Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ghidra_fr60 #2

Open
mumbel opened this issue Nov 4, 2022 · 4 comments
Open

ghidra_fr60 #2

mumbel opened this issue Nov 4, 2022 · 4 comments

Comments

@mumbel
Copy link
Owner

mumbel commented Nov 4, 2022

https://github.com/desrdev/ghidra-fr60

@desrdev starting writing this and then thought about searching github more and came across your stuff after I got this far. Def have not debugged anything (havent started pspec/cspec/ldefs at all) and still had a few questions on some of the instructions. but I'm no longer going to develop on this repo, but if you wanted to take a look if we differed hugely in implementation, obviously yours works so chances are im just wrong).
@mumbel
Copy link
Owner Author

mumbel commented Nov 4, 2022

ping @DiscoStarslayer if you were interested .... just noticed that other acct is an org

@DiscoStarslayer
Copy link

Hey @mumbel, thanks for the ping. I haven't taken a deep dive, but at least from 10,000ft I do like your implementation of STM/LDM more than my brute force approach assuming it works as expected. I may try to port that over.

Some caveats that you may wish to consider if using my plugin:

  • Loader is customized for the firmware in the Sony PSX, I don't have a loader built for standard formats like ELF
  • Built specifically from datasheets referencing "FR60" as that is what my target core the MB91301A utilized. Your core specifies only FR*. I have seen this called FR30/FR60/FR80/FR81 and I haven't yet determined what (if any) differences there are between these versions in the instruction sets.
  • the pre-labeled hardware registers may not match your CPU 1:1
  • Some DIV operations don't work properly on 8 and 16 bit numbers
  • Co-processor operations are stubbed out, these may be important on some SOC's

Otherwise, I'm happy to accept PR's or issues on the project, I have plans on eventually up-streaming the more chip agnostic portions

@mumbel
Copy link
Owner Author

mumbel commented Nov 4, 2022

@DiscoStarslayer yeah, that ldm/stm hopefully works, I tried to copy the approach used in ppc/arm. Same 10,000 ft view .... conditional branching differs, and delay slot syntax (I did ^":d" and you have _D, I think that errored out without the ^ and the : in a string)

I dont know much about this architecture and didn't have big plans for RE, just wanted to try implementing it. /r/carhacking posted about it, I'm familiar with SLEIGH and it looked like a small enough ISA so I gave it a shot (this was about 6hrs of work maybe so far)

@mumbel
Copy link
Owner Author

mumbel commented Nov 15, 2022

have a few PRs up. first covers what we talked about here and 2nd is more of a code audit.

@mumbel mumbel pinned this issue Dec 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DiscoStarslayer @mumbel