我们正在编译与FPGA通信所需的应用程序。
协议通常由COM端口处理。我使用kali linux编译源代码,但输出不会启动。当我使用sudo ./new时,我得到了
open() failed :no such a file or directory
我用gcc -o new code.c编译它,然后:
g++ -o new code.c
chmod +x
代码100%正常运行:
#include <sys/stat.h>
#include <sys/select.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <inttypes.h>
#include <fcntl.h>
#include <termios.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <time.h>
#define SERIAL "/dev/serial/by-id/usb-FTDI_TTL232R-3V3_FT90HST3-if00-port0"
static int fd;
static char *name;
#define N 1024
static struct {
uint8_t is_xx;
uint8_t val;
unsigned int addr;
unsigned int data;
unsigned int p3;
} inst[N];
static uint8_t map[16][256];
static void
dump_instructions(int num)
{
int i;
for (i=0; i<num; i++) {
if (inst[i].is_xx) {
printf(" XX");
} else {
printf(" %02X", inst[i].val);
}
}
printf("\n");
for (i=0; i<num; i++) {
printf(" %02X", inst[i].p3);
}
printf("\n");
}
static int
read_line(char *buf, size_t len)
{
fd_set fds;
struct timeval tv;
ssize_t n;
while (len > 0) {
if (read(fd, buf, 1) != 1) {
FD_ZERO(&fds);
FD_SET(fd, &fds);
tv.tv_sec = 1;
tv.tv_usec = 0;
if (select(fd+1, &fds, NULL, NULL, &tv) != 1) {
return -1;
}
if (!FD_ISSET(fd, &fds)) {
return -1;
}
n = read(fd, buf, 1);
if (n == 0) {
return -1;
} else if (n < 0) {
if (errno == EINTR) {
continue;
}
return -1;
}
}
if (*buf == '\n') {
continue;
}
if (*buf == '\r') {
*buf = '\0';
return 0;
}
buf++;
len--;
}
fprintf(stderr, "[-] read_line() ran out of buffer\n");
exit(EXIT_FAILURE);
}
static void
write_or_die(char *buf, size_t len)
{
ssize_t n;
while (len) {
//write(1, buf, len);
n = write(fd, buf, len);
if (n <= 0) {
if (errno == EINTR) continue;
perror("[-] write() failed");
exit(EXIT_FAILURE);
}
buf += n;
len -= n;
}
}
static void
serial_sync(void)
{
char buf[512];
while (read_line(buf, sizeof(buf)) == 0) {
fprintf(stderr, "[*] sync [%s]\n", buf);
}
}
static void
init_serial(void)
{
int opt;
#if 1
struct termios tty;
if ((fd = open(SERIAL, O_RDWR)) == -1) {
perror("[-] open() failed");
exit(EXIT_FAILURE);
}
tcgetattr(fd, &tty);
cfsetospeed(&tty, (speed_t)B500000);
cfsetispeed(&tty, (speed_t)B500000);
/* http://stackoverflow.com/questions/8070632/#8082169 */
tty.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON);
tty.c_oflag &= ~OPOST;
tty.c_lflag &= ~(ECHO | ECHONL | ICANON | ISIG | IEXTEN);
tty.c_cflag &= ~(CSIZE | PARENB);
tty.c_cflag |= CS8;
tcsetattr(fd, TCSANOW, &tty);
#else
int flag = 1;
ex_net_tcp_connect(&fd, "127.0.0.1", 1337);
setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (char *)&flag, sizeof(flag));
#endif
opt = fcntl(fd, F_GETFL);
if (opt < 0) {
perror("[-] fcntl(F_GETFL)");
exit(EXIT_FAILURE);
}
opt |= O_NONBLOCK;
if (fcntl(fd, F_SETFL, opt) < 0) {
perror("[-] fcntl(F_SETFL)");
exit(EXIT_FAILURE);
}
serial_sync();
}
static void
run_task(size_t num)
{
char tag[4];
char buf[4096*16];
size_t i;
int retries = 0;
do {
tag[0] = 'A' + (rand() % 26);
tag[1] = 'A' + (rand() % 26);
tag[2] = 'A' + (rand() % 26);
tag[3] = 'A' + (rand() % 26);
write_or_die(tag, 4);
for (i=0; i<num; i++) {
if (inst[i].is_xx) {
write_or_die(" XX", 3);
} else {
snprintf(buf, sizeof(buf), " %02X", inst[i].val);
write_or_die(buf, 3);
}
}
write_or_die("\r", 1);
if (read_line(buf, sizeof(buf))) {
fprintf(stderr, "[-] read_line() failed\n");
continue;
}
if (memcmp(buf, tag, 4)) {
fprintf(stderr, "[-] wrong tag\n");
continue;
}
for (i=0; i<num; i++) {
if (sscanf(buf+4+i*11, " %04X:%02X:%02X",
&inst[i].addr,
&inst[i].data,
&inst[i].p3
) != 3) {
break;
}
}
if (i == num) break;
} while (serial_sync(), retries++ < 3);
}
static int
find_next_instruction(int off, int max)
{
int i, j;
uint16_t next_addr = 0xF00D;
fprintf(stderr, "[*] Finding next instruction...");
for (i=0; i<max; i++) { /* number of XX bytes */
inst[off+i].is_xx = 0;
inst[off+i+1].is_xx = 1;
for (j=0; j<256; j++) { /* instruction */
inst[off+i].val = j;
run_task(off+i+2);
if (j == 0) {
next_addr = inst[off+i+1].addr;
} else {
if (inst[off+i+1].addr != next_addr) {
fprintf(stderr, " done\n");
return off+i;
}
}
}
inst[off+i].is_xx = 1;
fprintf(stderr, ".");
}
fprintf(stderr, " error\n");
exit(EXIT_FAILURE);
}
static int
find_next_instruction_for_sure(int off, int map_num)
{
int i;
fprintf(stderr, "[*] Finding next instruction (for sure)...");
for (i=0; i<32; i++) {
inst[off+i+0].val = map[map_num+0][0x75];
inst[off+i+0].is_xx = 0;
inst[off+i+1].val = map[map_num+1][0xB0];
inst[off+i+1].is_xx = 0;
inst[off+i+2].is_xx = 0;
inst[off+i+3].is_xx = 1;
inst[off+i+4].is_xx = 1;
inst[off+i+5].is_xx = 1;
inst[off+i+6].is_xx = 1;
inst[off+i+2].val = map[map_num+2][0x55];
run_task(off+i+7);
if (inst[off+i+6].p3 != 0x55) goto next;
inst[off+i+2].val = map[map_num+2][0xAA];
run_task(off+i+7);
if (inst[off+i+6].p3 != 0xAA) goto next;
fprintf(stderr, " done (skipping %d cycle%s)\n", i, i==1 ? "" : "s");
//dump_instructions(off+i+7);
inst[off+i+0].is_xx = 1;
inst[off+i+1].is_xx = 1;
inst[off+i+2].is_xx = 1;
return off+i;
next:
inst[off+i].is_xx = 1;
fprintf(stderr, ".");
}
fprintf(stderr, " error\n");
exit(EXIT_FAILURE);
}
static void
find_p3_argument(int off)
{
int i, j;
fprintf(stderr, "[*] Finding P3 as an argument...");
inst[off+0].is_xx = 0;
inst[off+1].is_xx = 0;
inst[off+2].is_xx = 1;
inst[off+3].is_xx = 1;
inst[off+4].is_xx = 1;
inst[off+5].is_xx = 1;
#if 1
/* XXX */
inst[off+0].val = 0x7C;
inst[off+1].val = 0xEE;
fprintf(stderr, " hack\n");
return;
/* XXX */
#endif
for (i=0; i<256; i++) {
inst[off+0].val = i;
for (j=0; j<256; j++) {
inst[off+1].val = j;
run_task(off+6);
if (inst[off+5].p3 != 0xFF) printf("[%02X:%02X;p3=%02X]", i, j, inst[off+5].p3);
if (inst[off+5].p3 == 0x00) {
fprintf(stderr, " done\n");
fprintf(stderr, "[+] %02X %02X gives us 00\n", inst[off+0].val, inst[off+1].val);
return;
}
}
fprintf(stderr, ".");
}
fprintf(stderr, " error\n");
exit(EXIT_FAILURE);
}
static void
find_move_or_and_to_p3(int off)
{
int i, j, k;
uint8_t res;
int m;
uint8_t movmap[3][256];
int err;
fprintf(stderr, "[*] Finding MOV and ANL instructions to P3...");
inst[off+0].is_xx = 0;
inst[off+1].is_xx = 0;
inst[off+2].is_xx = 0;
inst[off+3].is_xx = 1;
inst[off+4].is_xx = 1;
inst[off+5].is_xx = 1;
#if 0
/* XXX */
inst[off+0].val = 0xF1;
inst[off+1].val = 0x5C;
fprintf(stderr, " hack\n");
return;
/* XXX */
#endif
m = 0;
for (i=0; i<256; i++) {
inst[off+0].val = i;
inst[off+2].val = 0x55;
run_task(off+6);
res = inst[off+5].p3;
inst[off+2].val = 0xAA;
run_task(off+6);
if (inst[off+5].p3 == res) goto nope;
/* uh, this might be MOV, ANL, or XOR */
fprintf(stderr, "!");
for (j=0; j<256; j++) {
inst[off+2].val = j;
run_task(off+6);
movmap[m][j] = inst[off+5].p3;
for (k=0; k<j; k++) {
if (movmap[m][j] == movmap[m][k]) goto nope;
}
}
/* yep, all good */
fprintf(stderr, "!");
m++;
if (m > 1) {
err = 0;
for (j=0; !err && j<256; j++) {
if (movmap[0][j] != movmap[m-1][j]) err = 1;
}
if (!err) goto done;
}
if (m > 2) {
err = 0;
for (j=0; !err && j<256; j++) {
if (movmap[1][j] != movmap[m-1][j]) err = 1;
}
if (!err) goto done;
fprintf(stderr, " error\n");
fprintf(stderr, "[-] Found three instructions, but no match!\n");
exit(EXIT_FAILURE);
}
nope:
fprintf(stderr, ".");
}
fprintf(stderr, "[-] Unable to find a MOV or ANL instruction.\n");
exit(EXIT_FAILURE);
done:
fprintf(stderr, " done\n");
fprintf(stderr, "[+] %02X %02X XX is perfect\n", inst[off+0].val, inst[off+1].val);
}
static void
find_nop_and_move_or_and(int off, uint8_t *map)
{
int i, ii, j, k;
int r = rand();
int rr = rand();
uint8_t res;
int m;
uint8_t movmap[3][256];
int err;
fprintf(stderr, "[*] Finding NOP-like instruction, followed by MOV and ANL instructions...");
inst[off+0].is_xx = 0;
inst[off+1].is_xx = 1;
inst[off+2].is_xx = 0;
inst[off+3].is_xx = 0;
inst[off+4].is_xx = 0;
inst[off+5].is_xx = 1;
inst[off+6].is_xx = 1;
inst[off+7].is_xx = 1;
m = 0;
for (i=0; i<256; i++) {
for (ii=0; ii<256; ii++) {
inst[off+0].val = (i + r) & 0xFF;
inst[off+2].val = (ii + rr) & 0xFF;
inst[off+3].val = map[0xB0];
inst[off+4].val = 0x55;
run_task(off+8);
res = inst[off+7].p3;
inst[off+4].val = 0xAA;
run_task(off+8);
if (inst[off+7].p3 == res) goto nope;
/* uh, this might be MOV, ANL, or XOR */
fprintf(stderr, ".!");
for (j=0; j<256; j++) {
inst[off+4].val = j;
run_task(off+8);
movmap[m][j] = inst[off+7].p3;
for (k=0; k<j; k++) {
if (movmap[m][j] == movmap[m][k]) goto nope;
}
}
/* yep, all good */
fprintf(stderr, "!");
m++;
if (m > 1) {
err = 0;
for (j=0; !err && j<256; j++) {
if (movmap[0][j] != movmap[m-1][j]) err = 1;
}
if (!err) goto done;
}
if (m > 2) {
err = 0;
for (j=0; !err && j<256; j++) {
if (movmap[1][j] != movmap[m-1][j]) err = 1;
}
if (!err) goto done;
fprintf(stderr, " error\n");
fprintf(stderr, "[-] Found three instructions, but no match!\n");
exit(EXIT_FAILURE);
}
nope:
do { } while (0);
}
fprintf(stderr, ".");
}
fprintf(stderr, " end\n");
fprintf(stderr, "[-] Unable to find a NOP, followed by a MOV or ANL instruction.\n");
exit(EXIT_FAILURE);
done:
fprintf(stderr, " done\n");
fprintf(stderr, "[+] %02X XX %02X XX XX is perfect\n", inst[off+0].val, inst[off+2].val);
}
static void
make_p_c_map(int mapnum, int off)
{
int i, j;
fprintf(stderr, "[*] Mapping P to C #%d...", mapnum);
inst[off+0].is_xx = 0;
inst[off+1].is_xx = 0;
inst[off+2].is_xx = 0;
inst[off+3].is_xx = 1;
inst[off+4].is_xx = 1;
inst[off+5].is_xx = 1;
inst[off+6].is_xx = 1;
inst[off+7].is_xx = 1;
for (i=0; i<256; i++) {
inst[off+2].val = i;
run_task(off+8);
//fprintf(stderr, "[C:%02X -> P:%02X]\n", i, inst[off+5].p3);
map[mapnum][inst[off+5].p3] = i;
if ((i & 0xF) == 0xF) fprintf(stderr, ".");
}
for (i=0; i<256; i++) {
for (j=0; j<i; j++) {
if (map[mapnum][i] == map[mapnum][j]) {
fprintf(stderr, " error\n");
for (i=0; i<256; i++) {
fprintf(stderr, "[C:%02X -> P:%02X]\n", map[mapnum][i], i);
}
dump_instructions(off+8);
inst[off+2].val = 0x41;
run_task(off+8);
dump_instructions(off+8);
exit(EXIT_FAILURE);
}
}
}
fprintf(stderr, " done\n");
}
static void
check_clip_connection(void)
{
int i, j;
int err = 0;
char addr_is_lo[15] = {0};
char addr_is_hi[15] = {0};
char data_is_lo[8] = {0};
char data_is_hi[8] = {0};
struct {
uint16_t addr;
uint8_t data;
} x[16];
fprintf(stderr, "[*] Checking clip connection...");
for (i=0; i<N; i++) {
inst[i].is_xx = 1;
}
run_task(16);
for (i=0; i<16; i++) {
x[i].addr = inst[i].addr;
x[i].data = inst[i].data;
}
run_task(16);
for (i=0; i<16; i++) {
if (x[i].addr != inst[i].addr) fprintf(stderr, "A");
if (x[i].data != inst[i].data) fprintf(stderr, "D (%02X vs %02X)", x[i].data, inst[i].data);
fprintf(stderr, ".");
}
run_task(16);
for (i=0; i<16; i++) {
if (x[i].addr != inst[i].addr) fprintf(stderr, "A");
if (x[i].data != inst[i].data) fprintf(stderr, "D (%02X vs %02X)", x[i].data, inst[i].data);
fprintf(stderr, ".");
}
run_task(N);
for (i=0; i<N; i++) {
//fprintf(stderr, "%4d addr=%04X, data=%02X\n", i, inst[i].addr, inst[i].data);
for (j=0; j<15; j++) {
if (1 & (inst[i].addr >> j)) {
addr_is_hi[j] = 1;
} else {
addr_is_lo[j] = 1;
}
}
for (j=0; j<8; j++) {
if (1 & (inst[i].data >> j)) {
data_is_hi[j] = 1;
} else {
data_is_lo[j] = 1;
}
}
}
fprintf(stderr, " addr [");
for (j=14; j>=0; j--) {
if (addr_is_hi[j] && addr_is_lo[j]) {
fprintf(stderr, "X");
} else if (addr_is_hi[j]) {
fprintf(stderr, "1");
err = 1;
} else if (addr_is_lo[j]) {
fprintf(stderr, "0");
err = 1;
} else {
fprintf(stderr, "?");
err = 1;
}
}
fprintf(stderr, "]; data [");
for (j=7; j>=0; j--) {
if (data_is_hi[j] && data_is_lo[j]) {
fprintf(stderr, "X");
} else if (data_is_hi[j]) {
fprintf(stderr, "1");
err = 1;
} else if (data_is_lo[j]) {
fprintf(stderr, "0");
err = 1;
} else {
fprintf(stderr, "?");
err = 1;
}
}
fprintf(stderr, "]\n");
//if (err) exit(EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int off0, off1, off3;
int i, j;
char path[32];
int resfd;
int mo;
int data_begin;
if (argc < 2) {
name = "unknown";
} else {
name = argv[1];
}
srand(getpid());
setvbuf(stdin, NULL, _IONBF, 0);
setvbuf(stdout, NULL, _IONBF, 0);
init_serial();
check_clip_connection();
off0 = find_next_instruction(0, 100);
fprintf(stderr, "[+] First instruction found at offset %d\n", off0);
find_p3_argument(off0);
find_move_or_and_to_p3(off0);
make_p_c_map(0, off0);
find_nop_and_move_or_and(off0, map[0]);
make_p_c_map(1, off0+2);
find_nop_and_move_or_and(off0+2, map[1]);
make_p_c_map(2, off0+4);
for (i=0; i<16-3; i++) {
off1 = off0 + 4;
for (j=0; j<i+1; j++) {
inst[off1+0].is_xx = 0;
inst[off1+0].val = map[j][0x00];
inst[off1+1].is_xx = 1;
off1 += 2;
}
inst[off1+0].val = map[i+1][0x75];
inst[off1+1].val = map[i+2][0xB0];
make_p_c_map(i+3, off1);
}
off3 = off0 + 4;
mo = 0;
/* MOV A, MCON */
inst[off3+0].val = map[mo++][0xE5];
inst[off3+0].is_xx = 0;
inst[off3+1].val = map[mo++][0xC6];
inst[off3+1].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+2, mo);
/* MOV P3, A */
inst[off3+0].val = map[mo++][0xF5];
inst[off3+0].is_xx = 0;
inst[off3+1].val = map[mo++][0xB0];
inst[off3+1].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+2, mo);
inst[off3+0].is_xx = 1;
inst[off3+1].is_xx = 1;
inst[off3+2].is_xx = 1;
run_task(off3+3);
fprintf(stderr, "[*] MCON = 0x%02X\n", inst[off3+2].p3);
data_begin = 0xF & (inst[off3+2].p3 >> 4);
fprintf(stderr, "[*] code = 0x0000 to 0x%XFFF\n", data_begin-1);
if (data_begin == 8) {
fprintf(stderr, "[*] no data\n");
} else {
fprintf(stderr, "[*] data = 0x%X000 to 0x7FFF\n", data_begin);
}
for (j=0; j<16; j++) {
snprintf(path, sizeof(path), "%s-%X-XXXXXX.bin", name, j);
if ((resfd = mkstemps(path, 4)) < 0) {
perror("[-] mkstemps() failed");
return EXIT_FAILURE;
}
off3 = off0 + 4;
mo = 0;
/* MOV DPTR, 0x0000 */
inst[off3+0].val = map[mo++][0x90];
inst[off3+0].is_xx = 0;
inst[off3+1].val = map[mo++][0x00];
inst[off3+1].is_xx = 0;
inst[off3+2].val = map[mo++][0x00];
inst[off3+2].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+3, mo);
/* MOV A, 0x00 */
inst[off3+0].val = map[mo++][0x74];
inst[off3+0].is_xx = 0;
inst[off3+1].val = map[mo++][0x00];
inst[off3+1].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+2, mo);
/* MOVC A, @(A+DPTR) */
inst[off3+0].val = map[mo++][0x93];
inst[off3+0].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+1, mo);
/* MOV P3, A */
inst[off3+0].val = map[mo++][0xF5];
inst[off3+0].is_xx = 0;
inst[off3+1].val = map[mo++][0xB0];
inst[off3+1].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+2, mo);
inst[off3+0].is_xx = 1;
inst[off3+1].is_xx = 1;
inst[off3+2].is_xx = 1;
fprintf(stderr, "[*] Dumping code...");
for (i=0x0000; i<0x1000*data_begin; i++) {
inst[off0+5].val = map[1][0xFF & (i >> 8)];
inst[off0+6].val = map[2][0xFF & (i >> 0)];
run_task(off3+3);
if (write(resfd, &inst[off3+2].p3, 1) != 1) {
perror("[-] write() failed");
return EXIT_FAILURE;
}
if ((i & 0x3FF) == 0x3FF) fprintf(stderr, ".");
}
fprintf(stderr, " done\n");
off3 = off0 + 4;
mo = 0;
/* MOV DPTR, 0x7FFF */
inst[off3+0].val = map[mo++][0x90];
inst[off3+0].is_xx = 0;
inst[off3+1].val = map[mo++][0x7F];
inst[off3+1].is_xx = 0;
inst[off3+2].val = map[mo++][0xFF];
inst[off3+2].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+3, mo);
/* MOVX A, @DPTR */
inst[off3+0].val = map[mo++][0xE0];
inst[off3+0].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+1, mo);
/* MOV P3, A */
inst[off3+0].val = map[mo++][0xF5];
inst[off3+0].is_xx = 0;
inst[off3+1].val = map[mo++][0xB0];
inst[off3+1].is_xx = 0;
off3 = find_next_instruction_for_sure(off3+2, mo);
inst[off3+0].is_xx = 1;
inst[off3+1].is_xx = 1;
inst[off3+2].is_xx = 1;
fprintf(stderr, "[*] Dumping data...");
for (i=0x1000*data_begin; i<0x8000; i++) {
inst[off0+5].val = map[1][0xFF & (i >> 8)];
inst[off0+6].val = map[2][0xFF & (i >> 0)];
run_task(off3+3);
if (write(resfd, &inst[off3+2].p3, 1) != 1) {
perror("[-] write() failed");
return EXIT_FAILURE;
}
if ((i & 0x3FF) == 0x3FF) fprintf(stderr, ".");
}
fprintf(stderr, " done\n");
close(resfd);
}
return EXIT_SUCCESS;
}
答案 0 :(得分:2)
我怀疑代码失败是因为您的串行设备与程序员系统中的设备名称不同:
#define SERIAL "/dev/serial/by-id/usb-FTDI_TTL232R-3V3_FT90HST3-if00-port0"
if ((fd = open(SERIAL, O_RDWR)) == -1) {
perror("[-] open() failed");
exit(EXIT_FAILURE);
}
您应该将设备名称作为命令行参数传递,或者实现某种发现机制。