mirror of
https://github.com/lordfriky/web-cfw-loader.git
synced 2024-12-25 14:41:55 +00:00
Added a check to see if the browser supports Web USB
This commit is contained in:
parent
4e0232389c
commit
ee55a3a3f6
157
main.js
157
main.js
@ -1,21 +1,21 @@
|
|||||||
function logOutput(...message) {
|
function logOutput(...message) {
|
||||||
document.getElementById("output").innerHTML = document.getElementById("output").innerHTML + message.join(" ") + "<br>";
|
document.getElementById("output").innerHTML =
|
||||||
|
document.getElementById("output").innerHTML + message.join(" ") + "<br>";
|
||||||
}
|
}
|
||||||
|
|
||||||
function clearLog() {
|
function clearLog() {
|
||||||
document.getElementById("output").innerHTML = "";
|
document.getElementById("output").innerHTML = "";
|
||||||
}
|
}
|
||||||
|
|
||||||
async function getPayloadList(){
|
async function getPayloadList() {
|
||||||
return fetch("payloads/payloads.json")
|
return fetch("payloads/payloads.json")
|
||||||
.then((response) => {
|
.then((response) => {
|
||||||
if(!response.ok)
|
if (!response.ok) throw new Error(response.status);
|
||||||
throw new Error(response.status);
|
return response.json();
|
||||||
return response.json();
|
})
|
||||||
})
|
.then((data) => {
|
||||||
.then((data) => {
|
return data.payloads;
|
||||||
return data.payloads;
|
});
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
(async () => {
|
(async () => {
|
||||||
@ -23,9 +23,10 @@ async function getPayloadList(){
|
|||||||
let payloadList;
|
let payloadList;
|
||||||
try {
|
try {
|
||||||
payloadList = await getPayloadList();
|
payloadList = await getPayloadList();
|
||||||
|
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
logOutput("There was a problem retreiving the payload list. Error: " + error);
|
logOutput(
|
||||||
|
"There was a problem retreiving the payload list. Error: " + error,
|
||||||
|
);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
payloadList.forEach((payload) => {
|
payloadList.forEach((payload) => {
|
||||||
@ -36,55 +37,60 @@ async function getPayloadList(){
|
|||||||
|
|
||||||
payloadSelect.appendChild(payloadOption);
|
payloadSelect.appendChild(payloadOption);
|
||||||
});
|
});
|
||||||
|
})();
|
||||||
|
|
||||||
})()
|
async function getPayload(payloadSrc) {
|
||||||
|
return fetch(payloadSrc).then((response) => {
|
||||||
async function getPayload(payloadSrc){
|
if (!response.ok) throw new Error(response.status);
|
||||||
return fetch(payloadSrc)
|
return response.arrayBuffer();
|
||||||
.then((response) => {
|
});
|
||||||
if(!response.ok)
|
|
||||||
throw new Error(response.status);
|
|
||||||
return response.arrayBuffer();
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const intermezzo = new Uint8Array([
|
const intermezzo = new Uint8Array([
|
||||||
0x44, 0x00, 0x9F, 0xE5, 0x01, 0x11, 0xA0, 0xE3, 0x40, 0x20, 0x9F, 0xE5, 0x00, 0x20, 0x42, 0xE0,
|
0x44, 0x00, 0x9f, 0xe5, 0x01, 0x11, 0xa0, 0xe3, 0x40, 0x20, 0x9f, 0xe5, 0x00,
|
||||||
0x08, 0x00, 0x00, 0xEB, 0x01, 0x01, 0xA0, 0xE3, 0x10, 0xFF, 0x2F, 0xE1, 0x00, 0x00, 0xA0, 0xE1,
|
0x20, 0x42, 0xe0, 0x08, 0x00, 0x00, 0xeb, 0x01, 0x01, 0xa0, 0xe3, 0x10, 0xff,
|
||||||
0x2C, 0x00, 0x9F, 0xE5, 0x2C, 0x10, 0x9F, 0xE5, 0x02, 0x28, 0xA0, 0xE3, 0x01, 0x00, 0x00, 0xEB,
|
0x2f, 0xe1, 0x00, 0x00, 0xa0, 0xe1, 0x2c, 0x00, 0x9f, 0xe5, 0x2c, 0x10, 0x9f,
|
||||||
0x20, 0x00, 0x9F, 0xE5, 0x10, 0xFF, 0x2F, 0xE1, 0x04, 0x30, 0x90, 0xE4, 0x04, 0x30, 0x81, 0xE4,
|
0xe5, 0x02, 0x28, 0xa0, 0xe3, 0x01, 0x00, 0x00, 0xeb, 0x20, 0x00, 0x9f, 0xe5,
|
||||||
0x04, 0x20, 0x52, 0xE2, 0xFB, 0xFF, 0xFF, 0x1A, 0x1E, 0xFF, 0x2F, 0xE1, 0x20, 0xF0, 0x01, 0x40,
|
0x10, 0xff, 0x2f, 0xe1, 0x04, 0x30, 0x90, 0xe4, 0x04, 0x30, 0x81, 0xe4, 0x04,
|
||||||
0x5C, 0xF0, 0x01, 0x40, 0x00, 0x00, 0x02, 0x40, 0x00, 0x00, 0x01, 0x40
|
0x20, 0x52, 0xe2, 0xfb, 0xff, 0xff, 0x1a, 0x1e, 0xff, 0x2f, 0xe1, 0x20, 0xf0,
|
||||||
|
0x01, 0x40, 0x5c, 0xf0, 0x01, 0x40, 0x00, 0x00, 0x02, 0x40, 0x00, 0x00, 0x01,
|
||||||
|
0x40,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
const RCM_PAYLOAD_ADDRESS = 0x40010000;
|
const RCM_PAYLOAD_ADDRESS = 0x40010000;
|
||||||
const INTERMEZZO_LOCATION = 0x4001F000;
|
const INTERMEZZO_LOCATION = 0x4001f000;
|
||||||
const PAYLOAD_LOAD_BLOCK = 0x40020000;
|
const PAYLOAD_LOAD_BLOCK = 0x40020000;
|
||||||
|
|
||||||
function createRCMPayload(intermezzo, payload) {
|
function createRCMPayload(intermezzo, payload) {
|
||||||
const rcmLength = 0x30298;
|
const rcmLength = 0x30298;
|
||||||
|
|
||||||
const intermezzoAddressRepeatCount = (INTERMEZZO_LOCATION - RCM_PAYLOAD_ADDRESS) / 4;
|
const intermezzoAddressRepeatCount =
|
||||||
|
(INTERMEZZO_LOCATION - RCM_PAYLOAD_ADDRESS) / 4;
|
||||||
|
|
||||||
const rcmPayloadSize = Math.ceil((0x2A8 + (0x4 * intermezzoAddressRepeatCount) + 0x1000 + payload.byteLength) / 0x1000) * 0x1000;
|
const rcmPayloadSize =
|
||||||
|
Math.ceil(
|
||||||
|
(0x2a8 +
|
||||||
|
0x4 * intermezzoAddressRepeatCount +
|
||||||
|
0x1000 +
|
||||||
|
payload.byteLength) /
|
||||||
|
0x1000,
|
||||||
|
) * 0x1000;
|
||||||
|
|
||||||
const rcmPayload = new Uint8Array(new ArrayBuffer(rcmPayloadSize))
|
const rcmPayload = new Uint8Array(new ArrayBuffer(rcmPayloadSize));
|
||||||
const rcmPayloadView = new DataView(rcmPayload.buffer);
|
const rcmPayloadView = new DataView(rcmPayload.buffer);
|
||||||
|
|
||||||
rcmPayloadView.setUint32(0x0, rcmLength, true);
|
rcmPayloadView.setUint32(0x0, rcmLength, true);
|
||||||
|
|
||||||
for (let i = 0; i < intermezzoAddressRepeatCount; i++) {
|
for (let i = 0; i < intermezzoAddressRepeatCount; i++) {
|
||||||
rcmPayloadView.setUint32(0x2A8 + i * 4, INTERMEZZO_LOCATION, true);
|
rcmPayloadView.setUint32(0x2a8 + i * 4, INTERMEZZO_LOCATION, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
rcmPayload.set(intermezzo, 0x2A8 + (0x4 * intermezzoAddressRepeatCount));
|
rcmPayload.set(intermezzo, 0x2a8 + 0x4 * intermezzoAddressRepeatCount);
|
||||||
rcmPayload.set(payload, 0x2A8 + (0x4 * intermezzoAddressRepeatCount) + 0x1000);
|
rcmPayload.set(payload, 0x2a8 + 0x4 * intermezzoAddressRepeatCount + 0x1000);
|
||||||
|
|
||||||
return rcmPayload;
|
return rcmPayload;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function bufferToHex(data) {
|
function bufferToHex(data) {
|
||||||
let result = "";
|
let result = "";
|
||||||
for (let i = 0; i < data.byteLength; i++)
|
for (let i = 0; i < data.byteLength; i++)
|
||||||
@ -92,8 +98,6 @@ function bufferToHex(data) {
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
async function write(device, data) {
|
async function write(device, data) {
|
||||||
let length = data.length;
|
let length = data.length;
|
||||||
let writeCount = 0;
|
let writeCount = 0;
|
||||||
@ -112,14 +116,12 @@ async function write(device, data) {
|
|||||||
return writeCount;
|
return writeCount;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function readFileAsArrayBuffer(file) {
|
function readFileAsArrayBuffer(file) {
|
||||||
return new Promise((res, rej) => {
|
return new Promise((res, rej) => {
|
||||||
const reader = new FileReader();
|
const reader = new FileReader();
|
||||||
reader.onload = e => {
|
reader.onload = (e) => {
|
||||||
res(e.target.result);
|
res(e.target.result);
|
||||||
}
|
};
|
||||||
reader.readAsArrayBuffer(file);
|
reader.readAsArrayBuffer(file);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -151,32 +153,41 @@ async function launchPayload(payload) {
|
|||||||
|
|
||||||
logOutput("Trigging vulnerability...");
|
logOutput("Trigging vulnerability...");
|
||||||
const vulnerabilityLength = 0x7000;
|
const vulnerabilityLength = 0x7000;
|
||||||
const smash = await device.controlTransferIn({
|
const smash = await device.controlTransferIn(
|
||||||
requestType: 'standard',
|
{
|
||||||
recipient: 'interface',
|
requestType: "standard",
|
||||||
request: 0x00,
|
recipient: "interface",
|
||||||
value: 0x00,
|
request: 0x00,
|
||||||
index: 0x00
|
value: 0x00,
|
||||||
}, vulnerabilityLength);
|
index: 0x00,
|
||||||
|
},
|
||||||
|
vulnerabilityLength,
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
document.getElementById("goButton").addEventListener("click", async () => {
|
document.getElementById("goButton").addEventListener("click", async () => {
|
||||||
clearLog();
|
clearLog();
|
||||||
var debugCheckbox = document.getElementById("shouldDebug");
|
var debugCheckbox = document.getElementById("shouldDebug");
|
||||||
const payloadPath = document.getElementById("payloadSelect").value;
|
const payloadPath = document.getElementById("payloadSelect").value;
|
||||||
|
|
||||||
if(!debugCheckbox.checked) {
|
if (!debugCheckbox.checked) {
|
||||||
|
if (!navigator.usb) {
|
||||||
|
logOutput(
|
||||||
|
"Your browser doesn't support Web USB, Web CFW Loader will not work!",
|
||||||
|
);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
logOutput("Requesting access to device...");
|
logOutput("Requesting access to device...");
|
||||||
try {
|
try {
|
||||||
device = await navigator.usb.requestDevice({ filters: [{ vendorId: 0x0955 }] });
|
device = await navigator.usb.requestDevice({
|
||||||
} catch (error) {
|
filters: [{ vendorId: 0x0955 }],
|
||||||
console.log(error);
|
});
|
||||||
logOutput("Failed to get a device. Did you chose one?");
|
} catch (error) {
|
||||||
return;
|
console.log(error);
|
||||||
}
|
logOutput("Failed to get a device. Did you chose one?");
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let payload;
|
let payload;
|
||||||
@ -186,19 +197,18 @@ document.getElementById("goButton").addEventListener("click", async () => {
|
|||||||
alert("You need to upload a file, to use an uploaded file.");
|
alert("You need to upload a file, to use an uploaded file.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
logOutput("Using uploaded payload \"" + file.name + "\"");
|
logOutput('Using uploaded payload "' + file.name + '"');
|
||||||
payload = new Uint8Array(await readFileAsArrayBuffer(file));
|
payload = new Uint8Array(await readFileAsArrayBuffer(file));
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
payload = new Uint8Array(await getPayload(payloadPath));
|
payload = new Uint8Array(await getPayload(payloadPath));
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
logOutput("There was a problem retreiving the payload. Error: " + error)
|
logOutput("There was a problem retreiving the payload. Error: " + error);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(debugCheckbox.checked) {
|
if (debugCheckbox.checked) {
|
||||||
logOutput("Logging payload bytes...");
|
logOutput("Logging payload bytes...");
|
||||||
|
|
||||||
var payloadToLog = "";
|
var payloadToLog = "";
|
||||||
@ -210,31 +220,26 @@ document.getElementById("goButton").addEventListener("click", async () => {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
logOutput(`<span style='color:blue'>Preparing to launch ${payloadPath}...</span>`);
|
logOutput(
|
||||||
|
`<span style='color:blue'>Preparing to launch ${payloadPath}...</span>`,
|
||||||
|
);
|
||||||
launchPayload(payload);
|
launchPayload(payload);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function onSelectChange() {
|
function onSelectChange() {
|
||||||
if (document.getElementById("payloadSelect").value === "uploaded")
|
if (document.getElementById("payloadSelect").value === "uploaded")
|
||||||
document.getElementById("uploadContainer").style.display = "block"
|
document.getElementById("uploadContainer").style.display = "block";
|
||||||
else
|
else document.getElementById("uploadContainer").style.display = "none";
|
||||||
document.getElementById("uploadContainer").style.display = "none"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function openInfo() {
|
function openInfo() {
|
||||||
if(document.getElementById("infodiv").innerHTML != "") {
|
if (document.getElementById("infodiv").innerHTML != "") {
|
||||||
document.getElementById("infodiv").innerHTML = "";
|
document.getElementById("infodiv").innerHTML = "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function openInstructions() {
|
function openInstructions() {
|
||||||
if(document.getElementById("infodiv").innerHTML != "") {
|
if (document.getElementById("infodiv").innerHTML != "") {
|
||||||
document.getElementById("infodiv").innerHTML = "";
|
document.getElementById("infodiv").innerHTML = "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user