Thread: Discussion Walkera DEVO Tx Hacking
View Single Post
Old Apr 06, 2012, 03:21 PM
rcH4x0r is offline
Find More Posts by rcH4x0r
Registered User
Joined Jun 2010
125 Posts
Did some testing. I tried PB's original code & got the same result, 4 bytes (00 04 00 20).

Then I modified a for loop to fill a number of bytes with a fixed value. This is a sanity check to see if we are being overwritten somehow:

Code:
movs    r5, #0
Loop1:
	movs	r1, #0xFA
	strb	r1, [r0, r5]
	add	r5, r5, #1

	cmp	r5, #0x80
	blt	        Loop1
	mov       pc, lr
Now when I reset & dump the model data I get some 0xFA's - woot, but I get 0xCF of them and not 0x80

Next I modified the loop to copy the bootloader byte by byte

Code:
	movs    r5, #0
	ldr	r1, =startaddress

Loop1:
	ldrb    r3, [r1,r5]
	strb    r3, [r0,r5]
	add    r5,  r5, #1

	cmp    r5, #0x80
	blt    Loop1

	mov    pc, lr

.equ startaddress, 0x08000000
Now I get some more bytes:

Code:
	0x00, 0x04, 0x00, 0x20, 0x67, 0x01, 0x00, 0x08, 0x3F, 0x16, 0x00, 0x08, 0xFF, 0x0F, 0x00, 0x08, 
	0x3D, 0x16, 0x00, 0x08, 0x75, 0x02, 0x00, 0x08, 0xB5, 0x27, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xCD, 0x1E, 0x00, 0x08, 
	0x01, 0x0C, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0xDD, 0x17, 0x00, 0x08, 0xED, 0x24, 0x00, 0x08, 
	0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 
	0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 
	0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 
	0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 
	0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 
	0x95, 0x27, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 
	0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 
	0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08, 
	0x87, 0x01, 0x00, 0x08, 0x87, 0x01, 0x00, 0x08
The reset vector 08000167 which makes sense
rcH4x0r is offline Find More Posts by rcH4x0r
Reply With Quote