1 line
9.5 KiB
JavaScript
1 line
9.5 KiB
JavaScript
Search.setIndex({"docnames": ["index", "s905x3/debugger_implementation", "s905x3/emulation", "s905x3/s905x3"], "filenames": ["index.rst", "s905x3/debugger_implementation.rst", "s905x3/emulation.rst", "s905x3/s905x3.rst"], "titles": ["Herreguard R&D on Amlogic", "Debugger Implementation", "Emulation", "BootROM S905X3"], "terms": {"research": [0, 3], "tool": 0, "develop": [0, 2, 3], "hack": 0, "base": [0, 2, 3], "devic": [0, 3], "thi": [0, 1, 2, 3], "project": [0, 3], "serv": 0, "one": [0, 2, 3], "refer": [0, 2, 3], "how": 0, "do": [0, 3], "emul": 0, "fuzz": 0, "bootrom": [], "s905x3": 0, "For": [2, 3], "binari": 3, "pleas": 3, "follow": [1, 2, 3], "link": 3, "http": 3, "git": 3, "herreweb": 3, "nl": 3, "eljakimherrewijnen": 3, "bootrom_collect": 3, "also": [2, 3], "ghidra": 3, "server": 3, "contain": 3, "amlog": 3, "an": [2, 3], "when": [2, 3], "i": [1, 2, 3], "have": [2, 3], "set": [2, 3], "up": [2, 3], "exploit": 0, "u": 0, "boot": [0, 2], "The": [1, 2, 3], "processor": [1, 3], "memori": [1, 2, 3], "map": 1, "figur": [2, 3], "out": [2, 3], "where": [2, 3], "stack": [2, 3], "0xfffe3800": [2, 3], "goal": [2, 3], "make": [2, 3], "fuzzer": [2, 3], "usb": 2, "To": [2, 3], "get": [2, 3], "insight": [2, 3], "help": [2, 3], "revers": [2, 3], "engin": [2, 3], "being": [2, 3], "implement": 2, "softwar": [2, 3], "alwai": [2, 3], "send": [2, 3], "messag": [2, 3], "over": [2, 3], "can": [2, 3], "now": [2, 3], "print": [2, 3], "byte": [2, 3], "self": [2, 3], "get_devic": [2, 3], "get_rx": [2, 3], "b": [2, 3], "bl": [2, 3], "511f6b": [2, 3], "x00": [2, 3], "feat": [2, 3], "ff800228": [2, 3], "0": [2, 3], "poc": [2, 3], "rcy": [2, 3], "dump": 2, "efus": [2, 3], "from": [2, 3], "us": [2, 3], "along": [2, 3], "quickli": [2, 3], "after": [2, 3], "string": [2, 3], "read": [2, 3], "accord": [2, 3], "sever": [2, 3], "sourc": [2, 3], "internet": [2, 3], "hdmi": [2, 3], "port": [2, 3], "check": [2, 3], "serial": [2, 3], "protocol": [2, 3], "which": [2, 3], "reli": [2, 3], "2": [2, 3], "line": [2, 3], "sck": [2, 3], "clock": [2, 3], "sda": [2, 3], "data": [2, 3], "soc": [2, 3], "we": [2, 3], "see": [2, 3], "gpio25": [2, 3], "scl": [2, 3], "gpio27": [2, 3], "explan": [2, 3], "chatgpt": [2, 3], "inter": [2, 3], "integr": [2, 3], "circuit": [2, 3], "popular": [2, 3], "commun": [2, 3], "between": [2, 3], "ic": [2, 3], "variou": [2, 3], "electron": [2, 3], "It": [2, 3], "wa": [2, 3], "philip": [2, 3], "nxp": [2, 3], "semiconductor": [2, 3], "wide": [2, 3], "adopt": [2, 3], "due": [2, 3], "its": [2, 3], "simplic": [2, 3], "versatil": [2, 3], "kei": [2, 3], "featur": [2, 3], "includ": [2, 3], "master": [2, 3], "slave": [2, 3], "architectur": [2, 3], "bu": [2, 3], "typic": [2, 3], "consist": [2, 3], "more": [2, 3], "multipl": [2, 3], "initi": [2, 3], "control": [2, 3], "while": [2, 3], "respond": [2, 3], "command": [2, 3], "provid": [2, 3], "servic": [2, 3], "two": [2, 3], "wire": [2, 3], "util": [2, 3], "both": [2, 3], "ar": [2, 3], "bidirect": [2, 3], "allow": [2, 3], "transmit": [2, 3], "direct": [2, 3], "address": [2, 3], "each": [2, 3], "ha": [2, 3], "uniqu": [2, 3], "specif": [2, 3], "7": [2, 3], "bit": [2, 3], "10": [2, 3], "depend": [2, 3], "variant": [2, 3], "start": [2, 3], "stop": [2, 3], "condit": [2, 3], "assert": [2, 3], "fall": [2, 3], "edg": [2, 3], "high": [2, 3], "indic": [2, 3], "begin": [2, 3], "transmiss": [2, 3], "rise": [2, 3], "end": [2, 3], "transfer": [2, 3], "8": [2, 3], "acknowledg": [2, 3], "ack": [2, 3], "nack": [2, 3], "whether": [2, 3], "receiv": [2, 3], "successfulli": [2, 3], "synchron": [2, 3], "signal": [2, 3], "oper": [2, 3], "standard": [2, 3], "fast": [2, 3], "mode": [2, 3], "support": [2, 3], "main": [2, 3], "100": [2, 3], "kbit": [2, 3], "": [2, 3], "400": [2, 3], "some": [2, 3], "speed": [2, 3], "3": [2, 3], "4": [2, 3], "mbit": [2, 3], "ultra": [2, 3], "5": [2, 3], "multi": [2, 3], "coexist": [2, 3], "same": [2, 3], "collis": [2, 3], "detect": [2, 3], "arbitr": [2, 3], "mechan": [2, 3], "emploi": [2, 3], "prevent": [2, 3], "conflict": [2, 3], "ensur": [2, 3], "proper": [2, 3], "commonli": [2, 3], "purpos": [2, 3], "connect": [2, 3], "sensor": [2, 3], "displai": [2, 3], "other": [2, 3], "peripher": [2, 3], "microcontrol": [2, 3], "embed": [2, 3], "system": [2, 3], "simpl": [2, 3], "effici": [2, 3], "mean": [2, 3], "minim": [2, 3], "requir": [2, 3], "import": [2, 3], "note": [2, 3], "differ": [2, 3], "mai": [2, 3], "variat": [2, 3], "addit": [2, 3], "built": [2, 3], "top": [2, 3], "basic": [2, 3], "therefor": [2, 3], "recommend": [2, 3], "datasheet": [2, 3], "document": [2, 3], "detail": [2, 3], "inform": [2, 3], "usag": [2, 3], "configur": [2, 3], "particular": [2, 3], "lot": 3, "android": 3, "tv": 3, "box": 3, "you": 3, "bui": 3, "marketplac": 3, "like": 3, "aliexpress": 3, "These": 3, "fun": 3, "becaus": 3, "thei": 3, "cheap": 3, "quit": 3, "pheriper": 3, "would": 3, "usual": 3, "board": 3, "here": 3, "vontar": 3, "x96": 3, "air": 3, "whic": 3, "avail": 3, "4gb": 3, "lpddr4": 3, "ram": 3, "64gb": 3, "emmc": 3, "storag": 3, "1000mbit": 3, "ethernet": 3, "wifi": 3, "bluetooth": 3, "There": 3, "alreadi": 3, "vulner": 3, "famili": 3, "publish": 3, "fred": 3, "blog": 3, "yet": 3, "been": 3, "type": 3, "so": 3, "let": 3, "first": 3, "take": 3, "look": 3, "layout": 3, "handl": 3, "req_wr_large_mem": 3, "doe": 3, "empti": 3, "overflow": 3, "download": 3, "buffer": 3, "overwrit": 3, "our": 3, "regist": 3, "lr": 3, "present": 3, "crash": 3, "try": 3, "larg": 3, "portion": 3, "payload": 3, "valid": 3, "pointer": 3, "should": 3, "abl": 3, "least": 3, "64kb": 3, "part": 3, "point": 3, "locat": 3, "target": 3, "code": 3, "def": 3, "test_vulner": 3, "amlogicdevic": 3, "controldata": 3, "pack": 3, "iiii": 3, "d_buffer_start": 3, "d_buffer_max": 3, "dev": 3, "ctrl_transfer": 3, "bmrequesttyp": 3, "0x40": 3, "brequest": 3, "wvalu": 3, "bulk_transfer_s": 3, "windex": 3, "100000": 3, "data_or_wlength": 3, "guess_overflow": 3, "1070": 3, "0xfffe3688": 3, "1078": 3, "rang": 3, "usb_writ": 3, "overflow_addr": 3, "struct": 3, "q": 3, "bootrom_start": 3, "true": 3, "info": 3, "f": 3, "hex": 3, "result": 3, "0xfffe2e00": 3, "probabl": 3, "visualis": 3, "As": 3, "turn": 3, "someon": 3, "els": 3, "found": 3, "why": 3, "good": 3, "thorough": 3, "exist": 3, "new": 3, "abov": 3, "uboot": 3, "attach": 3, "debugg": 3, "need": 3, "howev": 3, "onli": 3, "function": 3, "know": 3, "live": 3, "want": 3, "One": 3, "current": 3, "miss": 3, "someth": 3, "run": 3, "setup": 3, "ga": 3, "sinc": 3, "assum": 3, "peek": 3, "poke": 3, "might": 3, "chang": 3, "futur": 3, "void": 3, "recv_data": 3, "uint32_t": 3, "len": 3, "tx": 3, "0xffff0000": 3, "0x10000": 3, "opensourc": 3, "bootload": 3, "A": 3, "copi": 3, "could": 3, "structur": 3, "symbol": 3, "creat": 3, "databas": 3, "find": 3, "renam": 3, "gcc": 3, "aarch64": 3, "compil": 3, "sudo": 3, "apt": 3, "instal": 3, "linux": 3, "gnu": 3, "bison": 3, "flex": 3, "clone": 3, "denx": 3, "de": 3, "export": 3, "cross_compil": 3, "arch": 3, "arm64": 3, "sei610_defconfig": 3, "j2": 3, "i2c": 3, "uart": 3, "timer": 3, "todo": 3, "chromecast": 3, "version": 3, "d": 3, "usb_read": 3, "0x200": 3, "okay0": 3, "1": 3, "x00downloads": 3, "x000x": 3, "x00max": 3, "size": 3, "x00serialno": 3, "x00product": 3, "x00amlog": 3, "x00i": 3, "decod": 3, "1downloadsize0xmax": 3, "sizeserialnoproductamlogici": 3, "downloads": 3, "hexdump": 3, "0x00000000": 3, "4f": 3, "4b": 3, "41": 3, "59": 3, "30": 3, "78": 3, "32": 3, "39": 3, "38": 3, "00": 3, "6c": 3, "okay0x00029800": 3, "l": 3, "0x00000010": 3, "6f": 3, "61": 3, "64": 3, "2d": 3, "73": 3, "69": 3, "7a": 3, "65": 3, "72": 3, "6e": 3, "oad": 3, "serialn": 3, "0x00000020": 3, "70": 3, "75": 3, "63": 3, "74": 3, "4d": 3, "4c": 3, "47": 3, "49": 3, "o": 3, "product": 3, "amlogi": 3, "0x00000030": 3, "43": 3, "66": 3, "79": 3, "67": 3, "68": 3, "c": 3, "identifi": 3, "getch": 3, "0x00000040": 3, "ipin": 3, "serialno": 3, "33": 3, "31": 3, "okay80d9c3088891": 3, "62": 3, "2e1b00000000": 3, "max": 3, "number": 3, "argument": 3, "0xb": 3, "seem": 3, "06": 3, "01": 3, "0f": 3, "b1": 3, "02": 3, "f7": 3, "okai": 3, "20": 3, "ee": 3, "a8": 3, "44": 3, "ff": 3, "48": 3, "c1": 3, "h": 3, "a4": 3, "b0": 3, "possibl": 3, "somewhat": 3, "influenc": 3, "what": 3, "0x29800": 3}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"bootrom": [0, 3], "s905x3": 3, "herreguard": 0, "r": 0, "d": 0, "amlog": 0, "tool": [], "debugg": 1, "implement": [1, 3], "emul": [2, 3], "devic": 2, "uart": 2, "timer": 2, "todo": 2, "i2c": 2, "exploit": 3, "github": 3, "dump": 3, "u": 3, "boot": 3, "build": 3, "usb": 3, "fastboot": 3, "getvar": 3}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 8, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.todo": 2, "sphinx": 57}, "alltitles": {"Debugger Implementation": [[1, "debugger-implementation"]], "Emulation": [[2, "emulation"], [3, "emulation"]], "Devices": [[2, "devices"]], "UART Device": [[2, "uart-device"]], "Timer Device": [[2, "timer-device"]], "TODO": [[2, "todo"]], "I2C Device": [[2, "i2c-device"]], "BootROM S905X3": [[3, "bootrom-s905x3"]], "Bootrom Exploit": [[3, "bootrom-exploit"]], "github": [[3, "github"]], "Dumping the bootrom": [[3, "dumping-the-bootrom"]], "U-Boot": [[3, "u-boot"]], "Build U-Boot": [[3, "build-u-boot"]], "Implementing USB": [[3, "implementing-usb"]], "Fastboot": [[3, "fastboot"]], "getvar": [[3, "getvar"]], "Herreguard R&D on Amlogic": [[0, "herreguard-r-d-on-amlogic"]], "Bootroms": [[0, null]]}, "indexentries": {}}) |