The Possibility of Fully Reverse Engineering the Firmware?

zenmaster · 09-02-2007

Hi all

Just so I'm clear in my head.

Can anyone in the world take the .bin firmware, reverse engineer it and build a new firmware with changes?

If this is not possible - what are our options to enhance the firmware without Meizu?

I would be very interested in arranging some tech. people to look into this, just need to know the options we have, who we would need etc.

Johnny

mfb · 09-02-2007

Reverse-engineering the whole firmware would be a bit harsh if you would ask me. It's much easier to reverse-engineering a part of it and port Rockbox to the M6.

What would be ever better is Meizu releasing sourcecode or specs however.

dravik · 09-02-2007

I don't think anyone at this forum knows how to do this..!

The only thing i can do is visual basic...:P

Lexridge · 09-02-2007

The firmware is most likely written in assembly language. It would be difficult to reverse engineer.

BobbyQ · 09-02-2007

Quote:

Originally Posted by Lexridge

The firmware is most likely written in assembly language. It would be difficult to reverse engineer.

if it were written in assembly language we would just have to disassemble it

reverse engineering normally describes the strategies to get back a readable "source code" of a high programming language.
I'd never spent my precious time on reverse engineering the Meizu Firmware. Why should I do Meizu's homework ?

DChronos · 09-02-2007

Heh, that's well put, BobbyQ... though someday if we got some people as devoted to trying as people are with game systems, I'm sure someone could build a new firmware, and changing everything. I think building from scratch would be the best option so that everything implemented could be incorporated and integrated into each part and stuff. It would take more work, but it would be nice to fix all the bugs as you built it instead of building over code that may work differently and have bugs.

kiloscott · 09-03-2007

Hey,

This may be of some help:

http://forum.videohelp.com/topic314821.html#1620786

This guy (probably Err0r's mailman) extracted the firmware off a Philips 5960 DVD player with a serial data cable and posted it to the group. Various coders screwed around with it, posted the results, and we all now have groovier 5960 players. I don't understand all the details, but, if you have expertise in this area, it does seem doable. He provides several useful photos and links.

Scott

gilliu00_ · 09-03-2007

sounds good

Lexridge · 09-03-2007

Quote:

Originally Posted by BobbyQ

if it were written in assembly language we would just have to disassemble it

reverse engineering normally describes the strategies to get back a readable "source code" of a high programming language.
I'd never spent my precious time on reverse engineering the Meizu Firmware. Why should I do Meizu's homework ?

Assembly is NOT like C. It is machine code. Lots of direct memory calls, and works strictly with binary addressing.

Here is a short snipplet for a Calculator program in x86 assm code:

Quote:

START:
;---------------------------------------------------------------------;
; TEST FOR PRESENCE OF CALCULATOR ;
;---------------------------------------------------------------------;
SUB AX,AX
MOV ES,AX
SUB BH,BH
MOV BL,INT_NUMBER
SHL BX,1
SHL BX,1
MOV DI,ES:[BX]
MOV ES,ES:[BX+2]
ADD DI,4
LEA SI,TAG
MOV CX,TAG_LEN
REPE CMPSB
JE CALL_CALC
MOV BX,SCREEN_HANDLE
MOV CX,MESSAGE_LEN
LEA DX,MESSAGE
MOV AH,40h
INT 21h
JMP SHORT CALC_EXIT
;---------------------------------------------------------------------;
; CALL CALCULATOR ;
;---------------------------------------------------------------------;
CALL_CALC:
MOV AL,INT_NUMBER
MOV BYTE PTR INT_CODE,AL
DB 0CDh ; INT
INT_CODE:
DB 00h
NOP
NOP

CALC_EXIT:
INT 20h

CALC ENDP

CODESEG ENDS
END CALC

Keep in mind that assm code written in x86 code will NOT work in the ARM Samsung chip used in the M6. Someone would have to learn the assm language for THAT PARTICULAR CPU. Lots of time involved, unless the reverse engineer already has that knowledge. It's certainly possible, just not plausible.

BobbyQ · 09-03-2007

Quote:

Originally Posted by Lexridge

Assembly is NOT like C.

who said it was.

DChronos · 09-03-2007

I think he was making a reference, as you had made it sound like disassembling the code was something somewhat easy in how you went about saying it... and maybe Lex can say that doing that with C code, that it works that way. If that's it, he was making a reference that disassembling the code wouldn't be like disassembling C code, it would be a lot harder and near impossible.

BobbyQ · 09-03-2007

yeah DChronos, disassembling is too complicated ...

audiofish · 09-03-2007

Quote:

Originally Posted by BobbyQ

yeah DChronos, disassembling is too complicated ...

Yes, that is in fact x86 code you did just disassemble there - congratulations (for anyone else who wants to try it open a command shell and type "debug calc.exe").

Now you just have to find a half decent ARM disassembler - there are only a handful around and none of them allow you to step through the code like you would with x86.

Once you have that you then need to interpret the machine code instructions. With a typical program you would find tens of thousands of pretty cryptic lines of these instructions.

Have fun, BobbyQ!

BobbyQ · 09-03-2007

audiofish, I said disassembling is easy. I never said reverse engineering is easy ! If you would like to refer to what I have said, please use the quote function.
Other than that, I see no reason to get offensive !

Quote:

Originally Posted by BobbyQ

reverse engineering normally describes the strategies to get back a readable "source code" of a high programming language.

Lexridge · 09-03-2007

Most programmers would most likely use Linux to disassemble ARM code, as there are many more tools (and ARM emulators) available for Linux than for Win32. There are several web pages dedicated to this. I will look them up later and post them. I used to have a lot of these tools when I used to hack on my Sharp Zaurus 5500.

zenmaster · 09-03-2007

Ah cool Lexridge, that would be a start.

Ok, from the comments, I understand that this isnt such a easy process. It would be handy to bribe a Meizu engineer and get the source or at least some proper documentation.

Maybe we could start a "Bribe the Engineer" donation fund.

Err0r · 09-03-2007

Quote:

Originally Posted by zenmaster

Ah cool Lexridge, that would be a start.

Ok, from the comments, I understand that this isnt such a easy process. It would be handy to bribe a Meizu engineer and get the source or at least some proper documentation.

Maybe we could start a "Bribe the Engineer" donation fund.

I don't know about donations. Last time I attempted to collect donations for a new server (Birthday Celebration), it ended up with 1 member out of 7,000+ donating.

trhent · 09-03-2007

Doesn't IDA also have an ARM dissembly function?

DChronos · 09-04-2007

This sounds pretty cool.

What's the possibility of someone being able to write new firmware compared to disassembling and reverse engineering?

Also, I had no idea there were emulators for that... What exactly IS ARM? What's it stand for?

To Err0r: when did that happen? Also, nowadays, most places online holding donations really don't get anyone to contribute, unfortunately... I've seen it all over. I'm donating something to the place hosting my site for free offering all they do because noone else does, and that's pretty cool they're doing that.

tacchan1 · 01-12-2008

nice idea ,but how to realize ?