Recently, I had to analyze a "black-box". By black-box I mean a box that you don't know anything about. In my case, it was a 3k$ video component, with a FPGA (Cyclone II) and an atmel (Atmega168). I got it for a little moment, I also had an AVR programmer but I did not know how I could dump out the content of the atmega chip.
It turns out that in Windows, you can just install AVR Studio and from there you will have a nice GUI with all the options to maybe retrieve the content from the memory. This programs does a great job, but what about Linux ?
Well, avrdude is your friend in the Linux world. I wanted to dump the content of the memory, so an idea might be to use it this way:
~/arduino-0017/hardware/tools/avrdude \
-C~/arduino-0017/hardware/tools/avrdude.conf -v -v -v -v \
-pm328p -cstk500v2 -P/dev/ttyUSB1 -D -Uflash:r:/tmp/kikou.hex:i
And ohh... magic, all the content is dumped on the file /tmp/kikou.hex.
Well, this is an intel hex dump, so not really readable:
:200240008093A30181E0809370011092A001089580919E0190919F012
:2002600081E0809399011092A00110927101109270010895809198018
:200280009801109299010895EF92FF92CF93DF93FB012091700122231
:2002A000710123503081231708F420834081C3E7D1E0BE0150E00E941
:2002C00071012FEF3FEF219713C099912927022E2295207F2025032E3
:2002E000269532272327220F220F220F20258150882359F790EF283B8
:20030000CF91FF90EF9008958091550160919A010E945F03809110016
:20032000910181E08093980108951F920F920FB60F9211242F933F934
[...]
I tried to dump it as "raw output", but you will get an hexdump. "Ce n'est pas folichon" I'd like to say. From the hexdump, one cool thing would be a disassembler, but apparently, nobody has done one on Linux. If you know a way to read hexfiles (avr-objdump won't work here), drop me a message!
Another solution is to use the AVR Studio program in Windows, apparently it does the job, but I haven't tried yet.
We'll probably come back on that very soon 8).
avr-objdump will work!
ReplyDeleteFirst, create an .elf:
avr-objcopy -I ihex -O elf32-avr test.hex test.elf
Check out the section names:
avr-objdump -h test.elf
For each section, set the code-flag (and a couple of others)
avr-objcopy --set-section-flags .sec1=contents,alloc,load,readonly,code test.elf
avr-objcopy --set-section-flags .sec2=contents,alloc,load,readonly,code test.elf
avr-objcopy --set-section-flags .sec3=contents,alloc,load,readonly,code test.elf
Finally, dump the whole thing:
avr-objdump -h -S test.elf >test.lss
As simple as that :-)