FreeCalypso > hg > freecalypso-sw

comparison rvinterf/lowlevel/tfc139.c @ 360:f9d78057d766

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tfc139 hack works!
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Thu, 15 May 2014 11:09:45 +0000
parents 144b5d222de8
children 62f850da5d49
comparison
equal deleted inserted replaced
359:144b5d222de8 360:f9d78057d766
48 }; 48 };
49 49
50 static unsigned iram_load_addr = 0x800000; 50 static unsigned iram_load_addr = 0x800000;
51 static unsigned stack_smash_addr = 0x837C54; 51 static unsigned stack_smash_addr = 0x837C54;
52 52
53 static u_char stack_smash_payload[4];
54
53 static void 55 static void
54 send_compal_memwrite(addr, payload, payload_len) 56 send_compal_memwrite(addr, payload, payload_len)
55 unsigned addr; 57 unsigned addr;
56 u_char *payload; 58 u_char *payload;
57 { 59 {
79 extern char *optarg; 81 extern char *optarg;
80 extern int optind; 82 extern int optind;
81 int c; 83 int c;
82 fd_set fds; 84 fd_set fds;
83 85
84 while ((c = getopt(argc, argv, "l:")) != EOF) 86 while ((c = getopt(argc, argv, "l:w:")) != EOF)
85 switch (c) { 87 switch (c) {
86 case 'l': 88 case 'l':
87 logfname = optarg; 89 logfname = optarg;
90 continue;
91 case 'w':
92 wakeup_after_sec = strtoul(optarg, 0, 0);
88 continue; 93 continue;
89 case '?': 94 case '?':
90 default: 95 default:
91 usage: fprintf(stderr, 96 usage: fprintf(stderr,
92 "usage: %s [options] ttyport\n", argv[0]); 97 "usage: %s [options] ttyport\n", argv[0]);
108 setlinebuf(logF); 113 setlinebuf(logF);
109 fprintf(logF, "*** Log of TFC139 break-in session ***\n"); 114 fprintf(logF, "*** Log of TFC139 break-in session ***\n");
110 } 115 }
111 output_line("Sending IRAM payload"); 116 output_line("Sending IRAM payload");
112 send_compal_memwrite(iram_load_addr, iram_payload, sizeof iram_payload); 117 send_compal_memwrite(iram_load_addr, iram_payload, sizeof iram_payload);
118 stack_smash_payload[0] = iram_load_addr;
119 stack_smash_payload[1] = iram_load_addr >> 8;
120 stack_smash_payload[2] = iram_load_addr >> 16;
121 stack_smash_payload[3] = iram_load_addr >> 24;
113 for (;;) { 122 for (;;) {
114 FD_ZERO(&fds); 123 FD_ZERO(&fds);
115 FD_SET(target_fd, &fds); 124 FD_SET(target_fd, &fds);
116 c = select(target_fd+1, &fds, 0, 0, 0); 125 c = select(target_fd+1, &fds, 0, 0, 0);
117 time(&logtime); 126 time(&logtime);
124 if (FD_ISSET(target_fd, &fds)) 133 if (FD_ISSET(target_fd, &fds))
125 process_serial_rx(); 134 process_serial_rx();
126 } 135 }
127 } 136 }
128 137
138 static void
139 handle_etm_response()
140 {
141 char msgbuf[80];
142
143 if (rxpkt_len != 4 || rxpkt[1] != 0x40 || rxpkt[2] || rxpkt[3] != 0x40){
144 output_line("ETM response differs from expected");
145 return;
146 }
147 sprintf(msgbuf, "Sending stack smash write at 0x%x", stack_smash_addr);
148 output_line(msgbuf);
149 send_compal_memwrite(stack_smash_addr, stack_smash_payload, 4);
150 stack_smash_addr += 4;
151 }
152
129 handle_rx_packet() 153 handle_rx_packet()
130 { 154 {
155 if (rxpkt_len == 2 && rxpkt[0] == 'O' && rxpkt[1] == 'K') {
156 output_line("Success! Run fc-loadtool now!");
157 return;
158 }
131 switch (rxpkt[0]) { 159 switch (rxpkt[0]) {
132 case RVT_RV_HEADER: 160 case RVT_RV_HEADER:
133 if (rxpkt_len < 6) 161 if (rxpkt_len < 6)
134 goto unknown; 162 goto unknown;
135 print_rv_trace(); 163 print_rv_trace();
140 case RVT_L23_HEADER: 168 case RVT_L23_HEADER:
141 print_g23_trace(); 169 print_g23_trace();
142 return; 170 return;
143 case RVT_TM_HEADER: 171 case RVT_TM_HEADER:
144 print_etm_output_raw(); 172 print_etm_output_raw();
173 handle_etm_response();
145 return; 174 return;
146 default: 175 default:
147 unknown: 176 unknown:
148 print_unknown_packet(); 177 print_unknown_packet();
149 } 178 }