Dịka akụkụ nke nzukọ 0x0A DC7831 Na February 16, anyị gosipụtara akụkọ banyere ụkpụrụ bụ isi nke koodu ọnụọgụ abụọ na mmepe nke anyị - emulator n'elu ikpo okwu ngwaike. .
N'isiokwu a, anyị ga-akọwa otu esi agba ọsọ ngwa ngwa ngwa na emulator, gosipụta mmekọrịta ya na onye nbibi, ma mee obere nyocha siri ike nke ngwa ngwa.
prehistory
Ogologo oge gara aga na ụyọkọ kpakpando dị anya
Afọ ole na ole gara aga na ụlọ nyocha anyị ọ dị mkpa iji nyochaa ngwa ngwa nke ngwaọrụ. Akọkọbara ngwa ngwa ma jiri bootloader bupu ya. O mere nke a n'ụzọ dị mgbagwoju anya, na-atụgharị data na ebe nchekwa ọtụtụ ugboro. Na firmware n'onwe ya na-emekọrịta ihe na mpụta. Na ihe a niile na isi MIPS.
Maka ebumnuche ebumnuche, emulators dị adị adabaghị anyị, mana anyị ka chọrọ ịme koodu ahụ. Mgbe ahụ, anyị kpebiri ime emulator nke anyị, nke ga-eme nke kacha nta ma kwe ka anyị wepụ isi firmware. Anyị nwara ya wee rụọ ọrụ. Anyị chere, gịnị ma ọ bụrụ na anyị tinye peripherals na-arụkwa isi firmware. Ọ naghị ewute ya nke ukwuu - ọ rụkwara ọrụ. Anyị chere ọzọ wee kpebie ime emulator zuru oke.
Ihe si na ya pụta bụ emulator sistemu kọmputa .
Gịnị kpatara Kopycat?
Enwere egwuregwu na okwu.
- copycat (Bekee, aha [ˈkɒpɪkæt]) - onye nṅomi, onye nṅomi.
- cat (Bekee, aha [ˈkæt]) - pusi, pusi - anụmanụ kacha amasị nke otu n'ime ndị mepụtara ọrụ ahụ.
- Akwụkwọ ozi "K" sitere na asụsụ mmemme Kotlin
Copycat
Mgbe ị na-eke emulator, edobere ebumnuche ndị akọwapụtara nke ọma:
- ikike ịmepụta ngwa ngwa ọhụrụ peripherals, modul, cores processor;
- ikike iji kpokọta ngwaọrụ mebere site na modul dị iche iche;
- ike ibunye data ọnụọgụ abụọ ọ bụla (firmware) n'ime ebe nchekwa nke ngwaọrụ mebere;
- ike ịrụ ọrụ na snapshots (snapshots nke steeti usoro);
- ikike iji emulator na-emekọrịta ihe site na onye nrụpụta arụnyere;
- ọmarịcha asụsụ ọgbara ọhụrụ maka mmepe.
N'ihi ya, a họọrọ Kotlin maka mmejuputa iwu, ụlọ ụgbọ ala (nke a bụ mgbe modul na-ekwurịta okwu site na ụgbọ ala data mebere), JSON dị ka usoro nkọwa ngwaọrụ, na GDB RSP dị ka ụkpụrụ maka mmekọrịta ya na onye nbibi.
Mmepe na-aga n'ihu ihe karịrị afọ abụọ ma na-aga n'ihu na-arụsi ọrụ ike. N'ime oge a, etinyere MIPS, x86, V850ES, ARM na PowerPC cores.
Ihe oru ngo a na-eto eto ma oge eruola iji gosi ya n'ihu ọha. Anyị ga-eme nkọwa zuru ezu nke ọrụ ahụ mgbe e mesịrị, ma ugbu a, anyị ga-elekwasị anya na iji Kopycat.
Maka ndị enweghị ndidi, enwere ike ibudata ụdị nkwalite emulator site na .
Rhino na emulator
Ka anyị cheta na mbụ maka ogbako SMARTRHINO-2018, e mepụtara ngwaọrụ ule "Rhinoceros" maka ịkụzi nkà injinịa ntụgharị. A kọwapụtara usoro nyocha firmware static na .
Ugbu a, ka anyị gbalịa ịgbakwunye "ndị na-ekwu okwu" ma mee ngwa ngwa na emulator.
Anyị kwesịrị:
1) Java 1.8
2) Python na modul iji Python n'ime emulator. Ị nwere ike wuo WHL modul Jep maka Windows .
Maka Windows:
1)
2)
Maka Linux:
1) ukwu
Ị nwere ike iji Eclipse, IDA Pro ma ọ bụ radare2 dị ka onye ahịa GDB.
Olee otú ọ na-arụ ọrụ?
Iji rụọ ọrụ firmware na emulator, ọ dị mkpa "ịchịkọta" ngwaọrụ mebere, nke bụ analog nke ezigbo ngwaọrụ.
Enwere ike igosi ezigbo ngwaọrụ (“rhino”) na eserese ngọngọ:
Ihe emulator nwere nhazi modul yana ngwaọrụ mebere ikpeazụ enwere ike ịkọwa na faịlụ JSON.
JSON 105 ahịrị
{
"top": true,
// Plugin name should be the same as file name (or full path from library start)
"plugin": "rhino",
// Directory where plugin places
"library": "user",
// Plugin parameters (constructor parameters if jar-plugin version)
"params": [
{ "name": "tty_dbg", "type": "String"},
{ "name": "tty_bt", "type": "String"},
{ "name": "firmware", "type": "String", "default": "NUL"}
],
// Plugin outer ports
"ports": [ ],
// Plugin internal buses
"buses": [
{ "name": "mem", "size": "BUS30" },
{ "name": "nand", "size": "4" },
{ "name": "gpio", "size": "BUS32" }
],
// Plugin internal components
"modules": [
{
"name": "u1_stm32",
"plugin": "STM32F042",
"library": "mcu",
"params": {
"firmware:String": "params.firmware"
}
},
{
"name": "usart_debug",
"plugin": "UartSerialTerminal",
"library": "terminals",
"params": {
"tty": "params.tty_dbg"
}
},
{
"name": "term_bt",
"plugin": "UartSerialTerminal",
"library": "terminals",
"params": {
"tty": "params.tty_bt"
}
},
{
"name": "bluetooth",
"plugin": "BT",
"library": "mcu"
},
{ "name": "led_0", "plugin": "LED", "library": "mcu" },
{ "name": "led_1", "plugin": "LED", "library": "mcu" },
{ "name": "led_2", "plugin": "LED", "library": "mcu" },
{ "name": "led_3", "plugin": "LED", "library": "mcu" },
{ "name": "led_4", "plugin": "LED", "library": "mcu" },
{ "name": "led_5", "plugin": "LED", "library": "mcu" },
{ "name": "led_6", "plugin": "LED", "library": "mcu" },
{ "name": "led_7", "plugin": "LED", "library": "mcu" },
{ "name": "led_8", "plugin": "LED", "library": "mcu" },
{ "name": "led_9", "plugin": "LED", "library": "mcu" },
{ "name": "led_10", "plugin": "LED", "library": "mcu" },
{ "name": "led_11", "plugin": "LED", "library": "mcu" },
{ "name": "led_12", "plugin": "LED", "library": "mcu" },
{ "name": "led_13", "plugin": "LED", "library": "mcu" },
{ "name": "led_14", "plugin": "LED", "library": "mcu" },
{ "name": "led_15", "plugin": "LED", "library": "mcu" }
],
// Plugin connection between components
"connections": [
[ "u1_stm32.ports.usart1_m", "usart_debug.ports.term_s"],
[ "u1_stm32.ports.usart1_s", "usart_debug.ports.term_m"],
[ "u1_stm32.ports.usart2_m", "bluetooth.ports.usart_m"],
[ "u1_stm32.ports.usart2_s", "bluetooth.ports.usart_s"],
[ "bluetooth.ports.bt_s", "term_bt.ports.term_m"],
[ "bluetooth.ports.bt_m", "term_bt.ports.term_s"],
[ "led_0.ports.pin", "u1_stm32.buses.pin_output_a", "0x00"],
[ "led_1.ports.pin", "u1_stm32.buses.pin_output_a", "0x01"],
[ "led_2.ports.pin", "u1_stm32.buses.pin_output_a", "0x02"],
[ "led_3.ports.pin", "u1_stm32.buses.pin_output_a", "0x03"],
[ "led_4.ports.pin", "u1_stm32.buses.pin_output_a", "0x04"],
[ "led_5.ports.pin", "u1_stm32.buses.pin_output_a", "0x05"],
[ "led_6.ports.pin", "u1_stm32.buses.pin_output_a", "0x06"],
[ "led_7.ports.pin", "u1_stm32.buses.pin_output_a", "0x07"],
[ "led_8.ports.pin", "u1_stm32.buses.pin_output_a", "0x08"],
[ "led_9.ports.pin", "u1_stm32.buses.pin_output_a", "0x09"],
[ "led_10.ports.pin", "u1_stm32.buses.pin_output_a", "0x0A"],
[ "led_11.ports.pin", "u1_stm32.buses.pin_output_a", "0x0B"],
[ "led_12.ports.pin", "u1_stm32.buses.pin_output_a", "0x0C"],
[ "led_13.ports.pin", "u1_stm32.buses.pin_output_a", "0x0D"],
[ "led_14.ports.pin", "u1_stm32.buses.pin_output_a", "0x0E"],
[ "led_15.ports.pin", "u1_stm32.buses.pin_output_a", "0x0F"]
]
}Lezienụ anya na oke femụwe ngalaba params bụ aha faịlụ nke enwere ike ibunye n'ime ngwaọrụ mebere dị ka firmware.
Enwere ike iji eserese na-anọchi anya ngwaọrụ mebere na mmekọrịta ya na isi sistemụ arụmọrụ:
Ihe nlele ule ugbu a nke emulator gụnyere mmekọrịta ya na ọdụ ụgbọ mmiri COM nke isi OS (debug UART na UART maka modul Bluetooth). Ndị a nwere ike ịbụ ezigbo ọdụ ụgbọ mmiri nke ejikọtara ngwaọrụ ma ọ bụ ọdụ ụgbọ mmiri COM mebere (maka nke a, naanị ihe ị chọrọ com0com/socat).
Enwere ụzọ abụọ bụ isi ugbu a iji soro emulator na-emekọrịta ihe site na mpụga:
- GDB RSP protocol (otu aka ahụ, ngwaọrụ na-akwado protocol a bụ Eclipse / IDA / radare2);
- Ahịrị iwu emulator ime (Argparse ma ọ bụ Python).
ọdụ ụgbọ mmiri Virtual COM
Iji soro UART nke ngwaọrụ mebere na igwe mpaghara na-emekọrịta ihe site na ọdụ, ịkwesịrị ịmepụta otu ụzọ ọdụ ụgbọ mmiri COM mebere. N'ọnọdụ anyị, emulator na-eji otu ọdụ ụgbọ mmiri, nke abụọ na-ejikwa mmemme ọnụ (PuTTY ma ọ bụ ihuenyo):
Iji com0com
A na-ahazi ọdụ ụgbọ mmiri Virtual COM site na iji akụrụngwa ntọala sitere na ngwa com0com (ụdị njikwa - C: faịlụ mmemme (x86) com0comsetupс.exe, ma ọ bụ ụdị GUI - C: Faịlụ mmemme (x86) comsetupg.exe):
Lelee igbe ndị ahụ mee ka ihe nchekwa jujuo maka ọdụ ụgbọ mmiri mebere mebere niile, ma ọ bụghị ya, emulator ga-echere nzaghachi site na ọdụ ụgbọ mmiri COM.
Iji socat
Na sistemụ UNIX, emulator na-emepụta ọdụ ụgbọ mmiri COM na-akpaghị aka site na iji ọrụ socat iji mee nke a, naanị ezipụta prefix na aha ọdụ ụgbọ mmiri mgbe ịmalite emulator socat:.
interface ahịrị iwu ime (Argparse ma ọ bụ Python)
Ebe ọ bụ na Kopycat bụ ngwa njikwa, onye emulator na-enye nhọrọ interface ahịrị iwu abụọ maka imekọrịta ihe na mgbanwe ya: Argparse na Python.
Argparse bụ CLI wuru n'ime Kopycat ma dịịrị onye ọ bụla mgbe niile.
CLI ọzọ bụ onye ntụgharị okwu Python. Iji jiri ya, ịkwesịrị ịwụnye modul Jep Python wee hazie emulator ka ya na Python rụọ ọrụ (a ga-eji onye ntụgharị Python arụnyere na isi sistemụ onye ọrụ).
Ịwụnye Python modul Jep
N'okpuru Linux Jep, enwere ike itinye ya site na pip:
pip install jepIji tinye Jep na Windows, ị ga-ebu ụzọ tinye Windows SDK na Microsoft Visual Studio kwekọrọ. Anyị emeela ka ọ dịrị gị mfe na JEP maka ụdị Python ugbu a maka Windows, yabụ enwere ike itinye modul ahụ site na faịlụ:
pip install jep-3.8.2-cp27-cp27m-win_amd64.whlIji lelee ntinye nke Jep, ịkwesịrị ịgba ọsọ na ahịrị iwu:
python -c "import jep"Ekwesịrị ịnata ozi a na nzaghachi:
ImportError: Jep is not supported in standalone Python, it must be embedded in Java.Na faịlụ ogbe emulator maka sistemụ gị (oyiri.bat - maka Windows, oyiri - maka Linux) na ndepụta nke paramita DEFAULT_JVM_OPTS tinye mgbakwunye mgbakwunye Djava.library.path - ọ ga-enwerịrị ụzọ Jep modul arụnyere.
Nsonaazụ maka Windows kwesịrị ịbụ ahịrị dị ka nke a:
set DEFAULT_JVM_OPTS="-XX:MaxMetaspaceSize=256m" "-XX:+UseParallelGC" "-XX:SurvivorRatio=6" "-XX:-UseGCOverheadLimit" "-Djava.library.path=C:/Python27/Lib/site-packages/jep"Na-amalite Kopycat
Ihe emulator bụ ngwa njikwa JVM. A na-eme mmalite a site na edemede ahịrị ahịrị sistemụ arụmọrụ (sh/cmd).
Iwu ka ịgba ọsọ n'okpuru Windows:
binkopycat -g 23946 -n rhino -l user -y library -p firmware=firmwarerhino_pass.bin,tty_dbg=COM26,tty_bt=COM28Iwu ka-agba ọsọ n'okpuru Linux site na iji socat utility:
./bin/kopycat -g 23946 -n rhino -l user -y library -p firmware=./firmware/rhino_pass.bin, tty_dbg=socat:./COM26,tty_bt=socat:./COM28-g 23646- ọdụ ụgbọ mmiri TCP nke ga-emeghe maka ịnweta sava GDB;-n rhino- aha nke isi usoro modul (ngwakọta agbakọtara);-l user- aha nke ọbá akwụkwọ ịchọ isi modul;-y library- ụzọ ịchọ modul gụnyere na ngwaọrụ;firmwarerhino_pass.bin- ụzọ na faịlụ firmware;- COM26 na COM28 bụ ọdụ ụgbọ mmiri COM mebere.
N'ihi ya, a ga-egosipụta ozugbo Python > (ma ọ bụ Argparse >):
18:07:59 INFO [eFactoryBuilder.create ]: Module top successfully created as top
18:07:59 INFO [ Module.initializeAndRes]: Setup core to top.u1_stm32.cortexm0.arm for top
18:07:59 INFO [ Module.initializeAndRes]: Setup debugger to top.u1_stm32.dbg for top
18:07:59 WARN [ Module.initializeAndRes]: Tracer wasn't found in top...
18:07:59 INFO [ Module.initializeAndRes]: Initializing ports and buses...
18:07:59 WARN [ Module.initializePortsA]: ATTENTION: Some ports has warning use printModulesPortsWarnings to see it...
18:07:59 FINE [ ARMv6CPU.reset ]: Set entry point address to 08006A75
18:07:59 INFO [ Module.initializeAndRes]: Module top is successfully initialized and reset as a top cell!
18:07:59 INFO [ Kopycat.open ]: Starting virtualization of board top[rhino] with arm[ARMv6Core]
18:07:59 INFO [ GDBServer.debuggerModule ]: Set new debugger module top.u1_stm32.dbg for GDB_SERVER(port=23946,alive=true)
Python >Mmekọrịta na IDA Pro
Iji mee ka nnwale dị mfe, anyị na-eji firmware Rhino dị ka faịlụ isi mmalite maka nyocha na IDA n'ụdị (A na-echekwa ozi meta ebe ahụ).
Ịnwekwara ike iji firmware isi na-enweghị ozi meta.
Mgbe ịmalite Kopycat na IDA Pro, na menu Debugger gaa ihe ahụ "Gbanwee ihe ndozi…"ma họrọ"Ihe ndozi GDB dịpụrụ adịpụ". Ọzọ, melite njikọ: menu Debugger - Nhọrọ nhazi…
Tọọ ụkpụrụ:
- Ngwa - uru ọ bụla
- Aha nnabata: 127.0.0.1 (ma ọ bụ adreesị IP nke igwe dịpụrụ adịpụ ebe Kopycat na-agba ọsọ)
- Port: 23946
Ugbu a bọtịnụ nbipu ga-adị ( igodo F9):
Pịa ya iji jikọọ na modul debugger na emulator. IDA na-abanye na ọnọdụ nbipu, windo ndị ọzọ na-adị: ozi gbasara ndekọ, gbasara nchịkọta.
Ugbu a, anyị nwere ike iji njirimara ọkọlọtọ niile nke debugger:
- mmezu ntuziaka site na nzọụkwụ (Banye n'ime и Gafeta - igodo F7 na F8, n'otu n'otu);
- ịmalite na kwụsịtụ igbu;
- ịmepụta ebe nkwụsịtụ maka koodu na data (igodo F2).
Ijikọ na debugger apụtaghị ịgba ọsọ koodu firmware. Ọnọdụ ogbugbu ugbu a ga-abụrịrị adreesị 0x08006A74 - mmalite nke ọrụ Tọgharia_Handler. Ọ bụrụ na ịpịgharịa gaa na ndepụta ahụ, ị nwere ike ịhụ oku ọrụ isi. Ị nwere ike idowe cursor na ahịrị a (adreesị 0x08006ABE) ma rụọ ọrụ ahụ Gbaa ọsọ ruo cursor (igodo F4).
Ọzọ, ị nwere ike pịa F7 ka ịbanye ọrụ isi.
Esli vypolnit iwu Gaa n'ihu usoro ( igodo F9), mgbe ahụ, windo "Biko chere" ga-eji otu bọtịnụ pụta Kwusie ike:
Mgbe ị pịa Kwusie ike A kwụsịtụrụ ogbugbu nke koodu firmware ma enwere ike ịga n'ihu site na otu adreesị ahụ dị na koodu ebe a kwụsịrị ya.
Ọ bụrụ na ịga n'ihu na-eme koodu ahụ, ị ga-ahụ ahịrị ndị a na njedebe ejikọrọ na ọdụ ụgbọ mmiri COM mebere:
Ọnụnọ nke ahịrị "steeti bypass" na-egosi na modul Bluetooth mebere abanyela n'ụdị ịnweta data site na ọdụ ụgbọ mmiri COM onye ọrụ.
Ugbu a na ọdụ Bluetooth (COM29 na foto a) ị nwere ike itinye iwu dịka usoro Rhino siri dị. Dịka ọmụmaatụ, iwu "MEOW" ga-eweghachi eriri "mur-mur" na ọdụ Bluetooth:
Eṅomila m kpamkpam
Mgbe ị na-ewu emulator, ị nwere ike họrọ ọkwa nke nkọwa / emulation nke otu ngwaọrụ. Dịka ọmụmaatụ, enwere ike iṅomi modul Bluetooth n'ụzọ dị iche iche:
- a na-eṅomi ngwaọrụ ahụ na usoro iwu zuru oke;
- A na-eṅomi iwu AT, a na-enwetakwa iyi data site na ọdụ ụgbọ mmiri COM nke isi usoro;
- ngwaọrụ mebere na-enye redirection data zuru oke na ngwaọrụ n'ezie;
- dị ka stub dị mfe nke na-alaghachi "OK" mgbe niile.
Ụdị emulator dị ugbu a na-eji ụzọ nke abụọ - modul Bluetooth mebere na-arụ ọrụ nhazi, emesịa ọ na-atụgharị gaa na ọnọdụ nke data "proxying" site na ọdụ ụgbọ mmiri COM nke isi sistemụ gaa na ọdụ ụgbọ mmiri UART nke emulator.
Ka anyị tụlee ohere nke ngwá ọrụ dị mfe nke koodu ahụ ma ọ bụrụ na emeghị akụkụ ụfọdụ nke mpụta. Dịka ọmụmaatụ, ọ bụrụ na emebebeghị oge maka ịchịkwa ịnyefe data na DMA (a na-eme nlele ahụ na ọrụ ahụ. ws2812b_echere, raspolojennoy po adresu 0x08006840), mgbe ahụ firmware ga-eche mgbe niile ka a tọgharịa ọkọlọtọ ọrụ n'akadị na 0x200004C4nke na-egosi ọnụnọ nke ahịrị data DMA:
Anyị nwere ike ịga gburugburu ọnọdụ a site n'iji aka na-emegharị ọkọlọtọ ọrụ n'aka ozugbo wụnye ya. Na IDA Pro, ị nwere ike ịmepụta ọrụ Python wee kpọọ ya na ebe nkwụsịtụ, ma tinye nkwụsịtụ n'onwe ya na koodu mgbe ị dechara uru 1 na ọkọlọtọ. ọrụ n'aka.
Onye njikwa Breakpoint
Mbụ, ka anyị mepụta Python ọrụ na IDA. NchNhr Iwu faịlụ - Script...
Tinye snippet ọhụrụ na listi dị n'aka ekpe, nye ya aha (dịka ọmụmaatụ, CPM),
N'ime mpaghara ederede dị n'aka nri, tinye koodu ọrụ:
def skip_dma():
print "Skipping wait ws2812..."
value = Byte(0x200004C4)
if value == 1:
PatchDbgByte(0x200004C4, 0)
return False
Mgbe nke ahụ gasịrị, pịa Run ma mechie windo edemede.
Ugbu a, ka anyị gaa na koodu na 0x0800688A, Tọọ ebe nkwụsịtụ (igodo F2), dezie ya (nchịkọta ọnọdụ Dezie ebe nkwụsịtụ...), echefula ịtọ ụdị edemede ahụ na Python:
Ọ bụrụ na ọkọlọtọ ọkọlọtọ ugbu a bara uru ọrụ n'aka nhata 1, mgbe ahụ ịkwesịrị ịrụ ọrụ ahụ skip_dma n'ahịrị edemede:
Ọ bụrụ na ị na-agba ọsọ ngwa ngwa maka igbu ya, enwere ike ịhụ ihe na-akpalite koodu nchịkwa nkwụsị na windo IDA. mmepụta site n'ahịrị Skipping wait ws2812.... Ugbu a firmware agaghị echere ka a tọgharịa ọkọlọtọ ọrụ n'aka.
Mmekọrịta na emulator
O yighị ka iṅomi n'ihi nṅomi agaghị eme ka obi ụtọ na ọṅụ. Ọ na-adọrọ mmasị karị ma ọ bụrụ na emulator na-enyere onye nyocha aka ịhụ data na ebe nchekwa ma ọ bụ guzobe mmekọrịta nke eriri.
Anyị ga-egosi gị otu esi eme ka mmekọrịta dị n'etiti ọrụ RTOS. Ị ga-ebu ụzọ kwụsịtụ mmezu nke koodu ahụ ma ọ bụrụ na ọ na-agba ọsọ. Ọ bụrụ na ịga na ọrụ bluetooth_task_entry na ngalaba nhazi nke iwu "LED" (adreesị 0x080057B8), mgbe ahụ, ị nwere ike ịhụ ihe mbụ e kere wee zigara na usoro kwụ n'ahịrị eduControlQueueHandle ozi ụfọdụ.
Ịkwesịrị ịtọ ebe nkwụsịtụ iji nweta mgbanwe eduControlQueueHandle, raspolojennoy po adresu 0x20000624 wee gaa n'ihu na-eme koodu:
N'ihi ya, nkwụsị ga-ebu ụzọ mee na adreesị 0x080057CA tupu ịkpọ ọrụ ahụ osMailAlloc, mgbe ahụ na adreesị 0x08005806 tupu ịkpọ ọrụ ahụ osMailPut, mgbe ahụ mgbe obere oge - na adreesị 0x08005BD4 (tupu ịkpọ ọrụ ahụ osMailGet), nke bụ nke ọrụ ahụ leds_task_entry (LED-task), ya bụ, ọrụ gbanwere, ma ugbu a, LED-ọrụ natara akara.
N'ụzọ dị mfe a, ị nwere ike guzobe ka ọrụ RTOS si emekọrịta n'etiti ibe ha.
N'ezie, n'eziokwu, mmekọrịta nke ọrụ nwere ike ịdị mgbagwoju anya karị, mana iji emulator, nsochi mmekọrịta a na-aghọ obere ọrụ.
Can nwere ike ilele vidiyo dị mkpirikpi nke emulator na-ebupụta ma na-emekọrịta ihe na IDA Pro.
Malite na Radare2
Ị nweghị ike ileghara ngwá ọrụ zuru ụwa ọnụ anya dị ka Radare2.
Iji jikọọ na emulator site na iji r2, iwu a ga-adị ka nke a:
radare2 -A -a arm -b 16 -d gdb://localhost:23946 rhino_fw42k6.elfMwepụta dị ugbu a (dc) ma kwụsịtụ igbu (Ctrl+C).
O di nwute, n'oge a, r2 nwere nsogbu mgbe ị na-arụ ọrụ na ngwaike gdb nkesa na ebe nchekwa n'ihi nke a, nkwụsịtụ na nzọụkwụ adịghị arụ ọrụ (iwu ds). Anyị nwere olileanya na a ga-edozi nke a n'oge adịghị anya.
Na-agba ọsọ na Eclipse
Otu n'ime nhọrọ maka iji emulator bụ debug firmware nke ngwaọrụ a na-emepụta. Maka idoanya, anyị ga-ejikwa firmware Rhino. Ị nwere ike ibudata isi mmalite firmware .
Anyị ga-eji Eclipse sitere na ntọala dị ka IDE .
Ka emulator wee buo ngwa ngwa achịkọtara ozugbo na Eclipse, ịkwesịrị ịgbakwunye paramita ahụ firmware=null na iwu mmalite emulator:
binkopycat -g 23946 -n rhino -l user -y modules -p firmware=null,tty_dbg=COM26,tty_bt=COM28Ịtọlite nhazi ndozi
Na Eclipse, họrọ menu Gbaa - Nhazi ndozi... Na mpio nke mepere, na ngalaba Nchọpụta ngwaike GDB ịkwesịrị ịgbakwunye nhazi ọhụrụ, wee na taabụ "Main" kọwaa ọrụ dị ugbu a na ngwa maka nbipu:
Na taabụ "Debugger" ịkwesịrị ịkọwapụta iwu GDB:
${openstm32_compiler_path}arm-none-eabi-gdb
Tinyekwa paramita maka ijikọ na sava GDB (onye ọbịa na ọdụ ụgbọ mmiri):
Na taabụ “mbido”, ị ga-ezipụta paramita ndị a:
- mee igbe nlele Bulite onyonyo (nke mere na a na-etinye ihe oyiyi firmware ahụ n'ime emulator);
- mee igbe nlele Ibu akara;
- tinye iwu mmalite:
set $pc = *0x08000004(tọọ ndekọ PC na uru site na ebe nchekwa dị na adreesị0x08000004- echekwara adreesị ebe ahụ TọghariaHandler).
Lezienụ anya, ọ bụrụ na ịchọghị ibudata faịlụ firmware site na Eclipse, yabụ nhọrọ Bulite onyonyo и Gbaa iwu ọ dịghị mkpa igosi.
Mgbe ịpịrị Debug, ị nwere ike ịrụ ọrụ na ọnọdụ debugger:
- nzọụkwụ site nzọụkwụ ogbugbu
- na-emekọrịta ihe na ebe nkwụsịtụ
Примечание. Eclipse nwere, hmm... ụfọdụ quirks... na ị ga-ebi na ha. Ọmụmaatụ, ọ bụrụ na mgbe ị na-amalite debugger ozi "Ọ dịghị isi iyi dị maka" 0x0″" pụtara, wee mebie nzọụkwụ iwu (F5)
Kama nkwubi okwu
Iṅomi koodu obodo bụ ihe na-atọ ụtọ nke ukwuu. Ọ ga-ekwe omume maka onye nrụpụta ngwaọrụ ịmegharị firmware na-enweghị ezigbo ngwaọrụ. Maka onye na-eme nchọpụta, ọ bụ ohere ịme nyocha koodu dị ike, nke na-adịghị ekwe omume mgbe niile ọbụna na ngwaọrụ.
Anyị chọrọ inye ndị ọkachamara ngwá ọrụ dị mma, dị mfe ma ọ dịghị ewe mgbalị dị ukwuu na oge iji melite ma na-agba ọsọ.
Dee na nkọwa gbasara ahụmịhe gị site na iji emulator ngwaike. Anyị na-akpọ gị òkù ka unu kwurịta, obi ga-adịkwa anyị ụtọ ịza ajụjụ.
Naanị ndị ọrụ edebanyere aha nwere ike isonye na nyocha a. , Biko.
Kedu ihe ị na-eji emulator?
-
M na-emepụta ngwa ngwa (debug).
-
Ana m eme nyocha ngwa ngwa
-
M na-amalite egwuregwu (Dendi, Sega, PSP)
-
ihe ọzọ (dee na nkọwa)
Ndị ọrụ 7 tụrụ vootu. Ndị ọrụ 2 anabataghị.
Kedu ngwa ngwa ị na-eji ṅomie koodu obodo?
-
QEMU
-
Igwe Unicorn
-
protein
-
ihe ọzọ (dee na nkọwa)
Ndị ọrụ 6 tụrụ vootu. Ndị ọrụ 2 anabataghị.
Kedu ihe ị ga-achọ imeziwanye na emulator ị na-eji?
-
Achọrọ m ọsọ
-
Achọrọ m ịdị mfe nke ntọlite ma ọ bụ mmalite
-
Achọrọ m nhọrọ ndị ọzọ maka imekọrịta ihe na emulator (API, nko)
-
Enwere m obi ụtọ na ihe niile
-
ihe ọzọ (dee na nkọwa)
Ndị ọrụ 8 tụrụ vootu. 1 onye ọrụ anabataghị.
isi: www.habr.com