Skip to content

Instantly share code, notes, and snippets.

@jacobrosenthal

jacobrosenthal/0001-add-s110-syscalls.patch

Last active August 14, 2018 05:32
Show Gist options
  • Save jacobrosenthal/6814a2fa2d101827b1bd6f6ecaf4fd47 to your computer and use it in GitHub Desktop.
Save jacobrosenthal/6814a2fa2d101827b1bd6f6ecaf4fd47 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
0001-add-s110-syscalls.patch
From 727cffc1735597e950abdc605edf935b535466dc Mon Sep 17 00:00:00 2001
From: Jacob Rosenthal <[email protected]>
Date: Mon, 30 Jul 2018 14:39:28 -0700
Subject: [PATCH] add s110 syscalls
---
libr/syscall/d/Makefile | 1 +
libr/syscall/d/meson.build | 1 +
libr/syscall/d/s110-arm-16.sdb.txt | 134 +++++++++++++++++++++++++++++++++++++
3 files changed, 136 insertions(+)
create mode 100644 libr/syscall/d/s110-arm-16.sdb.txt
diff --git a/libr/syscall/d/Makefile b/libr/syscall/d/Makefile
index 5a19bdac7..00c5833b2 100644
--- a/libr/syscall/d/Makefile
+++ b/libr/syscall/d/Makefile
@@ -8,6 +8,7 @@ F+= linux-x86-32
F+= linux-x86-64
F+= linux-arm-32
F+= linux-arm-64
+F+= s110-arm-16
F+= linux-mips-32
F+= linux-sparc-32
F+= darwin-x86-32
diff --git a/libr/syscall/d/meson.build b/libr/syscall/d/meson.build
index 9f6b75ec4..8c33d5fb3 100644
--- a/libr/syscall/d/meson.build
+++ b/libr/syscall/d/meson.build
@@ -5,6 +5,7 @@ sdb_files = [
'ios-arm-64',
'linux-x86-32',
'linux-x86-64',
+ 's110-arm-16',
'linux-arm-32',
'linux-arm-64',
'linux-mips-32',
diff --git a/libr/syscall/d/s110-arm-16.sdb.txt b/libr/syscall/d/s110-arm-16.sdb.txt
new file mode 100644
index 000000000..6ad0387f0
--- /dev/null
+++ b/libr/syscall/d/s110-arm-16.sdb.txt
@@ -0,0 +1,134 @@
+_=0x80
+DFU_BLE_SVC_SET_PEER_DATA=0x80,0
+BOOTLOADER_SVC_LAST=0x80,1
+SD_SOFTDEVICE_ENABLE=0x80,16
+SD_SOFTDEVICE_DISABLE=0x80,17
+SD_SOFTDEVICE_IS_ENABLED=0x80,18
+SD_SOFTDEVICE_VECTOR_TABLE_BASE_SET=0x80,19
+SVC_SDM_LAST=0x80,20
+SD_MBR_COMMAND=0x80,24
+SD_PPI_CHANNEL_ENABLE_GET=0x80,32
+SD_PPI_CHANNEL_ENABLE_SET=0x80,33
+SD_PPI_CHANNEL_ENABLE_CLR=0x80,34
+SD_PPI_CHANNEL_ASSIGN=0x80,35
+SD_PPI_GROUP_TASK_ENABLE=0x80,36
+SD_PPI_GROUP_TASK_DISABLE=0x80,37
+SD_PPI_GROUP_ASSIGN=0x80,38
+SD_PPI_GROUP_GET=0x80,39
+SD_FLASH_PAGE_ERASE=0x80,40
+SD_FLASH_WRITE=0x80,41
+SD_FLASH_PROTECT=0x80,42
+SD_MUTEX_NEW=0x80,43
+SD_MUTEX_ACQUIRE=0x80,44
+SD_MUTEX_RELEASE=0x80,45
+SD_NVIC_ENABLEIRQ=0x80,46
+SD_NVIC_DISABLEIRQ=0x80,47
+SD_NVIC_GETPENDINGIRQ=0x80,48
+SD_NVIC_SETPENDINGIRQ=0x80,49
+SD_NVIC_CLEARPENDINGIRQ=0x80,50
+SD_NVIC_SETPRIORITY=0x80,51
+SD_NVIC_GETPRIORITY=0x80,52
+SD_NVIC_SYSTEMRESET=0x80,53
+SD_NVIC_CRITICAL_REGION_ENTER=0x80,54
+SD_NVIC_CRITICAL_REGION_EXIT=0x80,55
+SD_RAND_APPLICATION_POOL_CAPACITY=0x80,56
+SD_RAND_APPLICATION_BYTES_AVAILABLE=0x80,57
+SD_RAND_APPLICATION_GET_VECTOR=0x80,58
+SD_POWER_MODE_SET=0x80,59
+SD_POWER_SYSTEM_OFF=0x80,60
+SD_POWER_RESET_REASON_GET=0x80,61
+SD_POWER_RESET_REASON_CLR=0x80,62
+SD_POWER_POF_ENABLE=0x80,63
+SD_POWER_POF_THRESHOLD_SET=0x80,64
+SD_POWER_RAMON_SET=0x80,65
+SD_POWER_RAMON_CLR=0x80,66
+SD_POWER_RAMON_GET=0x80,67
+SD_POWER_GPREGRET_SET=0x80,68
+SD_POWER_GPREGRET_CLR=0x80,69
+SD_POWER_GPREGRET_GET=0x80,70
+SD_POWER_DCDC_MODE_SET=0x80,71
+SD_APP_EVT_WAIT=0x80,72
+SD_CLOCK_HFCLK_REQUEST=0x80,73
+SD_CLOCK_HFCLK_RELEASE=0x80,74
+SD_CLOCK_HFCLK_IS_RUNNING=0x80,75
+SD_RADIO_NOTIFICATION_CFG_SET=0x80,76
+SD_ECB_BLOCK_ENCRYPT=0x80,77
+SD_RADIO_SESSION_OPEN=0x80,78
+SD_RADIO_SESSION_CLOSE=0x80,79
+SD_RADIO_REQUEST=0x80,80
+SD_EVT_GET=0x80,81
+SD_TEMP_GET=0x80,82
+SVC_SOC_LAS=0x80,83
+SD_BLE_ENABLE=0x80,96
+SD_BLE_EVT_GET=0x80,97
+SD_BLE_TX_BUFFER_COUNT_GET=0x80,98
+SD_BLE_UUID_VS_ADD=0x80,99
+SD_BLE_UUID_DECODE=0x80,100
+SD_BLE_UUID_ENCODE=0x80,101
+SD_BLE_VERSION_GET=0x80,102
+SD_BLE_USER_MEM_REPLY=0x80,103
+SD_BLE_OPT_SET=0x80,104
+SD_BLE_OPT_GET=0x80,105
+SD_BLE_GAP_ADDRESS_SET=0x80,112
+SD_BLE_GAP_ADDRESS_GET=0x80,113
+SD_BLE_GAP_ADV_DATA_SET=0x80,114
+SD_BLE_GAP_ADV_START=0x80,115
+SD_BLE_GAP_ADV_STOP=0x80,116
+SD_BLE_GAP_CONN_PARAM_UPDATE=0x80,117
+SD_BLE_GAP_DISCONNECT=0x80,118
+SD_BLE_GAP_TX_POWER_SET=0x80,119
+SD_BLE_GAP_APPEARANCE_SET=0x80,120
+SD_BLE_GAP_APPEARANCE_GET=0x80,121
+SD_BLE_GAP_PPCP_SET=0x80,122
+SD_BLE_GAP_PPCP_GET=0x80,123
+SD_BLE_GAP_DEVICE_NAME_SET=0x80,124
+SD_BLE_GAP_DEVICE_NAME_GET=0x80,125
+SD_BLE_GAP_AUTHENTICATE=0x80,126
+SD_BLE_GAP_SEC_PARAMS_REPLY=0x80,127
+SD_BLE_GAP_AUTH_KEY_REPLY=0x80,128
+SD_BLE_GAP_ENCRYPT=0x80,129
+SD_BLE_GAP_SEC_INFO_REPLY=0x80,130
+SD_BLE_GAP_CONN_SEC_GET=0x80,131
+SD_BLE_GAP_RSSI_START=0x80,132
+SD_BLE_GAP_RSSI_STOP=0x80,133
+SD_BLE_GAP_SCAN_START=0x80,134
+SD_BLE_GAP_SCAN_STOP=0x80,135
+SD_BLE_GAP_CONNECT=0x80,136
+SD_BLE_GAP_CONNECT_CANCEL=0x80,137
+SD_BLE_GAP_RSSI_GET=0x80,138
+SD_BLE_GATTC_PRIMARY_SERVICES_DISCOVER=0x80,144
+SD_BLE_GATTC_RELATIONSHIPS_DISCOVER=0x80,145
+SD_BLE_GATTC_CHARACTERISTICS_DISCOVER=0x80,146
+SD_BLE_GATTC_DESCRIPTORS_DISCOVER=0x80,147
+SD_BLE_GATTC_CHAR_VALUE_BY_UUID_READ=0x80,148
+SD_BLE_GATTC_READ=0x80,149
+SD_BLE_GATTC_CHAR_VALUES_READ=0x80,150
+SD_BLE_GATTC_WRITE=0x80,151
+SD_BLE_GATTC_HV_CONFIRM=0x80,152
+SD_BLE_GATTS_SERVICE_ADD=0x80,160
+SD_BLE_GATTS_INCLUDE_ADD=0x80,161
+SD_BLE_GATTS_CHARACTERISTIC_ADD=0x80,162
+SD_BLE_GATTS_DESCRIPTOR_ADD=0x80,163
+SD_BLE_GATTS_VALUE_SET=0x80,164
+SD_BLE_GATTS_VALUE_GET=0x80,165
+SD_BLE_GATTS_HVX=0x80,166
+SD_BLE_GATTS_SERVICE_CHANGED=0x80,167
+SD_BLE_GATTS_RW_AUTHORIZE_REPLY=0x80,168
+SD_BLE_GATTS_SYS_ATTR_SET=0x80,169
+SD_BLE_GATTS_SYS_ATTR_GET=0x80,170
+SD_BLE_L2CAP_CID_REGISTER=0x80,176
+SD_BLE_L2CAP_CID_UNREGISTER=0x80,177
+SD_BLE_L2CAP_TX=0x80,178
+SD_BLE_L2CAP_4=0x80,179
+SD_BLE_L2CAP_5=0x80,180
+SD_BLE_L2CAP_6=0x80,181
+SD_BLE_L2CAP_7=0x80,182
+SD_BLE_L2CAP_8=0x80,183
+SD_BLE_L2CAP_9=0x80,184
+SD_BLE_L2CAP_10=0x80,185
+SD_BLE_L2CAP_11=0x80,186
+SD_BLE_L2CAP_12=0x80,187
+SD_BLE_L2CAP_13=0x80,188
+SD_BLE_L2CAP_14=0x80,189
+SD_BLE_L2CAP_15=0x80,190
+SD_BLE_L2CAP_16=0x80,191
--
2.15.2 (Apple Git-101.1)
@jacobrosenthal
Copy link
Author

jacobrosenthal commented Jul 31, 2018
edited
Loading

 Software interrupt (SWI) Peripheral ID SoftDevice Signal
0 20 Unused by the SoftDevice and available to the application.
1 21 Radio Notification - optionally configured through API.
2 22 SoftDevice Event Notification.
3 23 Reserved.
4 24 Lower stack processing - not user configurable.
5 25 Upper stack signaling - not user configurable.

ok so these are just more interrupts available on the device, and unrelated to 'swi'
but we now know on nrf51 that swi1 handlers are radio handlers, swi2 are softdevice handlers if a softdevice is present

@sivaramaaa
Copy link

now it picks up the 0 and 1 syscall

nice , some improvment atleast :D

but nothing after. Note theres a gap there to the 16th interrupt. Might I need to fill that somehow?

that's littile strange , and currently, i am very busy with many things , but sure i will look into it whenever i am free !

@jacobrosenthal
Copy link
Author

@sivaramaaa Any thoughts on how to patch /as to be able to get syscall number from immediate for arm thumb platforms?
You can see below that it calls svc 0x7c so I wanna use 0x7c as offset here https://github.com/radare/radare2/blob/master/libr/core/cmd_search.c#L1811

/ (fcn) sub.EASYFIT_HR_de0 88                                                                                                                                  
|   sub.EASYFIT_HR_de0 (int arg_0h, int arg_4h);                                                                                                               
|           ; arg int arg_0h @ sp+0x0                                                                                                                          
|           ; arg int arg_4h @ sp+0x4                                                                                                                          
|           ; CALL XREF from fcn.00018c54 (0x18c64)                                                                                                            
|           0x00018de0      0eb5           push {r1, r2, r3, lr}       ; sp=0x20004aa8                                                                         
|           0x00018de2      1120           movs r0, 0x11               ; r0=0x11 -> 0x7c0 ; zf=0x0                                                             
|           0x00018de4      6946           mov r1, sp                  ; r1=0x20004aa8                                                                         
|           0x00018de6      0872           strb r0, [r1, 8]                                                                                                    
|           0x00018de8      0a22           movs r2, 0xa                ; aav.0x0000000a ; r2=0xa -> 0x6b10000 ; zf=0x0                                         
|           0x00018dea      50a1           adr r1, str.EASYFIT_HR      ; 0x18f2c ; "EASYFIT HR" ; r1=0x140 -> 0x6809493e                                       
|           0x00018dec      02a8           add r0, sp, 8               ; r0=0x20004ab0 r13                                                                     
|           ;-- hit0_16.DFU_BLE_SVC_SET_PEER_DATA:                                                                                                             
|           0x00018dee      7cdf           svc 0x7c                    ; 0x00 = DFU_BLE_SVC_SET_PEER_DATA ()

@jacobrosenthal
Copy link
Author

Update pancake fixed op.val on thumb and I have the start of a pr here radareorg/radare2#11079

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment