SHARE
TWEET

Untitled

a guest Oct 17th, 2019 130 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ###########################################################
  2. # TX SX OS MIPS VM disassembler - by hexkyz and naehrwert #
  3. ###########################################################
  4.  
  5. import os
  6. import re
  7. import struct
  8.  
  9. host_calls_0 = {
  10.     0x8E943DA2 : "host_crc32 (ptr r4r5, len r6)",
  11.     0xD4AC6D16 : "host_expmod (dst r4, mod r5, exp r6, exp_size r7)",
  12.     0x87205A64 : "host_read_u64 (r2r3 = *r4r5)",
  13.     0x5BECE776 : "host_aes_set_key (ptr r4)",
  14.     0xC58ACD13 : "host_call_function (ptr r4, arg r5)",
  15.     0xBA4FC26A : "host_memcmp (ptr1 r4r5, ptr2 r6r7, len stk4)",
  16.     0xFD859C9C : "host_data_cache_civac (ptr r4, len r5)",
  17.     0x6445C898 : "host_write_u64 (*r4r5 = r6r7)",
  18.     0x308EBEA4 : "host_get_ipc_result",
  19.     0xA4345EDA : "host_memmove (ptr1 r4, ptr2 r5, len r6)",
  20.     0xFB198D4C : "host_aes_enc_cbc",
  21.     0x93F23757 : "host_rsa_oaep",
  22.     0xB68EA896 : "host_aes_dec_cbc",
  23.     0x46915487 : "host_aes_ctr",
  24.     0x5045611F : "host_sha2 (ptr r4, len r5, dst ptr r6r7)",
  25.     0x2E3DB2AB : "host_vm_memcpy (dst r4, src r5, size r6)",
  26.     0x8CC2D88C : "host_sha2_hmac",
  27.     0x9D104BEC : "host_get_license_buf",
  28.     0x42D35BC8 : "host_get_field_98",
  29.     0x4F56CFC3 : "host_vm_get_ptr",
  30.     0x24083A54 : "host_parse_ipc_cmd",
  31.     0x37646C3F : "host_vm_memcmp",
  32.     0x418B8052 : "host_memcpy",
  33.     0xC2A24132 : "host_memcpy",
  34.     0x80A67D6D : "host_vm_memset",
  35.     0x680419E7 : "host_read_u32",
  36.     0x9D063E97 : "host_read_u8",
  37.     0x9BE8BFCA : "host_fat_open_file",
  38.     0x66E9BFF7 : "host_ipc_handle",
  39.     0x5CC2894D : "host_svcSendSyncRequest",
  40.     0x63F3D563 : "host_connect_to_service",
  41.     0x2F365F20 : "host_search_pattern",
  42.     0x70757343 : "host_write_u32",
  43.     0xE02CE3F9 : "host_memset",
  44. }
  45.  
  46. host_calls_1 = {
  47.     0x9B40C841 : "host_crc32 (ptr r4r5, len r6)",
  48.     0xC8B077C8 : "host_expmod (dst r4, mod r5, exp r6, exp_size r7)",
  49.     0x921495FE : "host_read_u64 (r2r3 = *r4r5)",
  50.     0x5A6641E2 : "host_aes_set_key (ptr r4)",
  51.     0xC58ACD13 : "host_call_function (ptr r4, arg r5)",
  52.     0xB0BCD374 : "host_memcmp (ptr1 r4r5, ptr2 r6r7, len stk4)",
  53.     0xFD859C9C : "host_data_cache_civac (ptr r4, len r5)",
  54.     0x6F946C26 : "host_write_u64 (*r4r5 = r6r7)",
  55.     0x1ACB4B1B : "host_get_ipc_result",
  56.     0xA4345EDA : "host_memmove (ptr1 r4, ptr2 r5, len r6)",
  57.     0xF243B10F : "host_aes_enc_cbc",
  58.     0x9D39D484 : "host_rsa_oaep",
  59.     0xB08249FB : "host_aes_dec_cbc",
  60.     0x44AAA3FC : "host_aes_ctr",
  61.     0x4BE3D010 : "host_sha2 (ptr r4, len r5, dst ptr r6r7)",
  62.     0x0B7944DC : "host_vm_memcpy (dst r4, src r5, size r6)",
  63.     0x93217280 : "host_sha2_hmac",
  64.     0xAA840564 : "host_get_license_buf",
  65.     0x3766570A : "host_get_field_98",
  66.     0x45872313 : "host_vm_get_ptr",
  67.     0x001A6147 : "host_parse_ipc_cmd",
  68.     0x28DA2760 : "host_vm_memcmp",
  69.     0x370C4363 : "host_memcpy",
  70.     0xB66C364C : "host_memcpy",
  71.     0x8CFF0E3B : "host_vm_memset",
  72.     0x74ADB312 : "host_read_u32",
  73.     0xA9A17504 : "host_read_u8",
  74.     0xA049A7D6 : "host_fat_open_file",
  75.     0x70B8F5BF : "host_ipc_handle",
  76.     0x686E04E0 : "host_svcSendSyncRequest",
  77.     0x6C803A13 : "host_connect_to_service",
  78.     0x1205F934 : "host_search_pattern",
  79.     0x85DFF35C : "host_write_u32",
  80.     0xCC8A94A1 : "host_memset",
  81. }
  82.  
  83. xor_block = re.sub(r"\W", "", """
  84. F0 A4 46 B0 C6 B1 9A E0 81 83 F8 0A 0A CE B3 4A
  85. 56 57 BF 88 81 1E 7D 7A 0C D1 AE B4 C1 58 A3 B3
  86. 64 BE 39 BC F1 72 2E 7E 66 12 6B D2 8C 69 04 3A
  87. CB 84 52 FB F1 AC 98 F0 94 92 6F E9 BD 83 E6 7E
  88. 51 12 55 A5 4B B2 73 39 55 BB 96 A5 B8 0B FD 49
  89. 42 33 5F 61 8D 16 2D B9 57 26 21 A0 23 C3 D0 B6
  90. 59 51 6A 5E BD A8 3C 77 1B DB CE D2 C5 ED 36 C1
  91. 2D B9 68 3F 44 BC FB 70 88 7D 74 F2 9E 70 4E FF
  92. F3 19 72 9E 32 06 91 BF D9 42 47 EE 1C 3B B8 D9
  93. BB CF 0C C7 29 EC F2 A3 E2 46 6B EC 68 41 4C DA
  94. 2C 9D 05 02 F0 6D F8 24 41 7E 5E B6 78 37 18 95
  95. 1D EB FB 27 8F 34 A1 B1 7D 3B C8 87 51 E7 D0 BB
  96. 68 09 D2 8F 42 38 D1 01 81 93 CB 0E 7D 1B ED B8
  97. 0A 0E 58 CF D9 FC 3E C6 0D 6A F5 41 DC 7D C7 11
  98. BD D5 B3 88 02 8D 74 87 A2 FD 2C 52 20 B5 8B D5
  99. D2 41 BF 36 5E 5F C4 85 90 37 9E 7F 67 CA 87 10
  100. """).decode("hex")
  101.  
  102. rnam = [
  103.     "$zero",
  104.     "$at",
  105.     "$v0", "$v1",
  106.     "$a0", "$a1", "$a2", "$a3",
  107.     "$t0", "$t1", "$t2", "$t3", "$t4", "$t5", "$t6", "$t7",
  108.     "$s0", "$s1", "$s2", "$s3", "$s4", "$s5", "$s6", "$s7",
  109.     "$t8", "$t9",
  110.     "$k0", "$k1",
  111.     "$gp",
  112.     "$sp",
  113.     "$fp",
  114.     "$ra",
  115. ]
  116.  
  117. def vm_get_instr(p, i):
  118.     xi = (i & 0xFF)
  119.     x = struct.unpack("I", xor_block[xi : xi + 4])[0]
  120.     y = struct.unpack("I", p[i : i + 4])[0]
  121.     return x ^ y
  122.  
  123. def str_simm16(imm):
  124.     return "{0}0x{1:X}".format("-" if imm < 0 else "", -imm if imm < 0 else imm)
  125.  
  126. def decode_simm16(imm):
  127.     return -(0xFFFF - imm + 1) if imm & 0x8000 else imm
  128.  
  129. def vm_dis(p, version):
  130.     jal_targ = []
  131.     b_targ = []
  132.     lis_val = [-1] * 32
  133.     lines = [[""] for i in xrange(0, len(p), 4)]
  134.     for i in xrange(0, len(p), 4):
  135.         lines[i/4].append("{0:04X}\t\t".format(i))
  136.         inst = vm_get_instr(p, i)
  137.         op = inst >> 26
  138.         if ((version == 0) and (op == 53)) \
  139.             or ((version == 1) and (op == 20)):
  140.             reg = (inst >> 21) & 0x1F
  141.             off = inst & 0xFFFF
  142.             lines[i/4].append("bgz {0}, loc_{1:X}".format(rnam[reg], i + 4 * off))
  143.             b_targ.append(i + 4 * off)
  144.         elif ((version == 0) and (op == 15)) \
  145.             or ((version == 1) and (op == 34)):
  146.             dst_reg = (inst >> 16) & 0x1F
  147.             src_reg = (inst >> 21) & 0x1F
  148.             off = decode_simm16(inst & 0xFFFF)
  149.             lines[i/4].append("ld.32 {0}, [{1} + {2}]".format(rnam[dst_reg], rnam[src_reg], str_simm16(off)))
  150.         elif ((version == 0) and (op == 56)) \
  151.             or ((version == 1) and (op == 26)):
  152.             reg1 = (inst >> 16) & 0x1F
  153.             reg2 = (inst >> 21) & 0x1F
  154.             off = decode_simm16(inst & 0xFFFF)
  155.             lines[i/4].append("beq {0}, {1}, loc_{2:X}".format(rnam[reg1], rnam[reg2], i + 4 * off))
  156.             b_targ.append(i + 4 * off)
  157.         elif ((version == 0) and (op == 28)) \
  158.             or ((version == 1) and (op == 57)):
  159.             dst_reg = (inst >> 16) & 0x1F
  160.             src_reg = (inst >> 21) & 0x1F
  161.             imm = decode_simm16(inst & 0xFFFF)
  162.             lines[i/4].append("addi {0}, {1}, {2}".format(rnam[dst_reg], rnam[src_reg], str_simm16(imm)))
  163.         elif ((version == 0) and (op == 1 or op == 49)) \
  164.             or ((version == 1) and ((op == 6) or (op == 14))):
  165.             dst_reg = (inst >> 16) & 0x1F
  166.             src_reg = (inst >> 21) & 0x1F
  167.             off = decode_simm16(inst & 0xFFFF)
  168.             lines[i/4].append("ld.8 {0}, [{1} + {2}]".format(rnam[dst_reg], rnam[src_reg], str_simm16(off)))
  169.         elif ((version == 0) and (op == 20)) \
  170.             or ((version == 1) and (op == 0)):
  171.             imm = 4 * (inst & 0x3FFFFFF)
  172.             lines[i/4].append("j loc_{0:X}".format(imm))
  173.             b_targ.append(imm)
  174.         elif ((version == 0) and (op == 23)) \
  175.             or ((version == 1) and (op == 4)):
  176.             dst_reg = (inst >> 16) & 0x1F
  177.             imm = (inst << 16) & 0xFFFF0000
  178.             lines[i/4].append("lis {0}, 0x{1:X}".format(rnam[dst_reg], imm >> 16))
  179.             lis_val[dst_reg] = imm
  180.         elif ((version == 0) and (op == 21)) \
  181.             or ((version == 1) and (op == 37)):
  182.             reg1 = (inst >> 16) & 0x1F
  183.             reg2 = (inst >> 21) & 0x1F
  184.             off = decode_simm16(inst & 0xFFFF)
  185.             lines[i/4].append("beq {0}, {1}, loc_{2:X}".format(rnam[reg1], rnam[reg2], i + 4 * off))
  186.             b_targ.append(i + 4 * off)
  187.         elif ((version == 0) and (op == 10)) \
  188.             or ((version == 1) and (op == 31)):
  189.             dst_reg = (inst >> 16) & 0x1F
  190.             src_reg = (inst >> 21) & 0x1F
  191.             lines[i/4].append("unk {0}, {1}, {2:X}, {3:X}, {4:X}".format(rnam[dst_reg], rnam[src_reg], inst & 0x7FF, ((inst >> 6) & 0x1F), (inst & 0xFFFF) >> 11))
  192.         elif ((version == 0) and (op == 24)) \
  193.             or ((version == 1) and (op == 56)):
  194.             dst_reg = (inst >> 11) & 0x1F
  195.             src1_reg = (inst >> 21) & 0x1F
  196.             src2_reg = (inst >> 16) & 0x1F
  197.             lines[i/4].append("mul {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  198.         elif ((version == 0) and (op == 51)) \
  199.             or ((version == 1) and (op == 47)):
  200.             dst_reg = (inst >> 21) & 0x1F
  201.             src_reg = (inst >> 16) & 0x1F
  202.             off = decode_simm16(inst & 0xFFFF)
  203.             lines[i/4].append("st.8 [{0} + {1}], {2}".format(rnam[dst_reg], str_simm16(off), rnam[src_reg]))
  204.         elif ((version == 0) and ((op == 26) or (op == 35))) \
  205.             or ((version == 1) and ((op == 24) or (op == 35))):
  206.             dst_reg = (inst >> 16) & 0x1F
  207.             src_reg = (inst >> 21) & 0x1F
  208.             imm = inst & 0xFFFF
  209.             lines[i/4].append("sltiu {0}, {1}, 0x{2:X}".format(rnam[dst_reg], rnam[src_reg], imm))
  210.         elif ((version == 0) and (op == 17)) \
  211.             or ((version == 1) and (op == 60)):
  212.             imm = 4 * (inst & 0x3FFFFFF)
  213.             lines[i/4].append("jal sub_{0:X}".format(imm))
  214.             jal_targ.append(imm)
  215.         elif ((version == 0) and (op == 37)) \
  216.             or ((version == 1) and (op == 1)):
  217.             reg1 = (inst >> 16) & 0x1F
  218.             reg2 = (inst >> 21) & 0x1F
  219.             off = decode_simm16(inst & 0xFFFF)
  220.             lines[i/4].append("bne {0}, {1}, loc_{2:X}".format(rnam[reg1], rnam[reg2], i + 4 * off))
  221.             b_targ.append(i + 4 * off)
  222.         elif ((version == 0) and (op == 4)) \
  223.             or ((version == 1) and (op == 63)):
  224.             reg1 = (inst >> 16) & 0x1F
  225.             reg2 = (inst >> 21) & 0x1F
  226.             off = decode_simm16(inst & 0xFFFF)
  227.             lines[i/4].append("bneq {0}, {1}, loc_{2:X}".format(rnam[reg1], rnam[reg2], i + 4 * off))
  228.             b_targ.append(i + 4 * off)
  229.         elif ((version == 0) and (op == 39)) \
  230.             or ((version == 1) and (op == 30)):
  231.             dst_reg = (inst >> 16) & 0x1F
  232.             src_reg = (inst >> 21) & 0x1F
  233.             imm = inst & 0xFFFF
  234.             lines[i/4].append("ori {0}, {1}, 0x{2:X}".format(rnam[dst_reg], rnam[src_reg], imm))
  235.             if dst_reg == src_reg and lis_val[dst_reg] != -1:
  236.                 val = lis_val[dst_reg] | imm
  237.                 lis_val[dst_reg] = -1
  238.                 lines[i/4].append("; = 0x{0:X}".format(val))
  239.                 if dst_reg == 2:
  240.                     if ((version == 0) and (val in host_calls_0)):
  241.                         lines[i/4].append(" - {0}".format(host_calls_0[val]))
  242.                     elif ((version == 1) and (val in host_calls_1)):
  243.                         lines[i/4].append(" - {0}".format(host_calls_1[val]))
  244.                     else:
  245.                         lines[i/4].append(" - UNK")
  246.         elif ((version == 0) and (op == 32)) \
  247.             or ((version == 1) and (op == 51)):
  248.             dst_reg = (inst >> 21) & 0x1F
  249.             src_reg = (inst >> 16) & 0x1F
  250.             off = decode_simm16(inst & 0xFFFF)
  251.             lines[i/4].append("st.32 [{0} + {1}], {2}".format(rnam[dst_reg], str_simm16(off), rnam[src_reg]))
  252.         elif ((version == 0) and (op == 29)) \
  253.             or ((version == 1) and (op == 61)):
  254.             dst_reg = (inst >> 16) & 0x1F
  255.             src_reg = (inst >> 21) & 0x1F
  256.             imm = inst & 0xFFFF
  257.             lines[i/4].append("xori {0}, {1}, 0x{2:X}".format(rnam[dst_reg], rnam[src_reg], imm))
  258.         elif ((version == 1) and (op == 21)):
  259.             dst_reg = (inst >> 16) & 0x1F
  260.             src_reg = (inst >> 21) & 0x1F
  261.             imm = inst & 0xFFFF
  262.             lines[i/4].append("andi {0}, {1}, 0x{2:X}".format(rnam[dst_reg], rnam[src_reg], imm))
  263.         elif ((version == 0) and (op == 18)) \
  264.             or ((version == 1) and (op == 3)):
  265.             sop = inst & 0x3F
  266.             if ((version == 0) and (sop == 12)) \
  267.                 or ((version == 1) and (sop == 15)):
  268.                 dst_reg = (inst >> 11) & 0x1F
  269.                 src_reg = (inst >> 16) & 0x1F
  270.                 imm = (inst >> 6) & 0x1F
  271.                 lines[i/4].append("shr {0}, {1}, 0x{2:X}".format(rnam[dst_reg], rnam[src_reg], imm))
  272.             elif ((version == 0) and (sop == 48)) \
  273.                 or ((version == 1) and (sop == 20)):
  274.                 dst_reg = (inst >> 11) & 0x1F
  275.                 src1_reg = (inst >> 21) & 0x1F
  276.                 src2_reg = (inst >> 16) & 0x1F
  277.                 lines[i/4].append("ashr {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  278.             elif ((version == 0) and (sop == 52)) \
  279.                 or ((version == 1) and (sop == 6)):
  280.                 dst_reg = (inst >> 11) & 0x1F
  281.                 src1_reg = (inst >> 21) & 0x1F
  282.                 src2_reg = (inst >> 16) & 0x1F
  283.                 lines[i/4].append("shr {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  284.             elif ((version == 0) and (sop == 53)) \
  285.                 or ((version == 1) and (sop == 23)):
  286.                 dst_reg = (inst >> 11) & 0x1F
  287.                 src1_reg = (inst >> 21) & 0x1F
  288.                 src2_reg = (inst >> 16) & 0x1F
  289.                 lines[i/4].append("sub {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  290.             elif ((version == 0) and (sop == 7)) \
  291.                 or ((version == 1) and (sop == 0)):
  292.                 dst_reg = (inst >> 11) & 0x1F
  293.                 src1_reg = (inst >> 21) & 0x1F
  294.                 src2_reg = (inst >> 16) & 0x1F
  295.                 lines[i/4].append("xor {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  296.             elif ((version == 0) and (sop == 63)) \
  297.                 or ((version == 1) and (sop == 3)):
  298.                 reg = (inst >> 21) & 0x1F
  299.                 lines[i/4].append("jr {0}".format(rnam[reg]))
  300.             elif ((version == 0) and (sop == 62)) \
  301.                 or ((version == 1) and (sop == 37)):
  302.                 dst_reg = (inst >> 11) & 0x1F
  303.                 src1_reg = (inst >> 21) & 0x1F
  304.                 src2_reg = (inst >> 16) & 0x1F
  305.                 lines[i/4].append("and {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  306.             elif ((version == 0) and (sop == 6)) \
  307.                 or ((version == 1) and (sop == 55)):
  308.                 dst_reg = (inst >> 11) & 0x1F
  309.                 src1_reg = (inst >> 21) & 0x1F
  310.                 src2_reg = (inst >> 16) & 0x1F
  311.                 lines[i/4].append("add {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  312.             elif ((version == 0) and (sop == 30)) \
  313.                 or ((version == 1) and (sop == 12)):
  314.                 dst_reg = (inst >> 11) & 0x1F
  315.                 src1_reg = (inst >> 21) & 0x1F
  316.                 src2_reg = (inst >> 16) & 0x1F
  317.                 lines[i/4].append("nor {0}, ~{1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  318.             elif ((version == 0) and (sop == 14)) \
  319.                 or ((version == 1) and (sop == 52)):
  320.                 dst_reg = (inst >> 11) & 0x1F
  321.                 src1_reg = (inst >> 21) & 0x1F
  322.                 src2_reg = (inst >> 16) & 0x1F
  323.                 lines[i/4].append("cmov.nz {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  324.             elif ((version == 0) and (sop == 27)) \
  325.                 or ((version == 1) and (sop == 24)):
  326.                 dst_reg = (inst >> 11) & 0x1F
  327.                 src_reg = (inst >> 16) & 0x1F
  328.                 imm = (inst >> 6) & 0x1F
  329.                 if (dst_reg == 0) and (src_reg == 0) and (imm == 0):
  330.                     lines[i/4].append("nop")
  331.                 else:
  332.                     lines[i/4].append("shl {0}, {1}, 0x{2:X}".format(rnam[dst_reg], rnam[src_reg], imm))
  333.             elif ((version == 0) and (sop == 49)) \
  334.                 or ((version == 1) and (sop == 40)):
  335.                 dst_reg = (inst >> 11) & 0x1F
  336.                 src1_reg = (inst >> 21) & 0x1F
  337.                 src2_reg = (inst >> 16) & 0x1F
  338.                 lines[i/4].append("shl {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  339.             elif ((version == 0) and (sop == 3)) \
  340.                 or ((version == 1) and (sop == 14)):
  341.                 dst_reg = (inst >> 11) & 0x1F
  342.                 src_reg = (inst >> 21) & 0x1F
  343.                 lines[i/4].append("brx {0}, {1}".format(rnam[dst_reg], rnam[src_reg]))
  344.             elif ((version == 0) and (sop == 33)) \
  345.                 or ((version == 1) and (sop == 18)):
  346.                 dst_reg = (inst >> 11) & 0x1F
  347.                 src1_reg = (inst >> 21) & 0x1F
  348.                 src2_reg = (inst >> 16) & 0x1F
  349.                 lines[i/4].append("or {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  350.             elif ((version == 0) and (sop == 43)) \
  351.                 or ((version == 1) and (sop == 11)):
  352.                 dst_reg = (inst >> 11) & 0x1F
  353.                 src1_reg = (inst >> 21) & 0x1F
  354.                 src2_reg = (inst >> 16) & 0x1F
  355.                 lines[i/4].append("slt {0}, {1}, {2}".format(rnam[dst_reg], rnam[src1_reg], rnam[src2_reg]))
  356.             elif ((version == 0) and (sop == 1)) \
  357.                 or ((version == 1) and (sop == 36)):
  358.                 lines[i/4].append("host_call")
  359.             else:
  360.                 lines[i/4].append("extended op 0x{0:X}".format(sop))
  361.         else:
  362.             lines[i/4].append("unknown op 0x{0:X}".format(op))
  363.     for i in xrange(0, len(p), 4):
  364.         if i in jal_targ:
  365.             lines[i/4] = ["\n;------- subroutine -------\nsub_{0:X}:\n".format(i)] + lines[i/4]
  366.         elif i in b_targ:
  367.             lines[i/4] = ["\nloc_{0:X}:\n".format(i)] + lines[i/4]
  368.     return lines
  369.  
  370. # Open main file
  371. f = open("boot.dat", "rb")
  372. b = f.read()
  373. f.close()
  374.  
  375. # Extract the version
  376. boot_ver = struct.unpack("II", b[0x08:0x10])
  377.  
  378. # Only support the most relevant versions
  379. if boot_ver[1] == 0x342E3156:                                 # TX BOOT V1.4
  380.     vm_off = 0x4E470
  381.     vm_size = 0x194C
  382.     vm_version = 0
  383. elif (boot_ver[1] == 0) and (boot_ver[0] == 0x392E3256):      # TX BOOT V2.9
  384.     vm_off = 0xA45C8
  385.     vm_size = 0x1ED4
  386.     vm_version = 1
  387. else:
  388.     exit()
  389.  
  390. # Enter the Loader KIP's directory
  391. if os.path.exists("./sxos/firmware/Loader/"):
  392.     os.chdir("./sxos/firmware/Loader/")
  393. else:
  394.     exit()
  395.  
  396. # Open and read the extracted Loader binary
  397. f = open("Loader.bin", "rb")
  398. v = f.read()
  399. f.close()
  400.  
  401. # Locate and disassemble the MIPS VM
  402. f = open("Loader_VM.asm", "w")
  403. lines = vm_dis(v[vm_off:vm_off+vm_size], vm_version)
  404. for l in lines:
  405.     f.write("%s\n" % "".join(l));
  406. f.close()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top