When booting, the firmware erases IRAM and RAM.
However, it's easy to patch the code which erases IRAM. Then, by analyzing the firmware a little further, I noticed a safe location in IRAM to place my own code.
By digging a bit more in the firmware, I found the function that will show a messagebox, and a few other functions related to the UI (displaying bottom buttons, ...).
Using medios, I can reload the original firmware, patch it with a breakpoint (currently a very simple 8 bytes branch) and execute my code. Then, inside my code, I can show a message box with any value I want, including register values, memory, ... The only problem is that the device will crash after showing the message box because the breakpoint corrupts the stack. But it still enables to see some very interesting things.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment