Last active
September 8, 2021 15:01
-
-
Save losnir/78fae7e6cbb8cebf952bac8139beb258 to your computer and use it in GitHub Desktop.
Xiaomi M365 Custom Firmware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0x00004e1e movw r2, #0xc977 | |
0x00004e26 movw r1, #0xc977 | |
0x00004e3e movw r2, #0xc977 | |
0x00004e46 movw r1, #0xc977 | |
0x00004e5c movw r3, #0xc977 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void sub_4dec(int arg0, int arg1, int arg2) { | |
r2 = arg2; | |
r12 = *(int8_t *)0x20000610; | |
r7 = 0x20000610; | |
asm { ldrd r4, r3, [r7, #0x8] }; | |
r7 = *(r7 + 0x4); | |
if (r12 >= 0x7) goto loc_4e70; | |
loc_4e06: | |
goto *0x4e0a[r2]; | |
loc_4e70: | |
asm { strd r1, r2, [r0] }; | |
return; | |
loc_4e12: | |
r2 = SAR(0xc977 * (sign_extend_32(*0x4001243c) - r4), 0xa); | |
goto loc_4e70; | |
loc_4e54: | |
r2 = *0x4001283c; | |
r2 = SAR(0xc977 * (sign_extend_32(r2) - r4), 0xa); | |
goto loc_4e70; | |
} |
Hi, does anyone have more information on how to decompile the firmware binary files? I know it has the Cortex-m3 processor which uses the armv7 architecture.
Anyone got update on this?
I would like to access the assembler code itself to be able to adjust it on my own and from that create a .bin legit file which I can load into the m365.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@losnir do you have starting point / rom size for the firmware files to load in IDA/hopper, cheers.