pcmhacking.net

I have been wanting to create something to help others get started with reverse engineering for awhile now.

So here is my first video on how to get Ghidra setup and ready to go. Please leave feedback as I know I'm not an expert and definitely made mistakes.

HOW TO: Reverse Engineering An LS1 Computer Part 1

Here is the video description text:

LS1 PCM Hacking with Ghidra

1. Software Setup

a. Download Ghidra https://github.com/NationalSecurityAgen ... .1.2_build
b. Download CPU32 Instructions (Requires PCMHacking.com Account) viewtopic.php?f=42&t=6626&start=10#p104736
c. Copy CPU32 Instructions to Ghidra

2. Start Ghidra Project

a. Open Ghidra (ghidraRun.bat)
b. Create New Project
c. Import Bin File
d. Create RAM Memory Blocks

3. Reference Docs/Websites

a. Bin File Repository https://github.com/BoredTruckOwner/LS_B ... Repository
b. MCU 68376 User Manual https://www.nxp.com/docs/en/user-guide/MC68336376UM.pdf
c. CPU32 Instruction Reference Manual https://www.nxp.com/docs/en/reference-m ... 000PRM.pdf
d. OBD-II PID Listing http://www.dashlogic.com/docs/technical/obdii_pids
e. Ghidra Cheat Sheet https://ghidra-sre.org/CheatSheet.html

I would like to create more videos like this on different parts of the reverse engineering process so if you have ideas or things you would like to see let me know.

Thank you!!! Away on vacation with nothing but an iPad and limited spare time but I can’t wait to read and review all of this!!

Great, thanks for this. Ill add it to the FAQ shortly. FYI you dont need an account to download here, downloads are open (i'll only change that if it becomes a problem). I dont want everyone to have to jump through the signup process if they are not going to contribute and just want a file.

I also think boardyruckowner repo is dead, but dont have a better suggestion at the moment.

Many thanks to you and NSFW for all the contributions and help. I was expecting to take a month to figure out my OS changes for the ac logic and I did it in less than a week from installing Ghidra and using it for the first time to testing the OS.

I'll add the label .txt file here as well. Using the 'dumpster dive' CSV for P59 OS 7603 (thanks to NSFW) I parsed it into an agreeable format so that the prewritten Ghidra script would run it.

The Ghidra script is 'ImportSymbolsScript.py'. Run it from the script manager and it'll prompt to open a file, use the attached file. This process will overlay the entire contents of the CSV into Ghidra and instantly make the code more human readable. This file only works for P59 OS 7603. I would suggest most people start there until we can locate more of these dumpster dive files for other OSs.

Antus has posted this link before for learning 68k assembly, it is VERY useful at breaking things down in manageable bits of info so that a regular person can learn it. I like the tests that it has.
https://mrjester.hapisan.com/04_MC68/

also this link is useful, especially for following what the program counter is doing for each command-
http://68k.hax.com/

this link for how Ghidra labels variables and functions and such.
https://github.com/NationalSecurityAgen ... Labels.htm

antus wrote:Great, thanks for this. Ill add it to the FAQ shortly. FYI you dont need an account to download here, downloads are open (i'll only change that if it becomes a problem). I dont want everyone to have to jump through the signup process if they are not going to contribute and just want a file.

I also think boardyruckowner repo is dead, but dont have a better suggestion at the moment.

Hi all;

Antus, by "dead" do you mean not accessible?
Or not updated in over a year!?

Both it, and Snowman's haven't been updated lately, but I CAN still access them both!

Mike

I love this!!!!!! Awesome guide!!!!!

Yes, both repos are out of date. Im stickying threads that are maintained here so they can be found, but nobody is tracking the latest and best XDFs at this stage that I am aware of.

One issue I've found using ghidra for this is the tblu and tbls instructions don't dissassemble properly, especially when register A2 is involved. instead of referencing A2 for the tbl, It points to address 0x00000002. I'm currently trying to figure out how to fix this.

Anyone else seeing this issue?


EDIT: This seems to be happening for all address registers for tbl instructions

I don’t really know what I am doing, but yea, same issue with the tbl stuff. I found an IDA disassembly and tried patching the ghidra side to be comparable. No idea if it that is correct or not. I’m focusing on trying to find and understand the shift routines but pressure and shift speed tables don’t even show references? I have a lot of learning to do.

To OP, thanks for the walk through and the labeling script!

gmtech825 wrote:One issue I've found using ghidra for this is the tblu and tbls instructions don't dissassemble properly, especially when register A2 is involved. instead of referencing A2 for the tbl, It points to address 0x00000002. I'm currently trying to figure out how to fix this.

Anyone else seeing this issue?


EDIT: This seems to be happening for all address registers for tbl instructions

have you loaded up NSFWs cpu32 instructions?
viewtopic.php?f=42&t=6626&start=10#p104736

seems to work for bigger tables, but I still wish I could get nibble or bit mapped tables to disassemble. I'd like to learn more about the send/receive class2 data messages for gauges and bcm coms and what not.