0001-add-s110-syscalls.patch

From 727cffc1735597e950abdc605edf935b535466dc Mon Sep 17 00:00:00 2001
From: Jacob Rosenthal <[email protected]>
Date: Mon, 30 Jul 2018 14:39:28 -0700
Subject: [PATCH] add s110 syscalls

---
 libr/syscall/d/Makefile            |   1 +
 libr/syscall/d/meson.build         |   1 +
 libr/syscall/d/s110-arm-16.sdb.txt | 134 +++++++++++++++++++++++++++++++++++++
 3 files changed, 136 insertions(+)
 create mode 100644 libr/syscall/d/s110-arm-16.sdb.txt

diff --git a/libr/syscall/d/Makefile b/libr/syscall/d/Makefile
index 5a19bdac7..00c5833b2 100644
--- a/libr/syscall/d/Makefile
+++ b/libr/syscall/d/Makefile
@@ -8,6 +8,7 @@ F+= linux-x86-32
 F+= linux-x86-64
 F+= linux-arm-32
 F+= linux-arm-64
+F+= s110-arm-16
 F+= linux-mips-32
 F+= linux-sparc-32
 F+= darwin-x86-32
diff --git a/libr/syscall/d/meson.build b/libr/syscall/d/meson.build
index 9f6b75ec4..8c33d5fb3 100644
--- a/libr/syscall/d/meson.build
+++ b/libr/syscall/d/meson.build
@@ -5,6 +5,7 @@ sdb_files = [
   'ios-arm-64',
   'linux-x86-32',
   'linux-x86-64',
+  's110-arm-16',
   'linux-arm-32',
   'linux-arm-64',
   'linux-mips-32',
diff --git a/libr/syscall/d/s110-arm-16.sdb.txt b/libr/syscall/d/s110-arm-16.sdb.txt
new file mode 100644
index 000000000..6ad0387f0
--- /dev/null
+++ b/libr/syscall/d/s110-arm-16.sdb.txt
@@ -0,0 +1,134 @@
+_=0x80
+DFU_BLE_SVC_SET_PEER_DATA=0x80,0
+BOOTLOADER_SVC_LAST=0x80,1
+SD_SOFTDEVICE_ENABLE=0x80,16
+SD_SOFTDEVICE_DISABLE=0x80,17
+SD_SOFTDEVICE_IS_ENABLED=0x80,18
+SD_SOFTDEVICE_VECTOR_TABLE_BASE_SET=0x80,19
+SVC_SDM_LAST=0x80,20
+SD_MBR_COMMAND=0x80,24
+SD_PPI_CHANNEL_ENABLE_GET=0x80,32
+SD_PPI_CHANNEL_ENABLE_SET=0x80,33
+SD_PPI_CHANNEL_ENABLE_CLR=0x80,34
+SD_PPI_CHANNEL_ASSIGN=0x80,35
+SD_PPI_GROUP_TASK_ENABLE=0x80,36
+SD_PPI_GROUP_TASK_DISABLE=0x80,37
+SD_PPI_GROUP_ASSIGN=0x80,38
+SD_PPI_GROUP_GET=0x80,39
+SD_FLASH_PAGE_ERASE=0x80,40
+SD_FLASH_WRITE=0x80,41
+SD_FLASH_PROTECT=0x80,42
+SD_MUTEX_NEW=0x80,43
+SD_MUTEX_ACQUIRE=0x80,44
+SD_MUTEX_RELEASE=0x80,45
+SD_NVIC_ENABLEIRQ=0x80,46
+SD_NVIC_DISABLEIRQ=0x80,47
+SD_NVIC_GETPENDINGIRQ=0x80,48
+SD_NVIC_SETPENDINGIRQ=0x80,49
+SD_NVIC_CLEARPENDINGIRQ=0x80,50
+SD_NVIC_SETPRIORITY=0x80,51
+SD_NVIC_GETPRIORITY=0x80,52
+SD_NVIC_SYSTEMRESET=0x80,53
+SD_NVIC_CRITICAL_REGION_ENTER=0x80,54
+SD_NVIC_CRITICAL_REGION_EXIT=0x80,55
+SD_RAND_APPLICATION_POOL_CAPACITY=0x80,56
+SD_RAND_APPLICATION_BYTES_AVAILABLE=0x80,57
+SD_RAND_APPLICATION_GET_VECTOR=0x80,58
+SD_POWER_MODE_SET=0x80,59
+SD_POWER_SYSTEM_OFF=0x80,60
+SD_POWER_RESET_REASON_GET=0x80,61
+SD_POWER_RESET_REASON_CLR=0x80,62
+SD_POWER_POF_ENABLE=0x80,63
+SD_POWER_POF_THRESHOLD_SET=0x80,64
+SD_POWER_RAMON_SET=0x80,65
+SD_POWER_RAMON_CLR=0x80,66
+SD_POWER_RAMON_GET=0x80,67
+SD_POWER_GPREGRET_SET=0x80,68
+SD_POWER_GPREGRET_CLR=0x80,69
+SD_POWER_GPREGRET_GET=0x80,70
+SD_POWER_DCDC_MODE_SET=0x80,71
+SD_APP_EVT_WAIT=0x80,72
+SD_CLOCK_HFCLK_REQUEST=0x80,73
+SD_CLOCK_HFCLK_RELEASE=0x80,74
+SD_CLOCK_HFCLK_IS_RUNNING=0x80,75
+SD_RADIO_NOTIFICATION_CFG_SET=0x80,76
+SD_ECB_BLOCK_ENCRYPT=0x80,77
+SD_RADIO_SESSION_OPEN=0x80,78
+SD_RADIO_SESSION_CLOSE=0x80,79
+SD_RADIO_REQUEST=0x80,80
+SD_EVT_GET=0x80,81
+SD_TEMP_GET=0x80,82
+SVC_SOC_LAS=0x80,83
+SD_BLE_ENABLE=0x80,96
+SD_BLE_EVT_GET=0x80,97
+SD_BLE_TX_BUFFER_COUNT_GET=0x80,98
+SD_BLE_UUID_VS_ADD=0x80,99
+SD_BLE_UUID_DECODE=0x80,100
+SD_BLE_UUID_ENCODE=0x80,101
+SD_BLE_VERSION_GET=0x80,102
+SD_BLE_USER_MEM_REPLY=0x80,103
+SD_BLE_OPT_SET=0x80,104
+SD_BLE_OPT_GET=0x80,105
+SD_BLE_GAP_ADDRESS_SET=0x80,112
+SD_BLE_GAP_ADDRESS_GET=0x80,113
+SD_BLE_GAP_ADV_DATA_SET=0x80,114
+SD_BLE_GAP_ADV_START=0x80,115
+SD_BLE_GAP_ADV_STOP=0x80,116
+SD_BLE_GAP_CONN_PARAM_UPDATE=0x80,117
+SD_BLE_GAP_DISCONNECT=0x80,118
+SD_BLE_GAP_TX_POWER_SET=0x80,119
+SD_BLE_GAP_APPEARANCE_SET=0x80,120
+SD_BLE_GAP_APPEARANCE_GET=0x80,121
+SD_BLE_GAP_PPCP_SET=0x80,122
+SD_BLE_GAP_PPCP_GET=0x80,123
+SD_BLE_GAP_DEVICE_NAME_SET=0x80,124
+SD_BLE_GAP_DEVICE_NAME_GET=0x80,125
+SD_BLE_GAP_AUTHENTICATE=0x80,126
+SD_BLE_GAP_SEC_PARAMS_REPLY=0x80,127
+SD_BLE_GAP_AUTH_KEY_REPLY=0x80,128
+SD_BLE_GAP_ENCRYPT=0x80,129
+SD_BLE_GAP_SEC_INFO_REPLY=0x80,130
+SD_BLE_GAP_CONN_SEC_GET=0x80,131
+SD_BLE_GAP_RSSI_START=0x80,132
+SD_BLE_GAP_RSSI_STOP=0x80,133
+SD_BLE_GAP_SCAN_START=0x80,134
+SD_BLE_GAP_SCAN_STOP=0x80,135
+SD_BLE_GAP_CONNECT=0x80,136
+SD_BLE_GAP_CONNECT_CANCEL=0x80,137
+SD_BLE_GAP_RSSI_GET=0x80,138
+SD_BLE_GATTC_PRIMARY_SERVICES_DISCOVER=0x80,144
+SD_BLE_GATTC_RELATIONSHIPS_DISCOVER=0x80,145
+SD_BLE_GATTC_CHARACTERISTICS_DISCOVER=0x80,146
+SD_BLE_GATTC_DESCRIPTORS_DISCOVER=0x80,147
+SD_BLE_GATTC_CHAR_VALUE_BY_UUID_READ=0x80,148
+SD_BLE_GATTC_READ=0x80,149
+SD_BLE_GATTC_CHAR_VALUES_READ=0x80,150
+SD_BLE_GATTC_WRITE=0x80,151
+SD_BLE_GATTC_HV_CONFIRM=0x80,152
+SD_BLE_GATTS_SERVICE_ADD=0x80,160
+SD_BLE_GATTS_INCLUDE_ADD=0x80,161
+SD_BLE_GATTS_CHARACTERISTIC_ADD=0x80,162
+SD_BLE_GATTS_DESCRIPTOR_ADD=0x80,163
+SD_BLE_GATTS_VALUE_SET=0x80,164
+SD_BLE_GATTS_VALUE_GET=0x80,165
+SD_BLE_GATTS_HVX=0x80,166
+SD_BLE_GATTS_SERVICE_CHANGED=0x80,167
+SD_BLE_GATTS_RW_AUTHORIZE_REPLY=0x80,168
+SD_BLE_GATTS_SYS_ATTR_SET=0x80,169
+SD_BLE_GATTS_SYS_ATTR_GET=0x80,170
+SD_BLE_L2CAP_CID_REGISTER=0x80,176
+SD_BLE_L2CAP_CID_UNREGISTER=0x80,177
+SD_BLE_L2CAP_TX=0x80,178
+SD_BLE_L2CAP_4=0x80,179
+SD_BLE_L2CAP_5=0x80,180
+SD_BLE_L2CAP_6=0x80,181
+SD_BLE_L2CAP_7=0x80,182
+SD_BLE_L2CAP_8=0x80,183
+SD_BLE_L2CAP_9=0x80,184
+SD_BLE_L2CAP_10=0x80,185
+SD_BLE_L2CAP_11=0x80,186
+SD_BLE_L2CAP_12=0x80,187
+SD_BLE_L2CAP_13=0x80,188
+SD_BLE_L2CAP_14=0x80,189
+SD_BLE_L2CAP_15=0x80,190
+SD_BLE_L2CAP_16=0x80,191
-- 
2.15.2 (Apple Git-101.1)

#define SVCALL(number, return_type, signature) \
  _Pragma("GCC diagnostic ignored \"-Wunused-function\"") \
  _Pragma("GCC diagnostic push") \
  _Pragma("GCC diagnostic ignored \"-Wreturn-type\"") \
  __attribute__((naked)) static return_type signature \
  { \
    __asm( \
        "svc %0\n" \
        "bx r14" : : "I" (number) : "r0" \
    ); \
  }    \
  _Pragma("GCC diagnostic pop")

SVCALL(0x10, uint32_t, sd_softdevice_enable(nrf_clock_lfclksrc_t clock_source, softdevice_assertion_handler_t assertion_handler));

SVC number ranges
SoftDevice 0x10-0xFF
Application 0x00-0x0F (in our case the bootloader/dfu stuff uses 0 and 1 it seems)

Software interrupt (SWI)	Peripheral ID	SoftDevice Signal
0	20	Unused by the SoftDevice and available to the application.
1	21	Radio Notification - optionally configured through API.
2	22	SoftDevice Event Notification.
3	23	Reserved.
4	24	Lower stack processing - not user configurable.
5	25	Upper stack signaling - not user configurable.

ok so these are just more interrupts available on the device, and unrelated to 'swi'
but we now know on nrf51 that swi1 handlers are radio handlers, swi2 are softdevice handlers if a softdevice is present

now it picks up the 0 and 1 syscall

nice , some improvment atleast :D

but nothing after. Note theres a gap there to the 16th interrupt. Might I need to fill that somehow?

that's littile strange , and currently, i am very busy with many things , but sure i will look into it whenever i am free !

@sivaramaaa Any thoughts on how to patch /as to be able to get syscall number from immediate for arm thumb platforms?
You can see below that it calls svc 0x7c so I wanna use 0x7c as offset here https://github.com/radare/radare2/blob/master/libr/core/cmd_search.c#L1811

/ (fcn) sub.EASYFIT_HR_de0 88                                                                                                                                  
|   sub.EASYFIT_HR_de0 (int arg_0h, int arg_4h);                                                                                                               
|           ; arg int arg_0h @ sp+0x0                                                                                                                          
|           ; arg int arg_4h @ sp+0x4                                                                                                                          
|           ; CALL XREF from fcn.00018c54 (0x18c64)                                                                                                            
|           0x00018de0      0eb5           push {r1, r2, r3, lr}       ; sp=0x20004aa8                                                                         
|           0x00018de2      1120           movs r0, 0x11               ; r0=0x11 -> 0x7c0 ; zf=0x0                                                             
|           0x00018de4      6946           mov r1, sp                  ; r1=0x20004aa8                                                                         
|           0x00018de6      0872           strb r0, [r1, 8]                                                                                                    
|           0x00018de8      0a22           movs r2, 0xa                ; aav.0x0000000a ; r2=0xa -> 0x6b10000 ; zf=0x0                                         
|           0x00018dea      50a1           adr r1, str.EASYFIT_HR      ; 0x18f2c ; "EASYFIT HR" ; r1=0x140 -> 0x6809493e                                       
|           0x00018dec      02a8           add r0, sp, 8               ; r0=0x20004ab0 r13                                                                     
|           ;-- hit0_16.DFU_BLE_SVC_SET_PEER_DATA:                                                                                                             
|           0x00018dee      7cdf           svc 0x7c                    ; 0x00 = DFU_BLE_SVC_SET_PEER_DATA ()                                                   

Update pancake fixed op.val on thumb and I have the start of a pr here radareorg/radare2#11079