basic blacklisting debug output

2019-07-10 15:35:26 +02:00
parent 6ec8badbe5
commit c842e4ec7d
2 changed files with 28 additions and 21 deletions
@@ -46,6 +46,8 @@ class InternalBlue:
        self.interface = None   # holds the context.device / hci interaface which is used to connect, is set in cli
        self.fw = None          # holds the firmware file

+        self.last_nesn_sn = None # TODO
+

        self.data_directory = data_directory
        self.s_inject = None    # This is the TCP socket to the HCI inject port
@@ -314,25 +316,6 @@ class InternalBlue:
            self.tracepoint_memdump_parts = {}


-        elif hcipkt.data[0:6] == "RAM___": # My custom header (see hook code)
-            dump_address = u32(hcipkt.data[6:10])
-            data = hcipkt.data[10:]
-
-            if self.tracepoint_memdump_address == None:
-                self.tracepoint_memdump_address = dump_address
-            normalized_address = dump_address - self.tracepoint_memdump_address 
-            self.tracepoint_memdump_parts[normalized_address] = data
-
-            # Check if this was the last packet
-            if len(self.tracepoint_memdump_parts) == self.fw.TRACEPOINT_RAM_DUMP_PKT_COUNT:
-                dump = fit(self.tracepoint_memdump_parts)
-                #TODO: use this to start qemu
-                filename = self.data_directory + "/" + "internalblue_tracepoint_0x%x_%s.bin" % (self.tracepoint_memdump_address, datetime.datetime.now().strftime("%Y-%m-%d_%H-%M-%S"))
-                log.info("Captured Ram Dump for Tracepoint 0x%x to %s" % (self.tracepoint_memdump_address, filename))
-                f = open(filename, "wb")
-                f.write(dump)
-                f.close()
-

    def addTracepoint(self, address):
        # Check if constants are defined in fw.py
@@ -1422,6 +1405,30 @@ class InternalBlue:
                log.info("[Coexistence Statistics: Grant=%d Reject=%d -> Reject Ratio %.4f]" % (coex_grant, coex_reject, coex_reject/float(coex_grant)))
                return

+        # TODO
+        elif hcipkt.data[0:4] == "RXDN": # TODO
+            data = hcipkt.data[4:]
+
+            curr_nesn_sn = u8(data[0xa4])
+
+            if self.last_nesn_sn and ((self.last_nesn_sn ^ curr_nesn_sn) & 0b1100) !=0b1100:
+                log.warn("TRANSMISSION ERROR (of *previous* packet)")
+
+            self.last_nesn_sn = curr_nesn_sn
+
+            log.debug("RXDN header byte 1: 0x%x \n" % u8(data[0xa4]))
+            log.debug("RXDN channel:       %d \n" % u8(data[0x83]))
+            log.debug("RXDN event:         %d \n" % u16(data[0x8e:0x90]))
+
+
+        elif hcipkt.data[0:4] == "LEPR": # TODO
+            data = hcipkt.data[4:]
+            log.debug("LEPR header byte 1: 0x%x \n" % u8(data[0xa4]))
+
+        elif hcipkt.data[0:4] == "RSSI":  # TODO
+            data = hcipkt.data[4:]
+            log.debug("RSSI: 0x%x \n" % u8(data[0]))
+
    def readHeapInformation(self):
        """
        Traverses the double-linked list of BLOC structs and returns them as a
@@ -149,8 +149,8 @@ FUZZLMP_ASM_CODE = """

 # Assembler snippet for tracepoints
 # In contrast to the Nexus 5 patch, we uninstall ourselves automatically and use internal debug functions
-TRACEPOINT_BODY_ASM_LOCATION = 0x00218500
-TRACEPOINT_HOOKS_LOCATION = 0x00218700
+TRACEPOINT_BODY_ASM_LOCATION = 0x00218950
+TRACEPOINT_HOOKS_LOCATION = 0x00218900
 TRACEPOINT_HOOK_SIZE = 40
 TRACEPOINT_HOOK_ASM = """
        push {r0-r12, lr}       // save all registers on the stack (except sp and pc)