diff --git a/badge.resc b/badge.resc index 1e3dc2a..c591b5e 100644 --- a/badge.resc +++ b/badge.resc @@ -35,9 +35,256 @@ sysbus LoadBinary @esp32s3-irom.bin 0x40000000 sysbus LoadBinary @esp32s3-drom.bin 0x3FF00000 #sysbus LoadBinary @esp32s3-efuses.bin 0x60007000 sysbus LoadELF @bootloader.elf +#copy_bootrom_data +setup_hooks sysbus.cpu +sysbus WriteDoubleWord 0x600c40a0 0x8 cpu PC 0x40000400 """ +python +""" +def memcpy(dest, src, n): + data = self.Machine.SystemBus.ReadBytes(src, n) + self.Machine.SystemBus.WriteBytes(data, dest) + +def mc_setup_hooks(cpu): + from Antmicro.Renode.Peripherals.CPU import RegisterValue +# LR, SP, R0 + A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10 = 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99 + cpu = self.Machine[cpu] + + def format_val(v): + try: + return "0x{:08x}".format(long(v)) + except: + return str(v) + + def log(*args): + cpu.Log(LogLevel.Warning, "{0}", ", ".join(map(format_val, args))) + + def get(reg, raw=True): + v = cpu.GetRegisterUnsafe(reg) + if raw: + return v.RawValue + return v + + def lr(): + return get(A0, raw=False) + + def args(): + return list(map(get, (A2, A3, A4))) + + def set(reg, val): + cpu.SetRegisterUnsafe(reg, RegisterValue.Create(val, 32)) + + def cstr(addr): + out = bytearray() + b = self.Machine.SystemBus.ReadByte(addr) + while b != 0: + out.append(b) + addr += 1 + b = self.Machine.SystemBus.ReadByte(addr) + return bytes(out) + + def hook(addr_or_name): + def wrap(fn): + if isinstance(addr_or_name, str): + addr = self.Machine.SystemBus.GetSymbolAddress(addr_or_name) + else: + addr = addr_or_name + cpu.AddHook(addr, fn) + return fn + return wrap + + @hook(0x4004578f) + def ets_run_flash_bootloader_hook(cpu, pc): + log("ets_run_flash_bootloader", *args()) + # this function loads software bootloader + # we have it already loaded, just jump before + # executing user code (software bootloader) + cpu.PC = RegisterValue.Create(0x40043ca3,32) + + @hook(0x40043ca6) + def hook_soft_address(cpu, pc): + log("hook_soft_address", *args()) + # write address already loaded software bootloader to register + self.Machine.SystemBus.WriteDoubleWord(0x3fcedf14, 0x403c9908) + + @hook(0x403cf295) + def hook_set_i2c_ctrl(cpu, pc): + log("set i2c ctrl", *args()) + # write address of i2c sysreg control register + self.Machine.SystemBus.WriteDoubleWord(0x403ccb14, 0x600C0018) + + @hook(0x403c99f1) + def hook_cache_hal_init(cpu, pc): + log("cache_hal_init", *args()) + cpu.PC = RegisterValue.Create(0x403c99f4,32) + + @hook (0x403cd59c) + def hook_cache_hal_disable(cpu, pc): + log("cache_hal_disable", *args()) + cpu.PC = RegisterValue.Create(0x403cd59f,32) + + @hook (0x403cd5b7) + def hook_cache_hal_enable(cpu, pc): + log("cache_hal_enable", *args()) + cpu.PC = RegisterValue.Create(0x403cd5ba,32) + + @hook (0x403c9f6f) + def hook_cache_hal_disable2(cpu, pc): + log("cache_hal_disable2", *args()) + cpu.PC = RegisterValue.Create(0x403c9f72,32) + + @hook (0x403c9f94) + def hook_cache_hal_enable2(cpu, pc): + log("cache_hal_enable2", *args()) + cpu.PC = RegisterValue.Create(0x403c9f97,32) + + @hook (0x403cd4c8) + def hook_cache_hal_disable3(cpu, pc): + log("cache_hal_disable3", *args()) + cpu.PC = RegisterValue.Create(0x403cd4cb,32) + + @hook (0x403cd4e3) + def hook_cache_hal_enable3(cpu, pc): + log("cache_hal_enable3", *args()) + cpu.PC = RegisterValue.Create(0x403cd4e6,32) + + @hook (0x403cd50f) + def hook_cache_hal_disable4(cpu, pc): + log("cache_hal_disable4", *args()) + cpu.PC = RegisterValue.Create(0x403cd512,32) + + @hook (0x403cd8f1) + def hook_cache_hal_disable5(cpu, pc): + log("cache_hal_disable5", *args()) + cpu.PC = RegisterValue.Create(0x403cd8f4,32) + + @hook (0x403cd978) + def hook_cache_hal_enable4(cpu, pc): + log("cache_hal_enable4", *args()) + cpu.PC = RegisterValue.Create(0x403cd97b,32) + + @hook(0x403c9a1c) + def hook_cpu_rev_check(cpu, pc): + log("cpu_rev_check", *args()) + cpu.PC = RegisterValue.Create(0x403c9a1f,32) + + @hook (0x403c9a98) + def hook_skip_rng_init(cpu, pc): + log("skip_rng_init", *args()) + cpu.PC = RegisterValue.Create(0x403c9a9b,32) + + @hook (0x403ce971) + def hook_skip_part_size_check(cpu, pc): + log("skip_part_size_check", *args()) + cpu.PC = RegisterValue.Create(0x403ce9a3,32) + + @hook (0x403ce129) + def hook_skip_flash_check(cpu, pc): + log("skip_flash_check", *args()) + cpu.PC = RegisterValue.Create(0x403ce1b0,32) + + @hook (0x403cd8c2) + def hook_skip_disable_rng(cpu, pc): + log("skip_disable_rng", *args()) + cpu.PC = RegisterValue.Create(0x403cd8c5,32) + + @hook (0x403cd917) + def hook_skip_hal_map_region(cpu, pc): + log("skip_hal_map_region", *args()) + cpu.PC = RegisterValue.Create(0x403cd91a,32) + + @hook (0x403cd933) + def hook_skip_hal_map_region2(cpu, pc): + log("skip_hal_map_region2", *args()) + cpu.PC = RegisterValue.Create(0x403cd936,32) + + @hook (0x403cd93c) + def hook_skip_cache_setup(cpu, pc): + log("skip_cache_setup", *args()) + cpu.PC = RegisterValue.Create(0x403cd97b,32) + + @hook (0x403cd8eb) + def hook_image_entry_addr(cpu, pc): + log("image_entry_addr", *args()) + set(A9, 0x42004834) + + @hook (0x4209ec01) + def hook_skip_esp_log_write(cpu, pc): + log("skip_esp_log_write", *args()) + cpu.PC = RegisterValue.Create(0x4209ec04,32) + self.Machine.SystemBus.WriteDoubleWord(0x3fcaa5e8, 0x1) + + @hook (0x4202c611) + def hook_skip_esp_log_write2(cpu, pc): + log("skip_esp_log_write2", *args()) + cpu.PC = RegisterValue.Create(0x4202c614,32) + + @hook (0x4209ec60) + def hook_skip_mem_check(cpu, pc): + log("skip_mem_check", *args()) + cpu.PC = RegisterValue.Create(0x4209ec8c,32) + + @hook (0x420049ba) + def hook_esp_systimer(cpu, pc): + log("esp_systimer", *args()) + cpu.PC = RegisterValue.Create(0x420049bd,32) + + @hook (0x420049c3) + def hook_esp_sysinit(cpu, pc): + log("esp_sysinit", *args()) + cpu.PC = RegisterValue.Create(0x420049c6,32) + + @hook (0x4037dfad) + def hook_spi_flash_chip_init(cpu, pc): + log("spi_flash_chip_init", *args()) + cpu.PC = RegisterValue.Create(0x4037dfb0,32) + + @hook (0x42004a67) + def hook_assert_func(cpu, pc): + log("assert_func", *args()) + cpu.PC = RegisterValue.Create(0x42004a6a,32) + + @hook (0x42008617) + def hook_timer_init(cpu, pc): + log("timer_init", *args()) + set(A10, 0x0) + cpu.PC = RegisterValue.Create(0x4200861a,32) + + @hook (0x40041a7c) + def hook_skip_us_delay(cpu, pc): + log("skip_us_delay", *args()) + set(A2, get(A8)) + cpu.PC = RegisterValue.Create(0x40041a7f,32) + + @hook (0x42004aed) + def hook_delay_skip(cpu, pc): + log("delay_skip", *args()) + cpu.PC = RegisterValue.Create(0x42004af0,32) + + @hook (0x4038a615) + def hook_hal_timer(cpu, pc): + log("hal_timer", *args()) + cpu.PC = RegisterValue.Create(0x42004b11,32) + + @hook (0x4209ecda) + def hook_crosscore_init(cpu, pc): + log("crosscore_init", *args()) + cpu.PC = RegisterValue.Create(0x4209ecdd,32) + + @hook (0x40387f69) + def hook_port_setup_timer(cpu, pc): + log("port_setup_timer", *args()) + cpu.PC = RegisterValue.Create(0x40387f6c,32) + + @hook (0x40386c85) + def hook_timer_get_time(cpu, pc): + log("timer_get_time", *args()) + cpu.PC = RegisterValue.Create(0x40386c88,32) +""" + runMacro $reset start