adminAttached is a video showing all of the steps done by hand via the UI.
Process:
Download Ghidra v11.0.1
https://github.com/NationalSecurityAgency/ghidra/releases
Download JDK
https://corretto.aws/downloads/latest/amazon-corretto-17-x64-windows-jdk.msi
Watch video and repeat process manually via the UI.
1) Hard code in a java script via eclipse the values for registers A0,A1,A8,A9, assign them to the entire binary, then run the analysis as per the video (the order matters)
These are the static register values for the included binary.
a0,70012e80
a1,80090710
a8,60029180
a9,5000d200
2) Save the project
3) Include instructions to run the script and ghidra from command line (it is ok if the UI opens up during this process, as long as no human input is required).
4) Provide instructions for editing and debugging the Java script in eclipse.
5) Automate finding the values for A0,A1,A8,A9. This can be done by analysing the binary (using aggressive instruction finder) and locating the code below. The instructions/mnemonics below do not ever change for this processor, all that changes are the values loaded. In TC17xx they only use A0, A1, A8 as statics, however we will focus on the TC2xx only initially.
802896e2 0d00c004 isync
802896e6 91100007 movh.a a0,#0x7001
802896ea d900c0a2 lea a0,[a0]0x2e80
802896ee 91900018 movh.a a1,#0x8009
802896f2 d91150c0 lea a1,[a1]0x710
802896f6 91300086 movh.a a8,#0x6003
802896fa d9880069 lea a8,[a8]-0x6e80
802896fe 91100095 movh.a a9,#0x5001
80289702 d999008d lea a9,[a9]-0x2e00
80289706 cd4fe00f mtcr
8028970a 0d00c004 isync
Here you can see that A0 is loaded with 0x70012e80 via the following instructions
movh.a a0,#0x7001 #Move 0x7001 into upper half of word into A0
lea a0,[a0]0x2e80 #Add 0x2e80 to the lower half of a0
a0 now contains 0x70012e80
5) Import a CSV file in the format of
LABEL1, 0x12345678
LABEL2, 0x12345678
That assigns labels to the assembly. If the address does not exist in the binary, add or extend an existing section that includes that address.
6) If you get this far we will provide an XML format that includes not only a label and address, but datatype (U8, U32 etc), if its an array, a function etc. Correct the ghidra ASM annotation to correctly represent these arrays and data types.
7) Plenty more objectives that we can discuss depending on your success at this point.
We can provide assembly instructions and remote teamviewer assistance to get started if required. Your level of autonomy will dictate your hourly rate.
Keep a simply diary of days/hours worked and a single paragraph of what was worked on that week.
We can discuss a contract rate instead of hourly rate if you are already proficient at these kind of tasks and can provide an accurate estimate. Depending on your skillset our budget is quite large.
Hourly Range: $30.00-$100.00
Posted On: February 07, 2024 05:28 UTC
Category: Scripting & Automation
Skills:Java, Assembler, Assembly Language
Country: Australia
click to apply
Powered by WPeMatico
