PS3IDA Released!

On March 20, 2011, in Development, PS3, by kakaroto

It’s been a while since my last post! A lot has been happening lately, I’ve mostly kept my followers updated on what’s new through my Twitter account, but I think that this deserves a post of its own!

I’ve  been reversing some PPC code in IDA and unfortunately, it doesn’t handle the PS3 files very well, so I wrote a lot of scripts in order to make  it parse the files properly! There was one thing missing though that I couldn’t do with an .idc script : handling of jump tables.

Yesterday, I took on the task of writing an IDA plugin in order to parse the ppc code and find jump tables and define them in IDA’s kernel so the analysis is done properly! It was a very fun and exciting challenge that I enjoyed doing, and I’m happy to say that I succeeded and it works very well (on the files I tried anyways).

The IDA API is extensive and easy to use, and allows you to do pretty much anything! I also found the IDA Pro Book to be extremely well written and very useful! I would suggest to anyone who likes tinkering to try and write an IDA plugin, because it was a challenging but fun experience!

I initially wrote the plugin thinking that the jump table instruction patterns was always the same, but when I started testing, I found out that some instructions could have a different order, there might be inserted instructions in the middle of the pattern, or different registers being used, etc.. so I eventually had to rewrite my plugin and ended up using a class that comes from IDA’s SDK which takes care of “instruction rescheduling” and “intermingling of the jump sequence with other instructions”, at least I learned from my first try and it made my second try a lot easier. I also realized that I haven’t done any C++ in maybe 5 or 6 years, and I really forgot all about how to write C++ code. It was a bit embarassing to google “how to derive from a class in C++”, lol!

Anyways, I am now releasing my scripts and my PPCJT plugin for IDA under a new project : PS3IDA.

I’ve created the ps3ida repository on git-hacks.com (Thanks again to @dashhacks for providing us with this safe haven for all our legal tools). The repository contains many files, I suggest you read the README file for a description of each, but the most important ones are analyze_self.idc and analyze_sprx.idc. I’ve also ported my lv2_dump_analyzer.idc script to work with IDA 6.0.

There are two plugins in ps3ida, the first one is the well known PPCAltivec released by xorloser, I’ve decided to add it to the project so the source code stays available for anyone who needs it. I also slightly modified the source code so it compiles correctly on Linux using gcc 4.x. The second plugin is PPCJT that I wrote yesterday, it will find jump tables and define them in IDA’s kernel so the functions get properly analyzed. Just install it, and when you see a switch/case in the code, put the cursor on the ‘bctr’ instruction and press ‘C’ so it can parse the jump sequence and fix it, or just go to  “Options->General->Analysis->Reanalyze program” and it will fix them for all the file.

I have built the PPCJT plugin for Windows and Linux for IDA v6.0, you can download it here.

My personal suggestion, since IDA could screw up the analysis in its initial run, would be to completely undefine the file (Ctrl-PageUp + Alt-L + Ctrl-PageDown + U), then run the analyze_self.idc or analyze_sprx.idc.. it will take some time, but then you’ll get a beautiful file loaded :) Especially with the correctly named imports, this should help a lot any reverse engineer out there!

 

p.s: If you have no idea what I’m talking about, then this is not for you, this does not lead to any ‘CFW’ or jailbreaking of 3.60 or whatever else you might hope for… so don’t come here and post stupid and/or irrelevant questions of that kind… please do not comment if you’re not a user of IDA or if you don’t know what IDA is or if you don’t have anything constructive to say.

 

PPCJT v0.1 for IDA v6.0.

Enjoy!

KaKaRoTo

Tagged with:  

25 Responses to PS3IDA Released!

  1. kimdalanxa says:

    Ok! i dont wanna know what a IDA is… but i just commented at this ____ because the way u treated other people! who the ____ do you think u are? u have coding knowledge others have math or grammar or mechanical knowledges! when u need to repair yore car u search for a mechanic right? and trust me m8 that doesnt make u a stupid person on planet and the mechanichs not gonna tell u to shut up… WE ALL NEED EACH OTHERS…

    • xPreatorianx says:

      @Kim he said that because of all the noobs that will inevitably send him countless PMS asking if this will allow them to use CFW. So he did a preemptive strike. I can’t use IDA at all but I wasn’t offended by his comments. If you were, you need to grow a bit thicker skin.

      Good article though that’s for sure.

      • kimdalanxa says:

        i was not offended for what he wrote! i just told him in other words for him to put hes feet on earth! no 1 is better than other, now just because i can code doesnt mean that im better than you or any1 on this page! if i go into a mac donalds store i need the guy thats behind the balcony to prepare me a big mac because i cant do it myself… people just need to be more humbles these days….

        • kakaroto says:

          @kimdalanxa: I have censored your message, and removed the duplicates, please stay respectful, or I will remove your posts. I also removed the second thread where someone attacked you in response because I do not accept insults in here.

          Just to make one thing clear, I am (or try to be) humble, and I *never* and will *never* say that any single person is better than another… exactly the way you pointed out, I’ve always said that one person can be ‘relatively better’ than another in one specific field, but the other person will also be ‘relatively better’ in another field, but in general, one person can never be compared to another as being better or not.

          When I said that “message to all stupid people”, I never said, and never thought about it as being “to all those who don’t understand IDA, you’re stupid”, on the contrary, it means exactly what it is, as it was written, it’s a message to anyone who is stupid (irrelevant to their knowledge of IDA or not), telling them that IF they don’t know what this post is about, then refrain from commenting asking about “does this enable cfw/backups/whatever”. If you’re not a stupid person, then that message doesn’t apply to you, and that is completely unrelated to your knowledge of computers, programming, IDA, or whatnot!
          The only ‘measure’ of these people’s “stupidity” in my definition, is on whether or not all they can think of is “OMG, OMG, CFW, CFW!!!”

          If you receive about 30 to 50 messages, emails, PMs, tweets, etc.. PER DAY asking you about a 3.60 CFW or downgrade or asking if when you said “hi” it could have been interpreted as “hi, I have a solution for a cfw”, then you’d understand why any kind of preemptive action is needed to diminish the kind of responses I keep getting.

          If you have any suggestions for how to reformulate that sentence that you’d think would communicate what I meant, but without the risk of being misinterpreted and offending anyone, please let me know in the comments.

          Thanks,
          KaKaRoTo

          • Hussain Abuidrees says:

            Calm down people. You don’t need to fight. Actually each one of you raised good points. I don’t think xPreatorianx had to interrupt from the very begining. I also agree with kimdalanxa in his opinion, but it shouldn’t be direct!

            Keep working KaKaRoTo, we are waiting for 3.60 =p .. lol

  2. [...] PPCJT v0.1 for IDA v6.0] [VIA KaKaRoTo Blog] if(document.location.protocol=='http:'){ var [...]

  3. bluemimmosa says:

    well, seems a nice writeup, writing plugins for ida is kinda fun, i also wrote the spu proc module earlier this year.. and the book you refered by chiris eagle is a very good book on ida. anyway it was nice to see these collection of plugins. me, am no good on c++, but kinda learining it, i had only c experience, but when dealing with large projects i cant manage things and manage code flow… anyway, i just commented for saying ida is great. and i think its time for me to jump off to python, you know what now ida python is there for easy plugins writing.. :P

  4. N.N. says:

    Great work!
    Both you and graf_chokobo impresses me!

  5. kimdalanxa says:

    If you have no idea what I’m talking about, then this is not for you, this does not lead to any ‘CFW’ or jailbreaking of 3.60 or whatever else you might hope for…
    so dont come here and post stupid and irrelevant questions of that kind… so plz do not comment if youre not a user of IDA or if you don’t know what IDA is.
    I know is complicated when someones allways behind yore S asking you the same shiit all day with pm´s tweets and stuff like that, i respect yore patience on that matter, but generaly most of those that keep annoying u without knowing where to stop, theyre childrens that only concerns with backups on their ps3s!
    they just dont care with anything else! But hey there are mans here two, and that “ps” part offended me as a man from where i come from u gotta respect everybody around you. “You” cant call me stupid and “you” cant tell me to stfu. “respect me if you wanna be respected” thats the deal. Im sorry for annoying u with this matter cause i know you have more important stuff to do, but im no moralist just an educatted guy and i know u are two but that “ps” text doesnt feet in you! please consider in change that cause i know yore smarter than that… Ps: sorry for my bad english!

    • kakaroto says:

      Thanks, moving the ‘stupid people’ into ‘stupid and irrelevant questions’ is good. I’ve modified the p.s.. I also added a “constructive comment” wording so it gives a ‘chance’ for people non familiar with IDA to still post if they have anything to say.
      And of course, respect has to go both ways, and I’m sorry if that offended you, as I explained, that wasn’t my intention.

      • kimdalanxa says:

        Making mistakes is typical in human beings! but admitting that they were wrong in somethig is DIVINE! yore a Man with capital M! keep up the good work and keep us updated with yore new projects….

  6. alexandernst says:

    I’m missing amsn related stuff on this blog lately :(
    But really good job sensei! Keep the good work!

    • kakaroto says:

      Thanks! I don’t think I’ll write about aMSN, unless I’m the one doing something… any other ‘news’ would go to the amsn-project.net/blog instead. I wanted to post that amsn development history youtube video on the amsn front page news! Will do it maybe later.

  7. 0xCAFEBABE says:

    @kakaroto do you know if there is a plugin which would auto comment PPC code instructions similar to regular x86 asm which is already included in IDA Pro ? Basically i know x86 but i have to look up every command form PPC ASM and it would be nice if there would be a comment next to each instruction what it does.

  8. [...] Fuente de noticias | KaKaRoTo’s Blog [...]

  9. Real_God says:

    Super awesome!

    This is better than CFW !

  10. Jimminy KriKet says:

    I don’t know where else to write this so here it goes…
    How possible is it via changing the DNS on the ps3 to sort of clone a playstation store that only installs homebrew sort of like the wii has a homebrew application that searches and installs them for you… Because then there would be no need for a CFW you can just install signed pkg’s for the homebrew you’d like to use…

    Just an idea

  11. Mr Wicked says:

    heh. Just found your repositories, they are full of scripts. never mind my post :-)

    • kakaroto says:

      yeah, was just going to suggest looking into the repo for the analyze_* scripts, they do a lot more than that (imports/exports are very helpful)

  12. Goblom says:

    Just wondering… Will this also be available for IDA 5.5? Or will it only be released for IDA 6.0