Rizin
unix-like reverse engineering framework and cli tools
bin_mbn.c
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2015-2019 pancake <pancake@nopcode.org>
2 // SPDX-License-Identifier: LGPL-3.0-only
3 
4 // XXX: this plugin have 0 tests and no binaries
5 //
6 
7 #include <rz_types.h>
8 #include <rz_util.h>
9 #include <rz_lib.h>
10 #include <rz_bin.h>
11 
12 typedef struct sbl_header {
13  ut32 load_index;
14  ut32 version; // (flash_partition_version) 3 = nand
15  ut32 paddr; // This + 40 is the start of the code in the file
16  ut32 vaddr; // Where it's loaded in memory
17  ut32 psize; // code_size + signature_size + cert_chain_size
18  ut32 code_pa; // Only what's loaded to memory
19  ut32 sign_va;
20  ut32 sign_sz;
21  ut32 cert_va; // Max of 3 certs?
22  ut32 cert_sz;
23 } SblHeader;
24 
25 // TODO avoid globals
26 static SblHeader sb = { 0 };
27 
28 static bool check_buffer(RzBuffer *b) {
29  rz_return_val_if_fail(b, false);
30  ut64 bufsz = rz_buf_size(b);
31  if (sizeof(SblHeader) < bufsz) {
32  int ret = rz_buf_fread_at(b, 0, (ut8 *)&sb, "10i", 1);
33  if (!ret) {
34  return false;
35  }
36 #if 0
37  eprintf ("V=%d\n", sb.version);
38  eprintf ("PA=0x%08x sz=0x%x\n", sb.paddr, sb.psize);
39  eprintf ("VA=0x%08x sz=0x%x\n", sb.vaddr, sb.psize);
40  eprintf ("CODE=0x%08x\n", sb.code_pa + sb.vaddr + 40);
41  eprintf ("SIGN=0x%08x sz=0x%x\n", sb.sign_va, sb.sign_sz);
42  if (sb.cert_sz > 0) {
43  eprintf ("CERT=0x%08x sz=0x%x\n", sb.cert_va, sb.cert_sz);
44  } else {
45  eprintf ("No certificate found.\n");
46  }
47 #endif
48  if (sb.version != 3) { // NAND
49  return false;
50  }
51  if (sb.paddr + sizeof(SblHeader) > bufsz) { // NAND
52  return false;
53  }
54  if (sb.vaddr < 0x100 || sb.psize > bufsz) { // NAND
55  return false;
56  }
57  if (sb.cert_va < sb.vaddr) {
58  return false;
59  }
60  if (sb.cert_sz >= 0xf0000) {
61  return false;
62  }
63  if (sb.sign_va < sb.vaddr) {
64  return false;
65  }
66  if (sb.sign_sz >= 0xf0000) {
67  return false;
68  }
69  if (sb.load_index < 1 || sb.load_index > 0x40) {
70  return false; // should be 0x19 ?
71  }
72  // TODO: Add more checks here
73  return true;
74  }
75  return false;
76 }
77 
78 static bool load_buffer(RzBinFile *bf, RzBinObject *obj, RzBuffer *b, Sdb *sdb) {
79  return check_buffer(b);
80 }
81 
82 static ut64 baddr(RzBinFile *bf) {
83  return sb.vaddr; // XXX
84 }
85 
86 static RzList *entries(RzBinFile *bf) {
87  RzList *ret = rz_list_newf(free);
88  ;
89  if (ret) {
90  RzBinAddr *ptr = RZ_NEW0(RzBinAddr);
91  if (ptr) {
92  ptr->paddr = 40 + sb.code_pa;
93  ptr->vaddr = 40 + sb.code_pa + sb.vaddr;
94  rz_list_append(ret, ptr);
95  }
96  }
97  return ret;
98 }
99 
100 static RzList *sections(RzBinFile *bf) {
101  RzBinSection *ptr = NULL;
102  RzList *ret = NULL;
103  int rc;
104 
105  if (!(ret = rz_list_new())) {
106  return NULL;
107  }
108  ret->free = free;
109  rc = rz_buf_fread_at(bf->buf, 0, (ut8 *)&sb, "10i", 1);
110  if (!rc) {
111  rz_list_free(ret);
112  return false;
113  }
114 
115  // add text segment
116  if (!(ptr = RZ_NEW0(RzBinSection))) {
117  return ret;
118  }
119  ptr->name = strdup("text");
120  ptr->size = sb.psize;
121  ptr->vsize = sb.psize;
122  ptr->paddr = sb.paddr + 40;
123  ptr->vaddr = sb.vaddr;
124  ptr->perm = RZ_PERM_RX; // r-x
125  ptr->has_strings = true;
126  rz_list_append(ret, ptr);
127 
128  if (!(ptr = RZ_NEW0(RzBinSection))) {
129  return ret;
130  }
131  ptr->name = strdup("sign");
132  ptr->size = sb.sign_sz;
133  ptr->vsize = sb.sign_sz;
134  ptr->paddr = sb.sign_va - sb.vaddr;
135  ptr->vaddr = sb.sign_va;
136  ptr->perm = RZ_PERM_R; // r--
137  ptr->has_strings = true;
138  rz_list_append(ret, ptr);
139 
140  if (sb.cert_sz && sb.cert_va > sb.vaddr) {
141  if (!(ptr = RZ_NEW0(RzBinSection))) {
142  return ret;
143  }
144  ptr->name = strdup("cert");
145  ptr->size = sb.cert_sz;
146  ptr->vsize = sb.cert_sz;
147  ptr->paddr = sb.cert_va - sb.vaddr;
148  ptr->vaddr = sb.cert_va;
149  ptr->perm = RZ_PERM_R; // r--
150  ptr->has_strings = true;
151  rz_list_append(ret, ptr);
152  }
153  return ret;
154 }
155 
156 static RzBinInfo *info(RzBinFile *bf) {
157  RzBinInfo *ret = NULL;
158  const int bits = 16;
159  if (!(ret = RZ_NEW0(RzBinInfo))) {
160  return NULL;
161  }
162  ret->file = strdup(bf->file);
163  ret->bclass = strdup("bootloader");
164  ret->rclass = strdup("mbn");
165  ret->os = strdup("MBN");
166  ret->arch = strdup("arm");
167  ret->machine = strdup(ret->arch);
168  ret->subsystem = strdup("mbn");
169  ret->type = strdup("sbl"); // secondary boot loader
170  ret->bits = bits;
171  ret->has_va = true;
172  ret->has_crypto = true; // must be false if there' no sign or cert sections
173  ret->has_pi = false;
174  ret->has_nx = false;
175  ret->big_endian = false;
176  ret->dbg_info = false;
177  return ret;
178 }
179 
180 static ut64 size(RzBinFile *bf) {
181  return sizeof(SblHeader) + sb.psize;
182 }
183 
184 RzBinPlugin rz_bin_plugin_mbn = {
185  .name = "mbn",
186  .desc = "MBN/SBL bootloader things",
187  .license = "LGPL3",
188  .minstrlen = 10,
189  .load_buffer = &load_buffer,
190  .size = &size,
191  .check_buffer = &check_buffer,
192  .baddr = &baddr,
193  .entries = &entries,
194  .maps = &rz_bin_maps_of_file_sections,
195  .sections = &sections,
196  .info = &info,
197 };
198 
199 #ifndef RZ_PLUGIN_INCORE
200 RZ_API RzLibStruct rizin_plugin = {
201  .type = RZ_LIB_TYPE_BIN,
202  .data = &rz_bin_plugin_mbn,
203  .version = RZ_VERSION
204 };
205 #endif
rz_bin_maps_of_file_sections
RZ_API RZ_OWN RzList * rz_bin_maps_of_file_sections(RZ_NONNULL RzBinFile *binfile)
Create a list of RzBinMap from RzBinSections queried from the given file.
Definition: bin.c:1040
load_buffer
static bool load_buffer(RzBinFile *bf, RzBinObject *obj, RzBuffer *b, Sdb *sdb)
Definition: bin_mbn.c:78
size
static ut64 size(RzBinFile *bf)
Definition: bin_mbn.c:180
rizin_plugin
RZ_API RzLibStruct rizin_plugin
Definition: bin_mbn.c:200
check_buffer
static bool check_buffer(RzBuffer *b)
Definition: bin_mbn.c:28
rz_bin_plugin_mbn
RzBinPlugin rz_bin_plugin_mbn
Definition: bin_mbn.c:184
info
static RzBinInfo * info(RzBinFile *bf)
Definition: bin_mbn.c:156
SblHeader
struct sbl_header SblHeader
sb
static SblHeader sb
Definition: bin_mbn.c:26
baddr
static ut64 baddr(RzBinFile *bf)
Definition: bin_mbn.c:82
entries
static RzList * entries(RzBinFile *bf)
Definition: bin_mbn.c:86
sections
static RzList * sections(RzBinFile *bf)
Definition: bin_mbn.c:100
bits
int bits(struct state *s, int need)
Definition: blast.c:72
RZ_API
#define RZ_API
Definition: core_plugin_example.c:36
NULL
#define NULL
Definition: cris-opc.c:27
ut32
uint32_t ut32
Definition: demangler_util.h:31
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
ut8
uint8_t ut8
Definition: lh5801.h:11
rz_list_newf
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
Definition: list.c:248
rz_list_new
RZ_API RZ_OWN RzList * rz_list_new(void)
Returns a new initialized RzList pointer (free method is not initialized)
Definition: list.c:235
rz_list_append
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
Definition: list.c:288
rz_list_free
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
Definition: list.c:137
strdup
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
eprintf
#define eprintf(x, y...)
Definition: rlcc.c:7
rz_return_val_if_fail
#define rz_return_val_if_fail(expr, val)
Definition: rz_assert.h:108
rz_bin.h
rz_buf_fread_at
RZ_API st64 rz_buf_fread_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL ut8 *buf, RZ_NONNULL const char *fmt, int n)
...
Definition: buf.c:1001
rz_buf_size
RZ_API ut64 rz_buf_size(RZ_NONNULL RzBuffer *b)
Return the size of the buffer.
Definition: buf.c:1225
rz_lib.h
RZ_LIB_TYPE_BIN
@ RZ_LIB_TYPE_BIN
Definition: rz_lib.h:75
rz_types.h
RZ_PERM_R
#define RZ_PERM_R
Definition: rz_types.h:93
RZ_NEW0
#define RZ_NEW0(x)
Definition: rz_types.h:284
RZ_PERM_RX
#define RZ_PERM_RX
Definition: rz_types.h:97
rz_util.h
RZ_VERSION
#define RZ_VERSION
Definition: rz_version.h:8
b
#define b(i)
Definition: sha256.c:42
rz_bin_addr_t
Definition: rz_bin.h:185
rz_bin_addr_t::vaddr
ut64 vaddr
Definition: rz_bin.h:186
rz_bin_addr_t::paddr
ut64 paddr
Definition: rz_bin.h:187
rz_bin_file_t
XX curplugin == o->plugin.
Definition: rz_bin.h:298
rz_bin_file_t::file
char * file
Definition: rz_bin.h:299
rz_bin_file_t::buf
RzBuffer * buf
Definition: rz_bin.h:303
rz_bin_info_t
Definition: rz_bin.h:209
rz_bin_info_t::has_va
int has_va
Definition: rz_bin.h:228
rz_bin_info_t::type
char * type
Definition: rz_bin.h:211
rz_bin_info_t::has_crypto
int has_crypto
Definition: rz_bin.h:233
rz_bin_info_t::bits
int bits
Definition: rz_bin.h:227
rz_bin_info_t::os
char * os
Definition: rz_bin.h:219
rz_bin_info_t::subsystem
char * subsystem
Definition: rz_bin.h:220
rz_bin_info_t::has_pi
int has_pi
Definition: rz_bin.h:229
rz_bin_info_t::has_nx
int has_nx
Definition: rz_bin.h:234
rz_bin_info_t::machine
char * machine
Definition: rz_bin.h:216
rz_bin_info_t::bclass
char * bclass
Definition: rz_bin.h:212
rz_bin_info_t::file
char * file
Definition: rz_bin.h:210
rz_bin_info_t::dbg_info
ut64 dbg_info
Definition: rz_bin.h:240
rz_bin_info_t::rclass
char * rclass
Definition: rz_bin.h:213
rz_bin_info_t::arch
char * arch
Definition: rz_bin.h:214
rz_bin_info_t::big_endian
int big_endian
Definition: rz_bin.h:235
rz_bin_object_t
Definition: rz_bin.h:259
rz_bin_plugin_t
Definition: rz_bin.h:508
rz_bin_plugin_t::name
char * name
Definition: rz_bin.h:509
rz_bin_plugin_t::version
char * version
Definition: rz_bin.h:512
rz_bin_section_t
Definition: rz_bin.h:618
rz_bin_section_t::paddr
ut64 paddr
Definition: rz_bin.h:623
rz_bin_section_t::perm
ut32 perm
Definition: rz_bin.h:624
rz_bin_section_t::size
ut64 size
Definition: rz_bin.h:620
rz_bin_section_t::name
char * name
Definition: rz_bin.h:619
rz_bin_section_t::has_strings
bool has_strings
Definition: rz_bin.h:632
rz_bin_section_t::vaddr
ut64 vaddr
Definition: rz_bin.h:622
rz_bin_section_t::vsize
ut64 vsize
Definition: rz_bin.h:621
rz_buf_t
Definition: rz_buf.h:43
rz_lib_struct_t
Definition: rz_lib.h:57
rz_lib_struct_t::type
int type
Definition: rz_lib.h:58
rz_list_t
Definition: rz_list.h:18
rz_list_t::free
RzListFree free
Definition: rz_list.h:21
sbl_header
Definition: bin_mbn.c:12
sbl_header::sign_va
ut32 sign_va
Definition: bin_mbn.c:19
sbl_header::code_pa
ut32 code_pa
Definition: bin_mbn.c:18
sbl_header::paddr
ut32 paddr
Definition: bin_mbn.c:15
sbl_header::sign_sz
ut32 sign_sz
Definition: bin_mbn.c:20
sbl_header::cert_va
ut32 cert_va
Definition: bin_mbn.c:21
sbl_header::version
ut32 version
Definition: bin_mbn.c:14
sbl_header::vaddr
ut32 vaddr
Definition: bin_mbn.c:16
sbl_header::load_index
ut32 load_index
Definition: bin_mbn.c:13
sbl_header::cert_sz
ut32 cert_sz
Definition: bin_mbn.c:22
sbl_header::psize
ut32 psize
Definition: bin_mbn.c:17
sdb_t
Definition: sdb.h:63
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()