Jacking (Jazelle hacking (Jean gazelle hacking))

Jazelle reverse engineering effort

not the first one, but hopefully one that properly documents some stuff

Workflow

Currently targetting the Cypress FX3.

Compiling

$ make

Needs an arm-none-eabi toolchain.

Running/debugging

Setup

$ openocd -f ./arm926ejs_fx3.cfg -c "transport select jtag" -c "adapter speed 1000" -c "init"

Running code

$ printf 'reset halt\nload_image jazelle.elf\nexit\n' | nc localhost 4444
gdb -ex 'target extended-remote localhost:3333' -ex 'set $pc=_start' -ex 'b jazelle_exec' -ex c jazelle.elf

Credits

FX3 base code: gratuitously stolen from https://github.com/zeldin/fx3lafw/

Jazelle info this project is based on:

• https://hackspire.org/index.php/Jazelle
• https://github.com/SonoSooS/libjz