EMBA firmware report

-----------------------------------------------------------------

[*] Initial strace run with jchroot on the command ./usr/bin/stm32flash to identify missing areas

[*] Emulating binary name: stm32flash in strace mode to identify missing areas (with jchroot)

[*] Emulator used: qemu-arm-static

[*] Chroot environment used: jchroot

[*] Using root directory: /logs/s115_usermode_emulator/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract (1/2)

[*] Using CPU config:

1 brk(NULL) = 0x400191c8

1 uname(0x3ff1d8f0) = 0

1 access("/etc/ld.so.preload",R_OK) = 0

1 openat(AT_FDCWD,"/etc/ld.so.preload",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3

1 statx(3,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3ff1d8c0) = 0

1 mmap2(NULL,19,PROT_READ|PROT_WRITE,MAP_PRIVATE,3,0) = 0x3f7cf000

1 close(3) = 0

1 munmap(0x3f7cf000,19) = 0

1 openat(AT_FDCWD,"/etc/ld.so.cache",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 errno=2 (No such file or directory)

1 openat(AT_FDCWD,"/usr/lib/tls/v8l/neon/vfp/libc.so.6",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3

1 read(3,0x3ff1d200,512) = 512

1 statx(3,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3ff1cf48) = 0

1 mmap2(NULL,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x3f7ce000

1 mmap2(NULL,1148532,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,3,0) = 0x3f6b5000

1 mprotect(0x3f7b2000,61440,PROT_NONE) = 0

1 mmap2(0x3f7c1000,16384,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0xfc) = 0x3f7c1000

1 mmap2(0x3f7c5000,34420,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x3f7c5000

1 close(3) = 0

1 set_tid_address(0x3f7ce828) = 1

1 set_robust_list(0x3f7ce830,12) = -1 errno=38 (Function not implemented)

1 mprotect(0x3f7c1000,8192,PROT_READ) = 0

1 mprotect(0x40018000,4096,PROT_READ) = 0

1 mprotect(0x3f7fd000,4096,PROT_READ) = 0

1 ugetrlimit(3,1072814728,1065121076,1065145778,1,1065102948) = 0

1 write(2,0x4000690c,28)ERROR: Device not specified

 = 28

1 write(2,0x3ff1b968,2617)Usage: ./usr/bin/stm32flash [-bvngfhc] [-[rw] filename] [tty_device | i2c_device]

	-a bus_address	Bus address (e.g. for I2C port)

	-b rate		Baud rate (default 57600)

	-m mode		Serial port mode (default 8e1)

	-r filename	Read flash to file (or - stdout)

	-w filename	Write flash from file (or - stdout)

	-C		Compute CRC of flash content

	-u		Disable the flash write-protection

	-j		Enable the flash read-protection

	-k		Disable the flash read-protection

	-o		Erase only

	-e n[:m]	Only erase n pages before writing the flash, optionally

			max m pages per erase

	-v		Verify writes

	-n count	Retry failed writes up to count times (default 10)

	-g address	Start execution at specified address (0 = flash start)

	-S address[:length]	Specify start address and optionally length for

	                   	read/write/erase operations

	-F RX_length[:TX_length]  Specify the max length of RX and TX frame

	-s start_page	Flash at specified page (0 = flash start)

	-f		Force binary parser

	-h		Show this help

	-c		Resume the connection (don't send initial INIT)

			*Baud rate must be kept the same as the first init*

			This is useful if the reset fails

	-R		Reset device at exit.

	-i GPIO_string	GPIO sequence to enter/exit bootloader mode

			GPIO_string=[entry_seq][:[exit_seq]]

			sequence=[[-]signal]&|,[sequence]

GPIO sequence:

	The following signals can appear in a sequence:

	  Integer number representing GPIO pin

	  Named gpio with the name enclosed within square brackets

	  'dtr', 'rts' or 'brk' representing serial port signal

	The sequence can use the following delimiters:

	  ',' adds 100 ms delay between signals

	  '&' adds no delay between signals

	The following modifiers can be prepended to a signal:

	  '-' reset signal instead of setting it

Examples:

	Get device information:

		./usr/bin/stm32flash /dev/ttyS0

or:

		./usr/bin/stm32flash /dev/i2c-0

	Write with verify and then start execution:

		./usr/bin/stm32flash -w filename -v -g 0x0 /dev/ttyS0

	Read flash to file:

		./usr/bin/stm32flash -r filename /dev/ttyS0

	Read 100 bytes of flash from 0x1000 to stdout:

		./usr/bin/stm32flash -r - -S 0x1000:100 /dev/ttyS0

	Start execution:

		./usr/bin/stm32flash -g 0x0 /dev/ttyS0

	GPIO sequence:

	- entry sequence: GPIO_3=reset, GPIO_2=reset, 100ms delay, GPIO_2=set

	- exit sequence: GPIO_3=set, GPIO_2=reset, 300ms delay, GPIO_2=set

		./usr/bin/stm32flash -i '-3&-2,2:3&-2,,,2' /dev/ttyS0

	GPIO sequence adding delay after port opening:

	- entry sequence: delay 500ms

	- exit sequence: rts=high, dtr=low, 300ms delay, reset gpio=high

		./usr/bin/stm32flash -R -i ',,,,,:rts&-dtr,,,[reset]' /dev/ttyS0

 = 2617

1 statx(1,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3ff1d7f0) = 0

1 brk(NULL) = 0x400191c8

1 brk(0x4003b1c8) = 0x4003b1c8

1 brk(0x4003c000) = 0x4003c000

1 write(1,0x400191d0,1)

= 1

1 exit_group(1)

[*] Identification of missing filesytem areas.

[*] Found missing area: /etc/ld.so.cache

[*] Trying to identify this missing file: ld.so.cache

[*] Missing file /logs/s115_usermode_emulator/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/etc/ld.so.cache

-----------------------------------------------------------------