CHDK Wiki
Don't have an account?
Register
Advertisement
Register
CHDK Wiki
CHDK Wiki
632
pages

GPL Disassembling

Revision as of 15:28, 1 August 2008 by Disass (talk | contribs) (Gpl Disassembling moved to GPL Disassembling)
Sign in to edit

Disassembling with GNU/GPL tools

The gnu/gpl tools are not made for analysing alien binary dumps because we usually have the source code if we need to debug. This is not really an replacement for IDA but for me it's was sufficient.

Installing software is not explained in this tutorials.

Prerequisites:

  • U have a raw binary firmware dump to look at. I'll use here "dump.bin"
  • U have set up arm-gcc/binutils toolchain.

In this toybox we have: 

arm-elf-objcopy | arm-linux-gnu-objcopy
arm-elf-objdump | arm-linux-gnu-objdump

Here we go: 

strings -t x dump.bin > dump.strings
hexdump -C dump.bin > dump.hex

arm-linux-gnu-objdump -m arm -b binary -D dump.bin > dump.dis

However, theres a problem: all files start with an offset of 0x00. Here comes my renumber.pl script: 

strings -t x dump.bin | ./renumber.pl 0xff810000 > dump.strings
hexdump -C dump.bin |./renumber.pl 0xff810000 > dump.hex

Before we disassemble the dump, we pack it into elf format. This meat is good for feeding gdb and the IDA demo version ;) 

arm-linux-gnu-objcopy --change-addresses=0xff810000 -I binary -O elf32-littlearm -B arm dump.bin dump.elf
arm-linux-gnu-objcopy --set-section-flags .data=code dump.elf

Verify the elf file: 

arm-linux-gnu-objdump -x dump.elf

Disassemble: 

arm-linux-gnu-objdump -d dump.elf > dump.dis

So finally we have 3 ascii files to stare at:

  • dump.dis
  • dump.strings
  • dump.hex

and

  • dump.elf for gdb and qemu

Next lesson: run the dump in Qemu

Category GPL

  • GPL_Disassembling how to disassemble
  • GPL_Qemu run digicam's firmware in qemu
  • Add to all subs.sh a shell script, adds lines in source file to target file in all CHDK
  • GPL:disassemble.pl perl script, makes a better job ;)
  • GPL:stubs2dis.pl add stubs_entry.S information to disassemble
  • GPL:dis2gas.pl format disassemble to gas format
  • GPL:extract_fi2_keys.py extracts FI2 keys from files disassembled with disassemble.pl
  • GPL:hex2task.sh Replaces sub_xxxx calls in boot.c, capt_seq.c and movie_rec with the coresponding task names found in stubs_entry.S. A perfect stubs_entry.S generated by finsig is required.
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement

Fan Feed

More CHDK Wiki