note: all infomations provided here are from observation and reverse-engineering, i.e only suppositions

FARADAY

  • ARM V4 based micro-controller macro FA526
  • openocd was used to break the arm at boot and make a memory dump

dumped memory is already an elf

TODO: 4 bytes PC counter in openocd needs fix for target FA526 

arm-objcopy -I binary -O elf32-littlearm -B arm\
--rename-section .data=.text,readonly,code,load,contents,alloc\
--redefine-sym _binary_cs3516_0x_bin_start=main\
--redefine-sym _binary_cs3516_0x_bin_end=_end\
--redefine-sym _binary_cs3516_0x_bin_size=_size cs3516_0x.bin\
bootrom.elf

arm-objdump -x bootrom.elf 

arm-objdump -m arm -D bootrom.elf > bootrom.s

various notes

openocd.git

git clone git://openocd.git.sourceforge.net/gitroot/openocd/openocd openocd.git
cd openocd.git
./bootstrap 
./configure --enable-maintainer-mode --enable-parport --enable-ft2232_libftdi 
make

openocd

grab 0.2 source from http://developer.berlios.de/projects/openocd 

wget http://download.berlios.de/openocd/openocd-0.4.0.tar.bz2
tar xjvf openocd-0.4.0.tar.bz2
cd openocd-0.4.0/
./configure --enable-parport; make; sudo make install

openocd -f openocd_920.cfg 

Open On-Chip Debugger 0.4.0 (2010-07-31-15:56)
Licensed under GNU GPL v2
For bug reports, read
	http://openocd.berlios.de/doc/doxygen/bugs.html
parport port = 0x0
trst_and_srst separate srst_gates_jtag trst_push_pull srst_open_drain
dcc downloads are enabled
Info : clock speed 500 kHz
Info : JTAG tap: cs351x.cpu tap/device found: 0x00526fa1 (mfg: 0x7d0, part: 0x0526, ver: 0x0)
Info : Embedded ICE version 2
Info : cs351x.cpu: hardware has 2 breakpoint/watchpoint units

telnet localhost 4444 

reset run
halt
resume

insight

grab insight-6.8-1.tar.bz2 from http://sourceware.org/insight/downloads.php 

./configure   --program-prefix=arm- --target=arm-elf --disable-werror
make -j2
make install
arm-insight arch/arm/boot/compressed/vmlinux

'File | Target Settings', set the Connections to: 'Target: Remote/TCP', 'Hostname: localhost' and 'Port: 3333'

* arm reset from insight gdb console : 'monitor reset' or monitor 'soft_reset_halt'

gdb

(gdb) target remote myhost:3333
(gdb) mon targets
    TargetName         Type       Endian TapName            State       
--  ------------------ ---------- ------ ------------------ ------------
 0* cs351x.cpu         fa526      little cs351x.cpu         halted
(gdb) x/128 0x68000000
0x68000000:	0x01000010	0x00000001	0x00000006	0x00000000
0x68000010:	0x00080b00	0x00001000	0x00000000	0x00000000
...................
 
Back to top
faraday.txt · Last modified: 2012/02/20 23:14 (external edit)
Sitemap Recent changes
 
 
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0