Thread: Discussion Walkera DEVO Tx Hacking
View Single Post
Old Mar 22, 2012, 08:46 PM
PhracturedBlue is offline
Find More Posts by PhracturedBlue
Registered User
Joined Jan 2012
682 Posts
Quote:
Originally Posted by NorCalMatCat View Post
Rofl I used that program and piped the output to a .asm file and got 4 megs of assembly... hrm
I just played with mdisasam, and it does seem to work, though it would take a lot of post-processing to convert it to something useful.

If you want to use it:
take the 1st 0x125 files off the dfu file (that is 293 bytes). I did it using:
dd if="DEVO-8 FWDT v0.6B.dfu" bs=1 skip=293 > DEVO-8-FWDT.bin
now you can disassemble but you can't do the entire file at once. The reason is that there seem to be non-code sections that confuse the byte-parser.

But if you do:
mdisasm -a 0x8000000 -o 0x4146 DEVO-8-FWDT.bin

it will properly disassemble the reset code.
If someone has some minimal coding skills, they could probably use this to make a crude version of what IDA does by following branch pointers and running mdisasm on each section to build the 'full' disassembly.

I'm not sure of the value compared to just waiting for someone to post a disassembled IDA dump, but if you want free, and are willing to do a bit of leg work, this could get you going.

That's about all for me though. However, if it is helpful, here are the subroutine code-locations identified so far:
Code:
sub_8000134          ROM 08000134 00000004 R . . . . . .
sub_8000138          ROM 08000138 00000004 R . . . . . .
sub_8000174          ROM 08000174 0000000A R . . . . . .
sub_8000184          ROM 08000184 00000010 R . . . . . .
sub_8000194          ROM 08000194 0000000E R . . . . . .
sub_80001A2          ROM 080001A2 00000004 R . . . . . .
sub_80001A6          ROM 080001A6 00000004 R . . . . . .
sub_80001BE          ROM 080001BE 00000010 R . . . . . .
sub_80001CE          ROM 080001CE 0000000C R . . . . . .
sub_80001F2          ROM 080001F2 00000010 R . . . . . .
sub_8000212          ROM 08000212 0000001C R . . . . . .
sub_80002B2          ROM 080002B2 0000000E R . . . . . .
sub_80002C6          ROM 080002C6 00000010 R . . . . . .
sub_80002E6          ROM 080002E6 00000072 R . . . . . .
sub_80003E6          ROM 080003E6 00000032 R . . . . . .
sub_8000418          ROM 08000418 00000030 R . . . . . .
sub_8000448          ROM 08000448 00000024 R . . . . . .
sub_80004BC          ROM 080004BC 00000010 R . . . . . .
sub_800058E          ROM 0800058E 0000001E R . . . . . .
sub_8000A86          ROM 08000A86 0000000A R . . . . . .
sub_8000AB0          ROM 08000AB0 00000014 R . . . . . .
sub_8000C20          ROM 08000C20 00000016 R . . . . . .
sub_8000C36          ROM 08000C36 00000014 R . . . . . .
sub_8000C4A          ROM 08000C4A 00000018 R . . . . . .
sub_8000D70          ROM 08000D70 00000010 R . . . . . .
WritePortBitClearReg ROM 08000FFA 00000004 R . . . . . .
sub_8001006          ROM 08001006 0000000C R . . . . . .
Init_something       ROM 080012F4 0000001C R . . . . . .
sub_80016E8          ROM 080016E8 00000014 R . . . . . .
sub_8001F00          ROM 08001F00 00000010 R . . . . . .
sub_8002078          ROM 08002078 00000048 R . . . . . .
sub_80021AC          ROM 080021AC 00000010 R . . . . . .
sub_8002584          ROM 08002584 0000000A R . . . . . .
sub_8002598          ROM 08002598 00000012 R . . . . . .
sub_80027E0          ROM 080027E0 00000012 R . . . . . .
sub_8002AF4          ROM 08002AF4 0000005E R . . . . . .
sub_8002B94          ROM 08002B94 00000010 R . . . . . .
sub_80031CC          ROM 080031CC 00000018 R . . . . . .
sub_800329C          ROM 0800329C 00000018 R . . . . . .
sub_80036DC          ROM 080036DC 00000012 R . . . . . .
sub_8003D58          ROM 08003D58 00000010 R . . . . . .
sub_8003E64          ROM 08003E64 00000010 R . . . . . .
sub_8003F14          ROM 08003F14 00000054 R . . . . . .
sub_8003FF8          ROM 08003FF8 00000010 R . . . . . .
sub_8004418          ROM 08004418 00000014 R . . . . . .
sub_800473C          ROM 0800473C 00000010 R . . . . . .
sub_80047D0          ROM 080047D0 0000020E R . . . . . .
sub_8004E7C          ROM 08004E7C 00000012 R . . . . . .
sub_80051E0          ROM 080051E0 00000010 R . . . . . .
sub_8005340          ROM 08005340 00000012 R . . . . . .
sub_800567C          ROM 0800567C 00000022 R . . . . . .
sub_80056C4          ROM 080056C4 00000014 R . . . . . .
sub_80058A4          ROM 080058A4 00000010 R . . . . . .
sub_800597C          ROM 0800597C 00000022 R . . . . . .
sub_8005A8C          ROM 08005A8C 00000010 R . . . . . .
sub_8005B48          ROM 08005B48 00000030 R . . . . . .
sub_8005DA8          ROM 08005DA8 00000010 R . . . . . .
sub_8006024          ROM 08006024 00000010 R . . . . . .
sub_8006064          ROM 08006064 00000010 R . . . . . .
sub_80060EC          ROM 080060EC 0000005A R . . . . . .
sub_8006264          ROM 08006264 0000003E R . . . . . .
sub_800669C          ROM 0800669C 00000038 R . . . . . .
sub_80067D0          ROM 080067D0 00000010 R . . . . . .
sub_800687C          ROM 0800687C 00000010 R . . . . . .
sub_80069B0          ROM 080069B0 00000014 R . . . . . .
sub_8006B08          ROM 08006B08 00000022 R . . . . . .
sub_8007274          ROM 08007274 00000010 R . . . . . .
sub_8007368          ROM 08007368 00000010 R . . . . . .
sub_80073BC          ROM 080073BC 00000020 R . . . . . .
sub_8007518          ROM 08007518 00000028 R . . . . . .
sub_800771C          ROM 0800771C 00000056 R . . . . . .
sub_80094D8          ROM 080094D8 0000000C R . . . . . .
sub_800C7A8          ROM 0800C7A8 00000004 R . . . . . .
sub_800EC00          ROM 0800EC00 00000036 R . . . . . .
sub_800FAB4          ROM 0800FAB4 0000001A R . . . . . .
sub_8010140          ROM 08010140 00000032 R . . . . . .
sub_8011D58          ROM 08011D58 00000010 R . . . . . .
sub_8011E9C          ROM 08011E9C 00000010 R . . . . . .
sub_8012068          ROM 08012068 00000016 R . . . . . .
sub_8012090          ROM 08012090 00000140 R . . . . . .
sub_801250C          ROM 0801250C 0000000E R . . . . . .
sub_8012520          ROM 08012520 00000010 R . . . . . .
sub_80125FC          ROM 080125FC 0000008A R . . . . . .
sub_8012C0C          ROM 08012C0C 00000086 R . . . . . .
sub_801346C          ROM 0801346C 00000008 R . . . . . .
sub_8013474          ROM 08013474 00000006 R . . . . . .
sub_801347A          ROM 0801347A 00000004 R . . . . . .
WritePortBitSetReg   ROM 0801347E 00000004 R . . . . . .
sub_8013514          ROM 08013514 0000000A R . . . . . .
sub_8014FBC          ROM 08014FBC 00000014 R . . . . . .
sub_8015014          ROM 08015014 0000001A R . . . . . .
sub_8015168          ROM 08015168 00000010 R . . . . . .
sub_8015214          ROM 08015214 00000018 R . . . . . .
sub_80153C8          ROM 080153C8 0000000A R . . . . . .
sub_80153D8          ROM 080153D8 00000006 R . . . . . .
sub_801543A          ROM 0801543A 00000010 R . . . . . .
sub_801544A          ROM 0801544A 00000026 R . . . . . .
sub_801559C          ROM 0801559C 0000002E R . . . . . .
sub_80155D4          ROM 080155D4 0000001C R . . . . . .
sub_8015AD4          ROM 08015AD4 00000014 R . . . . . .
sub_8015B68          ROM 08015B68 00000010 R . . . . . .
sub_8015BF4          ROM 08015BF4 00000010 R . . . . . .
sub_8015D70          ROM 08015D70 00000010 R . . . . . .
sub_80160F4          ROM 080160F4 00000010 R . . . . . .
sub_801611C          ROM 0801611C 0000001A R . . . . . .
sub_80162AC          ROM 080162AC 00000010 R . . . . . .
sub_8016358          ROM 08016358 00000008 R . . . . . .
sub_8016490          ROM 08016490 00000010 R . . . . . .
sub_8017AAC          ROM 08017AAC 00000010 R . . . . . .
sub_8018D88          ROM 08018D88 00000026 R . . . . . .
sub_801DEE0          ROM 0801DEE0 00000266 R . . . . . .
sub_80230C4          ROM 080230C4 00000010 R . . . . . .
sub_802351C          ROM 0802351C 00000010 R . . . . . .
ReadSPIDataReg       ROM 0802384C 00000004 R . . . . . .
sub_80239A0          ROM 080239A0 00000004 R . . . . . .
nullsub_1            ROM 080239A4 00000004 R . . . . . .
sub_80239A8          ROM 080239A8 00000010 R . . . . . .
sub_8024A2C          ROM 08024A2C 00000006 R . . . . . .
sub_8024A32          ROM 08024A32 00000006 R . . . . . .
sub_8024A50          ROM 08024A50 0000001E R . . . . . .
sub_8024CC4          ROM 08024CC4 00000014 R . . . . . .
sub_8024CD8          ROM 08024CD8 00000006 R . . . . . .
sub_8024CEE          ROM 08024CEE 00000004 R . . . . . .
sub_8024CF2          ROM 08024CF2 00000004 R . . . . . .
sub_8024CF6          ROM 08024CF6 00000004 R . . . . . .
sub_8024CFA          ROM 08024CFA 00000006 R . . . . . .
sub_8024E54          ROM 08024E54 00000016 R . . . . . .
sub_8024ED0          ROM 08024ED0 00000008 R . . . . . .
sub_8025588          ROM 08025588 00000004 R . . . . . .
sub_8025768          ROM 08025768 000006EA . . . . . . .
sub_8025E90          ROM 08025E90 00000010 . . . . . . .
sub_8025ECC          ROM 08025ECC 0000004C R . . . B . .
PhracturedBlue is offline Find More Posts by PhracturedBlue
Reply With Quote