Just press Alt-G, change the value for T to zero. If you see scrambled code, then (probably) the wrong mode (thumb) is enabled. So you can find all occurences of STMFD by hex searching '2D E9', going two bytes back (did I say code is aligned? 4bytes in arm starting at 00 04 08 0c, 2bytes in thumb mode!) and pressing 'C'. Most code is 'embraced' by 'embracing' code:Įven better, all versions of above codes have similar instruction sets. I then tried to identify strings, pressing 'A'. There were a lot of silly mnemonics, simply interleaving thumb and arm mode or other nasty stuff. Some hints for getting the mnemonics from n00b for noobs (read: master noob for noobs -) ) Alt+G = toggle the Register T from 0 / 1 to toggle arm and thumb mode when needed. ![]() u = undefine what you just may have done, i usually use this since there is no real edit+undo in IDA so this is the next best thing.Read the instructions so you can find other places where you can press "C" to get more code. The entry point is the address at 0x20040408ĩ. fls file into IDA pro, the file offset is 0xCF8(for the secpack), and the CODE starts at the ROM start address of 0x20040000(since it's the main firmware)ģ. The Secpack 2.0 takes up the first 0xCF8 of the. The X-Gold 608 has a memory map, as seen in it's page. How to set up IDA pro to reverse the 3G baseband 4 Addresses of known functions / code locations.2 some hints for getting the mnemonics from n00b for noobs (read: master noob for noobs -) ).1 How to set up IDA pro to reverse the 3G baseband.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |