search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.2k stars 2.96k forks source link

Wrong disasm of m68k #17047

Closed alex-bender closed 4 years ago

alex-bender commented 4 years ago

Work environment

Questions Answers
OS/arch/bits (mandatory) Ubuntu x86 64
File format of the file you reverse (mandatory) ELF 32-bit MSB executable
Architecture/bits of the file (mandatory) Motorola m68k, 68020, version 1 (SYSV), statically linked, not stripped
r2 -v full output, not truncated (mandatory) radare2 4.5.0-git 25198 @ linux-x86-64 git.4.4.0-260-gfcedd4d21 commit: fcedd4d21e48f1752ecf1336bb70ed538bd41b79 build: 2020-06-11__11:35:5

Expected behavior

s main;pd10 should produce this listing: https://onlinedisassembler.com/odaweb/1HKGmq1z

Actual behavior

disasm breaks on the first branch.

Steps to reproduce the behavior

r2 7ad9b6fe3e6956f1575fa7ad6ee2b493
s main
pd10
[0x80006880]> pd10
            ;-- main:
            0x80006880      4e56ef48       link.w a6, 0xef48
            0x80006884      48e73c00       movem.l d2-d5, -(a7)
            0x80006888      206e000c       movea.l 0xc(a6), a0
            0x8000688c      2010           move.l (a0), d0
            0x8000688e      2f00           move.l d0, -(a7)
            0x80006890      61ff           invalid
            0x80006892      00000bea       ori.b 0xea, d0
            0x80006896      588f           addq.l 0x4, a7
            0x80006898      61ff           invalid
            0x8000689a      ffff           invalid

Pay attention to that invalid

7ad9b6fe3e6956f1575fa7ad6ee2b493.tar.gz

ret2libc commented 4 years ago

I think we use capstone disassembler for this architecture. Could you check whether capstone supports that instruction? I am not familiar with this architecture, so I am not sure which one we should select, but there are a bunch of them available in capstone.

By running cstool from capstone I can see:

        m68k        m68k + big endian
        m68k40      m68k_040
        tms320c64x  TMS320C64x
        m6800       M6800/2
        m6801       M6801/3
        m6805       M6805
        m6808       M68HC08
        m6809       M6809
        m6811       M68HC11

Could you try to reproduce the issue there and report it to https://github.com/aquynh/capstone if the issue is there as well?

From running this ./cstool/cstool m68k 61ff00000bea I see:

 0  61 ff  dc.w $61ff
 2  00 00 0b ea  ori.b  #$ea, d0

which indeed does not seem what you expect, but maybe it is just a matter of configuring capstone right.

trufae commented 4 years ago

Using the netbsd plugin works as expected. imho this is a bug in capstone, not r2

Screenshot 2020-06-11 at 15 39 04
alex-bender commented 4 years ago

@trufae should netbsd plugin be the default one then? @ret2libc I'm not familiar too. I can only create an issue there and redirect discussion there.

XVilka commented 4 years ago

See also https://github.com/radareorg/radare2/issues/3617

ret2libc commented 4 years ago

I think this can be closed actually. It was fixed in capstone and it will get fixed in r2 as well as soon as we update capstone. Thanks for reporting it!