Re: [coreboot] radare - coreboot

8 Nov 2016

      This is what I had done and worked on :
bianchi@ubuntu:~/Documents/Coreboot Column$ r2 i946gz_Edited.bin
[f000:fff0]> s f000:0
[f000:0000]> pD 0xffff
Do you want to print 4401484 chars? (y/N)
    ;      [0] va=0x000f0000 pa=0x00070000 sz=65536 vsz=65536 rwx=-rwx 
bootblk
             ;-- section.bootblk:
         ,=< f000:0000    ead41100f0   jmp word 0xf000:0x11d4
         |   f000:0005    0000         add [bx+si], al
         |   f000:0007    0000         add [bx+si], al
         |   f000:0009    0000         add [bx+si], al
         |   f000:000b    0000         add [bx+si], al
         |   f000:000d    0000         add [bx+si], al
         |   f000:000f    00e8         add al, ch
         |   f000:0011    0c01         or al, 0x1
        ,==< f000:0013    745e         jz 0xf0073
and so on until the bottom 4401481 chars...
On 9/11/2016 2:32 AM, Zoran Stojsavljevic wrote:
...
Hello to all radare2 experienced people,
From my VM Fedora 25 x86_64 on the top of VMWorkstation 12.5.1, on 
WIN10 64 Pro!
Here is my take on radare2... And I am not getting through. Transcript 
follows:
[zoran@localhost bios]$ radare2 -e asm.bits=16 -e io.va 
http://io.va=true BIOS_AMI_BIOS.bin
 -- attempt to dissasemble Core IVB AMI BIOS
[0000:0000]> S $s-0x10000 0xF000:0x0000 0x10000 0x10000 bootblk rwx
[0000:0000]> e asm.segoff=true
[0000:0000]> e asm.syntax = intel
[0000:0000]> s 0xf000:0xfff0
[f000:fff0]> pd 16
            f000:fff0      ff             invalid
            f000:fff1      ff             invalid
            f000:fff2      ff             invalid
            f000:fff3      ff             invalid
            f000:fff4      ff             invalid
            f000:fff5      ff             invalid
            f000:fff6      ff             invalid
            f000:fff7      ff             invalid
            f000:fff8      ff             invalid
            f000:fff9      ff             invalid
            f000:fffa      ff             invalid
            f000:fffb      ff             invalid
            f000:fffc      ff             invalid
            f000:fffd      ff             invalid
            f000:fffe      ff             invalid
            f000:ffff      ff00           inc word [bx + si]
[f000:fff0]>
Help needed/comments appreciated. What am I doing wrong?
Thank you,
Zoran
On Mon, Nov 7, 2016 at 2:08 AM, Riko Ho <antonius.riko@gmail.com 
mailto:antonius.riko@gmail.com> wrote:
Hi Zoran,
I reckon that's the right radare, find *.bin or *.rom or *.hex and run

[zoran@localhost ~]$ radare2 *.bin
and s command and pD command....for example :

[f000:fff0]> s f000:0
[f000:0000]> pD 0xffff

more info :
https://radare.gitbooks.io/radare2book/content/disassembling/intro.html
<https://radare.gitbooks.io/radare2book/content/disassembling/intro.html>

On 7/11/2016 5:41 AM, Zoran Stojsavljevic wrote:

...
Hello Riko,
I recently also became very interested to start using radare2
(Raphael Machado's dissasembly attempts got involved me, to set
the tool). Since I am very lazy person, the first was to ask my
Fedora 25 distro does the distro have package radare2?
Yes, it does have it, so I have installed it. And for you, here
is the transcript of my CLI for you.
CLI traces (radare --help) are worth 1000nd words, don't you
agree? ;-)
Best Regards,
Zoran
_______
[zoran@localhost ~]$ uname -r
4.8.6-300.fc25.x86_64
[zoran@localhost ~]$ which radare2
/usr/bin/radare2
*/_[zoran@localhost ~]$ radare2 --help_/*
radare2: invalid option -- '-'
r_config_get: variable 'lp' not found
 --           open radare2 on an empty file
 -            equivalent of 'r2 malloc://512'
 =            read file from stdin (use -i and -c to run cmds)
 -=           perform !=! command to run all commands remotely
 -0           print \x00 after init and every command
 -a [arch]    set asm.arch
 -A           run 'aaa' command to analyze all referenced code
 -b [bits]    set asm.bits
 -B [baddr]   set base address for PIE binaries
 -c 'cmd..'   execute radare command
 -C           file is host:port (alias for -c+=http://%s/cmd/)
 -d           debug the executable 'file' or running process 'pid'
 -D [backend] enable debug mode (e cfg.debug=true)
 -e k=v       evaluate config var
 -f           block size = file size
 -F [binplug] force to use that rbin plugin
 -h, -hh      show help message, -hh for long
 -i [file]    run script file
 -I [file]    run script file before the file is opened
 -k [k=v]     perform sdb query into core->sdb
 -l [lib]     load plugin file
 -L           list supported IO plugins
 -m [addr]    map file at given address (loadaddr)
 -M           do not demangle symbol names
 -n, -nn      do not load RBin info (-nn only load bin structures)
 -N           do not load user settings and scripts
 -o [OS/kern] set asm.os (linux, macos, w32, netbsd, ...)
 -q           quiet mode (no prompt) and quit after -i
 -p [prj]     use project, list if no arg, load if no file
 -P [file]    apply rapatch file and quit
 -R [rarun2]  specify rarun2 profile to load (same as -e
dbg.profile=X)
 -s [addr]    initial seek
 -S           start r2 in sandbox mode
 -t           load rabin2 info in thread
 -u           set bin.filter=false to get raw sym/sec/cls names
 -v, -V       show radare2 version (-V show lib versions)
 -w           open file in write mode
 -z, -zz      do not load strings or load them even in raw
Scripts:
 system   /usr/share/radare2/radare2rc
 user     ~/.radare2rc ${RHOMEDIR}/radare2/radare2rc (and
radare2rc.d/)
 file     ${filename}.r2
Plugins:
 plugins  /usr/lib/radare2/last
 user     ~/.config/radare2/plugins
 LIBR_PLUGINS /usr/lib/radare2/0.10.6-git
Environment:
 RHOMEDIR     /home/zoran/.config/radare2
 RCFILE       ~/.radare2rc (user preferences, batch script)
 MAGICPATH    /usr/lib64/radare2/0.10.6-git/magic
 R_DEBUG      if defined, show error messages and crash signal
 VAPIDIR      path to extra vapi directory
 R2_NOPLUGINS do not load r2 shared plugins
Paths:
 PREFIX       /usr
 INCDIR       /usr/include/libr
 LIBDIR       /usr/lib64
 LIBEXT       so
[zoran@localhost ~]$
On Sat, Nov 5, 2016 at 3:55 AM, Riko Ho <antonius.riko@gmail.com
<mailto:antonius.riko@gmail.com>> wrote:

    Hi Rafael, For example I want to see the asm code for the
    whole 512Kbytes....is that possible ? How ? Thanks
    On 5/11/2016 3:36 AM, Rafael Machado wrote:

...
    Hi
    You can use the pd command.
    p = Print
    d = disassemby
    You can also add the number of instruction you whant to see.
    For example:
    pd 10
    Thanks
    Rafael Machado
    Em qua, 2 de nov de 2016 às 04:01, Riko Ho
    <antonius.riko@gmail.com <mailto:antonius.riko@gmail.com>>
    escreveu:

        Everyone, Idwer, I have radare question : I played until
        this point : c:>radare2 -e asm.bits=16 -e io.va
        <http://io.va>=true i946gz.bin   -- radare2 is WYSIWYF -
        what you see is what you fix [f000:fff0]> S $s-0x10000
        0xF000:0x0000 0x10000 0x10000 bootblk rwx [f000:fff0]> e
        asm.segoff=true [f000:fff0]> s 0xf000:0xffff0
        [f000:ffff]> How can I see the assembler code from there
        ? It's started from FFFF0....I'm sure the last byte
        instruction is jump to 0x00000 Cheers -- coreboot
        mailing list: coreboot@coreboot.org
        <mailto:coreboot@coreboot.org>
        https://www.coreboot.org/mailman/listinfo/coreboot
        <https://www.coreboot.org/mailman/listinfo/coreboot> 

    -- */*===*/ Kind regards, Riko Ho /*===*/ *
    -- coreboot mailing list: coreboot@coreboot.org
    <mailto:coreboot@coreboot.org>
    https://www.coreboot.org/mailman/listinfo/coreboot
    <https://www.coreboot.org/mailman/listinfo/coreboot> 

-- */*===*/ Kind regards, Riko Ho /*===*/ *

-- */*===*/ Kind regards, Riko Ho /*===*/ *