IDA disassembly / projects

nando

New Member
Anyone have an existing IDA project they would share? It's a lot easier to wrap your head around something with an existing example to look at. I don't really care what game or how finished it is, I just want to see how it is set up.

I actually have a lot of IDA experience - but mostly embedded systems (PCMs/ECUs/DMEs). I found a Saturn memory map and the yabause IDA plugin to get me started.

I beat my head against the wall trying to manually hack Sega Rally all day yesterday. It's just too hard without knowing what's going on inside the system.

I'm hoping using an emulator along with IDA will be a heck of a lot easier than the embedded machines I've done before - I had no way to step through code and getting useful memory states wasn't very easy either.
 

slinga

Member
I've been using Ghidra to reverse engineer and recompile a 480P homebrew demo: 480p Homebrew Source Code Examples?. I was hoping it would be an easy project to learn on but it's been painful to be honest. The decompiler isn't as useful as I thought it would be, there are definitely times I prefer looking at the disassembly.

I didn't realize IDA added SH2 support as well. At least back in the day it only supported SH-3\SH-4. It looks like CyberWarriorX's IDA plugin uses SH3b whereas the Retro Reversing one uses SH2.

Edit: fixed link to CyberWarriorX's IDA plugin.
 
Last edited:

nando

New Member
Cool, I didn't realize there were other plugins. That's a huge benefit - basically everything I've done until now, I had to do from scratch because nobody else ever tried.

I did make a little progress playing with the car models, but it's more of a distraction for now. So far I've managed to swap sound effects, lol.

I need to learn how to build a Saturn ISO from files - modifying it directly is painful. Plus eventually I'll want to be able to add/replace files without having to fit into the original space.
 

nando

New Member
Heh, I realized that both links you posted are the same. However, I did learn something - I can select SH3 (which is backwards compatible) and it will work for the Saturn.
 

cafe-alpha

Member
Unless I'm missing something, IDA Pro is quite a pricey software (2K$ IIRC, and the free version doesn't supports SH2 IIRC too), so even if it is powerful I can't afford a license for it.

In comparison, Ghidra is really appealing, but similarly to @slinga's opinion, it's a bit painful to use. If there could be a knowledge base about the common operations when reverse-engineering something, it could provide a lot of help to the community.

Personally, I really would like to use the decompilation engine from a third party program. Concretely speaking, it would be a good idea to have decompilation result near SH-2 disassembly in Yabause debugger :)
 

nando

New Member
The entry price is steep for sure. But it has more than paid for itself to me. Plus, there's many cracked versions out there if needed. They don't get official support, but what do you expect. Even using the software effectively is basically “If you have to ask, you'll never know. If you know, you need only ask.”

Anyway, I'm not advocating IDA over free alternatives, it's just what I have, and have the most experience with (probably thousands of hours), so that's what I'm asking about. I'd be more than happy to share anything I learn.
 

slinga

Member
Heh, I realized that both links you posted are the same. However, I did learn something - I can select SH3 (which is backwards compatible) and it will work for the Saturn.
Sorry about that, I corrected the links. CyberWarriorX and RetroReversing both have IDA Saturn loaders. It looks like RR's is a Python rewrite of CWX's. Apparently some time after CWX wrote his plugin IDA added SH2 proper support. It's documented on their processors page: Supported Processors – Hex Rays. I can't remember exactly but I feel like SH3 was *almost* backwards compatible with SH2. Like there are a few instructions or encodings that weren't the same. So assuming you have a newish IDA Pro Advanced you should have SH2 support out of the box.

Personally, I really would like to use the decompilation engine from a third party program. Concretely speaking, it would be a good idea to have decompilation result near SH-2 disassembly in Yabause debugger
I don't want to hijack Nando's thread about IDA, but there exist multiple projects to embedd Ghidra's decompiler into other projects. There is Chris Eagle's blc which integrates Ghidra's decompiler into IDA. There is also radareorg/r2ghidra-dec which integrates Ghidra's decompiler into Radare. As Ghidra's decompiler is one of the few components written in C++ instead of Java it shouldn't be hard to integrate with Yabause. I'm not familiar with the internals of Ghidra's decompiler but I imagine separating it from the rest of Ghidra will make decompilation even worse.
 

nando

New Member
Sorry about that, I corrected the links. CyberWarriorX and RetroReversing both have IDA Saturn loaders. It looks like RR's is a Python rewrite of CWX's. Apparently some time after CWX wrote his plugin IDA added SH2 proper support. It's documented on their processors page: Supported Processors – Hex Rays. I can't remember exactly but I feel like SH3 was *almost* backwards compatible with SH2. Like there are a few instructions or encodings that weren't the same. So assuming you have a newish IDA Pro Advanced you should have SH2 support out of the box.



I don't want to hijack Nando's thread about IDA, but there exist multiple projects to embedd Ghidra's decompiler into other projects. There is Chris Eagle's blc which integrates Ghidra's decompiler into IDA. There is also radareorg/r2ghidra-dec which integrates Ghidra's decompiler into Radare. As Ghidra's decompiler is one of the few components written in C++ instead of Java it shouldn't be hard to integrate with Yabause. I'm not familiar with the internals of Ghidra's decompiler but I imagine separating it from the rest of Ghidra will make decompilation even worse.
Even better!

I see where having the disassembler built into the emulator would be hugely beneficial though. Hmm. A bit out of my wheelhouse though.
 

cafe-alpha

Member
Thank you for the information, @slinga :) I thought that everything in Ghidra was written in Java hence gave up it re-using code from there. But if the core is written in C++ then it may be more doable than initially thought.

@nando : the "If you have to ask, you'll never know. If you know, you need only ask." point is true for a lot of niche software, including IDA unfortunately.
 

slinga

Member
Just to be clear the vast majority of Ghidra is written in Java. The decompiler is one of the few components that is written in C++.
 

cafe-alpha

Member
I know : when I took a look on Ghidra sources, I came across on Java so that ... I didn't looked more and (wrongly) considered re-using something from this project as a lost cause for me :)
 
Top