Today we hack our simple int program. Let's review the code.
0x04_int.c
#include <stdio.h> #include "pico/stdlib.h" int main() { stdio_init_all(); while(1) { int x = 40; printf("%d\n", x); sleep_ms(1000); } return 0; }
Let's fire up in our debugger.
radare2 -w arm -b 16 0x04_int.elf
Let's auto analyze.
aaaa
Let's seek to main.
s main
Let's go into visual mode by typing V and then p twice to get to a good debugger view.
We are going to first hack the int value which we know is 40 decimal or 28 hex.
:> wa movs r1, 0x30 @ 0x00000328 Written 2 byte(s) (movs r1, 0x30) = wx 3021
Here we see 0x30 is 48 decimal.
:> ? 0x30 int32 48 uint32 48 hex 0x30 octal 060 unit 48 segment 0000:0030 string "0" fvalue: 48.0 float: 0.000000f double: 0.000000 binary 0b00110000 ternary 0t1210
We also see that 0xfa which we know is 250 decimal is our 1/4 millisecond delay that when shifted left twice, multiplies, and becomes 1000 decimal for 1 second delay.
:> ? 0xfa int32 250 uint32 250 hex 0xfa octal 0372 unit 250 segment 0000:00fa string "\xfa" fvalue: 250.0 float: 0.000000f double: 0.000000 binary 0b11111010 ternary 0t100021
Let's hack that to 50 decimal.
:> wa movs r0, 0x32 @ 0x00000330 Written 2 byte(s) (movs r0, 0x32) = wx 3220
We can see that it is in fact 50 decimal.
:> ? 0x32 int32 50 uint32 50 hex 0x32 octal 062 unit 50 segment 0000:0032 string "2" fvalue: 50.0 float: 0.000000f double: 0.000000 binary 0b00110010 ternary 0t1212
Let's also only shift it left once such that it will take 50 decimal and turn it into 100 when it shifts left only once.
:> wa lsls r0, r0, 1 @ 0x00000332 Written 2 byte(s) (lsls r0, r0, 1) = wx 4000
All we have to do now is exit and convert our .elf to .uf2!
./elf2uf2/elf2uf2 0x04_int.elf 0x04_int.uf2
Plug in the Pico and make sure you hold down BOOTSEL or use the setup I provided in the part 2.
cp 0x04_int.uf2 /Volumes/RPI-RP2
Let's screen it!
screen /dev/tty.usbmodem0000000000001
AHH yea!
48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48
Here we see we hacked it to 48 decimal and it is printing every 100 milliseconds!
In our next lesson we will deal with floats and the unique way the Pico handles them as it does not have a co-processor.