FREE Reverse Engineering Self-Study Course HERE

Join DC540 Discord HERE

Schematic

Parts

Raspberry Pi 4
Raspberry Pi Pico
Breadboard
Breadboard Jumper Wires

STEP 1: Install Dependencies [Raspberry Pi 4 (32-bit)]

wget https://raw.githubusercontent.com/raspberrypi/pico-setup/master/pico_setup.sh
chmod +x pico_setup.sh
./pico_setup.sh
cd ~/
wget https://raw.githubusercontent.com/cyrus-and/gdb-dashboard/master/.gdbinit
sudo reboot

STEP 2: Clone Repo [Raspberry Pi 4 (32-bit)]

git clone https://github.com/mytechnotalent/pico-micropython-debug-template.git

STEP 3: Edit main.py & Populate [Raspberry Pi 4 (32-bit)]

from utime import sleep
from machine import Pin 

led = Pin(25, Pin.OUT)

while True:
    led.toggle()
    sleep(5)

STEP 4: Build Firmware [Raspberry Pi 4 (32-bit)]

./build.sh

STEP 5: Flash Firmware [Raspberry Pi 4 (32-bit)]

./flash.sh

STEP 6: Run OpenOCD [Raspberry Pi 4 (32-bit)]

Terminal 1 [Raspberry Pi 4 (32-bit)]

openocd -f interface/raspberrypi-swd.cfg -f target/rp2040.cfg

STEP 7: Debugging Hardware w/ .elf [Raspberry Pi 4 (32-bit)]

Terminal 2 [Raspberry Pi 4 (32-bit)]

gdb-multiarch firmware.elf
>>> target remote localhost:3333
>>> load
>>> monitor reset init
>>> b main
>>> b *(mp_execute_bytecode)
>>> c
>>> n  # until r4 holds a value of 100XXXXX
>>> x/x $r4  # check if this value is fun_

STEP 8: Debugging RAW Hardware [Raspberry Pi 4 (32-bit)]

Terminal 2 [Raspberry Pi 4 (32-bit)]

gdb-multiarch
>>> target remote localhost:3333
>>> monitor reset init
>>> b *0xXXXXXXXX  # replace X's with actual address of main (1st push to r0, r1, r2, r4, r5, lr followed by 2 bl's to functions)
>>> b *0xXXXXXXXX  # replace X's with actual address of where mp_execute_bytecode is called (manual no shortcut here)
>>> c

OPTIONAL STEP 9: Extract Flash [Raspberry Pi 4 (32-bit)]

Terminal 3 [Raspberry Pi 4 (32-bit)]

sudo picotool save -a firmware.bin

License

MIT License