Re: [colorforth] Disassembling the BIOS: presenting ciasdis
- Subject: Re: [colorforth] Disassembling the BIOS: presenting ciasdis
- From: "Ray St. Marie" <ray.stmarie@xxxxxxxxx>
- Date: Thu, 25 Nov 2004 02:08:43 -0600
Hi Albert,
Thank you for this :)
Please join us in IRC.FREENODE.NET
/join #c4th at 11 am gmt or noon your
time as your friend Tim Neitz is hosting a discussion
"Jump Tables and Arrays in ColorForth" this afternoon for 90 minutes
if you can attend
Ray St. Marie
On Thu, 25 Nov 2004 00:40:09 +0100, Albert van der Horst
<albert@xxxxxxxxxxxxxxxxxx> wrote:
> Hey folks,
> I have completed the first phase of my plan to crack the BIOS
> into compliance with colorforth, and other booting Forth's.
> It is a general purpose assembler/disassembler system.
> I have tried it out on my own Forth, and managed to recover
> an editable and understandable source. I have moved a definition
> of a word from the beginning to the end, and reassembled.
> For the specific data structures of my Forth, one can write
> a specific plug in of a few Forth words, to make a "crawler"
> something that follows the data structures of the object being
> analysed. I supply that as an attachment.
> This is the (slightly hyped) announcement I have made to
> comp.linux.announce. (The program runs also on the windows
> version of ciforth, but I have not tested that.)
>
> Like many things in Forth it turned out to be relatively easy
> to add label handling and two pass assembling of files to
> an existing Forth assembler. For the occasion I have embellished
> the assembler with all the missing Pentium instructions, notably
> floating point.
>
> ---------------------------------
> There is a war on. It is about whether the knowledge
> humanity is accumulating at an unprecedented pace, remains in the
> hands of a few, or is available to us all.
>
> An important role in this war is played by reverse engineering tools.
> My
> computer_intelligence_assembler_disassembler_386
> is such a tool.
> For convenience it is abbreviated ciasdis or cias/cidis 1) .
> Continuous pressure is applied to outlaw such tools, or give the
> impression that they are illegal. They are already outlawed to an extent,
> even in a traditionally liberal country like the Netherlands. Download
> before it is too late.
>
> http://home.hccnet.nl/a.w.m.van.der.horst/forthassembler.html
>
> This is version 0.1.0: an Alpha release. Draw no conclusions from that
> about reliability! Alpha only means that the specification can change
> depending on user reports. Large parts of this code base have been
> stable for years, in particular the PostIt-FixUp Intel assembler.
> (Once in Beta upwards compatibility will be maintained.)
>
> Needless to say, it is open source, and protected by the GNU Public
> License to stay that way. (``Open Source'' is not really open source.)
>
> This tool is like a sword, seemingly low-tech. It requires skill, but
> in close-combat it is as deadly as a machine-gun. All you need is a
> single 130 kbyte executable 2). It doesn't require anything particular
> to be installed, and runs probably on old kernels (1.2) and BSD's.
>
> Applications of reverse engineering are (not exhaustive):
> 1. Analyzing viruses
> 2. Plug vulnerabilities in closed source programs
> 3 Removing bugs from same
> 4. Finding copyright infringement and competition-exclusion in same
> 5. Adapting drivers to run on an Operating System of Your Own Choice
> 6. Recovering the lost source of a program
> 7. Analyzing a BIOS to allow Full Use of Your Hardware
> 8. (Requires above-average skill) Incorporating a DSP assembler, then
> analyze codec's.
> 9. Removing copy-protection or dongle-inspection and changing expiration
> dates.
>
> Of those only 9 is presently possibly illegal. If you want to provoke
> a trial process, please publish and distribute a .cul file separately
> from ciasdis, and don't implicate me. Because of the other facilities
> possession of this tool itself is legal (as yet, to my best knowledge,
> in most countries).
>
> Distinguishing features of ciasdis are:
> 1. Analysis is primarily interactive and cumulative, building a database.
> 2. Scripting is of the essential. Large programs are too
> time-consuming to analyze fully by hand. ciasdis allows to automate
> extracting names from undisclosed formats. (Traditional tools like
> gdb, GNU objdump, extract information from well organized, fully
> documented formats.)
> 3. It handles binaries where different types of information (code, data, tables)
> are interspersed.
> 4. A disassembly can be reassembled to byte-for-byte same code.
>
> Note: my assembler format has been called "it's hell". However,
> there is no way point 4 can be attained using the official Intel
> assembler language.
>
> The archive contains:
> 1. the source for cias/cidis
> 2. assemblers for Pentium, 80386, 8086, DEC Alpha, 6809, 8080 compatible with
> cias/cidis
> 3. an executable for GNU-Linux to analyze Intel x86 16/32 bits code,
> 4. Man pages for this executable(at 3).
> Man page for the script language. format of the scripts.
> 5. consult scripts for EXE and ELF, the headers of programs in Windows
> and GNU-Linux respectively.
> 6. an example of simple use
> 7. a large example generated with a dedicated script showing interspersed
> code, data and text areas
> 8. documentation for the principle of operation and the Intel assembler
> code.
>
> Ad 1 and 2 : you can use the sources supplied to build e.g. an executable to
> run on windows to analyze DEC Alpha programs.
>
> The bulk of the information in the large example was generated by a
> plug in script, extracting name information from the binary. This
> script is itself a result of the reverse engineering effort, tailored
> to the the binary. It serves to document its format too.
>
> Below you see a fragment of an analysis of lina (the underlying Forth
> compiler of cias/cidis), automatically generated, showing labels,
> pieces of text, a piece of threaded code and a piece of Intel
> assembler. (Forth compilers are notoriously difficult to analyze,
> traditional code crawling breaks down for threaded code.)
>
> ....
> ( 0804,AF18 ) :N_ALIGN d$ 5 0 0 0 "ALIGN" 90 90 90
> ( 0804,AF24 ) :X_ALIGN dl docol H_ALIGN H_U0 X_CHARS
> ( 0804,AF34 ) dl N_ALIGN 0000,0000
> ( 0804,AF3C ) :H_ALIGN dl X_DP X_@
> ( 0804,AF44 ) dl X_ALIGNED X_DP X_! semis
>
> ( 0804,AF54 ) :N_ALIGNED d$ 7 0 0 0 "ALIGNED" 90
> ( 0804,AF60 ) :X_ALIGNED dl H_ALIGNED H_ALIGNED 0000,0000 X_ALIGN
> ( 0804,AF70 ) dl N_ALIGNED 0000,0000
>
> ( 0804,AF78 ) :H_ALIGNED POP|X, AX|
> ( 0804,AF79 ) DEC|X, AX|
> ( 0804,AF7A ) ORI|A, B'| 0000,0003 IB,
> ( 0804,AF7C ) INC|X, AX|
> ( 0804,AF7D ) PUSH|X, AX|
> ( 0804,AF7E ) LODS, X'|
> ( 0804,AF7F ) JMPO, ZO| [AX]
> ( 0804,AF81 )
> ....
>
> If you are not impressed, this tool is not for you.
>
> 1)
> DISCLAIMER: for convenience you may use names like cias and cidis to
> link to computer_intelligence_assembler_disassembler_386 . Do this at
> your own risk. cias and cidis are trademarks owned by their respective
> owners, or will be so in the near future (like all 3,4 and 5 letter
> words.)
> 2) Plus Petabytes of information. I suggest the Internet.
>
> --
> Albert van der Horst,Oranjestr 8,3511 RA UTRECHT,THE NETHERLANDS
> One man-hour to invent,
> One man-week to implement,
> One lawyer-year to patent.
> albert@xxxxxxxxxxxxxxxxxx http://home.hccnet.nl/a.w.m.van.der.horst
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: colorforth-unsubscribe@xxxxxxxxxxxxxxxxxx
> For additional commands, e-mail: colorforth-help@xxxxxxxxxxxxxxxxxx
> Main web page - http://www.colorforth.com
>
>
>
--
Ray St. Marie
Rastm2 At users dot sourceforge dot net
Ray.StMarie AT gmail DOT com
Ray.StMarie AT sbcglobal DOT com
Raystm2 in irc.freenode.net /join #c4th #c4th-ot #forth #retro
---------------------------------------------------------------------
To unsubscribe, e-mail: colorforth-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: colorforth-help@xxxxxxxxxxxxxxxxxx
Main web page - http://www.colorforth.com
