×

Discussion Board

Results 1 to 11 of 11
  1. #1
    Registered User
    Join Date
    Sep 2005
    Posts
    30

    request for a "peek,poke and exec" python module

    I'd like to have raw read/write access to any memory position in the cell phone, would it be very difficult to write a python module to do that? something like
    Code:
    import memory
    
    #this would increment the value of the first memory position.
    a = memory.peek(0)   
    memory.poke(0,a+1)
    
    # start executing machine code instructions from address 0
    memory.exec(0)
    Would anyone volunteer? Thanks in advance!
    xchip

  2. #2
    Super Contributor
    Join Date
    Dec 2004
    Posts
    643

    Re: request for a "peek,poke and exec" python module

    Making this would be trivial. Just out of curiosity: what would you do with it?

  3. #3
    Registered User
    Join Date
    Sep 2005
    Posts
    30

    Re: request for a "peek,poke and exec" python module

    Quote Originally Posted by jplauril
    Making this would be trivial. Just out of curiosity: what would you do with it?

    Nice to see a Nokia Expert interested in this topic...

    To write the module sure it would be trivial but to get the SDK compiling from the command line is a real pain, that is why I was asking if somebody could get it working

    Basically I'd like to have low level access to the phone...

    jplauril, since it is that trivial, would you mind writing the module? :-)
    Last edited by xchip; 2006-06-05 at 23:57.

  4. #4
    Regular Contributor
    Join Date
    Aug 2004
    Posts
    295

    Re: request for a "peek,poke and exec" python module

    xchip: You won't benefit from this feature unless you know how to write this kind of stuff yourself.

    There is source code available that does some interesting hacks by writing to certain memory addresses. If you are interested, look what this hacker has done: http://svn.sourceforge.net/viewcvs.cgi/almalert/trunk/ . For example, there is hack how to prevent the phone recorder from beeping when recording phone calls.

  5. #5
    Registered User
    Join Date
    Sep 2005
    Posts
    30

    Re: request for a "peek,poke and exec" python module

    Quote Originally Posted by simo.salminen
    xchip: You won't benefit from this feature unless you know how to write this kind of stuff yourself.
    If you tell me how to use the S60 SDK from the command line I'd be happy to do it myself :-) once I can use python I woudln't need to use the SDK...

    Quote Originally Posted by simo.salminen
    There is source code available that does some interesting hacks by writing to certain memory addresses. If you are interested, look what this hacker has done: http://svn.sourceforge.net/viewcvs.cgi/almalert/trunk/ . For example, there is hack how to prevent the phone recorder from beeping when recording phone calls.
    Hehe... That goes in the line of what I want to do...

  6. #6
    Registered User
    Join Date
    Sep 2005
    Posts
    30

    Re: request for a "peek,poke and exec" python module

    Hello!
    I finally managed to compile SDK samples, and I compiled the peek/poke and run module (note that the run function just returns 35, just for testing)

    so this is the code:
    Code:
    #include <Python.h>
    #include <w32std.h>
    
    extern "C" PyObject *
    hack_peek(PyObject* /*self*/, PyObject *args)
    {
      int pos;
      char *ptr = 0;
    
      if (!PyArg_ParseTuple(args, "i", &pos))
        return NULL;                   
    
      ptr = pos;
      return Py_BuildValue("i", *ptr);
      
    }
    
    
    extern "C" PyObject *
    hack_poke(PyObject* /*self*/, PyObject *args)
    {
      int pos;
      char *ptr = 0;
      char val;
    
      if (!PyArg_ParseTuple(args, "ic", &pos, &val))
        return NULL;                   
    
      ptr[pos] = val;
    
      return Py_BuildValue("i", 1);
      
    }
    
    extern "C" PyObject *
    hack_run(PyObject* /*self*/, PyObject *args)
    {
      return Py_BuildValue("i", 35);
    }
    
    extern "C" {
    
      static const PyMethodDef keypress_methods[] = 
      {
        {"peek", (PyCFunction)hack_peek, METH_VARARGS, NULL},
        {"poke",  (PyCFunction)hack_poke, METH_VARARGS, NULL },
        {"run",  (PyCFunction)hack_run, METH_VARARGS, NULL },
        {NULL,              NULL}           /* sentinel */
      };
    
      DL_EXPORT(void) initkeypress(void)
      {
        PyObject *m;
    
        m = Py_InitModule("hack", (PyMethodDef*)keypress_methods);
      }
    } /* extern "C" */
    
    GLDEF_C TInt E32Dll(TDllReason)
    {
      return KErrNone;
    }
    To test the module I do the following in the blue tooth console:

    > import hack
    > print hack.run()
    35
    > print hack.peek(45)

    and at this point python just quits.... any idea why?

    xchip

  7. #7
    Regular Contributor
    Join Date
    Aug 2004
    Posts
    295

    Re: request for a "peek,poke and exec" python module

    I have to admit I don't know the details of Symbian memory management, but I believe you can only peek/poke those memory addresses that are valid for current process. Maybe you should study a book like Symbian OS Internals: Real-time Kernel Programming.

  8. #8
    Registered User
    Join Date
    Sep 2005
    Posts
    30

    Re: request for a "peek,poke and exec" python module

    Quote Originally Posted by simo.salminen
    I have to admit I don't know the details of Symbian memory management, but I believe you can only peek/poke those memory addresses that are valid for current process. Maybe you should study a book like Symbian OS Internals: Real-time Kernel Programming.
    Apparently my phone (the 6620) has an MPU (memory protection unit) so that is why python gets dies as soon as I try to access wild memory positions....

    But how is then that russian guy able to patch the recording tool to prevent it from beeping?

  9. #9
    Registered User
    Join Date
    Feb 2005
    Location
    Belgium (Europe)
    Posts
    1,352

    Re: request for a "peek,poke and exec" python module

    Quote Originally Posted by xchip
    Hello!
    I finally managed to compile SDK samples, and I compiled the peek/poke and run module (note that the run function just returns 35, just for testing)

    so this is the code:
    Code:
    #include <Python.h>
    #include <w32std.h>
    
    extern "C" PyObject *
    hack_peek(PyObject* /*self*/, PyObject *args)
    {
      int pos;
      char *ptr = 0;
    
      if (!PyArg_ParseTuple(args, "i", &pos))
        return NULL;                   
    
      ptr = pos;
      return Py_BuildValue("i", *ptr);
      
    }
    
    
    extern "C" PyObject *
    hack_poke(PyObject* /*self*/, PyObject *args)
    {
      int pos;
      char *ptr = 0;
      char val;
    
      if (!PyArg_ParseTuple(args, "ic", &pos, &val))
        return NULL;                   
    
      ptr[pos] = val;
    
      return Py_BuildValue("i", 1);
      
    }
    
    extern "C" PyObject *
    hack_run(PyObject* /*self*/, PyObject *args)
    {
      return Py_BuildValue("i", 35);
    }
    
    extern "C" {
    
      static const PyMethodDef keypress_methods[] = 
      {
        {"peek", (PyCFunction)hack_peek, METH_VARARGS, NULL},
        {"poke",  (PyCFunction)hack_poke, METH_VARARGS, NULL },
        {"run",  (PyCFunction)hack_run, METH_VARARGS, NULL },
        {NULL,              NULL}           /* sentinel */
      };
    
      DL_EXPORT(void) initkeypress(void)
      {
        PyObject *m;
    
        m = Py_InitModule("hack", (PyMethodDef*)keypress_methods);
      }
    } /* extern "C" */
    
    GLDEF_C TInt E32Dll(TDllReason)
    {
      return KErrNone;
    }
    To test the module I do the following in the blue tooth console:

    > import hack
    > print hack.run()
    35
    > print hack.peek(45)

    and at this point python just quits.... any idea why?

    xchip
    Hello ,

    I try your code but you're wrong it works
    But at some memory address only !

    Try this :
    Code:
    import miso
    import hack
    
    EDisplayMemoryAddress = 0x4E
    video_mem = miso.get_hal_attributes(EDisplayMemoryAddress)
    print hack.peek(video_mem)  # some value ...
    hack.poke(video_mem,'a') # change it !
    print hack.peek(video_mem) # 97 = 'a' :)
    pys60 1.4.5 and 2.0.0, pygame, PyS60 CE on E90 and 5800 !

    Find my pys60 extension modules on cyke64.googlepages.com

  10. #10
    Registered User
    Join Date
    Sep 2005
    Posts
    30

    Re: request for a "peek,poke and exec" python module

    hey, good to know it works, it was my first python module :-)

    now I'm writting one to access the 6620 serial/ir port so I can use the phone as the brain of a robot I'm building

  11. #11
    Registered User
    Join Date
    Feb 2005
    Location
    Belgium (Europe)
    Posts
    1,352

    Re: request for a "peek,poke and exec" python module

    I found some adress you can securely use with hack module
    Use free sysinfoS60 app for discovering these !


    ROM header addr
    begin 0x50000000
    end 0x51757cf

    ROM Root Dir addr
    begin 0x517157d0
    end 0x518fffff

    First adress video mem 0x5a152000
    First pixel 0x5a152020

    Last pixel 0x5a163e20
    LAST ADDR 0x5a175fff
    Kernel debug mask 0x80000003
    pys60 1.4.5 and 2.0.0, pygame, PyS60 CE on E90 and 5800 !

    Find my pys60 extension modules on cyke64.googlepages.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×