Initial commit

Author: sronco

.gitignore

@@ -0,0 +1,11 @@
+*.pdf
+
+/*
+
+!/src/
+!/data/
+!/README.md
+!/Module.manifest
+!/extension.properties
+!/build.gradle
+!/.gitignore

Module.manifest

@@ -0,0 +1,8 @@
+# Ghidra Sunplus S+core7 #
+
+This extension is intended to assist in the reverse engineering of the Mattle Hyperscan and implements only the features/opcodes used in the Hyperscan firmware/games.
+
+
+### Known missing features: ###
+* 16-bit parallel execution
+* rorc, rolc, roric, rolic, lcb, lcw, lce, scb, scw, sce opcodes

README.md

@@ -0,0 +1,33 @@
+// Builds a Ghidra Extension for a given Ghidra installation.
+//
+// An absolute path to the Ghidra installation directory must be supplied either by setting the 
+// GHIDRA_INSTALL_DIR environment variable or Gradle project property:
+//
+//     > export GHIDRA_INSTALL_DIR=<Absolute path to Ghidra> 
+//     > gradle
+//
+//         or
+//
+//     > gradle -PGHIDRA_INSTALL_DIR=<Absolute path to Ghidra>
+//
+// Gradle should be invoked from the directory of the project to build.  Please see the
+// application.gradle.version property in <GHIDRA_INSTALL_DIR>/Ghidra/application.properties
+// for the correction version of Gradle to use for the Ghidra installation you specify.
+
+//----------------------START "DO NOT MODIFY" SECTION------------------------------
+def ghidraInstallDir
+
+if (System.env.GHIDRA_INSTALL_DIR) {
+	ghidraInstallDir = System.env.GHIDRA_INSTALL_DIR
+}
+else if (project.hasProperty("GHIDRA_INSTALL_DIR")) {
+	ghidraInstallDir = project.getProperty("GHIDRA_INSTALL_DIR")
+}
+
+if (ghidraInstallDir) {
+	apply from: new File(ghidraInstallDir).getCanonicalPath() + "/support/buildExtension.gradle"
+}
+else {
+	throw new GradleException("GHIDRA_INSTALL_DIR is not defined!")
+}
+//----------------------END "DO NOT MODIFY" SECTION-------------------------------

build.gradle

@@ -0,0 +1,15 @@
+The "data" directory is intended to hold data files that will be used by this module and will
+not end up in the .jar file, but will be present in the zip or tar file.  Typically, data
+files are placed here rather than in the resources directory if the user may need to edit them.
+
+An optional data/languages directory can exist for the purpose of containing various Sleigh language
+specification files and importer opinion files.  
+
+The data/build.xml is used for building the contents of the data/languages directory.
+
+The skel language definition has been commented-out within the skel.ldefs file so that the 
+skeleton language does not show-up within Ghidra.
+
+See the Sleigh language documentation (docs/languages/sleigh.htm or sleigh.pdf) for details
+on Sleigh language specification syntax.
+ 

data/README.txt

@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  + Compile sleigh languages within this module.
+  + Eclipse: right-click on this file and choose menu item "Run As->Ant Build"
+  + From command line (requires ant install)
+  +    - cd to data directory containing this file
+  +    - run ant
+  -->
+                                     
+<project name="privateBuildDeveloper" default="sleighCompile">
+	
+	<property name="sleigh.compile.class" value="ghidra.pcodeCPort.slgh_compile.SleighCompile"/>
+
+	<property name="repo.dir" value="../../../.." />
+	<property name="repo.marker.dir" value="${repo.dir}/.git" />
+	
+	<!--Import optional ant properties.  GhidraDev Eclipse plugin produces this so this file can find the Ghidra installation-->
+	<import file="../.antProperties.xml" optional="true" />
+	
+	<condition property="devmode">
+		<available file="${repo.marker.dir}" type="dir" />
+	</condition>
+
+	<target name="buildSleighClasspathDev" if="devmode">
+		
+		<property name="framework.path" value="${repo.dir}/../ghidra.git/Ghidra/Framework"/>
+		<property name="libs.path" value="${repo.dir}/../ghidra.bin.git/ExternalLibraries/libsForRuntime"/>
+		
+		<path id="sleigh.class.path">
+			<pathelement location="${framework.path}/SoftwareModeling/bin"/>
+			<pathelement location="${framework.path}/Generic/bin"/>
+			<pathelement location="${framework.path}/Utility/bin"/>
+			<fileset dir="${libs.path}">
+				<include name="*.jar"/>
+			</fileset>
+		</path>
+			
+		<available classname="${sleigh.compile.class}" classpathref="sleigh.class.path" property="sleigh.compile.exists"/>
+			
+	</target>
+	
+	<target name="buildSleighClasspathDist" unless="devmode">
+
+		<!-- If language module is detached from installation, get Ghidra installation directory path from imported properties -->
+		<condition property="framework.path" value="${ghidra.install.dir}/Ghidra/Framework" else="../../../Framework">
+			<available file="${ghidra.install.dir}" type="dir" />
+		</condition>
+		
+		<path id="sleigh.class.path">
+			<fileset dir="${framework.path}/SoftwareModeling/lib">
+				<include name="*.jar"/>
+			</fileset>
+			<fileset dir="${framework.path}/Generic/lib">
+				<include name="*.jar"/>
+			</fileset>
+			<fileset dir="${framework.path}/Utility/lib">
+				<include name="*.jar"/>
+			</fileset>
+		</path>
+		<available classname="${sleigh.compile.class}" classpathref="sleigh.class.path" property="sleigh.compile.exists"/>
+			
+	</target>	
+		
+	<target name="sleighCompile" depends="buildSleighClasspathDist, buildSleighClasspathDev">
+	    
+		<fail unless="sleigh.compile.exists" />
+		
+		<java classname="${sleigh.compile.class}"
+			classpathref="sleigh.class.path"
+			fork="true"
+			failonerror="true">
+			<jvmarg value="-Xmx2048M"/>
+			<arg value="-a"/>
+			<arg value="./languages"/>
+		</java>
+		
+ 	</target>
+
+</project>

data/build.xml

@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<compiler_spec>
+  <data_organization>
+     <absolute_max_alignment value="0" />
+     <machine_alignment value="2" />
+     <default_alignment value="1" />
+     <default_pointer_alignment value="4" />
+     <pointer_size value="4" />
+     <wchar_size value="4" />
+     <short_size value="2" />
+     <integer_size value="4" />
+     <long_size value="4" />
+     <long_long_size value="8" />
+     <float_size value="4" />
+     <double_size value="8" />
+     <long_double_size value="8" />
+     <size_alignment_map>
+          <entry size="1" alignment="1" />
+          <entry size="2" alignment="2" />
+          <entry size="4" alignment="4" />
+          <entry size="8" alignment="8" />
+     </size_alignment_map>
+  </data_organization>
+  <global>
+    <range space="RAM"/>
+  </global>
+  <stackpointer register="r0" space="RAM" growth="negative"/>
+  <returnaddress>
+    <varnode space="register" offset="12" size="4"/>
+  </returnaddress>
+  <funcptr align="2"/>
+  <default_proto>
+    <prototype name="__stdcall" extrapop="0" stackshift="0" strategy="register">
+      <input>
+        <pentry minsize="1" maxsize="4">
+          <register name="r4"/>
+        </pentry>
+        <pentry minsize="1" maxsize="4">
+          <register name="r5"/>
+        </pentry>
+        <pentry minsize="1" maxsize="4">
+          <register name="r6"/>
+        </pentry>
+        <pentry minsize="1" maxsize="4">
+          <register name="r7"/>
+        </pentry>
+        <pentry minsize="5" maxsize="8">
+          <addr space="join" piece1="r5" piece2="r4"/>
+        </pentry>
+        <pentry minsize="5" maxsize="8">
+          <addr space="join" piece1="r6" piece2="r7"/>
+        </pentry>
+        <pentry minsize="1" maxsize="500" align="4">
+          <addr offset="8" space="stack"/>
+        </pentry>
+      </input>
+      <output killedbycall="true">
+        <pentry minsize="1" maxsize="4">
+          <register name="r4"/>
+        </pentry>
+        <pentry minsize="5" maxsize="8">
+          <addr space="join" piece1="r5" piece2="r4"/>
+        </pentry>
+      </output>
+      <unaffected>
+        <register name="r0"/>
+        <register name="r2"/>
+        <register name="r3"/>
+        <register name="r12"/>
+        <register name="r13"/>
+        <register name="r14"/>
+        <register name="r15"/>
+        <register name="r16"/>
+        <register name="r17"/>
+        <register name="r18"/>
+        <register name="r19"/>
+        <register name="r20"/>
+        <register name="r21"/>
+        <register name="r28"/>
+        <register name="r29"/>
+        <register name="r30"/>
+        <register name="r31"/>
+      </unaffected>
+      <killedbycall>
+        <register name="r1"/>
+      </killedbycall>
+    </prototype>
+  </default_proto>
+</compiler_spec>

data/languages/Score7.cspec

@@ -0,0 +1,9 @@
+<dwarf>
+	<register_mappings>
+		<register_mapping dwarf="0" ghidra="r0" stackpointer="true"/> <!-- r0 -->
+		<register_mapping dwarf="1" ghidra="r1" auto_count="31"/> <!-- r1..r31 -->
+		<register_mapping dwarf="49" ghidra="PC"/>
+		<register_mapping dwarf="54" ghidra="CEH"/>
+		<register_mapping dwarf="55" ghidra="CEL"/>
+	</register_mappings>
+</dwarf>

data/languages/Score7.dwarf

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<language_definitions>
+  <language processor="Score7"
+            endian="little"
+            size="32"
+            variant="default"
+            version="1.4"
+            slafile="Score7_le.sla"
+            processorspec="Score7.pspec"
+            manualindexfile="../manuals/Score7.idx"
+            id="Score7:LE:32:default">
+    <description>Sunplus S+core7 little endian</description>
+    <compiler name="default" spec="Score7.cspec" id="default"/>
+    <external_name tool="DWARF.register.mapping.file" name="Score7.dwarf"/>
+  </language>
+
+  <language processor="Score7"
+            endian="big"
+            size="32"
+            variant="default"
+            version="1.4"
+            slafile="Score7_be.sla"
+            processorspec="Score7.pspec"
+            manualindexfile="../manuals/Score7.idx"
+            id="Score7:BE:32:default">
+    <description>Sunplus S+core7 big endian</description>
+    <compiler name="default" spec="Score7.cspec" id="default"/>
+    <external_name tool="DWARF.register.mapping.file" name="Score7.dwarf"/>
+  </language>
+</language_definitions>

data/languages/Score7.ldefs

@@ -0,0 +1,10 @@
+<opinions>
+    <constraint loader="Executable and Linking Format (ELF)" compilerSpecID="default">
+        <constraint primary="135"  processor="Score7"      endian="little" size="32" />
+    </constraint>
+
+    <!-- Old Sunplus S+core7 backend magic number. Written in the absence of an ABI. -->
+    <constraint loader="Executable and Linking Format (ELF)" compilerSpecID="default">
+        <constraint primary="95"   processor="Score7"      endian="little" size="32" />
+    </constraint>
+</opinions>

data/languages/Score7.opinion

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<processor_spec>
+  <programcounter register="PC"/>
+
+  <default_symbols>
+    <symbol name="reset" address="RAM:9f000000" entry="true" type="code_ptr"/>
+  </default_symbols>
+</processor_spec>

data/languages/Score7.pspec

@@ -0,0 +1,66 @@
+# sleigh include file for S+core7
+
+define alignment=2;
+
+define space RAM      type=ram_space      size=4  default;
+define space register type=register_space size=4;
+
+define register offset=0x000 size=4 [ r0 r1 r2 r3 r4 r5 r6 r7 r8 r9 r10 r11 r12 r13 r14 r15 r16 r17 r18 r19 r20 r21 r22 r23 r24 r25 r26 r27 r28 r29 r30 r31 ];
+define register offset=0x080 size=4 [ cr0 cr1 cr2 cr3 cr4 cr5 cr6 cr7 cr8 cr9 cr10 cr11 cr12 cr13 cr14 cr15 cr16 cr17 cr18 cr19 cr20 cr21 cr22 cr23 cr24 cr25 cr26 cr27 cr28 cr29 cr30 cr31 ];
+define register offset=0x100 size=4 [ PC sr0 sr1 sr2 CEL CEH ];
+define register offset=0x180 size=1 [ V C Z N T ];
+
+
+#------------------------------------------------------------------------------
+# PCODEOP
+#------------------------------------------------------------------------------
+
+define pcodeop score7_syscall;
+define pcodeop score7_trap;
+define pcodeop score7_pflush;
+define pcodeop score7_sleep;
+define pcodeop score7_cache;
+define pcodeop score7_sdbbp;
+define pcodeop score7_ceinst;
+
+
+#------------------------------------------------------------------------------
+# MACROS
+#------------------------------------------------------------------------------
+
+macro setC(value, bit)
+{
+	C = ((value >> bit) & 1) != 0;
+}
+
+macro checkNZ(result)
+{
+	Z = result == 0;
+	N = result s< 0;
+}
+
+macro checkAddCV(op1, op2)
+{
+	C = carry(op1, op2);
+	V = scarry(op1, op2);
+}
+
+macro checkSubCV(op1, op2)
+{
+	C = op1 >= op2;
+	V = sborrow(op1, op2);
+}
+
+macro checkAddCarryCV(op1, op2)
+{
+	local tmp:4 = zext(C);
+	C = carry(op1, op2) || carry(op1 + op2, tmp);
+	V = scarry(op1, op2) || scarry(op1 + op2, tmp);
+}
+
+macro checkSubCarryCV(op1, op2)
+{
+	local tmp:4 = zext(C ^ 1);
+	C = op1 >= op2 && op1 - op2 >= tmp;
+	V = sborrow(op1, op2) || sborrow(op1 - op2, tmp);
+}