Rusting up your
GreatFET
richö butts
dominic stupid
Slide 2
Slide 2 text
Who are these jerks
‣ dominic stupid
‣ "Extraordinary"
‣ Senior Computer Jerk
‣ Great Scott Gadgets
‣ Ubertooth stuff
‣ Second best hair in this talk
‣ richö butts
‣ slightly less"Extraordinary"
‣ Senior Computer Jerk
‣ Stripe
‣ The umlaut is a historical
artifact
‣ Got up a bit late to write
this slide
Slide 3
Slide 3 text
Who are these jerks
Slide 4
Slide 4 text
Who are these jerks
Slide 5
Slide 5 text
Who are these jerks
Slide 6
Slide 6 text
Why do you care
‣ Embedded stuff sucks
‣ Lol how do I pointers
‣ Lol how do I buffers
‣ Updates are hard
‣ Operability
‣ Tooling support
‣ Compile times
Presumably you're in this talk
Slide 7
Slide 7 text
Why do you care
‣ Credit: Haroon Meer
Slide 8
Slide 8 text
We swear we sort of know what we're doing
Disclaimer
‣ richö is not a very hardware person
‣ dominic sort of knows how to program computers
Slide 9
Slide 9 text
GreatFET
‣ Hardware hacking platform
‣ LPC4330 breakout board
‣ Firmware based on HackRF
‣ SPI, JTAG, UART, ADC, DAC, GPIO, USB x2
‣ SGPIO, DMA, Logic Analyser
Slide 10
Slide 10 text
Neighborly af
GreatFET
Slide 11
Slide 11 text
why not _____?
‣ Micropython:
‣ Concurrency issues
‣ Code size
‣ Still have to write a lot of C
‣ Overheads
‣ Debugging hassles
‣ Incremental C
‣ shares many pain points of C
‣ Template hell
‣ µrubby
Slide 12
Slide 12 text
Mozilla research project, out of control
Rust
‣ Memory safe
‣ Static lifetimes
‣ Coherent package management
‣ C interoperability
‣ Big boy generics
‣ Powerful macro system
‣ Prevents non-exploitable bugs too!
Slide 13
Slide 13 text
Mozilla research project, out of control
Rust
‣✨lifetimes✨
Slide 14
Slide 14 text
Mozilla research project, out of control
Rust
‣✨lifetimes✨
Slide 15
Slide 15 text
Mozilla research project, out of control
Rust
‣✨lifetimes✨
Slide 16
Slide 16 text
his ubertooth still has blutack on it
Last time richo did hardware
Slide 17
Slide 17 text
haha! it's a golang joke
Making it go
‣ Two main goals:
‣ Be able to write a pure rust firmware for GreatFET
‣ Embed rust code into an existing firmware codebase
Slide 18
Slide 18 text
jerks who beat us to the punch
Prior art
‣ zinc
‣ hardware abstraction layer for embedded platforms
‣ tock
‣ experimental RTOS
‣ http://www.acrawford.com/2017/03/09/rust-on-the-
cortex-m3.html
‣ bare metal rust on cortex m3
Slide 19
Slide 19 text
zero to hero
‣ Pick a project that seems plausible
‣ Randomly twiddle bits in linker scripts until you're
satisfied with the results
‣ ?????
‣ Speak at TROOPERS!
Slide 20
Slide 20 text
protip: Forget shit you need, find brian
Get you a greatfet
Slide 21
Slide 21 text
Look into your GreatFET
‣ Black Magic Probe
‣ Natively talks gdb
‣ Exactly zero openocd is
the right amount
Slide 22
Slide 22 text
Blink some LEDs
Goal 1
‣ Configure GPIO (poke memory)
‣ Configure the pin (poke memory)
‣ lpc4330 has 8 gpio ports, each with 32 pins
‣ greatfet package has 144 pins
‣ not all can be used for GPIO
‣ Selfishly, it needs power and stuff
‣ Set Direction (poke memory)
‣ Write data to pin (poke memory)
Slide 23
Slide 23 text
Execute code on a greatfet
Goal 0
‣ Futz around with the existing build pipeline for
GreatFET to translate an elf object into something
that can be written to flash
‣ ... or!
‣ Use black magic probe + gdb's support for writing an
elf into memory
Slide 24
Slide 24 text
Execute code on a greatfet
Goal 0.5
‣ On a "normal computer" having a stack, heap,
executable mapped into memory, etc is free
‣ On embedded, you need to setup your own stack,
install interrupt handlers, etc before you get too
carried away
‣ zinc::hal::mem_init::init_stack();
‣ zinc::hal::mem_init::init_data();
Slide 25
Slide 25 text
This metaphor has gotten away from me a little
Goal 0.7
Slide 26
Slide 26 text
Blink some LEDs
Goal 1
‣ Configure GPIO (poke memory)
‣ Configure the pin (poke memory)
‣ lpc4330 has 8 gpio ports, each with 32 pins
‣ greatfet package has 144 pins
‣ not all can be used for GPIO
‣ Selfishly, it needs power and stuff
‣ Set Direction (poke memory)
‣ Write data to pin (poke memory)
Slide 27
Slide 27 text
unsafety
Slide 28
Slide 28 text
The HAL
Slide 29
Slide 29 text
Blink some LEDs
Goal 1 revisited
‣ Write Rust abstraction over GreatFETs GPIO
‣ Expose logical LEDs to userland code!
‣ Great success
‣ Once we had a "read to"/"write from" register
abstraction, we can build anything
Slide 30
Slide 30 text
demo time
Don't get excited, it's blinking LEDs
Slide 31
Slide 31 text
demo time
Rust on GreatFET
Slide 32
Slide 32 text
demo time
Rust on GreatFET
Slide 33
Slide 33 text
demo time
Our demo probably failed, have an otter
Slide 34
Slide 34 text
demo time
Rust on GreatFET on GreatFET
Slide 35
Slide 35 text
objcopy is bad software
‣ 337kb elf -> 257mb bin (WTF objcopy?)
‣ Probably some hilarious underflow.
‣ .... Should have written it in rust
Slide 36
Slide 36 text
objcopy is bad software
Slide 37
Slide 37 text
objcopy is bad software
‣ Whatever all those zeros are probably not important
‣ ¯\_(ツ)_/¯
Slide 38
Slide 38 text
demo time
Rust on GreatFET on GreatFET
Slide 39
Slide 39 text
demo time
.... yup. Otters.
Slide 40
Slide 40 text
demo time
But not yet
‣ Go to mike and dominic's talk on thursday 4pm
Slide 41
Slide 41 text
Where does that leave us?
‣ 100% rust code
‣ two interrupt handlers written in inline asm
‣ Still uses linker scripts to describe memory mapped
registers to native Rust code
‣ Uses some unfortunate tricks to abstract over unsafe
memory access
‣ Cargo works natively!
‣ Want to terminate TLS on your greatfet for some reason?
Slide 42
Slide 42 text
Subtitle Text
Why do you care
‣ Embedded stuff sucks
‣ Lol how do I pointers
‣ Lifetimes! Borrow Checker!
‣ Updates are hard
‣ Cargo!
‣ Operability
‣ hella static analysis
‣ Compile times
‣ Incremental compilation, coherent module system
‣ Generalisable code
Slide 43
Slide 43 text
Challenges for adoption
‣ Unwillingness to rewrite your whole codebase in
Rust
‣ Incremental rewrites now possible
‣ Rust learning curve
‣ Support doesn't magically port existing software
Slide 44
Slide 44 text
things don't always go well
‣ zinc has some serious tooling problems
‣ rust error messages are great
‣ ... unless the bug is in a compiler plugin
‣ Zinc is made of compiler plugins
‣ richö isn't very good at comprehension
‣ so we might have wasted 20% of the development time
on writing randomly across memory mapped registers
Slide 45
Slide 45 text
things don't always go well
‣ But seriously, do you read this and immediately know
how to interact with GPIO on greatfet?
Slide 46
Slide 46 text
Questions?
Slide 47
Slide 47 text
Feel free to take pictures
Resources
‣ github.com/richo/zinc
‣ The zinc fork with support for greatfet
‣ https://github.com/dominicgs/GreatFET-experimental/
tree/rust/firmware
‣ GreatFET firmware with support for embedded rust
‣ speakerdeck.com/richo/rust-greatfet
‣ The slides for this talk
‣ We're on twitter
‣ @dominicgs @rich0H
‣ We'll release a docker image