docs/uart_mangle.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

# Amlogic TF-A UART logs obfuscation on some boards (OTP?)

A ZTE B700V7-2017 user reported that it mangled UART logs:

```
.......................................................................................set vcck to 1200 mv
set vddee to 1200 mv

[U-Boot logs ...]
```

They successfully dumped BL1. We fed the dump into Ghidra:

```c
/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */

uint serial_putc(uint c)

{
  byte *efuse_data;
  
                    /* Thanks to arzamas-16[m] for helping! */
  efuse_data = (byte *)get_efuse_mirror_ptr();
  if ((efuse_data[5] >> 1 & 1) != 0) {
    c = L'.';
  }
  do {
  } while ((_DAT_c81004cc >> 0x15 & 1) != 0);
  _DAT_c81004c0 = c & 0xff;
  return c;
}
```

It's known to happen on:
- ZTE B700V7
- ZTE ZXV10 B860H V5