Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse/Social Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 08-26-2011, 12:10 PM
nixscripter nixscripter is offline
Join Date: Aug 2011
Posts: 7

ARM 32-bit.

Speaking of which, small breakthrough: the file seems to be ARM dissassembly, big-endian, raw. I missed this before, because I was using a disassembler that was worthless.

If I disassemble the whole thing, I get some logical regions like:

      88:       e10f0000        mrs     r0, CPSR
      8c:       e38000c0        orr     r0, r0, #192    ; 0xc0
      90:       e129f000        msr     CPSR_fc, r0
      94:       e3a000d2        mov     r0, #210        ; 0xd2
      98:       e169f000        msr     SPSR_fc, r0
      9c:       e59f0388        ldr     r0, [pc, #904]  ; 42c
      a0:       e1a0d000        mov     sp, r0
      a4:       e28f0008        add     r0, pc, #8      ; 0x8
      a8:       e1a0e000        mov     lr, r0
      ac:       e1b0f00e        movs    pc, lr
      b0:       e1a00000        mov r0,r0 (nop)
      b4:       e3a000d1        mov     r0, #209        ; 0xd1
      b8:       e169f000        msr     SPSR_fc, r0
And some illogical places, like the very beginning:
       0:       ea00000a        b       30 
       4:       ea00000d        b       40 
       8:       ea00001b        b       7c 
       c:       ea00000e        b       4c 
      10:       ea000010        b       58 
      14:       ea000012        b       64 
      18:       ea0000db        b       38c 
      1c:       ea000013        b       70
Nothing jumps to those instructions, so unless it's someone's idea of debug info, it looks like garbage.

I think this might be progress.
Reply With Quote
Old 08-26-2011, 12:29 PM
Git Git is offline
Super Moderator
Join Date: Oct 2007
Location: Torino
Posts: 1,797

Doesn't look like very sensible code though, does it?. I'm not convinced. Is there any way you can look at the CPU and find out the part number?. That's often the best starting point.

Reply With Quote
Old 09-09-2011, 11:42 AM
nixscripter nixscripter is offline
Join Date: Aug 2011
Posts: 7

I posted on another forum, and they said, "it's the processor exception table, RTFM" -- so I am setting out to do that.

Mystery solved.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.