mouseos

# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=MRA58K
ro.build.display.id=P18A_37_TL_HK_20171224_V1.1
ro.build.version.incremental=1514104973
ro.build.version.sdk=23
ro.build.version.preview_sdk=0
ro.build.version.codename=REL
ro.build.version.all_codenames=REL

mouseos

# YunxinTools
## ログイン
6桁の数値を入力する。以下のリクエストが送られる
```bash
curl -H "Host: 47.52.71.117" \
     -H "User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; en-us; A303 Build/MRA58K) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" \
     --compressed \
     "http://47.52.71.117/TGG_UserCenter/mb/at?at=000000&md5=1BE9445BEEB03BBF1E324A27BC65DB96&sha1=14CA8DFB068DB622E7393108543C6486A5E3ACEF&sha256=3424C745AD57BB2900924797879ABCE8C4DD06925CC0DC0FE6484E3786DC4848&imeiOrMeid=866819000031316&msisdn=23C96ECD39E4CCECB385C5F9E84D1278&subscriberId=23C96ECD39E4CCECB385C5F9E84D1278&cpuSeriaNumber=2361144036701172&firmwareVersion=3.18.19&model=6.0&systemVersion=A303&startTime=3H%3A56m&cap=com.yunxin.tools"

```

mouseos

https://github.com/SmileTabLabo/CVE-2022-38181/tree/de3518792fd2f87859111b850998c23bfdccb96a を用いて/proc/kallsymsから抽出

元のアイデア https://xdaforums.com/t/potential-arm-mali-gpu-based-root-firehd-8th-12th-gen-affected.4574635/post-89498086

mouseos

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.3-00228
S - IMAGE_VARIANT_STRING=JAASANAZA
S - OEM_IMAGE_VERSION_STRING=kkkim
S - Boot Config, 0x000000e1
B -       269 - PBL, Start
B -      3108 - bootable_media_detect_entry, Start
B -    101493 - bootable_media_detect_success, Start

mouseos

NEOで見つかったATコマンド

AT%AVR
AT%BROWSER
AT%CAM
AT%CAR
AT%CCT
AT%CODECRC
AT%CONFERENCE

mouseos

PS D:\Android\tools\all\parted_gdisk_fdisk_mkfs.ext4-AARCH64> adb push .\fdisk /tmp
.\fdisk: 1 file pushed, 0 skipped. 118.7 MB/s (541460 bytes in 0.004s)
PS D:\Android\tools\all\parted_gdisk_fdisk_mkfs.ext4-AARCH64> adb push .\gdisk /tmp
.\gdisk: 1 file pushed, 0 skipped. 410.0 MB/s (680612 bytes in 0.002s)
PS D:\Android\tools\all\parted_gdisk_fdisk_mkfs.ext4-AARCH64> adb push .\mkfs.ext4 /tmp
.\mkfs.ext4: 1 file pushed, 0 skipped. 543.8 MB/s (422068 bytes in 0.001s)
PS D:\Android\tools\all\parted_gdisk_fdisk_mkfs.ext4-AARCH64> adb push .\parted /tmp
.\parted: 1 file pushed, 0 skipped. 337.0 MB/s (470788 bytes in 0.001s)
PS D:\Android\tools\all\parted_gdisk_fdisk_mkfs.ext4-AARCH64> adb shell
charlotte:/ # cd /tmp

mouseos

App ID,App Display Name,Version Info,App Name,Path,Package Name,App Version,URL
APL000A00001,UpdateService,5,TouchUpdateService.apk,/authorized/appli/common/TouchUpdateService.apk,jp.co.benesse.touch.update,18202068,https://townak.benesse.ne.jp/rel/A/sp_84/authorized/list/2002/deliveryInfo_APL000A.xml
APL000B00001,OS,3,CT2S_to01.11.000_base01.04.000_update.zip,/authorized/appli/common/CT2S_to01.11.000_base01.04.000_update.zip,,01.11.000,https://townak.benesse.ne.jp/rel/A/sp_84/authorized/list/2002/deliveryInfo_APL000B.xml
APL000B00002,OS,2,CT2L_to02.01.000_base01.06.000_update.zip,/authorized/appli/common/CT2L_to02.01.000_base01.06.000_update.zip,,02.01.000,https://townak.benesse.ne.jp/rel/A/sp_84/authorized/list/2002/deliveryInfo_APL000B.xml
APL000B00003,OS,1,CT2L_to02.01.000_base01.06.000_update.zip,/authorized/appli/common/CT2L_to02.01.000_base01.06.000_update.zip,,02.01.000,https://townak.benesse.ne.jp/rel/A/sp_84/authorized/list/2002/deliveryInfo_APL000B.xml
APL000C00001,ホーム,8,TouchHome.apk,/authorized/a

mouseos

[+] Kernel successfully decompressed in-memory (the offsets that follow will be given relative to the decompressed binary)
[+] Version string: Linux version 3.10.33 (builduser@BuildPC) (gcc version 4.9.x-google 20140827 (prerelease) (GCC) ) #2 SMP PREEMPT Mon Nov 25 22:24:06 JST 2019
[+] Guessed architecture: aarch64 successfully in 1.27 seconds
[+] Found kallsyms_token_table at file offset 0x0092bd00
[+] Found kallsyms_token_index at file offset 0x0092c100
[+] Found kallsyms_markers at file offset 0x0092b400
[+] Found kallsyms_names at file offset 0x00863300
[+] Found kallsyms_num_syms at file offset 0x00863200
[i] Null addresses overall: 0 %
[+] Found kallsyms_addresses at file offset 0x007dd400

mouseos

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.2.C2-00030
S - IMAGE_VARIANT_STRING=DAASANAZA
S - OEM_IMAGE_VERSION_STRING=buildservera-All-Series
S - Boot Config, 0x000000e1
B -      1567 - PBL, Start
B -      4546 - bootable_media_detect_entry, Start
B -     86041 - bootable_media_detect_success, Start

mouseos

import numpy as np
import matplotlib.pyplot as plt
from scipy.io import wavfile
from scipy.signal import stft, istft
import os
import japanize_matplotlib
# wavファイルを読み込む
sample_rate, data = wavfile.read('./output.wav')
bit_depth = data.dtype.itemsize * 8  # 量子化ビット数を計算する
full_scale = 2 ** (bit_depth - 1)  # 0 dBFSの値を計算する