updated readme

Merge branch 'master' of https://dev.seemoo.tu-darmstadt.de/bcm/internalblue
updated firmware files
2020-02-06 00:55:20 +01:00 · 2020-02-03 23:38:32 +01:00 · 2020-02-03 23:38:00 +01:00 · 2020-01-22 12:52:07 +01:00
6 changed files with 34 additions and 6 deletions
@@ -54,6 +54,17 @@ was also recorded and gives a more high level overview.

  Our talk [Playing with Bluetooth](https://media.ccc.de/v/2019-185-playing-with-bluetooth) focuses on new device support
  within *InternalBlue* and the Patchram state of various devices.
+  
+* **36C3 Talk** (12/2019)
+  
+  The rather generic talk [All wireless communication stacks are equally broken](https://media.ccc.de/v/36c3-10531-all_wireless_communication_stacks_are_equally_broken)
+  points out a couple of new research directions and new Bluetooth projects coming up.
+
+* **EWSN Paper & Demo** (02/2020)
+
+  We did some work on improving blacklisting performance of BLE data connections. Currently in a separate *blacklisting* branch.
+
+  


 Supported Features
@@ -214,7 +225,7 @@ can replace them with anything you want.
 License
 -------

-Copyright 2018-2019 Dennis Mantz, Jiska Classen
+Copyright 2018-2020 The InternalBlue Team

 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
@@ -50,7 +50,7 @@ SECTIONS = [ MemorySection(0x0,      0x90000,  True , False),
             MemorySection(0xd0000,  0xd8000,  False, True ),
            #MemorySection(0xe0000,  0x1f0000, True , False),
             MemorySection(0x200000, 0x21ffff, False, True ),
-             MemorySection(0x260000, 0x268000, True , False),
+            #MemorySection(0x260000, 0x268000, True , False),  # might crash? issue 14
            #MemorySection(0x280000, 0x2a0000, True , False),
             MemorySection(0x318000, 0x320000, False, False),
             MemorySection(0x324000, 0x360000, False, False),
@@ -74,6 +74,10 @@ PATCHRAM_VALUE_TABLE_ADDRESS    = 0xd0000
 PATCHRAM_NUMBER_OF_SLOTS        = 128
 PATCHRAM_ALIGNED                = False

+# Heap
+BLOC_HEAD = 0x200588                    # g_dynamic_memory_GeneralUsePools
+BLOC_NG = True                          # Next Generation Bloc Buffer
+
 # Snippet for sendLcpPacket()
 SENDLCP_CODE_BASE_ADDRESS = 0x21a000
 SENDLCP_ASM_CODE = """
@@ -23,8 +23,8 @@
 from fw import MemorySection

 # Firmware Infos
-# Evaluation Kit CYW927019
-FW_NAME = "CYW27039B1 (NOT iPhone X/XR!)"
+# Evaluation Kit CYW920719
+FW_NAME = "CYW20739B1 (NOT iPhone X/XR!)"
 # TODO this is not the iPhone firmware, we need to add a switch in fw.py

 # Device Infos
@@ -73,6 +73,10 @@ PATCHRAM_VALUE_TABLE_ADDRESS    = 0xd0000
 PATCHRAM_NUMBER_OF_SLOTS        = 128
 PATCHRAM_ALIGNED                = False

+# Heap
+BLOC_HEAD = 0x200490                    # g_dynamic_memory_GeneralUsePools
+BLOC_NG = True                          # Next Generation Bloc Buffer
+
 # Snippet for sendLcpPacket()
 SENDLCP_CODE_BASE_ADDRESS = 0x21f000
 SENDLCP_ASM_CODE = """
@@ -957,6 +957,7 @@ class StackDumpReceiver:
        if self.memdump_addr == None:
            self.memdump_addr = addr
        self.memdumps[addr-self.memdump_addr] = data[4:]
+        log.debug("Stack dump handling addr %08x", addr-self.memdump_addr)

    def finishStackDump(self):
        dump = fit(self.memdumps)
@@ -1091,6 +1092,16 @@ class StackDumpReceiver:
            self.finishStackDump()
            return True

+        # On a Raspberry Pi 3, the last packet of a stack dump is '1b0340df0338'.... so it's 0x40
+        elif packet_type == 0xe8:
+            # FIXME Raspi memdump is divided in two parts!
+            # address change from 0001fe38 to packet type e8 and then it's computing addr -0130000
+            # negative addr does not work with finishStackDump()
+            # so even though the last packet is 0x40, let's just finish on 0xe8
+                log.info("End of first stackdump block, writing to file and skipping second...")
+                self.finishStackDump()
+                return True
+
        return False


@@ -114,8 +114,6 @@ class macOSCore(InternalBlue):
                # Put all relevant infos into a tuple. The HCI packet is parsed with the help of hci.py.
                record = (hci.parse_hci_packet(record_data), 0, 0, 0, 0, 0) #TODO not sure if this causes trouble?
                log.debug("Recv: " + str(record[0]))
-                log.info(binascii.hexlify(record_data))
-
                # Put the record into all queues of registeredHciRecvQueues if their
                # filter function matches.
                for queue, filter_function in self.registeredHciRecvQueues: # TODO filter_function not working with bluez modifications
Author	SHA1	Message	Date
Jiska Classen	e89a84812e	updated readme	2020-02-06 00:55:20 +01:00
Jiska Classen	dd9d76cff9	Merge branch 'master' of https://dev.seemoo.tu-darmstadt.de/bcm/internalblue	2020-02-03 23:38:32 +01:00
Jiska Classen	58f9688b84	updated firmware files	2020-02-03 23:38:00 +01:00
Davide Toldo	45ec18744e	Make macos core less verbose (forgot to remove line)	2020-01-22 12:52:07 +01:00