Michael's musings

Tue, 05 Jan 2010

no-op instructions for ARM

At http://www.credil.org/ we had to deal with some code that was not yet GPL compliant, fixing bugs (removing features!) from a .so file that we had. We had some of the source code, but not enough to recompile it.

We needed to disable certain calls, so we disassembled the object file with objdump -d. We then reviewed the code, looked for the calls we wanted to remove, which are "bl" instructions.

../../prebuilt/linux-x86/toolchain/arm-eabi-4.3.1/bin/arm-eabi-objdump -d libmyso.so >libmyso.S

All branch instructions are conditional, but one valid condition is "branch always" (and link, which means it's a subroutine). See: http://www.peter-cockerell.net/aalp and http://www.peter-cockerell.net/aalp/html/frames.html, section C which is at: http://www.peter-cockerell.net/aalp/html/app-c.html

Just look, if we change 'e' to 'f', it becomes Branch Never! We tried that.

Oops, this doesn't work. Peter Cockerell's book (from 1987) documents ARMv3, and we are up to ARMv9. It seems that his bit pattern now means to branch, and change to THUMB mode... The clue that this is what happens is that when we disassembled the result we saw "blx", but the real clue was that the offset was no longer "place", instead was "place+2". Thumb instructions are 16-bit big.

See http://www.keil.com/support/man/docs/armasm/armasm_cihfddaf.htm for details of BLX.

So, how to create a NOP? We didn't see an official one. Some googling revealed that "MOV R0 R0" is a good choice.

http://www.keil.com/support/man/docs/armasm/armasm_cjafcggi.htm

To assemble this:

First nibble is 0b1110 (15, 0xE) for "Always".

Second nibble is 0b0001 (1, 0x1), for 00, Immediate bit = 0, first bit of opcode is 1. (The Opcode is 0b1101 (14, 0xD) for MOV)

Third nibble is 0b1010 (10, 0xA), three bits of opcode, S bit set to 0.

Fourth nibble is 0x0000 (R0), and Fifth nibble is 0x0000 (R0).

The last 12 bits are 0.

The result is: 0b1110 0001 1010 0000 0000 0000 0000 0000. Or 0xE1A00000.

We didn't realize that the Android phones are in big-endian mode, so when we searched for the right instructions to change, we did not find them.

When you objdump a .so file, it's mapped directly, so the offsets that objdump products are actual file offsets.

Mon, 04 Jan 2010

An open Letter to Shaw Direct

Dear Jim,

You write, "Over the last 8 years, we have seen huge advances in the technology of our receivers without an impact on the MRF. Effective Feb. 1, 2010, the monthly rate for MRF (multiple receiver fee) will increase by $1/month to $5.99/month"

Over the past 8 years this is simply not true.

When I signed up in the summer of 2001, there was no multiple receiver fee. So, the MRF fee has in fact gone up by $5 over the last 8-9 years.

Meanwhile, my receiver is still the same VERY SLOW piece of crap motorola receiver you made me buy in 2001. I've seen no improvement in technology at all, and I'm locked into buying crappy, closed source, proprietary receivers if I want to receive your signal. You make me pay for the equipment, and then prevent me from using it the way I want.

When I first signed up, you gave me this "credit" on programming, but you made me spend it on your premium package, rather than on the basics package that I wanted, which meant that the receiver really cost me 2x as much as I was lead to believe.

The packages are such that I get hundreds of channels I do not want, and I can not get the two or three channels that I want without huge expense.

Meanwhile, the number of Pay-per-vue channels continues to decrease (and most of them are porn), I guess because you never bothered to offer your loyal customers an upgrade to the oval dish, and I can only see one of the two satellites.

If hulu.com opens in Canada, you can kiss my business goodbye.

If any local TV stations disappear from my dial, you can kiss my business goodbye. If you pass on any local TV tax to me, then I can assure that I will simply cut my bill by that same amount, or give up, and just watch DVDs.