---+!! Iaudio Reverse Engineering using IDA Pro %TOC% ---++ Introduction This is a short guide how to begin reverse engineering the Iaudio's firmware using IDA Pro. I'm using IDA v4.7 and X5 firmware 2.10 beta 7. * [[http://www.datarescue.com][DataRescue - Makers of IDA Pro]] * [[http://www.cowonamerica.com/download/iaudio_x5_jsfw.html][Iaudio X5 firmware download]] ---+++ Step 1 From x5_fw.bin extract bytes 0 to 67054 to file "x5_flash.bin" This contains the first part of the firmware stored in FLASH memory. The whole x5_fw.bin is stored in flash but this first part is interesting because it is a "loader". It "loads" sections from FLASH into SDRAM and IRAM. ---+++ Step 2 Start IDA and open "x5_flash.bin" * Select processor "Motorola Coldfire", press SET and OK. * Select "Create ROM section" * Enter "ROM start address": 0xefd0 * Enter "Loading address": 0xefd0 * Press OK. This constant 0xefd0 is a delta value describing where the firmware (x5_fw.bin) is stored in flash. It means that byte 0 of the file is stored in flash address 0x0000EFD0 in the CPU's address space. ---+++ Step 3 Now it's time to import the rest of the firmware. * Download [[%ATTACHURL%/iaudio_load.idc][iaudio_load.idc]] * Edit the file so the firmware filename and path is correct. * Run script using: File -> IDC file -> iaudio_load.idc * It will take some time to load and analyze the firmware. Take cup of coffee.. Now the firmware has been loaded and you can start working. The load script makes a lot into code, but you have to go through and make some parts into code yourself. Note that IDA can't decode a few instructions, probably related to EMAC (they usually start with opcode 0xA3). Also find and make strings. Happy reverse-engineering! ---++ TODO * Document interesting functions - location and purpose. * Find how the last section of FLASH is loaded into SDRAM. Now the 341994 bytes of firmware is unloaded.
27 Jan 2006 - 19:05
IDA Load script for Iaudio X5 firmware
ore topic actions
r1 - 27 Jan 2006 - 19:04:28 -
Copyright © by the contributing authors.