Gen IV disassembly E38 / E67

Disassembly, Reassembly, Tools and devleopment. Going deep with Hardware and Software.
turbo_bu
Posts: 55
Joined: Tue Dec 03, 2019 3:58 am

Gen IV disassembly E38 / E67

Post by turbo_bu »

Does anyone have a disassembly for a Gen IV ECM? Either a E38 or E67? Any OS would work.

If not, the other alternative is to convert the hex into assembly. For the Gen III PCM's (Motorola processesor), I have a list of assembly commands in hex which I use sometimes to help decipher bin files. I know that is what IDA and other disassembly software is for, but I don't have access to those tools. I believe that the Gen IV used a Power PC chip. Is there a reference available which has power PC commands in hex?
User avatar
Gatecrasher
Posts: 272
Joined: Sat Apr 25, 2020 6:09 am

Re: Gen IV disassembly E38 / E67

Post by Gatecrasher »

Let me broaden the question a little. Has anyone got details on doing a Power PC disassembly in Ghidra? I've been wanting to start exploring that.
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: Gen IV disassembly E38 / E67

Post by kur4o »

Doing diss of newer stuff is a burden even for top $$ tools. PPc is chinese compared to older stuff, even gen3 stuff with its [bit encoding opcode] is completely readable in hex compared to PPC.

To get the job done you need good tools.

For ppc there is 2 registers that needs to be specified. r2 and r13. They are used for offset pointers for some address lookup. Some custom compilers repurpose even more registers and you need some scripting to make it work. Address lookup is limited to 16bit and you need to do some add math to get 32 bit addressing.
Attachments
demo.txt
(316 Bytes) Downloaded 220 times
kostia111
Posts: 47
Joined: Mon Oct 21, 2019 4:58 am

Re: Gen IV disassembly E38 / E67

Post by kostia111 »

ida 7.5 can decompile PPC files
to pseudo C

but hands and head all have to work early
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: Gen IV disassembly E38 / E67

Post by kur4o »

Some gen4 I made some time ago. STill not perfect and complete and no comments yet.
Attachments
Copy of E38DISS.zip
(13.27 MiB) Downloaded 403 times
turbo_bu
Posts: 55
Joined: Tue Dec 03, 2019 3:58 am

Re: Gen IV disassembly E38 / E67

Post by turbo_bu »

This maybe a stupid question, but I am having some difficulty loading these into IDA Pro. When I load the binary it wants to disassemble it. I was hoping that having the idb file might help, but there doesn't seem to be a way to load it instead. I know I am missing something ... any tips?
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: Gen IV disassembly E38 / E67

Post by kur4o »

turbo_bu wrote:This maybe a stupid question, but I am having some difficulty loading these into IDA Pro. When I load the binary it wants to disassemble it. I was hoping that having the idb file might help, but there doesn't seem to be a way to load it instead. I know I am missing something ... any tips?
Open idag, than work on your own. Close all pop up winodows and drag-drop the idb file. It should get loaded.
turbo_bu
Posts: 55
Joined: Tue Dec 03, 2019 3:58 am

Re: Gen IV disassembly E38 / E67

Post by turbo_bu »

Thank you for your help. That worked. I took a quick look through the code, and was wondering if there were any guides which describe the operations like there are for the Motorola code. Some of them I can figure out, some of them I have a guess, but was hoping there is a cheat sheet out there somewhere.

Also, I started to try and figure things out by locating some of the PID's ... but those pieces of code were not graphed out. Is that because they are not part of the main structure? Is there a way to get those to show up?
turbo_bu
Posts: 55
Joined: Tue Dec 03, 2019 3:58 am

Re: Gen IV disassembly E38 / E67

Post by turbo_bu »

Never mind on the operation code cheat sheet. Google was very helpful. I still would like some help trying to see the code for the different PIDS. Not sure if you can just have IDA decompile just a small portion of the OS, or if you have to do something different to be able to see it.
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: Gen IV disassembly E38 / E67

Post by kur4o »

Ida is good but not perfect for diss of indexed jumps to subroutines.

If it is in red it means the subroutine is not dissasembled fully. It doesn`t either have a end point [return] or some inconcise code in the middle. or it is indexed subroutine or have indexed jumps at different points, or ida can`t find start point of subroutine. Using U - undefine C -make code and P - make subroutine can give you some custom options for fixing dissasembly. Also D and O can help you with making offset of data or make word dword as offsets.

Do you find the pid lookup and subroutines. Does the code use something similar to ls1 code. I still haven`t look that deep in the code and it needs tons of manual work to make it full dissasembly.
Post Reply