Overhall w/ slides

This commit is contained in:
Kevin Thomas
2026-03-15 10:40:20 -04:00
parent d3b2ca3e47
commit 5b149048fd
61 changed files with 6305 additions and 240 deletions
+5 -5
View File
@@ -1,4 +1,4 @@
# Embedded Systems Reverse Engineering
# Embedded Systems Reverse Engineering
[Repository](https://github.com/mytechnotalent/Embedded-Hacking)
## Week 3
@@ -12,7 +12,7 @@ Single-step through the first 10 instructions of the reset handler to understand
#### Prerequisites
- Raspberry Pi Pico 2 with debug probe connected
- OpenOCD and `arm-none-eabi-gdb` available in your PATH
- `build/0x0001_hello-world.elf` present and flashed to the board
- `build\0x0001_hello-world.elf` present and flashed to the board
- Week 3 environment setup completed (OpenOCD running, GDB connected)
#### Task Description
@@ -22,7 +22,7 @@ You will set a breakpoint at the reset handler (`0x1000015c`), trigger a reset,
##### Step 1: Start OpenOCD
```bash
```powershell
openocd ^
-s "C:\Users\flare-vm\.pico-sdk\openocd\0.12.0+dev\scripts" ^
-f interface/cmsis-dap.cfg ^
@@ -32,8 +32,8 @@ openocd ^
##### Step 2: Launch GDB
```bash
arm-none-eabi-gdb build/0x0001_hello-world.elf
```powershell
arm-none-eabi-gdb build\0x0001_hello-world.elf
```
##### Step 3: Connect to Target
+2 -2
View File
@@ -1,4 +1,4 @@
# Embedded Systems Reverse Engineering
# Embedded Systems Reverse Engineering
[Repository](https://github.com/mytechnotalent/Embedded-Hacking)
## Week 3
@@ -12,7 +12,7 @@ Calculate the size of the stack by examining the vector table, understanding the
#### Prerequisites
- Raspberry Pi Pico 2 with debug probe connected
- OpenOCD and `arm-none-eabi-gdb` available
- `build/0x0001_hello-world.elf` flashed to the board
- `build\0x0001_hello-world.elf` flashed to the board
- Understanding of memory regions from Week 3 Part 5 (Linker Script)
#### Task Description
+2 -2
View File
@@ -1,4 +1,4 @@
# Embedded Systems Reverse Engineering
# Embedded Systems Reverse Engineering
[Repository](https://github.com/mytechnotalent/Embedded-Hacking)
## Week 3
@@ -12,7 +12,7 @@ Examine the first 16 entries of the vector table to understand the exception han
#### Prerequisites
- Raspberry Pi Pico 2 with debug probe connected
- OpenOCD and `arm-none-eabi-gdb` available
- `build/0x0001_hello-world.elf` loaded
- `build\0x0001_hello-world.elf` loaded
- Understanding of the vector table from Week 3 Part 4
- Knowledge of Thumb mode addressing (LSB = 1 indicates Thumb code)
+2 -2
View File
@@ -1,4 +1,4 @@
# Embedded Systems Reverse Engineering
# Embedded Systems Reverse Engineering
[Repository](https://github.com/mytechnotalent/Embedded-Hacking)
## Week 3
@@ -12,7 +12,7 @@ Locate the `main()` function, examine its first instructions, identify the first
#### Prerequisites
- Raspberry Pi Pico 2 with debug probe connected
- OpenOCD and `arm-none-eabi-gdb` available
- `build/0x0001_hello-world.elf` loaded
- `build\0x0001_hello-world.elf` loaded
- Understanding of function calls and the link register (LR) from previous weeks
#### Task Description
Binary file not shown.
+9 -13
View File
@@ -1,10 +1,6 @@
# Embedded Systems Reverse Engineering
[Repository](https://github.com/mytechnotalent/Embedded-Hacking)
# Week 3: Embedded System Analysis: Understanding the RP2350 Architecture w/ Comprehensive Firmware Analysis
## Week 3
Embedded System Analysis: Understanding the RP2350 Architecture w/ Comprehensive Firmware Analysis
### 🎯 What You'll Learn This Week
## 🎯 What You'll Learn This Week
By the end of this tutorial, you will be able to:
- Understand how the RP2350 boots from the on-chip bootrom
@@ -16,7 +12,7 @@ By the end of this tutorial, you will be able to:
- Use Ghidra to statically analyze the boot sequence
- Understand the difference between Thumb mode addressing and actual addresses
### 🔄 Review from Weeks 1-2
## 🔄 Review from Weeks 1-2
This week builds on your GDB and Ghidra skills from previous weeks:
- **GDB Commands** (`x`, `b`, `c`, `si`, `disas`, `i r`) - We'll use all of these to trace the boot process
- **Memory Layout** (Flash at `0x10000000`, RAM at `0x20000000`) - Understanding where code and data live
@@ -314,7 +310,7 @@ Before we start, make sure you have:
**Terminal 1 - Start OpenOCD:**
```bash
```powershell
openocd ^
-s "C:\Users\flare-vm\.pico-sdk\openocd\0.12.0+dev\scripts" ^
-f interface/cmsis-dap.cfg ^
@@ -324,8 +320,8 @@ openocd ^
**Terminal 2 - Start GDB:**
```bash
arm-none-eabi-gdb build/0x0001_hello-world.elf
```powershell
arm-none-eabi-gdb build\0x0001_hello-world.elf
```
**Connect to target:**
@@ -833,7 +829,7 @@ That's not real code - it's the magic number `0xffffded3` being misinterpreted!
---
## Part 15: Static Analysis with Ghidra - Examining the Boot Sequence
## 🔬 Part 15: Static Analysis with Ghidra - Examining the Boot Sequence
> 🔄 **REVIEW:** In Week 1, we set up a Ghidra project and analyzed our hello-world binary. Now we'll use Ghidra to understand the boot sequence from a static analysis perspective!
@@ -1183,7 +1179,7 @@ Ghidra can visualize the call flow:
---
## Security Implications
## 🔐 Security Implications
### How Boot Sequence Knowledge Applies to Security
@@ -1306,7 +1302,7 @@ Understanding how an attacker would analyze and exploit the boot sequence is ess
---
## 📖 Glossary
## 📖 Glossary
### New Terms This Week
BIN
View File
Binary file not shown.