838 B

Raw Blame History

Jacking (Jazelle hacking (Jean gazelle hacking))

Jazelle reverse engineering effort

not the first one, but hopefully one that properly documents some stuff

Workflow

Currently targetting the Cypress FX3.

Compiling

$ make

Needs an arm-none-eabi toolchain.

Running/debugging

Setup

$ openocd -f ./arm926ejs_fx3.cfg -c "transport select jtag" -c "adapter speed 1000" -c "init"

Running code

$ printf 'reset halt\nload_image jazelle.elf\nexit\n' | nc localhost 4444
gdb -ex 'target extended-remote localhost:3333' -ex 'set $pc=_start' -ex 'b jazelle_exec' -ex c jazelle.elf

Credits

FX3 base code: gratuitously stolen from https://github.com/zeldin/fx3lafw/

Jazelle info this project is based on:

https://hackspire.org/index.php/Jazelle
https://github.com/SonoSooS/libjz

838 B Raw Blame History