Create firmware addons for WoWwee Rovio robot.
Python C Assembly Shell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Current code is a proof of concept for hacking directly Rovio code in RAM to implement local bahavior 
ie: not relying on a computer 'driving' the Web API to do automatic things.

Demo code currently installs a timer procedure sending commands to blink Rovio blue leds left-right.

To recompile and test the code: 

1 - Prerequisite: 

 I'm doing this on Linux and using a gcc ARM cross compiler plus python scripts, this could probably be transposed to Windows with cygwin etc...
 So you need:
  * A rovio with Firmware 5.03. This is critical as code invokes Firmware functions at specific addresses, so other
    version will probably have different addresses.
  * An ARM Compiler, you can get a good one from :
  * Set your path so arm-XXX tools are available ie: something like : 
    export PATH=/opt/arm-2010.09/bin:$PATH

 Note: I've added precompiled binaries in bin so you can eventually used this to do a quick .

2 - Set variables for Rovio IPs/Crendentials

 Copy rovio.local.sample to rovio.local and edit for your particular rovio settings ie: ip / login / password.

3 - Compile & upload code 
 From main folder (where Makefile is) run command:  

 Code will be recompiled then  a python script will be invoked to push code to Rovio memory.

4 - trigger new code 

 With a browser got Rovio URL : 

 Page should say some cryptic stuff about a patch and MCU response

 Then if you Rovio is not on Dock you should see blue leds blinking righ to left 

Principle of Operation:

 Since WoWwee posted in bulk on some of the sources and precompiled 
 objs with debug info, we were able to have an inside look at what Rovio firmware really does.
 Unfortunately everything was compiled with proprietary compiler / libs so we can't build alternative 
 firmware at this point. 

 Knowing this,  a simpler option was to patch Rovio memory via APIs (write_mem). 

 So the trick is to first compile some ARM code to replace a well-known API here the code is patch-getver.c 
 and is poked at the location of the code behind the URL:

 When invoked this code will look at some specific address in RAM (0x70e000) for a firwmare patch.  
 If a signature for the patch ('PATC') is found code at 0x70e020 is invoked. 
 At this location a demo code is poked (demo-leds.c), currently this code will register a timer rountine to send commands 
 to mcu to turn on/off blue leds in sequence.

 The demo-leds code is poked in a memory region that is first allocated via the malloc API, so in theory this code is 
 in a safe area that won't be overwritten during rovio operations. 
 It is recommended to patch rovio shortly after startup and before you control it via browser, otherwise malloc will get 
 a free area that is too high for current values used to compile code. 
 The python script will complain about this if it happens.

 I disassembled a bit the Rovio code to locate some APIs, so far the code uses: 
   * ictlCtrlMCU @0x000B8098: Sends a command string to MCU. this is used to turn on/off blue leds. MCU 
     also controls motors/arm/sensors/etc....
   * prdAddTask @0x000C9E70: Schedule a function to be run every XX hundreds of seconds.
   * AddHttpValue @0x0006C34C: Add key / value strings to be printed as output of current HTTP request result. 
 You can find more untested functions in rovio-fw/apis503.h
  Do whatever you want, i'm doing this for fun. So let says it's GPL so improvements are at least shared.