Added a check to see if the browser supports Web USB

This commit is contained in:
Lord Friky 2024-05-09 02:07:13 -06:00
parent 4e0232389c
commit ee55a3a3f6

157
main.js
View File

@ -1,21 +1,21 @@
function logOutput(...message) { function logOutput(...message) {
document.getElementById("output").innerHTML = document.getElementById("output").innerHTML + message.join(" ") + "<br>"; document.getElementById("output").innerHTML =
document.getElementById("output").innerHTML + message.join(" ") + "<br>";
} }
function clearLog() { function clearLog() {
document.getElementById("output").innerHTML = ""; document.getElementById("output").innerHTML = "";
} }
async function getPayloadList(){ async function getPayloadList() {
return fetch("payloads/payloads.json") return fetch("payloads/payloads.json")
.then((response) => { .then((response) => {
if(!response.ok) if (!response.ok) throw new Error(response.status);
throw new Error(response.status); return response.json();
return response.json(); })
}) .then((data) => {
.then((data) => { return data.payloads;
return data.payloads; });
});
} }
(async () => { (async () => {
@ -23,9 +23,10 @@ async function getPayloadList(){
let payloadList; let payloadList;
try { try {
payloadList = await getPayloadList(); payloadList = await getPayloadList();
} catch (error) { } catch (error) {
logOutput("There was a problem retreiving the payload list. Error: " + error); logOutput(
"There was a problem retreiving the payload list. Error: " + error,
);
return; return;
} }
payloadList.forEach((payload) => { payloadList.forEach((payload) => {
@ -36,55 +37,60 @@ async function getPayloadList(){
payloadSelect.appendChild(payloadOption); payloadSelect.appendChild(payloadOption);
}); });
})();
})() async function getPayload(payloadSrc) {
return fetch(payloadSrc).then((response) => {
async function getPayload(payloadSrc){ if (!response.ok) throw new Error(response.status);
return fetch(payloadSrc) return response.arrayBuffer();
.then((response) => { });
if(!response.ok)
throw new Error(response.status);
return response.arrayBuffer();
});
} }
const intermezzo = new Uint8Array([ const intermezzo = new Uint8Array([
0x44, 0x00, 0x9F, 0xE5, 0x01, 0x11, 0xA0, 0xE3, 0x40, 0x20, 0x9F, 0xE5, 0x00, 0x20, 0x42, 0xE0, 0x44, 0x00, 0x9f, 0xe5, 0x01, 0x11, 0xa0, 0xe3, 0x40, 0x20, 0x9f, 0xe5, 0x00,
0x08, 0x00, 0x00, 0xEB, 0x01, 0x01, 0xA0, 0xE3, 0x10, 0xFF, 0x2F, 0xE1, 0x00, 0x00, 0xA0, 0xE1, 0x20, 0x42, 0xe0, 0x08, 0x00, 0x00, 0xeb, 0x01, 0x01, 0xa0, 0xe3, 0x10, 0xff,
0x2C, 0x00, 0x9F, 0xE5, 0x2C, 0x10, 0x9F, 0xE5, 0x02, 0x28, 0xA0, 0xE3, 0x01, 0x00, 0x00, 0xEB, 0x2f, 0xe1, 0x00, 0x00, 0xa0, 0xe1, 0x2c, 0x00, 0x9f, 0xe5, 0x2c, 0x10, 0x9f,
0x20, 0x00, 0x9F, 0xE5, 0x10, 0xFF, 0x2F, 0xE1, 0x04, 0x30, 0x90, 0xE4, 0x04, 0x30, 0x81, 0xE4, 0xe5, 0x02, 0x28, 0xa0, 0xe3, 0x01, 0x00, 0x00, 0xeb, 0x20, 0x00, 0x9f, 0xe5,
0x04, 0x20, 0x52, 0xE2, 0xFB, 0xFF, 0xFF, 0x1A, 0x1E, 0xFF, 0x2F, 0xE1, 0x20, 0xF0, 0x01, 0x40, 0x10, 0xff, 0x2f, 0xe1, 0x04, 0x30, 0x90, 0xe4, 0x04, 0x30, 0x81, 0xe4, 0x04,
0x5C, 0xF0, 0x01, 0x40, 0x00, 0x00, 0x02, 0x40, 0x00, 0x00, 0x01, 0x40 0x20, 0x52, 0xe2, 0xfb, 0xff, 0xff, 0x1a, 0x1e, 0xff, 0x2f, 0xe1, 0x20, 0xf0,
0x01, 0x40, 0x5c, 0xf0, 0x01, 0x40, 0x00, 0x00, 0x02, 0x40, 0x00, 0x00, 0x01,
0x40,
]); ]);
const RCM_PAYLOAD_ADDRESS = 0x40010000; const RCM_PAYLOAD_ADDRESS = 0x40010000;
const INTERMEZZO_LOCATION = 0x4001F000; const INTERMEZZO_LOCATION = 0x4001f000;
const PAYLOAD_LOAD_BLOCK = 0x40020000; const PAYLOAD_LOAD_BLOCK = 0x40020000;
function createRCMPayload(intermezzo, payload) { function createRCMPayload(intermezzo, payload) {
const rcmLength = 0x30298; const rcmLength = 0x30298;
const intermezzoAddressRepeatCount = (INTERMEZZO_LOCATION - RCM_PAYLOAD_ADDRESS) / 4; const intermezzoAddressRepeatCount =
(INTERMEZZO_LOCATION - RCM_PAYLOAD_ADDRESS) / 4;
const rcmPayloadSize = Math.ceil((0x2A8 + (0x4 * intermezzoAddressRepeatCount) + 0x1000 + payload.byteLength) / 0x1000) * 0x1000; const rcmPayloadSize =
Math.ceil(
(0x2a8 +
0x4 * intermezzoAddressRepeatCount +
0x1000 +
payload.byteLength) /
0x1000,
) * 0x1000;
const rcmPayload = new Uint8Array(new ArrayBuffer(rcmPayloadSize)) const rcmPayload = new Uint8Array(new ArrayBuffer(rcmPayloadSize));
const rcmPayloadView = new DataView(rcmPayload.buffer); const rcmPayloadView = new DataView(rcmPayload.buffer);
rcmPayloadView.setUint32(0x0, rcmLength, true); rcmPayloadView.setUint32(0x0, rcmLength, true);
for (let i = 0; i < intermezzoAddressRepeatCount; i++) { for (let i = 0; i < intermezzoAddressRepeatCount; i++) {
rcmPayloadView.setUint32(0x2A8 + i * 4, INTERMEZZO_LOCATION, true); rcmPayloadView.setUint32(0x2a8 + i * 4, INTERMEZZO_LOCATION, true);
} }
rcmPayload.set(intermezzo, 0x2A8 + (0x4 * intermezzoAddressRepeatCount)); rcmPayload.set(intermezzo, 0x2a8 + 0x4 * intermezzoAddressRepeatCount);
rcmPayload.set(payload, 0x2A8 + (0x4 * intermezzoAddressRepeatCount) + 0x1000); rcmPayload.set(payload, 0x2a8 + 0x4 * intermezzoAddressRepeatCount + 0x1000);
return rcmPayload; return rcmPayload;
} }
function bufferToHex(data) { function bufferToHex(data) {
let result = ""; let result = "";
for (let i = 0; i < data.byteLength; i++) for (let i = 0; i < data.byteLength; i++)
@ -92,8 +98,6 @@ function bufferToHex(data) {
return result; return result;
} }
async function write(device, data) { async function write(device, data) {
let length = data.length; let length = data.length;
let writeCount = 0; let writeCount = 0;
@ -112,14 +116,12 @@ async function write(device, data) {
return writeCount; return writeCount;
} }
function readFileAsArrayBuffer(file) { function readFileAsArrayBuffer(file) {
return new Promise((res, rej) => { return new Promise((res, rej) => {
const reader = new FileReader(); const reader = new FileReader();
reader.onload = e => { reader.onload = (e) => {
res(e.target.result); res(e.target.result);
} };
reader.readAsArrayBuffer(file); reader.readAsArrayBuffer(file);
}); });
} }
@ -151,32 +153,41 @@ async function launchPayload(payload) {
logOutput("Trigging vulnerability..."); logOutput("Trigging vulnerability...");
const vulnerabilityLength = 0x7000; const vulnerabilityLength = 0x7000;
const smash = await device.controlTransferIn({ const smash = await device.controlTransferIn(
requestType: 'standard', {
recipient: 'interface', requestType: "standard",
request: 0x00, recipient: "interface",
value: 0x00, request: 0x00,
index: 0x00 value: 0x00,
}, vulnerabilityLength); index: 0x00,
},
vulnerabilityLength,
);
} }
document.getElementById("goButton").addEventListener("click", async () => { document.getElementById("goButton").addEventListener("click", async () => {
clearLog(); clearLog();
var debugCheckbox = document.getElementById("shouldDebug"); var debugCheckbox = document.getElementById("shouldDebug");
const payloadPath = document.getElementById("payloadSelect").value; const payloadPath = document.getElementById("payloadSelect").value;
if(!debugCheckbox.checked) { if (!debugCheckbox.checked) {
if (!navigator.usb) {
logOutput(
"Your browser doesn't support Web USB, Web CFW Loader will not work!",
);
return;
}
logOutput("Requesting access to device..."); logOutput("Requesting access to device...");
try { try {
device = await navigator.usb.requestDevice({ filters: [{ vendorId: 0x0955 }] }); device = await navigator.usb.requestDevice({
} catch (error) { filters: [{ vendorId: 0x0955 }],
console.log(error); });
logOutput("Failed to get a device. Did you chose one?"); } catch (error) {
return; console.log(error);
} logOutput("Failed to get a device. Did you chose one?");
return;
}
} }
let payload; let payload;
@ -186,19 +197,18 @@ document.getElementById("goButton").addEventListener("click", async () => {
alert("You need to upload a file, to use an uploaded file."); alert("You need to upload a file, to use an uploaded file.");
return; return;
} }
logOutput("Using uploaded payload \"" + file.name + "\""); logOutput('Using uploaded payload "' + file.name + '"');
payload = new Uint8Array(await readFileAsArrayBuffer(file)); payload = new Uint8Array(await readFileAsArrayBuffer(file));
} else { } else {
try { try {
payload = new Uint8Array(await getPayload(payloadPath)); payload = new Uint8Array(await getPayload(payloadPath));
} catch (error) { } catch (error) {
logOutput("There was a problem retreiving the payload. Error: " + error) logOutput("There was a problem retreiving the payload. Error: " + error);
return; return;
} }
} }
if(debugCheckbox.checked) { if (debugCheckbox.checked) {
logOutput("Logging payload bytes..."); logOutput("Logging payload bytes...");
var payloadToLog = ""; var payloadToLog = "";
@ -210,31 +220,26 @@ document.getElementById("goButton").addEventListener("click", async () => {
return; return;
} }
logOutput(`<span style='color:blue'>Preparing to launch ${payloadPath}...</span>`); logOutput(
`<span style='color:blue'>Preparing to launch ${payloadPath}...</span>`,
);
launchPayload(payload); launchPayload(payload);
}); });
function onSelectChange() { function onSelectChange() {
if (document.getElementById("payloadSelect").value === "uploaded") if (document.getElementById("payloadSelect").value === "uploaded")
document.getElementById("uploadContainer").style.display = "block" document.getElementById("uploadContainer").style.display = "block";
else else document.getElementById("uploadContainer").style.display = "none";
document.getElementById("uploadContainer").style.display = "none"
} }
function openInfo() { function openInfo() {
if(document.getElementById("infodiv").innerHTML != "") { if (document.getElementById("infodiv").innerHTML != "") {
document.getElementById("infodiv").innerHTML = ""; document.getElementById("infodiv").innerHTML = "";
} }
} }
function openInstructions() { function openInstructions() {
if(document.getElementById("infodiv").innerHTML != "") { if (document.getElementById("infodiv").innerHTML != "") {
document.getElementById("infodiv").innerHTML = ""; document.getElementById("infodiv").innerHTML = "";
} }
} }