Skip to content

Instantly share code, notes, and snippets.

@gabonator

gabonator/code.c

Created February 7, 2023 20:14
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gabonator/79cb2d8976294f2b163b5e8927ea824e to your computer and use it in GitHub Desktop.
Save gabonator/79cb2d8976294f2b163b5e8927ea824e to your computer and use it in GitHub Desktop.
Download ZIP
Novation mini mk3 hack
Raw
code.c
#include <stdint.h>
#define LED_BUFFER ((uint32_t*)0x20000304)
#define REFRESH_BUFFER ((uint32_t*)0x20006754)
#define draw(p) { \
uint8_t f = (9 - p / 10) * 10 + p % 10; \
LED_BUFFER[f] = c; \
REFRESH_BUFFER[f] = REFRESH_BUFFER[f] & 0xF8; \
}
void test()
{
//0-12 ok
//7-11 none
//18-22 3 buttons dark blue
for (int i=18; i<22; i++)
{
uint8_t c = i;
draw(i);
}
((void (*) (void)) 0x0801c0ed)();
}
Raw
combine.js
var fs = require("fs");
var buf1 = fs.readFileSync("LPMiniMK3-407.bin");
var buf2 = fs.readFileSync("code.bin");
var pad = Buffer.from([0, 0, 0, 0, 0, 0, 0, 0, 0])
if (buf1.length + pad.length != 0x104b0)
throw "error"
// TIM1_UP_TIM10_IRQHandle 0800c0a4 ed c0 01 08 addr LAB_0801c0ec+1
var firmwareBase = 0x0800c000;
var vectorPtr = 0x0800c0a4 - firmwareBase;
var vectorOrg = 0x0801c0ed;
var vectorNew = firmwareBase + buf1.length + pad.length | 1;
if (buf1[0x100a0] != "a".charCodeAt(0))
throw "error 3";
if (buf1[vectorPtr+0] != ((vectorOrg>>0)&0xff) ||
buf1[vectorPtr+1] != ((vectorOrg>>8)&0xff) ||
buf1[vectorPtr+2] != ((vectorOrg>>16)&0xff) ||
buf1[vectorPtr+3] != ((vectorOrg>>24)&0xff))
throw "error 2";
buf1[vectorPtr+0] = (vectorNew>>0)&0xff;
buf1[vectorPtr+1] = (vectorNew>>8)&0xff;
buf1[vectorPtr+2] = (vectorNew>>16)&0xff;
buf1[vectorPtr+3] = (vectorNew>>24)&0xff;
//buf1[0x100a0] = "x".charCodeAt(0); // webusb url: api.focusrite-novation.com
fs.writeFileSync("final.bin", Buffer.concat([buf1, pad, buf2]))
Raw
nvic.txt
&__estack, 0800c000 f8 ff 00 20 ddw 2000FFF8h
Reset_Handler, 0800c004 5d c2 01 08 addr LAB_0801c25c+1
NMI_Handler, 0800c008 d5 c0 01 08 addr infiniteLoop0+1
HardFault_Handler, 0800c00c d7 c0 01 08 addr infiniteLoop1+1
MemManage_Handler, 0800c010 d9 c0 01 08 addr infiniteLoop2+1
BusFault_Handler, 0800c014 db c0 01 08 addr infiniteLoop3+1
UsageFault_Handler, 0800c018 dd c0 01 08 addr infinteloop0dc+1
0, 0800c01c 00 00 00 00 ddw 0h
0, 0800c020 00 00 00 00 ddw 0h
0, 0800c024 00 00 00 00 ddw 0h
0, 0800c028 00 00 00 00 ddw 0h
SVC_Handler, 0800c02c df c0 01 08 addr nullFunction+1
DebugMon_Handler, 0800c030 e1 c0 01 08 addr nullFunction1+1
0, 0800c034 00 00 00 00 ddw 0h
PendSV_Handler, 0800c038 e3 c0 01 08 addr nullFunction2+1
SysTick_Handler, 0800c03c e5 c0 01 08 addr ptrSystickHandler+1
WWDG_IRQHandler, 0800c040 8d c2 01 08 addr infiniteLoop4+1
PVD_IRQHandler, 0800c044 91 c2 01 08 addr infiniteLoop5+1
TAMPER_IRQHandler, 0800c048 95 c2 01 08 addr infiniteLoop6+1
RTC_IRQHandler, 0800c04c 99 c2 01 08 addr infiniteLoop7+1
FLASH_IRQHandler, 0800c050 9d c2 01 08 addr infiniteLoop8+1
RCC_IRQHandler, 0800c054 a1 c2 01 08 addr infiniteLoop9+1
EXTI0_IRQHandler, 0800c058 a5 c2 01 08 addr infiniteLoop10+1
EXTI1_IRQHandler, 0800c05c a9 c2 01 08 addr infiniteLoop11+1
EXTI2_IRQHandler, 0800c060 ad c2 01 08 addr infiniteLoop12+1
EXTI3_IRQHandler, 0800c064 b1 c2 01 08 addr infiniteLoop13+1
EXTI4_IRQHandler, 0800c068 b5 c2 01 08 addr infiniteLoop14+1
DMA1_Stream0_IRQHandler 0800c06c b9 c2 01 08 addr infiniteLoop15+1
DMA1_Stream1_IRQHandler 0800c070 bd c2 01 08 addr infiniteLoop16+1
DMA1_Stream2_IRQHandler 0800c074 c1 c2 01 08 addr infiniteLoop17+1
DMA1_Stream3_IRQHandler 0800c078 e9 c0 01 08 addr nullFunction4+1
DMA1_Stream4_IRQHandler 0800c07c eb c0 01 08 addr nullFunction5+1
DMA1_Stream5_IRQHandler 0800c080 c5 c2 01 08 addr infiniteLoop18+1
DMA1_Stream6_IRQHandler 0800c084 c9 c2 01 08 addr infiniteLoop19+1
ADC_IRQHandler, 0800c088 cd c2 01 08 addr infiniteLoop20+1
USB_HP_CAN1_TX_IRQHandl 0800c08c 00 00 00 00 ddw 0h
USB_LP_CAN1_RX0_IRQHand 0800c090 00 00 00 00 ddw 0h
CAN1_RX1_IRQHandler, 0800c094 00 00 00 00 ddw 0h
CAN1_SCE_IRQHandler, 0800c098 00 00 00 00 ddw 0h
EXTI9_5_IRQHandler, 0800c09c d1 c2 01 08 addr infiniteLoop21+1
TIM1_BRK_TIM9_IRQHandle 0800c0a0 d5 c2 01 08 addr infiniteLoop22+1
TIM1_UP_TIM10_IRQHandle 0800c0a4 ed c0 01 08 addr LAB_0801c0ec+1 < inject
TIM1_TRG_COM_TIM11_IRQH 0800c0a8 d9 c2 01 08 addr infiniteLoop23+1
TIM1_CC_IRQHandler, 0800c0ac dd c2 01 08 addr infiniteLoop24+1
TIM2_IRQHandler, 0800c0b0 f1 c0 01 08 addr LAB_0801c0f0+1
TIM3_IRQHandler, 0800c0b4 e1 c2 01 08 addr infinite
TIM4_IRQHandler, 0800c0b8 e5 c2 01 08 addr LAB_0801c2e4+1
I2C1_EV_IRQHandler, 0800c0bc e9 c2 01 08 addr LAB_0801c2e8+1
I2C1_ER_IRQHandler, 0800c0c0 ed c2 01 08 addr LAB_0801c2ec+1
I2C2_EV_IRQHandler, 0800c0c4 f1 c2 01 08 addr LAB_0801c2f0+1
I2C2_ER_IRQHandler, 0800c0c8 f5 c2 01 08 addr LAB_0801c2f4+1
SPI1_IRQHandler, 0800c0cc f9 c2 01 08 addr LAB_0801c2f8+1
SPI2_IRQHandler, 0800c0d0 fd c2 01 08 addr LAB_0801c2fc+1
USART1_IRQHandler, 0800c0d4 01 c3 01 08 addr LAB_0801c300+1
USART2_IRQHandler, 0800c0d8 05 c3 01 08 addr LAB_0801c304+1
USART3_IRQHandler, 0800c0dc 00 00 00 00 ddw 0h
EXTI15_10_IRQHandler, 0800c0e0 09 c3 01 08 addr LAB_0801c308+1
RTCAlarm_IRQHandler, 0800c0e4 0d c3 01 08 addr LAB_0801c30c+1
USBWakeUp_IRQHandler, 0800c0e8 11 c3 01 08 addr LAB_0801c310+1
TIM8_BRK_TIM12_IRQHandl 0800c0ec 00 00 00 00 ddw 0h
TIM8_UP_TIM13_IRQHandle 0800c0f0 00 00 00 00 ddw 0h
TIM8_TRG_COM_TIM14_IRQH 0800c0f4 00 00 00 00 ddw 0h
TIM8_CC_IRQHandler, 0800c0f8 00 00 00 00 ddw 0h
DMA1_Stream7_IRQHandler 0800c0fc 15 c3 01 08 addr LAB_0801c314+1
FSMC_IRQHandler, 0800c100 00 00 00 00 ddw 0h
SDIO_IRQHandler, 0800c104 19 c3 01 08 addr LAB_0801c318+1
TIM5_IRQHandler, 0800c108 1d c3 01 08 addr LAB_0801c31c+1
SPI3_IRQHandler, 0800c10c 21 c3 01 08 addr LAB_0801c320+1
UART4_IRQHandler, 0800c110 00 00 00 00 ddw 0h
UART5_IRQHandler, 0800c114 00 00 00 00 ddw 0h
TIM6_IRQHandler, 0800c118 00 00 00 00 ddw 0h
TIM7_IRQHandler, 0800c11c 00 00 00 00 ddw 0h
DMA2_Stream0_IRQHandler 0800c120 f5 c0 01 08 addr LAB_0801c0f4+1
DMA2_Stream1_IRQHandler 0800c124 25 c3 01 08 addr LAB_0801c324+1
DMA2_Stream2_IRQHandler 0800c128 29 c3 01 08 addr LAB_0801c328+1
DMA2_Stream3_IRQHandler 0800c12c f7 c0 01 08 addr LAB_0801c0f6+1
DMA2_Stream4_IRQHandler 0800c130 2d c3 01 08 addr LAB_0801c32c+1
ETH_IRQHandler, 0800c134 00 00 00 00 ddw 0h
ETH_WKUP_IRQHandler, 0800c138 00 00 00 00 ddw 0h
CAN2_TX_IRQHandler, 0800c13c 00 00 00 00 ddw 0h
CAN2_RX0_IRQHandler, 0800c140 00 00 00 00 ddw 0h
CAN2_RX1_IRQHandler, 0800c144 00 00 00 00 ddw 0h
CAN2_SCE_IRQHandler, 0800c148 00 00 00 00 ddw 0h
OTG_FS_IRQHandler, 0800c14c f9 c0 01 08 addr LAB_0801c0f8+1
DMA2_Stream5_IRQHandler 0800c150 31 c3 01 08 addr LAB_0801c330+1
DMA2_Stream6_IRQHandler 0800c154 35 c3 01 08 addr LAB_0801c334+1
DMA2_Stream7_IRQHandler 0800c158 39 c3 01 08 addr LAB_0801c338+1
USART6_IRQHandler, 0800c15c 3d c3 01 08 addr LAB_0801c33c+1
I2C3_EV_IRQHandler, 0800c160 41 c3 01 08 addr LAB_0801c340+1
I2C3_ER_IRQHandler, 0800c164 45 c3 01 08 addr LAB_0801c344+1
OTG_HS_EP1_OUT_IRQHandl 0800c168 00 00 00 00 ddw 0h
OTG_HS_EP1_IN_IRQHandle 0800c16c 00 00 00 00 ddw 0h
OTG_HS_WKUP_IRQHandler, 0800c170 00 00 00 00 ddw 0h
OTG_HS_IRQHandler, 0800c174 00 00 00 00 ddw 0h
DCMI_IRQHandler, 0800c178 00 00 00 00 ddw 0h
CRYP_IRQHandler, 0800c17c 00 00 00 00 ddw 0h
HASH_RNG_IRQHandler, 0800c180 00 00 00 00 ddw 0h
FPU_IRQHandler 0800c184 49 c3 01 08 addr infiniteLoop119+1
0800c188 00 00 00 00 ddw 0h
0800c18c 00 00 00 00 ddw 0h
0800c190 4d c3 01 08 addr infiniteLoop120+1
Raw
run.sh
arm-none-eabi-gcc -fPIC -Os -g -masm-syntax-unified -mcpu=cortex-m4 -mlittle-endian -mfpu=fpv4-sp-d16 -mthumb -Ttext=0x800c000 -c code.c -o code.elf
arm-none-eabi-objdump -S -marm -d ./code.elf > code.s
arm-none-eabi-objcopy -O binary ./code.elf code.bin
node combine.js
./bintosyx /minimk3 444 ./final.bin final.syx
#flash with (up up down down left right left right): https://fw.mat1jaczyyy.com/firmware
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment