yhql
commented
10 months ago Hello and thanks! This was a bug, https://github.com/Ledger-Donjon/rainbow/pull/55 should fix it if you want to try it and confirm.
There part of the setup missing when emulating to get a reference trace (input and stored PINs), so the emulator crashes when trying to access something that was never mapped
I have an issue to run some examples with rainbow.
By running it with default settings
e[0xcafecafe] = bytes(INPUT_PIN + "\x00", "ascii")i get following warning after some calculations:...(more output above) 801247A ite eq ; 8012480 cmp r1, r3 ; 8012480 cmp r1, r3 ; 8012482 beq #0x8012490 ; 0 movs r0, r0 ;crashed 0 movs r0, r0 ;crashed
=== 5 faults found === === 2 crashes === Traceback (most recent call last): File "/home/user/.local/lib/python3.10/site-packages/rainbow/rainbow.py", line 275, in start self.emu.emu_start(begin, end, timeout=timeout, count=count) File "/home/user/.local/lib/python3.10/site-packages/unicorn/unicorn.py", line 547, in emu_start raise UcError(status) unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "/home/user/praxissemester/rainbow/examples/HW_analysis/pin_fault.py", line 97, in
e.start(e.functions['storage_containsPin'], 0xaaaaaaaa)
File "/home/user/.local/lib/python3.10/site-packages/rainbow/generics/cortexm.py", line 79, in start
return super().start(begin | 1, *args, **kwargs)
File "/home/user/.local/lib/python3.10/site-packages/rainbow/rainbow.py", line 279, in start
raise RuntimeError(f"Emulation crashed at 0x{pc:X}") from e
RuntimeError: Emulation crashed at 0x8012468
If i change
e[0xcafecafe]for example toe[0x080AAAAA]the output changes to:8012480 cmp r1, r3 ; 8012482 beq #0x8012490 ; 0 movs r0, r0 ;crashed 0 movs r0, r0 ;crashed
=== 5 faults found === === 2 crashes === WARNING: could not determine DPI
The PyQT window finally opens but with a black screen.
Can someone explain this to me and how to fix this?
Thank you!