type[4]; + + extract_im4p_payload(filename, payload_type, &data, &len); - extract_im4p_payload(filename, "krnl", &data, &len); + if (strncmp(payload_type, "krnl", 4) != 0) { + error_report("Couldn't parse ASN.1 data in file '%s' because it is not a 'krnl' object, found '%.4s' object.", filename, payload_type); + exit(EXIT_FAILURE); + } struct mach_header_64* mh = (struct mach_header_64*)data; From f22df36de5a93f4ba94088c2821d198c10b8aabd Mon Sep 17 00:00:00 2001 From: TrungNguyen1909 Date: Mon, 15 Mar 2021 20:50:29 +0700 Subject: [PATCH 2/2] Update hw/arm/xnu.c --- hw/arm/xnu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/xnu.c b/hw/arm/xnu.c index bba7043436f..d25fd708807 100644 --- a/hw/arm/xnu.c +++ b/hw/arm/xnu.c @@ -266,7 +266,7 @@ DTBNode* load_dtb_from_file(char *filename) { extract_im4p_payload(filename, payload_type, &file_data, &fsize); if (strncmp(payload_type, "dtre", 4) != 0) { - error_report("Could parse ASN.1 data in file '%s' because it is not a 'dtre' object, found '%.4s' object.", filename, payload_type); + error_report("Couldn't parse ASN.1 data in file '%s' because it is not a 'dtre' object, found '%.4s' object.", filename, payload_type); exit(EXIT_FAILURE); }