search

pine64 / bl602-re

Reverse engineering of BL602 blobs
Apache License 2.0
100 stars 26 forks source link

Need to link before objdump #6

Open Yangff opened 4 years ago

Yangff commented 4 years ago

Currently all functions in the object files from .a is compiled into seperated segments, thus all function calls between these functions even within the same object file are relocatable symbols. Objdump cannot provide the correct link to the target, neither Ghdira nor radare does so.

It also seems that riscv toolchain in 32bits cannot link shared library correctly since it's only supported in riscv64-linux.

We might ended up with compiling and link a minimal executable without stripping the symbols and unused function and analysis based on that executable.

sorear commented 4 years ago

Is this with or without the -d -r option to objdump?

Yangff commented 4 years ago

Is this with or without the -d -r option to objdump?

that's w/o. But even with -d -r it's still.. kind of hard to read since some addresses are from linker script.

So I use the sdk to compile some examples and use them.. now ghidra are happy with the symbols and all addresses look good to me. Otherwise, ghidra will ignore the relo table and tell you that it jalr to previous assembly line..

sorear commented 4 years ago

I can't tell if this is something you want to persue but riscv32-linux also supports shared libraries.

Yangff commented 4 years ago

I can't tell if this is something you want to persue but riscv32-linux also supports shared libraries.

Oh.. I thought there isn't riscv32-linux..

robertlipe commented 2 years ago

Officially, I don't think there is. There's consensus on what it would look like in terms of system call numbers, ring transitions, shared library mappings, etc. There may be a way to boot rv32 on something like QEMU. The reality is that the commercial-grade RV32 chips we've seen are just too wimpy to pull it off. Even the much beefier K210 with 8MB of memory and an MMU was rejected by the kernel group as just being not useful beyond a learning oddity for Linux and if you're going to emulate it, you might as well emulate RV64.

It's sometimes useful to use such a toolchain on another (lighter weight) OS as things like newlib are a little more fleshed out than the bare metal uinknown-elf variations, even if not running on Linux itself.

I won't say that RV32 chips with RV39, Machine Mode, and access to > 8MB don't exist, but at best, they're very rare. rv32-linux is mostly just developer shorthand notation.