NefMoto

Technical => Reverse Engineering => Topic started by: unicornux on November 11, 2020, 01:59:34 AM


Title: Find Value in Code (Tricore Arch)
Post by: unicornux on November 11, 2020, 01:59:34 AM
I want to find a value(4 byte) in my algorithm that implemented in a tricore processor.

The line of code that load this value shown below:

ld32.w          d4, [a0]-0x68D4


Recently some guys(thanks to them) help me find 'a0' value in code in this topic  =⇒ http://nefariousmotorsports.com/forum/index.php?topic=18673.msg141137#msg141137 (http://nefariousmotorsports.com/forum/index.php?topic=18673.msg141137#msg141137)
So, a0 = 0xD00032E0
Then =⇒  0xD00032E0 - 0x68D4 = 0xCFFFCA0C  (it seems incorrect)
But, According to this thread ⇒ http://nefariousmotorsports.com/forum/index.php?topic=6990.msg87488#msg87488
I guess there are a struct that help me find the correct value but I couldn't make or find this struct.
Is there any way that I can find the correct value of d4?





Title: Re: Find Value in Code (Tricore Arch)
Post by: nyet on November 11, 2020, 02:05:01 AM
I'd make sure unk_d00032e0 is actually 0xd00032e0

looks like you need to find the equivalent copy_block that tells you where d000032e0 was copied to.

Title: Re: Find Value in Code (Tricore Arch)
Post by: unicornux on November 11, 2020, 02:27:00 AM
Quote from: nyet on November 11, 2020, 02:05:01 AM

looks like you need to find the equivalent copy_block that tells you where d000032e0 was copied to.

Yes Yes. Exactly.
But how I can find copy_block?
I have no idea about that.

Title: Re: Find Value in Code (Tricore Arch)
Post by: unicornux on November 11, 2020, 11:02:53 PM
I think I could find something but it's different with data that other people found before.
Like:

Code:

PFLASH:80047B30                 .word byte_D0000000
PFLASH:80047B34                 .word 0xD001CFFF
PFLASH:80047B38                 .word 0
PFLASH:80047B3C                 .word unk_D4000000     ===> this
PFLASH:80047B40                 .word unk_D4003FFF
PFLASH:80047B44                 .word 0
PFLASH:80047B48                 .word dword_80020000 ===> with this
PFLASH:80047B4C                 .word unk_8003FF03
PFLASH:80047B50                 .word 1
PFLASH:80047B54                 .word 0xFFFFFFFF
PFLASH:80047B58                 .word 0xFFFFFFFF
PFLASH:80047B5C                 .word 3
PFLASH:80047B60                 .word sub_800D594A
PFLASH:80047B64                 .word 0x18000900
PFLASH:80047B68                 .word 0
PFLASH:80047B6C                 .word unk_D0007394
PFLASH:80047B70                 .word unk_D0007390
PFLASH:80047B74                 .word unk_D000739C
PFLASH:80047B78                 .word unk_D000721C
PFLASH:80047B7C                 .word dword_80045BEC+0x4C
PFLASH:80047B80                 .word off_800458F4
PFLASH:80047B84                 .word unk_800458F8
PFLASH:80047B88                 .word unk_80045C70
PFLASH:80047B8C                 .word unk_80045C5C
PFLASH:80047B90                 .word dword_80045900+0xC



It seems incorrect data but because I want to sure about that I calculated all of the data with this lineup:

<unk_D4000000, dword_80020000>

Finally, as I expected data was incorrect.
So I attach my ECU dump and I would be so happy if you help me due to my file.

File uploaded here ==> https://gofile.io/d/peZ812 (https://gofile.io/d/peZ812)
Thanks in andvance.

Title: Re: Find Value in Code (Tricore Arch)
Post by: unicornux on November 13, 2020, 08:00:04 AM
I'm pretty sure there is not any Copy_Block in my ECU file.
I explored the whole of the file and I did not find anything. for example :
I search 00 D0 ** ** ** 80 (stars can be anythings) in file but it was nothing.
I am one step away from success.

Title: Re: Find Value in Code (Tricore Arch)
Post by: unicornux on November 17, 2020, 10:21:13 PM
Related concept about copy_block:

https://reverseengineering.stackexchange.com/questions/26289/what-is-copy-block-struct-in-tricore-arch/26315#26315 (https://reverseengineering.stackexchange.com/questions/26289/what-is-copy-block-struct-in-tricore-arch/26315#26315)


Powered by SMF 1.1.21 | SMF © 2015, Simple Machines