Part 13 - Hacking float

Let's review our example. 0x05_float.c as follows.

#include <stdio.h>
#include "pico/stdlib.h"

int main() 
{
  stdio_init_all();

  while(1) 
  {
    float x = 40.5;

    printf("%f\n", x); 

    sleep_ms(1000);
  }

  return 0;
}

Let's fire up in our debugger.

radare2 -w arm -b 16 0x05_float.elf

Let's auto analyze.

aaaa

Let's seek to main.

s main

Let's go into visual mode by typing V and then p twice to get to a good debugger view.

The float is at [0x00000340].

:> pff @ [0x00000340]
0x00004000 = 9.32830524e-09

As we discussed in the last lesson, do not worry that the float is inaccurate as this machine is x64. What is important to see is the value 0x00004000.

In our last lesson we also explained the way the Pico handles floats. Let's review some basics.

0x3ff00000 = 1.000000
0x3ff00001 = 1.000001
0x3ff00002 = 1.000002
...
0x3ff0000f = 1.000015
0x3ff00010 = 1.000016
0x3ff00011 = 1.000017
etc...

Let's hack to 1.000000 as follows.

Our microcontroller is a little endian architecture therefore if we are going to change our 40.5 to 1.0 we need to put that value in reverse byte order therefore...

0x3ff00000

Needs to be...

0x0000f03f

Therefore we need to change the value at the following.

wx 0x0000f03f @ 0x00000340

All we have to do now is exit and convert our .elf to .uf2!

./elf2uf2/elf2uf2 0x05_float.elf 0x05_float.uf2

Plug in the Pico and make sure you hold down BOOTSEL or use the setup I provided in the part 2.

cp 0x05_float.uf2 /Volumes/RPI-RP2

Let's screen it!

screen /dev/tty.usbmodem0000000000001

AHH yea!

1.000000
1.000000
1.000000
1.000000
1.000000
1.000000
1.000000
1.000000
1.000000
1.000000
1.000000
1.000000

Here we have hacked the value to 1.000000 and we let the 1 second sleep to persist.

In our next lesson we will discuss the double data type.

results matching ""

    No results matching ""