Keith Makan k3170makan

## kernel.c
void kernel_main(uint32_t r0, uint32_t r1, uint32_t atags){
	(void) r0;
	(void) r1;
	(void) atags;


## boot2.S
	mov sp,#0x8000

	ldr r4, = __bss_start
	ldr r9, = __bss_end
	mov r5, #0
	mov r6, #0
	mov r7, #0
	mov r8, #0

	b 2f

## kernel.c
#include <stddef.h>
#include <stdint.h>

static inline void mmio_write(uint32_t reg,uint32_t data){
	*(volatile uint32_t*)reg = data;
}
static inline uint32_t mmio_read(uint32_t reg){
	return *(volatile uint32_t*) reg;
}
static inline void delay(int32_t count){

## vector.s
;@-------------------------------------------------------------------------
;@-------------------------------------------------------------------------

.globl _start
_start:
    mov sp,#0x8000
    bl notmain
hang: b hang

.globl PUT32

## boot.S
.section ".text.boot"

.global _start

_start:
	mrc p15,#0,r1,c0,c0,#5
	and r1,r1,#3
	cmp r1,#0
	bne halt

## memcoder.py
import struct
import sys
def encode(byte="41_41_41_41"):
    return struct.pack("<I",int(byte.replace("_",""),16))
if __name__=="__main__":
  payload = ""
  for idx,arg in enumerate(sys.argv[1:]):
      payload += encode(arg.split("-")[0])*int(arg.split("-")[1])
  print payload


## payloadgen.py
import sys
from optparse import OptionParser
NSEH = "90_90_0C_eb"
def string(len=1,char="A"):
	return "".join([char for i in range(len)])
def seh_string(len=1,rip="AAAA",char="A"):
	return "".join([char for i in range(len-8)]) + tohex(NSEH) + tohex(rip)
def rip_string(len=1,rip="AAAA",char="A"): #should account for endianess
	return "".join([char for i in range(len-4)]) + tohex(rip)
def tohex(string):

## grantAppPermission.java

    public static void grantAppPermission(Context context, Intent intent, Uri fileUri) {
        List<ResolveInfo> resolvedIntentActivities = context.getPackageManager()
                .queryIntentActivities(intent, PackageManager.MATCH_DEFAULT_ONLY);

        for (ResolveInfo resolvedIntentInfo : resolvedIntentActivities) {
            String packageName = resolvedIntentInfo.activityInfo.packageName;
            context.grantUriPermission(packageName, fileUri,
                    Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);
        }

## CheckEverythingExceptCert.java
    List<ResolveInfo> receiverInfos = packageManager.queryBroadcastReceivers(intent, PackageManager.GET_INTENT_FILTERS);
    assertThat(receiverInfos).isNotEmpty();
    assertThat(receiverInfos.get(0).activityInfo.name)
        .isEqualTo("org.robolectric.ConfigTestReceiverPermissionsAndActions");
    assertThat(receiverInfos.get(0).activityInfo.permission)
        .isEqualTo("org.robolectric.CUSTOM_PERM");
    assertThat(receiverInfos.get(0).filter.getAction(0))
        .isEqualTo("org.robolectric.ACTION_RECEIVER_PERMISSION_PACKAGE");
  }

## TwitterLookupBad.java
	public static Intent getTwitterIntent(Context context, String title, String url) {
		Intent intent = null;
		String text = url + " - " + title;

		final String[] twitterApps = {
			"com.twitter.android",
			"com.twidroid",
			"com.handmark.tweetcaster",
			"com.thedeck.android",
		};
	void kernel_main(uint32_t r0, uint32_t r1, uint32_t atags){
	(void) r0;
	(void) r1;
	(void) atags;
	mov sp,#0x8000

	ldr r4, = __bss_start
	ldr r9, = __bss_end
	mov r5, #0
	mov r6, #0
	mov r7, #0
	mov r8, #0

	b 2f
	#include <stddef.h>
	#include <stdint.h>

	static inline void mmio_write(uint32_t reg,uint32_t data){
	(volatile uint32_t)reg = data;
	}
	static inline uint32_t mmio_read(uint32_t reg){
	return (volatile uint32_t) reg;
	}
	static inline void delay(int32_t count){
	;@-------------------------------------------------------------------------
	;@-------------------------------------------------------------------------

	.globl _start
	_start:
	mov sp,#0x8000
	bl notmain
	hang: b hang

	.globl PUT32
	.section ".text.boot"

	.global _start

	_start:
	mrc p15,#0,r1,c0,c0,#5
	and r1,r1,#3
	cmp r1,#0
	bne halt
	import struct
	import sys
	def encode(byte="41_41_41_41"):
	return struct.pack("<I",int(byte.replace("_",""),16))
	if __name__=="__main__":
	payload = ""
	for idx,arg in enumerate(sys.argv[1:]):
	payload += encode(arg.split("-")[0])*int(arg.split("-")[1])
	print payload
	import sys
	from optparse import OptionParser
	NSEH = "90_90_0C_eb"
	def string(len=1,char="A"):
	return "".join([char for i in range(len)])
	def seh_string(len=1,rip="AAAA",char="A"):
	return "".join([char for i in range(len-8)]) + tohex(NSEH) + tohex(rip)
	def rip_string(len=1,rip="AAAA",char="A"): #should account for endianess
	return "".join([char for i in range(len-4)]) + tohex(rip)
	def tohex(string):

	public static void grantAppPermission(Context context, Intent intent, Uri fileUri) {
	List<ResolveInfo> resolvedIntentActivities = context.getPackageManager()
	.queryIntentActivities(intent, PackageManager.MATCH_DEFAULT_ONLY);

	for (ResolveInfo resolvedIntentInfo : resolvedIntentActivities) {
	String packageName = resolvedIntentInfo.activityInfo.packageName;
	context.grantUriPermission(packageName, fileUri,
	Intent.FLAG_GRANT_WRITE_URI_PERMISSION \| Intent.FLAG_GRANT_READ_URI_PERMISSION);
	}
	List<ResolveInfo> receiverInfos = packageManager.queryBroadcastReceivers(intent, PackageManager.GET_INTENT_FILTERS);
	assertThat(receiverInfos).isNotEmpty();
	assertThat(receiverInfos.get(0).activityInfo.name)
	.isEqualTo("org.robolectric.ConfigTestReceiverPermissionsAndActions");
	assertThat(receiverInfos.get(0).activityInfo.permission)
	.isEqualTo("org.robolectric.CUSTOM_PERM");
	assertThat(receiverInfos.get(0).filter.getAction(0))
	.isEqualTo("org.robolectric.ACTION_RECEIVER_PERMISSION_PACKAGE");
	}
	public static Intent getTwitterIntent(Context context, String title, String url) {
	Intent intent = null;
	String text = url + " - " + title;

	final String[] twitterApps = {
	"com.twitter.android",
	"com.twidroid",
	"com.handmark.tweetcaster",
	"com.thedeck.android",
	};