tegra-rcm 0.7.1

A library to help exploit the bootROM exploit for the Tegra X1's RCM mode
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

use std::time::Duration;

use super::Vulnerability;
use crate::SwitchHandle;

impl Vulnerability for SwitchHandle {
    fn backend_name() -> &'static str {
        "macos"
    }

    /// very simple on MacOS, just need to execute a read control
    fn trigger(&self, length: usize) -> crate::Result<()> {
        const GET_STATUS: u8 = 0x0;
        const STANDARD_REQUEST_DEVICE_TO_HOST_TO_ENDPOINT: u8 = 0x82;

        let mut buf = vec![0u8; length];

        let read = self.handle.read_control(
            STANDARD_REQUEST_DEVICE_TO_HOST_TO_ENDPOINT,
            GET_STATUS,
            0,
            0,
            &mut buf,
            Duration::from_secs(1),
        );

        // we expect a timeout, if we did not receive one we should error
        let Err(err) = read else {
            return Err(crate::SwitchError::ExpectedError);
        };

        if err != rusb::Error::Timeout {
            return Err(err.into());
        }

        Ok(())
    }

    /// Macos doesn't currently have an unsupported env
    fn validate_environment(&self) -> crate::Result<()> {
        Ok(())
    }
}