User Tools

Site Tools


Build environment

See point 5 on how to rebuild a near-original firmware for your r0ket. The original firmware that comes with your badge contains secret keys that you will not find in git. If you reflash your firmware, those will be lost - but that's not as bad as it sounds unless you like properitary stuff. WE RECOMMEND THAT YOU READ POINT 5 BELOW BEFORE YOU REFLASH YOUR FIRMWARE THOUGH. Meanwhile the keys are leaked, so rebuilding an original firmware is possible. Guess we will also check them into git soon…

0. Work in Progress

After all it's r0ket science. If you actually start developing something for the r0ket now, we'd recommend to join our Mailing List and IRC channel - see contact.

This article explains the setup on a Linux machine. Instructions for Mac OS X are available here.

1. Compiler

As of November 2012, CodeSourcery got bought by Mentor Graphics. The old “Sourcery G++ Lite” is now Sourcery CodeBench Lite Edition. The links in this page to the old toolchain don't work; if it's legal, I could upload my copy of arm-2011.03-42-arm-none-eabi.bin somewhere for everybody to download. Otherwise, you could try to register on and download the freely available Sourcery CodeBench Lite Edition (EABI Release) and see if the old installation instructions still make sense.
The CodeSourcery G++ package provides a GNU cross-compiler toolchain for ARM.
  • On ubuntu, the installer complains that /bin/sh points to /bin/dash and not /bin/bash. Change it like proposed (with 'sudo dpkg-reconfigure -plow dash', “Install as /bin/sh?” → No). You can change it back to dash later, if you like.
  • “Minimal” is the appropriate install option, if you don't want to use the CodeSourcery IDE.
  • add compiler to your path (eg. ~/.bashrc)
    • export PATH=$PATH:<pathtocodesourcery>/Sourcery_G++_Lite/bin/
  • restart console

Complete console commands for Ubuntu: When installing CordeSourcery chose the proposed Paths. Replace <USERNAME> with your username.

mkdir r0ket
cd r0ket
sudo dpkg-reconfigure -plow dash
chmod +x arm-2011.03-42-arm-none-eabi.bin
echo 'export PATH=$PATH:/home/<USERNAME>/CodeSourcery/Sourcery_G++_Lite/bin' >> ~/.bashrc
Running on FreeBSD8.2 with gcc4.5.2
cd /usr/ports/devel/
sudo cp -r ./arm-rtms-gcc ./arm-none-eabi-gcc
cd arm-none-eabi-gcc
vi Makfile
> change line 11 "TGTABI = rtems" to "TGTABI = none-eabi"
> uncommit line 12 "WITH_RTEMS_PATCHES= yes"
sudo make install clean

# at me one c-file dont found: "sys/sysctl.h"
# fix it in this c-file :"#include <sys/sysctl.h>" to "#include '/usr/include/sys/sysctl.h'"

Someone asked me to write this down, so here's how I built the firmware with stock binutils, gcc, newlib and gdb.

2. Source

The code for r0ket ist based on the (BSD-licensed) microBuilder-library for the LPC1300-family. High-level functions are provided to print and paint on the display, access the filesystem on the dataflash, the 2.4 GHz RF interface, etc.
  • Install git
    • sudo apt-get install git-core
  • Clone git repository
    • git clone git:// 

3. Build

The source for the actual applications (in opposition to the libraries) resides at 'firmware/applications'. Start from an example or roll your own. APPNAME.c must provide a 'void main_APPNAME(void)' function, which works as the app's main function. The makefile is set up so that you can call 'make APP=APPNAME' to build the firmware image for APPNAME.c. It defaults to 'APP=$USERNAME'
cd firmware
vi applications/hello.c
#include <sysinit.h>
#include "basic/basic.h"
#include "lcd/render.h"
void main_hello(void) {
    DoString(10,20,"Hello World");
    while (1) {}
make APP=hello
For FreeBSD
gmake APP=hello

4. Deploy

The LPC1343 has a USB-ISP, it can be booted as an USB storage device, and the firmware can be copied as a file. Unfortunately, this only works on Windows. On Linux, the firmware has to be directly written to the device, see below. Additionally, a bug in the ROM causes the CPU to hang for 20 seconds when entering the bootloader. To make development more convenient, the autoflash tool monitors the USB for r0kets in ISP-Mode and automatically flashes the last built firmware. An “ISPAndReset()”-function in the library enables the user to reset the r0ket to ISP-mode and circumvent the 20 second delay.


  • Install udev rule
    • sudo cp tools/bootloader/42-nxp-flash.rules /etc/udev/rules.d/
      sudo /etc/init.d/udev restart
  • start autoflasher
    • cd firmware
      make flash APP=hello 
On ubuntu, nautilus will automount the USB-Storage device, and our automounter will not work. Disable the nautilus-automounter:
apps > nautilus > preferences
Uncheck the "media_automount" option
  • (re)start r0ket in ISP-mode
    • Method 1 (up to 30 seconds, but works always)
      • Power off r0ket
      • Press and hold button “Left”, power r0ket on
      • Connect r0ket via USB
    • Method 2 (fast, works always when a firmware is installed that uses [default])
      • Power off r0ket
      • Press and hold button “Enter”
      • Connect r0ket via USB
    • Method 3 (fast, works if installed firmware provides the functionality)
      • Connect r0ket via USB
      • Select menu option “Invoke ISP” (or similar)
If the r0ket is in ISP-mode, all four LEDs are dimly lit


Due to some incompatibility in the Linux vfat driver, just mounting and copying the firmware does not work. The firmware has to be dd'ed to the r0ket:

  1. connect r0ket in ISP mode
  2. make sure that the device is not mounted
  3. dd if=firmware.bin of=/dev/<devicename> bs=1024 skip=2

The right device is 34 kiByte in size.

5. Building the original Firmware

To rebuild the original firmware you can use the release-all script in firmware/. It will build the firmware and all additional programs and put them into /release. You have to copy SECRETS to SECRETS.release first.

Note: the SECRETS in the git contain different keys than those you had on your badge originally. That way the original firmware can only execute l0dables signed by the vendor (us!!), which makes it at least as cool as an iBadge. So if you reflash your badge you will lose this “feature” forever. Also you will leave the mesh of sheeps and enter the mesh of hackers, as the keys are different. Don't trust the INVADERS highscore on the hackers mesh though. Finally openAMD will stop encrypting messages - so if you have tracking enabled people can sniff and fake your ID. And of course you can always try to break the read protection of a working badge and extract its crypto keys and release them on wikileaks. We'd love to see that. But wait for day 2 with that so we can see the mesh working before for some time…

After running the release-all script, copy the release/final.bin to firmware/firmware.bin and flash it using autoflasher:

firmware/$> cp SECRETS SECRETS.release
firmware/$> ./release-all
firmware/$> cp ../release/final.bin firmware.bin
firmware/$> ../tools/bootloader/autoflash

If you get some message the firmware is too large, it might be an accident in our source, but more probably you were using a different compiler than exactly the version we used.

Now hold joystick to the left and power on, release joystick after a second or so. LEDs will light dim, after about 20 seconds the autoflasher should tell you flashed sdX…

Then start your badge holding joystick down (not press center but down), that starts the USB massstorage. Mount it (should be a 512K volume). Erase all files (except your own ones, like received stuff from others if you have that) and/or copy the files from ../release/files/ onto the bage. The new .c0d files are now signed with the git-“SECRETS” and therefore will run again on your firmware, as well as you'll be able to run l0dables others built using the same keys.

If your filesystem is corrupted, you can download and dd it onto the device before mounting it. Or you can flash the initial.bin created by the above process before flashing final.bin, starting initial.bin format the dataflash and starts massstorage.

build.txt · Last modified: 2013/02/19 14:25 by trapicki

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki