Pages: [1]
Author Topic: Ghidra TC1791 Preset  (Read 5868 times)
d3irb
Full Member
***

Karma: +131/-1
Offline Offline

Posts: 185


« on: December 21, 2020, 03:41:01 PM »

https://github.com/bri3d/ghidra_tc1791_registers

Place these files in Ghidra/Processors/tricore/data/languages.

Memory maps are still not yet complete, you probably want to set up your own based on your specific disassembly project anyway. But, I generated the register list off of an official definition so it should be fairly accurate. Especially useful if you are looking at early-stage boot code like Internal ROM or SBOOT.

This doesn't touch the instruction model, just the register specs.
Logged
prj
Hero Member
*****

Karma: +905/-420
Offline Offline

Posts: 5790


« Reply #1 on: December 28, 2020, 10:36:32 AM »

Might as well ask in here, since others might benefit from it.

I added the defs in, however, the decompile window first gave me an error for every function.
I fixed that by forcing a0, a1, a8 values.

Now the window is gray and I can not rename any local variables.
Any tips?
Logged

PM's will not be answered, so don't even try.
Log your car properly.
prj
Hero Member
*****

Karma: +905/-420
Offline Offline

Posts: 5790


« Reply #2 on: December 29, 2020, 05:13:20 AM »

Figured it out.
Need to define the function first, as it doesn't define any automatically. As soon as the function is defined the decompiler view turns white.
Also the binary needs to be 10mb and have the 4mb gap in the middle included. Or you need to load PFLASH0 and PFLASH1 separately.

Definitely a nice tool as a complement to IDA, but for general disassembly IDA is still my go-to tool.
Logged

PM's will not be answered, so don't even try.
Log your car properly.
d3irb
Full Member
***

Karma: +131/-1
Offline Offline

Posts: 185


« Reply #3 on: December 29, 2020, 08:38:50 AM »

Figured it out.
Need to define the function first, as it doesn't define any automatically. As soon as the function is defined the decompiler view turns white.
Also the binary needs to be 10mb and have the 4mb gap in the middle included. Or you need to load PFLASH0 and PFLASH1 separately.

Definitely a nice tool as a complement to IDA, but for general disassembly IDA is still my go-to tool.

The solution to the gap in the middle is File -> Add to Program, a really counterintuitive and ridiculous way to do things in Ghidra for sure. This way you can add files into the memory map at arbitrary locations. Good if you have a file you want to add to RAM or DFLASH etc. too. But it took me ages to figure out.

I agree with you overall, the psuedocode decompiler is very nice for quickly identifying algorithms and also helps with some tricky control flow problems but the overall tool is not nearly as good as IDA. IDA's register value tracking (and therefore control flow reconstruction) seems to be much better, especially on Tricore.

But... it's also hard to argue with free!
Logged
naam
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


« Reply #4 on: October 03, 2023, 02:53:56 PM »

Also the binary needs to be 10mb and have the 4mb gap in the middle included. Or you need to load PFLASH0 and PFLASH1 separately.

Could you give me some precision about this?
I'm in the same position as you were, but from on a TC1793. I do not understand why the file needs to be 10mb large with a gap or how did you figure it out.
Specs/datasheet list the following memory locations:

Quote
– 4 Mbyte Program Flash Memory (PFLASH) with ECC
– 192 Kbyte Data Flash Memory (DFLASH) usable for EEPROM emulation
– 2 x 8 Kbyte Key Flash
– 128 Kbyte Data Scratch-Pad RAM (DSPR)
– 16 Kbyte Instruction Cache (ICACHE)
– 32 Kbyte Instruction Scratch-Pad RAM (PSPR)
– 16 Kbyte Data Cache (DACHE)
– 128 Kbyte Memory (SRAM)
– 16 Kbyte BootROM (BROM)

I have dumped a 4194304 bytes long file (exactly 4MB) for the PFLASH. I'm not sure if there is a better user manual, but I've found the following: https://www.infineon.com/dgdl/Infineon-TC1793-DS-v01_02-en.pdf?fileId=db3a304333227b5e013368d702f5176b for my case. Are you saying this 4MB file needs to be split at a specific location, such as I can insert it into Ghidra in two times with the following placement:

0x0 - PFLASH0
.
.
0x???? - 4MB GAP (@PFLASH0 + PFLASH0_SIZE)
.
.
0x???? - PFLASH1 (@PFLASH0 + PFLASH0_SIZE + 4MB)
.
.
.
0xA00000 - END (@PFLASH0 + PFLASH0_SIZE + 4MB + PFLASH1_SIZE)


If yes, what is the split location, or put the size of PFLASH 0 and PFLASH 1 differently? Is the above layout correct?

Any help to set up this project so I can start trying to make sense out of it would be greatly appreciated.
« Last Edit: October 03, 2023, 03:00:52 PM by naam » Logged
prj
Hero Member
*****

Karma: +905/-420
Offline Offline

Posts: 5790


« Reply #5 on: October 03, 2023, 10:25:21 PM »

Get the user manual and look at the memory map.
Logged

PM's will not be answered, so don't even try.
Log your car properly.
naam
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


« Reply #6 on: October 03, 2023, 10:55:11 PM »

I've tried this before asking here, unfortunately the only thing I found that is somewhat relevant is the Datasheet that I've linked in the post above.
I've also managed to get some header files, which would be useful for development, but I'm not there yet. Nothing looking like a proper user manual or developer guide, unfortunately.

Is it common for those to not be accessible at all? How do you guys get a hand on them?
Logged
prj
Hero Member
*****

Karma: +905/-420
Offline Offline

Posts: 5790


« Reply #7 on: October 03, 2023, 11:04:24 PM »

https://z3d9b7u8.stackpathcdn.com/pdf-down/T/C/1/TC1798_InfineonTechnologies.pdf
« Last Edit: October 03, 2023, 11:07:39 PM by prj » Logged

PM's will not be answered, so don't even try.
Log your car properly.
naam
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


« Reply #8 on: October 03, 2023, 11:16:18 PM »

This is helpful, thank you. I was trying to find documentation specifically for the TC1793 to avoid making false assumptions later on due to any differences with 1791 or 1798.
Since you're suggesting this one, I'm guessing the differences aren't significant enough to matter.
Logged
naam
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


« Reply #9 on: October 03, 2023, 11:57:22 PM »

To add to the discussion and maybe help someone later on.
I think I've found an easy way to remap the raw binary easily.

Go to Tools-> Memory Map
Then delete if there is already an existing "ram" or equivalent for the said binary that would be wrongly mapped starting at 0x0.
Add two new maps with the following options:


The first one starts at file offset 0x0, and is mapped at 0x80000000
and the second time, make it start at file offset 0x200000, and mapped at 0x80800000.

Hope this helps
Logged
prj
Hero Member
*****

Karma: +905/-420
Offline Offline

Posts: 5790


« Reply #10 on: October 04, 2023, 12:33:14 AM »

A TC1798 is the same as a TC1791 and TC1793, all are AudoMAX.
The differences are mainly clockspeed, amount of memory and adc module count.
Logged

PM's will not be answered, so don't even try.
Log your car properly.
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.018 seconds with 16 queries. (Pretty URLs adds 0s, 0q)