def main(args): #TODO: Build stuff here (u-boot) ava = System(configuration, init_s2e_emulator, init_gdbserver_target) print("System generated") target_runner = TargetLauncher([ LINARO_QEMU_ARM, "-M", "beagle", "-m", "256M", "-serial", "udp:127.0.0.1:2000", "-sd", os.path.join(UBOOT_DIR, "sdcard.img"), "-gdb", "tcp:127.0.0.1:4444", "-S" ]) ava.init() ava.add_monitor(RWMonitor()) time.sleep(3) ava.start() ava.get_emulator().cont()
def main(args): #TODO: Build stuff here (u-boot) ava = System(configuration, init_s2e_emulator, init_gdbserver_target) print("System generated") target_runner = TargetLauncher([LINARO_QEMU_ARM, "-M", "beagle", "-m", "256M", "-serial", "udp:127.0.0.1:2000", "-sd", os.path.join(UBOOT_DIR, "sdcard.img"), "-gdb", "tcp:127.0.0.1:4444", "-S"]) ava.init() ava.add_monitor(RWMonitor()) time.sleep(3) ava.start() ava.get_emulator().cont()
cmd.halt() cmd.raw_cmd("flash write_image erase /home/matthew/Workspace/COSC460/avatar-stellaris/large/firmware/Release/Large.bin", True) cmd.put_bp(0x0000179A) # Run the target until init finishes cmd.raw_cmd("reset", True) cmd.wait() print("AVATAR: Fetching configuration from target") configuration = cmd.initstate(configuration) del cmd print("AVATAR: Loading Avatar") avatar = System(configuration, init_s2e_emulator, init_gdbserver_target) avatar.init() print("AVATAR: Inserting Monitor") avatar.add_monitor(RWMonitor()) print("AVATAR: Starting Avatar") time.sleep(3) avatar.start() print("AVATAR: Transferring state from target to emulator") transfer_mem_to_emulator(avatar, 0x20000000, 0x00001000) print("AVATAR: Memory transfer complete") transfer_cpu_state_to_emulator(avatar) print("AVATAR: Register transfer complete") print("AVATAR: Continuing emulation") avatar.get_emulator().cont() print("AVATAR: Completed firmware analysis")
log.info("Emulator is requesting write 0x%08x[%d] = 0x%x", params["address"], params["size"], params["value"]) pass def emulator_post_write_request(self, params): log.info("Executed write 0x%08x[%d] = 0x%x", params["address"], params["size"], params["value"]) pass def stop(self): pass hwmon = OpenocdJig(configuration) cmd = OpenocdTarget(hwmon.get_telnet_jigsock()) cmd.put_bp(0x0008a892) # cmhSMS_cpyMsgInd cmd.wait() # block for bkpt trigger configuration = cmd.initstate(configuration) del cmd ava = System(configuration, init_s2e_emulator, init_gdbserver_target) ava.init() ava.add_monitor(RWMonitor()) time.sleep(3) ava.start() ava.get_emulator().cont()
if args.verbose: log.info("AVATAR: fetching configuration from target"); configuration = cmd.initstate(configuration) del cmd if args.veryverbose: print("configuraton is : %s" % configuration) if args.verbose: log.info("AVATAR: loading avatar "); ava = System(configuration, init_s2e_emulator, init_gdbserver_target) ava.init() if args.verbose: log.info("AVATAR: inserting monitor"); ava.add_monitor(RWMonitor()) if args.verbose: log.info("AVATAR: starting avatar "); time.sleep(1) ava.start() if args.verbose: log.info("AVATAR: avatar Started "); log.info("transfering data section + stack from device to emulator %d Kb form %x", dataRamToTransf/1024, dataRamFrom) transfer_mem_to_emulator(ava,dataRamFrom,dataRamToTransf) # Kill calls to UART #ava.get_emulator().write_typed_memory(s_UART_TX,2,0x46C0) #ava.get_emulator().write_typed_memory(s_UART_TX,2,0x46C0)