-
Notifications
You must be signed in to change notification settings - Fork 4
/
gdb.config
77 lines (65 loc) · 1.69 KB
/
gdb.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# gdb script for extraction
target remote localhost:3333
set remote hardware-breakpoint-limit 4
set remote hardware-watchpoint-limit 2
set mem inaccessible-by-default off
monitor reset halt
# gdb_flash_program disable
# kevinh - possibly turn on later, but for now I don't want to accidentally nuke the flash in my device
# other tips here: http://openocd.org/doc/html/GDB-and-OpenOCD.html
# UICR is 1kb long, but onyl 256 bytes are defined
# bootloader start addr in UICR registers at 0x10001014
# dump all the uicr bytes
define dumpuicr
x/64wx 0x10001000
end
define uicrtofile
dump binary memory uicr.bin 0x10001000 0x10001400
end
# useful readable patterns from the ficr space
define dumpficr
x/64wx 0x10000000
end
# per https://www.pentestpartners.com/security-blog/nrf51822-code-readout-protection-bypass-a-how-to/
define regset
set $r0 = $arg0
set $r1 = $arg0
set $r2 = $arg0
set $r3 = $arg0
set $r4 = $arg0
set $r5 = $arg0
set $r6 = $arg0
set $r7 = $arg0
set $r8 = $arg0
set $r9 = $arg0
set $r10 = $arg0
set $r11 = $arg0
set $r12 = $arg0
end
# read from 0x10001000 to see some readable registers we can check against
define regset2
set $r0 = $arg0
set $r1 = $arg0 + 4
set $r2 = $arg0 + 8
set $r3 = $arg0 + 12
set $r4 = $arg0 + 16
set $r5 = $arg0 + 20
set $r6 = $arg0 + 24
set $r7 = $arg0 + 28
set $r8 = $arg0 + 32
set $r9 = $arg0 + 36
set $r10 = $arg0 + 40
set $r11 = $arg0 + 44
set $r12 = $arg0 + 48
end
# pull in the address we want to read from, because apparently inst at 0x6d4 reads from rsomething into r4
define rdhack
set $pc = 0x6d4
set $r4 = $arg0
si
print /x $r4
end
# print startaddr of bootloader
define rdbootloadaddr
rdhack 0x10001014
end