MotoFan.Ru — всё для Motorola > Разработки > Ломаем и строим! > Патчи и всё для них

Creating Asm Полная версия

 av bill_kevin

 9.9.2011, 6:07

Someone can explain me how create correctly my own asm to "port patch"??


I create this asm, patch code code is properly analyzed?

original patch:
Spoiler:

CODE

[patch_info]
sw_ver=r4513_g_08.b7.acr_rb
description=

[patch_code]
0035a1a6: 0000e59f0054e5d03000e35300011a000001e3a03e07ea000000e1a0300eea1e163ce92d4005e59f
0030e3a02001e5c02000e8bd4005e3a01023e12fff1ee92d4005e59f0014e3a02000e5c02000e8bd
4005e35000011a0dfacbea0dfa8a124efb90
006d8c28: ebf2056d
006d8c34: ebf20563
00adfab8: eae1e9ba
[close]

l7 sw_ver=r4513_g_08.b7.acr_rb to E398 sw_ver=r373_g_0e.30.dar

Spoiler:
CODE
code32    
    .start 0x1026fefe;0x103ec1a6
;dcb    0
;dcb    0
        nop
_loc_103ec1a8:
        ldr    r0, _off_103ec204
        ldrb    r3, [r0]
        cmp    r3, #1
        bne    _loc_103ec1c0
        mov    r3, #0x70
        b    _loc_103ec1c4

_loc_103ec1c0:                
        mov    r3, lr

_loc_103ec1c4:                
        bl    0x10814cec;0x10b71abc

_sub_103ec1c8:                
        stmfd    sp!, {r0,r2,lr}
        ldr    r0, _off_103ec204
        mov    r2, #1
        strb    r2, [r0]
        ldmfd    sp!, {r0,r2,lr}
        mov    r1, #0x23
        bx    lr
        
_sub_103ec1e4:
arg_0           =  0
arg_8           =  8
arg_10          =  0x10

        stmfd    sp!, {r0,r2,lr}
        ldr    r0, _off_103ec204
        mov    r2, #0
        strb    r2, [r0]
        ldmfd    sp!, {r0,r2,lr}
        cmp    r0, #1
        bne    0x10831024;0x1076ad30
        b    0x10830f24;0x1076ac30

;_off_103ec204    dcd 0x124efb90        



_off_103ec204 :                        ; data xref: rom:loc_103ec1a8r
                                         ; sub_103ec1c8+4r ...
                       asr     r6, r1, #9
                         dcb 0xfb; №
                         dcb 0x90; Й


.start 0x10830f1c;0x1076ac28
        bl    _sub_103ec1e4
        
.start 0x10830f28;0x1076ac34
        bl    _sub_103ec1c8

.start 0x10814ce8;0x10b71ab8
        bl    _loc_103ec1a8
[close]


and finally how to compile the Asm?

Thank you For your Help

 av Andy51

 12.9.2011, 8:37

Well, i think the most convenient way to manipulate patch source would be using binedit (it can compile it for you too).
If i recall correctly, it can directly produce the source from a patch.
It seems like you used IDA to analyze the patch, and you will have to edit it to compile it.
Anyways, you have to make sure that the code will fit in the target FW. I suggest using IDA or binedit for that.

 av bill_kevin

 12.9.2011, 20:16

Finally i can create asm in binedit but i have a problem

how port this address??
dcd 0x143c21f4 ;what is this, how port?

CODE

code32
.start 0x1037f1c8
    b    loc_10599eac    
loc_1037f1cc:

.start 0x103e7978
    bl    off_10599ecc    

.start 0x103e79b0
    bl    off_10599ee8    

.start 0x10599eac
loc_10599eac:    
    ldr    r0=#0x143c21f4    
    ldrb    r3,[r0]    
    cmp    r3, #0x1    
    bne    loc_10599ec4    
    mov    r3, #0x70    
    b    loc_10599ec8    
loc_10599ec4:    
    mov    r3, lr    
loc_10599ec8:    
    b    loc_1037f1cc    

off_10599ecc:    
    stmfd    sp!, {r0,r2,lr}    
    ldr    r0=#0x143c21f4;load after r0 from address0x10599f08 (0x143c21f4)
    mov    r2, #0x1    
    strb    r2,[r0]
    ldmfd    sp!, {r0,r2,lr}    
    mov    r1, #0x23    
    bx    lr    

off_10599ee8:    
    stmfd    sp!, {r0,r2,lr}    
    ldr    r0=#0x143c21f4    
    mov    r2, #0x0    
    strb    r2,[r0]    
    ldmfd    sp!, {r0,r2,lr}    
    cmp    r0, #0x1    
    bne    0x103e7acc    
    b    0x103e79b8    
    dcd    0x143c21f4;what is this, how port?

 av Andy51

 13.9.2011, 8:21

bill_kevin, you should ask the author of that patch if you want to know the meaning of particular value used there. There is no general way to port it.

 av Fenja

 13.9.2011, 8:49

Try to find the firmware source address to 0x143c21f4, then find the same code in their firmware and look appeal. Can be help. This is a given that you have correctly translated the section of the code.

 av Andy51

 13.9.2011, 9:23

Цитата(Fenja @ Сегодня, 12:49)
* Try to find the firmware source address to 0x143c21f4, then find the same code in their firmware and look appeal.

Oh, right. Did not think about it - i dont port patches, i make them :D
I was using this method: you can open in IDA the original FW, open the XREFS window for 0x143c21f4 and see where it is used (function signatures). Then try to find the same functions in your target FW and see what address they use instead of 0x143c21f4.

  chinitopex

 13.9.2011, 13:11

My bro billjust yesterday
I was thinking the same thing
Andy is right is a fantastic idea
I could not connect because my internet was
very slow.
Try using the original firmware

and something that had not been thinking about before huh1.gif

Полная версия:


MotoFan.ru (©) 2024    Слушать Radio