Page 17 of 28
Re: E92 PCM Reverse Engineering
Posted: Tue May 02, 2023 10:28 pm
by antus
Good work!
Re: E92 PCM Reverse Engineering
Posted: Tue May 02, 2023 10:35 pm
by antus
Tazzi wrote:bubba2533 wrote:I'm surprised you didn't write the entire kernel in C and compile it all at once. Was there any specific reason for that?
Another issue I'm seeing is that in the Ghidra disassembly a handful of times b (unconditional branch) instructions are viewed as the end of a function. This causes the decompiled view of the function to break the function decompiled view into multiple functions even though it should be one function. I'm going to download the latest version to see if that fixes anything.
Simple because I was unable to get it to understand that I was trying to run the entire code in RAM. I did ask questions on forums about it, but it doesnt appear it was designed to be like that, or at least I couldn't get it to be setup like that.
You could take the C kernel make system from pcmhammer, and swap over to the gnu ppc cross compiler
https://gnutoolchains.com/powerpc-eabi/ The linker configuration to run from ram and side step around the traditional startup functions would be the same. So with just a little reconfiguration you could move straight on to the C code.
Re: E92 PCM Reverse Engineering
Posted: Thu May 04, 2023 1:15 am
by bubba2533
Ok, I have the compiler and I don't see a cpu that matches.
Here is the list the compiler gives:
Code: Select all
Known CPUs (for use with the -mcpu= and -mtune= options):
401 403 405 405fp 440 440fp 464 464fp 476 476fp 505 601 602 603 603e 604
604e 620 630 740 7400 7450 750 801 821 823 8540 8548 860 970 G3 G4 G5 a2
cell e300c2 e300c3 e500mc e500mc64 e5500 e6500 ec603e native power3 power4
power5 power5+ power6 power6x power7 power8 powerpc powerpc64 rs64 titan
Edit: It looks like
this website gives a better description and perhaps just putting
-mcpu=powerpc is the way to go with this cpu.
Re: E92 PCM Reverse Engineering
Posted: Thu May 04, 2023 1:37 am
by Tazzi
Maybe just the generic PowerPC option?
Re: E92 PCM Reverse Engineering
Posted: Thu May 04, 2023 1:48 am
by bubba2533
It compiled a very stripped down version of the kernel with no errors. So that's looking quite promising.
Re: E92 PCM Reverse Engineering
Posted: Thu May 04, 2023 1:55 am
by Tazzi
bubba2533 wrote:It compiled a very stripped down version of the kernel with no errors. So that's looking quite promising.
How large did the kernel become out of curiosity?
Re: E92 PCM Reverse Engineering
Posted: Thu May 04, 2023 2:10 am
by bubba2533
I stripped it down to only a few functions just to minimize the scope of what I was doing so it's really small (268 bytes).
I just put it back into Ghidra and it looks really good so far.
Re: E92 PCM Reverse Engineering
Posted: Thu May 04, 2023 1:11 pm
by antus
Yeah you dont need the most advanced cpu feature support, more features may save size, but a more baseline instruction set will still run fine. I dont know how much ram you have in that device, maybe its plenty and kenel size doesnt matter, but note that as soon as you turn on the optimisations it becomes really critical that you flag registers as volatile becuause otherwise the optimiser will think data is read last time in a register is still current and optimise things out that it thinks are having no effect, but they are. I had a go at this with the pcmhammer kernel but it got too complicated for me. If your serious about a ppc kernel it'd be worth trying to get this right from the start and being able to compile wiht optimisations at -O2
Re: E92 PCM Reverse Engineering
Posted: Thu Jun 08, 2023 5:23 am
by Gatecrasher
Am I completely misunderstanding this code, or is the OEM reflash kernel just a gently massaged version of the NXP/ST C90FL standard software driver?
Re: E92 PCM Reverse Engineering
Posted: Thu Jun 08, 2023 10:56 am
by bubba2533
Do you have a log of the kernel?
I’ll have to look into that standard.