Page 2 of 4
Re: [Tutorial] Reverse Engineering C series
Posted: Sun Apr 19, 2015 7:29 am
by timoo
sectroyer wrote:
Confirmed. I was able to find functions in same places
Just in one window I open C MIPS find function copy name and in second window I find same place in C ARM rename some "sub_xxxxx" to correct name and voila
Of course you still have to make it dynamic but that's another storry
which arm and mips fw do you use for comparing?
Re: [Tutorial] Reverse Engineering C series
Posted: Sun Apr 19, 2015 9:56 am
by sectroyer
timoo wrote:sectroyer wrote:
Confirmed. I was able to find functions in same places
Just in one window I open C MIPS find function copy name and in second window I find same place in C ARM rename some "sub_xxxxx" to correct name and voila
Of course you still have to make it dynamic but that's another storry
which arm and mips fw do you use for comparing?
ANY arm exeDSP and to be honest ANY mips exeDSP but last time for mips I used exeDSP from MSX6 but MSX5 and TDT5 is also good
Re: [Tutorial] Reverse Engineering C series
Posted: Tue Apr 21, 2015 6:25 pm
by timoo
imho at least fw T-valdeuc 0000 have these 'symbols' - function names etc. of course there is no debug symbols both are striped on arm and mips - tested mips fw T-MSX6DEUC_2001.0
Re: [Tutorial] Reverse Engineering C series
Posted: Tue Apr 21, 2015 6:55 pm
by sectroyer
if you have exeDSP from that firmware please upload it somewhere and I will check
And yeah I was talking "only" about function names no debug symbols there
Re: [Tutorial] Reverse Engineering C series
Posted: Tue Apr 21, 2015 9:04 pm
by timoo
t-valdeuc 0000 is downgrade fw already on wiki ->
http://wiki.samygo.tv/index.php5/How_to ... C_firmware
in t-valdeuc 1XXX fw are some function names too at least 1008.3
Re: [Tutorial] Reverse Engineering C series
Posted: Tue Apr 21, 2015 9:08 pm
by sectroyer
"some function names" are on ALL C firmwares
I want ALL function names
You installed this firmware or did you unpack it? I get a bunch of unreadable files
Re: [Tutorial] Reverse Engineering C series
Posted: Tue Apr 21, 2015 10:05 pm
by timoo
decrypt use this
http://sourceforge.net/p/samygo/code/HE ... Patcher.py
then exe.img is fat16 image mount in linux and extract exedsp
Re: [Tutorial] Reverse Engineering C series
Posted: Wed Apr 22, 2015 11:04 am
by sectroyer
Great find. I can confirm that symbols ARE THERE!!!! I will try to work on some tool for that (to use it on other firmwares) but you can already check latest libRecTitle which has C_Support.h/c and C_find.h which make adding support to C much easier
Re: [Tutorial] Reverse Engineering C series
Posted: Wed Apr 22, 2015 2:11 pm
by timoo
there is no problem using these 'symbols' on another fw just make signatures or use bindiff
Re: [Tutorial] Reverse Engineering C series
Posted: Wed Apr 22, 2015 3:25 pm
by sectroyer
timoo wrote:there is no problem using these 'symbols' on another fw just make signatures or use bindiff
Then we would have to write bindiff support to our patches
Nah. It's much better to use in "another way"