EEVblog Electronics Community Forum
Electronics => Microcontrollers => Topic started by: giumma59 on March 21, 2021, 07:53:17 am
-
I extracted the software from the atmega328 from my Victor Vc2002 signal generator. now I see it in .bin format. I wonder if there is a way to be able to decode it and understand how the software was written.
-
This may help, but be prepared to learn assembly code.
Assembly programming isn't all that hard if you know normal programming, but it is very, well.. 'raw'.
https://stackoverflow.com/questions/5141177/atmel-avr-disassembler
-
Turning raw machine code back into high level language sourcecode is near impossible. Its like trying to turn an over-cooked 'mystery meat' burger back into a living animal. If you know the processor and external peripherals (and their connections), and the exact compiler version used, and have reverse engineered that compiler's code generator its a little easier - more like cloning a cow from a raw beefburger.
The odds are fairly high that any ATmega328 firmware written in the last decade or so was written in C/C++ and there's a reasonable chance it was compiled with AVR GCC. However, even knowing the processor and suspecting your firmware dump *MAY* originally be a C program you are in for a long, steep learning curve and a massive amount of work, that even an experienced AVR developer would balk at. It would be far easier to reverse engineer the hardware, then recreate the software from scratch, based on the specifications and observed UI of the sample unit.
-
What helps is the relative simplicity of the AVR architecture and its instruction set, and relatively large number of registers. So code usually isn't excessively long and it's quite linear.
But deducing the programmer's intent from the disassembly is very tedious and time-consuming because you are left without any high-level code structures, variable and function names, let alone comments.
If the disassembler can automatically detect IO port memory addresses and replace them with the datasheet names (like USART1_CR and so on), it will help, but you can search&replace it manually. Still, it's hard to see why the programmer reads memory from address 1234, increases it by 1, then stores back to address 1234; the original code might have had: millisecond_counter++;
-
For assembler geeks and compiler nerds playing at home,
https://onlinedisassembler.com/odaweb/
-
Tried with guidra...didn't like it, only half of the program was decompiled. It only supports AVR8, while the atmega328p is AVR5...
IDA Pro doesn't support the 328p, but has the 128p (same architecture). However it doesn't support decompiling.
Small writeup that coudl be interesting:
https://github.com/nononovak/otwadvent2019-ctfwriteup/blob/master/day9_grinchnet.md
Here you have a nice script for decompiling binaries:
https://electronics.stackexchange.com/questions/16670/avr-disassembler-with-named-register-support
However it seems you'll be stuck with asssembly. That will take a lot of time, breaking the code in subroutines and figuring out what they do.
-
Maybe try IDA from hex-rays
https://www.hex-rays.com/products/decompiler/ (https://www.hex-rays.com/products/decompiler/)
-
Maybe try IDA from hex-rays
https://www.hex-rays.com/products/decompiler/ (https://www.hex-rays.com/products/decompiler/)
Unfortunately there's no AVR processor support, so that's a hard *NO*.
Currently the decompiler supports compiler generated code for the x86, x64, ARM32, ARM64, and PowerPC processors. We plan to port it to other platforms in the future.
-
I extracted the software from the atmega328 from my Victor Vc2002 signal generator. now I see it in .bin format. I wonder if there is a way to be able to decode it and understand how the software was written.
How did you extract the bin file?
I note it only contains 4k bytes, a fairly large part of which is filled with 0xff. So, there does not seem to be much code there (I'm not familiar with the VC2002 though, maybe it is a very simple device).
It also does not appear to contain a valid interrupt vector area, not even a jump for reset.
-
Tried with guidra...didn't like it, only half of the program was decompiled. It only supports AVR8, while the atmega328p is AVR5...
ATmega328P is AVR8. Ghidra would like it just fine, if your dump were valid. Disassembly is only the first and quickest of many steps toward understanding the firmware. I don't know what you're trying to accomplish, but just getting a somewhat valid disassembly is the easy part.
As ozcar has pointed out, your dump seems to be incomplete / invalid.