[linux-dvb] 8051 firmware disassembly

Mike Isely isely at isely.net
Thu Mar 15 06:10:36 CET 2007 

On Thu, 15 Mar 2007, Nick Andrew wrote:

> I figure this may take only a minute for the right person, and
> it can't hurt to ask, so ...
> 
> I have a 3k firmware image for 8051. Is there anybody who can
> disassemble this file for me?  The file seems to contain some
> code and some data, so naturally the disassembly will need to
> deduce which is which. I think the first 3 bytes are a jump
> instruction so there is a known code entry point.
> 
> Nick.

Take a look at this:

http://members.naspa.net/djs/software/dis51.html

It can also be found here:

http://home.earthlink.net/~davesullins/software/dis51.html

It's a simple C program that disassembles 8051 code.  You "suggest" to 
it the entry points to start from and it will follow through every jump 
it sees, hopping around through the code and hopefully skipping the 
unexecuted data.

I have a version of this disassembler that I've heavily hacked on, where 
I can define symbols & text annotations to be interpolated into the 
output - great for interative exploration of a pile of opaque 8051 code.  
Typically what I've done is to feed it all the architecture-defined 
entry points for the various processor exception addresses (like for 
example the spot you suspect), look at what results, remove entry points 
that appear not to be in use (e.g. they disassemble into gibberish), try 
again, etc, etc.  As I spot interesting looking functions, I'll tag 
those addresses with symbol names then run the disassembler again to see 
where else those symbols might surface.  It's not perfect since I don't 
catch split instruction address calculations or computed gotos, but 
usually with enough bleary-eyed staring you can start to see a pattern - 
and if there's a computed goto in there it can be spotted from the 
telltale lookup table.  Then I tag each table target with another 
fabricated symbol and iterate again.

You can certainly start with the link above.  If what you see from that 
looks promising, then if you ask nicely I might be convinced to 
pretty-up my hacks and make available the results on a web page.

  -Mike


-- 
                        |         Mike Isely          |     PGP fingerprint
     Spammers Die!!     |                             | 03 54 43 4D 75 E5 CC 92
                        |   isely @ pobox (dot) com   | 71 16 01 E2 B5 F5 C1 E8
                        |                             |

More information about the linux-dvb mailing list