OpenTViX forum

[thespecialist]

For the reverse engineers in this community: here's IDC creator v0.15. It can generate IDC file's for usage with disassemblies of ELF/MIPS binaries.

The generated IDC from version 0.15 will:

* Resolve the Stubs section and rename each stub with the corresponding external function name.
* Scan the GOT and rename all stub pointers in the GOT.
* Create comments for references to 32 bit adresses, with that 32 bit address
* If that address is an ASCII string, it will copy that string into the comment.

Usage: open the binary with IDC creator and save the generated IDC file. Then, in IDA pro, with your disassembly opened,
select from the menu: 'file/IDC file' and open the generated IDC file. IDA will then fix everything up for you.

Easy as that !

http://www.speedyshare.com/files/22127972/IDCcreate.rar

TS

[bmf]

Good work, TS!

bmf

[leader]

Nice job thespecialist!

Best Regards
leader

[thespecialist]

Thx guys !

I'll add resolving of the stub pointers too, don't have time today/tomorrow, so it will probably be wednesday. Not that you really NEED that (resolving the stubs alone is enough IMHO), but it sure is handy

[thespecialist]

Updated the first post and the download link: it now contains v0.13, which will now also scan the GOT and rename all stubpointers in the GOT.

You can generate a new IDC with v0.13 and apply it; doesn't matter if you applied a v0.12 before: as long as the IDC is not messing with the sections (and the generated IDC's don't do that), you can re-apply an IDC without problems.

TS

[thespecialist]

I'm going to try to make a v0.14, which will auto comment the refs into the data section, which contain ASCII text.

Something like this:

.text:0046F13C lw $a1, (0x560634 - 0x568610)($gp)
.text:0046F140 lw $t9, (RMCompareAscii_ptr - 0x568610)($gp)
.text:0046F144 jalr $t9
.text:0046F148 addiu $a1, 0x62EC # 5062ec = ref to '/NET3/'

[thespecialist]

I updated the first post of this thread again, with the downloadlink to the latest version that I just finished: v0.15.

An example of the benefits of v0.15. First a disassembly generated by IDA pro:

Code: Select all

.text:004064DC                 lw      $t9, (off_452438 - 0x45A210)($gp)
.text:004064E0                 jalr    $t9
.text:004064E4                 addiu   $a0, 0x1780
.text:004064E8                 lw      $gp, 0x30+var_20($sp)
.text:004064EC                 lw      $t9, (off_452334 - 0x45A210)($gp)


Same disassembly, now with the generated IDC applied:

Code: Select all

.text:004064DC                 lw      $t9, (puts_ptr - 0x45A210)($gp)
.text:004064E0                 jalr    $t9
.text:004064E4                 addiu   $a0, 0x1780      # ref: 00411780 '!!! CRC Mis-match. corrupted .fwp file !!!'
.text:004064E8                 lw      $gp, 0x30+var_20($sp)
.text:004064EC                 lw      $t9, (fclose_ptr - 0x45A210)($gp)


Where the original IDA output doesn't make sense without seeing more, the 2nd piece with the IDC applied easily reveals what this example code does (output the message that the FWP file was corrupt with the 'puts' function and then close the file with fclose. )

Enjoy !

TS

[octessence]

Has anyone got as far as dissambling the main program and then reassembling a working version using a toolchain? Or is that asking a bit too much? It would be nice to start converting the main program into readable c.

[badeip]

Has anyone got as far as dissambling the main program and then reassembling a working version using a toolchain? Or is that asking a bit too much? It would be nice to start converting the main program into readable c.

That is asking a bit much, but you should take a look at midac (http://www.binary-art.net/?p=1002), my MIPS emulator/disassembler which also has the possibility of generating IDA .idc files.
It's still a bit rough, and I noticed that it isn't able to emulate execution of the entire code segment of 1.3.74, but I just haven't found the time to update it yet.

Regards

badeip.

[octessence]

Finally had a bit more time to get back to this. I'm still reading quite a lot about assembly and in particular mips assembly.

In case anyone is interested I found this guide really useful for an assembly language virgin like me:
http://www.eecs.harvard.edu/~ellard/Courses/cs50-asm.pdf

Is there any change you could give me the source to your midac tool? I think I could learn a lot by studying what it does.