Skip to content

Instantly share code, notes, and snippets.

View lols11's full-sized avatar

lols11

8 followers · 17 following
  • Poland
  • 13:37 (UTC +02:00)
View GitHub Profile
@four0four
four0four / 01-zynq-uart-exploit.md
Last active May 12, 2024 04:18
Zynq BootROM Secrets: BootROM dump exploit

Zynq BootROM Secrets: Exposing the bootROM with the UART loader

Last time I wrote about this, I lied a little - There is an interesting bug in the UART loader, and it may have been exactly why Xilinx didn't document it. In short: The UART loader writes the entire UART payload to a location in memory (nominally 0x4_0000). The ROM is architected such that when the boot mode is selected, it registers a callback that is called when the ROM wants more data from the boot device. For the UART loader, this is pretty simple - here's the whole thing:

; void uart_callback(u32 r0_offset, void* r1_dest, i32 r2_nbytes)
ROM:0000A578 PUSH            {R3,LR}
ROM:0000A57C MOV             R3, #uart_buff
ROM:0000A584 MOV             R12, #1
ROM:0000A588 LDR             R3, [R3]
@looxonline
looxonline / biqu_b1_getting_started.md
Last active April 30, 2025 21:11

Getting started with your B1

Congratulations on getting a shiny, new B1. It is a great machine for beginners and experienced users alike but like all machines you will need to do some things just right to get the most out of it. This is a brief guide which explains how to put together your B1 to ensure that the mechanics will just work.

Installing the uprights

When installing the uprights it is crucial that they be at 90 degrees to the base and not the bed. The bed will be sorted out later. If you fail to ensure this then you are likely to experience later issues with ABL and/or the nozzle scraping across the print.

In order to ensure that both uprights are at 90 degrees you will need to use a set square. Eyeballing it alone is not enough and relying on the provided brackets is also not enough since they include some play by design in order to allow you to manipulate the frame to overcome manufacturing tolerances. Place the set square up against the frame and the base as can be seen in the image

@four0four
four0four / 01-zynq-uart.md
Last active May 12, 2024 04:20
Zynq BootROM Secrets - UART loader

Zynq BootROM Secrets: UART loader

Recently I acquired (md5: ADF639AFE9855EE86C8FAAD216C970D9) the Zynq bootrom, and during the reversing process uncovered some interesting secrets, one of which is an as-of-yet undocumented UART loader. As documented the Zynq bootrom will load from NOR/NAND/SPI flashes, eMMC/SDIO-based storage (unfortunately) not USB, or anything else more complex.

Not sure why Xilinx didn't document this. In my brief testing it is super unreliable if you just spit everything at once - they reset the RX/TX paths during the process, so timing is critical, but that might be the janky meter-long ftdi cable. You can change the baudrate during the process, but I was too lazy to do the math.

Here's the disassembly that made me look twice (that, and checks for the MIO boot_mode[2:0] that weren't specified in the docs :)):

ROM:0000A220 BL              uart_init
@jackm
jackm / can-packages-and-tools.md
Last active October 9, 2025 06:51
Collection of CAN bus packages and tools

Collection of CAN bus packages and tools

This document assumes the use of Linux as the chosen development platform. Items in bold are highly recommended.

It is recommended to use SocketCAN when working with CAN bus on Linux. It is supported by the Linux kernel mainline and follows the Linux interface model, allowing you to use other network tools such as Wireshark. This also allows the creation of virtual CAN interfaces where no physical hardware is required to simulate or replay CAN messages.