Results 1 to 4 of 4
Discuss How to disassemble with IDA? (was Disassembley) at the General - Hackint0sh.org; I was wonder if anyone could give me some help my attempts to disassemble files ...
  1. #1
    Professional Array

    Join Date
    Jul 2007
    Posts
    50
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default How to disassemble mach-o-arm with IDA? (was Disassembly)

    I was wonder if anyone could give me some help my attempts to disassemble files in the iPhone. I have IDA and I have the modified macho.ldw. So I am guessing the next steps are to go into File > New then Mac then Mac OS X Mach-O executable. I changed the macho.ldw to the one I got from rapid-share. Anyone have any further info because it would be greatly appreciated by me.

    Thanks,
    Joe
    Last edited by sam; 07-27-2007 at 09:52 AM.



  2. #2
    Professional Array

    Join Date
    Jul 2007
    Location
    UK
    Posts
    51
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default

    Hi,

    It's quite difficult to do, as IDA is very bad with ARM. On the average complied firmware with just
    one code and two data section is pretty annoying to fix all wrong T flag switches
    let alone do it in macho format with so much mixed data and code sections.
    Just drag to IDA, after changing the the CPU to ARM, from options:

    - Create stack variables (untick)
    - Trace stack pointer(untick)
    - Create function tails(untick)
    - No automatic ARM-THUMB switch(tick)

    When all loaded, dissable auto analysis and the indicator, and open the segments
    window, select the first code section, and manually go to each function, Ctrl-U, check
    the first instruction to see if Thumb or ARM, Alt-G the T flag and press P.
    Do this for all functions/code segments.

    Hope this helps.

  3. #3
    sam
    sam is offline
    Chief of Administration
    iPhone Dev Team
    Array sam's Avatar

    Join Date
    Jun 2007
    Posts
    1,852
    Post Thanks / Like
    Downloads
    35
    Uploads
    277
    Rep Power
    10

    Default

    The IDA support for ARM has quite increased and mach-o is now supported with Ilfak's new plugin.
    For general gettign stated with reversing check openrce or similar sites.
    If you liek to use IDA, please but it as this great piece of software deservs support.

  4. #4
    Rookie Array

    Join Date
    Jul 2007
    Posts
    14
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    in addition to what juniorjack said, the big problem with arm (and many modern processors) is that the disassembly itself does not present the context in which many of the routines are running. this is why many serious disassemblies have a 2nd machine running jtag into the processor to provide things like the stack info and such.

    this sort of thing is easily done on a standard pc because of the various modern debuggers. embedded processors are more difficult and take more time to work. still as soon as someone gets a working jtag connection it will be a far simpler task to find the NCK routines and reverse them.

 

 

Similar Threads

  1. disassemble and reassemble iphone apps
    By truehybridx in forum iPhone Developer Exchange
    Replies: 1
    Last Post: 07-24-2010, 08:32 AM
  2. Disassemble UIKit
    By toohtik in forum iPhone Developer Exchange
    Replies: 0
    Last Post: 02-23-2009, 03:14 PM
  3. Replies: 2
    Last Post: 03-17-2008, 04:07 PM
  4. Disassemble SpringBaord, help needed!
    By n000b in forum General
    Replies: 6
    Last Post: 09-15-2007, 09:40 PM
  5. proper way to disassemble iphone
    By malefactor in forum General
    Replies: 11
    Last Post: 08-28-2007, 04:52 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 02:15 AM.
twitter, follow us!