NyaMisty

Well I'm trying to reverse the oled binary, but I can't figure out where exactly start_data points to. Why there's still global variable after the end of data and bss...

@aiemassfiria could you please share your oled binary file and those offsets & those variables' address in IDA? I'm on a different firmware version 21.191.61.00.233, and I need to find...

@aiemassfiria well... seems that you are not using start_data and end_data. Is it ok to hardcode the offset?

For those who wants to analysis, here's some maybe helpful information: This is the oled binary in ValdikSS's E5885Ls-93a_Update_21.236.05.00.00_mod1.2 [oled.orig.zip](https://github.com/ValdikSS/huawei_oled_hijack/files/4101722/oled.orig.zip) The absolute addresses in IDA are: start_data -> 0x23000 end_data...

> > 21.191.61.00.233 > > Im using oled binary from @ValdikSS firmware because i try to find the variable at firmware 21.182.63.00.233 but failed...thats y im using @ValdikSS oled and...

for your e5577: TLDR: absolute address ``` g_load_domain_code = 0xc796 g_led_status = 0x2c0b0 g_current_page = 0x2f560 g_main_domain = 0x2f7c4 end_data = 0x2C0B4 start_data = 0x2a000 ``` Please according minues the...

Instruction on how to find them 1. Find string "ui_wifi_show_homepage Enter", then you can come to the ui_wifi_show_homepage function, in the code it will check whether a variable is null,...

@ValdikSS Sadly when I finally hooked everything, it's appearing to be something like this:  Could you please help me?

Please wait for a moment :( I still struggling to implement support for e5885 😵 aiemassfiria 于2020年1月23日 周四20:55写道： > 2f7c4 > > @NyaMisty i already try but still > cannot...can...

> > @ValdikSS Sadly when I finally hooked everything, it's appearing to be something like this: > > Could you please help me? > > That's expected, you need to...