-
Notifications
You must be signed in to change notification settings - Fork 1
/
pickup.py
executable file
·84 lines (63 loc) · 1.93 KB
/
pickup.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/usr/bin/env python2
#
# to run: python2 pickup.py
#
# OpenOCD library: https://github.com/screwer/OpenOCD
# change line 193
# if not self.Name:
#
# Use the OpenOCD library
from OpenOCD import OpenOCD
import sys
def int_to_bytes(value, length):
result = []
for i in range(0, length):
result.append(value >> (i * 8) & 0xff)
result.reverse()
return bytearray(result)
# create connection to running instance of OpenOCD
ocd = OpenOCD()
# reset and halt the processor
ocd.Reset(Halt=True)
# create a variable for the program counter register
pc = ocd.Reg("pc")
# the address found with drop.py that contains the instruction
# that will copy the contents of memory and store it in a register
pc_pickup_val = 0x6DC
# the regsiter where to write the memory address to be read
write_reg = ocd.Reg("r3")
# the register to read the value stored at the specified memory
read_reg = ocd.Reg("r3")
# the size of the the chip's flash memory
#flash_size = 0x800
flash_size = 0x40000
# the output filename
outfile = "re-extracted-test.bin"
# reset all registers to 0 (do we really need this ??)
reg = []
for i in range(0,13):
reg.append(ocd.Reg("r%d" % i))
for i in range(len(reg)):
reg[i].Write(0)
# create output file
data = open(outfile, 'w+b')
# loop over all memory
#for addr in range(0x3D000,flash_size,4):
for addr in range(0x3D000,0x3D000+0x800,4):
# write the address of the memory copy instruction to the program counter
pc.Write(pc_pickup_val)
# write the memory address to be read
write_reg.Write(addr)
# execute the instruction
ocd.Step()
# read the memory contents back
buf = read_reg.Read()
# convert the int value to bytes and write that to the output file
data.write(int_to_bytes(buf,4))
# create some sort of output so we know the program is still running (it takes a while)
#sys.stdout.write('.')
#sys.stdout.flush()
#print("[0x%08X] 0x%08X" % (addr, buf))
data.close()
print()
print("Done")