Created
February 15, 2016 18:36
-
-
Save aeickho/ea2505fb0a2f007c796e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # flash.r by Travis Goodspeed | |
| # This is a Radare2 script for annotating the Tytera MD380 | |
| # application, version 2.032, which begins at 0x0800C000 in Flash | |
| # memory. Preceding it is a bootloader, which can be either the | |
| # official factory bootloader or an aftermarket one. | |
| # Begin by opening the application in R2 with this script. | |
| # r2 -a arm -m 0x0800C000 -b 16 -i flash.r ../../firmware/D002.032.bin | |
| # MD5 (../../firmware/D002.032.bin) = 8295594d00cb705eac7cd812642fccf2 | |
| ## These annotations describe the functions that handle incoming | |
| ## audio, which is necessary to | |
| CCa 0x803ec86 This function handles incoming audio calls. | |
| af+ 0x803ec86 740 dmr_audio_start | |
| CCa 0x0803ee36 Nop this to crudely match on all public calls. | |
| CCa 0x0803ef10 Nop this to crudely match on all private calls. | |
| CCa 0x0803ee14 R5 will count through each public talk group. | |
| CCa 0x0803ee1e If none matched, jump to where we'll mute the audio. | |
| CCa 0x0803ee80 Here, we've tried to match all of the talk groups. | |
| CCa 0x0803ee84 Skip ahead a bit if a match has been found. | |
| CCa 0x0803ee66 Value of 9 enables audio reception. | |
| CCa 0x0803ee8a Value of 8 enables light, but audio is muted. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment