rebible
May 4th, 2012, 17:56
I am ideally looking for someone who would be interested in working on reverse engineering a vxworks image.
I am doing something similar to what is described at:
t-11707.html
It is a vxworks binary flash image running on a powerpc. I have a rom dump (binary) I dumped 4mB which seems to be everything (It
works if reloaded, I don't know what the real code size is). the application is about 645kB
I would like to be able to extract the application binary, make modifications, and then re-pack it back into the image.
I have gotten as far as using deezee and extracting the actual running binary. But I haven't gone beyond that.
I have a second rom image (there are two embedded boards), so we can use it to see what is consistent as far as headers and crcs if necessary.
What I would like someone to do in order of importance.
1: give me a way to repack the binary image into the flash. (zip, crc, put back in e.g. 'Rezee').
Possibly integrate Dezee and the new 'Rezee' into a windows app for convenience.
The trick is there is probably a crc stored with the image in the ROM and we will have to find it.
2: help me figure out the addresses of the running image. If end comes to end, I can just put a call to the embedded monitor/debugger as a first step into the program and see where things are when it starts to run.
Additional resources:
I have a copy of a vxworks BSP package for the hardware.(not necessarily the same version)
The target hardware has a real time debugger. Unfortunately, the board configuration is "either the debugger" or "the application flash". The debugger runs out of its flash and I haven't been able to debug and watch it load the application from flash in to memory.
I have a real time debugger disassembler output of the start of the code.
I know where the boot code is located in flash e.g. and I have initial memory maps for the board.
thanks,
robert
I am doing something similar to what is described at:
t-11707.html
It is a vxworks binary flash image running on a powerpc. I have a rom dump (binary) I dumped 4mB which seems to be everything (It
works if reloaded, I don't know what the real code size is). the application is about 645kB
I would like to be able to extract the application binary, make modifications, and then re-pack it back into the image.
I have gotten as far as using deezee and extracting the actual running binary. But I haven't gone beyond that.
I have a second rom image (there are two embedded boards), so we can use it to see what is consistent as far as headers and crcs if necessary.
What I would like someone to do in order of importance.
1: give me a way to repack the binary image into the flash. (zip, crc, put back in e.g. 'Rezee').
Possibly integrate Dezee and the new 'Rezee' into a windows app for convenience.
The trick is there is probably a crc stored with the image in the ROM and we will have to find it.
2: help me figure out the addresses of the running image. If end comes to end, I can just put a call to the embedded monitor/debugger as a first step into the program and see where things are when it starts to run.
Additional resources:
I have a copy of a vxworks BSP package for the hardware.(not necessarily the same version)
The target hardware has a real time debugger. Unfortunately, the board configuration is "either the debugger" or "the application flash". The debugger runs out of its flash and I haven't been able to debug and watch it load the application from flash in to memory.
I have a real time debugger disassembler output of the start of the code.
I know where the boot code is located in flash e.g. and I have initial memory maps for the board.
thanks,
robert