https://github.com/wrongbaud/hackaday-u

I tried Gidra on two firmware images I had: an esp32 and STM32 dev board. Since it's a binary blob, it did not provide the ELF info on architecture, so I had to fill it out by hand, and there are many ARM options. I chose ARM Cortex, but it didn't seem to work that well. How do you pick arch from the many ARM options? What would be the right one for this firmware?</li><ul><li>In order to determine the proper CPU architecture, you should start with any applicable datasheets. A lot of the MCUs in those series’ that were mentioned use Cortex cores, but analysis will fall short if you do not properly define the appropriate memory regions, which can be acquired from the relevant datasheet. </li></ul><li>Why arent functions like main() for c++ automatically set to the right parameters?<ul><li>The decompiler tries not to make too many assumptions for these function prototypes and uses the context that is provided by the instructions in use - this allows things to be more generic and causes fewer failures, but"> https://github.com/wrongbaud/hackaday-u

I tried Gidra on two firmware images I had: an esp32 and STM32 dev board. Since it's a binary blob, it did not provide the ELF info on architecture, so I had to fill it out by hand, and there are many ARM options. I chose ARM Cortex, but it didn't seem to work that well. How do you pick arch from the many ARM options? What would be the right one for this firmware?</li><ul><li>In order to determine the proper CPU architecture, you should start with any applicable datasheets. A lot of the MCUs in those series’ that were mentioned use Cortex cores, but analysis will fall short if you do not properly define the appropriate memory regions, which can be acquired from the relevant datasheet. </li></ul><li>Why arent functions like main() for c++ automatically set to the right parameters?<ul><li>The decompiler tries not to make too many assumptions for these function prototypes and uses the context that is provided by the instructions in use - this allows things to be more generic and causes fewer failures, but">

Class 2: Q&A

A course class for Introduction to Reverse Engineering with Ghidra

Learn how to reverse engineer software using Ghidra! This four-session course will walk you through the basics.

wrongbaud • 07/03/2020 at 15:18•0 Comments

Where do we get the exercises? The only info I've gotten is on the Eventbrite.

The exercises are stored on the github page, located here: https://github.com/wrongbaud/hackaday-u

I tried Gidra on two firmware images I had: an esp32 and STM32 dev board. Since it's a binary blob, it did not provide the ELF info on architecture, so I had to fill it out by hand, and there are many ARM options. I chose ARM Cortex, but it didn't seem to work that well. How do you pick arch from the many ARM options? What would be the right one for this firmware?

In order to determine the proper CPU architecture, you should start with any applicable datasheets. A lot of the MCUs in those series’ that were mentioned use Cortex cores, but analysis will fall short if you do not properly define the appropriate memory regions, which can be acquired from the relevant datasheet.

Why arent functions like main() for c++ automatically set to the right parameters?
- The decompiler tries not to make too many assumptions for these function prototypes and uses the context that is provided by the instructions in use - this allows things to be more generic and causes fewer failures, but also means that users have to sometimes identify and add the appropriate types. In short - you don't want to assume too much such that it breaks other use cases.
Can you take thins like [rbp+8] and give them symbolic names for local variables?

Yes, if you right click the label that is being used, you can rename the variable to something different.

Also for the exercises, should we use docker on windows or do WSL and git clone the repo?

They have been tested within the docker container, and in an Ubuntu 18.04 VM, so I would recommend sticking with one of those two. If you have issues with docker, reach out and we’ll try to help you.

Previous class

Class 2 Video

06/30/2020 at 17:11 • 0 comments

Next class

Class 3 Video

07/07/2020 at 02:07 • 0 comments

Discussions