TMS320 C6x support

[ARoiD]

OMAP4 community would love to use r2 on ducati bios images http://omappedia.org/wiki/Ducati_For_Dummies

I uploaded a variety of bios images from various OMAP4 devices below

CortexM3 bios images - http://goo.gl/4dndeg

I also linked some C6x assembly related content below

http://www.ti.com/lit/ug/spru189g/spru189g.pdf

http://cnx.org/contents/429524a4-6e7e-48f9-8899-18e5d5712116@1

http://www.cs.cmu.edu/afs/cs/academic/class/15745-s05/www/c6xref/tms320c6000.pdf

http://cnx.org/contents/7c6f27c8-b458-4976-ba26-dee0a14ceea4@1/C6x_Assembly_Programming

http://onlinelibrary.wiley.com/doi/10.1002/0471221120.appa/pdf

http://www.ti.com/lit/ug/spru198k/spru198k.pdf

http://www.ti.com/lit/ug/spru187v/spru187v.pdf

http://processors.wiki.ti.com/index.php/SYS/BIOS_Getting_Started_Guide

http://jason.sdsu.edu/c6x/ASSEMBLE.PDF

http://rtsc.eclipse.org/cdoc-tip/ti/targets/C64T.html

http://rtsc.eclipse.org/cdoc-tip/index.html#ti/

http://www.ti.com/lit/ug/spru186x/spru186x.pdf

http://www.cs.cmu.edu/afs/cs/academic/class/15745-s05/www/c6xref/tms320c6000.pdf

https://gcc.gnu.org/onlinedocs/gcc-4.7.3/gcc/C6X-Options.html

https://gcc.gnu.org/wiki/cauldron2013?action=AttachFile&do=get&target=port-gdb-tic6x-qi.pdf

Cauldron 2013 - Port GDB to the TI C6X Architectu…: http://youtu.be/nSL4jcQCeKg

https://github.com/potorange/binutils-tic6x-dis-16bits/commits/tic6x-dis-16bits

https://github.com/potorange/ais-disasm/commits/function-definition-and-boundary

https://github.com/Groundworkstech/pybfd/commits/master

https://github.com/WojciechMigda/gcc/commits/gcc-4.8.2-tic6x-elf-hybrid-pseudo-ops

https://github.com/WojciechMigda/c6xcoffdump/commits/develop

https://github.com/WojciechMigda/binutils/commits/bu-2.24-tic6x-coff

@milabs @XVilka

Thanks for this epic resource fellas r2 is really second to none ;)

[ARoiD]

@XVilka Should r2 currently not detect that the bios images are arm elf binaries automatically cause of the missing support?

CortexM3 bios images - http://goo.gl/4dndeg

[radare]

Is there any doc about those file formats? because i guess that's a header, but those are not ELF files.

$ hexdump -C ducati-m3_u2.bin  |head
00000000  52 50 52 43 02 00 00 00  f4 03 00 00 38 65 61 64  |RPRC........8ead|
00000010  39 65 61 61 39 66 62 32  38 36 62 32 36 32 37 37  |9eaa9fb286b26277|
00000020  37 31 39 63 64 33 65 39  30 63 36 65 20 20 2f 68  |719cd3e90c6e  /h|
00000030  6f 6d 65 31 2f 6a 75 6e  68 79 6f 75 6e 67 2e 63  |ome1/junhyoung.c|
00000040  68 6f 2f 64 75 63 61 74  69 5f 62 75 69 6c 64 2f  |ho/ducati_build/|
00000050  64 75 63 61 74 69 5f 55  32 4a 42 5f 32 30 31 33  |ducati_U2JB_2013|
00000060  30 31 33 30 5f 41 64 64  56 53 43 50 61 74 63 68  |0130_AddVSCPatch|
00000070  5f 46 6c 75 73 68 54 69  6d 65 4f 75 74 4c 6f 67  |_FlushTimeOutLog|
00000080  5f 45 55 5f 52 65 76 42  2f 73 79 73 62 69 6f 73  |_EU_RevB/sysbios|
00000090  2d 72 70 6d 73 67 2f 73  72 63 2f 74 69 2f 65 78  |-rpmsg/src/ti/ex|

[ARoiD]

@radare Hope these help

http://omappedia.org/wiki/RPMsg_BIOS_Sources

http://www.omappedia.com/wiki/RPMsg_Tesla

http://omappedia.org/wiki/Debugging_RPMsg#Readrprc_Utility

http://omappedia.org/wiki/RPMsg_BIOS_Sources#SYS.2FBIOS_RPMsg_Customizations

Utils: Initial commit for firmware generator

Add the firmware .bin generator utility. http://goo.gl/iVTfZF

Utils: Add a new genextelf utility for pre-signing images

A new utility, called "genextelf", is added that processes an IPU ELF image and gives out an extended pre-signed ELF image. The ELF image outputed would be fed into a signing tool to generate the final signed IPU image.

The utility adds new sections to the image with the various data needed for the signing process such as MMU entries, the TOC data etc. The genextelf utility is similar to the genextbin utility, which was used for signing the binary files. http://goo.gl/i3JFSW

Utils: Add the genextbin utility

A genextbin utility is added that processes the Ducati binary and gives out an extended binary with the MMU L1 PTE table and the firmware section TOC information needed by the signing tool. The two generated sections are placed at specific physical address locations and needs to be matched in the signing and authentication tools. http://goo.gl/tebtKd

Utils: Add a new gencmbelf utility to combine two ELF images

A new utility, called "gencmbelf", is added that combines two non-SMP IPU ELF images into a suitable semi-standard single ELF image to be used instead of a single SMP ELF image.

The utility requires that the input images are completely stripped of any debug or symbol data info, as the utility is currently not designed to combine these data. The generated output file is an ELF image and can be passed to the readelf utility to retrieve information just like any other ELF file.

This utility is designed for the current ELF images built with or for sysbios-rpmsg, and not a generic utility. http://goo.gl/7XLXAi

Utils: Add tool dependencies in the firmware header

Extract the directory names of the tools used to build the core images. The names are appended as part of the version in the header of the firmware binary. http://goo.gl/sDPuQc

Utils: Initial commit for ELF image parsing

Import the ELF Loader code from SysLink 2.0 to be able to parse the images to be able to use in the generation of a proprietary firmware binary image. http://goo.gl/63CkeP

[ARoiD]

@radare @XVilka @milabs Did those last links help?

[ARoiD]

@radare @XVilka @milabs some more info below ;)

http://omappedia.org/wiki/Design_Overview_-_RPMsg#Firmware_Image_Format

Cortex M0/M3 disassembler. « Codewaves Digital - http://goo.gl/0hE2XV

https://github.com/Codewaves/mdisasm

http://www.arm.com/files/pdf/Cortex-M3_programming_for_ARM7_developers.pdf

http://rtsc.eclipse.org/cdoc-tip/index.html#ti

http://www.arm.com/products/processors/cortex-m/cortex-m3.php?tab=Specifications

http://www.arm.com/products/processors/cortex-m/index.php/

http://users.ece.utexas.edu/~valvano/EE345M/CortexM3InstructionSet.pdf

http://en.m.wikipedia.org/wiki/List_of_ARM_Cortex-M_development_tools

http://infocenter.arm.com/help/topic/com.arm.doc.ddi0337e/DDI0337E_cortex_m3_r1p1_trm.pdf

http://engenuics.com/wp-content/uploads/notes_mpgl1_firmware_assembler.pdf

http://infocenter.arm.com/help/topic/com.arm.doc.dai0179-

http://infocenter.arm.com/help/topic/com.arm.doc.ddi0337-

http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0552a/index.html

https://gitorious.org/lsd/discovery

https://gitorious.org/lsd/disassembler

[XVilka]

Thanks! Looks like more than enough :)

[ARoiD]

@XVilka Happy to hear 😉

[XVilka]

https://twitter.com/fotisl/status/723908360987381760

[radare]

does it means r2’s tms320 disassembler code is going into the capstone thing?

if so, there’s a license conflict that must be aproved by the author

On 24 Apr 2016, at 08:35, Anton Kochkov notifications@github.com wrote:

https://twitter.com/fotisl/status/723908360987381760 https://twitter.com/fotisl/status/723908360987381760 — You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/1602#issuecomment-213903595

[XVilka]

@radare no, TMS320 is a big family, r2 has C55x and C55x+ models, this one suggesting writing C60x.

[radare]

Maybe it will be good to merge them all into capstone and delegate our maintainance

On 24 Apr 2016, at 12:55, Anton Kochkov notifications@github.com wrote:

@radare no, TMS320 is a big family, r2 has C55x and C55x+ models, this one suggesting writing C60x.

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub

[XVilka]

https://github.com/aquynh/capstone/pull/667 - as he promised

[radare]

is this dupe? https://github.com/radare/radare2/issues/4761 or this issue aims to track all other models? we can do this for 0.10.3 but we need:

• keep building with older capstone libs (is there a way to check if the lib supports that arch or not)
• only build this plugin if available code in capstone

[radare]

Change the milestone plz

On 03 May 2016, at 13:27, Anton Kochkov notifications@github.com wrote:

aquynh/capstone#667 - as he promised

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub

[radare]

Not going to happen until capstone merges this into next at least. but im not sure if this will be available in the release so it complicates a bit having this optional dependency

[radare]

anyone?

[radare]

ping @XVilka

[XVilka]

https://github.com/aquynh/capstone/tree/tms320c64x

[radare]

This is not next or master. So it must go into extras

On 26 Jan 2017, at 11:16, Anton Kochkov notifications@github.com wrote:

https://github.com/aquynh/capstone/tree/tms320c64x

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[Maijin]

It's planned to be merged though

[Maijin]

@aquynh @fotisl what is the status on this ? When is this going to be merged in next branch ?

[radare]

I wrote the plugin in extras by cloning the branch only. Will commit after some tests

On 4 Feb 2017, at 00:33, Maijin notifications@github.com wrotel:

@aquynh @fotisl what is the status on this ? When is this going to be merged in next branch ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[radare]

there’r a bunch of vulns in this code, we should report them the crashes, just build with asan and scroll in visual a bit. im too busy now to finish this and report it properly, anyone?

On 04 Feb 2017, at 01:41, Pancake Nopcode pancake@nopcode.org wrote:

I wrote the plugin in extras by cloning the branch only. Will commit after some tests

On 4 Feb 2017, at 00:33, Maijin <notifications@github.com mailto:notifications@github.com> wrotel:

@aquynh https://github.com/aquynh @fotisl https://github.com/fotisl what is the status on this ? When is this going to be merged in next branch ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/1602#issuecomment-277391856, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lgjiEwU3vXP8qNZHw2MmElvzYRz4ks5rY7k3gaJpZM4C1gOe.

[Maijin]

Architecture is done, I'm switching to file format-only issue

[ret2libc]

This issue has been moved from radareorg/radare2 to radareorg/ideas as we are trying to clean our backlog and this issue has probably been created a long while ago. This is an effort to help contributors understand what are the actionable items they can work on, prioritize issues better and help users find active/duplicated issues more easily. If this is not an enhancement/improvement/general idea but a bug, feel free to ask for re-transfer to main repo. Thanks for your understanding and contribution with this issue.