├── AUTHORS ├── LICENSE ├── README.md ├── TODO ├── scripts ├── dbgupload.py ├── gdbproxy.py ├── hboot.py ├── hbootdbg.py └── unhexlify.py └── src ├── Makefile ├── common └── hbootdbg.h ├── devices └── vision_0.85.0015 │ ├── hbootdbg.elf.ld │ └── preloader.elf.ld ├── hbootdbg ├── base64.c ├── base64.h ├── cpu.c ├── cpu.h ├── darm │ ├── LICENSE.txt │ ├── README.md │ ├── armv7-tbl.c │ ├── armv7-tbl.h │ ├── armv7.c │ ├── darm-internal.h │ ├── darm-tbl.c │ ├── darm-tbl.h │ ├── darm.c │ └── darm.h ├── dbg.c ├── dbg.h ├── hbootdbg.c ├── hbootlib.c ├── hbootlib.h ├── int.c ├── int.h ├── mmu.c ├── mmu.h ├── reloc.c └── reloc.h └── preloader ├── asm.h ├── entrypoint.c ├── entrypoint.h ├── hboot.h ├── preloader.c └── preloader.h /AUTHORS: -------------------------------------------------------------------------------- 1 | Cédric Halbronn 2 | Nicolas Hureau 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013, Sogeti ESEC Lab 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, this 11 | list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | * Neither the name of the {organization} nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # hbootdbg 2 | 3 | Debugger for HTC phones bootloader (HBOOT). 4 | 5 | ## Disclaimer 6 | 7 | Currently only supports HTC Desire Z with HBOOT 0.85.0015. 8 | 9 | ## License 10 | 11 | hbootdbg is released under the **BSD 3-Clause License**. 12 | 13 | ## Acknowledgements 14 | 15 | * Jurriaan Bremer (@skier_t) for DARM disassembler (http://darm.re/) 16 | * Guillaume Delugré for qcombbdbg (https://code.google.com/p/qcombbdbg/) 17 | * Chris Venter for libb64 (http://libb64.sourceforge.net) 18 | 19 | ## Quick use guide 20 | 21 | Enter fastboot mode in HBOOT. 22 | 23 | ```bash 24 | ~/hbootdbg $ cd src 25 | ~/hbootdbg/src $ make 26 | [...] 27 | ~/hbootdbg $ cd ../scripts 28 | ~/hbootdbg/scripts $ sudo modprobe -r usbserial && sudo modprobe usbserial vendor=0x0BB4 product=0x0fff 29 | ~/hbootdbg/scripts $ ./dbgupload.py 30 | [...] 31 | ~/hbootdbg/scripts $ ./hbootdbg.py -f 32 | hbootdbg> attach 33 | hbootdbg> break 34 | b'' 35 | hbootdbg> get_registers 36 | b'd301002002000000000000000000020000000000d82b098dbc2b098d01000000d82b098d2cce078d0d0a0d0a18ce078d0b0b0b0b10000000a4b81f8db494058dd4260e8d' 37 | hbootdbg> read 0 4 38 | b'120000ea' 39 | hbootdbg> continue 40 | hbootdbg> detach 41 | hbootdbg> ^C 42 | ~/hbootdbg/scripts $ ./gdbproxy.py -f -r & &> /dev/null 43 | ~/hbootdbg/scripts $ arm-none-eabi-gdb 44 | [...] 45 | (gdb) target remote :1234 46 | Remote debugging using :1234 47 | 0x8d0e26d4 in ?? () 48 | (gdb) i r 49 | r0 0x2 2 50 | r1 0x0 0 51 | r2 0x20000 131072 52 | r3 0x0 0 53 | r4 0x8d092bd8 2366188504 54 | r5 0x8d092bbc 2366188476 55 | r6 0x1 1 56 | r7 0x8d092bd8 2366188504 57 | r8 0x8d07ce2c 2366098988 58 | r9 0xa0d0a0d 168626701 59 | r10 0x8d07ce18 2366098968 60 | r11 0x8d05e8c0 2365974720 61 | r12 0x10 16 62 | sp 0x8d1fb8a4 0x8d1fb8a4 63 | lr 0x8d0594b4 2365953204 64 | pc 0x8d0e26d4 0x8d0e26d4 65 | cpsr 0x200001d3 536871379 66 | ``` 67 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | - Handle every relocation for breakpoints 2 | - Delete preloader step 3 | - Add other devices (HTC One, ...) 4 | -------------------------------------------------------------------------------- /scripts/dbgupload.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python3 2 | 3 | # This file is part of hbootdbg. 4 | # Copyright (c) 2013, Cedric Halbronn 5 | # Copyright (c) 2013, Nicolas Hureau 6 | # All right reserved. 7 | # 8 | # Redistribution and use in source and binary forms, with or without modification, 9 | # are permitted provided that the following conditions are met: 10 | # 11 | # * Redistributions of source code must retain the above copyright notice, this 12 | # list of conditions and the following disclaimer. 13 | # 14 | # * Redistributions in binary form must reproduce the above copyright notice, this 15 | # list of conditions and the following disclaimer in the documentation and/or 16 | # other materials provided with the distribution. 17 | # 18 | # * Neither the name of the {organization} nor the names of its 19 | # contributors may be used to endorse or promote products derived from 20 | # this software without specific prior written permission. 21 | # 22 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 23 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 24 | # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 26 | # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27 | # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 29 | # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 | # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 | 33 | import argparse 34 | import binascii 35 | import os 36 | import struct 37 | import sys 38 | import time 39 | from hboot import HbootClient 40 | 41 | PRELOADER_PATH = '../src' 42 | DEBUGGER_PATH = '../src' 43 | 44 | TTY='/dev/ttyUSB0' 45 | 46 | ## 47 | # Preloader commands 48 | ## 49 | 50 | READ_MEM = 7 51 | WRITE_MEM = 8 52 | 53 | ## 54 | # Supported firmware revisions. 55 | ## 56 | 57 | # cmd_hook: address of function to hook 58 | # preload_addr: where the preloader is uploaded (device specific) 59 | DEVICE_OFFSETS = { 60 | 'vision_0.85.0005' : { 61 | 'fb_oem_hook' : 0x0, # FIXME 62 | 'hb_keytest_hook' : 0x0, # FIXME 63 | 'preloader' : 0x0, # FIXME 64 | 'payload' : 0x0, # FIXME 65 | }, 66 | 'vision_0.85.0015' : { 67 | 'fb_oem_hook' : 0x8D0020C8, 68 | 'hb_keytest_hook' : 0x8D010DF0, 69 | 'preloader' : 0x058D3000, 70 | 'payload' : 0x8D0E2000, # Where the debugger is uploaded 71 | }, 72 | 'saga_0.98.0002' : { 73 | 'fb_oem_hook' : 0x8D00236C, 74 | 'hb_keytest_hook' : 0x0, # FIXME 75 | 'preloader' : 0x069D3000, 76 | 'payload' : 0x0, # FIXME 77 | }, 78 | } 79 | 80 | def dbg_read_memory(fbc, addr, size): 81 | cmd = struct.pack('=BII', READ_MEM, addr, size) 82 | data = fbc.preloader(cmd) 83 | return data 84 | 85 | def dbg_write_memory(fbc, dest, data): 86 | (res1, res2) = fbc.download_data(data) 87 | cmd = struct.pack('=BII', WRITE_MEM, dest, len(data)) 88 | data = fbc.preloader(cmd) 89 | return data 90 | 91 | def step(msg, step_function, *args, out=sys.stderr, continue_on_fail=False): 92 | out.write('[*] %s' % msg) 93 | out.flush() 94 | 95 | (success, error_msg) = step_function(*args); 96 | if success: 97 | out.write('\r[+] %s: %s\n' % (msg, error_msg)) 98 | else: 99 | out.write('\r[!] %s: %s\n' % (msg, error_msg)) 100 | 101 | out.flush() 102 | 103 | if not success and not continue_on_fail: 104 | sys.exit(1) 105 | 106 | ## 107 | # Get HBOOT version 108 | ## 109 | 110 | def get_hboot_version(fbc): 111 | global offsets 112 | 113 | (res1, version0) = fbc.getvar('version-bootloader') 114 | (res2, product) = fbc.getvar('product') 115 | 116 | version='%s_%s' % (product.decode(), version0.decode()) 117 | 118 | if res1 != b'OKAY' or res2 != b'OKAY': 119 | return (False, 'Unknown device revision %s, aborting' % version) 120 | 121 | offsets = DEVICE_OFFSETS[version] 122 | 123 | return (True, version) 124 | 125 | ## 126 | # Copy preloader stub 127 | ## 128 | 129 | def copy_preloader(fbc): 130 | (res1,res2) = fbc.download('%s/preloader.bin' % PRELOADER_PATH) 131 | return (True, 'OK') 132 | 133 | ## 134 | # Trigger revolutionary exploit 135 | ## 136 | 137 | def trigger_exploit(fbc): 138 | (res, version_main) = fbc.getvar('version-main') 139 | return (True, 'OK') 140 | 141 | ## 142 | # Check if exploit successful 143 | ## 144 | 145 | def check_exploit_result(fbc): 146 | (res, version0) = fbc.getvar('version-bootloader') 147 | return (version0 == b'HACK', version0.decode()) 148 | 149 | ## 150 | # We can now use the preloader function to inject the real payload faster. 151 | ## 152 | 153 | def copy_hbootdbg(fbc): 154 | data = b'' 155 | with open('%s/hbootdbg.bin' % DEBUGGER_PATH, 'br') as f: 156 | data = dbg_write_memory(fbc, offsets['payload'], f.read()) 157 | return (True, 'OK') 158 | 159 | ## 160 | # Patch fastboot oem and hboot keytest to point at final payload 161 | ## 162 | 163 | # patch: 164 | # 10 40 2D E9 STMFD SP!, {R4,LR} 165 | # 0F E0 A0 E1 MOV LR, PC 166 | # 00 F0 1F E5 LDR PC, =0x8D0E2000 167 | # 10 80 BD E8 LDMFD SP!, {R4,PC} 168 | # 00 00 0E 8D DCD 0x8D0E2000 169 | 170 | def patch_cmds(fbc): 171 | global offsets 172 | 173 | patch = b'\x10\x40\x2D\xE9' 174 | patch += b'\x0F\xE0\xA0\xE1' 175 | patch += b'\x00\xF0\x1F\xE5' 176 | patch += b'\x10\x80\xBD\xE8' 177 | patch += struct.pack('I', offsets['payload']) 178 | 179 | data = dbg_write_memory(fbc, offsets['hb_keytest_hook'], patch) 180 | data = dbg_write_memory(fbc, offsets['fb_oem_hook'], patch) 181 | 182 | return (True, 'OK') 183 | 184 | if __name__ == '__main__': 185 | fbc = None 186 | 187 | parser = argparse.ArgumentParser() 188 | parser.add_argument('-d', '--debug', action='store_true') 189 | args = parser.parse_args() 190 | 191 | def connect_to_device(args): 192 | global fbc 193 | not_connected = True 194 | while not_connected: 195 | try: 196 | fbc = HbootClient(debug=args.debug) 197 | not_connected = False 198 | except Exception as e: 199 | time.sleep(1) 200 | 201 | return (True, 'OK') 202 | 203 | step('Wait for device', connect_to_device, args) 204 | step('Get HBOOT version', get_hboot_version, fbc) 205 | step('Copy preloader', copy_preloader, fbc) 206 | step('Trigger Revolutionary exploit', trigger_exploit, fbc) 207 | step('Get HBOOT version', check_exploit_result, fbc) 208 | step('Copy hbootdbg', copy_hbootdbg, fbc) 209 | step('Patch fastboot oem and hboot keytest commands', patch_cmds, fbc) 210 | 211 | fbc.close() 212 | -------------------------------------------------------------------------------- /scripts/gdbproxy.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python3 2 | 3 | # This file is part of hbootdbg. 4 | # Copyright (c) 2013, Cedric Halbronn 5 | # Copyright (c) 2013, Nicolas Hureau 6 | # Copyright (c) 2013, Pierre-Marie de Rodat 7 | # All right reserved. 8 | # 9 | # Redistribution and use in source and binary forms, with or without modification, 10 | # are permitted provided that the following conditions are met: 11 | # 12 | # * Redistributions of source code must retain the above copyright notice, this 13 | # list of conditions and the following disclaimer. 14 | # 15 | # * Redistributions in binary form must reproduce the above copyright notice, this 16 | # list of conditions and the following disclaimer in the documentation and/or 17 | # other materials provided with the distribution. 18 | # 19 | # * Neither the name of the {organization} nor the names of its 20 | # contributors may be used to endorse or promote products derived from 21 | # this software without specific prior written permission. 22 | # 23 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 24 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 25 | # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 26 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 27 | # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 30 | # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 32 | # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 | 34 | import argparse 35 | import binascii 36 | import hbootdbg 37 | import re 38 | import serial 39 | import socket 40 | import struct 41 | import sys 42 | import time 43 | 44 | class PatternDispatcher: 45 | ''' Call handlers according to regular expression matching ''' 46 | 47 | def __init__(self): 48 | self.handlers = [] 49 | self.owner = None 50 | 51 | def register(self, regexp, handler): 52 | self.handlers.append(( 53 | re.compile(regexp), 54 | handler 55 | )) 56 | 57 | def registered(self, regexp): 58 | def decorator(func): 59 | self.register(regexp, func) 60 | return func 61 | return decorator 62 | 63 | def __get__(self, instance, owner): 64 | self.owner = instance 65 | return self 66 | 67 | def dispatch(self, command, *data_list): 68 | for cmd_regexp, handler in reversed(self.handlers): 69 | match = cmd_regexp.match(command) 70 | if match: 71 | return handler(self.owner, match, *data_list) 72 | return None 73 | 74 | class TCPServer: 75 | ''' Class to listen to GDB using TCP as a medium ''' 76 | 77 | def __init__(self, addr='127.0.0.1', port=1234): 78 | self._addr = addr 79 | self._port = port 80 | self._s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 81 | self._s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 82 | 83 | def start(self): 84 | self._s.bind((self._addr, self._port)) 85 | self._s.listen(1) 86 | self._conn, self._client_addr = self._s.accept() 87 | 88 | def stop(self): 89 | self._conn.close() 90 | 91 | def recv(self, size): 92 | return self._conn.recv(size) 93 | 94 | def send(self, bytes): 95 | self._conn.send(bytes) 96 | 97 | class SerialServer: 98 | ''' Class to listen to GDB using serial as a medium ''' 99 | 100 | def __init__(self, tty='/dev/ttyUSB0', speed=9600, timeout=1): 101 | self._s = serial.Serial(tty, speed, timeout, port=None) 102 | 103 | def start(self): 104 | self._s.open() 105 | 106 | def stop(self): 107 | self._s.close() 108 | 109 | def recv(self, size): 110 | data = self._s.read(1) 111 | n = self._s.inWaiting() 112 | if size > 1 and n > 0: 113 | data += self._s.read(min(size, n)) 114 | return data 115 | 116 | def send(self, bytes): 117 | self._s.write(bytes) 118 | 119 | class ARMRegisters: 120 | ''' ARM registers storage, packing and unpacking facility ''' 121 | 122 | def __init__(self): 123 | self._cpsr = 0 124 | self._gpr = [0 for _ in range(16)] 125 | self._fpr = [0 for _ in range(8)] 126 | 127 | def __getitem__(self, i): 128 | if i >= 0 and i <= 15: 129 | return self._gpr[i] 130 | elif i >= 16 and i <= 23: 131 | return self._fpr[i] 132 | elif i == 25: 133 | return self._cpsr 134 | else: 135 | raise ValueError 136 | 137 | def cpsr(self): 138 | return self._cpsr 139 | 140 | def unpack(self, data): 141 | self._cpsr = struct.unpack_from('>I', data, offset=0)[0] 142 | for i in range(len(self._gpr)): 143 | self._gpr[i] = struct.unpack_from("I', struct.pack('I', struct.pack('I', struct.pack(' Unhandled packet') 282 | self.send(b'') 283 | 284 | elif packet_type == b'+': 285 | pass 286 | elif packet_type == b'-': 287 | self.debug('Host received a corrupted packet') 288 | elif packet_type == b'\x03': 289 | self.debug('Host sent interruption') 290 | else: 291 | self.debug('Received invalid packet type: {}'.format(packet_type)) 292 | self._server.stop() 293 | 294 | @DISPATCHER.registered(b'^qSupported$') 295 | def handle_qsupported(self, cmd_match, *data_list): 296 | features = [ 297 | b'PacketSize=1024' 298 | ] 299 | self.send(*features) 300 | return True 301 | 302 | @DISPATCHER.registered(b'^qAttached$') 303 | def handle_qattached(self, cmd_match, *data_list): 304 | self.send(b'1') 305 | return True 306 | 307 | @DISPATCHER.registered(b'^qC$') 308 | def handle_q_current_thread(self, cmd_match, *data_list): 309 | self.send(b'QC0') 310 | return True 311 | 312 | @DISPATCHER.registered(b'^H(m|M|g|G|c|C)(-?\d+)$') 313 | def handle_set_thread(self, cmd_match, *data_list): 314 | match = cmd_match.group(0) 315 | operation = cmd_match.group(1) 316 | thread_id = cmd_match.group(2) 317 | if operation == b'c': 318 | self.send(b'OK') 319 | else: 320 | self.send('') 321 | return True 322 | 323 | @DISPATCHER.registered(br'^\?$') 324 | def handle_get_stop_reason(self, cmd_match, *data_list): 325 | self.send(b'S05') 326 | return True 327 | 328 | @DISPATCHER.registered(b'^g$') 329 | def handle_get_registers(self, cmd_match, *data_list): 330 | self._r.unpack(self._dbg.get_registers().data) 331 | self.send(self._r.pack_gdb()) 332 | return True 333 | 334 | @DISPATCHER.registered(b'^p([0-9A-Fa-f]+)$') 335 | def handle_get_register(self, cmd_match, *data_list): 336 | reg_nbr = int(cmd_match.group(1), 16) 337 | self.send('{:08x}'.format(self._r[reg_nbr]).encode()) 338 | return True 339 | 340 | @DISPATCHER.registered(b'^c$') 341 | def handle_continue(self, cmd_match, *data_list): 342 | self._dbg.breakpoint_continue() 343 | while self._dbg.get_registers().error == hbootdbg.ERROR_NO_BREAKPOINT: 344 | time.sleep(0.1) 345 | self.send(b'S05') 346 | return True 347 | 348 | @DISPATCHER.registered(b'^s$') 349 | def handle_step(self, cmd_match, *data_list): 350 | break_pc = self._r[15] + 4 351 | print(' => INSERT BP: {:08x}'.format(break_pc)) 352 | self._dbg.insert_breakpoint(break_pc) 353 | self._dbg.breakpoint_continue() 354 | while self._dbg.get_registers().error == hbootdbg.ERROR_NO_BREAKPOINT: 355 | time.sleep(0.05) 356 | print(' => DELETE BP: {:08x}'.format(break_pc)) 357 | self._dbg.remove_breakpoint(break_pc) 358 | self.send(b'S05') 359 | return True 360 | 361 | @DISPATCHER.registered(b'^m([0-9A-Fa-f]+)$') 362 | def handle_read_memory(self, cmd_match, *data_list): 363 | address = int(cmd_match.group(1), 16) 364 | size = int(data_list[0], 16) 365 | data = self._dbg.read(address, size).data 366 | self.send(binascii.hexlify(data)) 367 | return True 368 | 369 | @DISPATCHER.registered(b'^M([0-9A-Fa-f]+)$') 370 | def handle_write_memory(self, cmd_match, *data_list): 371 | address = int(cmd_match.group(1), 16) 372 | size = int(data_list[0], 16) 373 | data = int(data_list[1], 16) 374 | res = self._dbg.write(address, size, data).data 375 | self.send(binascii.hexlify(res)) 376 | return True 377 | 378 | @DISPATCHER.registered(b'^Z0$') 379 | def handle_insert_breakpoint(self, cmd_match, *data_list): 380 | address = int(data_list[0], 16) 381 | type = int(data_list[1]) 382 | self._dbg.insert_breakpoint(address) 383 | self.send(b'OK') 384 | return True 385 | 386 | @DISPATCHER.registered(b'^z0$') 387 | def handle_remove_breakpoint(self, cmd_match, *data_list): 388 | address = int(data_list[0], 16) 389 | type = int(data_list[1]) 390 | self._dbg.remove_breakpoint(address) 391 | self.send(b'OK') 392 | return True 393 | 394 | @DISPATCHER.registered(b'^D$') 395 | def handle_detach(self, cmd_match, *data_list): 396 | #self._dbg.breakpoint_continue() 397 | self._dbg.detach() 398 | return True 399 | 400 | if __name__ == '__main__': 401 | parser = argparse.ArgumentParser() 402 | parser.add_argument('-l', '--listen', type=str, default='127.0.0.1') 403 | parser.add_argument('-p', '--port', type=int, default=1234) 404 | parser.add_argument('-r', '--first-run', action='store_true') 405 | parser.add_argument('-f', '--fastboot-mode', action='store_true') 406 | parser.add_argument('-d', '--debug', action='store_true') 407 | args = parser.parse_args() 408 | 409 | server = TCPServer(args.listen, args.port) 410 | proxy = GDBServer(server, 411 | first_run=args.first_run, 412 | fastboot_mode=args.fastboot_mode, 413 | debug=args.debug) 414 | 415 | try: 416 | proxy.run() 417 | except KeyboardInterrupt as e: 418 | pass 419 | -------------------------------------------------------------------------------- /scripts/hboot.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python3 2 | 3 | # This file is part of hbootdbg. 4 | # Copyright (c) 2013, Cedric Halbronn 5 | # Copyright (c) 2013, Nicolas Hureau 6 | # All right reserved. 7 | # 8 | # Redistribution and use in source and binary forms, with or without modification, 9 | # are permitted provided that the following conditions are met: 10 | # 11 | # * Redistributions of source code must retain the above copyright notice, this 12 | # list of conditions and the following disclaimer. 13 | # 14 | # * Redistributions in binary form must reproduce the above copyright notice, this 15 | # list of conditions and the following disclaimer in the documentation and/or 16 | # other materials provided with the distribution. 17 | # 18 | # * Neither the name of the {organization} nor the names of its 19 | # contributors may be used to endorse or promote products derived from 20 | # this software without specific prior written permission. 21 | # 22 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 23 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 24 | # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 26 | # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27 | # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 29 | # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 | # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 | 33 | import binascii 34 | import sys 35 | import time 36 | from serial import Serial 37 | 38 | class SerialClient: 39 | def __init__(self, tty='/dev/ttyUSB0', blocking_io=True): 40 | self._s = Serial(tty, 9600, timeout=0.1) 41 | self._blocking_io = blocking_io 42 | 43 | def close(self): 44 | self._s.close() 45 | 46 | def read(self, size): 47 | if self._blocking_io: 48 | data = self._s.read(size) 49 | else: 50 | data = self._s.read(1) 51 | n = self._s.inWaiting() 52 | if size > 1 and n > 0: 53 | data += self._s.read(min(size, n)) 54 | return data 55 | 56 | def write(self, data): 57 | self._s.write(data) 58 | 59 | class HbootClient(SerialClient): 60 | def __init__(self, tty='/dev/ttyUSB0', 61 | blocking_io=True, 62 | fastboot_mode=True, 63 | debug=False): 64 | super().__init__(tty, blocking_io) 65 | self._fastboot_mode = fastboot_mode 66 | self._debug = debug 67 | 68 | def raw(self, data): 69 | self.write(data) 70 | return self.read(1024) 71 | 72 | def getvar(self, var): 73 | var = var.encode() 74 | self.write(b'getvar:' + var) 75 | data = self.read(1000) 76 | return (data[:4], data[4:]) 77 | 78 | def hbootdbg(self, cmd): 79 | if self._debug: 80 | print(b'plain: ' + cmd) 81 | cmd = binascii.b2a_base64(cmd)[:-1] 82 | if self._fastboot_mode: 83 | self.write(b'oem ' + cmd) 84 | else: 85 | self.write(b'keytest ' + cmd + b'\n') 86 | if self._debug: 87 | print(b'send: ' + cmd) 88 | data = b'' 89 | while True: 90 | tmp = self.read(1024) 91 | if not tmp: 92 | break 93 | data += tmp 94 | if self._debug: 95 | print(b'recv: ' + data) 96 | if not self._fastboot_mode: 97 | # In hboot mode, command is echoed by the phone and it also adds the 98 | # hboot prompt at the end of the response. But we have to be careful 99 | # when entering a breakpoint, these additions are not there anymore, 100 | # we receive the raw responses 101 | data = data.split(b'\r\n') 102 | data = b'\r\n'.join( 103 | data[1 if data[0].startswith(b'keytest') else None: 104 | -1 if data[-1].endswith(b'hboot>') else None]) 105 | if self._debug: 106 | print(b'stripped: ' + data) 107 | return data 108 | 109 | def preloader(self, cmd): 110 | if self._fastboot_mode: 111 | self.write(b'oem ' + cmd) 112 | else: 113 | self.write(b'keytest ' + cmd) 114 | if self._debug: 115 | print(cmd) 116 | data = b'' 117 | while True: 118 | tmp = self.read(1024) 119 | if not tmp: 120 | break 121 | data += tmp 122 | if self._debug: 123 | print(data) 124 | return data 125 | 126 | def download(self,filename): 127 | data = open(filename, 'rb').read() 128 | return self.download_data(data) 129 | 130 | def download_data(self, data): 131 | len_str = '%08x' % len(data) 132 | self.write(b'download:' + len_str.encode()) 133 | self.write(data) 134 | data = self.read(1000) 135 | return (data[:4], data[4:]) 136 | 137 | def debug(self): 138 | print('DEBUG: ' + self.read(1000)) 139 | 140 | if __name__ == '__main__': 141 | s = SerialClient() 142 | while True: 143 | cmd = input('> ') 144 | s.write(cmd.encode() + b'\n') 145 | answer = s.read(1024).decode() 146 | print('{}'.format(answer)) 147 | -------------------------------------------------------------------------------- /scripts/hbootdbg.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python3 2 | 3 | # This file is part of hbootdbg. 4 | # Copyright (c) 2013, Cedric Halbronn 5 | # Copyright (c) 2013, Nicolas Hureau 6 | # All right reserved. 7 | # 8 | # Redistribution and use in source and binary forms, with or without modification, 9 | # are permitted provided that the following conditions are met: 10 | # 11 | # * Redistributions of source code must retain the above copyright notice, this 12 | # list of conditions and the following disclaimer. 13 | # 14 | # * Redistributions in binary form must reproduce the above copyright notice, this 15 | # list of conditions and the following disclaimer in the documentation and/or 16 | # other materials provided with the distribution. 17 | # 18 | # * Neither the name of the {organization} nor the names of its 19 | # contributors may be used to endorse or promote products derived from 20 | # this software without specific prior written permission. 21 | # 22 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 23 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 24 | # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 26 | # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27 | # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 29 | # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 | # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 | 33 | import argparse 34 | import binascii 35 | import os 36 | import struct 37 | import sys 38 | import time 39 | from hboot import HbootClient 40 | 41 | ## 42 | # Commands 43 | ## 44 | 45 | COMMAND = { 46 | 'undefined' : 0, 47 | 'attach' : 1, 48 | 'detach' : 2, 49 | 'read' : 3, 50 | 'write' : 4, 51 | 'insert_breakpoint' : 5, 52 | 'remove_breakpoint' : 6, 53 | 'breakpoint_continue' : 7, 54 | 'get_registers' : 8, 55 | 56 | # Debug 57 | 'call' : 50, 58 | 'fastboot_reboot' : 51, 59 | 'breakpoint' : 55, 60 | 'flashlight' : 80, 61 | } 62 | 63 | ## 64 | # Errors 65 | ## 66 | 67 | ERROR_SUCCESS = 0 68 | ERROR_UNKNOWN_CMD = 1 69 | ERROR_MALFORMED_CMD = 2 70 | ERROR_INVALID_MEMORY_ACCESS = 3 71 | ERROR_BREAKPOINT_ALREADY_EXISTS = 4 72 | ERROR_NO_BREAKPOINT = 5 73 | ERROR_NO_MEMORY_AVAILABLE = 6 74 | ERROR_UNMAPPED_MEMORY = 7 75 | 76 | ERROR = { 77 | ERROR_SUCCESS : 'SUCCESS', 78 | ERROR_UNKNOWN_CMD : 'UNKNOWN_CMD', 79 | ERROR_MALFORMED_CMD : 'MALFORMED_CMD', 80 | ERROR_INVALID_MEMORY_ACCESS : 'INVALID_MEMORY_ACCESS', 81 | ERROR_BREAKPOINT_ALREADY_EXISTS : 'BREAKPOINT_ALREADY_EXISTS', 82 | ERROR_NO_BREAKPOINT : 'NO_BREAKPOINT', 83 | ERROR_NO_MEMORY_AVAILABLE : 'NO_MEMORY_AVAILABLE', 84 | ERROR_UNMAPPED_MEMORY : 'UNMAPPED_MEMORY', 85 | } 86 | 87 | ## 88 | # Breakpoints 89 | ## 90 | 91 | BREAKPOINT_NORMAL = 0 92 | BREAKPOINT_TRACE = 1 93 | 94 | BREAKPOINT = { 95 | BREAKPOINT_NORMAL : 'BREAKPOINT_NORMAL', 96 | BREAKPOINT_TRACE : 'BREAKPOINT_TRACE', 97 | } 98 | 99 | ## 100 | # Commands packing/unpacking 101 | ## 102 | 103 | class Command: 104 | def __init__(self, 105 | type = COMMAND['undefined'], 106 | error = 0, 107 | address = 0, 108 | size = 0, 109 | breakpoint_type = 0, 110 | data = None, 111 | args = (0, 0, 0, 0), 112 | time_ = 0): 113 | self.type = type 114 | self.error = error 115 | self.address = address 116 | self.size = size 117 | self.breakpoint_type = breakpoint_type 118 | self.data = data 119 | self.args = args 120 | self.time_ = time_ 121 | 122 | def pack(self): 123 | packed = struct.pack('B', self.type) 124 | packed += struct.pack('B', self.error) 125 | 126 | if self.type == COMMAND['read']: 127 | packed += struct.pack('I', self.address) 128 | packed += struct.pack('I', self.size) 129 | 130 | elif self.type == COMMAND['write']: 131 | packed += struct.pack('I', self.address) 132 | packed += struct.pack('I', self.size) 133 | # XXX: Can only write 4 bytes at a time 134 | packed += struct.pack('>I', self.data) 135 | 136 | elif self.type == COMMAND['insert_breakpoint']: 137 | packed += struct.pack('I', self.address) 138 | packed += struct.pack('I', self.breakpoint_type) 139 | 140 | elif self.type == COMMAND['remove_breakpoint']: 141 | packed += struct.pack('I', self.address) 142 | packed += struct.pack('I', self.breakpoint_type) 143 | 144 | elif self.type == COMMAND['call']: 145 | packed += struct.pack('I', self.address) 146 | packed += struct.pack('I', self.args[0]) 147 | packed += struct.pack('I', self.args[1]) 148 | packed += struct.pack('I', self.args[2]) 149 | packed += struct.pack('I', self.args[3]) 150 | 151 | elif self.type == COMMAND['flashlight']: 152 | packed += struct.pack('I', self.time_) 153 | 154 | return packed 155 | 156 | def unpack(self, packed): 157 | self.type = struct.unpack_from('B', packed, offset=0)[0] 158 | self.error = struct.unpack_from('B', packed, offset=1)[0] 159 | 160 | if self.type == COMMAND['read']: 161 | self.data = packed[2:] 162 | 163 | if self.type == COMMAND['write']: 164 | self.data = packed[2:] 165 | 166 | if self.type == COMMAND['breakpoint']: 167 | self.data = packed[2:] 168 | 169 | if self.type == COMMAND['get_registers']: 170 | self.data = packed[2:] 171 | 172 | return self 173 | 174 | ## 175 | # HbootDbg interface 176 | ## 177 | 178 | class HbootDbg: 179 | 180 | def __init__(self, tty='/dev/ttyUSB0', 181 | fastboot_mode=True, 182 | debug=False): 183 | not_connected = True 184 | sys.stderr.write("Waiting for device...") 185 | sys.stderr.flush() 186 | while not_connected: 187 | try: 188 | self._client = HbootClient(tty, 189 | blocking_io=False, 190 | fastboot_mode=fastboot_mode, 191 | debug=debug 192 | ) 193 | not_connected = False 194 | except Exception as e: 195 | time.sleep(1) 196 | sys.stderr.write("\r \r") 197 | 198 | def attach(self): 199 | cmd = Command(COMMAND['attach']) 200 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 201 | 202 | def detach(self): 203 | cmd = Command(COMMAND['detach']) 204 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 205 | 206 | def read(self, address, size): 207 | cmd = Command(COMMAND['read'], 208 | address=address, 209 | size=size) 210 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 211 | 212 | def write(self, address, size, data): 213 | cmd = Command(COMMAND['write'], 214 | address=address, 215 | size=size, 216 | data=data) 217 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 218 | 219 | def insert_breakpoint(self, address, type=BREAKPOINT_NORMAL): 220 | cmd = Command(COMMAND['insert_breakpoint'], 221 | address=address, breakpoint_type=type) 222 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 223 | 224 | def remove_breakpoint(self, address, type=BREAKPOINT_NORMAL): 225 | cmd = Command(COMMAND['remove_breakpoint'], 226 | address=address, breakpoint_type=type) 227 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 228 | 229 | def breakpoint_continue(self): 230 | cmd = Command(COMMAND['breakpoint_continue']) 231 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 232 | 233 | def get_registers(self): 234 | cmd = Command(COMMAND['get_registers']) 235 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 236 | 237 | def call(self, address, args = (0, 0, 0, 0)): 238 | cmd = Command(COMMAND['call'], 239 | address=address, 240 | args=args) 241 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 242 | 243 | def breakpoint(self): 244 | cmd = Command(COMMAND['breakpoint']) 245 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 246 | 247 | def flashlight(self, time_): 248 | cmd = Command(COMMAND['flashlight'], time_) 249 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 250 | 251 | def fastboot_reboot(self): 252 | cmd = Command(COMMAND['fastboot_reboot']) 253 | return Command().unpack(self._client.hbootdbg(cmd.pack())) 254 | 255 | def raw(self, data): 256 | return self._client.hbootdbg(data.to_bytes(4, sys.byteorder)) 257 | 258 | def console(self): 259 | while True: 260 | cmd = input('hbootdbg> ').split() 261 | 262 | if cmd[0] not in CONSOLE_COMMAND: 263 | print('Unknown command %s' % cmd[0]) 264 | continue 265 | 266 | if len(cmd) != CONSOLE_COMMAND[cmd[0]].nb_args + 1: 267 | print('Usage: %s' % CONSOLE_COMMAND[cmd[0]].usage) 268 | continue 269 | 270 | args = tuple([int(arg, 16) for arg in cmd[1:]]) 271 | response = CONSOLE_COMMAND[cmd[0]].func(self, *args) 272 | 273 | if response.error != ERROR_SUCCESS: 274 | print(ERROR[response.error]) 275 | 276 | if isinstance(response, Command) and response.data != None: 277 | print(binascii.hexlify(response.data)) 278 | elif not isinstance(response, Command): 279 | print(binascii.hexlify(response)) 280 | 281 | ## 282 | # Console 283 | ## 284 | 285 | class ConsoleCommandHelper: 286 | def __init__(self, nb_args, usage, func): 287 | self.nb_args = nb_args 288 | self.usage = usage 289 | self.func = func 290 | 291 | CONSOLE_COMMAND = { 292 | 'undefined' : ConsoleCommandHelper(0, 'undefined', None), 293 | 'attach' : ConsoleCommandHelper(0, 'attach', HbootDbg.attach), 294 | 'detach' : ConsoleCommandHelper(0, 'detach', HbootDbg.detach), 295 | 'read' : ConsoleCommandHelper(2, 'read addr size', HbootDbg.read), 296 | 'write' : ConsoleCommandHelper(3, 'write addr size data', HbootDbg.write), 297 | 'insert_breakpoint' : ConsoleCommandHelper(1, 'insert_breakpoint addr', HbootDbg.insert_breakpoint), 298 | 'remove_breakpoint' : ConsoleCommandHelper(1, 'remove_breakpoint addr', HbootDbg.remove_breakpoint), 299 | 'continue' : ConsoleCommandHelper(0, 'breakpoint_continue', HbootDbg.breakpoint_continue), 300 | 'get_registers' : ConsoleCommandHelper(0, 'get_registers', HbootDbg.get_registers), 301 | 302 | # Debug 303 | 'call' : ConsoleCommandHelper(4, 'call arg1 arg2 arg3 arg4', HbootDbg.call), 304 | 'break' : ConsoleCommandHelper(0, 'breakpoint', HbootDbg.breakpoint), 305 | 'light' : ConsoleCommandHelper(1, 'flashlight', HbootDbg.flashlight), 306 | 'reboot' : ConsoleCommandHelper(0, 'fastboot_reboot', HbootDbg.fastboot_reboot), 307 | 'raw' : ConsoleCommandHelper(1, 'raw', HbootDbg.raw), 308 | } 309 | 310 | def get_branch_instr(target, start_addr): 311 | return struct.pack('=I', 0xea000000 | \ 312 | (((target & 0x00ffffff) - (start_addr & 0x00ffffff) - 8) >> 2)) 313 | 314 | if __name__ == '__main__': 315 | parser = argparse.ArgumentParser() 316 | parser.add_argument('-f', '--fastboot-mode', action='store_true') 317 | parser.add_argument('-d', '--debug', action='store_true') 318 | args = parser.parse_args() 319 | 320 | dbg = HbootDbg(fastboot_mode=args.fastboot_mode, debug=args.debug) 321 | 322 | try: 323 | dbg.console() 324 | except KeyboardInterrupt as e: 325 | pass 326 | -------------------------------------------------------------------------------- /scripts/unhexlify.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python3 2 | 3 | # This file is part of hbootdbg. 4 | # Copyright (c) 2013, Cedric Halbronn 5 | # Copyright (c) 2013, Nicolas Hureau 6 | # All right reserved. 7 | # 8 | # Redistribution and use in source and binary forms, with or without modification, 9 | # are permitted provided that the following conditions are met: 10 | # 11 | # * Redistributions of source code must retain the above copyright notice, this 12 | # list of conditions and the following disclaimer. 13 | # 14 | # * Redistributions in binary form must reproduce the above copyright notice, this 15 | # list of conditions and the following disclaimer in the documentation and/or 16 | # other materials provided with the distribution. 17 | # 18 | # * Neither the name of the {organization} nor the names of its 19 | # contributors may be used to endorse or promote products derived from 20 | # this software without specific prior written permission. 21 | # 22 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 23 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 24 | # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 26 | # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27 | # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 29 | # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 | # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 | 33 | import binascii 34 | import sys 35 | 36 | BUFFER_SIZE = 4096 37 | 38 | def input_string(): 39 | buf = sys.stdin.read(BUFFER_SIZE) 40 | while buf != '': 41 | if len(buf) % 2 != 0 and buf[-1] == '\n': 42 | yield buf[:-1] 43 | else: 44 | yield buf 45 | buf = sys.stdin.read(BUFFER_SIZE) 46 | 47 | if __name__ == '__main__': 48 | for buf in input_string(): 49 | sys.stdout.buffer.write(binascii.unhexlify(buf)) 50 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | ### 2 | # Config 3 | ### 4 | 5 | PREFIX ?= arm-none-eabi- 6 | DEVICE ?= vision_0.85.0015 7 | 8 | CFLAGS += -std=gnu11 -Wall -Wextra -MMD -Os -nostdlib \ 9 | -mcpu=generic-armv7-a -fno-toplevel-reorder \ 10 | -include common/hbootdbg.h -g 11 | LDFLAGS += 12 | OBJCOPYFLAGS += -O binary -j .text -j .bss --set-section-flags \ 13 | .bss=alloc,load,contents 14 | 15 | CC = $(PREFIX)gcc 16 | LD = $(PREFIX)ld 17 | OBJCOPY = $(PREFIX)objcopy 18 | 19 | ### 20 | # Preloader 21 | ### 22 | 23 | PRELD = preloader 24 | PRELDSRC = $(PRELD)/entrypoint.c \ 25 | $(PRELD)/preloader.c 26 | PRELDOBJ = $(PRELDSRC:.c=.o) 27 | PRELDDEP = $(PRELDSRC:.c=.d) 28 | 29 | ### 30 | # Hbootdbg 31 | ### 32 | 33 | HBOOT = hbootdbg 34 | HBOOTSRC = $(HBOOT)/hbootdbg.c \ 35 | $(HBOOT)/base64.c \ 36 | $(HBOOT)/cpu.c \ 37 | $(HBOOT)/dbg.c \ 38 | $(HBOOT)/int.c \ 39 | $(HBOOT)/mmu.c \ 40 | $(HBOOT)/hbootlib.c \ 41 | $(HBOOT)/reloc.c \ 42 | $(HBOOT)/darm/armv7.c \ 43 | $(HBOOT)/darm/armv7-tbl.c \ 44 | $(HBOOT)/darm/darm.c \ 45 | $(HBOOT)/darm/darm-tbl.c 46 | HBOOTOBJ = $(HBOOTSRC:.c=.o) 47 | HBOOTDEP = $(HBOOTSRC:.c=.d) 48 | 49 | ### 50 | # Rules 51 | ### 52 | 53 | .PHONY: all clean 54 | 55 | all: $(PRELD).bin $(HBOOT).bin 56 | 57 | -include $(PRELDDEP) $(HBOOTDEP) 58 | 59 | %.bin: %.elf 60 | $(OBJCOPY) $(OBJCOPYFLAGS) $< $@ 61 | 62 | $(HBOOT).elf: $(HBOOTOBJ) 63 | $(LD) $(LDFLAGS) -T devices/$(DEVICE)/$@.ld $^ -o $@ 64 | 65 | $(PRELD).elf: $(PRELDOBJ) 66 | $(LD) $(LDFLAGS) -T devices/$(DEVICE)/$@.ld $^ -o $@ 67 | 68 | clean: 69 | rm -f $(PRELDDEP) $(PRELDOBJ) $(PRELD).elf 70 | rm -f $(HBOOTDEP) $(HBOOTOBJ) $(HBOOT).elf 71 | 72 | distclean: clean 73 | rm -f $(PRELD).bin 74 | rm -f $(HBOOT).bin 75 | -------------------------------------------------------------------------------- /src/common/hbootdbg.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** This file is part of hbootdbg. 3 | ** Copyright (C) 2013 Cedric Halbronn 4 | ** Copyright (C) 2013 Nicolas Hureau 5 | ** All rights reserved. 6 | ** 7 | ** Code greatly inspired by qcombbdbg. 8 | ** Copyright (C) 2012 Guillaume Delugré 9 | ** 10 | ** Redistribution and use in source and binary forms, with or without modification, 11 | ** are permitted provided that the following conditions are met: 12 | ** 13 | ** * Redistributions of source code must retain the above copyright notice, this 14 | ** list of conditions and the following disclaimer. 15 | ** 16 | ** * Redistributions in binary form must reproduce the above copyright notice, this 17 | ** list of conditions and the following disclaimer in the documentation and/or 18 | ** other materials provided with the distribution. 19 | ** 20 | ** * Neither the name of the {organization} nor the names of its 21 | ** contributors may be used to endorse or promote products derived from 22 | ** this software without specific prior written permission. 23 | ** 24 | ** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 25 | ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 26 | ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 | ** DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 28 | ** ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 29 | ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 30 | ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 31 | ** ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 | ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | */ 35 | 36 | #ifndef __HBOOTDBG_H__ 37 | # define __HBOOTDBG_H__ 38 | 39 | # include 40 | 41 | # define ASM(code, args...) do { \ 42 | __asm__ __volatile__( \ 43 | code, ## args \ 44 | ); \ 45 | } while (0) 46 | 47 | # define __packed __attribute__((packed)) 48 | # define __aligned4 __attribute__((aligned(4))) 49 | # define __naked __attribute__((naked)) 50 | 51 | # ifndef offsetof 52 | # define offsetof __builtin_offsetof 53 | # endif 54 | 55 | typedef unsigned char uchar; 56 | typedef unsigned short ushort; 57 | typedef unsigned int uint; 58 | typedef unsigned long ulong; 59 | typedef unsigned long long ulonglong; 60 | typedef int8_t s8; 61 | typedef int16_t s16; 62 | typedef int32_t s32; 63 | typedef int64_t s64; 64 | typedef uint8_t u8; 65 | typedef uint16_t u16; 66 | typedef uint32_t u32; 67 | typedef uint64_t u64; 68 | 69 | #endif // __HBOOTDBG_H__ 70 | -------------------------------------------------------------------------------- /src/devices/vision_0.85.0015/hbootdbg.elf.ld: -------------------------------------------------------------------------------- 1 | OUTPUT_ARCH(arm) 2 | ENTRY(cmd_dispatcher) 3 | 4 | PHDRS 5 | { 6 | text PT_LOAD FLAGS(7); 7 | bss PT_LOAD FLAGS(7); 8 | } 9 | 10 | SECTIONS 11 | { 12 | . = 0x8D0E2000; 13 | .text : 14 | { 15 | *(.text) 16 | } :text =0xDEADC0DE 17 | 18 | .bss : 19 | { 20 | *(.bss) *(.data) *(.rodata*) 21 | } :bss 22 | 23 | PROVIDE(__memcpy = 0x8D023018); 24 | PROVIDE(__memset = 0x8D022FF8); 25 | PROVIDE(__fb_cmd_oem = 0x8D0020C8); 26 | PROVIDE(__setting_set_bootmode = 0x8D008638); 27 | PROVIDE(__do_reboot = 0x8D00AE0C); 28 | PROVIDE(__usb_send_string = 0x8D001F24); 29 | PROVIDE(__usb_send = 0x8D051064); 30 | PROVIDE(__usb_recv = 0x8D05109C); 31 | PROVIDE(__strtol16 = 0x8D0235B4); 32 | PROVIDE(__strlen = 0x8D022E18); 33 | PROVIDE(__fastboot_reboot = 0x8D001FA0); 34 | PROVIDE(__turn_on_flashlight = 0x8D05B48C); 35 | 36 | /DISCARD/ : 37 | { 38 | *(.pdr); 39 | *(.gnu.attributes); 40 | *(.reginfo); 41 | *(.note); 42 | *(.comment); 43 | *(__ex_table); 44 | *(interp); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /src/devices/vision_0.85.0015/preloader.elf.ld: -------------------------------------------------------------------------------- 1 | OUTPUT_ARCH(arm) 2 | ENTRY(entrypoint_preloader) 3 | 4 | PHDRS 5 | { 6 | text PT_LOAD FLAGS(7); 7 | bss PT_LOAD FLAGS(7); 8 | } 9 | 10 | SECTIONS 11 | { 12 | . = 0x058D3000; 13 | .text : 14 | { 15 | *(.text) 16 | } :text =0xDEADC0DE 17 | 18 | .bss : 19 | { 20 | *(.bss) *(.data) *(.rodata*) 21 | } :bss 22 | 23 | PROVIDE(__memcpy = 0x8D023018); 24 | PROVIDE(__memset = 0x8D022FF8); 25 | PROVIDE(__fb_cmd_oem = 0x8D0020C8); 26 | PROVIDE(__setting_set_bootmode = 0x8D008638); 27 | PROVIDE(__do_reboot = 0x8D00AE0C); 28 | PROVIDE(__usb_send = 0x8D001F24); 29 | PROVIDE(__usb_send_to_device_1 = 0x8D051064); 30 | PROVIDE(__strtol16 = 0x8D0235B4); 31 | PROVIDE(__strlen = 0x8D022E18); 32 | 33 | /DISCARD/ : 34 | { 35 | *(.pdr); 36 | *(.gnu.attributes); 37 | *(.reginfo); 38 | *(.note); 39 | *(.comment); 40 | *(__ex_table); 41 | *(interp); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /src/hbootdbg/base64.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** base64.c - c source to a base64 decoding algorithm implementation 3 | ** 4 | ** This is part of the libb64 project, and has been placed in the public 5 | ** domain. For details, see http://sourceforge.net/projects/libb64 6 | */ 7 | 8 | #include "hbootlib.h" 9 | 10 | typedef enum 11 | { 12 | step_a, 13 | step_b, 14 | step_c, 15 | step_d 16 | } base64_decodestep; 17 | 18 | typedef struct 19 | { 20 | base64_decodestep step; 21 | char plainchar; 22 | } base64_decodestate; 23 | 24 | static void base64_init_decodestate(base64_decodestate* state_in); 25 | static int base64_decode_value(char value_in); 26 | static int base64_decode_block(const char* code_in, const int length_in, 27 | char* plaintext_out, base64_decodestate* state_in); 28 | 29 | static 30 | int base64_decode_value(char value_in) 31 | { 32 | static const char decoding[] = { 33 | 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, 34 | -2, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 35 | 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 36 | 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 37 | 46, 47, 48, 49, 50, 51 38 | }; 39 | static const char decoding_size = sizeof (decoding); 40 | value_in -= 43; 41 | if (value_in < 0 || value_in >= decoding_size) 42 | return -1; 43 | return decoding[(int) value_in]; 44 | } 45 | 46 | static 47 | void base64_init_decodestate(base64_decodestate* state_in) 48 | { 49 | state_in->step = step_a; 50 | state_in->plainchar = 0; 51 | } 52 | 53 | static 54 | int base64_decode_block(const char* code_in, const int length_in, 55 | char* plaintext_out, base64_decodestate* state_in) 56 | { 57 | const char* codechar = code_in; 58 | char* plainchar = plaintext_out; 59 | char fragment; 60 | 61 | *plainchar = state_in->plainchar; 62 | 63 | switch (state_in->step) 64 | { 65 | while (1) 66 | { 67 | case step_a: 68 | do { 69 | if (codechar == code_in + length_in) 70 | { 71 | state_in->step = step_a; 72 | state_in->plainchar = *plainchar; 73 | return plainchar - plaintext_out; 74 | } 75 | fragment = (char) base64_decode_value(*codechar++); 76 | } while (fragment < 0); 77 | *plainchar = (fragment & 0x03f) << 2; 78 | case step_b: 79 | do { 80 | if (codechar == code_in + length_in) 81 | { 82 | state_in->step = step_b; 83 | state_in->plainchar = *plainchar; 84 | return plainchar - plaintext_out; 85 | } 86 | fragment = (char) base64_decode_value(*codechar++); 87 | } while (fragment < 0); 88 | *plainchar++ |= (fragment & 0x030) >> 4; 89 | *plainchar = (fragment & 0x00f) << 4; 90 | case step_c: 91 | do { 92 | if (codechar == code_in + length_in) 93 | { 94 | state_in->step = step_c; 95 | state_in->plainchar = *plainchar; 96 | return plainchar - plaintext_out; 97 | } 98 | fragment = (char) base64_decode_value(*codechar++); 99 | } while (fragment < 0); 100 | *plainchar++ |= (fragment & 0x03c) >> 2; 101 | *plainchar = (fragment & 0x003) << 6; 102 | case step_d: 103 | do { 104 | if (codechar == code_in + length_in) 105 | { 106 | state_in->step = step_d; 107 | state_in->plainchar = *plainchar; 108 | return plainchar - plaintext_out; 109 | } 110 | fragment = (char) base64_decode_value(*codechar++); 111 | } while (fragment < 0); 112 | *plainchar++ |= (fragment & 0x03f); 113 | } 114 | } 115 | /* control should not reach here */ 116 | return plainchar - plaintext_out; 117 | } 118 | 119 | int base64_decode(const char* input, char* output) 120 | { 121 | char* c = output; 122 | int count = 0; 123 | base64_decodestate s; 124 | 125 | base64_init_decodestate(&s); 126 | count = base64_decode_block(input, strlen(input), c, &s); 127 | c += count; 128 | *c = 0; 129 | 130 | return count; 131 | } 132 | -------------------------------------------------------------------------------- /src/hbootdbg/base64.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** base64.h - c header for a base64 decoding algorithm 3 | ** 4 | ** This is part of the libb64 project, and has been placed in the public 5 | ** domain. For details, see http://sourceforge.net/projects/libb64 6 | */ 7 | 8 | #ifndef __BASE64_H__ 9 | #define __BASE64_H__ 10 | 11 | int base64_decode(const char* input, char* output); 12 | 13 | #endif // __BASE64_H__ 14 | -------------------------------------------------------------------------------- /src/hbootdbg/cpu.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** This file is part of hbootdbg. 3 | ** Copyright (C) 2013 Cedric Halbronn 4 | ** Copyright (C) 2013 Nicolas Hureau 5 | ** All rights reserved. 6 | ** 7 | ** Code greatly inspired by qcombbdbg. 8 | ** Copyright (C) 2012 Guillaume Delugré 9 | ** 10 | ** Redistribution and use in source and binary forms, with or without modification, 11 | ** are permitted provided that the following conditions are met: 12 | ** 13 | ** * Redistributions of source code must retain the above copyright notice, this 14 | ** list of conditions and the following disclaimer. 15 | ** 16 | ** * Redistributions in binary form must reproduce the above copyright notice, this 17 | ** list of conditions and the following disclaimer in the documentation and/or 18 | ** other materials provided with the distribution. 19 | ** 20 | ** * Neither the name of the {organization} nor the names of its 21 | ** contributors may be used to endorse or promote products derived from 22 | ** this software without specific prior written permission. 23 | ** 24 | ** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 25 | ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 26 | ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 | ** DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 28 | ** ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 29 | ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 30 | ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 31 | ** ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 | ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | */ 35 | 36 | #include "cpu.h" 37 | 38 | __naked 39 | void cpu_set_mode_stack(uint mode, void* addr) 40 | { 41 | ASM( 42 | "stmfd sp!, {r3-r4, lr}\n" 43 | 44 | // Save the current CPSR 45 | "mrs r3, cpsr\n" 46 | 47 | // Move to the wanted CPU mode 48 | "bic r4, r3, #0x1F\n" 49 | "orr r4, %[mode]\n" 50 | "msr cpsr, r4\n" 51 | 52 | // Set the stack 53 | "mov sp, %[addr]\n" 54 | 55 | // Move back to the original mode 56 | "msr cpsr, r3\n" 57 | 58 | // Return 59 | "ldmfd sp!, {r3-r4, pc}\n" 60 | :: 61 | [mode] "r" (mode), 62 | [addr] "r" (addr) 63 | ); 64 | } 65 | 66 | u32 cpu_get_cpsr(void) 67 | { 68 | u32 tmp_reg; 69 | 70 | ASM( 71 | "mrs %0, cpsr\n" 72 | : "=r" (tmp_reg) 73 | ); 74 | 75 | return tmp_reg; 76 | } 77 | 78 | void cpu_put_cpsr(u32 cpsr) 79 | { 80 | ASM( 81 | "msr cpsr, %0\n" 82 | : "=r" (cpsr) 83 | ); 84 | } 85 | 86 | u32 cpu_get_branch(u32 from, u32 to) 87 | { 88 | return 0xea000000 | (((to - from - 8) >> 2) & 0x00ffffff); 89 | } 90 | -------------------------------------------------------------------------------- /src/hbootdbg/cpu.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** This file is part of hbootdbg. 3 | ** Copyright (C) 2013 Cedric Halbronn 4 | ** Copyright (C) 2013 Nicolas Hureau 5 | ** All rights reserved. 6 | ** 7 | ** Code greatly inspired by qcombbdbg. 8 | ** Copyright (C) 2012 Guillaume Delugré 9 | ** 10 | ** Redistribution and use in source and binary forms, with or without modification, 11 | ** are permitted provided that the following conditions are met: 12 | ** 13 | ** * Redistributions of source code must retain the above copyright notice, this 14 | ** list of conditions and the following disclaimer. 15 | ** 16 | ** * Redistributions in binary form must reproduce the above copyright notice, this 17 | ** list of conditions and the following disclaimer in the documentation and/or 18 | ** other materials provided with the distribution. 19 | ** 20 | ** * Neither the name of the {organization} nor the names of its 21 | ** contributors may be used to endorse or promote products derived from 22 | ** this software without specific prior written permission. 23 | ** 24 | ** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 25 | ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 26 | ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 | ** DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 28 | ** ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 29 | ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 30 | ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 31 | ** ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 | ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | */ 35 | 36 | #ifndef __CPU_H__ 37 | # define __CPU_H__ 38 | 39 | # define ARM_BKPT 0xe1200070 40 | 41 | # define ARM_MODE_USER 0b10000 42 | # define ARM_MODE_FIQ 0b10001 43 | # define ARM_MODE_IRQ 0b10010 44 | # define ARM_MODE_SVC 0b10011 45 | # define ARM_MODE_ABORT 0b10111 46 | # define ARM_MODE_UNDEF 0b11011 47 | # define ARM_MODE_SYS 0b11111 48 | # define ARM_MODE_MONITOR 0b10110 49 | 50 | # define ARM_SPR_MASK_MODE 0b11111 51 | # define ARM_SPR_THUMB (1 << 5) 52 | # define ARM_SPR_MASK_FIQ (1 << 6) 53 | # define ARM_SPR_MASK_IRQ (1 << 7) 54 | # define ARM_SPR_MASK_INTS (ARM_SPR_MASK_FIQ | ARM_SPR_MASK_IRQ) 55 | # define ARM_SPR_COND_FLAGS (0b11111 << 27) 56 | 57 | /* 58 | ** Structs 59 | */ 60 | 61 | typedef struct __packed 62 | { 63 | u32 cpsr; 64 | union 65 | { 66 | struct 67 | { 68 | u32 r0; 69 | u32 r1; 70 | u32 r2; 71 | u32 r3; 72 | u32 r4; 73 | u32 r5; 74 | u32 r6; 75 | u32 r7; 76 | u32 r8; 77 | u32 r9; 78 | u32 r10; 79 | u32 r11; 80 | u32 r12; 81 | u32 sp; 82 | u32 lr; 83 | u32 pc; 84 | }; 85 | u32 r[16]; 86 | }; 87 | } context; 88 | 89 | /* 90 | ** Functions 91 | */ 92 | 93 | void cpu_set_mode_stack(uint mode, void* addr); 94 | 95 | /* 96 | ** Helpers 97 | */ 98 | 99 | u32 cpu_get_cpsr(void); 100 | void cpu_put_cpsr(u32 cpsr); 101 | 102 | u32 cpu_get_branch(u32 from, u32 to); 103 | 104 | #endif // __CPU_H__ 105 | -------------------------------------------------------------------------------- /src/hbootdbg/darm/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013, Jurriaan Bremer 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, 8 | this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above copyright notice, 10 | this list of conditions and the following disclaimer in the documentation 11 | and/or other materials provided with the distribution. 12 | * Neither the name of the darm developer(s) nor the names of its 13 | contributors may be used to endorse or promote products derived from this 14 | software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 | POSSIBILITY OF SUCH DAMAGE. 27 | -------------------------------------------------------------------------------- /src/hbootdbg/darm/README.md: -------------------------------------------------------------------------------- 1 | # darm 2 | 3 | A light-weight and efficient ARMv7/Thumb/Thumb2 disassembler written in C with 4 | Python bindings. VFP/Neon/SIMD (it's all the same) support is upcoming! 5 | 6 | # Example code 7 | 8 | Using the *darm* library is fairly straightforward - just call the right 9 | function with the right parameter and you're all set. Following is an example 10 | of disassembling an ARMv7 instruction in C and printing its string 11 | representation to stdout. 12 | 13 | ```c 14 | #include 15 | #include "darm.h" 16 | 17 | int main() 18 | { 19 | darm_t d; darm_str_t str; 20 | 21 | if(darm_armv7_disasm(&d, 0x42424242) == 0 && 22 | darm_str2(&d, &str, 1) == 0) { 23 | 24 | printf("-> %s\n", str.total); 25 | } 26 | } 27 | ``` 28 | 29 | And the exact same program, but using the Python bindings. 30 | 31 | ```python 32 | import darm 33 | 34 | print str(darm.disasm_armv7(0x42424242)) 35 | ``` 36 | 37 | # License 38 | 39 | The darm library is released under the **BSD 3-Clause License**, also known 40 | as **BSD Simplified**. 41 | 42 | # Support & Contact 43 | 44 | For support and contact, feel free to check out the 45 | [official Darm website][website], the IRC channel, **#darm** at freenode, 46 | or you can always reach me on my email: [jurriaanbremer@gmail.com][email]. 47 | 48 | [website]: http://darm.re/ 49 | [email]: mailto:jurriaanbremer@gmail.com 50 | 51 | # Acknowledgement 52 | 53 | (See also the [Contributors][contributors] page on [darm.re][].) 54 | 55 | Many thanks to [Valentin Pistol][pistol] without whom this project would never 56 | have seen the light of day. 57 | 58 | Thanks to [Peter Geissler][blasty], [Jay Little][computerality], 59 | [Michael Laurenzano][mlaurenzano], [Jonathan Tetteroo][jtetteroo], 60 | [Joshua Drake][jduck], and [rednovae][] for contributions, suggestions, 61 | additional tests, etc. 62 | 63 | [contributors]: http://darm.re/contributors 64 | [darm.re]: http://darm.re/ 65 | [pistol]: https://github.com/pistol/ 66 | [blasty]: https://github.com/blasty/ 67 | [computerality]: https://github.com/computerality 68 | [mlaurenzano]: https://github.com/mlaurenzano 69 | [jtetteroo]: https://github.com/j-tetteroo 70 | [jduck]: https://github.com/jduck 71 | [rednovae]: https://github.com/endeav0r 72 | -------------------------------------------------------------------------------- /src/hbootdbg/darm/armv7-tbl.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013, Jurriaan Bremer 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | * Redistributions of source code must retain the above copyright notice, 9 | this list of conditions and the following disclaimer. 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | * Neither the name of the darm developer(s) nor the names of its 14 | contributors may be used to endorse or promote products derived from this 15 | software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 | POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | #include 30 | #include 31 | #include "armv7-tbl.h" 32 | darm_enctype_t armv7_instr_types[] = { 33 | T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, 34 | T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, 35 | T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, 36 | T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, 37 | T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, T_ARM_ARITH_SHIFT, 38 | T_ARM_ARITH_SHIFT, T_ARM_SM, T_ARM_CMP_OP, T_ARM_BRNCHMISC, T_ARM_CMP_OP, 39 | T_ARM_SM, T_ARM_CMP_OP, T_ARM_MISC, T_ARM_CMP_OP, T_ARM_ARITH_SHIFT, 40 | T_ARM_ARITH_SHIFT, T_ARM_DST_SRC, T_ARM_DST_SRC, T_ARM_ARITH_SHIFT, 41 | T_ARM_ARITH_SHIFT, T_ARM_MISC, T_ARM_MISC, T_ARM_ARITH_IMM, 42 | T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, 43 | T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, 44 | T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, 45 | T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_MOV_IMM, 46 | T_ARM_CMP_IMM, T_ARM_OPLESS, T_ARM_CMP_IMM, T_ARM_MOV_IMM, T_ARM_CMP_IMM, 47 | T_INVLD, T_ARM_CMP_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_MOV_IMM, 48 | T_ARM_MOV_IMM, T_ARM_ARITH_IMM, T_ARM_ARITH_IMM, T_ARM_MOV_IMM, 49 | T_ARM_MOV_IMM, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 50 | T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 51 | T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 52 | T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 53 | T_INVLD, T_INVLD, T_INVLD, T_ARM_PAS, T_ARM_PAS, T_ARM_PAS, T_INVLD, 54 | T_ARM_PAS, T_ARM_PAS, T_ARM_PAS, T_ARM_MISC, T_INVLD, T_INVLD, 55 | T_ARM_BITREV, T_INVLD, T_INVLD, T_INVLD, T_ARM_BITREV, T_ARM_SM, T_INVLD, 56 | T_INVLD, T_INVLD, T_ARM_SM, T_ARM_SM, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 57 | T_ARM_BITS, T_ARM_BITS, T_ARM_BITS, T_ARM_BITS, T_ARM_BITS, T_ARM_UDF, 58 | T_ARM_LDSTREGS, T_ARM_LDSTREGS, T_ARM_LDSTREGS, T_ARM_LDSTREGS, T_INVLD, 59 | T_INVLD, T_INVLD, T_INVLD, T_ARM_LDSTREGS, T_ARM_LDSTREGS, T_ARM_LDSTREGS, 60 | T_ARM_LDSTREGS, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_ARM_LDSTREGS, 61 | T_ARM_LDSTREGS, T_ARM_LDSTREGS, T_ARM_LDSTREGS, T_INVLD, T_INVLD, T_INVLD, 62 | T_INVLD, T_ARM_LDSTREGS, T_ARM_LDSTREGS, T_ARM_LDSTREGS, T_ARM_LDSTREGS, 63 | T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 64 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 65 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 66 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 67 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 68 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 69 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 70 | T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 71 | T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 72 | T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 73 | T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, T_INVLD, 74 | T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, 75 | T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, 76 | T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, T_ARM_MVCR, T_ARM_BRNCHSC, 77 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 78 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, 79 | T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC, T_ARM_BRNCHSC 80 | }; 81 | 82 | darm_instr_t armv7_instr_labels[] = { 83 | I_AND, I_AND, I_EOR, I_EOR, I_SUB, I_SUB, I_RSB, I_RSB, I_ADD, I_ADD, 84 | I_ADC, I_ADC, I_SBC, I_SBC, I_RSC, I_RSC, I_SMLA, I_TST, I_SMULW, I_TEQ, 85 | I_SMLAL, I_CMP, I_SMC, I_CMN, I_ORR, I_ORR, I_STREXD, I_RRX, I_BIC, I_BIC, 86 | I_MVN, I_MVN, I_AND, I_AND, I_EOR, I_EOR, I_SUB, I_SUB, I_RSB, I_RSB, 87 | I_ADD, I_ADD, I_ADC, I_ADC, I_SBC, I_SBC, I_RSC, I_RSC, I_MOVW, I_TST, 88 | I_YIELD, I_TEQ, I_MOVT, I_CMP, I_INVLD, I_CMN, I_ORR, I_ORR, I_MOV, I_MOV, 89 | I_BIC, I_BIC, I_MVN, I_MVN, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 90 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 91 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 92 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 93 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_SSUB8, I_QSUB8, I_SHSUB8, I_INVLD, 94 | I_USUB8, I_UQSUB8, I_UHSUB8, I_SEL, I_INVLD, I_INVLD, I_REV16, I_INVLD, 95 | I_INVLD, I_INVLD, I_REVSH, I_SMUSD, I_INVLD, I_INVLD, I_INVLD, I_SMLSLD, 96 | I_SMMUL, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_SBFX, I_SBFX, I_BFI, I_BFI, 97 | I_UBFX, I_UDF, I_STMDA, I_LDMDA, I_STMDA, I_LDMDA, I_INVLD, I_INVLD, 98 | I_INVLD, I_INVLD, I_STM, I_LDM, I_STM, I_POP, I_INVLD, I_INVLD, I_INVLD, 99 | I_INVLD, I_STMDB, I_LDMDB, I_STMDB, I_LDMDB, I_INVLD, I_INVLD, I_INVLD, 100 | I_INVLD, I_STMIB, I_LDMIB, I_STMIB, I_LDMIB, I_INVLD, I_INVLD, I_INVLD, 101 | I_INVLD, I_B, I_B, I_B, I_B, I_B, I_B, I_B, I_B, I_B, I_B, I_B, I_B, I_B, 102 | I_B, I_B, I_B, I_BL, I_BL, I_BL, I_BL, I_BL, I_BL, I_BL, I_BL, I_BL, I_BL, 103 | I_BL, I_BL, I_BL, I_BL, I_BL, I_BL, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 104 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 105 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 106 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 107 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_MCR, I_MRC, I_MCR, I_MRC, I_MCR, 108 | I_MRC, I_MCR, I_MRC, I_MCR, I_MRC, I_MCR, I_MRC, I_MCR, I_MRC, I_MCR, 109 | I_MRC, I_SVC, I_SVC, I_SVC, I_SVC, I_SVC, I_SVC, I_SVC, I_SVC, I_SVC, 110 | I_SVC, I_SVC, I_SVC, I_SVC, I_SVC, I_SVC, I_SVC 111 | }; 112 | 113 | darm_instr_t type_shift_instr_lookup[] = { 114 | I_LSL, I_LSL, I_LSR, I_LSR, I_ASR, I_ASR, I_ROR, I_ROR, I_LSL, I_INVLD, 115 | I_LSR, I_INVLD, I_ASR, I_INVLD, I_ROR, I_INVLD 116 | }; 117 | 118 | darm_instr_t type_brnchmisc_instr_lookup[] = { 119 | I_MSR, I_BX, I_BXJ, I_BLX, I_INVLD, I_QSUB, I_INVLD, I_BKPT, I_SMLAW, 120 | I_INVLD, I_SMULW, I_INVLD, I_SMLAW, I_INVLD, I_SMULW, I_INVLD 121 | }; 122 | 123 | darm_instr_t type_opless_instr_lookup[] = { 124 | I_NOP, I_YIELD, I_WFE, I_WFI, I_SEV, I_INVLD, I_INVLD, I_INVLD 125 | }; 126 | 127 | darm_instr_t type_uncond2_instr_lookup[] = { 128 | I_INVLD, I_CLREX, I_INVLD, I_INVLD, I_DSB, I_DMB, I_ISB, I_INVLD 129 | }; 130 | 131 | darm_instr_t type_mul_instr_lookup[] = { 132 | I_MUL, I_MLA, I_UMAAL, I_MLS, I_UMULL, I_UMLAL, I_SMULL, I_SMLAL 133 | }; 134 | 135 | darm_instr_t type_stack0_instr_lookup[] = { 136 | I_STR, I_LDR, I_STRT, I_LDRT, I_STRB, I_LDRB, I_STRBT, I_LDRBT, I_STR, 137 | I_LDR, I_STRT, I_LDRT, I_STRB, I_LDRB, I_STRBT, I_LDRBT, I_STR, I_LDR, 138 | I_STR, I_LDR, I_STRB, I_LDRB, I_STRB, I_LDRB, I_STR, I_LDR, I_STR, I_LDR, 139 | I_STRB, I_LDRB, I_STRB, I_LDRB 140 | }; 141 | 142 | darm_instr_t type_stack1_instr_lookup[] = { 143 | I_INVLD, I_INVLD, I_STRHT, I_LDRHT, I_INVLD, I_LDRSBT, I_INVLD, I_LDRSHT 144 | }; 145 | 146 | darm_instr_t type_stack2_instr_lookup[] = { 147 | I_INVLD, I_INVLD, I_STRH, I_LDRH, I_LDRD, I_LDRSB, I_STRD, I_LDRSH 148 | }; 149 | 150 | darm_instr_t type_bits_instr_lookup[] = { 151 | I_INVLD, I_SBFX, I_BFI, I_UBFX 152 | }; 153 | 154 | darm_instr_t type_pas_instr_lookup[] = { 155 | I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 156 | I_SADD16, I_SASX, I_SSAX, I_SSUB16, I_SADD8, I_INVLD, I_INVLD, I_SSUB8, 157 | I_QADD16, I_QASX, I_QSAX, I_QSUB16, I_QADD8, I_INVLD, I_INVLD, I_QSUB8, 158 | I_SHADD16, I_SHASX, I_SHSAX, I_SHSUB16, I_SHADD8, I_INVLD, I_INVLD, 159 | I_SHSUB8, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, I_INVLD, 160 | I_INVLD, I_UADD16, I_UASX, I_USAX, I_USUB16, I_UADD8, I_INVLD, I_INVLD, 161 | I_USUB8, I_UQADD16, I_UQASX, I_UQSAX, I_UQSUB16, I_UQADD8, I_INVLD, 162 | I_INVLD, I_UQSUB8, I_UHADD16, I_UHASX, I_UHSAX, I_UHSUB16, I_UHADD8, 163 | I_INVLD, I_INVLD, I_UHSUB8 164 | }; 165 | 166 | darm_instr_t type_sat_instr_lookup[] = { 167 | I_QADD, I_QSUB, I_QDADD, I_QDSUB 168 | }; 169 | 170 | darm_instr_t type_sync_instr_lookup[] = { 171 | I_SWP, I_INVLD, I_INVLD, I_INVLD, I_SWPB, I_INVLD, I_INVLD, I_INVLD, 172 | I_STREX, I_LDREX, I_STREXD, I_LDREXD, I_STREXB, I_LDREXB, I_STREXH, 173 | I_LDREXH 174 | }; 175 | 176 | darm_instr_t type_pusr_instr_lookup[] = { 177 | I_SXTAB16, I_SXTB16, I_INVLD, I_INVLD, I_SXTAB, I_SXTB, I_SXTAH, I_SXTH, 178 | I_UXTAB16, I_UXTB16, I_INVLD, I_INVLD, I_UXTAB, I_UXTB, I_UXTAH, I_UXTH 179 | }; 180 | 181 | const char *armv7_format_strings[479][3] = { 182 | [I_ADC] = {"scdni", "scdnmS"}, 183 | [I_ADD] = {"scdni", "scdnmS"}, 184 | [I_ADR] = {"cdb"}, 185 | [I_AND] = {"scdni", "scdnmS"}, 186 | [I_ASR] = {"scdmS", "scdnm"}, 187 | [I_BFC] = {"cdLw"}, 188 | [I_BFI] = {"cdnLw"}, 189 | [I_BIC] = {"scdni", "scdnmS"}, 190 | [I_BKPT] = {"i"}, 191 | [I_BLX] = {"b", "cm"}, 192 | [I_BL] = {"cb"}, 193 | [I_BXJ] = {"cm"}, 194 | [I_BX] = {"cm"}, 195 | [I_B] = {"cb"}, 196 | [I_CDP2] = {"cCpINJ"}, 197 | [I_CDP] = {"cCpINJ"}, 198 | [I_CLREX] = {""}, 199 | [I_CLZ] = {"cdm"}, 200 | [I_CMN] = {"cnmS", "cni"}, 201 | [I_CMP] = {"cnmS", "cni"}, 202 | [I_DBG] = {"co"}, 203 | [I_DMB] = {"o"}, 204 | [I_DSB] = {"o"}, 205 | [I_EOR] = {"scdni", "scdnmS"}, 206 | [I_ISB] = {"o"}, 207 | [I_LDC2] = {"{L}cCIB#+/-"}, 208 | [I_LDC] = {"{L}cCIB#+/-"}, 209 | [I_LDMDA] = {"cn!r"}, 210 | [I_LDMDB] = {"cn!r"}, 211 | [I_LDMIB] = {"cn!r"}, 212 | [I_LDM] = {"cn!r"}, 213 | [I_LDRBT] = {"ctBOS"}, 214 | [I_LDRB] = {"ctBOS"}, 215 | [I_LDRD] = {"ct2BO"}, 216 | [I_LDREXB] = {"ctB"}, 217 | [I_LDREXD] = {"ct2B"}, 218 | [I_LDREXH] = {"ctB"}, 219 | [I_LDREX] = {"ctB"}, 220 | [I_LDRHT] = {"ctBO"}, 221 | [I_LDRH] = {"ctBO"}, 222 | [I_LDRSBT] = {"ctBO"}, 223 | [I_LDRSB] = {"ctBO"}, 224 | [I_LDRSHT] = {"ctBO"}, 225 | [I_LDRSH] = {"ctBO"}, 226 | [I_LDRT] = {"ctBOS"}, 227 | [I_LDR] = {"ctBOS"}, 228 | [I_LSL] = {"scdmS", "scdnm"}, 229 | [I_LSR] = {"scdmS", "scdnm"}, 230 | [I_MCR2] = {"cCptNJP"}, 231 | [I_MCRR2] = {"cCpt2J"}, 232 | [I_MCRR] = {"cCpt2J"}, 233 | [I_MCR] = {"cCptNJP"}, 234 | [I_MLA] = {"scdnma"}, 235 | [I_MLS] = {"cdnma"}, 236 | [I_MOVT] = {"cdi"}, 237 | [I_MOVW] = {"cdi"}, 238 | [I_MOV] = {"scdi", "scdm"}, 239 | [I_MRC2] = {"cCptNJP"}, 240 | [I_MRC] = {"cCptNJP"}, 241 | [I_MRRC2] = {"cCt2J"}, 242 | [I_MRRC] = {"cCt2J"}, 243 | [I_MRS] = {"cd"}, 244 | [I_MSR] = {"cn", "ci"}, 245 | [I_MUL] = {"scdnm"}, 246 | [I_MVN] = {"scdi", "scdmS"}, 247 | [I_NOP] = {"c"}, 248 | [I_ORR] = {"scdni", "scdnmS"}, 249 | [I_PKH] = {"TcdnmS"}, 250 | [I_PLD] = {"cM"}, 251 | [I_PLI] = {"M"}, 252 | [I_POP] = {"cr"}, 253 | [I_PUSH] = {"cr"}, 254 | [I_QADD16] = {"cdnm"}, 255 | [I_QADD8] = {"cdnm"}, 256 | [I_QADD] = {"cdmn"}, 257 | [I_QASX] = {"cdnm"}, 258 | [I_QDADD] = {"cdmn"}, 259 | [I_QDSUB] = {"cdmn"}, 260 | [I_QSAX] = {"cdnm"}, 261 | [I_QSUB16] = {"cdnm"}, 262 | [I_QSUB8] = {"cdnm"}, 263 | [I_QSUB] = {"cdmn"}, 264 | [I_RBIT] = {"cdm"}, 265 | [I_REV16] = {"cdm"}, 266 | [I_REVSH] = {"cdm"}, 267 | [I_REV] = {"cdm"}, 268 | [I_ROR] = {"scdmS", "scdnm"}, 269 | [I_RRX] = {"scdm"}, 270 | [I_RSB] = {"scdni", "scdnmS"}, 271 | [I_RSC] = {"scdni", "scdnmS"}, 272 | [I_SADD16] = {"cdnm"}, 273 | [I_SADD8] = {"cdnm"}, 274 | [I_SASX] = {"cdnm"}, 275 | [I_SBC] = {"scdni", "scdnmS"}, 276 | [I_SBFX] = {"cdnLw"}, 277 | [I_SEL] = {"cdnm"}, 278 | [I_SETEND] = {"e"}, 279 | [I_SEV] = {"c"}, 280 | [I_SHADD16] = {"cdnm"}, 281 | [I_SHADD8] = {"cdnm"}, 282 | [I_SHASX] = {"cdnm"}, 283 | [I_SHSAX] = {"cdnm"}, 284 | [I_SHSUB16] = {"cdnm"}, 285 | [I_SHSUB8] = {"cdnm"}, 286 | [I_SMC] = {"ci"}, 287 | [I_SMLAD] = {"xcdnma"}, 288 | [I_SMLALD] = {"xclhnm"}, 289 | [I_SMLAL] = {"Xclhnm", "sclhnm"}, 290 | [I_SMLAW] = {"cdnma"}, 291 | [I_SMLA] = {"Xcdnma"}, 292 | [I_SMLSD] = {"xcdnma"}, 293 | [I_SMLSLD] = {"xclhnm"}, 294 | [I_SMMLA] = {"Rcdnma"}, 295 | [I_SMMLS] = {"Rcdnma"}, 296 | [I_SMMUL] = {"Rcdnm"}, 297 | [I_SMUAD] = {"xcdnm"}, 298 | [I_SMULL] = {"sclhnm"}, 299 | [I_SMULW] = {"cdnm"}, 300 | [I_SMUL] = {"Xcdnm"}, 301 | [I_SMUSD] = {"xcdnm"}, 302 | [I_SSAT16] = {"cd#n"}, 303 | [I_SSAT] = {"cd#nS"}, 304 | [I_SSAX] = {"cdnm"}, 305 | [I_SSUB16] = {"cdnm"}, 306 | [I_SSUB8] = {"cdnm"}, 307 | [I_STC2] = {"{L}cCIB#+/-"}, 308 | [I_STC] = {"{L}cCIB#+/-"}, 309 | [I_STMDA] = {"cn!r"}, 310 | [I_STMDB] = {"cn!r"}, 311 | [I_STMIB] = {"cn!r"}, 312 | [I_STM] = {"cn!r"}, 313 | [I_STRBT] = {"ctBOS"}, 314 | [I_STRB] = {"ctBOS"}, 315 | [I_STRD] = {"ct2BO"}, 316 | [I_STREXB] = {"cdtB"}, 317 | [I_STREXD] = {"cdt2B"}, 318 | [I_STREXH] = {"cdtB"}, 319 | [I_STREX] = {"cdtB"}, 320 | [I_STRHT] = {"ctBO"}, 321 | [I_STRH] = {"ctBO"}, 322 | [I_STRT] = {"ctBOS"}, 323 | [I_STR] = {"ctBOS"}, 324 | [I_SUB] = {"scdni", "scdnmS"}, 325 | [I_SVC] = {"ci"}, 326 | [I_SWPB] = {"ct2B"}, 327 | [I_SWP] = {"ct2B"}, 328 | [I_SXTAB16] = {"cdnmA"}, 329 | [I_SXTAB] = {"cdnmA"}, 330 | [I_SXTAH] = {"cdnmA"}, 331 | [I_SXTB16] = {"cdmA"}, 332 | [I_SXTB] = {"cdmA"}, 333 | [I_SXTH] = {"cdmA"}, 334 | [I_TEQ] = {"cnmS", "cni"}, 335 | [I_TST] = {"cnmS", "cni"}, 336 | [I_UADD16] = {"cdnm"}, 337 | [I_UADD8] = {"cdnm"}, 338 | [I_UASX] = {"cdnm"}, 339 | [I_UBFX] = {"cdnLw"}, 340 | [I_UDF] = {"ci"}, 341 | [I_UHADD16] = {"cdnm"}, 342 | [I_UHADD8] = {"cdnm"}, 343 | [I_UHASX] = {"cdnm"}, 344 | [I_UHSAX] = {"cdnm"}, 345 | [I_UHSUB16] = {"cdnm"}, 346 | [I_UHSUB8] = {"cdnm"}, 347 | [I_UMAAL] = {"clhnm"}, 348 | [I_UMLAL] = {"sclhnm"}, 349 | [I_UMULL] = {"sclhnm"}, 350 | [I_UQADD16] = {"cdnm"}, 351 | [I_UQADD8] = {"cdnm"}, 352 | [I_UQASX] = {"cdnm"}, 353 | [I_UQSAX] = {"cdnm"}, 354 | [I_UQSUB16] = {"cdnm"}, 355 | [I_UQSUB8] = {"cdnm"}, 356 | [I_USAD8] = {"cdnm"}, 357 | [I_USADA8] = {"cdnma"}, 358 | [I_USAT16] = {"cdin"}, 359 | [I_USAT] = {"cdinS"}, 360 | [I_USAX] = {"cdnm"}, 361 | [I_USUB16] = {"cdnm"}, 362 | [I_USUB8] = {"cdnm"}, 363 | [I_UXTAB16] = {"cdnmA"}, 364 | [I_UXTAB] = {"cdnmA"}, 365 | [I_UXTAH] = {"cdnmA"}, 366 | [I_UXTB16] = {"cdmA"}, 367 | [I_UXTB] = {"cdmA"}, 368 | [I_UXTH] = {"cdmA"}, 369 | [I_WFE] = {"c"}, 370 | [I_WFI] = {"c"}, 371 | [I_YIELD] = {"c"}, 372 | }; 373 | -------------------------------------------------------------------------------- /src/hbootdbg/darm/armv7-tbl.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013, Jurriaan Bremer 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | * Redistributions of source code must retain the above copyright notice, 9 | this list of conditions and the following disclaimer. 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | * Neither the name of the darm developer(s) nor the names of its 14 | contributors may be used to endorse or promote products derived from this 15 | software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 | POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | #ifndef __ARMV7_TBL__ 30 | #define __ARMV7_TBL__ 31 | #include 32 | #include "darm-tbl.h" 33 | extern darm_enctype_t armv7_instr_types[256]; 34 | extern darm_enctype_t thumb2_instr_types[256]; 35 | extern darm_instr_t armv7_instr_labels[256]; 36 | darm_instr_t type_shift_instr_lookup[16]; 37 | darm_instr_t type_brnchmisc_instr_lookup[16]; 38 | darm_instr_t type_opless_instr_lookup[8]; 39 | darm_instr_t type_uncond2_instr_lookup[8]; 40 | darm_instr_t type_mul_instr_lookup[8]; 41 | darm_instr_t type_stack0_instr_lookup[32]; 42 | darm_instr_t type_stack1_instr_lookup[8]; 43 | darm_instr_t type_stack2_instr_lookup[8]; 44 | darm_instr_t type_bits_instr_lookup[4]; 45 | darm_instr_t type_pas_instr_lookup[64]; 46 | darm_instr_t type_sat_instr_lookup[4]; 47 | darm_instr_t type_sync_instr_lookup[16]; 48 | darm_instr_t type_pusr_instr_lookup[16]; 49 | const char *armv7_format_strings[479][3]; 50 | #endif 51 | -------------------------------------------------------------------------------- /src/hbootdbg/darm/darm-internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013, Jurriaan Bremer 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | * Redistributions of source code must retain the above copyright notice, 9 | this list of conditions and the following disclaimer. 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | * Neither the name of the darm developer(s) nor the names of its 14 | contributors may be used to endorse or promote products derived from this 15 | software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 | POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | #define b0 0 30 | #define b1 1 31 | #define b10 2 32 | #define b11 3 33 | #define b100 4 34 | #define b101 5 35 | #define b110 6 36 | #define b111 7 37 | #define b1000 8 38 | #define b1001 9 39 | #define b1010 10 40 | #define b1011 11 41 | #define b1100 12 42 | #define b1101 13 43 | #define b1110 14 44 | #define b1111 15 45 | #define b10000 16 46 | #define b10001 17 47 | #define b10010 18 48 | #define b10011 19 49 | #define b10100 20 50 | #define b10101 21 51 | #define b10110 22 52 | #define b10111 23 53 | #define b11000 24 54 | #define b11001 25 55 | #define b11010 26 56 | #define b11011 27 57 | #define b11100 28 58 | #define b11101 29 59 | #define b11110 30 60 | #define b11111 31 61 | #define b100000 32 62 | #define b100001 33 63 | #define b100010 34 64 | #define b100011 35 65 | #define b100100 36 66 | #define b100101 37 67 | #define b100110 38 68 | #define b100111 39 69 | #define b101000 40 70 | #define b101001 41 71 | #define b101010 42 72 | #define b101011 43 73 | #define b101100 44 74 | #define b101101 45 75 | #define b101110 46 76 | #define b101111 47 77 | #define b110000 48 78 | #define b110001 49 79 | #define b110010 50 80 | #define b110011 51 81 | #define b110100 52 82 | #define b110101 53 83 | #define b110110 54 84 | #define b110111 55 85 | #define b111000 56 86 | #define b111001 57 87 | #define b111010 58 88 | #define b111011 59 89 | #define b111100 60 90 | #define b111101 61 91 | #define b111110 62 92 | #define b111111 63 93 | #define b1000000 64 94 | #define b1000001 65 95 | #define b1000010 66 96 | #define b1000011 67 97 | #define b1000100 68 98 | #define b1000101 69 99 | #define b1000110 70 100 | #define b1000111 71 101 | #define b1001000 72 102 | #define b1001001 73 103 | #define b1001010 74 104 | #define b1001011 75 105 | #define b1001100 76 106 | #define b1001101 77 107 | #define b1001110 78 108 | #define b1001111 79 109 | #define b1010000 80 110 | #define b1010001 81 111 | #define b1010010 82 112 | #define b1010011 83 113 | #define b1010100 84 114 | #define b1010101 85 115 | #define b1010110 86 116 | #define b1010111 87 117 | #define b1011000 88 118 | #define b1011001 89 119 | #define b1011010 90 120 | #define b1011011 91 121 | #define b1011100 92 122 | #define b1011101 93 123 | #define b1011110 94 124 | #define b1011111 95 125 | #define b1100000 96 126 | #define b1100001 97 127 | #define b1100010 98 128 | #define b1100011 99 129 | #define b1100100 100 130 | #define b1100101 101 131 | #define b1100110 102 132 | #define b1100111 103 133 | #define b1101000 104 134 | #define b1101001 105 135 | #define b1101010 106 136 | #define b1101011 107 137 | #define b1101100 108 138 | #define b1101101 109 139 | #define b1101110 110 140 | #define b1101111 111 141 | #define b1110000 112 142 | #define b1110001 113 143 | #define b1110010 114 144 | #define b1110011 115 145 | #define b1110100 116 146 | #define b1110101 117 147 | #define b1110110 118 148 | #define b1110111 119 149 | #define b1111000 120 150 | #define b1111001 121 151 | #define b1111010 122 152 | #define b1111011 123 153 | #define b1111100 124 154 | #define b1111101 125 155 | #define b1111110 126 156 | #define b1111111 127 157 | #define b10000000 128 158 | #define b10000001 129 159 | #define b10000010 130 160 | #define b10000011 131 161 | #define b10000100 132 162 | #define b10000101 133 163 | #define b10000110 134 164 | #define b10000111 135 165 | #define b10001000 136 166 | #define b10001001 137 167 | #define b10001010 138 168 | #define b10001011 139 169 | #define b10001100 140 170 | #define b10001101 141 171 | #define b10001110 142 172 | #define b10001111 143 173 | #define b10010000 144 174 | #define b10010001 145 175 | #define b10010010 146 176 | #define b10010011 147 177 | #define b10010100 148 178 | #define b10010101 149 179 | #define b10010110 150 180 | #define b10010111 151 181 | #define b10011000 152 182 | #define b10011001 153 183 | #define b10011010 154 184 | #define b10011011 155 185 | #define b10011100 156 186 | #define b10011101 157 187 | #define b10011110 158 188 | #define b10011111 159 189 | #define b10100000 160 190 | #define b10100001 161 191 | #define b10100010 162 192 | #define b10100011 163 193 | #define b10100100 164 194 | #define b10100101 165 195 | #define b10100110 166 196 | #define b10100111 167 197 | #define b10101000 168 198 | #define b10101001 169 199 | #define b10101010 170 200 | #define b10101011 171 201 | #define b10101100 172 202 | #define b10101101 173 203 | #define b10101110 174 204 | #define b10101111 175 205 | #define b10110000 176 206 | #define b10110001 177 207 | #define b10110010 178 208 | #define b10110011 179 209 | #define b10110100 180 210 | #define b10110101 181 211 | #define b10110110 182 212 | #define b10110111 183 213 | #define b10111000 184 214 | #define b10111001 185 215 | #define b10111010 186 216 | #define b10111011 187 217 | #define b10111100 188 218 | #define b10111101 189 219 | #define b10111110 190 220 | #define b10111111 191 221 | #define b11000000 192 222 | #define b11000001 193 223 | #define b11000010 194 224 | #define b11000011 195 225 | #define b11000100 196 226 | #define b11000101 197 227 | #define b11000110 198 228 | #define b11000111 199 229 | #define b11001000 200 230 | #define b11001001 201 231 | #define b11001010 202 232 | #define b11001011 203 233 | #define b11001100 204 234 | #define b11001101 205 235 | #define b11001110 206 236 | #define b11001111 207 237 | #define b11010000 208 238 | #define b11010001 209 239 | #define b11010010 210 240 | #define b11010011 211 241 | #define b11010100 212 242 | #define b11010101 213 243 | #define b11010110 214 244 | #define b11010111 215 245 | #define b11011000 216 246 | #define b11011001 217 247 | #define b11011010 218 248 | #define b11011011 219 249 | #define b11011100 220 250 | #define b11011101 221 251 | #define b11011110 222 252 | #define b11011111 223 253 | #define b11100000 224 254 | #define b11100001 225 255 | #define b11100010 226 256 | #define b11100011 227 257 | #define b11100100 228 258 | #define b11100101 229 259 | #define b11100110 230 260 | #define b11100111 231 261 | #define b11101000 232 262 | #define b11101001 233 263 | #define b11101010 234 264 | #define b11101011 235 265 | #define b11101100 236 266 | #define b11101101 237 267 | #define b11101110 238 268 | #define b11101111 239 269 | #define b11110000 240 270 | #define b11110001 241 271 | #define b11110010 242 272 | #define b11110011 243 273 | #define b11110100 244 274 | #define b11110101 245 275 | #define b11110110 246 276 | #define b11110111 247 277 | #define b11111000 248 278 | #define b11111001 249 279 | #define b11111010 250 280 | #define b11111011 251 281 | #define b11111100 252 282 | #define b11111101 253 283 | #define b11111110 254 284 | #define b11111111 255 285 | #define b00 0 286 | #define b01 1 287 | #define b10 2 288 | #define b11 3 289 | #define b000 0 290 | #define b001 1 291 | #define b010 2 292 | #define b011 3 293 | #define b100 4 294 | #define b101 5 295 | #define b110 6 296 | #define b111 7 297 | #define b0000 0 298 | #define b0001 1 299 | #define b0010 2 300 | #define b0011 3 301 | #define b0100 4 302 | #define b0101 5 303 | #define b0110 6 304 | #define b0111 7 305 | #define b1000 8 306 | #define b1001 9 307 | #define b1010 10 308 | #define b1011 11 309 | #define b1100 12 310 | #define b1101 13 311 | #define b1110 14 312 | #define b1111 15 313 | #define b00000 0 314 | #define b00001 1 315 | #define b00010 2 316 | #define b00011 3 317 | #define b00100 4 318 | #define b00101 5 319 | #define b00110 6 320 | #define b00111 7 321 | #define b01000 8 322 | #define b01001 9 323 | #define b01010 10 324 | #define b01011 11 325 | #define b01100 12 326 | #define b01101 13 327 | #define b01110 14 328 | #define b01111 15 329 | #define b10000 16 330 | #define b10001 17 331 | #define b10010 18 332 | #define b10011 19 333 | #define b10100 20 334 | #define b10101 21 335 | #define b10110 22 336 | #define b10111 23 337 | #define b11000 24 338 | #define b11001 25 339 | #define b11010 26 340 | #define b11011 27 341 | #define b11100 28 342 | #define b11101 29 343 | #define b11110 30 344 | #define b11111 31 345 | #define b000000 0 346 | #define b000001 1 347 | #define b000010 2 348 | #define b000011 3 349 | #define b000100 4 350 | #define b000101 5 351 | #define b000110 6 352 | #define b000111 7 353 | #define b001000 8 354 | #define b001001 9 355 | #define b001010 10 356 | #define b001011 11 357 | #define b001100 12 358 | #define b001101 13 359 | #define b001110 14 360 | #define b001111 15 361 | #define b010000 16 362 | #define b010001 17 363 | #define b010010 18 364 | #define b010011 19 365 | #define b010100 20 366 | #define b010101 21 367 | #define b010110 22 368 | #define b010111 23 369 | #define b011000 24 370 | #define b011001 25 371 | #define b011010 26 372 | #define b011011 27 373 | #define b011100 28 374 | #define b011101 29 375 | #define b011110 30 376 | #define b011111 31 377 | #define b100000 32 378 | #define b100001 33 379 | #define b100010 34 380 | #define b100011 35 381 | #define b100100 36 382 | #define b100101 37 383 | #define b100110 38 384 | #define b100111 39 385 | #define b101000 40 386 | #define b101001 41 387 | #define b101010 42 388 | #define b101011 43 389 | #define b101100 44 390 | #define b101101 45 391 | #define b101110 46 392 | #define b101111 47 393 | #define b110000 48 394 | #define b110001 49 395 | #define b110010 50 396 | #define b110011 51 397 | #define b110100 52 398 | #define b110101 53 399 | #define b110110 54 400 | #define b110111 55 401 | #define b111000 56 402 | #define b111001 57 403 | #define b111010 58 404 | #define b111011 59 405 | #define b111100 60 406 | #define b111101 61 407 | #define b111110 62 408 | #define b111111 63 409 | -------------------------------------------------------------------------------- /src/hbootdbg/darm/darm-tbl.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013, Jurriaan Bremer 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | * Redistributions of source code must retain the above copyright notice, 9 | this list of conditions and the following disclaimer. 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | * Neither the name of the darm developer(s) nor the names of its 14 | contributors may be used to endorse or promote products derived from this 15 | software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 | POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | #include 30 | #include 31 | #include "darm-tbl.h" 32 | const char *darm_mnemonics[] = { 33 | "INVLD", "ADC", "ADD", "ADDW", "ADR", "AND", "ASR", "B", "BFC", "BFI", 34 | "BIC", "BKPT", "BL", "BLX", "BX", "BXJ", "CBNZ", "CBZ", "CDP", "CDP2", 35 | "CHKA", "CLREX", "CLZ", "CMN", "CMP", "CPS", "CPY", "DBG", "DMB", "DSB", 36 | "ENTERX", "EOR", "HB", "HBL", "HBLP", "HBP", "ISB", "IT", "LDC", "LDC2", 37 | "LDM", "LDMDA", "LDMDB", "LDMIB", "LDR", "LDRB", "LDRBT", "LDRD", "LDREX", 38 | "LDREXB", "LDREXD", "LDREXH", "LDRH", "LDRHT", "LDRSB", "LDRSBT", "LDRSH", 39 | "LDRSHT", "LDRT", "LEAVEX", "LSL", "LSR", "MCR", "MCR2", "MCRR", "MCRR2", 40 | "MLA", "MLS", "MOV", "MOVT", "MOVW", "MRC", "MRC2", "MRRC", "MRRC2", 41 | "MRS", "MSR", "MUL", "MVN", "NEG", "NOP", "ORN", "ORR", "PKH", "PLD", 42 | "PLDW", "PLI", "POP", "PUSH", "QADD", "QADD16", "QADD8", "QASX", "QDADD", 43 | "QDSUB", "QSAX", "QSUB", "QSUB16", "QSUB8", "RBIT", "REV", "REV16", 44 | "REVSH", "RFE", "ROR", "RRX", "RSB", "RSC", "SADD16", "SADD8", "SASX", 45 | "SBC", "SBFX", "SDIV", "SEL", "SETEND", "SEV", "SHADD16", "SHADD8", 46 | "SHASX", "SHSAX", "SHSUB16", "SHSUB8", "SMC", "SMLA", "SMLABB", "SMLABT", 47 | "SMLAD", "SMLAL", "SMLALBB", "SMLALBT", "SMLALD", "SMLALTB", "SMLALTT", 48 | "SMLATB", "SMLATT", "SMLAW", "SMLSD", "SMLSLD", "SMMLA", "SMMLS", "SMMUL", 49 | "SMUAD", "SMUL", "SMULBB", "SMULBT", "SMULL", "SMULTB", "SMULTT", "SMULW", 50 | "SMUSD", "SRS", "SSAT", "SSAT16", "SSAX", "SSUB16", "SSUB8", "STC", 51 | "STC2", "STM", "STMDA", "STMDB", "STMIB", "STR", "STRB", "STRBT", "STRD", 52 | "STREX", "STREXB", "STREXD", "STREXH", "STRH", "STRHT", "STRT", "SUB", 53 | "SUBW", "SVC", "SWP", "SWPB", "SXTAB", "SXTAB16", "SXTAH", "SXTB", 54 | "SXTB16", "SXTH", "TBB", "TBH", "TEQ", "TST", "UADD16", "UADD8", "UASX", 55 | "UBFX", "UDF", "UDIV", "UHADD16", "UHADD8", "UHASX", "UHSAX", "UHSUB16", 56 | "UHSUB8", "UMAAL", "UMLAL", "UMULL", "UQADD16", "UQADD8", "UQASX", 57 | "UQSAX", "UQSUB16", "UQSUB8", "USAD8", "USADA8", "USAT", "USAT16", "USAX", 58 | "USUB16", "USUB8", "UXTAB", "UXTAB16", "UXTAH", "UXTB", "UXTB16", "UXTH", 59 | "VABA", "VABAL", "VABD", "VABDL", "VABS", "VACGE", "VACGT", "VACLE", 60 | "VACLT", "VADD", "VADDHN", "VADDL", "VADDW", "VAND", "VBIC", "VBIF", 61 | "VBIT", "VBSL", "VCEQ", "VCGE", "VCGT", "VCLE", "VCLS", "VCLT", "VCLZ", 62 | "VCMP", "VCMPE", "VCNT", "VCVT", "VCVTB", "VCVTR", "VCVTT", "VDIV", 63 | "VDUP", "VEOR", "VEXT", "VHADD", "VHSUB", "VLD1", "VLD2", "VLD3", "VLD4", 64 | "VLDM", "VLDR", "VMAX", "VMIN", "VMLA", "VMLAL", "VMLS", "VMLSL", "VMOV", 65 | "VMOVL", "VMOVN", "VMRS", "VMSR", "VMUL", "VMULL", "VMVN", "VNEG", 66 | "VNMLA", "VNMLS", "VNMUL", "VORN", "VORR", "VPADAL", "VPADD", "VPADDL", 67 | "VPMAX", "VPMIN", "VPOP", "VPUSH", "VQABS", "VQADD", "VQDMLAL", "VQDMLSL", 68 | "VQDMULH", "VQDMULL", "VQMOVN", "VQMOVUN", "VQNEG", "VQRDMULH", "VQRSHL", 69 | "VQRSHRN", "VQRSHRUN", "VQSHL", "VQSHLU", "VQSHRN", "VQSHRUN", "VQSUB", 70 | "VRADDHN", "VRECPE", "VRECPS", "VREV16", "VREV32", "VREV64", "VRHADD", 71 | "VRSHL", "VRSHR", "VRSHRN", "VRSQRTE", "VRSQRTS", "VRSRA", "VRSUBHN", 72 | "VSHL", "VSHLL", "VSHR", "VSHRN", "VSLI", "VSQRT", "VSRA", "VSRI", "VST1", 73 | "VST2", "VST3", "VST4", "VSTM", "VSTR", "VSUB", "VSUBHN", "VSUBL", 74 | "VSUBW", "VSWP", "VTBL", "VTBX", "VTRN", "VTST", "VUZP", "VZIP", "WFE", 75 | "WFI", "YIELD" 76 | }; 77 | 78 | const char *darm_enctypes[] = { 79 | "INVLD", "ARM_ADR", "ARM_UNCOND", "ARM_MUL", "ARM_STACK0", "ARM_STACK1", 80 | "ARM_STACK2", "ARM_ARITH_SHIFT", "ARM_ARITH_IMM", "ARM_BITS", 81 | "ARM_BRNCHSC", "ARM_BRNCHMISC", "ARM_MOV_IMM", "ARM_CMP_OP", 82 | "ARM_CMP_IMM", "ARM_OPLESS", "ARM_DST_SRC", "ARM_LDSTREGS", "ARM_BITREV", 83 | "ARM_MISC", "ARM_SM", "ARM_PAS", "ARM_SAT", "ARM_SYNC", "ARM_PUSR", 84 | "ARM_MVCR", "ARM_UDF", "THUMB_ONLY_IMM8", "THUMB_COND_BRANCH", 85 | "THUMB_UNCOND_BRANCH", "THUMB_SHIFT_IMM", "THUMB_STACK", "THUMB_LDR_PC", 86 | "THUMB_GPI", "THUMB_BRANCH_REG", "THUMB_IT_HINTS", "THUMB_HAS_IMM8", 87 | "THUMB_EXTEND", "THUMB_MOD_SP_IMM", "THUMB_3REG", "THUMB_2REG_IMM", 88 | "THUMB_ADD_SP_IMM", "THUMB_MOV4", "THUMB_RW_MEMI", "THUMB_RW_MEMO", 89 | "THUMB_RW_REG", "THUMB_REV", "THUMB_SETEND", "THUMB_PUSHPOP", "THUMB_CMP", 90 | "THUMB_MOD_SP_REG", "THUMB_CBZ", "THUMB2_NO_REG", "THUMB2_RT_REG", 91 | "THUMB2_RT_RT2_REG", "THUMB2_RM_REG", "THUMB2_RD_REG", "THUMB2_RD_RM_REG", 92 | "THUMB2_RN_REG", "THUMB2_RN_RT_REG", "THUMB2_RN_RT_RT2_REG", 93 | "THUMB2_RN_RM_REG", "THUMB2_RN_RM_RT_REG", "THUMB2_RN_RD_REG", 94 | "THUMB2_RN_RD_RT_REG", "THUMB2_RN_RD_RT_RT2_REG", "THUMB2_RN_RD_RM_REG", 95 | "THUMB2_RN_RD_RM_RA_REG", "THUMB2_NO_IMM", "THUMB2_IMM12", "THUMB2_IMM8", 96 | "THUMB2_IMM2", "THUMB2_IMM2_IMM3", "THUMB2_IMM1_IMM3_IMM8", 97 | "THUMB2_NO_FLAG", "THUMB2_ROTATE_FLAG", "THUMB2_U_FLAG", 98 | "THUMB2_WUP_FLAG", "THUMB2_TYPE_FLAG", "THUMB2_REGLIST_FLAG", 99 | "THUMB2_WP_REGLIST_FLAG", "THUMB2_S_FLAG", "THUMB2_S_TYPE_FLAG" 100 | }; 101 | 102 | const char *darm_registers[] = { 103 | "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", 104 | "r12", "SP", "LR", "PC" 105 | }; 106 | 107 | -------------------------------------------------------------------------------- /src/hbootdbg/darm/darm-tbl.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013, Jurriaan Bremer 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | * Redistributions of source code must retain the above copyright notice, 9 | this list of conditions and the following disclaimer. 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | * Neither the name of the darm developer(s) nor the names of its 14 | contributors may be used to endorse or promote products derived from this 15 | software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 | POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | #ifndef __DARM_TBL__ 30 | #define __DARM_TBL__ 31 | #include 32 | typedef enum _darm_enctype_t { 33 | // info: 34 | // Invalid or non-existent type 35 | // 36 | // encodings: 37 | // I_INVLD 38 | // 39 | // affects: 40 | // 41 | T_INVLD, 42 | 43 | // info: 44 | // ADR Instruction, which is an optimization of ADD 45 | // 46 | // encodings: 47 | // ADR ,