[coreboot] radare
Riko Ho
antonius.riko at gmail.com
Tue Nov 8 23:14:48 CET 2016
This is what I had done and worked on :
bianchi at ubuntu:~/Documents/Coreboot Column$ r2 i946gz_Edited.bin
[f000:fff0]> s f000:0
[f000:0000]> pD 0xffff
Do you want to print 4401484 chars? (y/N)
; [0] va=0x000f0000 pa=0x00070000 sz=65536 vsz=65536 rwx=-rwx
bootblk
;-- section.bootblk:
,=< f000:0000 ead41100f0 jmp word 0xf000:0x11d4
| f000:0005 0000 add [bx+si], al
| f000:0007 0000 add [bx+si], al
| f000:0009 0000 add [bx+si], al
| f000:000b 0000 add [bx+si], al
| f000:000d 0000 add [bx+si], al
| f000:000f 00e8 add al, ch
| f000:0011 0c01 or al, 0x1
,==< f000:0013 745e jz 0xf0073
and so on until the bottom 4401481 chars...
On 9/11/2016 2:32 AM, Zoran Stojsavljevic wrote:
> Hello to all radare2 experienced people,
>
> From my VM Fedora 25 x86_64 on the top of VMWorkstation 12.5.1, on
> WIN10 64 Pro!
>
> Here is my take on radare2... And I am not getting through. Transcript
> follows:
>
> [zoran at localhost bios]$ radare2 -e asm.bits=16 -e io.va
> <http://io.va>=true BIOS_AMI_BIOS.bin
> -- attempt to dissasemble Core IVB AMI BIOS
> [0000:0000]> S $s-0x10000 0xF000:0x0000 0x10000 0x10000 bootblk rwx
> [0000:0000]> e asm.segoff=true
> [0000:0000]> e asm.syntax = intel
> [0000:0000]> s 0xf000:0xfff0
> [f000:fff0]> pd 16
> f000:fff0 ff invalid
> f000:fff1 ff invalid
> f000:fff2 ff invalid
> f000:fff3 ff invalid
> f000:fff4 ff invalid
> f000:fff5 ff invalid
> f000:fff6 ff invalid
> f000:fff7 ff invalid
> f000:fff8 ff invalid
> f000:fff9 ff invalid
> f000:fffa ff invalid
> f000:fffb ff invalid
> f000:fffc ff invalid
> f000:fffd ff invalid
> f000:fffe ff invalid
> f000:ffff ff00 inc word [bx + si]
> [f000:fff0]>
>
> Help needed/comments appreciated. What am I doing wrong?
>
> Thank you,
> Zoran
>
> On Mon, Nov 7, 2016 at 2:08 AM, Riko Ho <antonius.riko at gmail.com
> <mailto:antonius.riko at gmail.com>> wrote:
>
> Hi Zoran,
> I reckon that's the right radare, find *.bin or *.rom or *.hex and run
>
> [zoran at localhost ~]$ radare2 *.bin
> and s command and pD command....for example :
>
> [f000:fff0]> s f000:0
> [f000:0000]> pD 0xffff
>
>
> more info :
> https://radare.gitbooks.io/radare2book/content/disassembling/intro.html
> <https://radare.gitbooks.io/radare2book/content/disassembling/intro.html>
>
> On 7/11/2016 5:41 AM, Zoran Stojsavljevic wrote:
>> Hello Riko,
>> I recently also became very interested to start using radare2
>> (Raphael Machado's dissasembly attempts got involved me, to set
>> the tool). Since I am very lazy person, the first was to ask my
>> Fedora 25 distro does the distro have package radare2?
>> Yes, it does have it, so I have installed it. And for you, here
>> is the transcript of my CLI for you.
>> CLI traces (radare --help) are worth 1000nd words, don't you
>> agree? ;-)
>> Best Regards,
>> Zoran
>> _______
>> [zoran at localhost ~]$ uname -r
>> 4.8.6-300.fc25.x86_64
>> [zoran at localhost ~]$ which radare2
>> /usr/bin/radare2
>> */_[zoran at localhost ~]$ radare2 --help_/*
>> radare2: invalid option -- '-'
>> r_config_get: variable 'lp' not found
>> -- open radare2 on an empty file
>> - equivalent of 'r2 malloc://512'
>> = read file from stdin (use -i and -c to run cmds)
>> -= perform !=! command to run all commands remotely
>> -0 print \x00 after init and every command
>> -a [arch] set asm.arch
>> -A run 'aaa' command to analyze all referenced code
>> -b [bits] set asm.bits
>> -B [baddr] set base address for PIE binaries
>> -c 'cmd..' execute radare command
>> -C file is host:port (alias for -c+=http://%s/cmd/)
>> -d debug the executable 'file' or running process 'pid'
>> -D [backend] enable debug mode (e cfg.debug=true)
>> -e k=v evaluate config var
>> -f block size = file size
>> -F [binplug] force to use that rbin plugin
>> -h, -hh show help message, -hh for long
>> -i [file] run script file
>> -I [file] run script file before the file is opened
>> -k [k=v] perform sdb query into core->sdb
>> -l [lib] load plugin file
>> -L list supported IO plugins
>> -m [addr] map file at given address (loadaddr)
>> -M do not demangle symbol names
>> -n, -nn do not load RBin info (-nn only load bin structures)
>> -N do not load user settings and scripts
>> -o [OS/kern] set asm.os (linux, macos, w32, netbsd, ...)
>> -q quiet mode (no prompt) and quit after -i
>> -p [prj] use project, list if no arg, load if no file
>> -P [file] apply rapatch file and quit
>> -R [rarun2] specify rarun2 profile to load (same as -e
>> dbg.profile=X)
>> -s [addr] initial seek
>> -S start r2 in sandbox mode
>> -t load rabin2 info in thread
>> -u set bin.filter=false to get raw sym/sec/cls names
>> -v, -V show radare2 version (-V show lib versions)
>> -w open file in write mode
>> -z, -zz do not load strings or load them even in raw
>> Scripts:
>> system /usr/share/radare2/radare2rc
>> user ~/.radare2rc ${RHOMEDIR}/radare2/radare2rc (and
>> radare2rc.d/)
>> file ${filename}.r2
>> Plugins:
>> plugins /usr/lib/radare2/last
>> user ~/.config/radare2/plugins
>> LIBR_PLUGINS /usr/lib/radare2/0.10.6-git
>> Environment:
>> RHOMEDIR /home/zoran/.config/radare2
>> RCFILE ~/.radare2rc (user preferences, batch script)
>> MAGICPATH /usr/lib64/radare2/0.10.6-git/magic
>> R_DEBUG if defined, show error messages and crash signal
>> VAPIDIR path to extra vapi directory
>> R2_NOPLUGINS do not load r2 shared plugins
>> Paths:
>> PREFIX /usr
>> INCDIR /usr/include/libr
>> LIBDIR /usr/lib64
>> LIBEXT so
>> [zoran at localhost ~]$
>> On Sat, Nov 5, 2016 at 3:55 AM, Riko Ho <antonius.riko at gmail.com
>> <mailto:antonius.riko at gmail.com>> wrote:
>>
>> Hi Rafael, For example I want to see the asm code for the
>> whole 512Kbytes....is that possible ? How ? Thanks
>> On 5/11/2016 3:36 AM, Rafael Machado wrote:
>>> Hi
>>> You can use the pd command.
>>> p = Print
>>> d = disassemby
>>> You can also add the number of instruction you whant to see.
>>> For example:
>>> pd 10
>>> Thanks
>>> Rafael Machado
>>> Em qua, 2 de nov de 2016 às 04:01, Riko Ho
>>> <antonius.riko at gmail.com <mailto:antonius.riko at gmail.com>>
>>> escreveu:
>>>
>>> Everyone, Idwer, I have radare question : I played until
>>> this point : c:>radare2 -e asm.bits=16 -e io.va
>>> <http://io.va>=true i946gz.bin -- radare2 is WYSIWYF -
>>> what you see is what you fix [f000:fff0]> S $s-0x10000
>>> 0xF000:0x0000 0x10000 0x10000 bootblk rwx [f000:fff0]> e
>>> asm.segoff=true [f000:fff0]> s 0xf000:0xffff0
>>> [f000:ffff]> How can I see the assembler code from there
>>> ? It's started from FFFF0....I'm sure the last byte
>>> instruction is jump to 0x00000 Cheers -- coreboot
>>> mailing list: coreboot at coreboot.org
>>> <mailto:coreboot at coreboot.org>
>>> https://www.coreboot.org/mailman/listinfo/coreboot
>>> <https://www.coreboot.org/mailman/listinfo/coreboot>
>>>
>> -- */*===*/ Kind regards, Riko Ho /*===*/ *
>> -- coreboot mailing list: coreboot at coreboot.org
>> <mailto:coreboot at coreboot.org>
>> https://www.coreboot.org/mailman/listinfo/coreboot
>> <https://www.coreboot.org/mailman/listinfo/coreboot>
>>
> -- */*===*/ Kind regards, Riko Ho /*===*/ *
>
-- */*===*/ Kind regards, Riko Ho /*===*/ *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20161109/1d634da8/attachment.html>
More information about the coreboot
mailing list