arm: blx <imm> (thumb2 encoding) registers as invalid on cortex, other badness

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset

https://www.radare.org/

GNU Lesser General Public License v3.0

20.33k stars 2.97k forks source link

arm: blx <imm> (thumb2 encoding) registers as invalid on cortex, other badness #7133

Closed ewtoombs closed 7 years ago

ewtoombs commented 7 years ago

The instruction blx 0xfffff584 is rendered as fff7c0ea when using thumb2 encoding. Attempting to disassemble this instruction while asm.cpu=cortex results in an error, though, even though all cortexes support thumb2 instructions (https://en.wikipedia.org/wiki/List_of_ARM_microarchitectures#ARM_cores). There's also some other dirty statefulness going on deep within the arcane r2 machine. The instruction remains invalid even after asm.cpu is set back to v8.

To reproduce:

% r2 -a arm -b 16 uboot
 -- Mess with the best, Die like the rest
[0x00000000]> e asm.cpu
v8
[0x00000000]> pad fff7c0ea@e:asm.cpu=v8
blx 0xfffff584
[0x00000000]> pad fff7c0ea@e:asm.cpu=cortex
invalid
[0x00000000]> pad fff7c0ea@e:asm.cpu=v8
invalid
[0x00000000]> pad fff7c0ea@e:asm.cpu=v8
invalid
[0x00000000]>

radare commented 7 years ago

report this to capstone, this is not an issue in r2

On 25 Mar 2017, at 12:06, ewtoombs notifications@github.com wrote:

The instruction blx 0xfffff584 is rendered as fff7c0ea when using thumb2 encoding. Attempting to disassemble this instruction while asm.cpu=cortex results in an error, though, even though all cortexes support thumb2 instructions (https://en.wikipedia.org/wiki/List_of_ARM_microarchitectures#ARM_cores https://en.wikipedia.org/wiki/List_of_ARM_microarchitectures#ARM_cores). There's also some other dirty statefulness going on deep within the arcane r2 machine. The instruction remains invalid even after asm.cpu is set back to v8.

To reproduce:

% r2 -a arm -b 16 uboot -- Mess with the best, Die like the rest [0x00000000]> e asm.cpu v8 [0x00000000]> pad fff7c0ea@e:asm.cpu=v8 blx 0xfffff584 [0x00000000]> pad fff7c0ea@e:asm.cpu=cortex invalid [0x00000000]> pad fff7c0ea@e:asm.cpu=v8 invalid [0x00000000]> pad fff7c0ea@e:asm.cpu=v8 invalid [0x00000000]> — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/7133, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-ltHoQ0LCbJCwY9re2zDxFmXTu4wKks5rpPUogaJpZM4MpCtu.

radare commented 7 years ago

See comment in capstone repo

radare commented 7 years ago

im adding tests for this but to be clear:

capstone disassembles this thumb2 instruction as non-cortex , in cortex mode its reporting this error, so unless you are wrong with that statement (didnt checked cortex docs), capstone have the problem.
v8 is not a cpu, it's just a feature of the cpu this means that you have to set asm.features instead of asm.cpu, but as long as it was listed in asm.cpu field of the plugin this was a bit confusing, so im just disabling the cortex mode when you set the v8 in asm.cpu, and you'll be fine with this back and forth setting.
it will be great if you could reply in the capstone issue

radare commented 7 years ago

im closing this issue as long as i have written tests and fixed the asm.cpu swap issue you are seeing. Following the discussion in capstone-land as long as its unrelated to r2