jacking/README.md

# Jacking (Jazelle hacking (Jean gazelle hacking))

**Jazelle reverse engineering effort**

not the first one, but hopefully one that properly documents some stuff

## Workflow

Currently targetting the Cypress FX3.

### Compiling

```
$ make
```

Needs an `arm-none-eabi` toolchain.

### Running/debugging

#### Setup

```
$ openocd -f ./arm926ejs_fx3.cfg -c "transport select jtag" -c "adapter speed 1000" -c "init"
```

#### Running code

```
$ printf 'reset halt\nload_image jazelle.elf\nexit\n' | nc localhost 4444
gdb -ex 'target extended-remote localhost:3333' -ex 'set $pc=_start' -ex 'b jazelle_exec' -ex c jazelle.elf
```

## Credits

FX3 base code: gratuitously stolen from https://github.com/zeldin/fx3lafw/

Jazelle info this project is based on:
* https://hackspire.org/index.php/Jazelle
* https://github.com/SonoSooS/libjz

## TODO

* Figure out Jazelle stuff:
  * Which bytecode instructions are supported on which Jazelle versions?
  * How exactly does the stack work? (When a handler function is being called)
  * How exactly does the Jazelle status register work?
  * What control registers are there that influence the execution?
    * Is it possible to force execute a certain instruction using the handler
      instead of the default in-hardware execution?
    * ...
  * ...
  * Verify what Hackspire and libjz have, to check if it is correct
  * Look at what Hackspire and libjz don't have and try to complete it
* Port this code to the ARM11 using either Raspberry Pi v1 baremetal, or 3DS
  homebrew with kernel privileges (and do tests on these to check for different
  Jazelle versions)
stuff 2022-01-21 04:15:36 +00:00			`# Jacking (Jazelle hacking (Jean gazelle hacking))`

			`Jazelle reverse engineering effort`

			`not the first one, but hopefully one that properly documents some stuff`

			`## Workflow`

			`Currently targetting the Cypress FX3.`

			`### Compiling`

			```
			`$ make`
			```

			Needs an `arm-none-eabi` toolchain.

			`### Running/debugging`

			`#### Setup`

			```
			`$ openocd -f ./arm926ejs_fx3.cfg -c "transport select jtag" -c "adapter speed 1000" -c "init"`
			```

			`#### Running code`

			```
			`$ printf 'reset halt\nload_image jazelle.elf\nexit\n' \| nc localhost 4444`
			`gdb -ex 'target extended-remote localhost:3333' -ex 'set $pc=_start' -ex 'b jazelle_exec' -ex c jazelle.elf`
			```

			`## Credits`

			`FX3 base code: gratuitously stolen from https://github.com/zeldin/fx3lafw/`

			`Jazelle info this project is based on:`
			`* https://hackspire.org/index.php/Jazelle`
			`* https://github.com/SonoSooS/libjz`
todo section 2022-01-21 04:19:51 +00:00
			`## TODO`

			`* Figure out Jazelle stuff:`
			`* Which bytecode instructions are supported on which Jazelle versions?`
			`* How exactly does the stack work? (When a handler function is being called)`
			`* How exactly does the Jazelle status register work?`
			`* What control registers are there that influence the execution?`
			`* Is it possible to force execute a certain instruction using the handler`
			`instead of the default in-hardware execution?`
			`* ...`
			`* ...`
			`* Verify what Hackspire and libjz have, to check if it is correct`
			`* Look at what Hackspire and libjz don't have and try to complete it`
			`* Port this code to the ARM11 using either Raspberry Pi v1 baremetal, or 3DS`
			`homebrew with kernel privileges (and do tests on these to check for different`
			`Jazelle versions)`