Merge branch 'master' of gitlab.amer.irdeto.com:ben.gardiner/rhme3

Author: JonathanBeverley

atxmega128a4u/scripts/avr_stack_vars.py

@@ -42,7 +42,17 @@ def make_stack_variable(func_start, offset, name, size):
                     None, size) == 0:
                 return 1
             else:
-                return 0
+                raise ValueError("failed to create stack frame member %s @ +0x%x in function @ 0x%x" % (name, offset, func_start))
+
+    def get_stack_variable_name(func_start, offset):
+        func = idaapi.get_func(func_start)
+        frame = idaapi.get_frame(func)
+        if frame is None:
+            raise ValueError("couldn't get frame for function @ 0x%x" % func_start)
+
+        offset += func.frsize
+        member = idaapi.get_member(frame, offset)
+        return idaapi.get_member_name(member.id)
 
     def is_latter_of_stack_sequential_instructions(prev_line, curr_line, op_num):
         other_op_num = 0
@@ -74,6 +84,9 @@ def operand_to_stack_variable(curr_line, op_num):
         idc.OpStkvar(curr_line.ea, op_num)
         return
 
+    def get_next_line(line):
+        return sark.Line(line.ea + len(line.bytes))
+
     def create_stack_variable_from_operand(curr_line, op_num):
         try:
             curr_insn = curr_line.insn
@@ -86,14 +99,19 @@ def create_stack_variable_from_operand(curr_line, op_num):
         stack_offset = curr_insn.operands[op_num].offset
         this_function = sark.Function(curr_line.ea)
 
-        next_line = sark.Line(curr_line.ea + len(curr_line.bytes))
+        next_line = get_next_line(curr_line)
         size = 2 if is_latter_of_stack_sequential_instructions(curr_line, next_line, op_num) else 1
 
         logger.info("creating %d byte stack variable @ 0x%x based on %s && %s" % (size, stack_offset, curr_line, next_line))
 
         make_stack_variable(this_function.startEA, stack_offset, "var_%x" % stack_offset, size)
         return
 
+    def is_sensible_instruction(insn):
+        return (len(insn.operands) == 2 and
+                str(insn.operands[0]) != '' and str(insn.operands[1]) != ''
+               )
+
     def all_y_stack_vars_here():
         ea = idc.here()
         this_function = sark.Function(ea)
@@ -131,9 +149,43 @@ def all_y_stack_vars_here():
                 if not is_latter_of_stack_sequential_instructions(prev, line, 0): # avoid marking a stack var for the second part of a sequential load
                     create_stack_variable_from_operand(line, 0)
 
-            # TODO also for Y+ in operand 0
             prev = line
 
+        for a1st_line in this_function.lines:
+            a2nd_line = get_next_line(a1st_line)
+            a3rd_line = get_next_line(a2nd_line)
+
+            if a2nd_line.ea > this_function.endEA or a3rd_line.ea > this_function.endEA:
+                continue
+
+            try:
+                a1st_insn = a1st_line.insn
+                a2nd_insn = a2nd_line.insn
+                a3rd_insn = a3rd_line.insn
+            except sark.exceptions.SarkNoInstruction:
+                logger.debug("skipping %s && %s && %s" % (a1st_line, a2nd_line, a3rd_line))
+                continue
+
+            if (not is_sensible_instruction(a1st_insn)) or (not is_sensible_instruction(a2nd_insn)) or (not is_sensible_instruction(a3rd_insn)):
+                logger.debug("filtering %s && %s && %s" % (a1st_insn, a2nd_insn, a3rd_insn))
+                continue
+
+            if (str(a1st_insn.mnem) == 'movw' and (str(a1st_insn.operands[1]) == 'YL' or str(a1st_insn.operands[1].reg) == 'r28') and
+                str(a1st_insn.operands[0]) == str(a2nd_insn.operands[0]) and a2nd_insn.operands[0].reg == avr_get_register_pairs().get(a3rd_insn.operands[0].reg) and
+                str(a2nd_insn.mnem) == 'subi' and str(a3rd_insn.mnem) == 'sbci'
+               ):
+                stack_offset = -1 * int(a2nd_insn.operands[1].text, 0)
+                this_function = sark.Function(a1st_line.ea)
+
+                # TODO: guess size of stack var
+                size = 1
+                logger.info("creating %d byte stack variable @ 0x%x based on %s && %s && %s" % (size, stack_offset, a1st_line, a2nd_line, a3rd_line))
+
+                make_stack_variable(this_function.startEA, stack_offset, "var_%x" % stack_offset, size)
+
+                name = get_stack_variable_name(this_function.startEA, stack_offset)
+                idc.OpAlt(a2nd_line.ea, 1, name)
+
     print("some utility functions are defined:\nall_y_stack_vars_here()")
 
 except:

unauthorized/notes.md

@@ -149,7 +149,42 @@ parse_and_maybe_set_flag_printer(input){
 	if (saved_position != 0x1f)
 		die_and_remember
 
-
+TODO
+
+## `ROM:046D get_valid_rand`
+
+This function is called by the `parse_and_maybe_set_flag_printer` function above. At this point I couldn't handle keeping track of `Y+NN` anymore so I wrote a stack-variable making script basing Y as the stack pointer (which avr-gcc appears to use).
+
+ maybe_test_const_rng(illegal_rand) {
+ 	word last_rand;
+ 	for (i=0; i<= 0xff; i++)
+ 		last_rand = prob_get_rand();
+ 	if (last_rand == illegal_rand) {
+ 		illegal_rand = last_rand;
+ 		for (i=0; i<0x400; i++) {
+ 			last_rand = prob_get_rand();
+ 		}
+ 		if (last_rand == illegal_rand)
+ 			die();
+ 	}
+ 	if (illegal_rand > 0x21 ) {
+ 		illegal_rand =- 0x30;
+ 		illegal_rand[H] = -1 * (illegal_rand[L] << 1 - illegal_rand[L] << 1);
+ 		illegal_rand[L] = illegal_rand[L] << 2;
+ 	}
+ 	illegal_rand_copy = illegal_rand;
+ 	j=0;
+ 	while(j < illegal_rand && illegal_rand_copy != 0) {
+ 		busy_mux();
+ 		j++;
+ 		busy_mux();
+ 		illegal_rand_copy--;
+ 	}
+ 	if (j != illegal_rand || illegal_rand_copy == 0)
+ 		die_and_remember();
+ 	busy_mux()
+ 	return illegal_rand_copy;
+ }