Add new hv exploit.

This commit is contained in:
Andy Nguyen
2026-05-17 11:54:10 +02:00
parent fbe5ae0c32
commit eb886e9467
22 changed files with 640 additions and 186 deletions

View File

@@ -27,18 +27,19 @@ __attribute__((section(".entry_point"))) uint32_t main(uint64_t add1,
if ((0x0300 <= args_ptr->fw_version) && (args_ptr->fw_version < 0x0500)) {
if (hv_defeat_0304(args_ptr))
return -1;
// Now we can R/W on .text
init_global_pointers(args_ptr);
patch_hv_0304();
} else if ((0x0500 <= args_ptr->fw_version) &&
(args_ptr->fw_version < 0x0650)) {
// escape_hv_0506();
// Now we can R/W on .text
// init_global_pointers(args_ptr);
// Already escaped.
} else {
return 0;
}
// Now we can R/W on .text
init_global_pointers(args_ptr);
// Disable CFI to allow smp_rendezvous.
*(uint8_t *)args_ptr->kernel_cfi_check = 0xC3;
boot_linux();
printf("Linux prepared OK\n");