📄 nvdiag.c
字号:
else
{
check_digit = 10 - ((cd_sum + 10) % 10) + '0';
}
return check_digit;
}
#endif
/*===========================================================================
FUNCTION NVDIAG_WRITE
DESCRIPTION
This procedure processes a request to write an NV item. It is overloaded
to also do the "NV Write Online" command. It is important that changes
in one command should get reflected automatically in the other.
DEPENDENCIES
None.
RETURN VALUE
Pointer to response packet.
SIDE EFFECTS
None.
============================================================================*/
PACKED void * nvdiag_write (
PACKED void *req_pkt,
uint16 pkt_len
)
{
DIAG_NV_WRITE_F_req_type *req = (DIAG_NV_WRITE_F_req_type *) req_pkt;
DIAG_NV_WRITE_F_rsp_type *rsp;
const int rsp_len = sizeof( DIAG_NV_WRITE_F_rsp_type );
nv_items_enum_type eItem = (nv_items_enum_type) req->item;
nv_item_type *pItemData = (nv_item_type *) &req->item_data[0];
#ifdef FEATURE_DIAG_MEID_ENABLE
qword meid; /* Mobile Equipment Identifier */
qword meid_0; /* MEID with value 0 */
dword pesn; /* Pseudo-ESN */
nv_items_enum_type eItemtemp; /* temp Item ID */
nv_item_type ItemDatatemp; /* temp Item Data */
nv_stat_enum_type nv_status; /* nv status */
#endif /* FEATURE_DIAG_MEID_ENABLE */
boolean ok_to_write; /* boolean flag */
#ifdef _SAMSUNG_MP_IMEI_WRITE // diag啊 罐篮 checksum捞 蔼捞 撇妨档 弊措肺 历厘窍骨肺 巩力啊 登均澜
// checksum阑 公炼扒 促矫 霸魂窍档废 窃
/* sec_ui2_kkw_20050920_3 start*/
if(eItem==NV_UE_IMEI_I){
/* 馆汗巩焊促 公侥茄 霸 歹 fast */
input_imei_ascii2[0] = ((req->item_data[1])>>4)+'0';
input_imei_ascii2[1] = ((req->item_data[2])&0x0f)+'0';
input_imei_ascii2[2] = ((req->item_data[2])>>4)+'0';
input_imei_ascii2[3] = ((req->item_data[3])&0x0f)+'0';
input_imei_ascii2[4] = ((req->item_data[3])>>4)+'0';
input_imei_ascii2[5] = ((req->item_data[4])&0x0f)+'0';
input_imei_ascii2[6] = ((req->item_data[4])>>4)+'0';
input_imei_ascii2[7] = ((req->item_data[5])&0x0f)+'0';
input_imei_ascii2[8] = ((req->item_data[5])>>4)+'0';
input_imei_ascii2[9] = ((req->item_data[6])&0x0f)+'0';
input_imei_ascii2[10] = ((req->item_data[6])>>4)+'0';
input_imei_ascii2[11] = ((req->item_data[7])&0x0f)+'0';
input_imei_ascii2[12] = ((req->item_data[7])>>4)+'0';
input_imei_ascii2[13] = ((req->item_data[8])&0x0f)+'0';
input_imei_ascii2[14] = cal_imei_cd2();
pItemData->ue_imei.ue_imei[8] = (input_imei_ascii2[13] - '0') & 0x0F;
pItemData->ue_imei.ue_imei[8] = (((input_imei_ascii2[14] - '0') << 4) | pItemData->ue_imei.ue_imei[8]);
}
/* end */
#endif
/*-----------------------------------------------------------------------
First check to see if this item is not allowed to be read. If it isn't,
we will return an error packet. NOTE: These items are unwritable,
even if security is unlocked!
-----------------------------------------------------------------------*/
if ( unwritable_nv_item(eItem) ) {
return( diagpkt_err_rsp( DIAG_BAD_PARM_F, req_pkt, pkt_len ));
}
/*-----------------------------------------------------------------------
Next check to see if this item we're writing is a SP item, and if
it is, make sure the SPC has been entered properly first, or that
security is unlocked. If it hasn't, we will return an error packet.
Also make sure the security password is not unwritten. If the security
password is unwritten, then we rely on the SPC state flag.
-----------------------------------------------------------------------*/
else if ( sp_nv_write_item(eItem) &&
(diag_get_sp_state() == DIAG_SPC_LOCKED ) &&
((diag_get_security_state() == DIAG_SEC_LOCKED) ||
diag_check_password (NULL) == TRUE))
{
return( diagpkt_err_rsp( DIAG_BAD_SPC_MODE_F, req_pkt, pkt_len) );
}
/*-----------------------------------------------------------------------
Next, see if the item being written is the ESN.
We can't ever write the ESN if security is locked.
Return the error packet for invalid security mode.
-----------------------------------------------------------------------*/
else if ((eItem == NV_ESN_I
#ifdef FEATURE_NV_MEID_ENABLE
|| eItem == NV_MEID_I
#endif /* FEATURE_NV_MEID_ENABLE */
) && diag_get_security_state() == DIAG_SEC_LOCKED)
{
MSG_MED ( "Bad security mode: %d, %d",
DIAG_BAD_SEC_MODE_F, diag_get_security_state(), 0 );
return( diagpkt_err_rsp( DIAG_BAD_SEC_MODE_F, req_pkt, pkt_len) );
}
rsp = (DIAG_NV_WRITE_F_rsp_type *)diagpkt_alloc( DIAG_NV_WRITE_F, rsp_len );
if( rsp == NULL ) {
/* If we can't allocate, diagpkt_err_rsp() can't either. */
return (NULL);
}
/*-----------------------------------------------------------------------
If security is unlocked and ESN is something other than 0, and the
password is all 0xfffff's (default, unwritten) then we can't overwrite it.
Return status as if this was reported from NV in the old way - with
status NV_READONLY.
-----------------------------------------------------------------------*/
#ifdef FEATURE_DIAG_MEID_ENABLE
if (mcc_meid_supported())
{
/* MEID is supported */
if ( eItem == NV_ESN_I || eItem == NV_MEID_I)
{
ok_to_write = FALSE; /* set default value of ok_to_write to FALSE */
/* check if the ESN is zero */
if (diagnv_get_esn() == 0L)
{
/* ESN is zero */
/* check the MEID */
#ifdef FEATURE_NV_MEID_ENABLE
nv_status = diagnv_get_meid (meid);
#endif
qw_set(meid_0, 0L, 0L); /* initialize meid_0 to a value zero */
if ( (nv_status == NV_DONE_S && qw_cmp(meid, meid_0) == 0) ||
nv_status == NV_NOTACTIVE_S )
{
/* MEID is zero */
if (eItem == NV_ESN_I )
{
/* We are trying to write an ESN
* The ESN can be wriiten only when
* 1. the MEID is zero
* 2. the ESN is zero
* 3. the ESN in the request is not a pseudo-ESN
* 4. The Mobile P_REV is less than 11,
* i.e. mcc_esn_programming_is_allowed_with_meid_support() = TRUE
* For P_REV 11 and later, mcc_esn_programming_is_allowed_with_meid_support() = FALSE
* the ESN is no longer programmable by itself
*/
if ( mcc_esn_programming_is_allowed_with_meid_support() &&
((pItemData->esn.esn & NVDIAG_PESN_PREFIX_MASK) != NVDIAG_PESN_PREFIX ) )
{
/* both the MEID and ESN are zero and the
* new esn is not a pesn
*/
ok_to_write = TRUE;
}
}
else if (eItem == NV_MEID_I )
{
/* We are trying to write the MEID
* We need to write the ESN first and the MEID CD
* get the MEID from the request packet
* Get MEID from the request
*/
qw_equ(meid, pItemData->meid);
pesn = mcc_meid_get_pesn(meid);
/* populate a ESN write request with the pesn */
eItemtemp = NV_ESN_I; /* set Item ID to NV_ESN_I */
ItemDatatemp.esn.esn = pesn; /* set Item Data to pesn */
nv_status = diag_nv_write (eItemtemp, &ItemDatatemp);
if (nv_status == NV_DONE_S)
{
/* now we can write the MEID */
ok_to_write = TRUE;
}
else
{
/* write failed */
MSG_MED("NVWRITE PESN Failed rc=%d", nv_status,0,0);
}
}
else
{
/* Not ESN or MEID */
ok_to_write = TRUE;
} /* if (eItem == NV_ESN_I ) */
} /* if ( (nv_status == NV_DONE_S && qw_cmp(meid, meid_0) == 0) ... */
} /* if (diagnv_get_esn() == 0L) */
} /* if ( eItem == NV_ESN_I || eItem == NV_MEID_I) */
else
{
/* The write is not ESN or MEID, let it through */
ok_to_write = TRUE;
}
} /* if (mcc_meid_supported()) */
else
#endif /* FEATURE_DIAG_MEID_ENABLE */
{
if ((eItem == NV_ESN_I && diagnv_get_esn () != 0 )
#ifdef FEATURE_NV_MEID_ENABLE
|| eItem == NV_MEID_I
#endif /* FEATURE_NV_MEID_ENABLE */
)
{
/* we can not allow writes to a non-zero ESN */
ok_to_write = FALSE;
}
else
{
/* The write is ok, let it through */
ok_to_write = TRUE;
}
}
if (!ok_to_write)
{
/*-----------------------------------------------------------------------
The response packet is the same format
as the request packet, so start by copying the data.
-----------------------------------------------------------------------*/
rsp->item = req->item;
memcpy( (void *) ( rsp->item_data ),
(void *) ( req->item_data ),
DIAG_NV_ITEM_SIZE);
/* Set the status of the operation to READONLY */
rsp->nv_stat = NV_READONLY_S;
} else
{
/* If neither of those special cases, then we're allowed to write.
The response packet is the same format as the request packet, so
start by copying the data. */
rsp->item = req->item;
memcpy( (void *) ( rsp->item_data ),
(void *) ( req->item_data ),
DIAG_NV_ITEM_SIZE);
#if !defined(FEATURE_HWTC) && !defined(FEATURE_GSM_PLT)
/* Check to see if it's one of the items that would trigger a
parameter change registration */
chk_registration_parameter_chg(req);
#endif /* !FEATURE_HWTC */
/*-----------------------------------------------------------------------
Packet command id looks ok, format a command to NV to write the item.
will wait for the response.
-----------------------------------------------------------------------*/
/* Send the status of the operation back to dm */
rsp->nv_stat = diag_nv_write (eItem, pItemData);
}
return ( rsp );
} /* nvdiag_write */
#ifdef FEATURE_SIRIUS
#error code not present
#endif
/*===========================================================================
FUNCTION NVDIAG_SPC
DESCRIPTION
Processes an entry of the Service Programming Code. This function reads
the security code from NV, and compares it to what was sent in the packet.
If they are the same, the successful SPC entry is noted in this task, and
a value of TRUE is returned to the external device.
If they are NOT the same, SP remains locked, a value of false is returned
to the external device, and a rex_timed_wait is called, to make DIAG pause
for 10 seconds, to deter hackers who are trying all possible SPC's.
===========================================================================*/
PACKED void * nvdiag_spc (
PACKED void *req_pkt,
uint16 pkt_len
)
{
DIAG_SPC_F_req_type *req = (DIAG_SPC_F_req_type *)req_pkt;
DIAG_SPC_F_rsp_type *rsp;
const int rsp_len = sizeof(DIAG_SPC_F_rsp_type);
int i;
nv_sec_code_type sec_code;
rsp = (DIAG_SPC_F_rsp_type *)diagpkt_alloc(DIAG_SPC_F, rsp_len);
/*------------------------------------------------------------------------*/
#ifndef FEATURE_HWTC
if ( diag_nv_read (NV_SEC_CODE_I, &sec_code) != NV_DONE_S ) {
MSG_HIGH("Failed to read Security Code", 0, 0, 0);
/* Since we couldn't check it, assume it was wrong (but don't make diag
** timeout)
*/
rsp->sec_code_ok = FALSE;
}
else
{
/* Start out assuming it is ok */
rsp->sec_code_ok = TRUE;
diag_set_sp_state (DIAG_SPC_UNLOCKED);
/* Now check every character in the code, and make sure they match! */
for (i = 0; i < NV_SEC_CODE_SIZE; i++) {
/* If a character doesn't match, set the return value to False, and
** break out of this loop.
*/
if (req->sec_code.digits[i] != sec_code.digits[i])
{
rsp->sec_code_ok = FALSE;
diag_set_sp_state (DIAG_SPC_LOCKED);
diagpkt_commit (rsp);
rsp = NULL;
diag_timeout ();
break;
}
}
}
#else /* FEATURE_HWTC */
#error code not present
#endif /* FEATURE_HWTC */
return (rsp);
(void) pkt_len; /* suppress compiler warning */
} /* nvdiag_spc */
#ifdef FEATURE_SAVE_SMS
#error code not present
#endif /* FEATURE_SAVE_SMS */
static const diagpkt_user_table_entry_type nvdiag_tbl[] =
{
{DIAG_NV_READ_F, DIAG_NV_READ_F, nvdiag_read},
{DIAG_NV_WRITE_F, DIAG_NV_WRITE_F, nvdiag_write},
#ifndef FEATURE_DIAG_DISALLOW_MEM_OPS
{DIAG_NV_PEEK_F, DIAG_NV_PEEK_F, nvdiag_peek},
{DIAG_NV_POKE_F, DIAG_NV_POKE_F, nvdiag_poke},
#endif
#ifdef FEATURE_SAVE_SMS
#error code not present
#endif
{DIAG_SPC_F, DIAG_SPC_F, nvdiag_spc},
};
#ifdef __cplusplus
DIAGPKT_DISPATCH_AUTOREGISTER (DIAGPKT_NO_SUBSYS_ID, nvdiag_tbl);
#else
void nvdiag_init (void)
{
DIAGPKT_DISPATCH_TABLE_REGISTER (DIAGPKT_NO_SUBSYS_ID, nvdiag_tbl);
}
#endif
/* Restore error reporting for these symbols */
/*lint +esym(715,pkt_len,req) */
#ifdef __cplusplus
}
#endif
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -