Jump to content

reverse-engineering assistance


davilla
 Share

8 posts in this topic

Recommended Posts

I'm posting to see if anyone wants to help with the reverse-engineering of an Apple command-line app that the AppleTV uses for SMC functions.

 

The AppleTV is different from normal Apple hardware in that an internal USB controller that handles IR functions also handles SMC functions. The goal is to reverse-engineering the USB protocol for enabling control on other platforms.

 

This app is "osputil", see http://wiki.awkwardtv.org/wiki/Osputil for a description. This task would be trivial for someone with IDA Pro and experience with disassembling mach-o apps. Unfortunately I don't own IDA Pro and my intel mach-o disassembly experience is weak.

 

see http://code.google.com/p/atv-bootloader/ for information about who I am and what I do.

 

Thanks

Scott

Link to comment
Share on other sites

I'm posting to see if anyone wants to help with the reverse-engineering of an Apple command-line app that the AppleTV uses for SMC functions.

 

The AppleTV is different from normal Apple hardware in that an internal USB controller that handles IR functions also handles SMC functions. The goal is to reverse-engineering the USB protocol for enabling control on other platforms.

 

This app is "osputil", see http://wiki.awkwardtv.org/wiki/Osputil for a description. This task would be trivial for someone with IDA Pro and experience with disassembling mach-o apps. Unfortunately I don't own IDA Pro and my intel mach-o disassembly experience is weak.

 

see http://code.google.com/p/atv-bootloader/ for information about who I am and what I do.

 

Thanks

Scott

I can but I have no the osputil.

Link to comment
Share on other sites

look for "OTX" i think it might give you a better output then IDA..

About "better" it is controversial question. Nontheless thank you for the new program. It is fast, compact and give me codes and commands in the same line. Some problems with unusual syntax but understandable. Great advantage is interface. IDA and HT have DOS interface with non-working hot keys. OTX has MacOSX interface!

ATIR200Memory::init_pool(unsigned long)
+0	00012e36  55					  pushl		  %ebp
+1	00012e37  89e5					  movl		  %esp,%ebp
+3	00012e39  57					  pushl		  %edi
+4	00012e3a  56					  pushl		  %esi
+5	00012e3b  53					  pushl		  %ebx
+6	00012e3c  83ec1c				  subl		  $0x1c,%esp
+9	00012e3f  8b7508				  movl		  0x08(%ebp),%esi
  +12	00012e42  8b06					  movl		  (%esi),%eax
  +14	00012e44  893424				  movl		  %esi,(%esp,1)
  +17	00012e47  ff504c				  call		  *0x4c(%eax)
  +20	00012e4a  84c0					  testb		  %al,%al
  +22	00012e4c  0f840d010000			  jel		  0x00012f5f
  +28	00012e52  c7460800000000		  movl		  $0x00000000,0x08(%esi)
  +35	00012e59  c7460c00000000		  movl		  $0x00000000,0x0c(%esi)

vs

; =============== S U B	R O U T	I N E =======================================

; Attributes: bp-based frame

; ATIR200Memory::init_pool(unsigned long)
	public __ZN13ATIR200Memory9init_poolEm
__ZN13ATIR200Memory9init_poolEm	proc near
			; CODE XREF: __ZN13ATIRadeon850025set_display_mode_and_vramEv+113p
			; __ZN13ATIRadeon850025set_display_mode_and_vramEv+139p ...

var_28		= dword	ptr -28h
var_24		= dword	ptr -24h
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch  // = f8

	push	ebp
	mov	ebp, esp
	push	edi
	push	esi
	push	ebx
	sub	esp, 1Ch
	mov	esi, [ebp+arg_0]
	mov	eax, [esi]
	mov	[esp+28h+var_28], esi
	call	dword ptr [eax+4Ch]
	test	al, al
	jz	loc_132C7
	mov	dword ptr [esi+8], 0
	mov	dword ptr [esi+0Ch], 0

Link to comment
Share on other sites

  • 3 weeks later...
Guest BuildSmart

Find a way to generate C or C++ source rather than ASM, it will make changes much easier and there are all kinds of solutions available.

Link to comment
Share on other sites

 Share

×
×
  • Create New...