Topic created on: August 24, 2011 13:45 CDT by
nixscripter 
.
Hello everyone.
I'm working on a project just as a curiosity: an ancient Linksys router. So ancient that this is before Linux and VXworks.
Here is a little piece that I'm guessing is related to the boot function, based on repeating patterns
http://minus.com/mGhY03TS0
The mystery is what this data actually is:
- Based on repeating patterns, it's not compressed or encrypted
- Though the chip is ARM, it does not seem to be ARM instructions (though it could be a variant I'm not aware of)
- It doesn't seem like a "filesystem" (data layout), because I don't see any of the data matching things later in the file.
Any thoughts?
You're right. Thanks. I missed that before, because I was using a disassembler that was worthless.
The file seems to be ARM dissassembly, big-endian, raw. If I disassemble the whole thing with the (much better) disassembler, I get some logical regions like:
88: e10f0000 mrs r0, CPSR
8c: e38000c0 orr r0, r0, #192 ; 0xc0
90: e129f000 msr CPSR_fc, r0
94: e3a000d2 mov r0, #210 ; 0xd2
98: e169f000 msr SPSR_fc, r0
9c: e59f0388 ldr r0, [pc, #904] ; 42c
a0: e1a0d000 mov sp, r0
a4: e28f0008 add r0, pc, #8 ; 0x8
a8: e1a0e000 mov lr, r0
ac: e1b0f00e movs pc, lr
b0: e1a00000 mov r0,r0 (nop)
b4: e3a000d1 mov r0, #209 ; 0xd1
b8: e169f000 msr SPSR_fc, r0
However, there are still two strange regions, one at the top of the file, the other about 0x480 in, which disassemble as branches.
0: ea00000a b 30
4: ea00000d b 40
8: ea00001b b 7c
c: ea00000e b 4c
10: ea000010 b 58
14: ea000012 b 64
18: ea0000db b 38c
1c: ea000013 b 70
And the other:
490: ea00000a b 4c0
494: ea00000d b 4d0
498: ea00001b b 50c
49c: ea00000e b 4dc
4a0: ea000010 b 4e8
4a4: ea000012 b 4f4
Nothing jumps to those instructions, so unless it's someone's idea of debug info, it looks to me like garbage (meaning a header that shouldn't be disassembled). But I'm curious as to why it repeats if it is.
I think this might be progress!
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}