[coreboot] radare
Rafael Machado
rafaelrodrigues.machado at gmail.com
Wed Nov 9 12:23:14 CET 2016
Hi guys
I usually do the following to play with the coreboot images:
radare2 -b 16 Desktop\coreboot.rom
[f000:fff0]> pd 3
;-- entry0:
`=< f000:fff0 e98df7 jmp 0xff780
f000:fff3 ff invalid
f000:fff4 ff6690 jmp word [bp - 0x70]
[f000:fff0]>
After I saw the "-b 16" on a post at the internet the magic started to work.
But in case this bios you are checking is a UEFI bios (maybe it is since
it's a AMI bios), things will change a little bit.
I'm not sure about how to work with uefi images at radare yet.
Maybe you can use the UEFITool to try to help you:
https://github.com/LongSoft/UEFITool/releases/tag/A32
Thanks and good luck.
Em ter, 8 de nov de 2016 às 21:42, Idwer Vollering <vidwer at gmail.com>
escreveu:
> 2016-11-08 19:32 GMT+01:00 Zoran Stojsavljevic <
> zoran.stojsavljevic at gmail.com>:
> > Hello to all radare2 experienced people,
> >
> > From my VM Fedora 25 x86_64 on the top of VMWorkstation 12.5.1, on WIN10
> 64
> > Pro!
> >
> > Here is my take on radare2... And I am not getting through. Transcript
> > follows:
> >
> > [zoran at localhost bios]$ radare2 -e asm.bits=16 -e io.va=true
> > BIOS_AMI_BIOS.bin
> > -- attempt to dissasemble Core IVB AMI BIOS
> > [0000:0000]> S $s-0x10000 0xF000:0x0000 0x10000 0x10000 bootblk rwx
> > [0000:0000]> e asm.segoff=true
> > [0000:0000]> e asm.syntax = intel
>
> I think you can skip those three lines, when you built radare from git
>
> > [0000:0000]> s 0xf000:0xfff0
> > [f000:fff0]> pd 16
>
> Did you find 'Vp' already? And what the left/right arrow keys do in
> V_isual mode? :)
>
> > f000:fff0 ff invalid
> > f000:fff1 ff invalid
> > f000:fff2 ff invalid
> > f000:fff3 ff invalid
> > f000:fff4 ff invalid
> > f000:fff5 ff invalid
> > f000:fff6 ff invalid
> > f000:fff7 ff invalid
> > f000:fff8 ff invalid
> > f000:fff9 ff invalid
> > f000:fffa ff invalid
> > f000:fffb ff invalid
> > f000:fffc ff invalid
> > f000:fffd ff invalid
> > f000:fffe ff invalid
> > f000:ffff ff00 inc word [bx + si]
> > [f000:fff0]>
> >
> > Help needed/comments appreciated. What am I doing wrong?
> >
> > Thank you,
> > Zoran
> >
> > On Mon, Nov 7, 2016 at 2:08 AM, Riko Ho <antonius.riko at gmail.com> wrote:
> >>
> >> Hi Zoran,
> >> I reckon that's the right radare, find *.bin or *.rom or *.hex and run
> >>
> >> [zoran at localhost ~]$ radare2 *.bin
> >> and s command and pD command....for example :
> >>
> >> [f000:fff0]> s f000:0
> >> [f000:0000]> pD 0xffff
> >>
> >>
> >> more info :
> >> https://radare.gitbooks.io/radare2book/content/disassembling/intro.html
> >>
> >>
> >> On 7/11/2016 5:41 AM, Zoran Stojsavljevic wrote:
> >>
> >> Hello Riko,
> >>
> >> I recently also became very interested to start using radare2 (Raphael
> >> Machado's dissasembly attempts got involved me, to set the tool). Since
> I am
> >> very lazy person, the first was to ask my Fedora 25 distro does the
> distro
> >> have package radare2?
> >>
> >> Yes, it does have it, so I have installed it. And for you, here is the
> >> transcript of my CLI for you.
> >>
> >> CLI traces (radare --help) are worth 1000nd words, don't you agree? ;-)
> >>
> >> Best Regards,
> >> Zoran
> >> _______
> >>
> >> [zoran at localhost ~]$ uname -r
> >> 4.8.6-300.fc25.x86_64
> >> [zoran at localhost ~]$ which radare2
> >> /usr/bin/radare2
> >> [zoran at localhost ~]$ radare2 --help
> >> radare2: invalid option -- '-'
> >> r_config_get: variable 'lp' not found
> >> -- open radare2 on an empty file
> >> - equivalent of 'r2 malloc://512'
> >> = read file from stdin (use -i and -c to run cmds)
> >> -= perform !=! command to run all commands remotely
> >> -0 print \x00 after init and every command
> >> -a [arch] set asm.arch
> >> -A run 'aaa' command to analyze all referenced code
> >> -b [bits] set asm.bits
> >> -B [baddr] set base address for PIE binaries
> >> -c 'cmd..' execute radare command
> >> -C file is host:port (alias for -c+=http://%s/cmd/)
> >> -d debug the executable 'file' or running process 'pid'
> >> -D [backend] enable debug mode (e cfg.debug=true)
> >> -e k=v evaluate config var
> >> -f block size = file size
> >> -F [binplug] force to use that rbin plugin
> >> -h, -hh show help message, -hh for long
> >> -i [file] run script file
> >> -I [file] run script file before the file is opened
> >> -k [k=v] perform sdb query into core->sdb
> >> -l [lib] load plugin file
> >> -L list supported IO plugins
> >> -m [addr] map file at given address (loadaddr)
> >> -M do not demangle symbol names
> >> -n, -nn do not load RBin info (-nn only load bin structures)
> >> -N do not load user settings and scripts
> >> -o [OS/kern] set asm.os (linux, macos, w32, netbsd, ...)
> >> -q quiet mode (no prompt) and quit after -i
> >> -p [prj] use project, list if no arg, load if no file
> >> -P [file] apply rapatch file and quit
> >> -R [rarun2] specify rarun2 profile to load (same as -e dbg.profile=X)
> >> -s [addr] initial seek
> >> -S start r2 in sandbox mode
> >> -t load rabin2 info in thread
> >> -u set bin.filter=false to get raw sym/sec/cls names
> >> -v, -V show radare2 version (-V show lib versions)
> >> -w open file in write mode
> >> -z, -zz do not load strings or load them even in raw
> >> Scripts:
> >> system /usr/share/radare2/radare2rc
> >> user ~/.radare2rc ${RHOMEDIR}/radare2/radare2rc (and radare2rc.d/)
> >> file ${filename}.r2
> >> Plugins:
> >> plugins /usr/lib/radare2/last
> >> user ~/.config/radare2/plugins
> >> LIBR_PLUGINS /usr/lib/radare2/0.10.6-git
> >> Environment:
> >> RHOMEDIR /home/zoran/.config/radare2
> >> RCFILE ~/.radare2rc (user preferences, batch script)
> >> MAGICPATH /usr/lib64/radare2/0.10.6-git/magic
> >> R_DEBUG if defined, show error messages and crash signal
> >> VAPIDIR path to extra vapi directory
> >> R2_NOPLUGINS do not load r2 shared plugins
> >> Paths:
> >> PREFIX /usr
> >> INCDIR /usr/include/libr
> >> LIBDIR /usr/lib64
> >> LIBEXT so
> >> [zoran at localhost ~]$
> >>
> >> On Sat, Nov 5, 2016 at 3:55 AM, Riko Ho <antonius.riko at gmail.com>
> wrote:
> >>>
> >>> Hi Rafael,
> >>>
> >>> For example I want to see the asm code for the whole 512Kbytes....is
> that
> >>> possible ?
> >>> How ?
> >>>
> >>> Thanks
> >>>
> >>> On 5/11/2016 3:36 AM, Rafael Machado wrote:
> >>>
> >>> Hi
> >>>
> >>> You can use the pd command.
> >>> p = Print
> >>> d = disassemby
> >>>
> >>> You can also add the number of instruction you whant to see. For
> example:
> >>>
> >>> pd 10
> >>>
> >>> Thanks
> >>> Rafael Machado
> >>>
> >>> Em qua, 2 de nov de 2016 às 04:01, Riko Ho <antonius.riko at gmail.com>
> >>> escreveu:
> >>>>
> >>>> Everyone, Idwer,
> >>>>
> >>>> I have radare question :
> >>>>
> >>>> I played until this point :
> >>>> c:>radare2 -e asm.bits=16 -e io.va=true i946gz.bin
> >>>> -- radare2 is WYSIWYF - what you see is what you fix
> >>>> [f000:fff0]> S $s-0x10000 0xF000:0x0000 0x10000 0x10000 bootblk rwx
> >>>> [f000:fff0]> e asm.segoff=true
> >>>> [f000:fff0]> s 0xf000:0xffff0
> >>>> [f000:ffff]>
> >>>>
> >>>> How can I see the assembler code from there ? It's started from
> >>>> FFFF0....I'm sure the last byte instruction is jump to 0x00000
> >>>>
> >>>> Cheers
> >>>>
> >>>> --
> >>>> coreboot mailing list: coreboot at coreboot.org
> >>>> https://www.coreboot.org/mailman/listinfo/coreboot
> >>>
> >>>
> >>>
> >>> --
> >>> /*===*/
> >>> Kind regards,
> >>> Riko Ho
> >>> /*===*/
> >>>
> >>> --
> >>> coreboot mailing list: coreboot at coreboot.org
> >>> https://www.coreboot.org/mailman/listinfo/coreboot
> >>
> >>
> >>
> >>
> >> --
> >> /*===*/
> >> Kind regards,
> >> Riko Ho
> >> /*===*/
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20161109/db2179f5/attachment.html>
More information about the coreboot
mailing list