[dropbear] recently found herself in a pickle. Dumping some data out of an Android app at a specific point for reverse engineering purposes. While it worked great in the simulator, it was painfully slow on hardware via lldb. The solution was to write a patch and apply it to the ELF file.
Writing the AArch64 assembly to dump the buffer is relatively trivial, but adding it to the existing ELF and repackaging it into a new APK leads to strange errors. The relative offsets into .rodata are now all wrong. For those who don’t routinely interface with the format of ELF files, we have a fantastic resource to take you into the dark depths. But the quick summary version is that sections contain various resources, and you find parts of those resources by relative offsets. The program header describes what type of resources each section contains.
[dropbear] found a NOTE section that just contained some metadata. She created a new section at the end of the file for her custom assembly and modified the header to declare the NOTE section as a LOAD section that pointed at her new section, which would get mapped into memory. All that was left to do was tweak the assembly in the actual code to jump to her new code that dumps. The BSS section was extended by a few bytes so that her program could store its state there.
At first glance, both the executables that a compiler produces, and the libraries that are used during the building process seem like they’re not very accessible. They are these black boxes that make an application go, or make the linker happy when you hand it the ‘right’ library file. There is also a lot to be said for not digging too deeply into either, as normally things will Just Work™ without having to bother with such additional details.
The thing is that both executables and libraries contain a lot of information that normally is just used by the OS, toolchain, debuggers and similar tools. Whether these files are in Windows PE format, old-school Linux a.out or modern-day .elf, when things go south during development, sometimes one has to break out the right tools to inspect them in order to make sense of what is happening.
This article will focus primarily on the Linux platform, though most of it also applies to BSD and MacOS, and to some extent Windows.
Popular Electronics was famous for the article introducing the Altair 8800 back in 1975 (well, the cover date was 1975; it really came out in late 1974). That was so popular (no pun intended), that they ran more computer construction articles, including the SWTPC 680 late in 1975. But in 1976 a very popular article ran on building a very simple computer called the COSMAC ELF. [Youtubba] had an Altair, but always wanted a “cute” COSMAC ELF. Now, forty-something years later, he finally got around to it. He made the very detailed video about his experience, below.
Surprisingly, he didn’t have to look very hard for too many of the components as most of them were available from Digikey. He had to get compatible RAM chips, the 1802 CPU and LED displays. He also couldn’t find a look-alike crystal, so he used a fake one and a hidden oscillator. The result looks awfully close to the original. He even did a nice front panel using Front Panel Express.
Halloween receives the bulk of the attention for installation-type hacks, but [Stephen’s] animated elf hack-in-progress provides the perfect example of bringing the Christmas spirit to life.
[Stephen] constructed both the background and the elf’s body from a scrap piece of plywood, drawing and painting everything by hand, and then secured the plywood with a simple 2×4 that serves as a stand. The bulk of the hack is rather simple, and reflects the longstanding technique of traditional cel animation: the non-moving portions are kept stationary and only the moving parts need to change. In this case, [Stephen’s] shortcut is to insert a tablet as the elf’s face.
The tablet is a BlackBerry PlayBook, which moves the eyes around and spouts off a few Santa-related quips while animating the mouth. [Stephen] encountered a problem with the PlayBook’s 5-minute screen timeout function, and had to design a custom application to prevent the tablet from entering sleep mode while it played through the animations. His future plans are to drill a hole through the plywood and expose the tablet’s light sensor to detect when someone walks by, then have the elf spring to life in response. You can see his progress so far in the video below.
The device works by connecting two antennas to an enclosure that contains a speaker. The enclosure is intended to be worn on the back with a harness securing it in place and wrapping the arms around the wearer’s body. The antennas are incorporated into a pair of gloves. When the antennas pick up electromagnetic radiation, the speaker emits a low frequency sound waves. They vibrate the enclosure and the arms, which in turn vibrate the body, signaling to the wearer that he or she is in an electromagnetic field, also referred to as hertzian space. A good deal of detail about the project can be found on his blog, or if you prefer, download his thesis paper in(PDF).