CedarX/RE Toolkit

From linux-sunxi.org
Jump to navigation Jump to search

This page collects all information to create a suitable environment, as a start with reverse engineering the video engine.

armhf/armel rootfs?

This is a question of personal preference. Only needed to be aware is that android is armel as for this fact the availability of close source binaries blobs is greater. There is also some armhf binaries blobs, but have some caveats: only decoder, older versions and with bugs.

Another option is the use of libhybris.

.a libraries from the android sdk can be used in gnu/linux?

The android sdk release contains .a variants of the close blob libraries, and as this is only a archive of .o objects. They should link, only is needed to be aware that they are compiled with android specifics, and workarounds are required for unresolved symbols, by implementing stubs or by other means.

Further investigation required. Only up to now was tested libjpegenc.a with a usable result.

Howto bootstrap a minimal debian armel rootfs from inside armhf.

Chrooting into a armel roofs is also a solution.

Variant buildd installs build-essential packages:

debootstrap --verbose --arch armel --variant=buildd wheezy ./armelroot http://ftp.debian.org/debian

Chrooting to:

mount -t proc proc armelroot/proc
mount -t devtmpfs devtmpfs armelroot/dev
chroot --userspec=USER:GROUP armelroot


To not skip frames, and to have control of the play speed, some optional arguments are useful. Putting them in a shell script to facilitate the reuse, can be as example:

cvlc ?????

Encoding is spread in multiples libraries, each with one function.

  • jpeg There was made a initial trial to get working libjpegenc.a in a A13, which result in success.




This is a tracer in the form of valgrind tool, that uses valgrind instrument capabilities to trace memory access and functions of interest. As valgrind is a virtual cpu, the traced program will run considerable slower.

For compile instructions see ammt directory. If using a release version of valgrind, after applied this patch is required to also run autogen.sh. Example usage:

/dir/to/valgrind/vg-in-place    \
-q                              \
--vgdb=no                       \
--trace-children=yes            \
--log-file=trace.log            \
--tool=ammt                     \
--trace-file=/dev/cedar_dev     \
--show-stack-fnnames=yes        \


tracecatcher.py is helper script to catch traces files. Is a tcp server listening for connections, and if recognizes an AMMT trace, will name and save the trace to a file in the current directory.

Usage, Run valgrind-ammt with the option --log-socket=ipaddress:port

./tracecatcher.py ipaddress port


This is a viewer of traces made in format outputted from valgrind-ammt. For usage see README.