Skip to content

Project-Muteki/MutekiGhidra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
data
data
 
 
ghidra_scripts
ghidra_scripts
 
 
lib
lib
 
 
os
os
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Module.manifest
Module.manifest
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
extension.properties
extension.properties
 
 

Repository files navigation

MutekiGhidra

Deeper Ghidra integration.

Features

  • Kernel image (xAxxx.ROM) and dump loader with architecture detection.
  • Script to automatically find kernel syscall handler and label all syscall functions (SyscallLabeler.java).

Install

Build with gradle and install the built ZIP file with File -> Install Extensions.

Recommended usage

Kernel reversing

  • Load the kernel image file as a Besta RTOS Kernel. Do NOT run analysis when prompted.
  • Splice the loaded image into read-only and read-write sections
    • There isn't a good way of doing this automatically yet. Best one can do is taking a memory dump and comparing it with a clean image file to see what blocks have changed. Although scanning for contiguous FFs from the end of a clean image file can sometimes achieve good result.
  • Extract the syscall shims (sdklib.dll and krnllib.dll) from the firmware system data partition, and use them with SyscallLabeler.java to label the syscalls.
  • Import the currently known syscall signatures from muteki-shims and type the syscalls with Apply Function Data Types.
  • Run analysis.
    • Either use the script FindSharedReturnFunctionsScript.java to fix shared returns, or enable the Shared Return Calls analysis pass during the analysis with Allow Conditional Jumps and Assume Contiguous Functions options enabled.

About

Deeper Ghidra integration

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages