Skip to content

Latest commit

 

History

History
44 lines (36 loc) · 2.32 KB

README.md

File metadata and controls

44 lines (36 loc) · 2.32 KB

Use these scripts to work around problems with the avr processor module in IDA (6.95 or 7.0)

Script Description
avr_data_vector_names.py rename some registers to identify them as the data vector halves (XL, XH, YL, YH, ZL, ZH) -- works only on binary images, not on elfs
fix_IDA_xmega128a4u.py 'delete' the mapped area registers, the XMEGA doesn't have this but IDA assumes it does -- works only on binary images, not on elfs
avr_loader_loop_copy.py define functions to emulate the loader loops to get the data segment in the idb populated and the bss segment zeroed -- works only on binary images, not on elfs
avr_dumb_seq_load_xrefs.py treat all pairs of loads of immeadiates into sequential registers as data references, improves manual analysis because IDA doesn't make complex offsets on register loads
avr2idacfg.py convert ATFD (basically XML) processor definitions from Atmel into IDA Pro in an avr.cfg
avr_stack_vars.py convert references made to offsets of the Y data vector into local stack variables

Here is an example session creating ransom.idb;

  1. install the python deps: sark and idascript
  2. copy the ATXMega128A4u.cfg in ../resources/ to ~/.idapro/cfg/avr.cfg
  3. copy the ATxmega128A4U.atdf from an Atmel Studio release into ../resources.
  4. start by opening the .hex file with AVR processor and auto-analysis disabled.
  5. select the ATXMega128A4u processor
  6. put this into the python console
Python>runscript('.../rhme3/atxmega128a4u/scripts/avr_data_vector_names.py')
Python>runscript('.../rhme3/atxmega128a4u/scripts/fix_IDA_xmega128a4u.py')
Python>runscript('.../rhme3/atxmega128a4u/scripts/avr_loader_loop_copy.py')
Python>avr_loader_emu(0x2324, 0x2000, 0x2174)
Python>avr_bss_emu(0x2174,0x223D)
  1. run auto-analysis (i.e. go click the circle-cross button)
  2. put this into the python console
Python>runscript('.../rhme3/atxmega128a4u/scripts/avr_dumb_seq_load_xrefs.py')
Python>all_avr_dumb_seq_load_xrefs()
Python>runscript('.../rhme3/atxmega128a4u/scripts/avr_codatafy.py')
Python>dref_all_fixer()
  1. (optional) create stack variables in a function containing the idc.here() with
Python>runscript('.../rhme3/atxmega128a4u/scripts/avr_stack_vars.py')
Python>all_y_stack_vars_here()