def main2():
firmware = Firmware(
build_path / "firmware.bin",
build_path / "firmware.elf.map"
)
buf = firmware.load_bytes()
a = 0b11100111
b = 0b11111110
for inst in cs.disasm(bytes([b, a]), 0):
print(hex(inst.address), hex(from_bytes(inst.bytes)), inst.mnemonic, inst.op_str)
def print_failures(cpu, sim, prev_pc, target_regs, sim_regs, count, *, last_sim_regs=None):
print(end="> ")
addr = prev_pc
buf = cpu.uc.mem_read(addr, 2)
print("addr = ", hex(addr))
bcode = bin(from_bytes(buf))[2:].zfill(16)
print(":", bcode[0:4], bcode[4:8], bcode[8:12], bcode[12:16])
inst = None
for inst in cpu.cs.disasm(buf, addr, 1): # type: CsInsn
if cpu.firmware:
print("@", cpu.firmware.mapping[inst.address])
if inst.bytes:
assert len(inst.bytes) == 2, (inst.bytes)
print(inst.mnemonic, inst.op_str)
for operand in inst.operands: # type: ArmOp
target_regs.add(operand.reg)
else:
break
for no, (reg, tc_value) in enumerate(zip(REGS, sim_regs)):
uc_value = cpu.uc.reg_read(reg)
tc_value &= 0xFFFFFFFF
if reg == UC_ARM_REG_CPSR:
print(
REGS_NAME[reg].ljust(5),
get_CPSR(uc_value & 0xfff00000),
get_CPSR(tc_value),
(uc_value & 0xfff00000 != tc_value and "[!]" or ""),
sep='\t'
)
else:
if reg in target_regs:
last_uc_value = last_sim_regs[no] if last_sim_regs else None
print(
REGS_NAME[reg].ljust(5),
hex32(uc_value),
hex32(tc_value),
hex32(last_uc_value) if last_uc_value is not None else "-",
(uc_value != tc_value and "[!]" or ""),
sep='\t'
)
print("addr:", prev_pc)
print("count:", count)
return bcode, inst
def read_int(addr):
return from_bytes(cpu.uc.mem_read(addr, 4))
def read_ushort(pc):
addr = pc - flash.address
return from_bytes(memory[addr:addr + 2])
def read_int(self, addr):
return from_bytes(self.memory[addr:addr + 4])
def read_ushort(self, pc):
addr = pc - FLASH.address
return from_bytes(self.memory[addr:addr + 2])