search

XboxDev / ghidra-xbe

Xbox Executable Format (XBE) Loader Extension for Ghidra SRE framework
86 stars 18 forks source link

Support importing SEGABOOT #28

Closed GXTX closed 4 months ago

GXTX commented 3 years ago

Currently not able to import SEGABOOT - a xbe which is loaded into DIMM memory on Chihiros media-board and presented as a file(?) in a fatx partition to the kernel.

CXBX-R might have some info on it although I could be wrong - which I am often.

// Sega Chihiro XOR keys
const uint32_t XOR_EP_CHIHIRO                            = 0x40B5C16E;
const uint32_t XOR_KT_CHIHIRO                            = 0x2290059D;

Here's what it shows on import.

Cannot invoke "ghidra.program.model.listing.Data.getUnsignedInt(int)" because "data" is null
java.lang.NullPointerException: Cannot invoke "ghidra.program.model.listing.Data.getUnsignedInt(int)" because "data" is null
    at skeleton.XbeLoader.processImports(XbeLoader.java:571)
    at skeleton.XbeLoader.load(XbeLoader.java:520)
    at ghidra.app.util.opinion.AbstractLibrarySupportLoader.doLoad(AbstractLibrarySupportLoader.java:347)
    at ghidra.app.util.opinion.AbstractLibrarySupportLoader.loadProgram(AbstractLibrarySupportLoader.java:83)
    at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:112)
    at ghidra.plugin.importer.ImporterUtilities.importSingleFile(ImporterUtilities.java:400)
    at ghidra.plugin.importer.ImporterDialog.lambda$okCallback$7(ImporterDialog.java:349)
    at ghidra.util.task.TaskLauncher$1.run(TaskLauncher.java:88)
    at ghidra.util.task.Task.monitoredRun(Task.java:124)
    at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:104)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.base/java.lang.Thread.run(Unknown Source)

---------------------------------------------------
Build Date: 2020-Dec-29 1701 EST
Ghidra Version: 9.2.2
Java Home: C:\Temp\java-15-openjdk-jre-15.0.2.7-1.windows.ojdkbuild.x86_64
JVM Version: ojdkbuild 15.0.2
OS: Windows 10 10.0 amd64
Workstation: host.docker.internal
GXTX commented 3 years ago

I was able to import the backup version of the firmware by changing both thunk & entry. Attempting to import the 2nd one which starts after 1MB on the ROM I get the error above.

GXTX commented 4 months ago

Some more information on this, the 2MB flash image is actually a 'filesystem'.

segaboot.xbe      : 0
Textures.xpr      : A0000
FontProp.xpr      : B1000
FontFixed.xpr     : C2000
firmware.asic     : E4000
firmware.bin      : FC000
firmware2.bin     : FE000
unk.              : FFE00 (perhaps settings? contains SN)
segaboot.xbe      : 100000
dsstdfx.bin       : 1BC000
xbox_ac.wav       : 1C3000
tone.wav          : 1E3800
unk_firmware.asic : 1E4000
unk_firmware2.bin : 1FE000

Either way, in current versions we still run into the error

Cannot invoke "ghidra.program.model.listing.Data.getUnsignedInt(int)" because "data" is null
java.lang.NullPointerException: Cannot invoke "ghidra.program.model.listing.Data.getUnsignedInt(int)" because "data" is null
    at xbeloader.XbeLoader.processImports(XbeLoader.java:620)