CreateRemoteThread/flashkit.py

## flashkit.py
#!/usr/bin/python

# SPI MX25L6405D (8MB)
# ALL ABOARD THE MAGIC SCHOOL BUS

import sys
import struct

lastpkt = 0
pkt_mosi = []
pkt_miso = []

data_out = {}

def dump_output():
  print "Writing to out.bin..."
  f = open("out.bin","wb")
  for i in range(0,0xFFFFFF):
    if i in data_out.keys():
      f.write(chr(data_out[i]))
    else:
      f.write(chr(0x00))
  f.close()
  print "Done."

def process_pkt(pkt_id,mosi,miso):Unfortunately, starting disassembly from 0x3000 doesn't yield success.
  if mosi[0] == 0x03:
    if len(mosi) > 4:
      addr = mosi[1] * 0x10000 + mosi[2] * 0x100 + mosi[3]
      print "Packet %d read at address %s, length %d" % (pkt_id,hex(addr), len(miso[4:]))
      for byte_index in range(0,len(miso[4:])):
        if (addr + byte_index) in data_out.keys():
          if data_out[addr + byte_index] != miso[4+byte_index]:
            print "Byte mismatch at %x [was %02x, is %02x]" % (addr + byte_index, data_out[addr + byte_index], miso[4+byte_index])
            data_out[addr + byte_index] = miso[4+byte_index]
        else:
          data_out[addr + byte_index] = miso[4+byte_index]
    else:
      print "Command 0x03, length insufficient"
  elif mosi[0] == 0x9f:
    print "0x9f RDID Detected, dumping..."
    dump_output()
    sys.exit(0)
  else:
    print "Unknown command %02x" % mosi[0]

def main():
  global pkt_mosi, pkt_miso, lastpkt
  if len(sys.argv) != 2:
    print "usage: ./flashkit.py [flash_bootlog.txt]"
    sys.exit(0)
  else:
    f = open(sys.argv[1])
    data = f.readlines()
    f.close()
    for dataline in data[1:]:
      (clk,pkt,mosi,miso) = dataline.rstrip().split(",")
      if pkt == "":
        print "End of sane SPI Flash detected, breaking"
        break
      if int(pkt) == lastpkt:
        pkt_mosi.append(int(mosi,16))
        pkt_miso.append(int(miso,16))
      else:
        process_pkt(lastpkt,pkt_mosi,pkt_miso)
        lastpkt = int(pkt)
        pkt_mosi = [int(mosi,16)]
        pkt_miso = [int(miso,16)]

if __name__ == "__main__":
  main()
	#!/usr/bin/python

	# SPI MX25L6405D (8MB)
	# ALL ABOARD THE MAGIC SCHOOL BUS

	import sys
	import struct

	lastpkt = 0
	pkt_mosi = []
	pkt_miso = []

	data_out = {}

	def dump_output():
	print "Writing to out.bin..."
	f = open("out.bin","wb")
	for i in range(0,0xFFFFFF):
	if i in data_out.keys():
	f.write(chr(data_out[i]))
	else:
	f.write(chr(0x00))
	f.close()
	print "Done."

	def process_pkt(pkt_id,mosi,miso):Unfortunately, starting disassembly from 0x3000 doesn't yield success.
	if mosi[0] == 0x03:
	if len(mosi) > 4:
	addr = mosi[1] * 0x10000 + mosi[2] * 0x100 + mosi[3]
	print "Packet %d read at address %s, length %d" % (pkt_id,hex(addr), len(miso[4:]))
	for byte_index in range(0,len(miso[4:])):
	if (addr + byte_index) in data_out.keys():
	if data_out[addr + byte_index] != miso[4+byte_index]:
	print "Byte mismatch at %x [was %02x, is %02x]" % (addr + byte_index, data_out[addr + byte_index], miso[4+byte_index])
	data_out[addr + byte_index] = miso[4+byte_index]
	else:
	data_out[addr + byte_index] = miso[4+byte_index]
	else:
	print "Command 0x03, length insufficient"
	elif mosi[0] == 0x9f:
	print "0x9f RDID Detected, dumping..."
	dump_output()
	sys.exit(0)
	else:
	print "Unknown command %02x" % mosi[0]

	def main():
	global pkt_mosi, pkt_miso, lastpkt
	if len(sys.argv) != 2:
	print "usage: ./flashkit.py [flash_bootlog.txt]"
	sys.exit(0)
	else:
	f = open(sys.argv[1])
	data = f.readlines()
	f.close()
	for dataline in data[1:]:
	(clk,pkt,mosi,miso) = dataline.rstrip().split(",")
	if pkt == "":
	print "End of sane SPI Flash detected, breaking"
	break
	if int(pkt) == lastpkt:
	pkt_mosi.append(int(mosi,16))
	pkt_miso.append(int(miso,16))
	else:
	process_pkt(lastpkt,pkt_mosi,pkt_miso)
	lastpkt = int(pkt)
	pkt_mosi = [int(mosi,16)]
	pkt_miso = [int(miso,16)]

	if __name__ == "__main__":
	main()