Skip to content

Latest commit

 

History

History
156 lines (118 loc) · 3.13 KB

part-10-hacking-int.md

File metadata and controls

156 lines (118 loc) · 3.13 KB

Part 10 - Hacking int

Today we hack our simple int program. Let's review the code.

0x04_int.c

#include <stdio.h>
#include "pico/stdlib.h"

int main() 
{
  stdio_init_all();

  while(1) 
  {
    int x = 40; 

    printf("%d\n", x); 

    sleep_ms(1000);
  }

  return 0;
}

Let's fire up in our debugger.

radare2 -w arm -b 16 0x04_int.elf

Let's auto analyze.

aaaa

Let's seek to main.

s main

Let's go into visual mode by typing V and then p twice to get to a good debugger view.

We are going to first hack the int value which we know is 40 decimal or 28 hex.

:> wa movs r1, 0x30 @ 0x00000328
Written 2 byte(s) (movs r1, 0x30) = wx 3021

Here we see 0x30 is 48 decimal.

:> ? 0x30
int32   48
uint32  48
hex     0x30
octal   060
unit    48
segment 0000:0030
string  "0"
fvalue: 48.0
float:  0.000000f
double: 0.000000
binary  0b00110000
ternary 0t1210

We also see that 0xfa which we know is 250 decimal is our 1/4 millisecond delay that when shifted left twice, multiplies, and becomes 1000 decimal for 1 second delay.

:> ? 0xfa
int32   250
uint32  250
hex     0xfa
octal   0372
unit    250
segment 0000:00fa
string  "\xfa"
fvalue: 250.0
float:  0.000000f
double: 0.000000
binary  0b11111010
ternary 0t100021

Let's hack that to 50 decimal.

:> wa movs r0, 0x32 @ 0x00000330
Written 2 byte(s) (movs r0, 0x32) = wx 3220

We can see that it is in fact 50 decimal.

:> ? 0x32
int32   50
uint32  50
hex     0x32
octal   062
unit    50
segment 0000:0032
string  "2"
fvalue: 50.0
float:  0.000000f
double: 0.000000
binary  0b00110010
ternary 0t1212

Let's also only shift it left once such that it will take 50 decimal and turn it into 100 when it shifts left only once.

:> wa lsls r0, r0, 1 @ 0x00000332
Written 2 byte(s) (lsls r0, r0, 1) = wx 4000

All we have to do now is exit and convert our .elf to .uf2!

./elf2uf2/elf2uf2 0x04_int.elf 0x04_int.uf2

Plug in the Pico and make sure you hold down BOOTSEL or use the setup I provided in the part 2.

cp 0x04_int.uf2 /Volumes/RPI-RP2

Let's screen it!

screen /dev/tty.usbmodem0000000000001

AHH yea!

48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48

Here we see we hacked it to 48 decimal and it is printing every 100 milliseconds!

In our next lesson we will deal with floats and the unique way the Pico handles them as it does not have a co-processor.