Add injector

x1/injector/disable_mmu.S

@@ -0,0 +1,17 @@
+.text
+    .align 2
+    .global _start
+
+_start:
+    mov r9, #0
+    ldr r0, =0x67800000
+
+    mrc p15, 0, r10, c1, c0, 0
+    @bic r10, r10, #5  @ disable MMU and dcache
+    bic r10, r10, #1  @ disable MMU
+    @bic r10, r10, #4096  @ disable icache
+    mcr p15, 0, r10, c1, c0, 0 // write ctrl regs
+    #mcr p15, 0, r9, c7, c7, 0 // invalidate cache
+    #mcr p15, 0, r9, c8, c7, 0 // invalidate TLB
+    mov pc, r0
+

x1/injector/inject.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+import sys
+
+
+def main():
+    if len(sys.argv) < 6:
+        print(f"Usage: {sys.argv[0]} total page_offset disable_mmu.bin injected.bin out.bin")
+        sys.exit(1)
+
+    total, offset, dismmu, injected, out = sys.argv[1:6]
+    total = int(total, base=16 if total.startswith('0x') else 10)
+    offset = int(offset, base=16 if offset.startswith('0x') else 10)
+
+    if total % 4 != 0:
+        print(f'Total is not aligned', file=sys.stderr)
+        sys.exit(1)
+    elif offset % (1024 * 64) != 0:
+        print(f'Page offset is not aligned', file=sys.stderr)
+        sys.exit(1)
+
+    with open(dismmu, 'rb') as dmf, open(injected, 'rb') as injf, open(out, 'wb') as out:
+        nop = b'\x00\x00\xa0\xe1'
+        dm = dmf.read()
+        inj = injf.read()
+
+        out.write(dm)
+        out.write(nop * ((offset - len(dm)) // 4))
+        out.write(nop * ((1024 * 64 - len(inj)) // 4))
+        out.write(inj)
+        out.write(nop * ((total - offset - 1024 * 64) // 4))
+
+
+main()