<f_>
Also I suspect "undefined8" is actually unsigned int.
<f_>
Still have to identify what all those FUN_* functions actually do and their proper names..
<f_>
But is anyone interested in the Ghidra project files?
<f_>
For e.g. helping me and stuff.
<f_>
Also forgot to mention, functions suffixed with "_new" are functions that (to my knowledge) didn't exist before and got added after Amlogic's BL2 obfuscation.
<f_>
e.g. lpddr_init_new
tyzef has quit [Ping timeout: 246 seconds]
tyzef has joined #linux-amlogic
<f_>
I also see lots of `_DAT_<address> = <value>;`, which I suspect to originally have been `wr_reg(<address>, <value>);`
<f_>
And since wr_reg is a macro, it expanded, giving us...that
<f_>
*it got expanded
<f_>
One thing to note too from the screenshot: they seem to run most of those DDR init functions in a do{}while() loop.
<f_>
..which is interesting.
jacobk has quit [Ping timeout: 240 seconds]
<f_>
I have something that may confirm chewitt's thoughts years ago.
<f_>
2020-10-27: <chewitt> I suspect they kept the bl2 code static, which is why we have separate firmware blobs in the fip sources
<f_>
if (!bVar3) { serial_puts(&DAT_d900959e); lpddr_init_new(1); break;}
<f_>
And this?
<f_>
bVar3 = false;
<f_>
if ((DAT_d900a000 == 0xf) && (DAT_d900a2ca == 0)) {
<f_>
<...>
<f_>
bVar3 = true;
<f_>
}
<f_>
Ok ignore what I just said.
jacobk has joined #linux-amlogic
<f_>
I have to say ghidra's decompiler is quite accurate tbh
<f_>
Now I know why coreboot developers use it for reverse-engineering (apparently)
jacobk has quit [Ping timeout: 250 seconds]
jacobk has joined #linux-amlogic
tyzef has quit [Ping timeout: 240 seconds]
<f_>
narmstrong: Would you like Ghidra project files? I added some notes and named some functions where that makes sense.
<f_>
I will say again, Ghidra's decompiler is quite accurate. I do think that's impressive.
<f_>
Well..not as accurate as giving the sources as functions and variables are unnamed ¯\_(ツ)_/¯
maku has quit [Ping timeout: 265 seconds]
Daanct12 has joined #linux-amlogic
Danct12 has quit [Ping timeout: 240 seconds]
<narmstrong>
f_: it must be interesting ! Maybe chargpt can help you understand some codes !
<narmstrong>
*chatgpt
<f_>
¯\_(ツ)_/¯
<f_>
The code actually looks more understandable than what one may think. Good job on that one, NSA.
<f_>
Ghidra is, according to some people, as good as IDA Pro!
<f_>
narmstrong: Most of the time the code looks the same as in the old sources, except that macros are already expanded, and functions as well as variables don't have meaningful names
<f_>
and ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ which means no macros!
<f_>
narmstrong: I can also see that a lot of code was left unchanged!
<f_>
aes_setkey() as found in plat/gxb/crypto/secureboot.c, for example, is exactly the same as the one found by Ghidra's decompiler!
<f_>
(just without any comments and macros, of course, and no meaningful names, too)
<f_>
But the logic is *exactly* the same.
<f_>
I can tell, however, that they did do some changes to DDR init.
<f_>
narmstrong: I honestly don't think ChatGPT is going to be useful.
<narmstrong>
Interesting ! It’s funny it didn’t change a lot