77 lines
2.1 KiB
Python
77 lines
2.1 KiB
Python
#!/usr/bin/env python3
|
|
import serial
|
|
import struct
|
|
import time
|
|
import binascii
|
|
|
|
SERIAL_PORT = '/dev/ttyUSB1'
|
|
BAUD_RATE = 9600
|
|
|
|
def calculate_checksum(data):
|
|
"""Calculate XOR checksum for AMT protocol"""
|
|
checksum = 0
|
|
for byte in data:
|
|
checksum ^= byte
|
|
return checksum
|
|
|
|
def create_amt_packet(msg_id, payload=b""):
|
|
"""Create properly formatted AMT packet"""
|
|
# Message structure: [0x02][msg_id][payload][checksum][0x02]
|
|
msg = struct.pack('>H', msg_id) + payload # Big-endian message ID
|
|
checksum = calculate_checksum(msg)
|
|
packet = b'\x02' + msg + bytes([checksum]) + b'\x02'
|
|
|
|
# Add 4-byte length header (little-endian)
|
|
length = len(packet)
|
|
return struct.pack('<I', length) + packet
|
|
|
|
def send_serial_command(ser, msg_id, payload=b""):
|
|
"""Send command via serial and read response"""
|
|
packet = create_amt_packet(msg_id, payload)
|
|
print(f"[*] Sending: {binascii.hexlify(packet)}")
|
|
|
|
ser.write(packet)
|
|
time.sleep(1) # Wait for response
|
|
|
|
# Read available data
|
|
response = ser.read_all()
|
|
if response:
|
|
print(f"[+] Response: {binascii.hexlify(response)}")
|
|
else:
|
|
print("[!] No response received")
|
|
|
|
# Key message IDs from analysis
|
|
MSG_SET_BOOT_MODE = 0x1000
|
|
MSG_NVRAM_COMMAND = 0x1FFF
|
|
MSG_GET_VERSION = 0xD1
|
|
MSG_GPS = 0x100D
|
|
|
|
def gps_poweron(ser):
|
|
"""Attempt to turn on GPS"""
|
|
send_serial_command(ser, MSG_GPS, b'\x01')
|
|
|
|
def gps_poweroff(ser):
|
|
"""Attempt to turn off GPS"""
|
|
send_serial_command(ser, MSG_GPS, b'\x00')
|
|
|
|
def change_boot_mode(ser):
|
|
"""Attempt to change boot mode"""
|
|
# Try setting boot mode to debug (may enable more features)
|
|
send_serial_command(ser, MSG_SET_BOOT_MODE, b'\x01') # 1=debug mode
|
|
|
|
def main():
|
|
try:
|
|
with serial.Serial(SERIAL_PORT, BAUD_RATE, timeout=1, rtscts=True, dsrdtr=True) as ser:
|
|
print(f"[*] Connected to {SERIAL_PORT}")
|
|
|
|
# First verify communication
|
|
send_serial_command(ser, MSG_GET_VERSION)
|
|
|
|
change_boot_mode(ser)
|
|
|
|
except Exception as e:
|
|
print(f"[!] Error: {str(e)}")
|
|
|
|
if __name__ == "__main__":
|
|
main()
|