Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ghidra-based AVR Lifter #1228

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Ghidra-based AVR Lifter #1228

wants to merge 3 commits into from

Commits on Mar 16, 2022

  1. initial scaffolding for the AVR target 

    Current State
-------------

1) Works with only the latest versions of LLVM (11 and above)
2) the instructions so far implemented: ADC, ADD, LDI

Design Issues
-------------

A unique feature of AVR is that it maps registers directly to RAM,
thus we theoretically can't represent registers as variables, but
instead shall model them as memory addresses[^1]. Treating
this AVR feature fairly, will render quite hard to read and to analyze
code. After digging through the forums, datasheets, compilers source
code, and grepping avr-objdump outputs, we can presume that C compilers
are not leveraging this feature and use normal reads and writes to
access registers, instead of loads and stores. And the memory-mapping
of registers is mostly reserved RAM-less AVR boards, where 32 register
plays the role of minimal RAM. Of course, it doesn't mean that the
malicious code can't exploit this.

With this in mind, we still decided to model AVR as normal
register-based machine but add a command-line option later, that will
enable a conservative model, that lacks registers. Formally, our
current lifter implementation (the one with registers) just assumes
that all addresses in load and stores operation are greater than 32.

[^1]: And yes, `*0 = 'B'` is a perfectly valid code on AVR that writes `0x42` into the `R0`
register.
    @ivg
    ivg committed Mar 16, 2022
    Configuration menu
    Copy the full SHA
    3d123cd View commit details
    Browse the repository at this point in the history

  2. uses ghidra backend for AVR lifter and disassembler

    @ivg
    ivg committed Mar 16, 2022
    Configuration menu
    Copy the full SHA
    a20bac0 View commit details
    Browse the repository at this point in the history

  3. implements AVR ABI and refines AVR targets

    @ivg
    ivg committed Mar 16, 2022
    Configuration menu
    Copy the full SHA
    9f8e2c5 View commit details
    Browse the repository at this point in the history