TheArchive/mayhem-firmware
1
0
Fork 0
mirror of https://github.com/portapack-mayhem/mayhem-firmware.git synced 2024-11-23 10:05:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated Building External Apps (markdown)

Mark Thompson 2024-04-03 14:03:53 -05:00
parent 4b619860c8
commit 3d30f491bc
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Building-External-Apps.md

@ -9,6 +9,8 @@ As example, if the fake address range of an app is 0xADC00000 to 0xADC07FFF, thi
`WARNING: External code address 0xadb01234 at offset 0x1000 in tetris.himg`
Note that the fake 0xADxxxxxx address range was selected for external apps based on few data values in this range in the firmware image, and because any firmware attempts to access this fake memory address range will trigger a GURU meditation fault.
### External App Baseband Images
Baseband modules for external apps are created exactly the same as baseband images for internal apps, but they are omitted from the firmware ROM and appended to the external app image using the python script mentioned above.
@ -16,4 +18,12 @@ Baseband modules for external apps are created exactly the same as baseband imag
The checksum used for external app image files is simply a uint32 sum of all 32-bit values in the image file, with the sign finally inverted such that the total (including checksum) will sum to 0 if it's a valid image. This simple checksum method is used for speed (CRC32 would be slower).
## make_spi_image.py
The make_spi_image python script ...
The make_spi_image python script creates the firmware ROM image by appending the baseband images and a simple checksum, and also checks to make sure there are no references to the "fake" memory address regions mentioned above where external apps were linked. The checksum algorithm is the same as used for external apps, above. A warning message similar to the one below may be displayed if data values are found in the firmware image that _might_ be an attempt to access a "fake" memory address region:
`WARNING: Possible external code address 0xadb96ef0 at offset 0xb24a4 in portapack-h1_h2-mayhem.bin`
To determine if a warning message such as that above is real or a false positive, search for the mentioned external code address within the memory regions indicated in the external.ld file. In this example, you might find a line in external.ld like this, which implies that firmware might possibly be trying to access memory in the LCR app:
` ram_external_app_lcr(rwx) : org = 0xADB90000, len = 32k`
To determine if it's real or a false positive, edit this line of the external.ld file to change the LCR app's address to another range that is unused such as "org = 0xADEF0000" and rebuild firmware. IF the address in the warning message changes to the new address range, then firmware really is trying to access code or data within that external app. If the address in the warning message stays the same, then it's a false positive and can safely be ignored.