radareorg / r2ghidra

Native Ghidra Decompiler for r2
https://www.radare.org/
GNU Lesser General Public License v3.0
351 stars 44 forks source link

8051 sleigh #54

Closed kimstik closed 2 years ago

kimstik commented 2 years ago

It will be cool to have working 8051 sleigh in r2ghidra

trufae commented 2 years ago

it's already there

kimstik commented 2 years ago

https://github.com/radareorg/r2ghidra/releases/download/5.5.0/r2ghidra_sleigh-5.5.0.zip Are you talking about this one?

trufae commented 2 years ago

if you install r2ghidra you'll get support for all the sleigh files you install. So yeah, all the files listed in this zip

kimstik commented 2 years ago

Got "Ghidra Decompiler Error: No sleigh specification for 8051:LE:8:default"

With "-e asm.bits=16 -e cfg.bigendian=true" is bit better... "Ghidra Decompiler Error: No sleigh specification for 8051:BE:8:default"

Doy you know how to configure it correctly? May you add 8051 specs to r2ghidra_sleigh-x.x.x.zip ?

for https://github.com/diodep/ch55x_jtag/releases/download/v1.2/usb_jtag.bin you may try following: radare2 -a 8051 -e asm.bits=16 -e cfg.bigendian=true -c "aaa;s 0x127d;af;pddg" usb_jtag.bin

trufae commented 2 years ago

Oh! Maybe i missed it! Let me check

trufae commented 2 years ago

I added some more archs to be built by default. i was trying to reduce the compilation time by only shipping the most common ones. i have uploaded another zip in the same release page for you to try. next release will come with that new zip

if you find any other missing/interesting arch to be supported by default let me know

im closing the ticket

kimstik commented 2 years ago

"radare2 -a 8051 -c "aaa;s 0x127d;af;pddg" usb_jtag.bin" still shows same error "Ghidra Decompiler Error...

trufae commented 2 years ago

It's true that the archmap is not working out of the box. But im gonna fix this now. meanwhile you can use it this way:

r2 -a 8051 -b 8 foo
e r2ghidra.lang =8051:BE:16:default

it's finny that ghidra considers 8051 a 16bit cpu when its a 8bit one.. anyway, with this line pdg works as expected

trufae commented 2 years ago

Fixed the archmap in https://github.com/radareorg/r2ghidra/commit/b2f4e048d8789259bfb131f04f5458612c89f870

kimstik commented 2 years ago

strange that trick "e r2ghidra.lang =8051:BE:16:default" does not work for me.. got "Ghidra Decompiler Error: No sleigh specification for 8051:BE:16:default" may you try usb_jtag.bin ?

trufae commented 2 years ago

yep that works fine:

 r2 -a 8051 usb_jtag.bin
[0x00000000]> pd 10
        ,=< 0x00000000      020049         ljmp  0x0049
        |   0x00000003      32             reti
        |   0x00000004      00             nop
        |   0x00000005      00             nop
        |   0x00000006      00             nop
        |   0x00000007      00             nop
        |   0x00000008      00             nop
        |   0x00000009      00             nop
        |   0x0000000a      00             nop
        |   0x0000000b      32             reti
[0x00000000]> af
Warning: set your favourite calling convention in `e anal.cc=?`
[0x00000000]> pdg

// WARNING: Removing unreachable block (CODE,0x0085)
// WARNING: Removing unreachable block (CODE,0x008b)
// WARNING: Removing unreachable block (CODE,0x005d)
// WARNING: Removing unreachable block (CODE,0x0067)
// WARNING: Removing unreachable block (CODE,0x006f)
// WARNING: Removing unreachable block (CODE,0x0071)
// WARNING: Removing unreachable block (CODE,0x0073)
// WARNING: Removing unreachable block (CODE,0x0075)
// WARNING: Removing unreachable block (CODE,0x0096)
// WARNING: Removing unreachable block (CODE,0x009c)
// WARNING: Removing unreachable block (CODE,0x00a0)
// WARNING: [r2ghidra] Matching calling convention reg of function fcn.00000000 failed, args may be inaccurate.

void fcn.00000000(char param_1, uint8_t param_2, char param_3, uint8_t param_4)

{
    uchar uVar1;
    uchar *puVar2;
    uint8_t uVar3;
    uint8_t uVar4;
    uint8_t uVar5;

    write_volatile_1(0x81, 0x5a);
    func_0x15da();
    if (param_1 == '\0') {
        puVar2 = (uchar *)0xff;
        do {
            *puVar2 = 0;
            puVar2 = puVar2 + -1;
        } while (puVar2 != NULL);
        *(uchar *)0x29 = 0;
        *(uint8_t *)0x40 = 0;
        *(uint8_t *)0x41 = 0;
        *(char *)0x42 = '\0';
        *(char *)0x43 = '\0';
        *(uchar *)0x44 = 0;
        *(uchar *)0x45 = 0;
        *(uchar *)0x46 = 0;
        *(char *)0x47 = '\0';
        *(char *)0x48 = '\0';
        *(uchar *)0x49 = 2;
        *(char *)0x4a = '\0';
        *(uchar *)0x4b = 2;
        *(uint8_t *)0x4c = 0;
        *(char *)0x4d = '\0';
        *(uint8_t *)0x4e = 4;
        *(uint8_t *)0x4f = 4;
        *(char *)0x50 = '\0';
        *(uchar *)0x51 = 0;
        *(uchar *)0x52 = 0;
        *(uint8_t *)0x53 = 0;
        *(uchar *)0x54 = 0;
        *(uchar *)0x55 = 0;
        *(uchar *)0x56 = 0;
        *(uchar *)0x57 = 0;
        *(uchar *)0x58 = 0;
        *(char *)0x59 = '\0';
        *(uint8_t *)0x5a = 0;
    }
    uVar1 = *(uchar *)0x6;
    *(char *)0x3b = '\0';
    *(uint8_t *)0x3c = 0;
    *(char *)0x3d = '\0';
    *(uint8_t *)0x3e = 0;
    *(char *)0x3f = '\0';
    func_0x0b77(0);
    func_0x1255();
    func_0x127d(5);
    func_0x0be4();
    func_0x0c04();
    func_0x0ada();
    *(uint8_t *)0xb4 = 1;
    func_0x0c3e();
    func_0x0112();
    func_0x015f();
    func_0x014b();
    write_volatile_1(0xdd, 0);
    write_volatile_1(0xd3, 0);
    write_volatile_1(0xd5, 0);
    *(uchar *)0x80 = 1;
    *(uchar *)0x81 = 0x60;
    *(uchar *)0x380 = 1;
    *(uchar *)0x381 = 0x60;
    *(uint8_t *)0x49 = 2;
    *(uchar *)0x4b = 2;
    write_volatile_1(0xa2, 0);
    *(uchar *)0xb5 = 0;
    do {
        do {
        } while (*(char *)0x25 == '\0');
        *(uchar *)0x6 = uVar1;
        if (((*(char *)0x42 == '\x01') && ((*(uint8_t *)0x49 < 0x40) << 7 < '\0')) && (*(char *)0x48 == '\0')) {
            *(uint8_t *)0xb4 = *(uint8_t *)0xb4 ^ 1;
            if (-1 < (0xc < *(uint8_t *)0x53) << 7) {
    // WARNING: Could not recover jumptable at 0x0cd6. Too many branches
    // WARNING: Treating indirect jump as call
                (*(code *)((uint16_t)(*(uint8_t *)0x53 * '\x03') + 0xcd7))();
                return;
            }
            *(uint8_t *)0x53 = 0;
            if (-1 < (*(uint8_t *)0x41 < *(uint8_t *)0x40) << 7) {
                *(char *)0x42 = '\0';
                uVar4 = read_volatile_1(0xd4);
                write_volatile_1(0xd4, uVar4 & 0xf3);
            }
        }
        if (*(char *)0x48 == '\0') {
            if (*(uint8_t *)0x49 == 0x40) {
                *(char *)0x48 = '\x01';
                write_volatile_1(0xd3, 0x40);
                uVar4 = read_volatile_1(0xd2);
                write_volatile_1(0xd2, uVar4 & 0xfc);
                *(uint8_t *)0x49 = 2;
            }
            else {
                *(uint8_t *)0x2 = *(uint8_t *)0x4e;
                param_3 = '\0';
                if ((-1 < ((uint8_t)(*(char *)0x4d -
                                    (*(char *)0x3d - (((*(uint8_t *)0x4c < *(uint8_t *)0x3c) << 7) >> 7))) <
                          (uint8_t)-(((*(uint8_t *)0x4c - *(uint8_t *)0x3c < param_2) << 7) >> 7)) << 7) ||
                   (*(char *)0x3b == '\x01')) {
                    *(uint8_t *)0x3c = *(uint8_t *)0x4c;
                    *(char *)0x3d = *(char *)0x4d;
                    *(char *)0x48 = '\x01';
                    write_volatile_1(0xd3, *(uint8_t *)0x49);
                    uVar4 = read_volatile_1(0xd2);
                    write_volatile_1(0xd2, uVar4 & 0xfc);
                    *(uint8_t *)0x49 = 2;
                    *(char *)0x3b = '\0';
                }
            }
        }
        if (*(char *)0x4a == '\0') {
            uVar4 = *(char *)0x59 - *(uint8_t *)0x5a;
            if ((char)uVar4 < '\0') {
                uVar4 = uVar4 + 0x80;
            }
            if (((uVar4 ^ 0x80) < 0xbe) << 7 < '\0') {
                uVar5 = *(uint8_t *)0x4c - *(uint8_t *)0x3e;
                param_4 = *(char *)0x4d - (*(char *)0x3f - (((*(uint8_t *)0x4c < *(uint8_t *)0x3e) << 7) >> 7));
                *(uint8_t *)0x2 = *(uint8_t *)0x4f;
                param_3 = '\0';
                if (-1 < (param_4 < (uint8_t)-(((uVar5 < param_2) << 7) >> 7)) << 7) {
                    *(uint8_t *)0x3e = *(uint8_t *)0x4c;
                    *(char *)0x3f = *(char *)0x4d;
                    if ((0xbe < (uVar4 ^ 0x80)) << 7 < '\0') {
                        uVar4 = 0x3e;
                    }
                    for (param_4 = 0; (param_4 < uVar5) << 7 < '\0'; param_4 = param_4 + 1) {
                        uVar3 = uVar5 + 2;
                        uVar5 = uVar5 + 0x82;
                        param_3 = ((char)uVar3 >> 7) + ('\x03' - (((0x7f < uVar3) << 7) >> 7));
                        *(uint8_t *)0x2 = *(uint8_t *)0x5a;
                        *(uint8_t *)0x5a = param_2 + 1;
                        param_2 = *(uint8_t *)CONCAT11(1, param_2);
                        *(uint8_t *)CONCAT11(param_3, uVar5) = param_2;
                        *(uint8_t *)0x5a = *(uint8_t *)0x5a & 0x7f;
                    }
                    *(char *)0x4a = '\x01';
                    write_volatile_1(0xd7, uVar4 + 2);
                    *(uchar *)0x4b = 2;
                    uVar5 = read_volatile_1(0xd6);
                    write_volatile_1(0xd6, uVar5 & 0xfc);
                    *(uint8_t *)0x4 = uVar4;
                }
            }
            else {
                uVar4 = 0;
                do {
                    *(uint8_t *)0x3 = uVar4;
                    uVar4 = param_3 + 2;
                    param_3 = param_3 + -0x7e;
                    param_2 = ((char)uVar4 >> 7) + ('\x03' - (((0x7f < uVar4) << 7) >> 7));
                    *(uint8_t *)0x7 = *(uint8_t *)0x5a;
                    *(uint8_t *)0x5a = param_4 + 1;
                    param_4 = *(uint8_t *)CONCAT11(1, param_4);
                    *(uint8_t *)CONCAT11(param_2, param_3) = param_4;
                    *(uint8_t *)0x5a = *(uint8_t *)0x5a & 0x7f;
                    uVar4 = *(uint8_t *)0x3 + 1;
                } while ((*(uint8_t *)0x3 + 1 < 0x3e) << 7 < '\0');
                *(char *)0x4a = '\x01';
                write_volatile_1(0xd7, 0x40);
                uVar4 = read_volatile_1(0xd6);
                write_volatile_1(0xd6, uVar4 & 0xfc);
                *(uchar *)0x4b = 2;
            }
        }
        if (*(char *)0x47 != '\0') {
            if (*(char *)0x43 == '\0') {
                *(char *)0x43 = '\x02';
                *(uchar *)0x99 = 1;
            }
            uVar4 = read_volatile_1(0xde);
            if ((uVar4 & 1) != 0) {
                uVar4 = read_volatile_1(0xde);
                write_volatile_1(0xde, uVar4 & 0xf3);
            }
            *(char *)0x47 = '\0';
        }
        if (*(char *)0x43 == '\x01') {
            *(uchar *)0x99 = 1;
            *(char *)0x43 = '\0';
            uVar4 = read_volatile_1(0xde);
            write_volatile_1(0xde, uVar4 & 0xf3);
        }
        if (*(char *)0x50 != '\0') {
            *(char *)0x50 = '\0';
            func_0x012b();
        }
    } while( true );
}
[0x00000000]>
kimstik commented 2 years ago

definitively trick "e r2ghidra.lang =8051:BE:16:default" not work. May you update release with fixed archmap?

trufae commented 2 years ago

No need to release if you are building it from git

kimstik commented 2 years ago

no luck with 5.5.2 "r2 -a 8051 -e r2ghidra.sleighhome="C:\r2ghidra_sleigh-5.5.2" -c "s 0x112;af;pdg" usb_jtag.bin" silently hang without showing result "pdda" works fine

trufae commented 2 years ago

Is the plugin also updated? Not just the sleigh

kimstik commented 2 years ago

Sure. It was well updated to 5.5.2. With 5.5.0 it not hang, but: "Ghidra Decompiler Error: No sleigh specification for 8051:BE:16:default"

crash-logs, verbose modes.. How may I see reason of hang? perhaps win64 r2 with asan binaries existing?

trufae commented 2 years ago

pdda is from r2dec, not r2ghidra. please try again r2pm -ci r2ghidra-sleigh as i have updated this package now

kimstik commented 2 years ago

image

kimstik commented 2 years ago

are you able to reproduce it?

trufae commented 2 years ago

nope :/ did you tried building the plugin by yourself or you are using last builds from the release page? Because that may be the reason of that :?

kimstik commented 2 years ago

stack overflow® with code c00000fd happen immediately after I updated folder \lib\plugins with last build from release page. Before it was "Ghidra Decompiler Error: No sleigh specification for 8051:BE:16:default"

kimstik commented 2 years ago

Stack overflow happen in core_ghidra.dll: ParseCodeXML.

is it related to ? https://issueexplorer.com/issue/radareorg/radare2/19372

trufae commented 2 years ago

Please open a new ticket for this issue and provide crash log or instructions to reproduce. This ticket is closed and i think the crash is unrelated