foreword
I originally planned to finish writing the use and skills of IDA, but I found that there are actually many online, so I will discuss it later (mainly lazy + procrastination...)
The work needs to be reversed. From the beginning to the present, it has always been an elf format file, and it does not need to be unpacked, and it feels relatively simple.
Two days ago, a friend asked for help to see a .bin, and found that what I have now is only the tip of the iceberg. Record this work for future reference.
1. Some related knowledge points
asm, bin, hex, elf files
asm is the extension of the assembly language source program, and the .asm file is a file with asm as the extension, which is the source program file of the assembly language. Assembly Language is a machine-oriented programming language, a language that utilizes all the hardware features of a computer and can directly control the hardware. In assembly language, mnemonics (Memoni) are used instead of opcodes, and address symbols (Symbols) or labels (Label) are used instead of address codes. In this way, the binary code of machine language is replaced by symbols, which turns machine language into assembly language.
The bin file is a binary file, which is the abbreviation of the file format binary. The file with the suffix ".bin" is in the binary format. Generally speaking, its content is machine code, the result of assembly language compilation.
The full name of hex is baiIntel HEX, which is a file format that can be programmed into the microcontroller and executed by the microcontroller. Usually used to transfer programs and data to be stored in ROM or EPROM. It is an ASCII text file consisting of lines of text conforming to the Intel HEX file format. Most EPROM programmers or simulators use Intel HEX files, whose records consist of hexadecimal-encoded numbers corresponding to machine language code and/or constant data.
elf is the main executable file format for Linux. In addition to the machine code, the elf file also contains other additional information, such as segment load address, running address, relocation table, symbol table, etc.
I have studied the elf file format for a while, made a lot of notes, and will update it when I have time.
Some points of #bin, elf:
1. To execute raw bin, you only need to load the program to its starting address, and then execute it; to execute the elf program, an ELF Loader is required. There is no ELF Loader when uboot and Linux kernel are started, so the file burned on the flash can only be raw bin, that is, the image file image.
2. The elf file is compiled by gcc, and objcpy converts the elf file into a bin file.
I used two methods to disassemble the .bin file.
a)bin file converted to hex document, IDA Open hex document
b)Use a cross-compilation toolchain for bin disassembly of
arm-linux-objdump -D -b binary -m arm xxx.bin > xxx.asm
Two, two implementation methods
method one
First, use the bin to hex tool to convert the bin file into a hex file. Similar tools can be found online, Baidu.
After the conversion is completed, use IDA to open the hex file, here I use IDA Pro7.2
Here are the steps for IDA:
IDA opens the hex file and enters the following interface
Processor type select ARM Little-endian, then
Click on Processor options, then click on Edit ARM architecture options, select ARMv7-M, and then go all the way ok.
What appears at this point is the data representation
Use the shortcut key c to convert to assembly code, and press c at the address and other places (where the red line is drawn)
assembly code
Method Two
Use the arm-linux-objdump of the cross-compilation tool chain arm-linux for disassembly.
objdump is a command to disassemble object files or executable files under Linux, and arm-linux-objdump has the same parameters.
Common usage:
1.-b file format Specify the object code format
2.-d decompile executable segment
3.-D decompile all segments
4.-EB,-EL specifies the endianness
5.-f Display the overall header summary information of the file
6.-h Display header summary information for each segment in the object file
7.-I Display supported object file formats and CPU architectures
8.-j name Display the information of the specified section
9.-m host type Specifies the architecture to use when disassembling object files
Decompile elf or bin files to xx files:
arm-linux-objdump –D elf_file > dis_file arm-linux-objdump –D –b binary –m arm bin_file > dis_file parameter: -D decompile all code -m host type, arm -b file format, binary Such as: arm-linux-objdump -D -b binary -m arm xxx.bin > xxx.asm Bundle xxx.bin disassembled to xxx.asm document
Download and install arm-linux-gcc
Mine is arm-linux-gcc-4.6.4-x86_64.tar.bz2. The resource has been uploaded for review, and after review, a link will be added.
Talk about installation.
cp arm-linux-gcc-4.6.4-x86_64.tar.bz2 to /usr/local
decompress
tar -jxvf arm-linux-gcc-4.6.4-x86_64.tar.bz2
After decompression, you can see that there is an opt folder under /usr/local
The tools for the cross compiler can be seen under opt/TuxamitoSoftToolchains/arm-arm1176jzfssf-linux-gnueabi/gcc-4.6.4/bin.
neko@neko:/usr/local$ ls arm-linux-gcc-4.6.4-x86_64.tar.bz2 bin etc games include lib man opt sbin share src neko@neko:/usr/local$ ls opt/TuxamitoSoftToolchains/arm-arm1176jzfssf-linux-gnueabi/gcc-4.6.4/bin/ arm-arm1176jzfssf-linux-gnueabi-addr2line arm-linux-addr2line arm-none-linux-gnueabi-addr2line arm-arm1176jzfssf-linux-gnueabi-ar arm-linux-ar arm-none-linux-gnueabi-ar arm-arm1176jzfssf-linux-gnueabi-as arm-linux-as arm-none-linux-gnueabi-as arm-arm1176jzfssf-linux-gnueabi-c++ arm-linux-c++ arm-none-linux-gnueabi-c++ arm-arm1176jzfssf-linux-gnueabi-cc arm-linux-cc arm-none-linux-gnueabi-cc arm-arm1176jzfssf-linux-gnueabi-c++filt arm-linux-c++filt arm-none-linux-gnueabi-c++filt arm-arm1176jzfssf-linux-gnueabi-cpp arm-linux-cpp arm-none-linux-gnueabi-cpp arm-arm1176jzfssf-linux-gnueabi-ct-ng.config arm-linux-ct-ng.config arm-none-linux-gnueabi-ct-ng.config arm-arm1176jzfssf-linux-gnueabi-elfedit arm-linux-elfedit arm-none-linux-gnueabi-elfedit arm-arm1176jzfssf-linux-gnueabi-g++ arm-linux-g++ arm-none-linux-gnueabi-g++ arm-arm1176jzfssf-linux-gnueabi-gcc arm-linux-gcc arm-none-linux-gnueabi-gcc arm-arm1176jzfssf-linux-gnueabi-gcc-4.6.4 arm-linux-gcc-4.6.4 arm-none-linux-gnueabi-gcc-4.6.4 arm-arm1176jzfssf-linux-gnueabi-gcov arm-linux-gcov arm-none-linux-gnueabi-gcov arm-arm1176jzfssf-linux-gnueabi-gprof arm-linux-gprof arm-none-linux-gnueabi-gprof arm-arm1176jzfssf-linux-gnueabi-ld arm-linux-ld arm-none-linux-gnueabi-ld arm-arm1176jzfssf-linux-gnueabi-ld.bfd arm-linux-ld.bfd arm-none-linux-gnueabi-ld.bfd arm-arm1176jzfssf-linux-gnueabi-ldd arm-linux-ldd arm-none-linux-gnueabi-ldd arm-arm1176jzfssf-linux-gnueabi-nm arm-linux-nm arm-none-linux-gnueabi-nm arm-arm1176jzfssf-linux-gnueabi-objcopy arm-linux-objcopy arm-none-linux-gnueabi-objcopy arm-arm1176jzfssf-linux-gnueabi-objdump arm-linux-objdump arm-none-linux-gnueabi-objdump arm-arm1176jzfssf-linux-gnueabi-populate arm-linux-populate arm-none-linux-gnueabi-populate arm-arm1176jzfssf-linux-gnueabi-ranlib arm-linux-ranlib arm-none-linux-gnueabi-ranlib arm-arm1176jzfssf-linux-gnueabi-readelf arm-linux-readelf arm-none-linux-gnueabi-readelf arm-arm1176jzfssf-linux-gnueabi-size arm-linux-size arm-none-linux-gnueabi-size arm-arm1176jzfssf-linux-gnueabi-strings arm-linux-strings arm-none-linux-gnueabi-strings arm-arm1176jzfssf-linux-gnueabi-strip arm-linux-strip arm-none-linux-gnueabi-strip neko@neko:/usr/local$
The next step is to add environment variables
vi etc/profile
Open the profile file and add the bin path of the toolchain at the bottom
export PATH=$PATH:/usr/local/opt/TuxamitoSoftToolchains/arm-arm1176jzfssf-linux-gnueabi/gcc-4.6.4/bin
After saving and exiting source /etc/profile to make it take effect.
In addition to /etc/profile, I also added to the last line of ~/.bashrc
export PATH=/usr/local/opt/TuxamitoSoftToolchains/arm-arm1176jzfssf-linux-gnueabi/gcc-4.6.4/bin:${PATH}
After saving and exiting, still source ~/.bashrc
After configuring the environment variables, arm-linux-gcc -v view
neko@neko:/usr/local$ arm-linux-gcc -v Using built-in specs. COLLECT_GCC=arm-linux-gcc COLLECT_LTO_WRAPPER=/usr/local/opt/TuxamitoSoftToolchains/arm-arm1176jzfssf-linux-gnueabi/gcc-4.6.4/bin/../libexec/gcc/arm-arm1176jzfssf-linux-gnueabi/4.6.4/lto-wrapper Target: arm-arm1176jzfssf-linux-gnueabi Configured with: /work/builddir/src/gcc-4.6.4/configure --build=x86_64-build_unknown-linux-gnu --host=x86_64-build_unknown-linux-gnu --target=arm-arm1176jzfssf-linux-gnueabi --prefix=/opt/TuxamitoSoftToolchains/arm-arm1176jzfssf-linux-gnueabi/gcc-4.6.4 --with-sysroot=/opt/TuxamitoSoftToolchains/arm-arm1176jzfssf-linux-gnueabi/gcc-4.6.4/arm-arm1176jzfssf-linux-gnueabi/sysroot --enable-languages=c,c++ --with-arch=armv6zk --with-cpu=arm1176jzf-s --with-tune=arm1176jzf-s --with-fpu=vfp --with-float=softfp --with-pkgversion='crosstool-NG hg+unknown-20130521.154019 - tc0002' --disable-sjlj-exceptions --enable-__cxa_atexit --disable-libmudflap --disable-libgomp --disable-libssp --disable-libquadmath --disable-libquadmath-support --with-gmp=/work/builddir/arm-arm1176jzfssf-linux-gnueabi/buildtools --with-mpfr=/work/builddir/arm-arm1176jzfssf-linux-gnueabi/buildtools --with-mpc=/work/builddir/arm-arm1176jzfssf-linux-gnueabi/buildtools --with-ppl=/work/builddir/arm-arm1176jzfssf-linux-gnueabi/buildtools --with-cloog=/work/builddir/arm-arm1176jzfssf-linux-gnueabi/buildtools --with-libelf=/work/builddir/arm-arm1176jzfssf-linux-gnueabi/buildtools --with-host-libstdcxx='-static-libgcc -Wl,-Bstatic,-lstdc++,-Bdynamic -lm' --enable-threads=posix --enable-target-optspace --without-long-double-128 --disable-nls --disable-multilib --with-local-prefix=/opt/TuxamitoSoftToolchains/arm-arm1176jzfssf-linux-gnueabi/gcc-4.6.4/arm-arm1176jzfssf-linux-gnueabi/sysroot --enable-c99 --enable-long-long Thread model: posix gcc version 4.6.4 (crosstool-NG hg+unknown-20130521.154019 - tc0002)
The installation is complete.
Disassembly with arm-linux-objdump
neko@neko:~/test$ arm-linux-objdump -D -b binary -m arm test.BIN > test.asm neko@neko:~/test$ ls test.asm test.BIN neko@neko:~/test$ vi test.asm
Epilogue
This is also the first time for me to disassemble a .bin file. Comparing IDA and objdump, I feel that IDA has obvious advantages in making files in elf format, and it is more comfortable to use objdump for binary files (only personal opinion). It may be that the document given by a friend is incomplete, so the IDA output is not coherent. . .
I will not write assembly analysis, I am more verbose, and I can write a long story when I write a small thing. There will be time to summarize and record it later.
People are not sages, I am still a chicken, and I hope you can point out the mistakes and give more advice.
share ~