From f37d8b376b556f111e160ba34d20d82edd49e458 Mon Sep 17 00:00:00 2001 From: Stefano Moioli Date: Fri, 5 Apr 2024 02:23:45 +0200 Subject: [PATCH] backdoor_setup + backdoor_setup_params_t (partial) --- xzre.h | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ xzre.lds | 3 +++ 2 files changed, 57 insertions(+) diff --git a/xzre.h b/xzre.h index 16da386..7194265 100644 --- a/xzre.h +++ b/xzre.h @@ -84,6 +84,52 @@ typedef enum { #define EXPAND(x, y) CONCAT(x, y) #define PADDING(size) u8 EXPAND(_unknown, __LINE__)[size] +typedef struct __attribute__((packed)) { + /** + * @brief points to a symbol in memory + * will be used to find the GOT value + */ + void *symbol_ptr; + /** + * @brief points to the Global Offset Table + */ + void *got_ptr; + /** + * @brief the return address value of the caller + * obtained from *(u64 *)(caller_locals+24) + * since the entrypoint passes __builtin_frame_address(0)-16, + * this results in an offset of +8 + */ + void *return_address; + /** + * @brief points to the real cpuid function + */ + void *cpuid_fn; + /** + * @brief holds the offset of the symbol relative to the GOT. + * used to derive the @ref got_ptr + */ + u64 got_offset; + /** + * @brief stores the value of __builtin_frame_address(0)-16 + */ + u64 *caller_locals; +} elf_entry_ctx_t; + +assert_offset(elf_entry_ctx_t, symbol_ptr, 0); +assert_offset(elf_entry_ctx_t, got_ptr, 8); +assert_offset(elf_entry_ctx_t, return_address, 0x10); +assert_offset(elf_entry_ctx_t, cpuid_fn, 0x18); +assert_offset(elf_entry_ctx_t, got_offset, 0x20); +assert_offset(elf_entry_ctx_t, caller_locals, 0x28); + +typedef struct __attribute__((packed)) { + PADDING(0x80); + elf_entry_ctx_t *entry_ctx; +} backdoor_setup_params_t; + +static_assert(sizeof(backdoor_setup_params_t) == 0x88); + typedef struct __attribute__((packed)) { u8* first_instruction; u64 instruction_size; @@ -738,5 +784,13 @@ extern BOOL secret_data_append_singleton( secret_data_shift_cursor shift_cursor, unsigned reg2reg_instruction_count, unsigned operation_index); +/** + * @brief the backdoor main method + * + * @param params parameters + * @return BOOL unused + */ +extern BOOL backdoor_setup(backdoor_setup_params_t *params); + #include "util.h" #endif \ No newline at end of file diff --git a/xzre.lds b/xzre.lds index 148bd30..c5c8394 100644 --- a/xzre.lds +++ b/xzre.lds @@ -62,5 +62,8 @@ SECTIONS { "secret_data_append_singleton" = "."; *(.text.rc_read_inis); + + "backdoor_setup" = "."; + *(.text.microlzma_encoder_inia); } } INSERT AFTER .text;