This will introduce the basics of the Coretx-m7 arm architecture and some of it s ABI:s (Cortex-M7) Lots of info was found in this great blog, cortex-m-rtos-context-switching The registers (r0-r15) r15 PC. The Program Counter (Current Instruction) r14 LR. The Link Register (Return Address) r13 SP The Stack Pointer (Banked…

Like a Pro The portenta H7 is quite a capable beast, packing a 480Mhz Cortex M7 and a 240Mhz Cortex M4 in the form of a STM32H747 chip. It contains 2MB flash and 1MB SRAM onboard the MCU, as well as 8MB external SDRAM and 16MB flash over QSPI. If…

90% of coding is debugging. The other 10% is writing bugs. Therefore the debugger is an essential tool when programming in i.e. the Linux environment. Here I will go through an example where we use qt-creators pretty printer, reverse execution and the address sanitizer to find a stack overwrite. I…

The most popular story I have written so far on medium, was about about analyzing an esp32 fash dump that I created myself. https://olof-astrand.medium.com/analyzing-an-esp32-flash-dump-with-ghidra-e70e7f89a57f One of the drawbacks of this procedure is that you need to build the esp32 flash loader as a plugin for ghidra. This is something you…

Do you have some wireless devices and maybe an SDR like the RTL-SDR? Then you should download Universal Radio Hacker and look at the data. In this article I will go through that process with a wireless socket set, that I bought at the supermarket (Lidl). I used version 2.9.1…

On the espressif esp32s2 they have two coprocessors. One of them is a RV32IMC RiscV core. Here I will look at how to program it and what is added by the esp-idf ULP-RISC-V Coprocessor programming - ESP32-S2 - - ESP-IDF Programming Guide latest documentation The ULP-RISC-V coprocessor is a variant of the ULP, present in ESP32-S2. Similar to ULP, ULP RISC-V coprocessor can…docs.espressif.com You need to install esp-idf and the risc-v toolchain.

As a third step I will use the flash loader to import the same binary, as in the previous story https://medium.com/@olof.astrand/enter-home-dragon-with-ghidra-3ed7ddf75935 . In order to get started you need to install ghidra and Xtensa processor support https://github.com/Ebiroll/ghidra-xtensa and the esp32 flash loader. Dump the flash of an esp32 esptool.py -p /dev/ttyUSB0 -b 460800 read_flash 0 0x400000…

In some binaries from the chinese fabless semiconductor company called Espressif, I have noticed the string /home/dragon. I see this as an invitation to eneter the home of the dragon. …

Despite the title, I will not be talking about three-headed dragon-like monsters, dwarfs and elfs. Instead we will be talking about ghidra, the reverse engineering software tool. (https://ghidra-sre.org/) Although it is primarily a reverse engineering tool similar to IDA. …