GitLab

nexmon: is now available for the samsung galaxy s2 (sgs2), currently as a proof of concept with ucode compression and up to 32 flash patches.
ucode_extractor: tool to extract ucode that was stored in a compressed form where 8 ucode bytes are stored in 7 bytes in the arm firmware.
flashpatching: flashpatches are again build into the patch.elf file, as we run into problems, when trying to call self written functions from flashpatches.

nexmon: flashpatches are not linked into a separate flashpatches.elf file to avoid collisions with possible dummies from wrapper.c in addition we simplified the Makefile and extracted awk files. All addresses are now defined in the Makefile that generates a memory.generated.ld file for the linker.

nexmon, nexmon_nexus6p: fixed the order of included linker files to make flash patch definitions work in every C file. added project for nexus6p which already has a working monitor mode with radio tap headers

dhdutil: added entry in debug_info_ptrs to read out the console of the Nexus 6P firmware of a BCM4358 chip.

firmware_patching: added the hndrte_init_timer function to helper.c until we find it in the firmware.

nexmon, gcc plugin: up to now, it was not possible to place flash patches in multiple files and it was also not always working to use the targetregion pragma in multiple C files. In this commit we heavily rewrote our gcc plugin. It now produces an intermediate nexmon.generated.pre file that contains information about functions, variables and section that should be placed into the firmware. Then we call a couple of awk commands to produce nexmon.generated.mk, nexmon.generated.ld, flashpatches.generated.mk and flashpatches.generated.ld files which will be used for linking and patching the firmware binary. The *.generated.mk/ld files are similar to the ones used before, but now the regions are gathered at the end and sorted by name as well.

flash_patch_extractor: new tool to extract flashpatches from an existing firmware file and write them into a C file.

nexmon, gcc plugin: updated nexmon patch to inject at 5 GHz with OFDM modulated signals. added new targetregion pragma to gcc plugin to place functions that have no specific target address in a predefined memory region.

nexmon, gcc plugin: we introduced the targetregion pragma to define in which region not explicitly placed functions should be placed.

nexmon, gcc plugin: flash patching is now working in a proof of concept that hooks the printf function. the linker script now contains memory regions so that sections can be placed in regions. the gcc plugin now checks wheather the first parameter of the 'at' attribute is a string or an interger. if it is an integer it interprets it as an address where the symbol should be placed. if it is a string it currently converts it to an integer, but in the future it will interpret the string as a region in which a symbol should be placed.

nexmon app, nexmon: frame injection is now really fixed (hopefully). You can inject frames and surf the internet at the same time.

nexmon: disabled the dma_attach hook that increases the header size for every dma frame. Now, browsing the web works again ;-).

nexmon: added a missing address in the wrapper.c file. without the address, the firmware crashed when using the wifi normally. now it works to ping google, but it does not work to use the browser - for whatever reason

nexmon, gcc plugin, wrapper: I extended the 'at' attribute to include a chip and firmware version, so that code can be written for multiple firmware and chip versions. Addtitionally, radiotap functions are now extracted into a separate file.

nexmon app: a Makefile is now used to copy all necessary binaries to app/src/main/assets/nexmon. Additionally, we updated the nexmon firmware to fix frame injection.