Author Topic: How do you deal with stray code?  (Read 1465 times)

0 Members and 1 Guest are viewing this topic.

Offline technix

  • Super Contributor
  • ***
  • Posts: 2758
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
How do you deal with stray code?
« on: October 19, 2018, 01:18:37 am »
What do I mean stray code: when you buy used components with nonvolatile memory online, the previous owner or the seller might not have wiped the chip.

For my old MCU and EEPROM I purchased I always test the chip before marking it as accepted on Taobao using my universal programmer, but from time to time this process reveals code stray on the chip. Usually I save it before wiping the chip, but how should I deal with those saved ROM images? I have no idea what hardware the code is for, often not knowing that architecture the code is for. (There was once that from some old AT28C256 revealed BIOS code for some SCSI card...)
 

Offline Ampera

  • Super Contributor
  • ***
  • Posts: 2217
  • Country: us
Re: How do you deal with stray code?
« Reply #1 on: October 19, 2018, 01:24:30 am »
I usually call up Assembly Control, and have the stray images taken to the local pound for either adoption or euthanasia.

If it's just random code on some random PROM, save it, make sure it's not important, then toss it, unless you want it. It's like buying a used wallet and finding a library card in it, there's really just nothing much it does to you.
C Programmer, Legacy hardware enthusiast, perpetually off-his-rocker madman.
If it's broken, I probably did it.
 
The following users thanked this post: PointyOintment, tooki, newbrain, NivagSwerdna

Offline taydin

  • Frequent Contributor
  • **
  • Posts: 279
  • Country: tr
Re: How do you deal with stray code?
« Reply #2 on: October 19, 2018, 01:47:57 am »
I think the OP wants to know how to determine CPU architecture, given only machine code.

I don't think there is an automated way to do this. But what would be possible is to build a list of possible architectures, disassemble for each, and then see if the assembly code generated is sensible. For example, subroutine calls should have proper prologue/epilogue at entry/exit, some registers should be loaded upon entering a subroutine and result should be stored in a register before returning.

A human programmer can easily tell if a given disassembled code is REALLY code or if it's just a random bunch of bytes. This would be quite harder to do automatically using a software.
Real programmers use machine code!

My hobby projects http://mekatronik.org/forum
 

Offline technix

  • Super Contributor
  • ***
  • Posts: 2758
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: How do you deal with stray code?
« Reply #3 on: October 19, 2018, 02:05:05 am »
I think the OP wants to know how to determine CPU architecture, given only machine code.

I don't think there is an automated way to do this. But what would be possible is to build a list of possible architectures, disassemble for each, and then see if the assembly code generated is sensible. For example, subroutine calls should have proper prologue/epilogue at entry/exit, some registers should be loaded upon entering a subroutine and result should be stored in a register before returning.

A human programmer can easily tell if a given disassembled code is REALLY code or if it's just a random bunch of bytes. This would be quite harder to do automatically using a software.
Will I get in trouble if I upload an example for you guys to see?
 

Offline taydin

  • Frequent Contributor
  • **
  • Posts: 279
  • Country: tr
Re: How do you deal with stray code?
« Reply #4 on: October 19, 2018, 02:13:17 am »
Will I get in trouble if I upload an example for you guys to see?

What you are trying to do is a time consuming process, and you are not likely to find somebody that will do it for free.

But if I were you, I would get the IDA Pro disassembler, which supports disassembly of many different CPU architectures. It can also detect libraries of many toolchains automatically, using FLIRT (  ;D ) technology. I have no idea how much IDA costs, if you are a hobbyist, it might be too expensive.
Real programmers use machine code!

My hobby projects http://mekatronik.org/forum
 

Offline technix

  • Super Contributor
  • ***
  • Posts: 2758
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: How do you deal with stray code?
« Reply #5 on: October 19, 2018, 02:22:17 am »
Will I get in trouble if I upload an example for you guys to see?

What you are trying to do is a time consuming process, and you are not likely to find somebody that will do it for free.

But if I were you, I would get the IDA Pro disassembler, which supports disassembly of many different CPU architectures. It can also detect libraries of many toolchains automatically, using FLIRT (  ;D ) technology. I have no idea how much IDA costs, if you are a hobbyist, it might be too expensive.
I don't have IDA Pro and I am not really interested in finding out what the processor is - that might as well be configuration data for all I know. What I am asking is what is the polite and safe way of handling it.
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 7037
  • Country: gb
Re: How do you deal with stray code?
« Reply #6 on: October 19, 2018, 02:50:57 am »
You need cpu_rec: https://github.com/airbus-seclab/cpu_rec ... this is a plugin for binwalk https://github.com/ReFirmLabs/binwalk

Dump the EPROM onto your PC then run it through that

Once you've got the architecture nailed down, find a disassembler for it.

Beware though that you will get false positives. Also some architectures are 16-bit wide so you might only have 8 of those bits at which point you are screwed :)

Also worth running "strings" on it to look for ASCII stuff.

Disclaimer: I've never done this at all. Not once  :-DD
« Last Edit: October 19, 2018, 02:52:48 am by bd139 »
 

Offline NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 1493
  • Country: gb
Re: How do you deal with stray code?
« Reply #7 on: October 19, 2018, 03:10:00 am »
I got one recently... all locations had FF.   I wonder what architecture and opcode FF is for?

;)

PS
The ones containing explicit images can be used for blackmail of the original seller
 
The following users thanked this post: bd139

Offline technix

  • Super Contributor
  • ***
  • Posts: 2758
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: How do you deal with stray code?
« Reply #8 on: October 19, 2018, 03:49:44 am »
I got one recently... all locations had FF.   I wonder what architecture and opcode FF is for?

;)

PS
The ones containing explicit images can be used for blackmail of the original seller
That means the chip you bought was new or properly wiped before shipping. Mine wasn't wiped at all and had non-FF code in it.
 

Online rstofer

  • Super Contributor
  • ***
  • Posts: 4911
  • Country: us
Re: How do you deal with stray code?
« Reply #9 on: October 19, 2018, 03:57:27 am »
I got one recently... all locations had FF.   I wonder what architecture and opcode FF is for?

;)

PS
The ones containing explicit images can be used for blackmail of the original seller
That means the chip you bought was new or properly wiped before shipping. Mine wasn't wiped at all and had non-FF code in it.

Why mess around?  Trying to analyze bytes is an infinite time sink.  Erase the thing and more on!
 

Online Mechatrommer

  • Super Contributor
  • ***
  • Posts: 8247
  • Country: my
  • reassessing directives...
Re: How do you deal with stray code?
« Reply #10 on: October 19, 2018, 04:03:53 am »
yes a good time waster. who knows you might find pamela anderson in it or bill gates' bank account number.
if something can select, how cant it be intelligent? if something is intelligent, how cant it exist?
 

Offline Siwastaja

  • Super Contributor
  • ***
  • Posts: 1367
  • Country: fi
Re: How do you deal with stray code?
« Reply #11 on: October 19, 2018, 04:18:24 am »
How about shopping lists you find on shopping mall floors? What do you do with them?  :palm:
 
The following users thanked this post: kony, PointyOintment, newbrain

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 11648
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: How do you deal with stray code?
« Reply #12 on: October 19, 2018, 05:44:31 am »
Well... being an open-ended task, do it the same you'd do anything else.

Stare at it a while.

Is it repeating?  Might be tables of some sort.

Any ASCII (or EBCDIC, or other encoding for that matter) apparent?

As mentioned, if it's slices of a 16 (or more) bit bus, you'll see that more obviously in human-readable formats like ASCII, but less so in others...

Basic stat and crypto checks: do a frequency analysis.  Do an entropy analysis.  Look for sentinel codes, or magic numbers.  Look for checksums or hashes (often at the top or bottom of the image).

If it's very high entropy, it's possible it is compressed or encrypted.  Would be unusual for a ROM I would think, but who knows.  Back in the ROM days, that sort of thing was rather expensive to do, except when absolutely needed (and that, mainly for tape and demo purposes?).

If you aren't familiar with many (or any) instruction sets, binary will just look like gibberish to you.  You'll have to learn a few first -- x86, Z80, 6502 and 68k might be good starting points.  This will take the better part of a year; queue up some projects to use each one, so you have motivation.

Offhand, I know that:
- Z80 machine code is pretty simple, and makes frequent use of middling-range (ASCII readable) codes.  This can make it difficult to eyeball if a passage is code or data!
- x86 tends to be noisier, with occasional patches of recognizable offsets (e.g., load-immediate, absolute address, index indirect..).  That is, groupings of similar numbers keep appearing, often either small addresses or offsets or values (say "01 00" = 0x0001), or addresses to the same region of memory (0x70a4, 0x70a8, ..) suggesting a data segment there.  The most recognizable, and usefully so, opcodes are push reg: you regularly see a "PQR" in the hex dump, for something like PUSH BP / MOV BP, SP / PUSH SI ..., or whatever they actually are.  In other words, normal (Intel ABI) function preamble!
- I haven't worked with other instruction sets in raw format very much, but the other ones that I'm familiar with are unlikely to be found in EPROMs anyway (e.g. AVR).  So, thus ends my flavor text. 8)

If nothing else, feel free to send them to someone who loves archiving stray code, like Jason Scott. :-DD

Tim
« Last Edit: October 19, 2018, 05:53:10 am by T3sl4co1l »
Seven Transistor Labs, LLC
Electronic Design, from Concept to Layout.
Need engineering assistance? Drop me a message!
 

Offline bson

  • Supporter
  • ****
  • Posts: 1293
  • Country: us
Re: How do you deal with stray code?
« Reply #13 on: October 19, 2018, 08:38:27 am »
Folks, spay your codes or they will go stray!
 
The following users thanked this post: BillyD

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 1035
  • Country: fr
Re: How do you deal with stray code?
« Reply #14 on: October 19, 2018, 12:20:46 pm »
What I am asking is what is the polite and safe way of handling it.

Polite and safe: just erase the chips and move on. If you're extra polite, you may even warn the seller about existing data. But I wouldn't bother. It's the responsibility of someone selling storage devices to take care of privacy issues and erase them before selling. If they didn't, why would you even care?

Now if you are curious and just want to take a peek at the data - which doesn't seem to be the case - have at it. Guess that would be some rather concrete case of "data mining". ;D
 

Offline technix

  • Super Contributor
  • ***
  • Posts: 2758
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: How do you deal with stray code?
« Reply #15 on: October 19, 2018, 04:45:33 pm »
How about shopping lists you find on shopping mall floors? What do you do with them?  :palm:
Executable code of unknown architecture is inherently more interesting than shopping lists of library cards.
 
The following users thanked this post: mrpackethead

Offline NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 1493
  • Country: gb
Re: How do you deal with stray code?
« Reply #16 on: October 20, 2018, 02:19:01 am »
Slightly related.... when identifying ROMs from Arcade machines http://romident.coinopflorida.com/ is very useful.  Basically it runs a CRC and compares it to the known ROM checksums in MAME.

Interestingly the ROM I left by the Window and just checked is the same architecture/instruction set as the other ones I had... all FFs...   ;)
 

Offline technix

  • Super Contributor
  • ***
  • Posts: 2758
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: How do you deal with stray code?
« Reply #17 on: October 20, 2018, 02:48:11 am »
Slightly related.... when identifying ROMs from Arcade machines http://romident.coinopflorida.com/ is very useful.  Basically it runs a CRC and compares it to the known ROM checksums in MAME.

Interestingly the ROM I left by the Window and just checked is the same architecture/instruction set as the other ones I had... all FFs...   ;)
The Sun can erase quartz window EPROMs given enough time.
 

Offline Bruce Abbott

  • Frequent Contributor
  • **
  • Posts: 604
  • Country: nz
    • Bruce Abbott's R/C Models and Electronics
Re: How do you deal with stray code?
« Reply #18 on: October 20, 2018, 04:53:25 am »
Usually I save it before wiping the chip,
Why?
 

Offline technix

  • Super Contributor
  • ***
  • Posts: 2758
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: How do you deal with stray code?
« Reply #19 on: October 20, 2018, 05:11:55 am »
Usually I save it before wiping the chip,
Why?
Just in case someone might regret losing that chip’s data.
 

Offline NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 1493
  • Country: gb
Re: How do you deal with stray code?
« Reply #20 on: October 20, 2018, 07:42:48 am »
Usually I save it before wiping the chip,
Why?
Just in case someone might regret losing that chip’s data.
I always save a hex dump of my ROMs that contain all FFs just in case.  ;)
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 1035
  • Country: fr
Re: How do you deal with stray code?
« Reply #21 on: October 20, 2018, 11:31:14 am »
I always save a hex dump of my ROMs that contain all FFs just in case.  ;)

 :-DD
 

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 11648
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: How do you deal with stray code?
« Reply #22 on: October 20, 2018, 01:19:07 pm »
You should erase your EPROMs with a UV laser pointer, so you have a steady supply of hand-crafted, bespoke artisinal bits and 0xFFs. ;D

Tim
Seven Transistor Labs, LLC
Electronic Design, from Concept to Layout.
Need engineering assistance? Drop me a message!
 
The following users thanked this post: NivagSwerdna, bd139

Offline rrinker

  • Super Contributor
  • ***
  • Posts: 1716
  • Country: us
Re: How do you deal with stray code?
« Reply #23 on: October 23, 2018, 02:02:57 am »
 The images tend to be crude on some of those older low density EEPROMS though, no matter how good your laser pointer is.
The larger ones though - release that inner van Gogh!
 

Offline james_s

  • Super Contributor
  • ***
  • Posts: 6442
  • Country: us
Re: How do you deal with stray code?
« Reply #24 on: October 23, 2018, 02:58:39 am »
I usually dump any random ROMs I find and browse through it for recognizable strings. Occasionally I find something potentially useful or interesting like the BIOS from some vintage PC or peripheral, other times it's just interesting to see what's there.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf