Update: Open source SPU module for IDA, now working

[anita999]

Edit:
update info: I finally made it worked successfully. thanks a lot for bluemimmosa for his code sharing and discussing, credits.


here is the link for the source code and the compiled ps3spu.w32 together with a dummy cfg file.
all 199 instructions are processed. the GPR are named in hex order, don't be confused. and I use LR, SP instead of GPR00 and GPR01 per Bluemimmosa's suggestion. you can modified these register names in the source as you like.



edit: here is a newly revised version. I made some changes. the GPR/SPR and channel names are revised to the convections used in the SPU assembly manual. also some channel names are replaced with known alias for MFC related channels. there are also some bugs fixed in this version. I would suggest to use this version

edit: update again to fix wrch instruction and GPR names. thanks for Bluemimmosa.

http://www.megaupload.com/?d=PYECQIK7



ok, I tried to setup a github for this module, linked as below

https://github.com/anita999/ps3spu

any future changes will be pushed to this git.


the code is very rough, I used a brute force approach to process every single command. I created the code with a cheat sheet in excel and most of the source codes are created inside the excel because I am not familiar with those preprocessor of c++ compilers. but this should be easier for those devs who want to modify the behavior of modifying the analysis of specific instructions. I am using visual C++ 2010 express, which is free. the project file and settings are included in the source, this would save some time in setting up compiler and linker.

side notes:
the SPU ELF file won't be loaded in IDA with any known loaders, not even with xorloser's PS3 loader. you have to use unself tool to unself the SPU self file and get the elf file. then use readelf command to get the section info from the elf file, and then load the sections manually.
for example, the appldr from 3.55,
1. unself appldr appldr.elf
2. readelf appldr.elf
open ida, choose "open", select appldr.elf, use "binary" loaders, browse the process type to "PS3 SPE modules3spu", enable the "manual loading" option, then proceed the loading.
in next window, uncheck the "creat ROM segment", check "creat RAM segment", segment start address 0x00,size "0x040000"
file load to address "0x12c00", file offset "0x0100", load size "0x01dca0". these info come from the readelf output, the program header 1. the proceed to next step. and ida shall load the file and create a new segment.
next, go to address "0x12c00", this is the entry point we got when we use the readelf command.
at address 0x12c00, press 'c' to make the address as "code" and you'll have your disassembled result right away.
the SPU code is very difficult to understand as it's purpose is purely for mathematic calculation. but you can still find data references to those interested keys. (not directly). anyway. hope this help.
and any bug reports are welcomes, also any suggestions.

Jack Chen, aka anita999

ps. I would buy the IDA 6 if the price weren't terribly high. if anyone happened to have a source with excellent discounts, PM me please.

edit: revised the header code, replace bluemimmosa's info with mine per bluemimmosa's input.
the header/footer/outop and some functions are copied and pasted from bluemimmosa's code.
sorry for my bad.

[anita999]

well, I found my bug, I didn't apply mkidp command prior to the installation of my SPU module. now I can see it in IDA loading window. the next thing to do is to load the SPU ELF file into IDA.

[dcaway]

sounds good, guess i need to read up on compiling modules for ida.

[Jevinskie]

My dream come true! Excellent, thanks for your hard work! I will look at this when I have some tonight. Can you please put the source code into some version control system (I would recommend git or subversion) so that people's changes can be easily tracked. I would really recommend learning a bit of git if you already don't know it (the basics aren't that hard) and throwing it up on github.com. It seems that most of the PS3 devs have settled upon github for hosting their repos.

-Jevin

[siggen]

Wait, does this mean you are going to be able to decompile elf files? Or even a whole PUP?

(I know decompilation is not the same as getting the source code)

[Jevinskie]

You can already use ps3tools (f0f) or ps3utils (kakarotoks) to extract the PUP and the standard GNU binutils (objdump) to disassemble both PPC and SPU code. For reversing, I find objdump to be a pain while IDA has many invaluable features. =)

[siggen]

You can already use ps3tools (f0f) or ps3utils (kakarotoks) to extract the PUP and the standard GNU binutils (objdump) to disassemble both PPC and SPU code. For reversing, I find objdump to be a pain while IDA has many invaluable features. =)

Do you lose much stability after compiling a disassembled file? In theory it should go, but we all know that the word theory in every day speech just means hypothesis which does not always work lol :P

[Jevinskie]

Honestly, I haven't tried reassembling the disassembly (or a modification thereof). I've just been interested in just reversing right now / I haven't made a NOR flasher to fix any boo-boos. As you state, "in theory" it should Just WorkTM. If you're working on parts of code (lv1, lv2, ldrs) that could brick your PS3, I would make sure that I could reassemble a byte-identical ELF before proceeding!

[anita999]

the source code was modified and it's working now. I put the source code together with a compiled version. check the 1st post for the link.
have fun.

[dcaway]

Thanks for the compiled version. I am going to give it a go this evening.