CalvinBackup/Embedded-Hacking
1
0
Fork 0
mirror of https://github.com/mytechnotalent/Embedded-Hacking.git synced 2026-06-01 20:11:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update WEEK06

Browse Source
This commit is contained in:
Kevin Thomas
2026-05-30 16:50:15 -04:00
parent af0d84f9cc
commit f22ef2907e
21 changed files with 1554 additions and 425 deletions
Download Patch File Download Diff File Expand all files Collapse all files
WEEK04/WEEK04.md
+32 -31
View File
@@ -1,6 +1,6 @@
# Week 4: Variables in Embedded Systems: Debugging and Hacking Variables w/ GPIO Output Basics
# Week 4: Variables in Embedded Systems: Debugging and Hacking Variables w/ GPIO Output Basics
## 🎯 What You'll Learn This Week
## What You'll Learn This Week
By the end of this tutorial, you will be able to:
- Understand what variables are and how they're stored in memory
@@ -128,11 +128,11 @@ uint8_t age; // This will be 0, not garbage!
+-----------------------------------------------------------------+
| Raspberry Pi Pico 2 |
| |
| GPIO 16 ------- Red LED |
| GPIO 17 ------- Green LED |
| GPIO 18 ------- Blue LED |
| GPIO 16 -------â–º Red LED |
| GPIO 17 -------â–º Green LED |
| GPIO 18 -------â–º Blue LED |
| ... |
| GPIO 25 ------- Onboard LED |
| GPIO 25 -------â–º Onboard LED |
+-----------------------------------------------------------------+
```
@@ -153,11 +153,11 @@ Each high-level function calls lower-level code. Let's trace `gpio_init()`:
```
gpio_init(LED_PIN)
↓
gpio_set_dir(LED_PIN, GPIO_IN) // Initially set as input
↓
gpio_put(LED_PIN, 0) // Set output value to 0
↓
gpio_set_function(LED_PIN, GPIO_FUNC_SIO) // Connect to SIO block
```
@@ -197,7 +197,7 @@ Embedded-Hacking/
---
## 🔬 Part 5: Hands-On Tutorial - Analyzing Variables in Ghidra
## Part 5: Hands-On Tutorial - Analyzing Variables in Ghidra
### Step 1: Review the Source Code
@@ -250,13 +250,13 @@ The program is printing `43` because that's what we assigned after the initial `
---
## 🔬 Part 6: Setting Up Ghidra for Binary Analysis
## Part 6: Setting Up Ghidra for Binary Analysis
### Step 4: Start Ghidra
**Open a terminal and type:**
```powershell
```cmd
ghidraRun
```
@@ -303,7 +303,7 @@ Wait for analysis to complete (watch the progress bar in the bottom right).
---
## 🔬 Part 7: Navigating and Resolving Functions
## Part 7: Navigating and Resolving Functions
### Step 9: Find the Functions
@@ -337,7 +337,7 @@ For `main`, let's also fix the return type:
---
## 🔬 Part 8: Analyzing the Main Function
## Part 8: Analyzing the Main Function
### Step 12: Examine Main in Ghidra
@@ -395,13 +395,13 @@ The compiler **optimized it out**! Here's what happened:
3. Compiler removes the unused `42` and just uses `43` directly
**What is `0x2b`?** Let's check:
- `0x2b` in hexadecimal = `43` in decimal
- `0x2b` in hexadecimal = `43` in decimal
The compiler replaced our variable with the constant value!
---
## 🔬 Part 9: Patching the Binary - Changing the Value
## Part 9: Patching the Binary - Changing the Value
### Step 16: Find the Value to Patch
@@ -437,7 +437,7 @@ The instruction now reads:
---
## 🔬 Part 10: Converting and Flashing the Hacked Binary
## Part 10: Converting and Flashing the Hacked Binary
### Step 19: Convert to UF2 Format
@@ -445,13 +445,13 @@ The Pico 2 expects UF2 files, not raw BIN files. We need to convert it!
**Open a terminal and navigate to your project directory:**
```powershell
```cmd
cd C:\Users\flare-vm\Desktop\Embedded-Hacking-main\0x0005_intro-to-variables
```
**Run the conversion command:**
```powershell
```cmd
python ..\uf2conv.py build\0x0005_intro-to-variables-h.bin --base 0x10000000 --family 0xe48bff59 --output build\hacked.uf2
```
@@ -476,11 +476,11 @@ age: 70
...
```
🎉 **BOOM! We hacked it!** The value changed from 43 to 70!
**BOOM! We hacked it!** The value changed from 43 to 70!
---
## 🔬 Part 11: Uninitialized Variables and GPIO
## Part 11: Uninitialized Variables and GPIO
Now let's work with a more complex example that includes GPIO control.
@@ -539,7 +539,7 @@ The value is `0` because uninitialized variables in the `.bss` section are zeroe
---
## 🔬 Part 12: Analyzing GPIO Code in Ghidra
## Part 12: Analyzing GPIO Code in Ghidra
### Step 23: Set Up Ghidra for the New Binary
@@ -593,7 +593,7 @@ void FUN_10000234(void)
---
## 🔬 Part 13: Hacking GPIO - Changing the LED Pin
## Part 13: Hacking GPIO - Changing the LED Pin
### Step 26: Find the GPIO Pin Value
@@ -647,7 +647,7 @@ Let's also change the printed value from `0` to `0x42` (66 in decimal):
---
## 🔬 Part 14: Export and Test the Hacked GPIO
## Part 14: Export and Test the Hacked GPIO
### Step 30: Export the Patched Binary
@@ -658,7 +658,7 @@ Let's also change the printed value from `0` to `0x42` (66 in decimal):
### Step 31: Convert to UF2
```powershell
```cmd
cd C:\Users\flare-vm\Desktop\Embedded-Hacking-main\0x0008_uninitialized-variables
python ..\uf2conv.py build\0x0008_uninitialized-variables-h.bin --base 0x10000000 --family 0xe48bff59 --output build\hacked.uf2
```
@@ -679,7 +679,7 @@ age: 66
And now the **GREEN LED on GPIO 17** should be blinking instead of the red one!
🎉 **We successfully:**
**We successfully:**
1. Changed the printed value from 0 to 66
2. Changed which LED blinks from red (GPIO 16) to green (GPIO 17)
@@ -780,7 +780,7 @@ delay2:
---
## 📊 Part 16: Summary and Review
## Part 16: Summary and Review
### What We Accomplished
@@ -843,7 +843,7 @@ delay2:
---
## 🎓 Key Takeaways
## Key Takeaways
1. **Variables are just memory locations** - The compiler assigns them addresses in SRAM.
@@ -861,7 +861,7 @@ delay2:
---
## 📖 Glossary
## Glossary
| Term | Definition |
| ------------------ | --------------------------------------------------------------------- |
@@ -880,7 +880,7 @@ delay2:
---
## 🔗 Additional Resources
## Additional Resources
### GPIO Coprocessor Reference
@@ -905,5 +905,6 @@ The RP2350 GPIO coprocessor instructions:
**Remember:** Every binary you encounter in the real world can be analyzed and understood using these same techniques. Practice makes perfect!
Happy hacking! 🔧
Happy hacking!