[coreboot] radare

Riko Ho antonius.riko at gmail.com
Tue Nov 8 23:14:48 CET 2016


This is what I had done and worked on :

bianchi at ubuntu:~/Documents/Coreboot Column$ r2 i946gz_Edited.bin
[f000:fff0]> s f000:0
[f000:0000]> pD 0xffff
Do you want to print 4401484 chars? (y/N)
    ;      [0] va=0x000f0000 pa=0x00070000 sz=65536 vsz=65536 rwx=-rwx 
bootblk
             ;-- section.bootblk:
         ,=< f000:0000    ead41100f0   jmp word 0xf000:0x11d4
         |   f000:0005    0000         add [bx+si], al
         |   f000:0007    0000         add [bx+si], al
         |   f000:0009    0000         add [bx+si], al
         |   f000:000b    0000         add [bx+si], al
         |   f000:000d    0000         add [bx+si], al
         |   f000:000f    00e8         add al, ch
         |   f000:0011    0c01         or al, 0x1
        ,==< f000:0013    745e         jz 0xf0073
and so on until the bottom 4401481 chars...


On 9/11/2016 2:32 AM, Zoran Stojsavljevic wrote:
> Hello to all radare2 experienced people,
>
> From my VM Fedora 25 x86_64 on the top of VMWorkstation 12.5.1, on 
> WIN10 64 Pro!
>
> Here is my take on radare2... And I am not getting through. Transcript 
> follows:
>
> [zoran at localhost bios]$ radare2 -e asm.bits=16 -e io.va 
> <http://io.va>=true BIOS_AMI_BIOS.bin
>  -- attempt to dissasemble Core IVB AMI BIOS
> [0000:0000]> S $s-0x10000 0xF000:0x0000 0x10000 0x10000 bootblk rwx
> [0000:0000]> e asm.segoff=true
> [0000:0000]> e asm.syntax = intel
> [0000:0000]> s 0xf000:0xfff0
> [f000:fff0]> pd 16
>             f000:fff0      ff             invalid
>             f000:fff1      ff             invalid
>             f000:fff2      ff             invalid
>             f000:fff3      ff             invalid
>             f000:fff4      ff             invalid
>             f000:fff5      ff             invalid
>             f000:fff6      ff             invalid
>             f000:fff7      ff             invalid
>             f000:fff8      ff             invalid
>             f000:fff9      ff             invalid
>             f000:fffa      ff             invalid
>             f000:fffb      ff             invalid
>             f000:fffc      ff             invalid
>             f000:fffd      ff             invalid
>             f000:fffe      ff             invalid
>             f000:ffff      ff00           inc word [bx + si]
> [f000:fff0]>
>
> Help needed/comments appreciated. What am I doing wrong?
>
> Thank you,
> Zoran
>
> On Mon, Nov 7, 2016 at 2:08 AM, Riko Ho <antonius.riko at gmail.com 
> <mailto:antonius.riko at gmail.com>> wrote:
>
>     Hi Zoran,
>     I reckon that's the right radare, find *.bin or *.rom or *.hex and run
>
>     [zoran at localhost ~]$ radare2 *.bin
>     and s command and pD command....for example :
>
>     [f000:fff0]> s f000:0
>     [f000:0000]> pD 0xffff
>
>
>     more info :
>     https://radare.gitbooks.io/radare2book/content/disassembling/intro.html
>     <https://radare.gitbooks.io/radare2book/content/disassembling/intro.html>
>
>     On 7/11/2016 5:41 AM, Zoran Stojsavljevic wrote:
>>     Hello Riko,
>>     I recently also became very interested to start using radare2
>>     (Raphael Machado's dissasembly attempts got involved me, to set
>>     the tool). Since I am very lazy person, the first was to ask my
>>     Fedora 25 distro does the distro have package radare2?
>>     Yes, it does have it, so I have installed it. And for you, here
>>     is the transcript of my CLI for you.
>>     CLI traces (radare --help) are worth 1000nd words, don't you
>>     agree? ;-)
>>     Best Regards,
>>     Zoran
>>     _______
>>     [zoran at localhost ~]$ uname -r
>>     4.8.6-300.fc25.x86_64
>>     [zoran at localhost ~]$ which radare2
>>     /usr/bin/radare2
>>     */_[zoran at localhost ~]$ radare2 --help_/*
>>     radare2: invalid option -- '-'
>>     r_config_get: variable 'lp' not found
>>      --           open radare2 on an empty file
>>      -            equivalent of 'r2 malloc://512'
>>      =            read file from stdin (use -i and -c to run cmds)
>>      -=           perform !=! command to run all commands remotely
>>      -0           print \x00 after init and every command
>>      -a [arch]    set asm.arch
>>      -A           run 'aaa' command to analyze all referenced code
>>      -b [bits]    set asm.bits
>>      -B [baddr]   set base address for PIE binaries
>>      -c 'cmd..'   execute radare command
>>      -C           file is host:port (alias for -c+=http://%s/cmd/)
>>      -d           debug the executable 'file' or running process 'pid'
>>      -D [backend] enable debug mode (e cfg.debug=true)
>>      -e k=v       evaluate config var
>>      -f           block size = file size
>>      -F [binplug] force to use that rbin plugin
>>      -h, -hh      show help message, -hh for long
>>      -i [file]    run script file
>>      -I [file]    run script file before the file is opened
>>      -k [k=v]     perform sdb query into core->sdb
>>      -l [lib]     load plugin file
>>      -L           list supported IO plugins
>>      -m [addr]    map file at given address (loadaddr)
>>      -M           do not demangle symbol names
>>      -n, -nn      do not load RBin info (-nn only load bin structures)
>>      -N           do not load user settings and scripts
>>      -o [OS/kern] set asm.os (linux, macos, w32, netbsd, ...)
>>      -q           quiet mode (no prompt) and quit after -i
>>      -p [prj]     use project, list if no arg, load if no file
>>      -P [file]    apply rapatch file and quit
>>      -R [rarun2]  specify rarun2 profile to load (same as -e
>>     dbg.profile=X)
>>      -s [addr]    initial seek
>>      -S           start r2 in sandbox mode
>>      -t           load rabin2 info in thread
>>      -u           set bin.filter=false to get raw sym/sec/cls names
>>      -v, -V       show radare2 version (-V show lib versions)
>>      -w           open file in write mode
>>      -z, -zz      do not load strings or load them even in raw
>>     Scripts:
>>      system   /usr/share/radare2/radare2rc
>>      user     ~/.radare2rc ${RHOMEDIR}/radare2/radare2rc (and
>>     radare2rc.d/)
>>      file     ${filename}.r2
>>     Plugins:
>>      plugins  /usr/lib/radare2/last
>>      user     ~/.config/radare2/plugins
>>      LIBR_PLUGINS /usr/lib/radare2/0.10.6-git
>>     Environment:
>>      RHOMEDIR     /home/zoran/.config/radare2
>>      RCFILE       ~/.radare2rc (user preferences, batch script)
>>      MAGICPATH    /usr/lib64/radare2/0.10.6-git/magic
>>      R_DEBUG      if defined, show error messages and crash signal
>>      VAPIDIR      path to extra vapi directory
>>      R2_NOPLUGINS do not load r2 shared plugins
>>     Paths:
>>      PREFIX       /usr
>>      INCDIR       /usr/include/libr
>>      LIBDIR       /usr/lib64
>>      LIBEXT       so
>>     [zoran at localhost ~]$
>>     On Sat, Nov 5, 2016 at 3:55 AM, Riko Ho <antonius.riko at gmail.com
>>     <mailto:antonius.riko at gmail.com>> wrote:
>>
>>         Hi Rafael, For example I want to see the asm code for the
>>         whole 512Kbytes....is that possible ? How ? Thanks
>>         On 5/11/2016 3:36 AM, Rafael Machado wrote:
>>>         Hi
>>>         You can use the pd command.
>>>         p = Print
>>>         d = disassemby
>>>         You can also add the number of instruction you whant to see.
>>>         For example:
>>>         pd 10
>>>         Thanks
>>>         Rafael Machado
>>>         Em qua, 2 de nov de 2016 às 04:01, Riko Ho
>>>         <antonius.riko at gmail.com <mailto:antonius.riko at gmail.com>>
>>>         escreveu:
>>>
>>>             Everyone, Idwer, I have radare question : I played until
>>>             this point : c:>radare2 -e asm.bits=16 -e io.va
>>>             <http://io.va>=true i946gz.bin   -- radare2 is WYSIWYF -
>>>             what you see is what you fix [f000:fff0]> S $s-0x10000
>>>             0xF000:0x0000 0x10000 0x10000 bootblk rwx [f000:fff0]> e
>>>             asm.segoff=true [f000:fff0]> s 0xf000:0xffff0
>>>             [f000:ffff]> How can I see the assembler code from there
>>>             ? It's started from FFFF0....I'm sure the last byte
>>>             instruction is jump to 0x00000 Cheers -- coreboot
>>>             mailing list: coreboot at coreboot.org
>>>             <mailto:coreboot at coreboot.org>
>>>             https://www.coreboot.org/mailman/listinfo/coreboot
>>>             <https://www.coreboot.org/mailman/listinfo/coreboot> 
>>>
>>         -- */*===*/ Kind regards, Riko Ho /*===*/ *
>>         -- coreboot mailing list: coreboot at coreboot.org
>>         <mailto:coreboot at coreboot.org>
>>         https://www.coreboot.org/mailman/listinfo/coreboot
>>         <https://www.coreboot.org/mailman/listinfo/coreboot> 
>>
>     -- */*===*/ Kind regards, Riko Ho /*===*/ *
>
-- */*===*/ Kind regards, Riko Ho /*===*/ *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20161109/1d634da8/attachment.html>


More information about the coreboot mailing list