Author Topic: HP Prime Emulator  (Read 1333 times)

0 Members and 1 Guest are viewing this topic.

Offline gigi1237

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 10
  • Rating: +0/-0
    • View Profile
HP Prime Emulator
« on: May 08, 2017, 11:48:04 am »
Hey guys, I'm new here. I've been working on an emulator for the HP Prime as to better understand how it's OS works and possibly develop something like ndless for the Prime. Right now the emulator it's in it's super early stages, no input, display or anything at all for that matter. Just some of the Prime's armfir.elf (the main OS file) code running and not yet doing aything useful.

I've approached the emulator from a relativley high level perspective. I'm not trying to emulate it at a hardware level and instead I'm emulating the systemcalls that the Prime makes. Right now I'm targeting the earliest public Prime OS available (20130808) as it contains the most debug info. All the code is hosted on Github https://github.com/Gigi1237/PrimeU . Check it out and hit me up if any of you would be interested in contributing.  ;)

Offline Eeems

  • Mr. Dictator
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 6083
  • Rating: +316/-36
  • C'est la vie
    • View Profile
    • Eeems
Re: HP Prime Emulator
« Reply #1 on: May 08, 2017, 03:32:19 pm »
If you aren't actually emulating the hardware but just the system calls I'd describe your projects more as a compatibility layer (like Wine). If I had time I'd be interested in helping even though I don't have an HP Prime.

You may also want to cross-post this on Cemetech as they have more c++ developers over there.

That said if you need help with higher level planning or want someone to go over your designs and give feedback feel free to post about it here, or to tag me in the github issue/pr and I'll give it a once over the best I can.
/e

Offline Jean-Baptiste Boric

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 14
  • Rating: +1/-0
    • View Profile
Re: HP Prime Emulator
« Reply #2 on: May 09, 2017, 11:56:14 am »
I'm the author of Rip'em, one (the only?) third-party firmware for the HP Prime. My efforts stalled when flashing the calculator under Windows over and over got really old, so I am interested in a HP Prime hardware emulator. It's been a while, but I'm still probably the guy most familiar with the HP Prime hardware outside of HP.

I did not attempt to write an emulator earlier because I'm not motivated enough to make one from scratch and QEMU's source code gives me headaches. However, I've discovered the Unicorn CPU emulator by browsing your source code. That might be enough to get me started.

While I'm here: as soon as someone circumvents the exam mode, you can bet HP will lock down the bootloader in the next firmware version to put a stop to that. Please don't nuke exam mode, whether directly or indirectly.
We're gonna have a geeky Christmas,
That is what we'll do.
We're gonna have a geeky Christmas,
Hope you'll have one too.

Offline gigi1237

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 10
  • Rating: +0/-0
    • View Profile
Re: HP Prime Emulator
« Reply #3 on: July 27, 2017, 04:44:19 am »
hey kinda forgot about this post and the forum. Anyways i've been busy so I had not time to work on aything HP prime related.

If you aren't actually emulating the hardware but just the system calls I'd describe your projects more as a compatibility layer (like Wine). If I had time I'd be interested in helping even though I don't have an HP Prime.

You may also want to cross-post this on Cemetech as they have more c++ developers over there.

That said if you need help with higher level planning or want someone to go over your designs and give feedback feel free to post about it here, or to tag me in the github issue/pr and I'll give it a once over the best I can.
You're absoloutley right it's absoloutley a compatibility layer. I just decided to call it emulator because there is actual CPU instructuor emulation going on, unlike wine which does not allow cross arch executables. I opted to go for a compatbility layer as I was interested in the inner workings of armfir.elf and wanted some way to debug it without using jtag. Considering the limited (~300) number of syscalls armfir makes this sounded like a much better idea compared to a full blown hardware emulator.

I hadn't though of Cemetech though iirc I did cross-post to another forum, now if I only remembered which...  :banghead:

Thanks for the offer, some feedback could definetley come in useful as I'm quite new at this.

I'm the author of Rip'em, one (the only?) third-party firmware for the HP Prime. My efforts stalled when flashing the calculator under Windows over and over got really old, so I am interested in a HP Prime hardware emulator. It's been a while, but I'm still probably the guy most familiar with the HP Prime hardware outside of HP.

I did not attempt to write an emulator earlier because I'm not motivated enough to make one from scratch and QEMU's source code gives me headaches. However, I've discovered the Unicorn CPU emulator by browsing your source code. That might be enough to get me started.

While I'm here: as soon as someone circumvents the exam mode, you can bet HP will lock down the bootloader in the next firmware version to put a stop to that. Please don't nuke exam mode, whether directly or indirectly.
I tested out your firmware and found it quite interesting, albeit it was not what I was interested in. But nonetheless a hardware emulator would benefit me as much, if not more than what I was currently creating. One question, were you ever able to debug the code running on the calc itself? Whether JTAG or something similar.

You're right about qemu being a massive headache, I to build on that initially but just found the source too incomprehensible and time consuming to edit. Even if theoretically it would be perfect for a hardware emulator.  Did you end up starting with a Unicorn-engine based emulator? If you have I'd be more than glad to take a look and possibly contribute.

Also you're absoloutley right about exam mode. I was intending to stay as far away from that as possible to not have any issues. But nonetheless from my understaing of the Prime's firmware it feels like it would be extremley hard to lock it down anywhere as tighlty as the nspire, it has no built in encryption capability and all it's memory can be written to so even if HP would decide to lock it down (hopefully thid does not happen ever) it'd be quite easy to circumvent, even if just by overwriting the key they'd use to sign their firmware. Am I completley wrong here? All my knowledge of embeded devices and calculators come from reverse engeneering and a minimal amount of google.

Offline Jean-Baptiste Boric

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 14
  • Rating: +1/-0
    • View Profile
Re: HP Prime Emulator
« Reply #4 on: July 31, 2017, 01:53:56 pm »
I haven't tried to create a hardware emulator yet, mostly because I'm thoroughly overworked with an internship, sysadmin freelance work and a GSoC student to mentor. I don't expect a saner workload until September. Also, my C++ is rusty and my knowledge of Qt is nil, even though Qt Creator looks slick as heck.

I did not attempt to use JTAG. I did all my debugging with the UART. I wrote a GDB stub to poke stuff around, but without interrupts it is rather limited.

About exam mode: unlike TI hardware, there is no root of trust inside the HP Prime hardware. You can always program whatever you want into the first 8 KiB of Flash and the S3C2416 will happily run it. While HP could introduce crypto checks and obfuscate things in an update, it's nothing some reverse-engineering and a soldering iron can't reverse. Fixing that hole for real would require at the very least a new hardware revision.
We're gonna have a geeky Christmas,
That is what we'll do.
We're gonna have a geeky Christmas,
Hope you'll have one too.

Offline gigi1237

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 10
  • Rating: +0/-0
    • View Profile
Re: HP Prime Emulator
« Reply #5 on: August 12, 2017, 10:46:23 am »
I thought I had written another reply before but I'm either crazy or it somehow got deleted.

Anyway I've attempted to hack up something with qemu. Figured out how it works, kind of and got to the point of having most of the first stage bootloader run, reading the rest from NAND and finally starting the os I assume (don't remember the exact address it hands off execution to). It's also throwing the usual uart startup output at me. But it's crashing somewhere after that and I haven't been able to figure out why yet.

Do you happen to have a UART dump from the prime? The output it gives at startup, as I have no ability to grab it for myself right now. So I can compare it to the output I'm getting.

Also I haven't posted the source yet because it's so bad I'm embarrassed about it  :-\ If you're interested I can do it anyway though. 

Offline Jean-Baptiste Boric

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 14
  • Rating: +1/-0
    • View Profile
Re: HP Prime Emulator
« Reply #6 on: August 12, 2017, 11:58:30 am »
I don't have access to my HP Prime right now, but I posted an UART dump here a long time ago : https://www.omnimaga.org/introduce-yourself!/hello-everybody-22224/msg403203/#msg403203. It was with an early version of my own firmware.

From memory, the HP Prime booting process has three stages :
  • BXCBOOT0.BIN (the first 256 KiB of the NAND) : the first 8 KiB initializes the hardware and chainloads the rest of the stage, it also contains the recovery and the first splashscreen ;
  • PRIME_OS.ROM (the next 1 MiB) : this is what Rip'Em replaces ;
  • Either armfir.elf for the normal firmware, or the diagnostics utility.

An incomplete, reverse-engineered disassembly of the first 8 KiB of BXCBOOT0.BIN is available at https://tiplanet.org/hpwiki/index.php?title=BXCBOOT0.BIN_reverse_engineering, if that can be of help.

I can take a look at your sources if you want. I promise I won't judge :)
We're gonna have a geeky Christmas,
That is what we'll do.
We're gonna have a geeky Christmas,
Hope you'll have one too.

Offline gigi1237

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 10
  • Rating: +0/-0
    • View Profile
Re: HP Prime Emulator
« Reply #7 on: August 17, 2017, 06:00:08 pm »
Thanks for giving the link to the UART log, it was helpful. The output qemu is giving me is slightly different: https://gist.github.com/Gigi1237/0a5c3bd41f53bea14434c6673e6f0cbf#file-gistfile1-txt. Mainly becaus it spams me with "B"s right after printing start. I haven't figured out why yet though. Probably some mistake in the UART implementation.

I also uploaded my qemu branch to github: https://github.com/Gigi1237/qemu I'd be very glad if you could check it out. Mainly the s3c2416.c file, as i generated the rest automatically from the datasheet (except s3c2416_lcd.c). I'd be very happy to have some feedback especially if you spot any mistakes. Keep in mind the code is literally hacked together at the moment. I've done many things I shouldn't have as I was just basically playing around to see if I could get anything working. Most things are not even close to functional and I wasn't even following any coding convention although I should have been. If you feel like it, you could contribute and send a pull request, but I know you're busy.

Right now I'm a bit stuck with it, don't really know what exactly to do next to get it working. I'm especially in a hard spot because I don't have acess to my IDA Pro databases of both the OS and the bootloader which would help a ton with debugging at this stage.

Offline Hooloovoo

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 222
  • Rating: +22/-0
    • View Profile
Re: HP Prime Emulator
« Reply #8 on: August 17, 2017, 07:01:36 pm »
I am glad to see Prime dev going on! I have just ordered a prime, and have the tools for jtagging. Once I get the prime, I'll have a look at stuff, and can maybe help get more things done.
"My world is Black & White. But if I blink fast enough, I see it in Grayscale." -tr1p1ea
Spoiler For some of the calcs I own:



(actually I have quite a few more than this, but I don't feel like making bars for them all.)

Offline Jean-Baptiste Boric

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 14
  • Rating: +1/-0
    • View Profile
Re: HP Prime Emulator
« Reply #9 on: August 18, 2017, 04:06:14 am »
Thanks for giving the link to the UART log, it was helpful. The output qemu is giving me is slightly different: https://gist.github.com/Gigi1237/0a5c3bd41f53bea14434c6673e6f0cbf#file-gistfile1-txt. Mainly becaus it spams me with "B"s right after printing start. I haven't figured out why yet though. Probably some mistake in the UART implementation.

Wow, you've reached PRIME_OS.ROM, that's impressive! That means the first stage of the bootloader actually worked.

Right now I'm a bit stuck with it, don't really know what exactly to do next to get it working. I'm especially in a hard spot because I don't have acess to my IDA Pro databases of both the OS and the bootloader which would help a ton with debugging at this stage.

I would try to make Rip'Em work. Since it's vastly simpler and the source code is available (unlike the official firmware), figuring out why stuff is not working should be much easier. Next goal would be the diagnostics utility.

Today is the last day of my internship, so I'll be able to take a closer look at your QEMU tree real soonTM.
We're gonna have a geeky Christmas,
That is what we'll do.
We're gonna have a geeky Christmas,
Hope you'll have one too.

Offline Jean-Baptiste Boric

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 14
  • Rating: +1/-0
    • View Profile
Re: HP Prime Emulator
« Reply #10 on: August 18, 2017, 01:18:43 pm »
Here's the PRIME_OS.ROM of Rip'Em and the ELF programs, for testing on your side.
We're gonna have a geeky Christmas,
That is what we'll do.
We're gonna have a geeky Christmas,
Hope you'll have one too.

Offline gigi1237

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 10
  • Rating: +0/-0
    • View Profile
Re: HP Prime Emulator
« Reply #11 on: August 18, 2017, 02:03:29 pm »
Thank you very much. I'll try to get it running in qemu now



Just a little update. Got ripem to run! No functionality yet as GPIO is not implemented yet but it's giving me correct graphical ouput.  ;D ;D ;D



Edit (Eeems): Merged double post
« Last Edit: August 19, 2017, 02:50:45 pm by Eeems »

Offline Jean-Baptiste Boric

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 14
  • Rating: +1/-0
    • View Profile
Re: HP Prime Emulator
« Reply #12 on: August 19, 2017, 08:41:49 am »
So I took a quick look at your branch and I've already submitted a pull request (mostly just cleanups to make it work on my Linux box).

Soon I'll finally be able to work on Rip'Em without losing my sanity in the process. Yay! :w00t:
We're gonna have a geeky Christmas,
That is what we'll do.
We're gonna have a geeky Christmas,
Hope you'll have one too.

Offline gigi1237

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 10
  • Rating: +0/-0
    • View Profile
Re: HP Prime Emulator
« Reply #13 on: August 19, 2017, 10:01:48 am »
Great changes, nice idea of using the exynos uart. It appears to be similar (identical?).

But I'm still stuck as to why the original prime_rom won't boot. I'm really at a loss.  :banghead:

Offline Jean-Baptiste Boric

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 14
  • Rating: +1/-0
    • View Profile
Re: HP Prime Emulator
« Reply #14 on: August 19, 2017, 10:40:45 am »
Rip'Em is a really, really simple piece of code, so it's fairly easy to make it run. It doesn't even uses interrupts or timers, it has effectively the equivalent complexity of a "Hello World!"-class program.

The official firmware is infinitely more sophisticated than that. There's much, much more going on inside a HP Prime than just a ARM9 core and a bunch of RAM.
We're gonna have a geeky Christmas,
That is what we'll do.
We're gonna have a geeky Christmas,
Hope you'll have one too.