TheArchive/mayhem-firmware
1
0
Fork 0
mirror of https://github.com/portapack-mayhem/mayhem-firmware.git synced 2024-11-23 18:15:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated Building External Apps (markdown)

Mark Thompson 2024-04-03 14:05:11 -05:00
parent 3d30f491bc
commit 11bed5ba0c
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Building-External-Apps.md

@ -7,7 +7,7 @@ The export_external_app python script edits each external app image to (1) repla
### External App Address Replacement ### External App Address Replacement
As example, if the fake address range of an app is 0xADC00000 to 0xADC07FFF, this python script will search the external app file for values in this range and replace them; it ASSUMES that they are pointers to memory addresses within this app. If the app image contains a value where the high byte is 0xAD but the next most significant byte is potentially an address within a different app, a warning message is displayed such as the following. This message implies that code within the indicated app may be attempting to use code within another app (but since the LTO optimization is disabled, it is most likely that this warning message is a false positive and the value found could just be a code instruction or raw data): As example, if the fake address range of an app is 0xADC00000 to 0xADC07FFF, this python script will search the external app file for values in this range and replace them; it ASSUMES that they are pointers to memory addresses within this app. If the app image contains a value where the high byte is 0xAD but the next most significant byte is potentially an address within a different app, a warning message is displayed such as the following. This message implies that code within the indicated app may be attempting to use code within another app (but since the LTO optimization is disabled, it is most likely that this warning message is a false positive and the value found could just be a code instruction or raw data):
`WARNING: External code address 0xadb01234 at offset 0x1000 in tetris.himg` ` WARNING: External code address 0xadb01234 at offset 0x1000 in tetris.himg`
Note that the fake 0xADxxxxxx address range was selected for external apps based on few data values in this range in the firmware image, and because any firmware attempts to access this fake memory address range will trigger a GURU meditation fault. Note that the fake 0xADxxxxxx address range was selected for external apps based on few data values in this range in the firmware image, and because any firmware attempts to access this fake memory address range will trigger a GURU meditation fault.
@ -20,10 +20,10 @@ The checksum used for external app image files is simply a uint32 sum of all 32-
## make_spi_image.py ## make_spi_image.py
The make_spi_image python script creates the firmware ROM image by appending the baseband images and a simple checksum, and also checks to make sure there are no references to the "fake" memory address regions mentioned above where external apps were linked. The checksum algorithm is the same as used for external apps, above. A warning message similar to the one below may be displayed if data values are found in the firmware image that _might_ be an attempt to access a "fake" memory address region: The make_spi_image python script creates the firmware ROM image by appending the baseband images and a simple checksum, and also checks to make sure there are no references to the "fake" memory address regions mentioned above where external apps were linked. The checksum algorithm is the same as used for external apps, above. A warning message similar to the one below may be displayed if data values are found in the firmware image that _might_ be an attempt to access a "fake" memory address region:
`WARNING: Possible external code address 0xadb96ef0 at offset 0xb24a4 in portapack-h1_h2-mayhem.bin` ` WARNING: Possible external code address 0xadb96ef0 at offset 0xb24a4 in portapack-h1_h2-mayhem.bin`
To determine if a warning message such as that above is real or a false positive, search for the mentioned external code address within the memory regions indicated in the external.ld file. In this example, you might find a line in external.ld like this, which implies that firmware might possibly be trying to access memory in the LCR app: To determine if a warning message such as that above is real or a false positive, search for the mentioned external code address within the memory regions indicated in the external.ld file. In this example, you might find a line in external.ld like this, which implies that firmware might possibly be trying to access memory in the LCR app:
` ram_external_app_lcr(rwx) : org = 0xADB90000, len = 32k` ` ram_external_app_lcr(rwx) : org = 0xADB90000, len = 32k`
To determine if it's real or a false positive, edit this line of the external.ld file to change the LCR app's address to another range that is unused such as "org = 0xADEF0000" and rebuild firmware. IF the address in the warning message changes to the new address range, then firmware really is trying to access code or data within that external app. If the address in the warning message stays the same, then it's a false positive and can safely be ignored. To determine if it's real or a false positive, edit this line of the external.ld file to change the LCR app's address to another range that is unused such as "org = 0xADFF0000" and rebuild firmware. IF the address in the warning message changes to the new address range, then firmware really is trying to access code or data within that external app. If the address in the warning message stays the same, then it's a false positive and can safely be ignored.