Sonsivri
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
September 27, 2022, 03:29:12 15:29


Login with username, password and session length


Pages: [1]
Print
Author Topic: MPLAB 8.92 hacking  (Read 289 times)
0 Members and 1 Guest are viewing this topic.
crack_learning
Inactive

Offline Offline

Posts: 5

Thank You
-Given: 0
-Receive: 14


« on: August 20, 2022, 12:58:31 12:58 »

Hi to all! Smiley

I have created this topic to gather knowledge about the old MPLAB 8.92, especially reverse engineering infos and some kind of hacking.

Let me start with my infos that I gathered until now. Will be a little bit longer Smiley Sort version at the end.

So I still use MPLAB 8.92 because it is much faster than MPLAB X. Only problem is that it does not support newer PIC32. Which is kind of anoying, because quite often in a project I already use only a bootloader, and nearly no debugging is required. Here I think, MPLAB 8 just need to be extended with a new PIC32, and it is enough if it is able to to compile but not to debug it. So for me as a programmer, this would be a list somewhere, where I add a new element. Everything else, the compiling is done by the compiler which already supports it.

First I tried to google, if someone else managed to do this. Looks like not, or maybe I missed it, or if somebody did it, he/she/it did not shared the info at all. So I hope my info here is something new and usefully for you.

So my first tough was, ask microchip, if they where so nice to share the code for the old MPLAB 8. Nope. Some bullshit excuse like, there are still some valuable knowledge in there. Yes of course. Since it was quite stable (expect some bugs) and the new developers still did not figured out, how the old ones made MPLAB 8 so f*cking stable and fast.

Ok second try. Try to find out where MPLAB stores its knowledge, which PIC is supported. Guys, sorry but it was last year where I reverse engineered it, and I completly forgot how I did it. Of course you need gHidra and xdbg64 and a lot of luck to find this. But somehow I was able to find where the text is coming to the drop down menu in MPLAB 8.92 where you can select the PIC type. In the disassembly code I just saw a big text, and some XOR commands. Which I know, was used in the past for simple encryption. Quite effective, and easy to program. But also easy to spot this. So I wrote a simple C# program to do the XORing. The decoded file looks easy to understand. I mean, I just need to add a new PIC32 to it, so copy past the PIC32MX440F512 to a different one, and just replacing the text should do the magic. And it was.
Actually if you reading the notes in the file it also tells you the same:
# ---------------------------------------------------------------------------
# Notes:
# =====
# 1) There MUST be at least one blank line between device entries.
# ---------------------------------------------------------------------------

# ---------------------------------------------------------------------------
# Steps to add simulator new part support
# 1. copy an existing device entry from a similar part in masterdb.txt
# 2. for pic line, always edit
#    (a) name,
#    (b) proc (search http://cvs-srv/cgi-bin/procid.cgi)
#    (c) txtdevfile
#    If needed:
#    (d) family
#    (e) egg/enh
# 3. for support line: make sure all tool support is no except simulator (sim or dspicsim)
# 4. delete all the following tool-specific lines except sim or dspicsim line
# sample for PIC18:
#
# pic (name=PIC18F66K80 proc=0xC680 txtdevfile=PIC18F66K80.dev family=18x egg)
#    support (psp=no pm2=no sim=beta icd2=no icd2p=yes pm3=yes masm=no mc=no rid=yes rip=yes icd3d=yes icd3p=yes pk2d=no pk2p=no pk3p=yes pk3d=yes)
#    sim (limitmsgs='13 14 12' limithlp=SIM_PIC18 firstcom=0.0.0.0)


Since I did not needed to debug the code that I compiled, I did not bothered to analyse what exactly have to be changed so that MPLAB 8 is supporting the new PIC32 for debugging. I think it is possible. I am just guessing, but in icddb.mcc should be some information about different types of PICs and how to debug them generally, or where are some registers, or some debugging algorithm paramteres.
pic (name=PIC32MX440F512H proc=0x01A0 txtdevfile=PIC32MX440F512H.dev family=32x)
   icd3 (limitmsgs='9 10 15 16 12' limithlp=PIC32MX algorithmtype=6 debuggeralgorithm=25 minoralgorithm=1 debugexec=RIDE_06 programexec=RIPE_06)
I think for a new PIC the algorithmtype is important to set up correctly. And I guess, it is only possible to add such new PIC32s thats alrogithm is already present in the MPLAB 8.
For proper debugging also the list of registers must be set up correctly. And doing it, might take some time. Since you have to crosscheck all of them, to be sure you remove non persent one, add not existing ones and you place them on the correect address (might change maybe). So time consuming. But if you have some free time, and manage it to do, please share the info here.

What else could be done in the future? Adding ICD4? Honestly, I do not know if it is possible (considering not spending endless time on it). Releasing a new MPLAB 8.93 with all the new PIC32 with complete debugging support? Could be possible.


Sort version:
Adding a new PIC32 to the list of supported devices, so that you can select it and compile your project for it (generate also make file). But NO DEBUGGING is possible.
The supported devices are stored in a file name masterdb.mcc (also check out the other ones if you like). If you open it, you see lot of readable garbage chars, which means it is somehow encrypted. In ghidra you will see, it is XOR-ed by this text:
                string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of general malaise that only the genius possess and the insane lament.";
So if you open the text file, and XOR it with this string, you should get something like this:
pic (name=PIC32MX440F512H proc=0x01A0 txtdevfile=PIC32MX440F512H.dev family=32x)
   support (sim=beta pm3=yes fs2=yes masm=yes rid=yes rip=yes pk3d=yes pk3p=yes icd2d=yes icd2p=yes icd3d=yes icd3p=yes mc=yes)
   pk3  (limitmsgs='9 10 15 16 12' limithlp=PIC32MX algorithmtype=6 debuggeralgorithm=25 minoralgorithm=1 debugexec=RIDE_06 programexec=RIPE_06)
   rice (limitmsgs='9 10 15 16 12' limithlp=PIC32MX algorithmtype=6 debuggeralgorithm=25 minoralgorithm=1 debugexec=RIDE_06 programexec=RIPE_06)
   pm3 (firstrev=01.00.00 algorithm=32 pkgs='1 163 239' erasealg=15)
   sim (limitmsgs='13 14 12' limithlp=SIM_PIC32MX firstcom=0.0.0.0)
   masm (betaver=1.02 relver=1.02)
   mc (betaver=1.02 relver=1.02)
   icd3 (limitmsgs='9 10 15 16 12' limithlp=PIC32MX algorithmtype=6 debuggeralgorithm=25 minoralgorithm=1 debugexec=RIDE_06 programexec=RIPE_06)

So now you can copy past this line, change the PIC32 type, XOR it again and save the file.
Enjoy it, now you can select a new PIC in the drop down list.


C# XOR:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            try
            {//De-Xor
                byte[] fileReadIn = File.ReadAllBytes(@"xxxxxx\mcc_files\icddb.mcc");
                byte[] fileWriteOut = fileReadIn;
                //string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of generalmalaise that only the genius possess and the insane lament.MMMM";
                string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of general malaise that only the genius possess and the insane lament.";
                byte[] xorValueByte = Encoding.ASCII.GetBytes(xorValue);
                int y = 0;
                int len = xorValue.Length;

                for (int x = 0; x < fileReadIn.Length; x++)
                {
                    fileWriteOut
  • = (byte)(fileReadIn
  • ^ xorValueByte[y]);
                    y++;
                    if (y >= len)
                    {
                        y = 0;
                    }
                }
                File.WriteAllBytes(@"xxxxxx\mcc_files\icddb.mcc.txt", fileWriteOut);
            }
            catch { }
            try
            {//De-Xor
                byte[] fileReadIn = File.ReadAllBytes(@"xxxxxx\mcc_files\masterdb.mcc");
                byte[] fileWriteOut = fileReadIn;
                //string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of generalmalaise that only the genius possess and the insane lament.MMMM";
                string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of general malaise that only the genius possess and the insane lament.";
                byte[] xorValueByte = Encoding.ASCII.GetBytes(xorValue);
                int y = 0;
                int len = xorValue.Length;

                for (int x = 0; x < fileReadIn.Length; x++)
                {
                    fileWriteOut
  • = (byte)(fileReadIn
  • ^ xorValueByte[y]);
                    y++;
                    if (y >= len)
                    {
                        y = 0;
                    }
                }
                File.WriteAllBytes(@"xxxxxx\mcc_files\masterdb.mcc.txt", fileWriteOut);
            }
            catch { }
            try
            {//De-Xor
                byte[] fileReadIn = File.ReadAllBytes(@"xxxxxx\mcc_files\masterdb_procid.mcc");
                byte[] fileWriteOut = fileReadIn;
                //string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of generalmalaise that only the genius possess and the insane lament.MMMM";
                string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of general malaise that only the genius possess and the insane lament.";
                byte[] xorValueByte = Encoding.ASCII.GetBytes(xorValue);
                int y = 0;
                int len = xorValue.Length;

                for (int x = 0; x < fileReadIn.Length; x++)
                {
                    fileWriteOut
  • = (byte)(fileReadIn
  • ^ xorValueByte[y]);
                    y++;
                    if (y >= len)
                    {
                        y = 0;
                    }
                }
                File.WriteAllBytes(@"xxxxxx\mcc_files\masterdb_procid.mcc.txt", fileWriteOut);
            }
            catch { }
            try
            {//En-Xor
                byte[] fileReadIn = File.ReadAllBytes(@"xxxxxx\mcc_files\masterdb.mcc.txt_new");
                byte[] fileWriteOut = fileReadIn;
                //string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of generalmalaise that only the genius possess and the insane lament.MMMM";
                string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of general malaise that only the genius possess and the insane lament.";
                byte[] xorValueByte = Encoding.ASCII.GetBytes(xorValue);
                int y = 0;
                int len = xorValue.Length;

                for (int x = 0; x < fileReadIn.Length; x++)
                {
                    fileWriteOut
  • = (byte)(fileReadIn
  • ^ xorValueByte[y]);
                    y++;
                    if (y >= len)
                    {
                        y = 0;
                    }
                }
                File.WriteAllBytes(@"xxxxxx\mcc_files\masterdb.mcc.txt_new.mcc", fileWriteOut);

            }
            catch (Exception en){
                System.Console.Out.Write(en.ToString());
           
            }
           
            try {//En-Xor
                byte[] fileReadIn = File.ReadAllBytes(@"xxxxxx\mcc_files\masterdb_procid.mcc.txt_new");
                byte[] fileWriteOut = fileReadIn;
                //string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of generalmalaise that only the genius possess and the insane lament.MMMM";
                string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of general malaise that only the genius possess and the insane lament.";
                byte[] xorValueByte = Encoding.ASCII.GetBytes(xorValue);
                int y = 0;
                int len = xorValue.Length;

                for (int x = 0; x < fileReadIn.Length; x++)
                {
                    fileWriteOut
  • = (byte)(fileReadIn
  • ^ xorValueByte[y]);
                    y++;
                    if (y >= len)
                    {
                        y = 0;
                    }
                }
                File.WriteAllBytes(@"xxxxxx\mcc_files\masterdb_procid.mcc.txt_new.mcc", fileWriteOut);
            }
            catch { }
            try
            {//En-Xor
                byte[] fileReadIn = File.ReadAllBytes(@"xxxxxx\mcc_files\icddb.mcc.txt_new");
                byte[] fileWriteOut = fileReadIn;
                //string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of generalmalaise that only the genius possess and the insane lament.MMMM";
                string xorValue = "Sometimes, he would accuse chestnuts of being lazy, the kind of general malaise that only the genius possess and the insane lament.";
                byte[] xorValueByte = Encoding.ASCII.GetBytes(xorValue);
                int y = 0;
                int len = xorValue.Length;

                for (int x = 0; x < fileReadIn.Length; x++)
                {
                    fileWriteOut
  • = (byte)(fileReadIn
  • ^ xorValueByte[y]);
                    y++;
                    if (y >= len)
                    {
                        y = 0;
                    }
                }
                File.WriteAllBytes(@"xxxxxx\mcc_files\icddb.mcc.txt_new.mcc", fileWriteOut);
            }
            catch { }
        }

    }
}


Logged
Pages: [1]
Print
Jump to:  


DISCLAIMER
WE DONT HOST ANY ILLEGAL FILES ON THE SERVER
USE CONTACT US TO REPORT ILLEGAL FILES
ADMINISTRATORS CANNOT BE HELD RESPONSIBLE FOR USERS POSTS AND LINKS

... Copyright 2003-2999 Sonsivri.to ...
Powered by SMF 1.1.18 | SMF © 2006-2009, Simple Machines LLC | HarzeM Dilber MC