-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Binary disassembly and decompilation howto using Ghidra #44
Comments
Thank you for the detailed guide, but I also think that you need to set the load address to 0x8000000 |
Yeah I think you could be right. 08008590 is a data block referenced by a pointer located at 08004128, and PTR_DAT_08004108 is referenced by FUN_08004100:08004100 which returns the pointer data. That appears to make more sense. Are we able to share the decompiled source code? Just wondering on the best way to collaborate on deconstructing what the functions and parameter data are doing. At the very least I'd like to figure out how to clear the gibberish that is displayed on my home screen. |
Yes, those options are for debugging purposes - it gives an at-a-glance view of what version of the hacked firmware has been compiled as well as which UI settings have been enabled or disabled. Feel free to comment that out of the patch script. |
Ok cool, I didn't realize those were intentional, I just thought it was some gibberish buffer overflow or something. I'm a principal computer systems engineer but this project isn't anywhere near my area of specialization so I don't have a lot of direct experience with reverse engineering. |
how change image in home ? |
The main chip on my AirSense 10 AutoSet is a STMicroelectronics STM32F405ZGT6. This is an ARM Cortex-M4 32-bit ISA, however the Internet says the Cortex-M series only supports the 16-bit Thumb ISA.
STM32F405ZG Datasheet:
https://www.st.com/resource/en/datasheet/stm32f405zg.pdf
16-bit Thumb ISA Quick Reference:
http://infocenter.arm.com/help/topic/com.arm.doc.qrc0006e/QRC0006_UAL16.pdf
High-res photos of the front and back of the main board in the AirSense 10 AutoSet: http://imgur.com/a/01iV4kP
I was able to successfully disassemble and decompile functions into C source code using Ghidra, below are the steps that I followed:
https://ghidra-sre.org
https://www.oracle.com/java/technologies/javase-jdk14-downloads.html
The text was updated successfully, but these errors were encountered: