![]() ![]() Emulation Examples Bundled with Ghidraīuried in the Ghidra docs directory, you will find a directory named Emulation with an example of how to use Ghidra to emulate machine code. Ghidra’s emulation capabilities are not very well documented, but there are some helpful files in the Ghidra repository that were enough to get us get started. Fortunately for us, Ghidra had recently added support for this machine, so we decided to take Ghidra’s emulation capabilities for a spin. We did not find many tools for working with this instruction set. ![]() The particular processor we were working with was the Intel 80196, and there are not a lot of tools that exist for working with this old chip. If you’ve never looked at the internals of a soft float implementation, I can assure you that it’s not something you want to manually reverse, even if you had good decompilation support from Ghidra (which we didn’t)! Instead of reversing all the floating point functions through manual inspection, we decided to emulate each floating point function to quickly identify the mathematical operation it implemented (i.e., add, subtract, exp, log2, etc.). Unfortunately, the processor was so old that it didn’t have hardware floating point support, so the developers used a software floating point library instead. Our goal was to recover an equation involving floating point operations from the firmware. We recently finished a job that required reverse engineering a 30-year-old firmware image for an embedded system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |