annotate leo-obj/README @ 214:6b40617d00e6

analysis of ultra-malicious new C123 boot code from Ajay Fuloria
author Mychaela Falconia <falcon@freecalypso.org>
date Tue, 26 Jul 2016 23:32:17 +0000
parents 006d6de4ec6b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
130
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
1 TI's TCS211 aka Leonardo firmware is a mixture of C sources and linkable object
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
2 modules (packaged into archive libraries) in the COFF format used by TI's TMS470
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
3 compiler toolchain. One of the goals of the FreeCalypso project is to transform
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
4 this firmware into full C source by analyzing the COFF object blobs with a tool
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
5 that groks the symbolic information present therein, then replacing each blob
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
6 either with a matching source piece from another TI firmware leak (e.g., the one
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
7 in ftp.ifctf.org:/pub/GSM/LoCosto) or with newly written C code that exports
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
8 the same functions and global variables etc, with logic inside matching the
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
9 disassembly of the original.
87b82398a08b leo-obj project subtree started, tiobjd tool moved into it
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
10
140
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
11 The present directory tree holds the just-described project - running 'make'
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
12 here will first build the tiobjd tool, then run this tool on a bunch of TI's
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
13 objects, applying some hand-added disassembly hints in many cases.
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
14
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
15 It is noteworthy that there are two kinds of COFF object blobs present in the
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
16 TCS211 semi-src, with respect to the amount of symbolic information present
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
17 therein. The objects contained in the binary libraries under
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
18 g23m/__out__/gsm_<blah>/lib have just the minimal amount of symbolic info
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
19 needed in order for these objects to be relocatable and linkable, whereas the
21fda9752bd9 OSL flash objects: created disasm hints for os_com through os_mis
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 130
diff changeset
20 objects in the GPF libraries under gpf/LIB exhibit much richer "-g"-style
165
006d6de4ec6b leo-obj: starting to look at OSX
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 140
diff changeset
21 symbolic information. Our tiobjd tool makes use of whatever symbolic info is
006d6de4ec6b leo-obj: starting to look at OSX
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 140
diff changeset
22 present.