LRGH
commented
5 years ago Interesting.
I will also see if I can add this .o format to elfesteem!
Closed trou closed 5 years ago
LRGH
commented
5 years ago Interesting.
I will also see if I can add this .o format to elfesteem!
LRGH
commented
5 years ago I guess that the idea of looking at TriMedia comes from https://blog.quarkslab.com/reverse-engineering-a-philips-trimedia-cpu-based-ip-camera-part-1.html It seems that some Russian guys looked at it two years ago https://exelab.ru/f/index.php?action=vthread&forum=17&topic=24431 with some description of the .o format.
LRGH
commented
5 years ago I can learn the TriMedia architecture from the object file linux-obj/fs/built-in.o extracted from https://github.com/crackinglandia/trimedia/blob/master/tm-linux/tmlinux-kernel-obj-latest.tar.bz2, using its .textsection which is from address 0x400 to 0x400+0x73acf.
It recognises the TriMedia architecture in most .ofiles in linux-obj, but it does not recognise TriMedia in ftp://ftp.dlinkla.com/pub/DCS-5300/FIRMWARE_DCS-5300_v1.05.bin
[edit] The entropy analysis made by Nahuel suggests that, in that firmware, the executable code is compressed or encrypted. This explains probably why cpu_rec.py does not find TriMedia code in this file.
Some binaries are here: https://github.com/crackinglandia/trimedia/tree/master/tm-linux
but I don't know how to parse the
.oout of the box