Root Question...

[AquerMang]

You have to manually walk through (took me three hours for the Spirit aboot) and mark sections as code or data before you get any meaningful string/code xrefs.

 

[zeest]

How do you tell the difference between code and data? Finding strings are easy.

 

[AquerMang]

Well if you have the load address right, the first instruction you are pointing to is going to be code. From there you literally walk down the file marking as code or data depending on the makeup of the hex bytes to the left.

 

[zeest]

Oh, I just leave the addresses as they are, probably why I'm not getting anything.

 

[AquerMang]

You don't need to touch addresses, just the "DCB" etc instructions. Once you start marking everything IDA will eventually have enough information to start forming code/data/string xrefs (the Interactive part of IDA ).

 

[zeest]

DB=DCB? If not, what is DB?

 

[zeest]

NVM, realized I forgot to open it as ARM.

 

[AquerMang]

Set your processor options to ARMv7A+R as well.

 

[zeest]

ooh, not armv7m... ok

 

[zeest]

So is hex data, or is decimal data? Or is it not that easy?

 

[AquerMang]

Hex or decimal are just a way of viewing data. I'd suggest finding a copy of The IDA Pro Book to understand dis/assembly (and really the way any CPU operates) better.

 

[zeest]

OK, will do, thanks.

 

[zeest]

What if we did this? AndroidFuzzing | dismfyp83@gmail.com lol

 

[AquerMang]

Can't really see how kernel fuzzing would be useful unless we were looking for a kernel root exploit.

 

[zeest]

Unless we could adapt it for the bootloader.

 

[AquerMang]

But we'd need a method of running our own code in the bootloader's address space. If we had that, we wouldn't be having this conversation.

 

[zeest]

Oh, erm, right. Is it possible to load our bootchain in the android emulator? I'd like to see if I can get some debugging programs (don't know which yet) and run them against it.

 

[AquerMang]

I don't think qemu has support for any Qualcomm chipsets.