CalvinBackup/Embedded-Hacking
1
0
Fork 0
mirror of https://github.com/mytechnotalent/Embedded-Hacking.git synced 2026-06-07 23:03:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated WEEK07

Browse Source
This commit is contained in:
Kevin Thomas
2026-06-07 08:26:29 -04:00
parent f25bb72496
commit 4e16c21015
12 changed files with 835 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
WEEK07/WEEK07.md
+54 -57
View File
@@ -230,8 +230,8 @@ The Pico SDK uses a struct to represent each I2C controller:
```c
struct i2c_inst {
i2c_hw_t *hw; // Pointer to hardware registers
bool restart_on_next; // SDK internal flag
i2c_hw_t *hw; // Pointer to hardware registers
bool restart_on_next; // SDK internal flag
};
```
@@ -315,9 +315,9 @@ i2c_init(I2C_PORT, 100000);
In assembly:
```assembly
ldr r0, [address of i2c1_inst] ; r0 = pointer to struct (first arg)
ldr r1, =0x186A0 ; r1 = 100000 (second arg)
bl i2c_init ; Call the function
ldr r0, [address of i2c1_inst] ; r0 = pointer to struct (first arg)
ldr r1, =0x186A0 ; r1 = 100000 (second arg)
bl i2c_init ; Call the function
```
---
@@ -499,10 +499,11 @@ x/54i 0x10000234
You should see output like:
```
0x10000234 <main>: push {r3, lr}
0x10000236 <main+2>: bl 0x100037fc <stdio_init_all>
0x1000023a <main+6>: ldr r1, [pc, #104] @ (0x100002a4 <main+112>)
0x1000023c <main+8>: ldr r0, [pc, #104] @ (0x100002a8 <main+116>)
(gdb) x/54i 0x10000234
0x10000234 <main>: push {r3, lr}
0x10000236 <main+2>: bl 0x100037fc <stdio_init_all>
0x1000023a <main+6>: ldr r1, [pc, #104] @ (0x100002a4 <main+112>)
0x1000023c <main+8>: ldr r0, [pc, #104] @ (0x100002a8 <main+116>)
0x1000023e <main+10>: bl 0x10003cdc <i2c_init>
0x10000242 <main+14>: movs r1, #3
0x10000244 <main+16>: movs r0, #2
@@ -521,28 +522,23 @@ You should see output like:
0x10000266 <main+50>: movs r3, #8
0x10000268 <main+52>: movs r2, #4
0x1000026a <main+54>: movs r1, #39 @ 0x27
0x1000026c <main+56>:
ldr r0, [pc, #56] @ (0x100002a8 <main+116>)
0x1000026c <main+56>: ldr r0, [pc, #56] @ (0x100002a8 <main+116>)
0x1000026e <main+58>: bl 0x100002bc <lcd_i2c_init>
0x10000272 <main+62>: movs r1, #0
0x10000274 <main+64>: mov r0, r1
0x10000276 <main+66>: bl 0x100006f4 <lcd_set_cursor>
0x1000027a <main+70>:
ldr r0, [pc, #48] @ (0x100002ac <main+120>)
0x1000027a <main+70>: ldr r0, [pc, #48] @ (0x100002ac <main+120>)
0x1000027c <main+72>: bl 0x100007f0 <lcd_puts>
0x10000280 <main+76>: movs r0, #1
0x10000282 <main+78>: movs r1, #0
0x10000284 <main+80>: bl 0x100006f4 <lcd_set_cursor>
0x10000288 <main+84>:
ldr r0, [pc, #36] @ (0x100002b0 <main+124>)
0x10000288 <main+84>: ldr r0, [pc, #36] @ (0x100002b0 <main+124>)
0x1000028a <main+86>: bl 0x100007f0 <lcd_puts>
0x1000028e <main+90>: movs r1, #42 @ 0x2a
0x10000290 <main+92>:
ldr r0, [pc, #32] @ (0x100002b4 <main+128>)
0x10000290 <main+92>: ldr r0, [pc, #32] @ (0x100002b4 <main+128>)
0x10000292 <main+94>: bl 0x1000398c <__wrap_printf>
0x10000296 <main+98>: movw r1, #1337 @ 0x539
0x1000029a <main+102>:
ldr r0, [pc, #28] @ (0x100002b8 <main+132>)
0x1000029a <main+102>: ldr r0, [pc, #28] @ (0x100002b8 <main+132>)
0x1000029c <main+104>: bl 0x1000398c <__wrap_printf>
0x100002a0 <main+108>: b.n 0x1000028e <main+90>
0x100002a2 <main+110>: nop
@@ -567,20 +563,6 @@ b *0x10000234
c
```
GDB responds:
```
Breakpoint 1 at 0x10000234: file C:/Users/assem.KEVINTHOMAS/OneDrive/Documents/Embedded-Hacking/0x0017_constants/0x0017_constants.c, line 16.
Note: automatically using hardware breakpoints for read-only addresses.
(gdb) c
Continuing.
Thread 1 "rp2350.cm0" hit Breakpoint 1, main ()
at C:/Users/assem.KEVINTHOMAS/OneDrive/Documents/Embedded-Hacking/0x0017_constants/0x0017_constants.c:16
16 stdio_init_all();
```
> **Note:** If GDB says `The program is not being run.` when you type `c`, the target hasn't been started yet. Use `monitor reset halt` first, then `c` to continue to your breakpoint.
### Step 6: Find the #define Constant (FAV_NUM)
Step through to the printf call and examine the registers:
@@ -592,7 +574,7 @@ x/20i 0x1000028e
Look for:
```
...
0x1000028e <main+90>: movs r1, #42 @ 0x2a
0x1000028e <main+90>: movs r1, #42 @ 0x2a
...
```
@@ -610,7 +592,7 @@ Look for this instruction:
```
...
0x10000296 <main+98>: movw r1, #1337 @ 0x539
0x10000296 <main+98>: movw r1, #1337 @ 0x539
...
```
@@ -643,7 +625,22 @@ These are the values that `ldr rN, [pc, #offset]` instructions load:
| `0x100002b4` | `0x10003EFC` | "FAV_NUM: %d\r\n" format str |
| `0x100002b8` | `0x10003F0C` | "OTHER_FAV_NUM: %d\r\n" fmt |
> Tip: **Why does the disassembly at `0x100002a4` show `strh r0, [r4, #52]` instead of data?** Same reason as Week 6 - GDB's `x/i` tries to decode raw data as instructions. Use `x/wx` to see the actual word values.
> Tip: **Why does the disassembly at `0x100002a4` show `strh r0, [r4, #52]` instead of data?** Same reason as Week 6 - GDB's `x/i` tries to decode raw data as instructions. Use `x/wx` to see the actual word values or we can also use `x/x`.
```gdb
(gdb) x/x 0x100002a4
0x100002a4 <main+112>: 0x000186a0
(gdb) x/x 0x100002a8
0x100002a8 <main+116>: 0x2000062c
(gdb) x/x 0x100002ac
0x100002ac <main+120>: 0x10003ee8
(gdb) x/x 0x100002b0
0x100002b0 <main+124>: 0x10003ef0
(gdb) x/x 0x100002b4
0x100002b4 <main+128>: 0x10003efc
(gdb) x/x 0x100002b8
0x100002b8 <main+132>: 0x10003f0c
```
### Step 9: Examine the I2C Struct
@@ -668,7 +665,7 @@ x/s 0x10003ee8
Output:
```
0x10003ee8: "Reverse"
0x10003ee8: "Reverse"
```
```
@@ -677,16 +674,19 @@ x/s 0x10003ef0
Output:
```
0x10003ef0: "Engineering"
0x10003ef0: "Engineering"
```
### Step 11: Step Through I2C Initialization
Use `si` to step through instructions and watch the I2C setup:
Step through instructions and watch the I2C setup:
```
si
i r r0 r1
```gdb
(gdb) b *0x1000023e
(gdb) c
(gdb) i r r0 r1
r0 0x2000062c 536872492
r1 0x186a0 100000
```
---
@@ -701,14 +701,14 @@ From GDB, we discovered something interesting - **both constants ended up as ins
**For FAV_NUM (42) - a `#define` macro:**
```
0x1000028e: movs r1, #42 @ 0x2a
0x1000028e <+90>: movs r1, #42 @ 0x2a
```
The value 42 is embedded directly in a 16-bit Thumb instruction. This is expected - `#define` is text replacement, so the compiler never sees `FAV_NUM`, only `42`.
**For OTHER_FAV_NUM (1337) - a `const` variable:**
```
0x10000296: movw r1, #1337 @ 0x539
0x10000296 <+98>: movw r1, #1337 @ 0x539
```
The value 1337 is ALSO embedded directly in an instruction - but this time a 32-bit Thumb-2 `movw` because the value doesn't fit in 8 bits.
@@ -752,10 +752,10 @@ We found the LCD strings in flash memory:
```gdb
(gdb) x/s 0x10003ee8
0x10003ee8: "Reverse"
0x10003ee8: "Reverse"
(gdb) x/s 0x10003ef0
0x10003ef0: "Engineering"
0x10003ef0: "Engineering"
```
These are stored consecutively in the `.rodata` section. Note the addresses - we'll need them for patching.
@@ -795,7 +795,7 @@ From our GDB analysis, we know the instruction at `0x1000028e` is:
movs r1, #0x2a -> bytes: 2a 21
```
In HxD, navigate to file offset `0x28E` and verify you see the byte `2A` followed by `21`.
In HxD, use **Ctrl+G** to navigate to file offset `28E` and verify you see the byte `2A` followed by `21`.
> ?? **How Thumb encoding works:** In `movs r1, #imm8`, the immediate value is the first byte, and the opcode `21` is the second byte. So the bytes `2a 21` encode `movs r1, #0x2a` (42). If you wanted to change this to 43, you'd change `2A` to `2B`.
@@ -812,11 +812,11 @@ This is the 32-bit Thumb-2 encoding of `movw r1, #0x539` (1337). The bytes break
```
+-----------------------------------------------------------------+
| movw r1, #0x539 -> bytes: 40 F2 39 51 |
| movw r1, #0x539 -> bytes: 40 F2 39 51 |
| |
| Byte 0: 0x40 -?? |
| Byte 1: 0xF2 -+ First halfword (opcode + upper imm bits) |
| Byte 2: 0x39 ---- Lower 8 bits of immediate (imm8) ?? CHANGE |
| Byte 0: 0x40 -?? |
| Byte 1: 0xF2 -+ First halfword (opcode + upper imm bits) |
| Byte 2: 0x39 ---- Lower 8 bits of immediate (imm8) ?? CHANGE |
| Byte 3: 0x51 ---- Destination register (r1) + upper imm bits |
| |
| imm16 = 0x0539 = 1337 decimal |
@@ -962,9 +962,9 @@ The numbers are unchanged - we only patched the LCD string!
```
+-----------------------------------------------------------------+
| I2C_PORT -> i2c1 -> &i2c1_inst -> i2c_inst_t |
| I2C_PORT -> i2c1 -> &i2c1_inst -> i2c_inst_t |
| | |
| +-- hw -> i2c_hw_t * |
| +-- hw -> i2c_hw_t * |
| | +-- 0x40098000 |
| | |
| +-- restart_on_next (bool) |
@@ -1071,7 +1071,4 @@ The numbers are unchanged - we only patched the LCD string!
**Remember:** When you see complex nested structures in a binary, take your time to understand the hierarchy. Use GDB to examine struct layouts in memory and trace pointer chains. And always remember - even "constants" can be hacked!
Happy hacking! ?
Happy hacking! ?
WEEK07/slides/WEEK07-IMG00.svg
+79
View File
@@ -0,0 +1,79 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<!-- Background grid decoration -->
<g opacity="0.06">
<line x1="0" y1="100" x2="1200" y2="100" stroke="#00ff41" stroke-width="1"/>
<line x1="0" y1="200" x2="1200" y2="200" stroke="#00ff41" stroke-width="1"/>
<line x1="0" y1="300" x2="1200" y2="300" stroke="#00ff41" stroke-width="1"/>
<line x1="0" y1="400" x2="1200" y2="400" stroke="#00ff41" stroke-width="1"/>
<line x1="0" y1="500" x2="1200" y2="500" stroke="#00ff41" stroke-width="1"/>
<line x1="0" y1="600" x2="1200" y2="600" stroke="#00ff41" stroke-width="1"/>
<line x1="0" y1="700" x2="1200" y2="700" stroke="#00ff41" stroke-width="1"/>
<line x1="200" y1="0" x2="200" y2="800" stroke="#00ff41" stroke-width="1"/>
<line x1="400" y1="0" x2="400" y2="800" stroke="#00ff41" stroke-width="1"/>
<line x1="600" y1="0" x2="600" y2="800" stroke="#00ff41" stroke-width="1"/>
<line x1="800" y1="0" x2="800" y2="800" stroke="#00ff41" stroke-width="1"/>
<line x1="1000" y1="0" x2="1000" y2="800" stroke="#00ff41" stroke-width="1"/>
</g>
<!-- Hex rain decoration -->
<g opacity="0.04" font-family="'Courier New',monospace" font-size="14" fill="#00ff41">
<text x="50" y="80">4F 70 65 6E 4F 43 44</text>
<text x="900" y="120">10 00 02 34 08 B5 01</text>
<text x="150" y="180">47 44 42 20 52 45 56</text>
<text x="800" y="240">20 08 20 00 FF AA 00</text>
<text x="80" y="350">52 50 32 33 35 30 00</text>
<text x="950" y="380">0A 0A 0F 12 12 1A 1A</text>
<text x="100" y="520">41 52 4D 76 38 2D 4D</text>
<text x="870" y="560">00 FF 41 00 D4 FF 88</text>
<text x="60" y="680">47 48 49 44 52 41 00</text>
<text x="920" y="720">FF 00 40 C0 C0 C0 00</text>
</g>
<!-- Corner accents -->
<polyline points="30,30 30,80 80,80" fill="none" stroke="#00ff41" stroke-width="2" opacity="0.3"/>
<polyline points="1170,30 1170,80 1120,80" fill="none" stroke="#00ff41" stroke-width="2" opacity="0.3"/>
<polyline points="30,770 30,720 80,720" fill="none" stroke="#00ff41" stroke-width="2" opacity="0.3"/>
<polyline points="1170,770 1170,720 1120,720" fill="none" stroke="#00ff41" stroke-width="2" opacity="0.3"/>
<!-- Top accent line -->
<rect x="100" y="140" width="1000" height="2" fill="#00ff41" opacity="0.4"/>
<!-- Course Title -->
<text x="600" y="210" text-anchor="middle" font-family="'Courier New',monospace" font-size="56" font-weight="bold" fill="#00ff41">Embedded Systems</text>
<text x="600" y="278" text-anchor="middle" font-family="'Courier New',monospace" font-size="56" font-weight="bold" fill="#00ff41">Reverse Engineering</text>
<!-- Divider -->
<rect x="300" y="310" width="600" height="2" fill="#00d4ff" opacity="0.6"/>
<!-- Week Number -->
<text x="600" y="380" text-anchor="middle" font-family="'Courier New',monospace" font-size="42" font-weight="bold" fill="#00d4ff">// WEEK 07</text>
<!-- Week Topic -->
<text x="600" y="440" text-anchor="middle" font-family="'Courier New',monospace" font-size="28" fill="#c0c0c0">Constants in Embedded Systems:</text>
<text x="600" y="478" text-anchor="middle" font-family="'Courier New',monospace" font-size="28" fill="#c0c0c0">Debugging and Hacking Constants</text>
<text x="600" y="516" text-anchor="middle" font-family="'Courier New',monospace" font-size="28" fill="#c0c0c0">w/ 1602 LCD I2C Basics</text>
<!-- Bottom accent line -->
<rect x="100" y="570" width="1000" height="2" fill="#00ff41" opacity="0.4"/>
<!-- University -->
<text x="600" y="635" text-anchor="middle" font-family="'Courier New',monospace" font-size="36" font-weight="bold" fill="#ffaa00">George Mason University</text>
<!-- Bottom badge -->
<rect x="400" y="670" width="400" height="40" rx="20" fill="none" stroke="#00ff41" stroke-width="1.5" opacity="0.5"/>
<text x="600" y="697" text-anchor="middle" font-family="'Courier New',monospace" font-size="20" fill="#00ff41" opacity="0.7">RP2350 // ARM Cortex-M33</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.4 KiB

WEEK07/slides/WEEK07-IMG01.svg
+63
View File
@@ -0,0 +1,63 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">#define vs const</text>
<text class="dim" x="600" y="88" text-anchor="middle">Preprocessor Macros vs Constant Variables</text>
<!-- Left Panel: #define -->
<rect class="pnl" x="30" y="110" width="555" height="370" rx="8"/>
<text class="amb" x="50" y="145">#define FAV_NUM 42</text>
<rect x="50" y="160" width="515" height="140" rx="6" fill="#1a1a2e" stroke="#ffaa00" stroke-width="1"/>
<text class="txt" x="70" y="190">Preprocessor text replacement</text>
<text class="txt" x="70" y="220">Happens BEFORE compilation</text>
<text class="txt" x="70" y="250">No memory allocated</text>
<text class="txt" x="70" y="280">Cannot take address (&amp;)</text>
<text class="dim" x="50" y="325">In Binary:</text>
<rect x="50" y="335" width="515" height="55" rx="6" fill="#0a0a0f" stroke="#ffaa00" stroke-width="1"/>
<text class="grn" x="70" y="368">movs r1, #42 @ 0x2a</text>
<text class="dim" x="50" y="415">16-bit Thumb instruction</text>
<text class="dim" x="50" y="440">Value embedded as immediate</text>
<text class="dim" x="50" y="465">Compiler sees only "42"</text>
<!-- Right Panel: const -->
<rect class="pnl" x="615" y="110" width="555" height="370" rx="8"/>
<text class="cyn" x="635" y="145">const int OTHER_FAV_NUM=1337</text>
<rect x="635" y="160" width="515" height="140" rx="6" fill="#1a1a2e" stroke="#00d4ff" stroke-width="1"/>
<text class="txt" x="655" y="190">Creates real variable</text>
<text class="txt" x="655" y="220">Theoretically in .rodata</text>
<text class="txt" x="655" y="250">Has an address (if needed)</text>
<text class="txt" x="655" y="280">Type-checked by compiler</text>
<text class="dim" x="635" y="325">In Binary:</text>
<rect x="635" y="335" width="515" height="55" rx="6" fill="#0a0a0f" stroke="#00d4ff" stroke-width="1"/>
<text class="grn" x="655" y="368">movw r1, #1337 @ 0x539</text>
<text class="dim" x="635" y="415">32-bit Thumb-2 instruction</text>
<text class="dim" x="635" y="440">Also embedded as immediate!</text>
<text class="dim" x="635" y="465">Compiler optimized it away</text>
<!-- Bottom Panel: Key Insight -->
<rect class="pnl" x="30" y="500" width="1140" height="140" rx="8"/>
<text class="red" x="50" y="535">KEY INSIGHT:</text>
<text class="txt" x="265" y="535">Both ended up as instruction immediates!</text>
<text class="dim" x="50" y="570">The compiler saw &amp;OTHER_FAV_NUM is never used, so it</text>
<text class="dim" x="50" y="595">optimized const the same way as #define -- no memory load needed.</text>
<text class="amb" x="50" y="625">Lesson: const is a source-level concept -- not guaranteed in binary</text>
<!-- Footer -->
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.3 KiB

WEEK07/slides/WEEK07-IMG02.svg
+85
View File
@@ -0,0 +1,85 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">I2C Protocol</text>
<text class="dim" x="600" y="88" text-anchor="middle">Two-Wire Serial Communication</text>
<!-- Top Left: What is I2C -->
<rect class="pnl" x="30" y="110" width="555" height="190" rx="8"/>
<text class="sub" x="50" y="145">What is I2C?</text>
<text class="txt" x="50" y="180">Two-wire serial protocol</text>
<text class="cyn" x="50" y="210">SDA</text>
<text class="txt" x="120" y="210">= Serial Data</text>
<text class="cyn" x="50" y="240">SCL</text>
<text class="txt" x="120" y="240">= Serial Clock</text>
<text class="dim" x="50" y="270">Open-drain with pull-up resistors</text>
<!-- Top Right: Bus Diagram -->
<rect class="pnl" x="615" y="110" width="555" height="190" rx="8"/>
<text class="sub" x="635" y="145">I2C Bus</text>
<rect x="655" y="165" width="100" height="40" rx="4" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text class="grn" x="680" y="192">Pico</text>
<line x1="755" y1="175" x2="850" y2="175" stroke="#00d4ff" stroke-width="2"/>
<line x1="755" y1="195" x2="850" y2="195" stroke="#ffaa00" stroke-width="2"/>
<text class="dim" x="770" y="170">SDA</text>
<text class="dim" x="770" y="215">SCL</text>
<rect x="850" y="165" width="100" height="40" rx="4" fill="#0a0a0f" stroke="#ff0040" stroke-width="1"/>
<text class="red" x="878" y="192">LCD</text>
<text class="dim" x="655" y="245">GPIO 2 = SDA, GPIO 3 = SCL</text>
<text class="dim" x="655" y="270">Pull-ups hold lines HIGH</text>
<!-- Middle: Device Addresses -->
<rect class="pnl" x="30" y="315" width="1140" height="135" rx="8"/>
<text class="sub" x="50" y="350">Common I2C Addresses (7-bit)</text>
<rect x="50" y="365" width="250" height="60" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="amb" x="70" y="392">0x27</text>
<text class="dim" x="160" y="392">LCD</text>
<rect x="320" y="365" width="250" height="60" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="amb" x="340" y="392">0x3F</text>
<text class="dim" x="430" y="392">LCD Alt</text>
<rect x="590" y="365" width="265" height="60" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="amb" x="610" y="392">0x48</text>
<text class="dim" x="700" y="392">Sensor</text>
<rect x="875" y="365" width="275" height="60" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="amb" x="895" y="392">0x50</text>
<text class="dim" x="985" y="392">EEPROM</text>
<!-- Bottom: Transaction Flow -->
<rect class="pnl" x="30" y="465" width="1140" height="185" rx="8"/>
<text class="sub" x="50" y="500">I2C Transaction Flow</text>
<rect x="50" y="520" width="95" height="40" rx="4" fill="#00ff41" fill-opacity="0.15" stroke="#00ff41"/>
<text class="grn" x="65" y="546">START</text>
<text class="txt" x="155" y="546">--></text>
<rect x="200" y="520" width="140" height="40" rx="4" fill="#00d4ff" fill-opacity="0.15" stroke="#00d4ff"/>
<text class="cyn" x="215" y="546">Address</text>
<text class="txt" x="350" y="546">--></text>
<rect x="395" y="520" width="80" height="40" rx="4" fill="#ffaa00" fill-opacity="0.15" stroke="#ffaa00"/>
<text class="amb" x="413" y="546">ACK</text>
<text class="txt" x="485" y="546">--></text>
<rect x="530" y="520" width="95" height="40" rx="4" fill="#00d4ff" fill-opacity="0.15" stroke="#00d4ff"/>
<text class="cyn" x="548" y="546">Data</text>
<text class="txt" x="635" y="546">--></text>
<rect x="680" y="520" width="80" height="40" rx="4" fill="#ffaa00" fill-opacity="0.15" stroke="#ffaa00"/>
<text class="amb" x="698" y="546">ACK</text>
<text class="txt" x="770" y="546">--></text>
<rect x="815" y="520" width="90" height="40" rx="4" fill="#ff0040" fill-opacity="0.15" stroke="#ff0040"/>
<text class="red" x="833" y="546">STOP</text>
<text class="dim" x="50" y="595">Master sends START, then 7-bit address + R/W bit</text>
<text class="dim" x="50" y="620">Slave responds with ACK, then data bytes follow</text>
<!-- Footer -->
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.5 KiB

WEEK07/slides/WEEK07-IMG03.svg
+66
View File
@@ -0,0 +1,66 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">C Structs &amp; typedef</text>
<text class="dim" x="600" y="88" text-anchor="middle">Grouping Related Data in C</text>
<!-- Left Panel: Struct Definition -->
<rect class="pnl" x="30" y="110" width="555" height="320" rx="8"/>
<text class="sub" x="50" y="145">Struct Definition</text>
<rect x="50" y="160" width="515" height="245" rx="6" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="cyn" x="70" y="192">typedef struct {</text>
<text class="txt" x="100" y="222">i2c_hw_t *hw;</text>
<text class="txt" x="100" y="252">bool restart_on_next;</text>
<text class="cyn" x="70" y="282">} i2c_inst_t;</text>
<text class="dim" x="70" y="320">typedef creates an alias</text>
<text class="dim" x="70" y="345">so we can write: i2c_inst_t var;</text>
<text class="dim" x="70" y="370">instead of: struct { ... } var;</text>
<!-- Right Panel: Struct in Memory -->
<rect class="pnl" x="615" y="110" width="555" height="320" rx="8"/>
<text class="sub" x="635" y="145">Memory Layout</text>
<text class="dim" x="635" y="175">i2c_inst_t at 0x2000062C</text>
<rect x="635" y="190" width="515" height="70" rx="4" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text class="dim" x="655" y="215">Offset 0x00</text>
<text class="grn" x="820" y="215">hw</text>
<text class="amb" x="890" y="215">= 0x40098000</text>
<text class="dim" x="655" y="245">i2c_hw_t* (4 bytes)</text>
<rect x="635" y="270" width="515" height="70" rx="4" fill="#0a0a0f" stroke="#00d4ff" stroke-width="1"/>
<text class="dim" x="655" y="295">Offset 0x04</text>
<text class="cyn" x="820" y="295">restart_on_next</text>
<text class="amb" x="655" y="325">= 0x00 (false)</text>
<text class="dim" x="870" y="325">bool (1 byte)</text>
<text class="dim" x="635" y="370">Total struct size: 8 bytes</text>
<text class="dim" x="635" y="400">hw points to I2C1 registers</text>
<!-- Bottom: Forward Declaration -->
<rect class="pnl" x="30" y="445" width="1140" height="120" rx="8"/>
<text class="sub" x="50" y="480">Forward Declaration</text>
<rect x="50" y="495" width="1100" height="45" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="cyn" x="70" y="524">struct i2c_inst;</text>
<text class="dim" x="310" y="524">// tells compiler: this type exists, define later</text>
<!-- Bottom: Why structs -->
<rect class="pnl" x="30" y="580" width="1140" height="100" rx="8"/>
<text class="sub" x="50" y="615">Why Structs Matter in RE</text>
<text class="txt" x="50" y="650">GDB shows raw memory -- you must recognize struct layouts</text>
<text class="dim" x="50" y="670">x/2wx 0x2000062c shows: 0x40098000 0x00000000</text>
<!-- Footer -->
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.3 KiB

WEEK07/slides/WEEK07-IMG04.svg
+80
View File
@@ -0,0 +1,80 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">Pico SDK Macro Chain</text>
<text class="dim" x="600" y="88" text-anchor="middle">From I2C_PORT to Hardware Registers</text>
<!-- Chain visualization -->
<rect class="pnl" x="30" y="110" width="1140" height="480" rx="8"/>
<text class="sub" x="50" y="145">Macro Expansion Chain</text>
<!-- Step 1 -->
<rect x="50" y="165" width="280" height="55" rx="6" fill="#00ff41" fill-opacity="0.1" stroke="#00ff41"/>
<text class="grn" x="70" y="200">I2C_PORT</text>
<text class="dim" x="50" y="240">#define I2C_PORT i2c1</text>
<!-- Arrow 1 -->
<text class="txt" x="350" y="200">--></text>
<!-- Step 2 -->
<rect x="400" y="165" width="280" height="55" rx="6" fill="#00d4ff" fill-opacity="0.1" stroke="#00d4ff"/>
<text class="cyn" x="420" y="200">i2c1</text>
<text class="dim" x="400" y="240">#define i2c1 (&amp;i2c1_inst)</text>
<!-- Arrow 2 -->
<text class="txt" x="700" y="200">--></text>
<!-- Step 3 -->
<rect x="750" y="165" width="380" height="55" rx="6" fill="#ffaa00" fill-opacity="0.1" stroke="#ffaa00"/>
<text class="amb" x="770" y="200">&amp;i2c1_inst</text>
<text class="dim" x="750" y="240">Address of global struct</text>
<!-- Step 4: struct contents -->
<text class="sub" x="50" y="285">Struct Contents at 0x2000062C</text>
<rect x="50" y="300" width="1080" height="130" rx="6" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="txt" x="70" y="335">i2c_inst_t i2c1_inst = {</text>
<text class="txt" x="100" y="365">.hw = (i2c_hw_t *)0x40098000,</text>
<text class="txt" x="100" y="395">.restart_on_next = false</text>
<text class="txt" x="70" y="420">};</text>
<!-- Arrow to hardware -->
<text class="sub" x="50" y="445">Hardware Register Access</text>
<rect x="50" y="460" width="1080" height="110" rx="6" fill="#0a0a0f" stroke="#ff0040" stroke-width="1"/>
<text class="txt" x="70" y="490">i2c1_inst.hw</text>
<text class="txt" x="290" y="490">--></text>
<text class="amb" x="340" y="490">i2c1_hw</text>
<text class="txt" x="460" y="490">--></text>
<text class="red" x="510" y="490">(i2c_hw_t*)0x40098000</text>
<text class="dim" x="70" y="525">I2C1_BASE = 0x40098000</text>
<text class="dim" x="500" y="525">I2C0_BASE = 0x40090000</text>
<text class="dim" x="70" y="555">Direct memory-mapped I/O to RP2350 peripheral</text>
<!-- Bottom: Summary Box -->
<rect class="pnl" x="30" y="605" width="1140" height="85" rx="8"/>
<text class="red" x="50" y="640">FULL CHAIN:</text>
<text class="grn" x="240" y="640">I2C_PORT</text>
<text class="txt" x="390" y="640">--></text>
<text class="cyn" x="435" y="640">i2c1</text>
<text class="txt" x="510" y="640">--></text>
<text class="amb" x="555" y="640">&amp;i2c1_inst</text>
<text class="txt" x="720" y="640">--></text>
<text class="red" x="770" y="640">0x40098000</text>
<text class="dim" x="50" y="670">Macro --> Macro --> Struct pointer --> HW register base</text>
<!-- Footer -->
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

WEEK07/slides/WEEK07-IMG05.svg
+53
View File
@@ -0,0 +1,53 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">Source Code</text>
<text class="dim" x="600" y="88" text-anchor="middle">0x0017_constants.c</text>
<!-- Code Panel -->
<rect class="pnl" x="30" y="110" width="1140" height="470" rx="8"/>
<rect x="50" y="125" width="1100" height="440" rx="6" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="dim" x="70" y="155">//--- Defines and Constants ---</text>
<text class="cyn" x="70" y="185">#define FAV_NUM 42</text>
<text class="cyn" x="70" y="215">#define I2C_PORT i2c1</text>
<text class="cyn" x="70" y="245">#define I2C_SDA_PIN 2</text>
<text class="cyn" x="70" y="275">#define I2C_SCL_PIN 3</text>
<text class="amb" x="70" y="305">const int OTHER_FAV_NUM = 1337;</text>
<text class="dim" x="70" y="345">//--- Main Loop ---</text>
<text class="txt" x="70" y="375">lcd_set_cursor(0, 0);</text>
<text class="txt" x="70" y="405">lcd_puts("Reverse");</text>
<text class="txt" x="70" y="435">lcd_set_cursor(1, 0);</text>
<text class="txt" x="70" y="465">lcd_puts("Engineering");</text>
<text class="dim" x="70" y="505">//--- Serial Output Loop ---</text>
<text class="txt" x="70" y="535">printf("FAV_NUM: %d\r\n", FAV_NUM);</text>
<text class="txt" x="70" y="558">printf("OTHER_FAV_NUM: %d\r\n", OTHER_FAV_NUM);</text>
<!-- Right side: Output -->
<rect class="pnl" x="30" y="595" width="555" height="100" rx="8"/>
<text class="sub" x="50" y="628">LCD Output</text>
<text class="grn" x="50" y="660">Line 0: "Reverse"</text>
<text class="grn" x="50" y="685">Line 1: "Engineering"</text>
<rect class="pnl" x="615" y="595" width="555" height="100" rx="8"/>
<text class="sub" x="635" y="628">Serial Output</text>
<text class="txt" x="635" y="660">FAV_NUM: 42</text>
<text class="txt" x="635" y="685">OTHER_FAV_NUM: 1337</text>
<!-- Footer -->
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.5 KiB

WEEK07/slides/WEEK07-IMG06.svg
+65
View File
@@ -0,0 +1,65 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">GDB Analysis</text>
<text class="dim" x="600" y="88" text-anchor="middle">Disassembly of main() at 0x10000234</text>
<!-- Main disassembly panel -->
<rect class="pnl" x="30" y="110" width="1140" height="420" rx="8"/>
<text class="sub" x="50" y="145">Key Instructions from x/54i 0x10000234</text>
<rect x="50" y="160" width="1100" height="355" rx="6" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="grn" x="70" y="190">push {r3, lr}</text>
<text class="dim" x="540" y="190">// save return addr</text>
<text class="txt" x="70" y="220">bl stdio_init_all</text>
<text class="dim" x="540" y="220">// init serial</text>
<text class="txt" x="70" y="250">ldr r1, [pc, #104]</text>
<text class="dim" x="540" y="250">// r1 = 100000 (baud)</text>
<text class="txt" x="70" y="280">ldr r0, [pc, #104]</text>
<text class="dim" x="540" y="280">// r0 = &amp;i2c1_inst</text>
<text class="txt" x="70" y="310">bl i2c_init</text>
<text class="dim" x="540" y="310">// init I2C at 100kHz</text>
<text class="txt" x="70" y="340">movs r0, #2</text>
<text class="dim" x="540" y="340">// GPIO 2 (SDA)</text>
<text class="txt" x="70" y="370">bl gpio_set_function</text>
<text class="dim" x="540" y="370">// set pin to I2C</text>
<text class="txt" x="70" y="400">movs r1, #39</text>
<text class="dim" x="540" y="400">// 0x27 = LCD addr</text>
<text class="txt" x="70" y="430">bl lcd_i2c_init</text>
<text class="dim" x="540" y="430">// init LCD device</text>
<text class="red" x="70" y="460">b.n 0x1000028e</text>
<text class="dim" x="540" y="460">// infinite loop start</text>
<text class="dim" x="70" y="490">...</text>
<text class="dim" x="120" y="490">AAPCS: r0-r3 = first 4 args, r0 = return value</text>
<!-- Bottom: Literal Pool -->
<rect class="pnl" x="30" y="545" width="1140" height="230" rx="8"/>
<text class="sub" x="50" y="580">Literal Pool at 0x100002A4</text>
<rect x="50" y="595" width="1100" height="160" rx="6" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="amb" x="70" y="625">0x000186A0</text>
<text class="dim" x="300" y="625">I2C baudrate (100000)</text>
<text class="amb" x="70" y="655">0x2000062C</text>
<text class="dim" x="300" y="655">&amp;i2c1_inst struct in RAM</text>
<text class="amb" x="70" y="685">0x10003EE8</text>
<text class="dim" x="300" y="685">"Reverse" string in flash</text>
<text class="amb" x="70" y="715">0x10003EF0</text>
<text class="dim" x="300" y="715">"Engineering" string in flash</text>
<text class="amb" x="640" y="625">0x10003EFC</text>
<text class="dim" x="870" y="625">"FAV_NUM: %d\r\n"</text>
<text class="amb" x="640" y="655">0x10003F0C</text>
<text class="dim" x="870" y="655">"OTHER_FAV_NUM: %d\r\n"</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.4 KiB

WEEK07/slides/WEEK07-IMG07.svg
+71
View File
@@ -0,0 +1,71 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">Instruction Encoding</text>
<text class="dim" x="600" y="88" text-anchor="middle">movs (16-bit Thumb) vs movw (32-bit Thumb-2)</text>
<!-- Top Left: movs encoding -->
<rect class="pnl" x="30" y="110" width="555" height="310" rx="8"/>
<text class="sub" x="50" y="145">movs r1, #42 (FAV_NUM)</text>
<text class="dim" x="50" y="175">At address 0x1000028E</text>
<rect x="50" y="195" width="515" height="55" rx="6" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text class="grn" x="70" y="228">Bytes: 2A 21</text>
<text class="dim" x="50" y="270">2A = immediate value (42)</text>
<text class="dim" x="50" y="295">21 = opcode (movs r1)</text>
<text class="amb" x="50" y="325">16-bit Thumb instruction</text>
<text class="dim" x="50" y="355">Fits values 0-255 in 8 bits</text>
<text class="dim" x="50" y="380">File offset: 0x28E</text>
<!-- Top Right: movw encoding -->
<rect class="pnl" x="615" y="110" width="555" height="310" rx="8"/>
<text class="sub" x="635" y="145">movw r1, #1337 (OTHER_FAV)</text>
<text class="dim" x="635" y="175">At address 0x10000296</text>
<rect x="635" y="195" width="515" height="55" rx="6" fill="#0a0a0f" stroke="#00d4ff" stroke-width="1"/>
<text class="cyn" x="655" y="228">Bytes: 40 F2 39 51</text>
<text class="dim" x="635" y="270">40 F2 = opcode (first halfword)</text>
<text class="dim" x="635" y="295">39 = imm8 (lower 8 bits)</text>
<text class="dim" x="635" y="320">51 = dest reg + upper imm</text>
<text class="amb" x="635" y="350">32-bit Thumb-2 instruction</text>
<text class="dim" x="635" y="380">File offset: 0x296</text>
<!-- Bottom: Byte Layout Diagram -->
<rect class="pnl" x="30" y="435" width="1140" height="170" rx="8"/>
<text class="sub" x="50" y="470">movw Byte Layout (40 F2 39 51)</text>
<rect x="50" y="485" width="260" height="50" rx="4" fill="#12121a" stroke="#ffaa00"/>
<text class="amb" x="90" y="516">40 F2</text>
<text class="dim" x="50" y="555">Opcode + upper imm</text>
<rect x="330" y="485" width="260" height="50" rx="4" fill="#12121a" stroke="#00ff41"/>
<text class="grn" x="400" y="516">39</text>
<text class="dim" x="330" y="555">imm8 (lower 8 bits)</text>
<rect x="610" y="485" width="260" height="50" rx="4" fill="#12121a" stroke="#00d4ff"/>
<text class="cyn" x="690" y="516">51</text>
<text class="dim" x="610" y="555">Dest reg (r1) + bits</text>
<text class="dim" x="900" y="516">imm16 = 0x539</text>
<text class="dim" x="900" y="555">= 1337 decimal</text>
<!-- Bottom: Why movw -->
<rect class="pnl" x="30" y="620" width="1140" height="100" rx="8"/>
<text class="red" x="50" y="655">Why movw instead of movs?</text>
<text class="txt" x="50" y="690">1337 &gt; 255 -- does not fit in 8-bit movs immediate</text>
<text class="dim" x="640" y="690">movw encodes 0-65535 in 32-bit instruction</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.5 KiB

WEEK07/slides/WEEK07-IMG08.svg
+68
View File
@@ -0,0 +1,68 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">I2C Struct in Memory</text>
<text class="dim" x="600" y="88" text-anchor="middle">Examining i2c1_inst at 0x2000062C</text>
<!-- GDB output -->
<rect class="pnl" x="30" y="110" width="1140" height="120" rx="8"/>
<text class="sub" x="50" y="145">GDB Memory Dump</text>
<rect x="50" y="160" width="1100" height="50" rx="6" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="grn" x="70" y="192">x/2wx 0x2000062c:</text>
<text class="amb" x="420" y="192">0x40098000</text>
<text class="amb" x="670" y="192">0x00000000</text>
<!-- Struct layout diagram -->
<rect class="pnl" x="30" y="245" width="1140" height="280" rx="8"/>
<text class="sub" x="50" y="280">i2c_inst_t Struct Layout</text>
<!-- Member 1: hw pointer -->
<rect x="50" y="300" width="540" height="70" rx="6" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text class="dim" x="70" y="328">Offset 0x00 | 4 bytes</text>
<text class="cyn" x="70" y="358">i2c_hw_t *hw</text>
<text class="amb" x="310" y="358">= 0x40098000</text>
<!-- Arrow to HW -->
<text class="txt" x="605" y="345">--></text>
<!-- HW register block -->
<rect x="650" y="300" width="490" height="70" rx="6" fill="#0a0a0f" stroke="#ff0040" stroke-width="1"/>
<text class="red" x="670" y="328">I2C1 HW Registers</text>
<text class="dim" x="670" y="358">Base: 0x40098000 (MMIO)</text>
<!-- Member 2: restart_on_next -->
<rect x="50" y="400" width="540" height="70" rx="6" fill="#0a0a0f" stroke="#00d4ff" stroke-width="1"/>
<text class="dim" x="70" y="425">Offset 0x04 | 1 byte</text>
<text class="cyn" x="70" y="455">bool restart_on_next</text>
<text class="amb" x="410" y="455">= false</text>
<text class="dim" x="650" y="430">I2C0 base = 0x40090000</text>
<text class="dim" x="650" y="460">I2C1 base = 0x40098000</text>
<!-- String Literals -->
<rect class="pnl" x="30" y="540" width="1140" height="170" rx="8"/>
<text class="sub" x="50" y="575">String Literals in Flash (.rodata)</text>
<rect x="50" y="590" width="535" height="55" rx="6" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="grn" x="70" y="622">x/s 0x10003ee8:</text>
<text class="txt" x="340" y="622">"Reverse"</text>
<rect x="615" y="590" width="535" height="55" rx="6" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="grn" x="635" y="622">x/s 0x10003ef0:</text>
<text class="txt" x="900" y="622">"Engineering"</text>
<text class="dim" x="50" y="665">Stored consecutively in .rodata (flash)</text>
<text class="dim" x="50" y="685">These addresses are targets for patching</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

WEEK07/slides/WEEK07-IMG09.svg
+63
View File
@@ -0,0 +1,63 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">Hacking the Binary</text>
<text class="dim" x="600" y="88" text-anchor="middle">Patching LCD Text: "Reverse" --> "Exploit"</text>
<!-- Offset calculation -->
<rect class="pnl" x="30" y="110" width="1140" height="100" rx="8"/>
<text class="sub" x="50" y="145">File Offset Formula</text>
<text class="grn" x="50" y="180">file_offset = address - 0x10000000</text>
<text class="dim" x="620" y="180">Binary loaded at 0x10000000</text>
<!-- Hack 1: String patch -->
<rect class="pnl" x="30" y="225" width="1140" height="280" rx="8"/>
<text class="sub" x="50" y="260">Hack: Change LCD String</text>
<text class="dim" x="50" y="290">Address 0x10003EE8 --> File offset 0x3EE8</text>
<text class="txt" x="50" y="325">Original:</text>
<rect x="210" y="335" width="400" height="42" rx="4" fill="#0a0a0f" stroke="#ff0040" stroke-width="1"/>
<text class="red" x="230" y="362">52 65 76 65 72 73 65 00</text>
<text class="dim" x="630" y="362">"Reverse"</text>
<text class="txt" x="50" y="400">Patched:</text>
<rect x="210" y="410" width="400" height="42" rx="4" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text class="grn" x="230" y="437">45 78 70 6C 6F 69 74 00</text>
<text class="dim" x="630" y="437">"Exploit"</text>
<text class="dim" x="50" y="480">Same length (7 chars) -- null terminator stays</text>
<!-- Flash Steps -->
<rect class="pnl" x="30" y="530" width="1140" height="155" rx="8"/>
<text class="sub" x="50" y="562">Flash the Hacked Binary</text>
<rect x="50" y="575" width="1100" height="40" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
<text class="cyn" x="70" y="601">python uf2conv.py build\patched.bin</text>
<text class="txt" x="70" y="635">1.</text>
<text class="dim" x="100" y="635">Save patched .bin file</text>
<text class="txt" x="70" y="660">2.</text>
<text class="dim" x="100" y="660">Convert to .uf2 format</text>
<text class="txt" x="530" y="635">3.</text>
<text class="dim" x="560" y="635">Hold BOOTSEL, plug in Pico</text>
<text class="txt" x="530" y="660">4.</text>
<text class="dim" x="560" y="660">Drag hacked.uf2 to drive</text>
<!-- Result -->
<rect class="pnl" x="30" y="700" width="1140" height="70" rx="8"/>
<text class="grn" x="50" y="738">LCD now shows: "Exploit"</text>
<text class="dim" x="460" y="738">instead of "Reverse"</text>
<text class="red" x="750" y="738">No source code needed!</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

WEEK07/slides/WEEK07-IMG10.svg
+88
View File
@@ -0,0 +1,88 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
.dim{font:20px 'Courier New',monospace;fill:#888}
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
.badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>
<rect class="hdr" x="0" y="0" width="1200" height="100" rx="0"/>
<text class="title" x="600" y="52" text-anchor="middle">I2C &amp; Macro Exploitation</text>
<text class="dim" x="600" y="88" text-anchor="middle">Constants, I2C, Structs, and Hacking</text>
<!-- Left Column -->
<rect class="pnl" x="30" y="110" width="555" height="340" rx="8"/>
<text class="sub" x="50" y="145">Key Concepts</text>
<text class="grn" x="50" y="180">#define</text>
<text class="dim" x="230" y="180">Text replacement, no memory</text>
<text class="grn" x="50" y="210">const</text>
<text class="dim" x="230" y="210">Variable in .rodata (maybe)</text>
<text class="grn" x="50" y="240">I2C</text>
<text class="dim" x="230" y="240">Two-wire: SDA + SCL</text>
<text class="grn" x="50" y="270">struct</text>
<text class="dim" x="230" y="270">Groups related data fields</text>
<text class="grn" x="50" y="300">typedef</text>
<text class="dim" x="230" y="300">Creates type alias</text>
<text class="grn" x="50" y="330">AAPCS</text>
<text class="dim" x="230" y="330">r0-r3 args, r0 return</text>
<text class="grn" x="50" y="360">movs</text>
<text class="dim" x="230" y="360">16-bit, imm 0-255</text>
<text class="grn" x="50" y="390">movw</text>
<text class="dim" x="230" y="390">32-bit, imm 0-65535</text>
<text class="grn" x="50" y="420">Literal Pool</text>
<text class="dim" x="230" y="420">Large consts after code</text>
<!-- Right Column: Key Addresses -->
<rect class="pnl" x="615" y="110" width="555" height="340" rx="8"/>
<text class="sub" x="635" y="145">Key Addresses</text>
<text class="amb" x="635" y="180">0x10000234</text>
<text class="dim" x="850" y="180">main() entry</text>
<text class="amb" x="635" y="210">0x1000028E</text>
<text class="dim" x="850" y="210">FAV_NUM (movs)</text>
<text class="amb" x="635" y="240">0x10000296</text>
<text class="dim" x="850" y="240">OTHER_FAV_NUM (movw)</text>
<text class="amb" x="635" y="270">0x10003EE8</text>
<text class="dim" x="850" y="270">"Reverse" string</text>
<text class="amb" x="635" y="300">0x10003EF0</text>
<text class="dim" x="850" y="300">"Engineering" string</text>
<text class="amb" x="635" y="330">0x40098000</text>
<text class="dim" x="850" y="330">I2C1 HW base</text>
<text class="amb" x="635" y="360">0x2000062C</text>
<text class="dim" x="850" y="360">i2c1_inst struct</text>
<text class="dim" x="635" y="400">file_offset = addr - 0x10000000</text>
<text class="dim" x="635" y="425">String patches must be same length</text>
<!-- Bottom: Macro Chain and Hack Summary -->
<rect class="pnl" x="30" y="465" width="1140" height="100" rx="8"/>
<text class="sub" x="50" y="500">Macro Chain</text>
<text class="grn" x="50" y="535">I2C_PORT</text>
<text class="txt" x="210" y="535">--></text>
<text class="cyn" x="260" y="535">i2c1</text>
<text class="txt" x="340" y="535">--></text>
<text class="amb" x="390" y="535">&amp;i2c1_inst</text>
<text class="txt" x="560" y="535">--></text>
<text class="red" x="610" y="535">0x40098000</text>
<!-- Bottom: Hack result -->
<rect class="pnl" x="30" y="580" width="1140" height="115" rx="8"/>
<text class="sub" x="50" y="615">Binary Hack Result</text>
<text class="txt" x="50" y="650">LCD: "Reverse" --></text>
<text class="grn" x="370" y="650">"Exploit"</text>
<text class="dim" x="520" y="650">Patched at 0x3EE8</text>
<text class="dim" x="50" y="675">Compiler may optimize const same as #define</text>
<!-- Key Takeaway -->
<rect class="pnl" x="30" y="710" width="1140" height="70" rx="8"/>
<text class="red" x="50" y="748">TAKEAWAY:</text>
<text class="txt" x="230" y="748">const is a source-level concept.</text>
<text class="dim" x="680" y="748">In binary, everything can change!</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.3 KiB