Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
videos:020:notes [2019/11/07 18:39] joel |
videos:020:notes [2021/01/13 14:21] (current) joel [LKV373 Project Update - Building IT9919 Software with GCC] |
====== IT9919 Project Update - Building Software with GCC ====== | ====== LKV373 Project Update - Building IT9919 Software with GCC ====== |
| <html><iframe width="854" height="480" src="https://www.youtube.com/embed/ogEaNfTOc2k" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></html> |
| |
<panel title="Summary" subtitle="Now 7, 2019"> | <panel title="Summary" subtitle="Nov 7, 2019"> |
<panel-body>In this series I have been hacking around with the IT9919 media processor that powers the Lenkeng LKV373 HDMI Extender Device and the EZCAP 283S which were reviewed in previous videos. | <panel-body>In this series I have been hacking around with the IT9919 media processor that powers the Lenkeng LKV373 HDMI Extender Device and the EZCAP 283S which were reviewed in previous videos. |
| |
In this video share some of the latest of discoveries, and demonstrate how we can now compile code for the device using GCC.</panel-body> | In this video we look at some of the latest of discoveries, and demonstrate how we can now compile code for the device using GCC.</panel-body> |
<list-group> | <list-group> |
* YouTube | * [[https://odysee.com/@OpenTechLab:f/otl-020-it9919-update:0|odysee]] |
* PeerTube | * [[https://youtu.be/ogEaNfTOc2k|YouTube]] |
| * [[https://peertube.social/videos/watch/d8605b11-6416-4ce7-9dd3-b50b80b478ed|PeerTube]] |
</list-group> | </list-group> |
</panel> | </panel> |
* IRC Channel: #lkv373a on [[https://freenode.net/|FreeNode]] | * IRC Channel: #lkv373a on [[https://freenode.net/|FreeNode]] |
* [[https://github.com/v3l0c1r4pt0r/lkv-wiki/wiki|lkv-wiki]] | * [[https://github.com/v3l0c1r4pt0r/lkv-wiki/wiki|lkv-wiki]] |
| |
| ===== Known SDK Repositories ===== |
| * <del>http://219.87.84.106/tree/~bsp2%2Fbr06p.git/br06p</del> |
| * https://github.com/MindyWei/20171003_Doorbell_SDK_v1.2.3.1_758862 |
| * https://github.com/bill611/ite-sdk |
| * https://github.com/kennydeng/CtrlBoard_SDK |
| * https://github.com/kennydeng/controlboard |
| * https://github.com/kennydeng/Midea_Hsg_SDK_V2281 |
| * https://github.com/KennyOP2 |
| ===== Newlib ===== |
| * [[https://www.sourceware.org/newlib/|Newlib]] |
| * [[https://www.sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;a=blob;f=newlib/libc/stdio/puts.c|puts.c]] |
| * [[https://www.sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;a=tree;f=libgloss/or1k|libgloss: or1k]] |
| * [[https://www.sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;a=blob;f=libgloss/or1k/syscalls.c|syscalls.c]] |
| ===== Finding ''__sfv_write_r'' ===== |
| I used my call-graph script from the previous video to dump out the call-graph of the whole of the Lenkeng upgrader software. I then used the ''networkx'' graph library in python to isolate the sub-graph of functions called by ''puts()'' which I knew the address of from previous experiments, which gave this diagram: |
| |
| {{:videos:020:20191002-puts-printf-subgraph.dot.png?800|}} |
| |
| From various other hints in the strings, I suspected the software contained a build of newlib of whatever vintage. |
| |
| I then used the or1k disassembler to try and piece together a plausible theory for the number and type arguments to the various functions called by ''puts''. |
| |
| Still quite uncertain, I decided to take a punt on ''0xa512c'' being the correct address, and voila - it worked! |
| |
| In future jobs like this will be a bit easier, because //v3l0c1r4pt0r// has written a [[https://github.com/v3l0c1r4pt0r/radare2-or1k|patch]] for radare2 that adds support for or1k. |
| |
| |