FreeCalypso > hg > freecalypso-sw
changeset 356:4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
| author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
|---|---|
| date | Thu, 15 May 2014 09:18:23 +0000 |
| parents | 4a92b7261e23 |
| children | 22c6e39e1789 |
| files | target-utils/tf-breakin/Makefile target-utils/tf-breakin/payload.S |
| diffstat | 2 files changed, 51 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/target-utils/tf-breakin/Makefile Thu May 15 09:18:23 2014 +0000 @@ -0,0 +1,14 @@ +CC= arm-elf-gcc +OBJCOPY=arm-elf-objcopy + +all: payload.bin + +.SUFFIXES: .o .bin + +.o.bin: + ${OBJCOPY} -O binary $< $@ + +clean: + rm -f *.o *errs *core *.bin + +FRC:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/target-utils/tf-breakin/payload.S Thu May 15 09:18:23 2014 +0000 @@ -0,0 +1,37 @@ + .text + .org 0 + .code 32 + +@ set CPSR like mot931c payload does + msr CPSR_c, #0xd3 +@ disable the watchdog + ldr r1, =0xfffff802 + mov r0, #0xf5 + strh r0, [r1, #2] + mov r0, #0xa0 + strh r0, [r1, #2] +@ MODEM UART + ldr r6, =0xffff5800 +@ wait for any previous output to flush out +1: ldrb r0, [r6, #5] + tst r0, #0x20 + beq 1b +@ send our indication + adr r1, outstr + mov r2, #6 +1: ldrb r0, [r1], #1 + strb r0, [r6] + subs r2, r2, #1 + bne 1b +@ wait for this output to go out to the TxD pin +1: ldrb r0, [r6, #5] + tst r0, #0x40 + beq 1b +@ enable the Calypso boot ROM + ldr r1, =0xFFFFFB10 + mov r2, #0x0100 + strh r2, [r1] +@ jump to it! + mov pc, #0 + +outstr: .byte 2,2,2,'O','K',2