[E3-hacking] PBL & running arbitrary code
David Given
e3-hacking@earth.li
Fri, 11 Mar 2005 23:32:18 +0000
On Fri, 2005-03-11 at 23:00 +0000, Ralph Corderoy wrote:
[...]
> 0338 eb001b44 bl rx_uart0_byte
So what does rx_uart0_byte return if the FIFO is empty? It either
blocks, in which case we could find the timeout, or else it just returns
failure --- probably 0. In which case, the only way of triggering the
boot loader is to make sure that the byte hits the FIFO before this
piece of code gets called.
Since both our programs are spamming the thing silly with ESC chars,
then I suspect there might be some other condition that needs to be met
before this code even gets called. It just happens to be true on your E3
and Matt's E2, but not on mine.
(I've tried registering, booting the thing with the phone line plugged
in, booting the thing with various interesting buttons pressed, booting
the thing without the handset, without the keyboard, etc. The only thing
I've discovered is that without a dial tone, it'll go into attract mode
after a minute or so.)
Might there be some sort of hardware query buried in the setup routine
in main()?
[...]
> Attached is a small tar file, exp-1.tar.bz2, containing exp.c and
> various other gubbins. I've heard it has some effect with the E3 doing
> what you state above.
This seems to send a single 1B, and bail with a EOF error when it tries
to read the response. How were you running it? Before boot, after boot?
--
+- David Given --McQ-+ "I don't like the thought of her hearing what I'm
| dg@cowlark.com | thinking." "*No-one* likes the thought of hearing
| (dg@tao-group.com) | what you're thinking." --- Firefly, _Objects in
+- www.cowlark.com --+ Space_