Commit 70b6a896 authored by nguimfac's avatar nguimfac

add directory description

parent 17525b52
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE abiword PUBLIC "-//ABISOURCE//DTD AWML 1.0 Strict//EN" "http://www.abisource.com/awml.dtd">
<abiword template="false" xmlns:ct="http://www.abisource.com/changetracking.dtd" xmlns:fo="http://www.w3.org/1999/XSL/Format" xmlns:math="http://www.w3.org/1998/Math/MathML" xid-max="96" xmlns:dc="http://purl.org/dc/elements/1.1/" styles="unlocked" fileformat="1.0" xmlns:svg="http://www.w3.org/2000/svg" xmlns:awml="http://www.abisource.com/awml.dtd" xmlns="http://www.abisource.com/awml.dtd" xmlns:xlink="http://www.w3.org/1999/xlink" version="0.99.2" xml:space="preserve" props="dom-dir:ltr; document-footnote-restart-section:0; document-endnote-type:numeric; document-endnote-place-enddoc:1; document-endnote-initial:1; lang:en-US; document-endnote-restart-section:0; document-footnote-restart-page:0; document-footnote-type:numeric; document-footnote-initial:1; document-endnote-place-endsection:0">
<!-- ======================================================================== -->
<!-- This file is an AbiWord document. -->
<!-- AbiWord is a free, Open Source word processor. -->
<!-- More information about AbiWord is available at http://www.abisource.com/ -->
<!-- You should not edit this file by hand. -->
<!-- ======================================================================== -->
<metadata>
<m key="abiword.date_last_changed">Mon Mar 23 22:44:11 2015
</m>
<m key="abiword.generator">AbiWord</m>
<m key="dc.creator">william</m>
<m key="dc.date">Mon Mar 23 22:28:13 2015
</m>
<m key="dc.format">application/x-abiword</m>
</metadata>
<rdf>
</rdf>
<history version="6" edit-time="4948" last-saved="1427147051" uid="38b1154a-d19a-11e4-9cf4-b108b1fa50ee">
<version id="6" started="1427146093" uid="bdae645e-d1a5-11e4-9cf4-b108b1fa50ee" auto="0" top-xid="82"/>
</history>
<styles>
<s type="P" name="Normal" followedby="Current Settings" props="font-family:Times New Roman; margin-top:0pt; color:000000; margin-left:0pt; text-position:normal; widows:2; font-style:normal; text-indent:0in; font-variant:normal; font-weight:normal; margin-right:0pt; font-size:12pt; text-decoration:none; margin-bottom:0pt; line-height:1.0; bgcolor:transparent; text-align:left; font-stretch:normal"/>
</styles>
<pagesize pagetype="Letter" orientation="portrait" width="8.500000" height="11.000000" units="in" page-scale="1.000000"/>
<section xid="16" props="page-margin-footer:0.5in; page-margin-header:0.5in">
<p style="Normal" xid="17"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">LinkIt One</c></p>
<p style="Normal" xid="90"><c props="font-family:Liberation Serif; text-decoration:none; color:000000; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US"></c><c props="font-family:Liberation Serif; text-decoration:none; color:000000; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US">SoC MT2502A interfaces: </c><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">UART interface, Serial flash controller, SD/SDIO, USIM, USB1.1, RF module, LCD interface, Power management circuitry, PWM, Speech audio input, FM stereo radio input, HIFI stereo output, JTAG, Cam interface, I2C interface, I2S(AD/DA), Keypad interface.</c></p>
<p style="Normal" xid="91"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt"></c></p>
<p style="Normal" xid="95"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt"></c><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">Fernvale</c></p>
<p style="Normal" xid="89" props="text-align:left; dom-dir:ltr"><c props="font-family:Liberation Serif; text-decoration:none; color:000000; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US">SoC MT6260 interface: UART, </c><c props="font-size:12pt">RF control circuitry, Keypad interface, Camera interface, MS/SD card interface, SIM card interface, I2C interface, LCD interface, General purpose I/O interface, FM, Bluetooth, Analog baseband, USB1.1, Power management unit.</c></p>
<p style="Normal" xid="92" props="text-align:left; dom-dir:ltr"><c props="font-size:12pt"></c></p>
<p style="Normal" xid="96" props="text-align:left; dom-dir:ltr"><c props="font-size:12pt"></c></p>
<p style="Normal" xid="93" props="text-align:left; dom-dir:ltr"><c props="font-size:12pt"></c></p>
<p style="Normal" xid="94" props="text-align:left; dom-dir:ltr"><c props="font-size:12pt"></c></p>
<p style="Normal" xid="87"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt"></c><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">Specifications</c></p>
<table xid="2" props="table-column-props:3.2500in/3.5625in/">
<cell xid="3" props="bot-attach:1; left-attach:0; right-attach:1; top-attach:0">
<p style="Normal" xid="4"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">LinkIT One</c></p>
</cell>
<cell xid="6" props="bot-attach:1; left-attach:1; right-attach:2; top-attach:0">
<p style="Normal" xid="7"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">Fernavale</c></p>
</cell>
<cell xid="9" props="bot-attach:2; left-attach:0; right-attach:1; top-attach:1">
<p style="Normal" xid="10" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">ARM7EJ-STM 32-bit RISC processor</c></p>
<p style="Normal" xid="63"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt"></c><field type="list_label" xid="27" props="font-weight:normal; font-family:Liberation Serif; font-size:12pt"></field><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-</c><c type="list_label" props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">Chipset:MT2502A(Aster, ARM7 EJ-STM)</c></p>
<p style="Normal" xid="28" props="text-indent:0in; margin-left:0pt"><c type="list_label" props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-</c><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">Clock Speed: 260MHz</c></p>
<p style="Normal" xid="30" props="text-align:left; text-indent:0in; dom-dir:ltr; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">- LCD resolution max up to 320x240</c></p>
<p style="Normal" xid="86" props="text-align:left; text-indent:0in; dom-dir:ltr; margin-left:0pt"><c props="font-family:Liberation Serif; text-decoration:none; color:000000; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US">-serial/parallel LCD controller</c></p>
<p style="Normal" xid="32" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Flash: 16MB</c></p>
<p style="Normal" xid="34" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-RAM: 4MB</c></p>
<p style="Normal" xid="36" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-DC current per I/O Pin:1mA</c></p>
<p style="Normal" xid="38" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Analog Pins #: 3</c></p>
<p style="Normal" xid="40" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Digital Output:3.3V</c></p>
<p style="Normal" xid="42" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Analog Input: 5V</c></p>
<p style="Normal" xid="44" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-UART: Software Serial(Serial) and Hardware Serial(Serial1, D0&amp;D1)</c></p>
<p style="Normal" xid="62" props="text-align:left; text-indent:0in; dom-dir:ltr; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-I2C, SPI, GPIO</c></p>
<p style="Normal" xid="66" props="text-align:left; text-indent:0in; dom-dir:ltr; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-FS/LS USB 1.1</c></p>
<p style="Normal" xid="67" props="text-align:left; text-indent:0in; dom-dir:ltr; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-JTAG port</c></p>
<p style="Normal" xid="46" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-SD Card: Up to 32G(Class 10)</c></p>
<p style="Normal" xid="48" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Positioning: GPS(MT3332)</c></p>
<p style="Normal" xid="50" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-GSM: 850/900/1800/1900 MHz (2G)</c></p>
<p style="Normal" xid="52" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-GPRS: Class 12</c></p>
<p style="Normal" xid="54" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Wi-Fi: 802.11 b/g/n</c></p>
<p style="Normal" xid="56" props="text-indent:0in; margin-left:0pt"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Bluetooth: BR/EDR/BLE(Dual Mode)</c></p>
</cell>
<cell xid="12" props="bot-attach:2; left-attach:1; right-attach:2; top-attach:1">
<p style="Normal" xid="13" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">ARM7EJ-STM 32-bit RISC processor</c></p>
<p style="Normal" xid="68" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">SoC: MT6260</c></p>
<p style="Normal" xid="64"><c props="font-family:Liberation Serif; font-size:12pt; font-variant:normal; color:#333333; font-weight:normal; font-style:normal; text-transform:none"></c><c props="font-family:Liberation Serif; font-size:12pt; font-variant:normal; color:#333333; font-weight:normal; font-style:normal; text-transform:none">Mediatek MT6260 System-on-a-Chip</c><c props="font-family:Liberation Serif; text-decoration:none; color:333333; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US"> </c><c props="font-family:Liberation Serif; text-decoration:none; color:000000; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US">32-bit</c></p>
<p style="Normal" xid="18" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-clock Speed: </c><c props="font-family:Liberation Serif; font-size:12pt; font-variant:normal; color:#333333; font-weight:normal; font-style:normal; text-transform:none">364 MHz</c><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">(real time clock)</c></p>
<p style="Normal" xid="84" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-</c><c props="font-size:12pt">Supports LCD module with maximum</c></p>
<p style="Normal" xid="85" props="text-align:left; dom-dir:ltr"><c props="font-size:12pt">resolution up to 480x320</c></p>
<p style="Normal" xid="72" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-serial/parallel LCD controller</c></p>
<p style="Normal" xid="22" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-</c><c props="font-family:Liberation Serif; text-decoration:none; color:000000; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US">RAM: </c><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">8MiB </c></p>
<p style="Normal" xid="23" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Quad-band GSM</c></p>
<p style="Normal" xid="24" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Bluetooth</c></p>
<p style="Normal" xid="25" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-MP3 player</c></p>
<p style="Normal" xid="26" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Li-Poly battery</c></p>
<p style="Normal" xid="71" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-2 UART, USB 1.1 FS/LS , SDIO, PWM</c></p>
<p style="Normal" xid="81" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-DAI/PCM and I2S interface for audio applications</c></p>
<p style="Normal" xid="73" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Bluetooth v3.0 data rate up to 3Mps</c></p>
<p style="Normal" xid="74" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">- FM Rx receiver supporting 87.5 ~108MHz</c></p>
<p style="Normal" xid="76" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-high-performance DMA</c></p>
<p style="Normal" xid="77" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-On-chip boot ROM for factory flash</c></p>
<p style="Normal" xid="78" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">programming</c></p>
<p style="Normal" xid="79" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-Dual SIM/USIM</c></p>
<p style="Normal" xid="80" props="text-align:left; dom-dir:ltr"><c props="font-weight:normal; font-family:Liberation Serif; font-size:12pt">-</c><c props="font-family:Liberation Serif; text-decoration:none; color:000000; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US">JTAG port</c></p>
<p style="Normal" xid="83" props="text-align:left; dom-dir:ltr"><c props="font-family:Liberation Serif; text-decoration:none; color:000000; font-size:12pt; text-position:normal; font-weight:normal; font-style:normal; lang:en-US">-</c><c props="font-size:12pt">Supports GSM/GPRS/EDGE-Rx modem</c></p>
</cell>
</table>
<p style="Normal" xid="1"><c></c></p>
</section>
</abiword>
......@@ -2,4 +2,20 @@ SEMESTER PROJECT
Title: Porting Avatar to the Sidekick Basic kit for LinkIt ONE and fernvale,
the project is divided into two directories (fernvale linkit) for each device,
each directory should contain the required configure files for linkit ONE and fernvale
each directory should contain the required configure files for linkit ONE and fernvale.
fernavale_linkit-one
|
|--> fernvale
| |
| |--> avatar (files for the emulator)
| |
| |--> openocd (files for remote debbuging)
|
|--> linkIT
| |
| |--> avatar
| |
| |--> openocd
|
|--> note
SEMESTER PROJECT
Title: Porting Avatar to the Sidekick Basic kit for LinkIt ONE and fernvale,
the project is divided into two directories (fernvale linkit) for each device,
each directory should contain the required configure files for linkit ONE and fernvale.
fernavale_linkit-one
|
|--> fernvale
| |
| |--> avatar (files for the emulator)
| |
| |--> openocd (files for remote debbuging)
|
|--> linkIT
| |
| |--> avatar
| |
| |--> openocd
#!/usr/bin/env python3
import os
import sys
from avatar.system import System
import logging
from avatar.emulators.s2e import init_s2e_emulator
import threading
import subprocess
from avatar.targets.gdbserver_target import *
from avatar.targets.openocd_target import *
from avatar.targets.openocd_jig import *
import time
from avatar.interfaces.gdb.gdb_server import GdbServer
import argparse
from collections import OrderedDict
log = logging.getLogger(__name__)
buggy=False
configuration = {
"output_directory" : os.getcwd()+"/s2e_output/",
"configuration_directory" : os.getcwd(),
"s2e" : {
#"s2e-max-processes": 4,
"verbose" : True,
"s2e_binary" : os.getcwd()+"/../../../../s2e-build/qemu-release/arm-s2e-softmmu/qemu-system-arm",
"klee" : {
"use-batching-search" : True,
"batch-time" : 1.0,
},
"plugins": OrderedDict([
("BaseInstructions", {}),
#("InstructionPrinter", ""),
("Initializer", {}),
("ExecutionTracer", "" ),
("ArbitraryExecChecker", ""), # checking for obvious bugs
("TestCaseGenerator", "" ),
("FunctionMonitor", {}),
("MemoryInterceptorMediator", {
"verbose": True,
"interceptors": {
"RemoteMemory": {
"IOMem": {
"range_start": 0x80000000,
"range_end": 0x80030000,
"priority": 0,
"access_type": ["read", "write", "execute", "io", "memory", "concrete_value", "concrete_address"]
}
}
#, "RemoteMemory": {
# "sram_data": {
# #"range_start": 0x400000,
# "range_start": 0x4031DA,
# "range_end": 0x418000,
# "priority": 0,
# "access_type": ["read", "write", "execute", "io", "memory", "concrete_value", "concrete_address"]
# }
# }
}
}),
("RemoteMemory", {
"verbose": True,
"listen_address": "localhost:9999"
}),
("RawMonitor" ,
"""
kernelStart = 0,
-- we consider RAM
ram_module = {
delay = false,
name = "ram_module",
start = 0x400000,
size = 0x018000,
nativebase = 0x400000,
kernelmode = false
},
rom_module = {
delay = false,
name = "rom_module",
start = 0x0,
size = 0x3FFFFF,
nativebase = 0x0,
kernelmode = false
}
"""),
("ModuleExecutionDetector" ,
"""
trackAllModules = true,
configureAllModules = true,
ram_module = {
moduleName = "ram_module",
kernelMode = true,
},
rom_module = {
moduleName = "rom_module",
kernelMode = true,
}
"""),
("Annotation" ,
"""
reset_fun = {
module = "rom_module",
active = true,
address = 0x0,
instructionAnnotation = "reset",
},
undef_fun = {
module = "rom_module",
active = true,
address = 0x4,
instructionAnnotation = "undef_instr",
},
symbolic_pkt = {
module = "ram_module",
active = true,
address = 0x40219E,
instructionAnnotation = "make_pkt_symbolic",
beforeInstruction = true,
switchInstructionToSymbolic = true,
},
stop_state = {
module = "ram_module",
active = true,
address = 0x401E6C,-- after the return of the function
instructionAnnotation = "end_analysis_region",
beforeInstruction = true,
switchInstructionToSymbolic = true,
}
"""),
]),
"include" : ["lua/test.lua", "lua/common.lua"]
},
"qemu_configuration": {
"gdbserver": False,
"halt_processor_on_startup": True,
"trace_instructions": True,
#"trace_microops": True,
# "gdb": "tcp::1235,server,nowait", # not used anymore
"append": ["-serial", "tcp::8888,server,nowait"]
},
"machine_configuration": {
"architecture": "arm",
"cpu_model": "arm926",
"entry_address": 0x0,
"memory_map": [
{
"size": 0x14000,
"name": "rom",
"file": os.getcwd()+"/econotag_src/ROMDump/mc1322x_rom_0_0x14000.bin",
"map": [{
"address": 0,
"type": "code",
"permissions": "rx"
}]
},
{
# 96K bytes
"size": 0x18000,
#"size" : 0x31DA, # only import the txt section, ro data and data not needed here as we forward them
"name": "SRAM",
"file": os.getcwd()+"/econotag_src/with freescale tools/My UART/Wireless UART/Debug/Exe/Wireless UART.bin_txt_only.bin",
"map": [{
"address": 0x400000,
"type": "code",
"permissions": "rwx"
}]
},
],
},
"avatar_configuration": {
"target_gdb_address": "tcp:localhost:3333",
#"target_gdb_path":"/opt/arm-none-eabi-sourcery-2012.09-63/bin/arm-none-eabi-gdb"
"target_gdb_path":"/home/william/CodeSourcery/Sourcery_G++_Lite/bin/arm-none-eabi-gdb"
},
"openocd_configuration": {
"config_file": "linkIT_openocd.cfg"
}
}
if buggy:
# that's for the buggy version
configuration["machine_configuration"]["memory_map"]=[{
"size": 0x14000,
"name": "rom",
"file": "/home/aurel/work/sensors/econotag/ROMDump/mc1322x_rom_0_0x14000.bin",
"map": [{
"address": 0,
"type": "code",
"permissions": "rx"
}]
},
{
# 96K bytes
"size": 0x18000,
#"size" : 0x31DA, # only import the txt section, ro data and data not needed here as we forward them
"name": "SRAM",
"file": "/home/aurel/work/sensors/econotag/with freescale tools/My buggyUart/Wireless UART/Debug/Exe/Wireless UART.bin_cut_12808",
"map": [{
"address": 0x400000,
"type": "code",
"permissions": "rwx"
}]
}]
configuration["s2e"]["plugins"]["Annotation"]="""
reset_fun = {
module = "rom_module",
active = true,
address = 0x0,
beforeInstruction = true,
instructionAnnotation = "reset",
},
undef_fun = {
module = "rom_module",
active = true,
address = 0x4,
beforeInstruction = true,
instructionAnnotation = "undef_instr",
},
symbolic_pkt = {
module = "ram_module",
active = true,
address = 0x004021a6, -- <= where we put the annotation, has to be begining of a tcb but not hte 1st one
instructionAnnotation = "make_pkt_symbolic",
beforeInstruction = true,
switchInstructionToSymbolic = true,
},
stop_state = {
module = "ram_module",
active = true,
address = 0x401E6C, -- lets now stop after the return so that we actually notice a stack based buffer overflow
--0x40224C, --0x402220, -- <= stop analysis at the end of the function
instructionAnnotation = "end_analysis_region",
beforeInstruction = true,
switchInstructionToSymbolic = true,
},
skip_uart = {
module = "ram_module",
active = false,
address = "0x40278E",
callAnnotation = "skip_uart",
beforeInstruction = true,
switchInstructionToSymbolic =true,
paramcount = 0
}
"""
configuration["s2e"]["include"]=["lua/test_buggy.lua", "lua/common.lua"]
print("\n\n")
print("%s",configuration)
print("\n\n")
class TargetLauncher(object):
def __init__(self, cmd):
self._cmd = cmd
self._process = None
self._thread = threading.Thread(target = self.run)
self._thread.start()
def stop(self):
if self._process:
self._process.kill()
def run(self):
self._process = subprocess.call(self._cmd)
class RWMonitor():
def emulator_pre_read_request(self, params):
#log.info("Emulator at PC=%s is requesting read 0x%08x[%d]", params['cpu_state']['pc'], params["address"], params["size"])
pass
def emulator_post_read_request(self, params):
log.info("Executed at PC=%s read 0x%08x[%d] = 0x%x", params['cpu_state']['pc'], params["address"], params["size"], params["value"])
def emulator_pre_write_request(self, params):
#log.info("Emulator at PC=%s is requesting write 0x%08x[%d] = 0x%x", params['cpu_state']['pc'], params["address"], params["size"], params["value"])
pass
def emulator_post_write_request(self, params):
log.info("Executed at PC=%s write 0x%08x[%d] = 0x%x", params['cpu_state']['pc'], params["address"], params["size"], params["value"])
pass
def stop(self):
pass
def transfer_cpu_state_to_emulator(ava, debug=False, verbose=False):
"""
Transfers state from emulator to device,
Parameter: avatar object
Parameter: Debug: stores state to a file
Parameter: verbose : prints transfered state
"""
cpu_state = {}
for reg in ["r0", "r1", "r2", "r3",
"r4", "r5", "r6", "r7",
"r8", "r9", "r10", "r11",
"r12", "sp", "lr", "pc", "cpsr"]:
value = ava.get_emulator().get_register(reg)
cpu_state[reg] = hex(value)
ava.get_target().set_register(reg, ava.get_emulator().get_register(reg))
if debug:
f = open("cpu_state.gdb", "w")
for (reg, val) in cpu_state.items():
f.write("set $%s = %s\n" % (reg, val))
f.close()
if vebose:
print("transfered CPU state to device: %s" % cpu_state.__str__())
def transfer_cpu_state_to_device(ava, debug=False, verbose=False):
"""
Transfers state from emulator to device,
Parameter: avatar object
Parameter: Debug: stores state to a file
Parameter: verbose : prints transfered state
"""
cpu_state = {}
for reg in ["r0", "r1", "r2", "r3",
"r4", "r5", "r6", "r7",
"r8", "r9", "r10", "r11",
"r12", "sp", "lr", "pc", "cpsr"]:
value = ava.get_emulator().get_register(reg)
cpu_state[reg] = hex(value)
ava.get_target().set_register(reg, ava.get_emulator().get_register(reg))
if debug:
f = open("cpu_state.gdb", "w")
for (reg, val) in cpu_state.items():
f.write("set $%s = %s\n" % (reg, val))
f.close()
if vebose:
print("transfered CPU state to device: %s" % cpu_state.__str__())
def transfer_mem_to_target(ava, addr, length):
"""
copies memory region to target
"""
memory = ava.get_emulator().read_untyped_memory(addr, length)
# is this file needed ?
f = open("/tmp/ava_memory", "wb")
f.write(memory)
f.close()
ava.get_target().write_untyped_memory(addr, memory)
def transfer_mem_to_emulator(ava, addr, length):
"""
copies memory region to target
"""
memory = ava.get_target().read_untyped_memory(addr, length)
# is this file needed ?
f = open("/tmp/ava_memory", "wb")
f.write(memory)
f.close()
ava.get_emulator().write_untyped_memory(addr, memory)
# s_fw_start = 0x400000
# s_Main = 0x401E4C
# s_process_radio_msg = 0x400A84
# # function that recieves messages
# s_data_indication_execute = 0x402120
#s_in_data_indication_execute = 0x40219E # <= this is where we put the annotation
if buggy:
s_in_data_indication_execute = 0x40217A
dataRamFrom=0x403206
dataRamToTransf=0x404840-dataRamFrom
s_UART_TX=0x402240 # buggy firmware
else:
s_in_data_indication_execute = 0x402174 # <= this is where we put the annotation
dataRamFrom=0x4031DA
dataRamToTransf=0x404810-dataRamFrom
s_UART_TX=0x402214 # valid firmware
# function that sends messages
# s_wireless_uart_execute = 401E72
# s_in_wireless_uart_execute = 0x401fb6
# break at address :
# data_indication_execute 0x402120
# display RX_msg
# /c (char [33]) *RX_msg.pu8Buffer->u8Data
# data_rx
# pu buffer {
# smac_pdu_tag {
# uint8_t reserved[2];
# uint8_t u8Data[1];
#} smac_pdu_t;
# uint8_t buff[31]
#RX_msg.pu8Buffer->u8Data
# packet buffer :
# 0x4033aa len 33
if __name__ == "__main__":
############################
# Arguments parse and init #
############################
parser = argparse.ArgumentParser(description='Avatar on the linkIT.')
parser.add_argument('-v', '--verbose', action='store_true',
help='More log data ')
parser.add_argument('-vv', '--veryverbose', action='store_true',
help='Even more log data ')
parser.add_argument('-d', '--debug', action='store_true',
help='When done, start a gdb stub on the emulator ')
parser.add_argument('-r', '--reset', action='store_true',
help='Once attached reset and load firmware image with jtag (not confirmed to work)')
parser.add_argument('-g', '--gdb_verbose', action='store_true',
help='Show details of gdb protocol messages')
args = parser.parse_args()
#############################
#############################
# OPENOCD JIG What is it for#
#############################
if args.verbose:
log.info("OpenOcd jig");
hwmon=OpenocdJig(configuration)
if args.verbose:
log.info("OpenOcd target");