from time import sleep from avatar2 import Avatar, ARMV7M, OpenOCDTarget, PandaTarget avatar = Avatar(arch=ARMV7M, output_directory='/tmp/panda_rr') avatar.load_plugin('orchestrator') nucleo = avatar.add_target(OpenOCDTarget, openocd_script='nucleo-l152re.cfg', gdb_executable="arm-none-eabi-gdb", gdb_port=1234) panda = avatar.add_target(PandaTarget, executable='panda/qemu-system-arm', gdb_executable="arm-none-eabi-gdb", gdb_port=1235) rom = avatar.add_memory_range(0x08000000, 0x1000000, 'rom', file='firmware.bin') ram = avatar.add_memory_range(0x20000000, 0x14000, 'ram') mmio = avatar.add_memory_range(0x40000000, 0x1000000, 'mmio', forwarded=True, forwarded_to=nucleo) avatar.init_targets() avatar.start_target = nucleo
from avatar2 import Avatar, ARMV7M, OpenOCDTarget from IPython import embed main_addr = 0xD270 avatar = Avatar(output_directory='/tmp/harvey', arch=ARMV7M) avatar.load_plugin('assembler') t = avatar.add_target(OpenOCDTarget, openocd_script='plc.cfg', gdb_executable='arm-none-eabi-gdb') t.init() t.set_breakpoint(main_addr) t.cont() t.wait() t.inject_asm('b 0x2000250E', addr=0x20001E2E) t.inject_asm('mov r5,0xfffffffc\n b 0x20001E30', addr=0x2000250E) t.inject_asm('b 0x20002514', addr=0x20002338) t.inject_asm('mov r5,0xfffffffd\n mov r4, r5 \n mov r5, 0\nb 0x2000233E', addr=0x20002514) t.cont() embed()