Skip to content

Instantly share code, notes, and snippets.

@jacobrosenthal

jacobrosenthal/0001-add-s110-syscalls.patch

Last active August 14, 2018 05:32
Show Gist options
  • Save jacobrosenthal/6814a2fa2d101827b1bd6f6ecaf4fd47 to your computer and use it in GitHub Desktop.
Save jacobrosenthal/6814a2fa2d101827b1bd6f6ecaf4fd47 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
0001-add-s110-syscalls.patch
From 727cffc1735597e950abdc605edf935b535466dc Mon Sep 17 00:00:00 2001
From: Jacob Rosenthal <[email protected]>
Date: Mon, 30 Jul 2018 14:39:28 -0700
Subject: [PATCH] add s110 syscalls
---
libr/syscall/d/Makefile | 1 +
libr/syscall/d/meson.build | 1 +
libr/syscall/d/s110-arm-16.sdb.txt | 134 +++++++++++++++++++++++++++++++++++++
3 files changed, 136 insertions(+)
create mode 100644 libr/syscall/d/s110-arm-16.sdb.txt
diff --git a/libr/syscall/d/Makefile b/libr/syscall/d/Makefile
index 5a19bdac7..00c5833b2 100644
--- a/libr/syscall/d/Makefile
+++ b/libr/syscall/d/Makefile
@@ -8,6 +8,7 @@ F+= linux-x86-32
F+= linux-x86-64
F+= linux-arm-32
F+= linux-arm-64
+F+= s110-arm-16
F+= linux-mips-32
F+= linux-sparc-32
F+= darwin-x86-32
diff --git a/libr/syscall/d/meson.build b/libr/syscall/d/meson.build
index 9f6b75ec4..8c33d5fb3 100644
--- a/libr/syscall/d/meson.build
+++ b/libr/syscall/d/meson.build
@@ -5,6 +5,7 @@ sdb_files = [
'ios-arm-64',
'linux-x86-32',
'linux-x86-64',
+ 's110-arm-16',
'linux-arm-32',
'linux-arm-64',
'linux-mips-32',
diff --git a/libr/syscall/d/s110-arm-16.sdb.txt b/libr/syscall/d/s110-arm-16.sdb.txt
new file mode 100644
index 000000000..6ad0387f0
--- /dev/null
+++ b/libr/syscall/d/s110-arm-16.sdb.txt
@@ -0,0 +1,134 @@
+_=0x80
+DFU_BLE_SVC_SET_PEER_DATA=0x80,0
+BOOTLOADER_SVC_LAST=0x80,1
+SD_SOFTDEVICE_ENABLE=0x80,16
+SD_SOFTDEVICE_DISABLE=0x80,17
+SD_SOFTDEVICE_IS_ENABLED=0x80,18
+SD_SOFTDEVICE_VECTOR_TABLE_BASE_SET=0x80,19
+SVC_SDM_LAST=0x80,20
+SD_MBR_COMMAND=0x80,24
+SD_PPI_CHANNEL_ENABLE_GET=0x80,32
+SD_PPI_CHANNEL_ENABLE_SET=0x80,33
+SD_PPI_CHANNEL_ENABLE_CLR=0x80,34
+SD_PPI_CHANNEL_ASSIGN=0x80,35
+SD_PPI_GROUP_TASK_ENABLE=0x80,36
+SD_PPI_GROUP_TASK_DISABLE=0x80,37
+SD_PPI_GROUP_ASSIGN=0x80,38
+SD_PPI_GROUP_GET=0x80,39
+SD_FLASH_PAGE_ERASE=0x80,40
+SD_FLASH_WRITE=0x80,41
+SD_FLASH_PROTECT=0x80,42
+SD_MUTEX_NEW=0x80,43
+SD_MUTEX_ACQUIRE=0x80,44
+SD_MUTEX_RELEASE=0x80,45
+SD_NVIC_ENABLEIRQ=0x80,46
+SD_NVIC_DISABLEIRQ=0x80,47
+SD_NVIC_GETPENDINGIRQ=0x80,48
+SD_NVIC_SETPENDINGIRQ=0x80,49
+SD_NVIC_CLEARPENDINGIRQ=0x80,50
+SD_NVIC_SETPRIORITY=0x80,51
+SD_NVIC_GETPRIORITY=0x80,52
+SD_NVIC_SYSTEMRESET=0x80,53
+SD_NVIC_CRITICAL_REGION_ENTER=0x80,54
+SD_NVIC_CRITICAL_REGION_EXIT=0x80,55
+SD_RAND_APPLICATION_POOL_CAPACITY=0x80,56
+SD_RAND_APPLICATION_BYTES_AVAILABLE=0x80,57
+SD_RAND_APPLICATION_GET_VECTOR=0x80,58
+SD_POWER_MODE_SET=0x80,59
+SD_POWER_SYSTEM_OFF=0x80,60
+SD_POWER_RESET_REASON_GET=0x80,61
+SD_POWER_RESET_REASON_CLR=0x80,62
+SD_POWER_POF_ENABLE=0x80,63
+SD_POWER_POF_THRESHOLD_SET=0x80,64
+SD_POWER_RAMON_SET=0x80,65
+SD_POWER_RAMON_CLR=0x80,66
+SD_POWER_RAMON_GET=0x80,67
+SD_POWER_GPREGRET_SET=0x80,68
+SD_POWER_GPREGRET_CLR=0x80,69
+SD_POWER_GPREGRET_GET=0x80,70
+SD_POWER_DCDC_MODE_SET=0x80,71
+SD_APP_EVT_WAIT=0x80,72
+SD_CLOCK_HFCLK_REQUEST=0x80,73
+SD_CLOCK_HFCLK_RELEASE=0x80,74
+SD_CLOCK_HFCLK_IS_RUNNING=0x80,75
+SD_RADIO_NOTIFICATION_CFG_SET=0x80,76
+SD_ECB_BLOCK_ENCRYPT=0x80,77
+SD_RADIO_SESSION_OPEN=0x80,78
+SD_RADIO_SESSION_CLOSE=0x80,79
+SD_RADIO_REQUEST=0x80,80
+SD_EVT_GET=0x80,81
+SD_TEMP_GET=0x80,82
+SVC_SOC_LAS=0x80,83
+SD_BLE_ENABLE=0x80,96
+SD_BLE_EVT_GET=0x80,97
+SD_BLE_TX_BUFFER_COUNT_GET=0x80,98
+SD_BLE_UUID_VS_ADD=0x80,99
+SD_BLE_UUID_DECODE=0x80,100
+SD_BLE_UUID_ENCODE=0x80,101
+SD_BLE_VERSION_GET=0x80,102
+SD_BLE_USER_MEM_REPLY=0x80,103
+SD_BLE_OPT_SET=0x80,104
+SD_BLE_OPT_GET=0x80,105
+SD_BLE_GAP_ADDRESS_SET=0x80,112
+SD_BLE_GAP_ADDRESS_GET=0x80,113
+SD_BLE_GAP_ADV_DATA_SET=0x80,114
+SD_BLE_GAP_ADV_START=0x80,115
+SD_BLE_GAP_ADV_STOP=0x80,116
+SD_BLE_GAP_CONN_PARAM_UPDATE=0x80,117
+SD_BLE_GAP_DISCONNECT=0x80,118
+SD_BLE_GAP_TX_POWER_SET=0x80,119
+SD_BLE_GAP_APPEARANCE_SET=0x80,120
+SD_BLE_GAP_APPEARANCE_GET=0x80,121
+SD_BLE_GAP_PPCP_SET=0x80,122
+SD_BLE_GAP_PPCP_GET=0x80,123
+SD_BLE_GAP_DEVICE_NAME_SET=0x80,124
+SD_BLE_GAP_DEVICE_NAME_GET=0x80,125
+SD_BLE_GAP_AUTHENTICATE=0x80,126
+SD_BLE_GAP_SEC_PARAMS_REPLY=0x80,127
+SD_BLE_GAP_AUTH_KEY_REPLY=0x80,128
+SD_BLE_GAP_ENCRYPT=0x80,129
+SD_BLE_GAP_SEC_INFO_REPLY=0x80,130
+SD_BLE_GAP_CONN_SEC_GET=0x80,131
+SD_BLE_GAP_RSSI_START=0x80,132
+SD_BLE_GAP_RSSI_STOP=0x80,133
+SD_BLE_GAP_SCAN_START=0x80,134
+SD_BLE_GAP_SCAN_STOP=0x80,135
+SD_BLE_GAP_CONNECT=0x80,136
+SD_BLE_GAP_CONNECT_CANCEL=0x80,137
+SD_BLE_GAP_RSSI_GET=0x80,138
+SD_BLE_GATTC_PRIMARY_SERVICES_DISCOVER=0x80,144
+SD_BLE_GATTC_RELATIONSHIPS_DISCOVER=0x80,145
+SD_BLE_GATTC_CHARACTERISTICS_DISCOVER=0x80,146
+SD_BLE_GATTC_DESCRIPTORS_DISCOVER=0x80,147
+SD_BLE_GATTC_CHAR_VALUE_BY_UUID_READ=0x80,148
+SD_BLE_GATTC_READ=0x80,149
+SD_BLE_GATTC_CHAR_VALUES_READ=0x80,150
+SD_BLE_GATTC_WRITE=0x80,151
+SD_BLE_GATTC_HV_CONFIRM=0x80,152
+SD_BLE_GATTS_SERVICE_ADD=0x80,160
+SD_BLE_GATTS_INCLUDE_ADD=0x80,161
+SD_BLE_GATTS_CHARACTERISTIC_ADD=0x80,162
+SD_BLE_GATTS_DESCRIPTOR_ADD=0x80,163
+SD_BLE_GATTS_VALUE_SET=0x80,164
+SD_BLE_GATTS_VALUE_GET=0x80,165
+SD_BLE_GATTS_HVX=0x80,166
+SD_BLE_GATTS_SERVICE_CHANGED=0x80,167
+SD_BLE_GATTS_RW_AUTHORIZE_REPLY=0x80,168
+SD_BLE_GATTS_SYS_ATTR_SET=0x80,169
+SD_BLE_GATTS_SYS_ATTR_GET=0x80,170
+SD_BLE_L2CAP_CID_REGISTER=0x80,176
+SD_BLE_L2CAP_CID_UNREGISTER=0x80,177
+SD_BLE_L2CAP_TX=0x80,178
+SD_BLE_L2CAP_4=0x80,179
+SD_BLE_L2CAP_5=0x80,180
+SD_BLE_L2CAP_6=0x80,181
+SD_BLE_L2CAP_7=0x80,182
+SD_BLE_L2CAP_8=0x80,183
+SD_BLE_L2CAP_9=0x80,184
+SD_BLE_L2CAP_10=0x80,185
+SD_BLE_L2CAP_11=0x80,186
+SD_BLE_L2CAP_12=0x80,187
+SD_BLE_L2CAP_13=0x80,188
+SD_BLE_L2CAP_14=0x80,189
+SD_BLE_L2CAP_15=0x80,190
+SD_BLE_L2CAP_16=0x80,191
--
2.15.2 (Apple Git-101.1)
@sivaramaaa
Copy link

now it picks up the 0 and 1 syscall

nice , some improvment atleast :D

but nothing after. Note theres a gap there to the 16th interrupt. Might I need to fill that somehow?

that's littile strange , and currently, i am very busy with many things , but sure i will look into it whenever i am free !

@jacobrosenthal
Copy link
Author

@sivaramaaa Any thoughts on how to patch /as to be able to get syscall number from immediate for arm thumb platforms?
You can see below that it calls svc 0x7c so I wanna use 0x7c as offset here https://github.com/radare/radare2/blob/master/libr/core/cmd_search.c#L1811

/ (fcn) sub.EASYFIT_HR_de0 88                                                                                                                                  
|   sub.EASYFIT_HR_de0 (int arg_0h, int arg_4h);                                                                                                               
|           ; arg int arg_0h @ sp+0x0                                                                                                                          
|           ; arg int arg_4h @ sp+0x4                                                                                                                          
|           ; CALL XREF from fcn.00018c54 (0x18c64)                                                                                                            
|           0x00018de0      0eb5           push {r1, r2, r3, lr}       ; sp=0x20004aa8                                                                         
|           0x00018de2      1120           movs r0, 0x11               ; r0=0x11 -> 0x7c0 ; zf=0x0                                                             
|           0x00018de4      6946           mov r1, sp                  ; r1=0x20004aa8                                                                         
|           0x00018de6      0872           strb r0, [r1, 8]                                                                                                    
|           0x00018de8      0a22           movs r2, 0xa                ; aav.0x0000000a ; r2=0xa -> 0x6b10000 ; zf=0x0                                         
|           0x00018dea      50a1           adr r1, str.EASYFIT_HR      ; 0x18f2c ; "EASYFIT HR" ; r1=0x140 -> 0x6809493e                                       
|           0x00018dec      02a8           add r0, sp, 8               ; r0=0x20004ab0 r13                                                                     
|           ;-- hit0_16.DFU_BLE_SVC_SET_PEER_DATA:                                                                                                             
|           0x00018dee      7cdf           svc 0x7c                    ; 0x00 = DFU_BLE_SVC_SET_PEER_DATA ()

@jacobrosenthal
Copy link
Author

Update pancake fixed op.val on thumb and I have the start of a pr here radareorg/radare2#11079

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment