NefMoto

I have read of some people using IDA to disassemble the binary files.  I would like some more information in regards to this.  I do have "some" experience with IDA, however im not sure of the best way to go about this.  I am interested in finding some single values in my binary, there is no known definition to compare and find for my specific binary.  I would like to learn how to do this for myself.

Original file is here:
http://www.nefariousmotorsports.com/forum/index.php?topic=244.0title= (http://www.nefariousmotorsports.com/forum/index.php?topic=244.0title=)

Thanks,

First you need to know which processor is in the ECU.
Second you need to know the types of memory and memory mapped devices in the ECU.
Third you need to know the address ranges for all devices on the memory bus.
Fourth for all read only memory in the ECU get a binary dump of that memory.
Firth create a new IDA project with the correct processor, memory regions, and data page pointers, etc.
Sixth import the binary dumps of the ECU memory into the correct memory regions in IDA.
Seventh determine the program start point, and tell IDA to start analyzing from there.

Those are the basics, after that there be dragons...

^^^
That sounds more like a career than a hobby to me. :P

It can be a hobby, as long as you are willing to spend a few years...  ;)

To disassemble:

Watch Andy Whitaker's videos.
Watch them again.
Read the C166 ISM
Reread the data page and memory segment stuff at least 3 times
load up your binary in IDA
recoil in horror at the size and error count at first pass.

Most poeple would stop here.

Fixed it for ya.

If you are watching Andy's videos, most of us seem to agree that his memory layout is incorrect. There is no need to split the binary file into two parts.

it depends where you get the binary from. 

All the S4 ones I have don't need it and you have to find a suitable internal rom image.  I match them by looking up a few notable function calls, and I know which boot roms provide the appropriate function at the address called. ie I can splice in the correct internal rom.

I still say watch the Andy Whitaker videos, as he's giving a lot away that he doesn't say.  And on his site too. Even if his ram size is wrong (it's two pages) and he weirdly disects that passat rom.  I'm assuming it was read out from 0x0 upwards hence he needs to do that?

Instead of starting a new thread for IDA specific questions, I'll ask here....

How do you rename/label a bit of a word var?

ie.
word_FDEC.4 => B_var2
word_FDEC.8 => B_var3

I want to rename each bit of word_FDEC separately. I see it can be done because the ME7 plugin does it for several variables.

Right-click Rename only renames the whole word.

Thanks,
Rey

You need to enumerate the bits.

Could you please do a small tutorial on how to do enumeration? I couldn't find info on how to do this too

It's been awhile since I've done one, so I would have to get on and play around for a little bit to jog my memory.

You can find some general information by googling it and it is a somewhat straightforward process.