search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.71k stars 3.01k forks source link

Support for NES iNES rom files #2929

Closed bitwave closed 9 years ago

bitwave commented 9 years ago

r2 -a 6502 -b 8 smb3.nes asm.arch: cannot find (6502) Cannot set bits 8 to 'x86' -- Can you stand on your head? [0x00000000]>

radare commented 9 years ago

Related: http://wiki.nesdev.com/w/index.php/INES

btw, i guess you are not using r2 from git, because 6502 is a valid asm.arch architecture. but its just not detected by rbin.

bitwave commented 9 years ago

I'm using the git-version.

radare2 0.10.0-git 8364 @ linux-little-x86-64 git.0.9.9-265-g3ef6f65 commit: 3ef6f65a132c491b428792d2f1a65648dcf7d503 build: 2015-07-08

MIPS, x86, etc. are loaded, but 6502 did not work.

/usr/lib/radare2/0.10.0-git/asm_6502.so /usr/lib/radare2/0.10.0-git/asm_arm_gnu.so /usr/lib/radare2/0.10.0-git/asm_arm_winedbg.so /usr/lib/radare2/0.10.0-git/asm_avr.so /usr/lib/radare2/0.10.0-git/asm_bf.so /usr/lib/radare2/0.10.0-git/asm_cr16.so /usr/lib/radare2/0.10.0-git/asm_cris_gnu.so /usr/lib/radare2/0.10.0-git/asm_csr.so /usr/lib/radare2/0.10.0-git/asm_dalvik.so /usr/lib/radare2/0.10.0-git/asm_ebc.so /usr/lib/radare2/0.10.0-git/asm_gb.so /usr/lib/radare2/0.10.0-git/asm_h8300.so /usr/lib/radare2/0.10.0-git/asm_i4004.so /usr/lib/radare2/0.10.0-git/asm_java.so /usr/lib/radare2/0.10.0-git/asm_lh5801.so /usr/lib/radare2/0.10.0-git/asm_malbolge.so /usr/lib/radare2/0.10.0-git/asm_mips_gnu.so /usr/lib/radare2/0.10.0-git/asm_msil.so /usr/lib/radare2/0.10.0-git/asm_msp430.so /usr/lib/radare2/0.10.0-git/asm_ppc_cs.so /usr/lib/radare2/0.10.0-git/asm_ppc_gnu.so /usr/lib/radare2/0.10.0-git/asm_propeller.so /usr/lib/radare2/0.10.0-git/asm_sh.so /usr/lib/radare2/0.10.0-git/asm_snes.so /usr/lib/radare2/0.10.0-git/asm_sparc_cs.so /usr/lib/radare2/0.10.0-git/asm_sparc_gnu.so /usr/lib/radare2/0.10.0-git/asm_spc700.so /usr/lib/radare2/0.10.0-git/asm_tms320.so /usr/lib/radare2/0.10.0-git/asm_v850.so /usr/lib/radare2/0.10.0-git/asm_ws.so /usr/lib/radare2/0.10.0-git/asm_x86_as.so /usr/lib/radare2/0.10.0-git/asm_x86_cs.so /usr/lib/radare2/0.10.0-git/asm_x86_nasm.so /usr/lib/radare2/0.10.0-git/asm_x86_nz.so /usr/lib/radare2/0.10.0-git/asm_x86_olly.so /usr/lib/radare2/0.10.0-git/asm_x86_udis.so /usr/lib/radare2/0.10.0-git/asm_z80_cr.so

radare commented 9 years ago

it works fine for me, r2 -a 6502 lalal.nes

the problem is that there’s no anal.6502 plugin yet. there’s an issue for that. so instructions are all in black and white and there are no lines.. what is “not working” for you?

you can list the archs supported with rasm2 -L or in the r2 shell with ‘e asm.arch=?’

where’s the NES rom entrypoint? just to be sure the 6502 disasm works as expected (ETOOLAZY)

On 14 Jul 2015, at 18:49, bitwave notifications@github.com wrote:

I'm using the git-version.

radare2 0.10.0-git 8364 @ linux-little-x86-64 git.0.9.9-265-g3ef6f65 commit: 3ef6f65 https://github.com/radare/radare2/commit/3ef6f65a132c491b428792d2f1a65648dcf7d503 build: 2015-07-08

MIPS, x86, etc. are loaded, but 6502 did not work.

/usr/lib/radare2/0.10.0-git/asm_6502.so /usr/lib/radare2/0.10.0-git/asm_arm_gnu.so /usr/lib/radare2/0.10.0-git/asm_arm_winedbg.so /usr/lib/radare2/0.10.0-git/asm_avr.so /usr/lib/radare2/0.10.0-git/asm_bf.so /usr/lib/radare2/0.10.0-git/asm_cr16.so /usr/lib/radare2/0.10.0-git/asm_cris_gnu.so /usr/lib/radare2/0.10.0-git/asm_csr.so /usr/lib/radare2/0.10.0-git/asm_dalvik.so /usr/lib/radare2/0.10.0-git/asm_ebc.so /usr/lib/radare2/0.10.0-git/asm_gb.so /usr/lib/radare2/0.10.0-git/asm_h8300.so /usr/lib/radare2/0.10.0-git/asm_i4004.so /usr/lib/radare2/0.10.0-git/asm_java.so /usr/lib/radare2/0.10.0-git/asm_lh5801.so /usr/lib/radare2/0.10.0-git/asm_malbolge.so /usr/lib/radare2/0.10.0-git/asm_mips_gnu.so /usr/lib/radare2/0.10.0-git/asm_msil.so /usr/lib/radare2/0.10.0-git/asm_msp430.so /usr/lib/radare2/0.10.0-git/asm_ppc_cs.so /usr/lib/radare2/0.10.0-git/asm_ppc_gnu.so /usr/lib/radare2/0.10.0-git/asm_propeller.so /usr/lib/radare2/0.10.0-git/asm_sh.so /usr/lib/radare2/0.10.0-git/asm_snes.so /usr/lib/radare2/0.10.0-git/asm_sparc_cs.so /usr/lib/radare2/0.10.0-git/asm_sparc_gnu.so /usr/lib/radare2/0.10.0-git/asm_spc700.so /usr/lib/radare2/0.10.0-git/asm_tms320.so /usr/lib/radare2/0.10.0-git/asm_v850.so /usr/lib/radare2/0.10.0-git/asm_ws.so /usr/lib/radare2/0.10.0-git/asm_x86_as.so /usr/lib/radare2/0.10.0-git/asm_x86_cs.so /usr/lib/radare2/0.10.0-git/asm_x86_nasm.so /usr/lib/radare2/0.10.0-git/asm_x86_nz.so /usr/lib/radare2/0.10.0-git/asm_x86_olly.so /usr/lib/radare2/0.10.0-git/asm_x86_udis.so /usr/lib/radare2/0.10.0-git/asm_z80_cr.so

— Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/2929#issuecomment-121305831.

bitwave commented 9 years ago

there is no 6502 architecture.

dA 8 8051 PD 8051 Intel CPU dA 16 32 arc GPL3 Argonaut RISC Core adAe 16 32 64 arm BSD Capstone ARM disassembler dA 16 32 64 arm.gnu GPL3 Acorn RISC Machine CPU _d 16 32 arm.winedbg LGPL2 WineDBG's ARM disassembler dA 16 32 avr GPL AVR Atmel adAe 16 32 bf LGPL3 Brainfuck dA 16 cr16 LGPL3 cr16 disassembly plugin _dAe 32 cris GPL3 Axis Communications 32-bit embedded processor dA 16 csr PD Cambridge Silicon Radio (CSR) adA_ 32 64 dalvik LGPL3 AndroidVM Dalvik ad 16 dcpu16 PD Mojang's DCPU-16 dA 32 64 ebc LGPL3 EFI Bytecode _dAe 16 gb LGPL3 GameBoy(TM) (z80-like) _dAe 16 h8300 LGPL3 H8/300 disassembly plugin _d 32 hppa GPL3 HP PA-RISC _d i4004 LGPL3 Intel 4004 microprocessor dA 8 i8080 BSD Intel 8080 CPU adA_ 32 java Apache Java bytecode _d 8 lh5801 LGPL3 SHARP LH5801 disassembler dA 16 32 m68k BSD Motorola 68000 dA 32 malbolge LGPL3 Malbolge Ternary VM adAe 16 32 64 mips BSD Capstone MIPS disassembler adAe 32 64 mips.gnu GPL3 MIPS CPU _d 16 32 64 msil PD .NET Microsoft Intermediate Language dA 16 msp430 LGPL3 msp430 disassembly plugin _dAe 32 nios2 GPL3 NIOS II Embedded Processor dA 32 64 ppc BSD Capstone PowerPC disassembler dA 32 64 ppc.gnu GPL3 PowerPC ad rar LGPL3 RAR VM dA 32 sh GPL3 SuperH-4 CPU _dAe 32 64 sparc BSD Capstone SPARC disassembler dA 32 64 sparc.gnu GPL3 Scalable Processor Architecture _d 16 spc700 LGPL3 spc700, snes' sound-chip _d 32 sysz BSD SystemZ CPU disassembler dA 32 tms320 LGPLv3 TMS320 DSP family dA 32 v850 LGPL3 v850 disassembly plugin dA 32 ws LGPL3 Whitespace esotheric VM dAe 16 32 64 x86 BSD Capstone X86 disassembler a 32 64 x86.nz LGPL3 x86 handmade assembler ad__ 32 x86.olly GPL2 OllyDBG X86 disassembler a_ 32 x86.tab LGPL3 x86 table lookup assembler _dAe 16 32 64 x86.udis BSD udis86 x86-16,32,64 dAe 32 xcore BSD Capstone XCore disassembler adA 8 z80 NC-GPL2 Zilog Z80 _d 8 z80.cr LGPL Zilog Z80

radare commented 9 years ago

your installation is broken, 6502 is compiled as a shared plugin, i have changed that in my last commit, so it will be available withot the pluginsdir

On 14 Jul 2015, at 19:28, bitwave notifications@github.com wrote:

there is no 6502 architecture.

dA 8 8051 PD 8051 Intel CPU dA 16 32 arc GPL3 Argonaut RISC Core adAe 16 32 64 arm BSD Capstone ARM disassembler dA 16 32 64 arm.gnu GPL3 Acorn RISC Machine CPU d_ 16 32 arm.winedbg LGPL2 WineDBG's ARM disassembler dA 16 32 avr GPL AVR Atmel adAe 16 32 bf LGPL3 Brainfuck dA 16 cr16 LGPL3 cr16 disassembly plugin dAe 32 cris GPL3 Axis Communications 32-bit embedded processor dA 16 csr PD Cambridge Silicon Radio (CSR) adA 32 64 dalvik LGPL3 AndroidVM Dalvik ad 16 dcpu16 PD Mojang's DCPU-16 dA 32 64 ebc LGPL3 EFI Bytecode dAe 16 gb LGPL3 GameBoy(TM) (z80-like) dAe 16 h8300 LGPL3 H8/300 disassembly plugin d 32 hppa GPL3 HP PA-RISC d i4004 LGPL3 Intel 4004 microprocessor dA 8 i8080 BSD Intel 8080 CPU adA 32 java Apache Java bytecode d 8 lh5801 LGPL3 SHARP LH5801 disassembler dA 16 32 m68k BSD Motorola 68000 dA 32 malbolge LGPL3 Malbolge Ternary VM adAe 16 32 64 mips BSD Capstone MIPS disassembler adAe 32 64 mips.gnu GPL3 MIPS CPU d_ 16 32 64 msil PD .NET Microsoft Intermediate Language dA 16 msp430 LGPL3 msp430 disassembly plugin dAe 32 nios2 GPL3 NIOS II Embedded Processor _dA 32 64 ppc BSD Capstone PowerPC disassembler dA 32 64 ppc.gnu GPL3 PowerPC ad rar LGPL3 RAR VM dA 32 sh GPL3 SuperH-4 CPU dAe 32 64 sparc BSD Capstone SPARC disassembler dA 32 64 sparc.gnu GPL3 Scalable Processor Architecture d 16 spc700 LGPL3 spc700, snes' sound-chip d_ 32 sysz BSD SystemZ CPU disassembler dA 32 tms320 LGPLv3 TMS320 DSP family dA 32 v850 LGPL3 v850 disassembly plugin dA 32 ws LGPL3 Whitespace esotheric VM dAe 16 32 64 x86 BSD Capstone X86 disassembler a 32 64 x86.nz LGPL3 x86 handmade assembler ad 32 x86.olly GPL2 OllyDBG X86 disassembler a___ 32 x86.tab LGPL3 x86 table lookup assembler dAe 16 32 64 x86.udis BSD udis86 x86-16,32,64 dAe 32 xcore BSD Capstone XCore disassembler adA 8 z80 NC-GPL2 Zilog Z80 d 8 z80.cr LGPL Zilog Z80

— Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/2929#issuecomment-121316280.

bitwave commented 9 years ago

i reinstalled it, but it doesn't work eiter... :( commit: 11c495a0b5bfce1afec74440c27a908c67f10dba

btw i'm using Arch Linux and install radare2-git from the AUR (https://aur.archlinux.org/packages/radare2-git)

radare commented 9 years ago

Then its a bug in the aur pkg. it works fine with the code in git

On 14 Jul 2015, at 19:41, bitwave notifications@github.com wrote:

i reinstalled it, but it doesn't work eiter... :( commit: 11c495a

btw i'm using Arch Linux and install radare2-git from the AUR (https://aur.archlinux.org/packages/radare2-git)

— Reply to this email directly or view it on GitHub.

bitwave commented 9 years ago

I notified the package author.

bitwave commented 9 years ago

after some reinstalls (3!) it is working now:

rasm2 -L | grep 6502 _d__ 8 16 6502 LGPL3 6502/NES/C64/T-1000 CPU

radare commented 9 years ago

The rbin plugin for nes roms is not yet done

Maijin commented 9 years ago

More doc:

I've played a bit https://github.com/Maijin/NES

radare commented 9 years ago

no need to set free = free in r_list_new, if its a different destructor just use r_list_newf.

you can remove all the NULLs in the plugin struct initializer

what’s missing to get this merged?

On 19 Sep 2015, at 16:51, Maijin notifications@github.com wrote:

worked a bit on something https://github.com/Maijin/NES/blob/master/bin_nes.c https://github.com/Maijin/NES/blob/master/bin_nes.c — Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/2929#issuecomment-141676422.

Maijin commented 9 years ago

@radare so basically the entrypoint could be enhanced, after mapped on virtual address, a value is read at the offset of RESET_VECTOR_START_ADDRESS 0xFFFC. And this should constitute the main entrypoint. But I didn't figure how to read an address after doing the mapping.

Also, in the ida loader, the guy create 3 entrypoints fom values read at:

radare commented 9 years ago

entrypoints in r2 is an RLIst of RBinAddr. so this can be handled in r2 too. you can also handle that main resolution with the get_symbols thing. but if its working, i would prefer to (fix the stuff i commented in the previous msg) and merge it in master. This can be useful for 6502 disasm and emulation.Those enhacements are easy to do and can be quickly done, but they are not

Also, maybe we can handle those NMI/RESET/IRQ things as symbols instead of entrypoints, so they can receive a name, because right now, r2 entrypoints cant be named. whcih can be useful maybe… or maybe we can just export entrypoints as a reference to a hand-made symbol. and use all the RBinSymbol machinery to specify if the symbol is global, local… or entrypoint.

On 19 Sep 2015, at 20:21, Maijin notifications@github.com wrote:

@radare https://github.com/radare so basically the entrypoint could be enhanced, normally after mapped on virtual address, a value is read at the offset of RESET_VECTOR_START_ADDRESS 0xFFFC. And this should constitute the main entrypoint. But I didn't figure how to read an address after doing the mapping.

Also, in the ida loader, the guy create 3 entrypoint:

define NMI_VECTOR_START_ADDRESS 0xFFFA

define RESET_VECTOR_START_ADDRESS 0xFFFC

define IRQ_VECTOR_START_ADDRESS 0xFFFE

— Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/2929#issuecomment-141695230.

Maijin commented 9 years ago

Ok so let's merge and decide what to do, because this is currently working for most of situation. It's actually a default entrypoint in case of no value is found at any of those 3

And I have already found some ROM without them.

Maijin commented 9 years ago

https://github.com/radare/radare2/pull/3323

Maijin commented 9 years ago

@radare also ability to name entrypoint could be useful for TLS_Callback in PE

Masrepus commented 5 years ago

Today I tried to disassemble the NES ROM of this year's FlareOn in radare, but unfortunately it didn't work quite as intended: The ROM uses mapper 0, which should put the code at 0x8000 and mirror it at 0xC000 (https://wiki.nesdev.com/w/index.php/NROM). Radare initialized it only at 0x8000, leading to broken jumps that were targeting addresses in the 0xC000 mirror. Interestingly enough, the area before 0xC000 was filled with 0xFF bytes, while the area where the code should have been mirrored to, contained zero-bytes. So it seems like radare does indeed know that this space should contain something, but just doesn't manage to do so correctly

Maijin commented 5 years ago

Thanks for the feedback but can you open a new issue instead? Last message from this thread is dating from 2015.