flopz.target.stm32 package
Submodules
flopz.target.stm32.stm32F407_target module
- class Stm32F407Target(target_ram, target_ram_len)
Bases:
flopz.core.target.Target- Parameters
target_ram (
int) –target_ram_len (
int) –
- get_data_out_function(target_addr)
Implement this, so it returns a function that sends data to the instrumenting host using whatever channel your target can provide. How the function reads its parameters is up to you. At the very least, the caller should provide a length and a pointer to memory. :type target_addr:
int:param target_addr: absolute base address of function :rtype:Function:return: a function which handles the egress of data
- get_init_gadgets(init_slice_addr, original_bytes, init_gadget_addr)
The init Gadget is a SlicePatch that calls into custom initialization code. :type init_slice_addr:
int:param init_slice_addr: where to put the call to our init function, as absolute addr within the original file :type original_bytes:bytes:param original_bytes: which bytes to replace :type init_gadget_addr:int:param init_gadget_addr: where to put the init gadget, as absolute addr :rtype:Tuple[Shellcode,Shellcode] :return: a tuple, with first element being the SlicePatch to replace the original instructions, the second element being the instrumentation initialization code
- get_instrumentation_gadget(config, target_addr, dataout_func)
generate an instrumentation gadget, based on ‘dump’ config The instrumentation gadget is in charge of sending a configurable amount of data and returning back to the SliceGadget the instrumentation gadget should be used by _many_ sliceGadgets, which means you need to pass the return address somehow ..instead of jumping to a constant address :type config:
dict:param config: dump config :type target_addr:int:param target_addr: where to put the instrumentation gadget :type dataout_func:Function:param dataout_func: the data_out function to use :rtype:Shellcode:return: A shellcode/module which implements the instrumentation (i.e. send data and jump back to SliceGadget)
- get_slice_gadgets(slice_addr, original_bytes, id, slice_gadget_addr, instrumentation_gadget)
Called for each configured target location/slice The SlicePatch has to replace the original instructions and jump to the SliceGadget The SliceGadget needs to prepare execution of the InstrumentationGadget and jump to it After the InstrumentationGadget has executed, the SliceGadget has to execute the original instructions ..and finally return to the original code location
- Parameters
slice_addr (
int) – the absolute address of the target instrumentation location within the original fileoriginal_bytes (
bytes) – which original bytes to replaceid (
int) – each slice needs to have a unique idslice_gadget_addr (
int) – where to put the slice gadgetinstrumentation_gadget (
AddressableObject) – the instrumentation gadget to jump to
- Return type
- Returns
a tuple, with the first element being the SlicePatch (replacing the original instructions) and the second element being the associated SliceGadget
- static name()
override this to return a unique name for your target :rtype:
str:return: a string containing a unique name for this target