Khadas VIM3 (Amlogic A311D) uboot去掉烦人的乱七八糟的打印1——BL2 BL3x
2024-04-01 15:28:41
BL2 BL30 BL31 DDRFW改造串口静默
BL2拖到IDA64,以ARM LittleEndian 64bit反汇编,很轻易的找到puts putchar函数,
ROM:000000000000B4B8 putchar ; CODE XREF: sub_6134+28↑p
ROM:000000000000B4B8 ; sub_6174+6C↑p ...
ROM:000000000000B4B8 21 00 00 B0 ADRP X1, #0x10724@PAGE
ROM:000000000000B4BC 21 90 1C 91 ADD X1, X1, #0x10724@PAGEOFF
ROM:000000000000B4C0 21 00 40 B9 LDR W1, [X1]
ROM:000000000000B4C4 41 02 00 35 CBNZ W1, locret_B50C
ROM:000000000000B4C8 1F 28 00 71 CMP W0, #0xA
ROM:000000000000B4CC 21 01 00 54 B.NE loc_B4F0
ROM:000000000000B4D0
ROM:000000000000B4D0 loc_B4D0 ; CODE XREF: putchar+24↓j
ROM:000000000000B4D0 81 01 86 D2 MOV X1, #0x300C
ROM:000000000000B4D4 01 F0 BF F2 MOVK X1, #0xFF80,LSL#16
ROM:000000000000B4D8 21 00 40 B9 LDR W1, [X1]
ROM:000000000000B4DC A1 FF AF 37 TBNZ W1, #0x15, loc_B4D0
ROM:000000000000B4E0 01 00 86 D2 MOV X1, #0x3000
ROM:000000000000B4E4 01 F0 BF F2 MOVK X1, #0xFF80,LSL#16
ROM:000000000000B4E8 A2 01 80 52 MOV W2, #0xD
ROM:000000000000B4EC 22 00 00 B9 STR W2, [X1]
ROM:000000000000B4F0
ROM:000000000000B4F0 loc_B4F0 ; CODE XREF: putchar+14↑j
ROM:000000000000B4F0 ; putchar+44↓j
ROM:000000000000B4F0 81 01 86 D2 MOV X1, #0x300C
ROM:000000000000B4F4 01 F0 BF F2 MOVK X1, #0xFF80,LSL#16
ROM:000000000000B4F8 21 00 40 B9 LDR W1, [X1]
ROM:000000000000B4FC A1 FF AF 37 TBNZ W1, #0x15, loc_B4F0
ROM:000000000000B500 01 00 86 D2 MOV X1, #0x3000
ROM:000000000000B504 01 F0 BF F2 MOVK X1, #0xFF80,LSL#16
ROM:000000000000B508 20 00 00 B9 STR W0, [X1]
ROM:000000000000B50C
ROM:000000000000B50C locret_B50C ; CODE XREF: putchar+C↑j
ROM:000000000000B50C C0 03 5F D6 RET
ROM:000000000000B50C ; End of function putchar将putchar函数的开头改为
C0 03 5F D6 RET即可。
BL30拖到IDA,以ARM LittleEndian 反汇编,很轻易的找到puts putchar函数
ROM:00002CB0 putchar ; CODE XREF: putchar+10↓p
ROM:00002CB0 ; j_putchar↓j
ROM:00002CB0 PUSH {R4,LR}
ROM:00002CB2 LDR R3, =0x10009474
ROM:00002CB4 MOV R4, R0
ROM:00002CB6 LDR R3, [R3]
ROM:00002CB8 CBNZ R3, locret_2CDA
ROM:00002CBA CMP R0, #0xA
ROM:00002CBC BNE loc_2CC4
ROM:00002CBE MOVS R0, #0xD
ROM:00002CC0 BL putchar
ROM:00002CC4
ROM:00002CC4 loc_2CC4 ; CODE XREF: putchar+C↑j
ROM:00002CC4 ; putchar+1C↓j
ROM:00002CC4 LDR R3, =0xFF80300C
ROM:00002CC6 LDR R3, [R3]
ROM:00002CC8 TST.W R3, #0x200000
ROM:00002CCC BNE loc_2CC4
ROM:00002CCE LDR R3, =0xFF803000
ROM:00002CD0 STR R4, [R3]
ROM:00002CD2 POP.W {R4,LR}
ROM:00002CD6 B.W maybewait
ROM:00002CDA ; ---------------------------------------------------------------------------
ROM:00002CDA
ROM:00002CDA locret_2CDA ; CODE XREF: putchar+8↑j
ROM:00002CDA POP {R4,PC}
ROM:00002CDA ; End of function putchar将putchar函数的开头改为
70 47 BX LR即可。BL31拖到IDA64,以ARM LittleEndian 64bit反汇编,很轻易找到printf函数,再看putchar函数有点奇怪,和之前的不一样
是因为这个程序有inituart初始化函数,将串口设备寄存器基地址FF803000存到了一个全局变量
ROM:0000000000025000 init_uart ; CODE XREF: sub_18698+2C↑p
ROM:0000000000025000 ; sub_187A0+20↑p ...
ROM:0000000000025000 CBZ X0, locret_25010
ROM:0000000000025004 ADRP X3, #UART_BASE@PAGE
ROM:0000000000025008 STR X0, [X3,#UART_BASE@PAGEOFF]
ROM:000000000002500C B loc_25020
ROM:0000000000025010 ; ---------------------------------------------------------------------------
ROM:0000000000025010
ROM:0000000000025010 locret_25010 ; CODE XREF: init_uart↑j
ROM:0000000000025010 RET
ROM:0000000000025010 ; End of function init_uartROM:0000000000025014 putchar ; CODE XREF: sub_23504+14↑p
ROM:0000000000025014 ; sub_23B84+8↑j
ROM:0000000000025014 ADRP X2, #UART_BASE@PAGE
ROM:0000000000025018 LDR X1, [X2,#UART_BASE@PAGEOFF]
ROM:000000000002501C B loc_25028
ROM:0000000000025020 ; ---------------------------------------------------------------------------
ROM:0000000000025020
ROM:0000000000025020 loc_25020 ; CODE XREF: init_uart+C↑j
ROM:0000000000025020 MOV W0, #1
ROM:0000000000025024 RET
ROM:0000000000025028 ; ---------------------------------------------------------------------------
ROM:0000000000025028
ROM:0000000000025028 loc_25028 ; CODE XREF: putchar+8↑j
ROM:0000000000025028 CBZ X1, loc_25054
ROM:000000000002502C CMP W0, #0xA
ROM:0000000000025030 B.NE loc_25044
ROM:0000000000025034
ROM:0000000000025034 loc_25034 ; CODE XREF: putchar+24↓j
ROM:0000000000025034 LDR W2, [X1,#loc_C]
ROM:0000000000025038 TBNZ W2, #0x15, loc_25034
ROM:000000000002503C MOV W2, #0xD
ROM:0000000000025040 STR W2, [X1]
ROM:0000000000025044
ROM:0000000000025044 loc_25044 ; CODE XREF: putchar+1C↑j
ROM:0000000000025044 ; putchar+34↓j
ROM:0000000000025044 LDR W2, [X1,#loc_C]
ROM:0000000000025048 TBNZ W2, #0x15, loc_25044
ROM:000000000002504C STR W0, [X1]
ROM:0000000000025050 RET
ROM:0000000000025054 ; ---------------------------------------------------------------------------
ROM:0000000000025054
ROM:0000000000025054 loc_25054 ; CODE XREF: putchar:loc_25028↑j
ROM:0000000000025054 MOV W0, #0xFFFFFFFF
ROM:0000000000025058 RET
ROM:0000000000025058 ; End of function putchar将putchar函数的开头改为
C0 03 5F D6 RET即可。
aml_ddr.fw拖到IDA64,以ARM LittleEndian 64bit反汇编,很轻易找到putchar函数
ROM:000000000000A5C4 putchar ; CODE XREF: sub_148+28↑p
ROM:000000000000A5C4 ; sub_188:loc_1C8↑p ...
ROM:000000000000A5C4 01 00 00 B0 ADRP X1, #dword_B718@PAGE
ROM:000000000000A5C8 21 60 1C 91 ADD X1, X1, #dword_B718@PAGEOFF
ROM:000000000000A5CC 21 00 40 B9 LDR W1, [X1]
ROM:000000000000A5D0 41 02 00 35 CBNZ W1, locret_A618
ROM:000000000000A5D4 1F 28 00 71 CMP W0, #0xA
ROM:000000000000A5D8 21 01 00 54 B.NE loc_A5FC
ROM:000000000000A5DC
ROM:000000000000A5DC loc_A5DC ; CODE XREF: putchar+24↓j
ROM:000000000000A5DC 81 01 86 D2 MOV X1, #0x300C
ROM:000000000000A5E0 01 F0 BF F2 MOVK X1, #0xFF80,LSL#16
ROM:000000000000A5E4 21 00 40 B9 LDR W1, [X1]
ROM:000000000000A5E8 A1 FF AF 37 TBNZ W1, #0x15, loc_A5DC
ROM:000000000000A5EC 01 00 86 D2 MOV X1, #0x3000
ROM:000000000000A5F0 01 F0 BF F2 MOVK X1, #0xFF80,LSL#16
ROM:000000000000A5F4 A2 01 80 52 MOV W2, #0xD
ROM:000000000000A5F8 22 00 00 B9 STR W2, [X1]
ROM:000000000000A5FC
ROM:000000000000A5FC loc_A5FC ; CODE XREF: putchar+14↑j
ROM:000000000000A5FC ; putchar+44↓j
ROM:000000000000A5FC 81 01 86 D2 MOV X1, #0x300C
ROM:000000000000A600 01 F0 BF F2 MOVK X1, #0xFF80,LSL#16
ROM:000000000000A604 21 00 40 B9 LDR W1, [X1]
ROM:000000000000A608 A1 FF AF 37 TBNZ W1, #0x15, loc_A5FC
ROM:000000000000A60C 01 00 86 D2 MOV X1, #0x3000
ROM:000000000000A610 01 F0 BF F2 MOVK X1, #0xFF80,LSL#16
ROM:000000000000A614 20 00 00 B9 STR W0, [X1]
ROM:000000000000A618
ROM:000000000000A618 locret_A618 ; CODE XREF: putchar+C↑j
ROM:000000000000A618 C0 03 5F D6 RET
ROM:000000000000A618 ; End of function putchar将putchar函数的开头改为
C0 03 5F D6 RET另外文件头部有32字节的SHA256哈希,需要重算,Winhex搞定
bl2.bin bl30.bin bl31.bin aml_ddr.fw覆盖到u-boot/fip/g12b/
重新编译,烧录,引导后就没有bl2 bl3x打印的乱七八糟的东西了。
下面是串口引导记录,uboot仍然有很多乱七八糟的打印,后面我再讲如何去掉这些乱糟糟的东西。
G12B:BL:6e7c85:2a3b91;FEAT:E0F83180:402000;POC:F;RCY:0;EMMC:0;READ:0;CHK:1F;READ:0;CHK:1F;READ:0;CHK:1F;SD?:0;SD:0;READ:0;0.0.0;M3 CHK:0;secure task start!
high task start!
low task start!U-Boot 2015.01 (Dec 31 2019 - 13:12:30)DRAM: 3.8 GiB
Relocation Offset is: d6e46000
spi_post_bind(spifc): req_seq = 0
register usb cfg[0][1] = 00000000d7f394b0
aml_i2c_init_port init regs for 0
MMC: aml_priv->desc_buf = 0x00000000d3e36a70
aml_priv->desc_buf = 0x00000000d3e38db0
SDIO Port B: 0, SDIO Port C: 1
co-phase 0x3, tx-dly 0, clock 400000
co-phase 0x3, tx-dly 0, clock 400000
co-phase 0x3, tx-dly 0, clock 400000
emmc/sd response timeout, cmd8, status=0x3ff2800
emmc/sd response timeout, cmd55, status=0x3ff2800
co-phase 0x3, tx-dly 0, clock 400000
co-phase 0x1, tx-dly 0, clock 40000000
aml_sd_retry_refix[983]:delay = 0x0,gadjust =0x2000
[mmc_startup] mmc refix success
[mmc_init] mmc init success
start dts,buffer=00000000d3e3b620,dt_addr=00000000d3e3b620
check_valid_dts: FDT_ERR_BADMAGIC
get_partition_from_dts() 91: ret -9
get_partition_from_dts() 94: ret -9
get_ptbl_from_dtb()-272: get partition table from dts faild
mmc_device_init()-1254: get partition table from dtb failed
get_ptbl_rsv()-494: magic faild MPT,
mmc_device_init()-1281: dtb&rsv are not exist, no LPT source
get partition info failed !!
Using default environmentIn: serial
Out: serial
Err: serialKhadas VIM3 (Amlogic A311D) uboot去掉烦人的乱七八糟的打印1——BL2 BL3x相关推荐
- Word中去掉烦人的最后一页空白页
在Word中,经常会出现最后一页空白页,没有内容却依然存在,给阅读.打印带来诸多不便,下面就来一起看看怎样去掉它. 一.一般情况下用Delete键就可以直接删除掉. 二.表格若充满整个页面,后面的回车 ...
- 如何在Java代码中去掉烦人的“!=null”
点击上方"方志朋",选择"设为星标" 回复"666"获取新整理的面试文章 译者:lizeyang blog.csdn.net/lizeyan ...
- ios 如何在cell中去掉_经典问题:代码中如何去掉烦人的“!=nullquot;判空语句
问题 为了避免空指针调用,我们经常会看到这样的语句 if (someobject != null) { someobject.doCalc();} 最终,项目中会存在大量判空代码,多么丑陋繁冗!如何避 ...
- modelandview为null的原因_如何在Java代码中去掉烦人的“!=null”
云栖号资讯:[点击查看更多行业资讯] 在这里您可以找到不同行业的第一手的上云资讯,还在等什么,快来!问题 为了避免空指针调用,我们经常会看到这样的语句 if (someobject != null) ...
- 去掉烦人的“正在配置Windows”
2019独角兽企业重金招聘Python工程师标准>>> 1. 2. 3. 4. OK 转载于:https://my.oschina.net/codeismygirl/blog/304 ...
- sqlsession.selectlist 会返回null么_StackOverflow经典问题:代码中如何去掉烦人的“!=nullquot;判空语句...
推荐阅读: 程序员引路人:腾讯T4曰"面试不仅仅是技术过硬就可以了,你还需要懂得这些"zhuanlan.zhihu.com 问题 为了避免空指针调用,我们经常会看到这样的语句 i ...
- mysql 去除warning_zabbix监控mysql之去掉烦人的warning告警语句
使用zabbix自带模板对mysql进行监控时,发现mysql5.6以上版本在使用mysqladmin时会发出警告:"Warning: Using a password on the com ...
- sqlsession.selectlist 会返回null么_如何在Java代码中去掉烦人的“!=null”
问题 为了避免空指针调用,我们经常会看到这样的语句 if (someobject != null) { someobject.doCalc(); } 最终,项目中会存在大量判空代码,多么丑陋繁冗!如何 ...
- 去掉烦人的 “ ! = null (判空语句)
转自:CSDN 作者:lizeyang blog.csdn.net/lizeyang/article/details/40040817 问题 为了避免空指针调用,我们经常会看到这样的语句 ...if ...
最新文章
- 开发日记-20190621 关键词 读书笔记《鸟哥的Linux私房菜-基础学习篇》
- monty python喜剧-【网络小说网中心】最经典的100部美剧,看到第一名瞬间服气!
- 基于cookie的SSO单点登录系统
- HTML5 布局元素
- Python案例:给出三角形构成方案
- 【JSON】FastJson 打印输格式化输出
- python程序memory error_Python memory error的问题
- 每周百万封业务邮件的服务器不知道为啥就down掉了?
- python文本分割_python实现大文本文件分割
- m6000查看端口状态_M6000日常查看维护命令.doc
- protobuf3 oneof
- IcedTea6版本1.8
- Protel DXP 使用教程 - 自定义集成库
- 写在前面 - 跟小智一起学网络(1)
- Qt uchar *转 Hex的QString方法代码
- python分析链家二手房信息----数据分析实战(一)
- 爬虫入门,了解爬虫机制
- 模拟ARP欺骗攻击与防护
- 快速上手!java淘宝客(springboot)
- vue el-date-picker