We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
I've been doing a lot of reverse engineering on a C161PI-based alarm control board (Brinks BHS-4000). I've already figured out a lot about the system just by experimenting with the panel itself, as well as looking at firmware dumps I've made. But when I try loading the dumped firmware into the uVision simulator, it just hangs whenever it waits for Flash writes to complete. In addition, I've often seen it overwriting bits of code in memory at addresses that wouldn't be overwritten on the actual system, like Flash programming control messages.
I've heard that the uVision simulator emulates peripherals, including Flash memory, but I don't see the options for Flash memory emulation anywhere. I'd like it to emulate an AM29F160DB/DT chip, which is what the actual system uses, or a compatible one. Does anyone know how I can get it to do that?
Here's the system info:
Infineon C161PI processor AM29F160DB EEPROM (2MB, 0x0-0x1FFFFF) IS62C1024AL SRAM (128KB, 0x400000-0x41FFFF) Firmware dump: www.filedropper.com/20766a
Anyone know how I can get this running?
Also, does anyone know of any other C16x emulation software, that's open source? Or any open-source C16x tools for that matter--it's been really frustrating only being able to find proprietary stuff, often that isn't even available to download. Not even the GCC toolchain someone made years ago is open source, despite the GPL requiring it. (And it's not on their site anymore, and the links on archive.org don't work, of course. -_-)
It only "emulates" flash memory in so far that you can load data into the appropriate memory space(s):
http://www.keil.com/support/man/docs/uv4cl/uv4cl_cm_load.htm
Is there any way I can implement this myself without modifying the code I load into memory? Like write my own code that plugs into uVision and intercepts memory writes? I guess if all else fails, I could try and hack something together with Cheat Engine to hook into uVision's RAM, but there has to be a better way. This is why I wish I had an open-source emulator...
>>This is why I wish I had an open-source emulator... Wishing doesn't make that stuff happen, just needs sufficiently motivated devs with a problem to solve.
Patch the code in question
Write a sim script to do it.
These are very powerful though debugging them is sadly close to "crash and burn"
There are examples on Keil for spi eeprom / flash.
It probably can be done for this - I have done for other cpu's to test / debug application writes to the flash chip in the simulator.
Flash write emulation should be able to be done very close to reality.
Intercept read / writes to flash control addresses - rwatch, wwratch, etc. Use read / write memory commands to read / write flash address in simulator.
Structures can't be defined in sim but those and pointers can be defined in the real embedded code which can then be used in simulator in all their glory. Being you are using external code, this may not be feasible or may require a dummy project at an odd address to be used.
You may need to selectively use map command to make flash areas read / write / execute vs read / execute.