def main(args):
#TODO: Build stuff here (u-boot)
ava = System(configuration, init_s2e_emulator, init_gdbserver_target)
print("System generated")
target_runner = TargetLauncher([
LINARO_QEMU_ARM, "-M", "beagle", "-m", "256M", "-serial",
"udp:127.0.0.1:2000", "-sd",
os.path.join(UBOOT_DIR,
"sdcard.img"), "-gdb", "tcp:127.0.0.1:4444", "-S"
])
ava.init()
ava.add_monitor(RWMonitor())
time.sleep(3)
ava.start()
ava.get_emulator().cont()
def main(args):
#TODO: Build stuff here (u-boot)
ava = System(configuration, init_s2e_emulator, init_gdbserver_target)
print("System generated")
target_runner = TargetLauncher([LINARO_QEMU_ARM,
"-M", "beagle",
"-m", "256M",
"-serial", "udp:127.0.0.1:2000",
"-sd", os.path.join(UBOOT_DIR, "sdcard.img"),
"-gdb", "tcp:127.0.0.1:4444",
"-S"])
ava.init()
ava.add_monitor(RWMonitor())
time.sleep(3)
ava.start()
ava.get_emulator().cont()
cmd.halt()
cmd.raw_cmd("flash write_image erase /home/matthew/Workspace/COSC460/avatar-stellaris/large/firmware/Release/Large.bin", True)
cmd.put_bp(0x0000179A) # Run the target until init finishes
cmd.raw_cmd("reset", True)
cmd.wait()
print("AVATAR: Fetching configuration from target")
configuration = cmd.initstate(configuration)
del cmd
print("AVATAR: Loading Avatar")
avatar = System(configuration, init_s2e_emulator, init_gdbserver_target)
avatar.init()
print("AVATAR: Inserting Monitor")
avatar.add_monitor(RWMonitor())
print("AVATAR: Starting Avatar")
time.sleep(3)
avatar.start()
print("AVATAR: Transferring state from target to emulator")
transfer_mem_to_emulator(avatar, 0x20000000, 0x00001000)
print("AVATAR: Memory transfer complete")
transfer_cpu_state_to_emulator(avatar)
print("AVATAR: Register transfer complete")
print("AVATAR: Continuing emulation")
avatar.get_emulator().cont()
print("AVATAR: Completed firmware analysis")
log.info("Emulator is requesting write 0x%08x[%d] = 0x%x",
params["address"], params["size"], params["value"])
pass
def emulator_post_write_request(self, params):
log.info("Executed write 0x%08x[%d] = 0x%x", params["address"],
params["size"], params["value"])
pass
def stop(self):
pass
hwmon = OpenocdJig(configuration)
cmd = OpenocdTarget(hwmon.get_telnet_jigsock())
cmd.put_bp(0x0008a892) # cmhSMS_cpyMsgInd
cmd.wait() # block for bkpt trigger
configuration = cmd.initstate(configuration)
del cmd
ava = System(configuration, init_s2e_emulator, init_gdbserver_target)
ava.init()
ava.add_monitor(RWMonitor())
time.sleep(3)
ava.start()
ava.get_emulator().cont()
if args.verbose:
log.info("AVATAR: fetching configuration from target");
configuration = cmd.initstate(configuration)
del cmd
if args.veryverbose:
print("configuraton is : %s" % configuration)
if args.verbose:
log.info("AVATAR: loading avatar ");
ava = System(configuration, init_s2e_emulator, init_gdbserver_target)
ava.init()
if args.verbose:
log.info("AVATAR: inserting monitor");
ava.add_monitor(RWMonitor())
if args.verbose:
log.info("AVATAR: starting avatar ");
time.sleep(1)
ava.start()
if args.verbose:
log.info("AVATAR: avatar Started ");
log.info("transfering data section + stack from device to emulator %d Kb form %x", dataRamToTransf/1024, dataRamFrom)
transfer_mem_to_emulator(ava,dataRamFrom,dataRamToTransf)
# Kill calls to UART
#ava.get_emulator().write_typed_memory(s_UART_TX,2,0x46C0)
#ava.get_emulator().write_typed_memory(s_UART_TX,2,0x46C0)
