CalvinBackup/Embedded-Hacking
1
0
Fork 0
mirror of https://github.com/mytechnotalent/Embedded-Hacking.git synced 2026-05-19 06:18:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
005fd08646f230bae7ace8273e0f5c7232d75700
Embedded-Hacking/WEEK02/WEEK02-04.md
T
Kevin Thomas 7c956ee514 Updated WEEK02
2026-05-03 15:08:34 -04:00

2.4 KiB
Raw Blame History

Embedded Systems Reverse Engineering

Repository

Week 2

Hello, World - Debugging and Hacking Basics: Debugging and Hacking a Basic Program for the Pico 2

Non-Credit Practice Exercise 4: Automate the Hack

Objective

Create a reusable GDB command that injects a string into SRAM, repoints r0, and resumes execution with a single call.

Prerequisites

  • Pico 2 connected with OpenOCD, GDB, and serial monitor ready
  • build\0x0001_hello-world.elf available
  • Familiarity with breaking at 0x1000023c and injecting strings from prior exercises

Task Description

You will define a custom GDB command hack that writes a payload to 0x20040000, repoints r0, and continues execution automatically.

Step-by-Step Instructions

Step 1: Connect, Halt, and Break
(gdb) target extended-remote :3333
(gdb) monitor reset halt
(gdb) b *0x1000023c
(gdb) c
Step 2: Define the hack Command
(gdb) define hack
> set {char[13]} 0x20040000 = "hacky, world"
> set $r0 = 0x20040000
> c
> end
Step 3: Invoke the Command
(gdb) hack
Step 4: Observe Output
  • PuTTY should immediately show your injected string after the command runs.
  • The breakpoint will be re-hit on the next loop iteration; rerun hack if you want to reapply after changes.

Expected Output

  • hack executes without errors, writes the payload, updates r0, and resumes execution.
  • Serial output reflects the injected message.

Questions for Reflection

Question 1: How could you parameterize the command to accept different strings or addresses?
Question 2: What happens if you define hack before setting the breakpointwill it still work as expected?
Question 3: How would you adapt this pattern for multi-step routines (e.g., patch, dump, continue)?

Tips and Hints

  • Redefine hack any time you want a different payload; GDB will overwrite the prior definition.
  • Keep the payload length aligned with the buffer size to avoid stray bytes.
  • If the target keeps running past the breakpoint, ensure hardware breakpoints are available and set correctly.

Next Steps

  • Create additional helper commands (e.g., dumpstr, retarget) to streamline experiments.
  • Explore GDB scripting files (.gdbinit) to auto-load your helpers on startup.
  • Try combining hack with watchpoints to observe memory changes live.
Reference in New Issue View Git Blame Copy Permalink