|
| 1 | +from __future__ import unicode_literals |
| 2 | + |
| 3 | +import ctypes |
| 4 | +import io |
| 5 | +import os |
| 6 | +import sys |
| 7 | + |
| 8 | +from pwnlib.log import getLogger |
| 9 | + |
| 10 | +log = getLogger(__name__) |
| 11 | + |
| 12 | +BOOT_MAGIC = b"ANDROID!" |
| 13 | +BOOT_MAGIC_SIZE = 8 |
| 14 | +BOOT_NAME_SIZE = 16 |
| 15 | +BOOT_ARGS_SIZE = 512 |
| 16 | +BOOT_EXTRA_ARGS_SIZE = 1024 |
| 17 | + |
| 18 | + |
| 19 | +class boot_img_hdr(ctypes.Structure): |
| 20 | + _fields_ = [ |
| 21 | + ('magic', ctypes.c_char * BOOT_MAGIC_SIZE), |
| 22 | + |
| 23 | + ('kernel_size', ctypes.c_uint32), |
| 24 | + ('kernel_addr', ctypes.c_uint32), |
| 25 | + |
| 26 | + ('ramdisk_size', ctypes.c_uint32), |
| 27 | + ('ramdisk_addr', ctypes.c_uint32), |
| 28 | + |
| 29 | + ('second_size', ctypes.c_uint32), |
| 30 | + ('second_addr', ctypes.c_uint32), |
| 31 | + |
| 32 | + ('tags_addr', ctypes.c_uint32), |
| 33 | + ('page_size', ctypes.c_uint32), |
| 34 | + ('unused', ctypes.c_uint32), |
| 35 | + |
| 36 | + ('os_version', ctypes.c_uint32), |
| 37 | + |
| 38 | + ('name', ctypes.c_char * BOOT_NAME_SIZE), |
| 39 | + ('cmdline', ctypes.c_char * BOOT_ARGS_SIZE), |
| 40 | + ('id', ctypes.c_char * 8), |
| 41 | + |
| 42 | + ('extra_cmdline', ctypes.c_char * BOOT_EXTRA_ARGS_SIZE), |
| 43 | + ] |
| 44 | + |
| 45 | +class BootImage(object): |
| 46 | + def __init__(self, data): |
| 47 | + self.data = data |
| 48 | + self.header = boot_img_hdr.from_buffer_copy(data) |
| 49 | + |
| 50 | + PAGE = self.header.page_size |
| 51 | + |
| 52 | + self.kernel = self.data[PAGE:PAGE+self.header.kernel_size] |
| 53 | + |
| 54 | + def __getattr__(self, name): |
| 55 | + value = getattr(self.header, name, None) |
| 56 | + if value is not None: |
| 57 | + return value |
| 58 | + return getattr(super(BootImage, self), name) |
0 commit comments