Damus
Mäh W. profile picture
Mäh W.
@Mäh W.

👨‍💻 I am interested in wired & radio communication, DSP, (embedded) software dev & engineering, FOSS, reverse engineering, IT security, space, programmable and non-programmable bricks, old and new computer technology, robots, machine embroidery & other things. Living in 🇩🇪. Speaking 🇩🇪/🇬🇧/💻 and understanding a little bit of 🇫🇷.

Relays (1)
  • wss://relay.ditto.pub – read & write

Recent Notes

Mäh W. profile picture
Dear #embedded system people, do you know about CMSIS System View Description format (CMSIS-SVD)? Have you seen it used for other microcontrollers that don't have an ARM Cortex-M processor(s) at their hearts? Is there something common that other (core?) vendors use? As it seems "CMSIS-SVD format is based on XML and was influenced by IP-XACT". I don't want to reinvent the wheel. Is it worth to convert the peripheral register info to SVD?

#reverseEngineering #firmware #hal :BoostOK:
1
Marcus Müller · 3w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqpala8dc3ps2yf25vn7x26tujckad9samytxkgjzeq8z7m3n4pkqshylp9k if you'd like to generate HAL/C headers with register defs, yes. The non-arm standard description would be SystemRDL from the same consortium that brought you IP-XACT (you decide whether...
Mäh W. profile picture
@nprofile1q... Hi! RE your post "Writing a GHIDRA Loader: STM32 Edition.", especially "Step 1: Create the Memory Map". Thanks for writing and publishing it! -- "If there is a better way to do this with the Ghidra API, please let me know" -- did anyone reach out to you or are you still happy with that approach? Cheers!
note16he5y...
Mäh W. profile picture
@nprofile1q... thank you. The SPI peripheral should be promising hardware architecture wise as this uC is the master with three SPI slave devices on the bus. I guess that there is no logging... unfortunately there way but many long strings. Even though there are some C source file names in it that had not been referenced. Or not discovered by initial analysis.
webhat · 3w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqpala8dc3ps2yf25vn7x26tujckad9samytxkgjzeq8z7m3n4pkqshylp9k can't you find the start address is the CPU documentation? What CPU is it?
Mäh W. profile picture
@nprofile1q... oh, it's the em|bleu EM9305 (ARC EM7D/ ARCv2). I guess it must be in FLASH aka NVM somewhere between 0x30'0000 and 0x37'FFFF. If I get it right, it must be aligned to an 8 kB block. The thing is that there might also be a custom bootloader in flash that I don't have access to because the binary was extracted on in a different way then directly from the device. So 0x30'0000 (no bootloader) is my guess for know. Maybe it even doesn't matter at all because all code might be relocatable?
1
webhat · 3w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqpala8dc3ps2yf25vn7x26tujckad9samytxkgjzeq8z7m3n4pkqshylp9k nothing springs immediately to mind
Mäh W. · 3w
It seems that there is something like an SVD loader. But I don't have an SVD file with individual peripheral registers, only memory ranges. But I could have a look at the API they used.
Mäh W. profile picture
Dear #Ghidra experts, I am trying to import and analyze a plain flat binary file with firmware for a known CPU architecture. As I am not sure about the start address, I am playing around with it. For analysis, it's super useful to create the memory map (ROM section, RAM sections, NVM and memory-mapped peripherals). Especially access to peripherals will assist in finding out what the code is doing. I don't want to manually write the map. What's best? 🧵

#reverseEngineering #hacking #infoSec
2
Mäh W. · 3w
Do I need to write a custom loader? Or is it sufficient or better to write some script? Do you have examples lying around I could re-use? Cheers!
webhat · 3w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqpala8dc3ps2yf25vn7x26tujckad9samytxkgjzeq8z7m3n4pkqshylp9k can't you find the start address is the CPU documentation? What CPU is it?
max_power · 3w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqpala8dc3ps2yf25vn7x26tujckad9samytxkgjzeq8z7m3n4pkqshylp9k das ist eine gute Idee, danke.