Bad decompression - Githubissues

donnm / mtk_fw_tools

Mediatek firmware unpacking/repacking tools

GNU General Public License v3.0

38 stars 15 forks source link

Bad decompression #1

Closed Mi81 closed 6 years ago

Mi81 commented 6 years ago

Only first 8 bytes :( ALICE.zip This is original CAKE & ALICE_2 from MTK firmware project. Encode: ALICE.exe -chip MT6261 -iBin A.bin -oBin AA.bin -oDict dd -cBase 0x101B6A6C -dBase 0x100A0000 -cBlock 64 -statistics stat.txt -debugLevel 3

donnm commented 6 years ago

Thanks. The issue is that there are many dictionary sizes depending on the code on the device. So the range registers are different, and I have not yet figured out how to dynamically calculate the prefixes and lengths arrays in the unpack function based on these range registers.

Fixed for your specific ALICE.

pfalcon commented 6 years ago

For me, @Mi81's example still doesn't decompress right:

$ radiff2 A.bin alice-translated-py.bin
0x0000000c 1b => 21 0x0000000c
0x00000018 86 => 92 0x00000018
0x0000002a 8e => a3 0x0000002a
0x00000036 aa => c5 0x00000036
0x0000003e 3a => 59 0x0000003e
0x00000074 fff7ceff => 00f009f8 0x00000074
0x000000a2 e8fc => 39fd 0x000000a2
0x000000ca 76 => db 0x000000ca
0x000000f0 b7fc => 2ffd 0x000000f0
0x0000010c a1fc => 27fd 0x0000010c
...

donnm commented 6 years ago

Yes, this is because my decoder does not yet translate BL/BLX targets back to their original addresses. ALICE.exe does this translation for some reason or another (see translate_bl_blx() in alice.py). I'm working on it. The result is still disassemble-able except for the matching BL/BLX targets :)

Check the diff given by

gvimdiff <(xxd A.bin) <(xxd alice-translated-py.bin)

Easier to read than radiff2 IMO.

donnm commented 6 years ago

Fixed BL/BLX targets now. Decompress should give the same bytes as original ALICE.bin (save some extraneous bytes at EOF).

Miracle-doctor commented 5 years ago

How to disasm translated alice.py?

donnm commented 5 years ago

You can try to disable the function call translate_bl_blx() on line 160 in alice.py.

On Thu, Apr 25, 2019 at 11:20:58PM -0700, Miracle wrote:

How to disassebl translated alice.py?

-- You are receiving this because you modified the open/close state. Reply to this email directly or view it on GitHub: https://github.com/donnm/mtk_fw_tools/issues/1#issuecomment-486940287

-- Donn Morrison Signal/Wire: +4745548895 PGP fingerprint: BE4B F452 EC81 9C5F 05FC CD90 3814 BFC6 18D3 1287

Miracle-doctor commented 5 years ago

I want to disassembler to translated ALICE file(CAKE)? where to start cut real ARM codes? alice.py does not stopping?