||1 year ago|
|bsp||1 year ago|
|linux||1 year ago|
|rdb||1 year ago|
|rpi||1 year ago|
|zynq||1 year ago|
|.gitignore||1 year ago|
|Makefile||1 year ago|
|README.md||1 year ago|
|arm926ejs_fx3.cfg||1 year ago|
|elf2img.py||1 year ago|
|jazelle.c||1 year ago|
|main.c||1 year ago|
|nl-glue.c||1 year ago|
Jacking (Jazelle hacking (Jean gazelle hacking))
Jazelle reverse engineering effort
not the first one, but hopefully one that properly documents some stuff
$ # compile: $ make $ # launch OpenOCD background process (needs to be done once): $ make openocd-launch $ # run & debug code $ make openocd-load && make gdb
arm-none-eabi toolchain, and OpenOCD.
Raspberry Pi v1.x bare-metal
$ # compile: $ make -C rpi/ $ # now copy rpi/rpi.img to your microSD card and name it "kernel.img". $ # alternatively, use OpenOCD again: $ make launch-openocd $ make openocd-load && make gdb
arm-none-eabi toolchain, and optionally OpenOCD. Output is written
to the UART on pin 8 (TX).
Most likely won't work on a v2 or higher.
Currently only tested on a Raspberry Pi v1.2 B+. May also work on Linux running on a Zynq.
$ # native compilation: CFLAGS=-mtune=native make -C linux $ # cross-compilation: (change the -march depending on your target) CC=arm-linux-gnueabihf-gcc CFLAGS=-march=arm1176jzf-s make -C linux $ # run it $ linux/jazelle
Xilinx Zynq bare-metal
NOTE: HIGHLY EXPERIMENTAL!
$ make -C zynq jazelle.o
zynq/jazelle.o into an XSDK/Vitis project. If things break, the
first thing you should try is replacing the cache routines with the ones from
the Xilinx libraries.
There are still several platforms out there which (most likely) can also run Jazelle, but that don't have a port yet. See the TODO header.
FX3 base code: gratuitously stolen from https://github.com/zeldin/fx3lafw/
Cache manipulation code was inspired by code from libnds (ARM9), libn3ds (ARM11), and Xilinx' embeddedsw (Cortex-A9).
Jazelle info this project is based on:
- Figure out Jazelle stuff:
- Which bytecode instructions are supported on which Jazelle versions?
- How exactly does the stack work? (When a handler function is being called)
- How exactly does the Jazelle status register work?
- What control registers are there that influence the execution?
- Is it possible to force execute a certain instruction using the handler
instead of the default in-hardware execution?
- Apparently not?
- Is it possible to force execute a certain instruction using the handler instead of the default in-hardware execution?
- How does one call regular ARM/Thumb code from inside Jazelle?
- invokeXYZ instruction implementation: check method reference string, do things based on that
- Verify what Hackspire and libjz have, to check if it is correct
- Look at what Hackspire and libjz don't have and try to complete it
- TI Nspire
- Cypress FX3
- Raspberry Pi v1 baremetal
- Linux userspace
- Linux kernel module
- 3DS homebrew
- Xilinx Zynq
- BeagleBoard/BeagleBone/PocketBeagle? (any OMAP or TI Sitara AM335x, most likely not the AM572x-based ones, and definitely not the BeagleV)