Jump to content

reverse-engineering assistance


  • Please log in to reply
7 replies to this topic

#1
davilla

davilla

    InsanelyMac Protégé

  • Members
  • Pip
  • 18 posts
I'm posting to see if anyone wants to help with the reverse-engineering of an Apple command-line app that the AppleTV uses for SMC functions.

The AppleTV is different from normal Apple hardware in that an internal USB controller that handles IR functions also handles SMC functions. The goal is to reverse-engineering the USB protocol for enabling control on other platforms.

This app is "osputil", see http://wiki.awkwardtv.org/wiki/Osputil for a description. This task would be trivial for someone with IDA Pro and experience with disassembling mach-o apps. Unfortunately I don't own IDA Pro and my intel mach-o disassembly experience is weak.

see http://code.google.c...atv-bootloader/ for information about who I am and what I do.

Thanks
Scott

#2
Slice

Slice

    InsanelyMacaholic

  • Local Moderators
  • 2,976 posts
  • Gender:Male
  • Location:Moscow

I'm posting to see if anyone wants to help with the reverse-engineering of an Apple command-line app that the AppleTV uses for SMC functions.

The AppleTV is different from normal Apple hardware in that an internal USB controller that handles IR functions also handles SMC functions. The goal is to reverse-engineering the USB protocol for enabling control on other platforms.

This app is "osputil", see http://wiki.awkwardtv.org/wiki/Osputil for a description. This task would be trivial for someone with IDA Pro and experience with disassembling mach-o apps. Unfortunately I don't own IDA Pro and my intel mach-o disassembly experience is weak.

see http://code.google.c...atv-bootloader/ for information about who I am and what I do.

Thanks
Scott

I can but I have no the osputil.

#3
davilla

davilla

    InsanelyMac Protégé

  • Members
  • Pip
  • 18 posts
download http://mesu.apple.co...Z694-5485-1.dmg

See "usr/bin/osputil"

Thanks for the attempt.

#4
Slice

Slice

    InsanelyMacaholic

  • Local Moderators
  • 2,976 posts
  • Gender:Male
  • Location:Moscow

download http://mesu.apple.co...Z694-5485-1.dmg

See "usr/bin/osputil"

Thanks for the attempt.

Take!

#5
dubhead

dubhead

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 165 posts
look for "OTX" i think it might give you a better output then IDA..

#6
Slice

Slice

    InsanelyMacaholic

  • Local Moderators
  • 2,976 posts
  • Gender:Male
  • Location:Moscow

look for "OTX" i think it might give you a better output then IDA..

About "better" it is controversial question. Nontheless thank you for the new program. It is fast, compact and give me codes and commands in the same line. Some problems with unusual syntax but understandable. Great advantage is interface. IDA and HT have DOS interface with non-working hot keys. OTX has MacOSX interface!
ATIR200Memory::init_pool(unsigned long)
	+0	00012e36  55					  pushl		  %ebp
	+1	00012e37  89e5					  movl		  %esp,%ebp
	+3	00012e39  57					  pushl		  %edi
	+4	00012e3a  56					  pushl		  %esi
	+5	00012e3b  53					  pushl		  %ebx
	+6	00012e3c  83ec1c				  subl		  $0x1c,%esp
	+9	00012e3f  8b7508				  movl		  0x08(%ebp),%esi
   +12	00012e42  8b06					  movl		  (%esi),%eax
   +14	00012e44  893424				  movl		  %esi,(%esp,1)
   +17	00012e47  ff504c				  call		  *0x4c(%eax)
   +20	00012e4a  84c0					  testb		  %al,%al
   +22	00012e4c  0f840d010000			  jel		  0x00012f5f
   +28	00012e52  c7460800000000		  movl		  $0x00000000,0x08(%esi)
   +35	00012e59  c7460c00000000		  movl		  $0x00000000,0x0c(%esi)
vs
; =============== S U B	R O U T	I N E =======================================

; Attributes: bp-based frame

; ATIR200Memory::init_pool(unsigned long)
		public __ZN13ATIR200Memory9init_poolEm
__ZN13ATIR200Memory9init_poolEm	proc near
				; CODE XREF: __ZN13ATIRadeon850025set_display_mode_and_vramEv+113p
				; __ZN13ATIRadeon850025set_display_mode_and_vramEv+139p ...

var_28		= dword	ptr -28h
var_24		= dword	ptr -24h
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch  // = f8

		push	ebp
		mov	ebp, esp
		push	edi
		push	esi
		push	ebx
		sub	esp, 1Ch
		mov	esi, [ebp+arg_0]
		mov	eax, [esi]
		mov	[esp+28h+var_28], esi
		call	dword ptr [eax+4Ch]
		test	al, al
		jz	loc_132C7
		mov	dword ptr [esi+8], 0
		mov	dword ptr [esi+0Ch], 0


#7
davilla

davilla

    InsanelyMac Protégé

  • Members
  • Pip
  • 18 posts
Got it. Thanks for the assistance.

Scott

#8
Guest: BuildSmart_*

Guest: BuildSmart_*
  • Guests
Find a way to generate C or C++ source rather than ASM, it will make changes much easier and there are all kinds of solutions available.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy