diff --git a/.gitignore b/.gitignore index d053583..a1e4097 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ disc/BDMV/index.bdmv disc/BDMV/MovieObject.bdmv disc/BDMV/JAR/00000.jar disc/BDMV/BDJO/00000.bdjo +META-INF/ +bd-jb.iml diff --git a/Makefile b/Makefile index c9d6734..8dc2964 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,6 @@ EXPLOIT_CLASSES = \ $(SRC)/com/bdjb/api/KernelAPI.java \ $(SRC)/com/bdjb/api/Buffer.java \ $(SRC)/com/bdjb/api/Text.java \ - $(SRC)/com/bdjb/api/AbstractInt.java \ $(SRC)/com/bdjb/api/Int8.java \ $(SRC)/com/bdjb/api/Int16.java \ $(SRC)/com/bdjb/api/Int32.java \ diff --git a/src/com/bdjb/api/API.java b/src/com/bdjb/api/API.java index 618ff1a..8f6b41d 100644 --- a/src/com/bdjb/api/API.java +++ b/src/com/bdjb/api/API.java @@ -440,6 +440,14 @@ public final class API { return unsafe.allocateMemory(size); } + public long calloc(long number, long size) { + long p = malloc(number * size); + if (p != 0) { + memset(p, 0, number * size); + } + return p; + } + public long realloc(long ptr, long size) { return unsafe.reallocateMemory(ptr, size); } diff --git a/src/com/bdjb/api/AbstractInt.java b/src/com/bdjb/api/AbstractInt.java deleted file mode 100644 index 030f315..0000000 --- a/src/com/bdjb/api/AbstractInt.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (C) 2021-2024 Andy Nguyen - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -package com.bdjb.api; - -abstract class AbstractInt extends Buffer { - private final int[] dimensions; - - private final int elementSize; - - protected AbstractInt(int[] dimensions, int elementSize) { - super(size(dimensions, elementSize)); - this.dimensions = dimensions; - this.elementSize = elementSize; - } - - protected AbstractInt(long address, int[] dimensions, int elementSize) { - super(address, size(dimensions, elementSize)); - this.dimensions = dimensions; - this.elementSize = elementSize; - } - - protected AbstractInt(long address, int elementSize) { - this(address, new int[] {1}, elementSize); - } - - protected AbstractInt(int elementSize) { - this(new int[] {1}, elementSize); - } - - static int size(int[] dimensions, int elementSize) { - assert (dimensions.length > 0); - int size = 1; - for (int i = 0; i < dimensions.length; i++) { - size *= dimensions[i]; - } - size *= elementSize; - return size; - } - - public int offset(int[] indices) { - assert (indices.length == dimensions.length); - int offset = 0; - int stride = 1; - for (int i = indices.length - 1; i >= 0; i--) { - offset += stride * indices[i]; - stride *= dimensions[i]; - } - offset *= elementSize; - checkOffset(offset, elementSize); - return offset; - } -} diff --git a/src/com/bdjb/api/Buffer.java b/src/com/bdjb/api/Buffer.java index 222604e..4b76735 100644 --- a/src/com/bdjb/api/Buffer.java +++ b/src/com/bdjb/api/Buffer.java @@ -22,24 +22,13 @@ public class Buffer { private final int size; - private final boolean allocated; - public Buffer(int size) { - this.address = api.malloc(size); + this.address = api.calloc(1, size); this.size = size; - this.allocated = true; - } - - public Buffer(long address, int size) { - this.address = address; - this.size = size; - this.allocated = false; } public void finalize() { - if (allocated) { - api.free(address); - } + api.free(address); } public long address() { diff --git a/src/com/bdjb/api/Int16.java b/src/com/bdjb/api/Int16.java index b715dd0..67045b7 100644 --- a/src/com/bdjb/api/Int16.java +++ b/src/com/bdjb/api/Int16.java @@ -7,23 +7,16 @@ package com.bdjb.api; -public final class Int16 extends AbstractInt { +public final class Int16 extends Buffer { public static final int SIZE = 2; public Int16() { super(SIZE); } - public Int16(long address) { - super(address, SIZE); - } - - public Int16(int[] dimensions) { - super(dimensions, SIZE); - } - - public Int16(long address, int[] dimensions) { - super(address, dimensions, SIZE); + public Int16(short value) { + this(); + set(value); } public short get() { @@ -33,12 +26,4 @@ public final class Int16 extends AbstractInt { public void set(short value) { putShort(0x00, value); } - - public short get(int[] indices) { - return getShort(offset(indices)); - } - - public void set(int[] indices, short value) { - putShort(offset(indices), value); - } } diff --git a/src/com/bdjb/api/Int16Array.java b/src/com/bdjb/api/Int16Array.java new file mode 100644 index 0000000..e9f0be7 --- /dev/null +++ b/src/com/bdjb/api/Int16Array.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2021-2024 Andy Nguyen + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +package com.bdjb.api; + +public final class Int16Array extends Buffer { + public Int16Array(int length) { + super(Int16.SIZE); + } + + public short get(int index) { + return getShort(index * Int16.SIZE); + } + + public void set(int index, short value) { + putShort(index * Int16.SIZE, value); + } +} diff --git a/src/com/bdjb/api/Int32.java b/src/com/bdjb/api/Int32.java index 813ea61..2440871 100644 --- a/src/com/bdjb/api/Int32.java +++ b/src/com/bdjb/api/Int32.java @@ -7,23 +7,16 @@ package com.bdjb.api; -public final class Int32 extends AbstractInt { +public final class Int32 extends Buffer { public static final int SIZE = 4; public Int32() { super(SIZE); } - public Int32(long address) { - super(address, SIZE); - } - - public Int32(int[] dimensions) { - super(dimensions, SIZE); - } - - public Int32(long address, int[] dimensions) { - super(address, dimensions, SIZE); + public Int32(int value) { + this(); + set(value); } public int get() { @@ -33,12 +26,4 @@ public final class Int32 extends AbstractInt { public void set(int value) { putInt(0x00, value); } - - public int get(int[] indices) { - return getInt(offset(indices)); - } - - public void set(int[] indices, int value) { - putInt(offset(indices), value); - } } diff --git a/src/com/bdjb/api/Int32Array.java b/src/com/bdjb/api/Int32Array.java new file mode 100644 index 0000000..6588a6c --- /dev/null +++ b/src/com/bdjb/api/Int32Array.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2021-2024 Andy Nguyen + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +package com.bdjb.api; + +public final class Int32Array extends Buffer { + public Int32Array(int length) { + super(Int32.SIZE); + } + + public int get(int index) { + return getInt(index * Int32.SIZE); + } + + public void set(int index, int value) { + putInt(index * Int32.SIZE, value); + } +} diff --git a/src/com/bdjb/api/Int64.java b/src/com/bdjb/api/Int64.java index 1b92412..2818389 100644 --- a/src/com/bdjb/api/Int64.java +++ b/src/com/bdjb/api/Int64.java @@ -7,23 +7,16 @@ package com.bdjb.api; -public final class Int64 extends AbstractInt { +public final class Int64 extends Buffer { public static final int SIZE = 8; public Int64() { super(SIZE); } - public Int64(long address) { - super(address, SIZE); - } - - public Int64(int[] dimensions) { - super(dimensions, SIZE); - } - - public Int64(long address, int[] dimensions) { - super(address, dimensions, SIZE); + public Int64(long value) { + this(); + set(value); } public long get() { @@ -33,12 +26,4 @@ public final class Int64 extends AbstractInt { public void set(long value) { putLong(0x00, value); } - - public long get(int[] indices) { - return getLong(offset(indices)); - } - - public void set(int[] indices, long value) { - putLong(offset(indices), value); - } } diff --git a/src/com/bdjb/api/Int64Array.java b/src/com/bdjb/api/Int64Array.java new file mode 100644 index 0000000..b182524 --- /dev/null +++ b/src/com/bdjb/api/Int64Array.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2021-2024 Andy Nguyen + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +package com.bdjb.api; + +public final class Int64Array extends Buffer { + public Int64Array(int length) { + super(Int64.SIZE); + } + + public long get(int index) { + return getLong(index * Int64.SIZE); + } + + public void set(int index, long value) { + putLong(index * Int64.SIZE, value); + } +} diff --git a/src/com/bdjb/api/Int8.java b/src/com/bdjb/api/Int8.java index 243b25c..a02e351 100644 --- a/src/com/bdjb/api/Int8.java +++ b/src/com/bdjb/api/Int8.java @@ -7,23 +7,16 @@ package com.bdjb.api; -public final class Int8 extends AbstractInt { +public final class Int8 extends Buffer { public static final int SIZE = 1; public Int8() { super(SIZE); } - public Int8(long address) { - super(address, SIZE); - } - - public Int8(int[] dimensions) { - super(dimensions, SIZE); - } - - public Int8(long address, int[] dimensions) { - super(address, dimensions, SIZE); + public Int8(byte value) { + this(); + set(value); } public byte get() { @@ -33,12 +26,4 @@ public final class Int8 extends AbstractInt { public void set(byte value) { putByte(0x00, value); } - - public byte get(int[] indices) { - return getByte(offset(indices)); - } - - public void set(int[] indices, byte value) { - putByte(offset(indices), value); - } } diff --git a/src/com/bdjb/api/Int8Array.java b/src/com/bdjb/api/Int8Array.java new file mode 100644 index 0000000..ac463c3 --- /dev/null +++ b/src/com/bdjb/api/Int8Array.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2021-2024 Andy Nguyen + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +package com.bdjb.api; + +public final class Int8Array extends Buffer { + public Int8Array(int length) { + super(Int8.SIZE); + } + + public byte get(int index) { + return getByte(index * Int8.SIZE); + } + + public void set(int index, byte value) { + putByte(index * Int8.SIZE, value); + } +} diff --git a/src/com/bdjb/api/KernelAPI.java b/src/com/bdjb/api/KernelAPI.java index 52b45e4..99af4fc 100644 --- a/src/com/bdjb/api/KernelAPI.java +++ b/src/com/bdjb/api/KernelAPI.java @@ -40,6 +40,8 @@ public class KernelAPI { private long fcntl; private long close; + private long kaslrOffset; + private int masterRpipeFd; private int masterWpipeFd; private int victimRpipeFd; @@ -77,16 +79,16 @@ public class KernelAPI { } private void initPipes() { - Int32 masterPipeFd = new Int32(new int[] {2}); - Int32 victimPipeFd = new Int32(new int[] {2}); + Int32Array masterPipeFd = new Int32Array(2); + Int32Array victimPipeFd = new Int32Array(2); pipe(masterPipeFd); pipe(victimPipeFd); - masterRpipeFd = masterPipeFd.get(new int[] {0}); - masterWpipeFd = masterPipeFd.get(new int[] {1}); - victimRpipeFd = victimPipeFd.get(new int[] {0}); - victimWpipeFd = victimPipeFd.get(new int[] {1}); + masterRpipeFd = masterPipeFd.get(0); + masterWpipeFd = masterPipeFd.get(1); + victimRpipeFd = victimPipeFd.get(0); + victimWpipeFd = victimPipeFd.get(1); fcntl(masterRpipeFd, F_SETFL, O_NONBLOCK); fcntl(masterWpipeFd, F_SETFL, O_NONBLOCK); @@ -94,7 +96,7 @@ public class KernelAPI { fcntl(victimWpipeFd, F_SETFL, O_NONBLOCK); } - private int pipe(Int32 fildes) { + private int pipe(Int32Array fildes) { return (int) api.call(pipe, fildes != null ? fildes.address() : 0); } @@ -181,7 +183,23 @@ public class KernelAPI { return masterRpipeFd; } + public int getMasterWpipeFd() { + return masterWpipeFd; + } + public int getVictimRpipeFd() { return victimRpipeFd; } + + public int getVictimWpipeFd() { + return victimWpipeFd; + } + + public long getKaslrOffset() { + return kaslrOffset; + } + + public void setKaslrOffset(long offset) { + kaslrOffset = offset; + } }