adubbz / ghidra-switch-loader Goto Github PK

View Code? Open in Web Editor NEW

268.0 268.0 37.0 330 KB

Nintendo Switch loader for Ghidra

License: ISC License

Java 100.00%

aarch64 arm64 ghidra java nintendo nintendo-switch nx reverse-engineering switch

ghidra-switch-loader's People

Contributors

Stargazers

Watchers

Forkers

l9sk tek9x diffblue-benchmarks heruix resonancellc paulloeduardo riperiperi hubrisnxs makigumo gyyfifafans elisezerotwo h4mst3r3n3rgyball cybershard encounter h0neybadger useful-stuff interstellerm0nkey hookedbehemoth lsp199308 wowjinxy jam1garner pokesword jermafenser ixaruz pantsman0 f-raz0r xluma nekohaku tsrberry huichelaar ryzendew kittenchilly celestialamber stevensnd lincoln-lm illusion0001 gonzalooo rootcubed

ghidra-switch-loader's Issues

About the usage

Set GHIDRA_INSTALL_DIR to your Ghidra install directory. This can be done by:
1.Adding it to your path
2.Running export GHIDRA_INSTALL_DIR=.
Using -PGHIDRA_INSTALL_DIR= when running ./gradlew.
3.Run ./gradlew
4.You'll find the output zip file inside /dist
can you explain these and upload some images, thank you.

Issue exporting modified exefs main files

Before I go any further, it is worth point out that I am new to both Ghidra and the Switch Loader extension. This might be something wrong with what I am doing and not an issue with the extension itself.

I am having a problem with getting an exefs main file from exporting. When I go to export program in the CodeBrowser, I can export several different file types. I assume I want a binary file to be exported but that gives me a .bin file that is around twice as big as the original exefs main file. What should I be doing for exporting?

Gradle error when trying to build

I have cloned this repository and I have tried to follow the build instructions in the readme.

When running ./gradlew, I am given the following error:

A problem was found with the configuration of task ':indexHelp' (type 'JavaExec').
  - Type 'org.gradle.api.tasks.JavaExec' property '$1' specifies directory '[redacted]/Ghidra-Switch-Loader/src/main/help/help' which doesn't exist.

I am running Linux with OpenJDK version 17.0.7.

Ghidra 10.4 prebuilt release

SwitchLoader-1.4.0-3caff8c-Ghidra_10.4.zip

Provide support for importing IPC names from the wiki

This will probably involve some sort of Python script to export them into a json file from the wiki. Requiring an internet connection to use the loader is highly undesirable.

Unable to load Mariko 16.1.0 kernel (secure_monitor.bin)

The file begins with the sequence 0xDF 0x4F 0x03 0xD5, but Raw Binary is the only option available.
I've modified this line because it wasn't working. else if (java.util.Arrays.equals(reader.readByteArray(0, 4), new byte[]{(byte) 0xDF, (byte) 0x4F, (byte) 0x03, (byte) 0xD5}))
But now I'm getting this error:

2023-12-10	18:08:44	ERROR	(LoaderService) Unexpected Loader exception from Nintendo Switch Binary java.lang.RuntimeException: Failed to find map offset
			at adubbz.nx.loader.knx.KNXAdapter.read(KNXAdapter.java:62)
			at adubbz.nx.loader.knx.KNXAdapter.<init>(KNXAdapter.java:36)
			at adubbz.nx.loader.SwitchLoader$BinaryType.createAdapter(SwitchLoader.java:211)
			at adubbz.nx.loader.SwitchLoader.findSupportedLoadSpecs(SwitchLoader.java:89)
			at ghidra.app.util.opinion.LoaderService.getSupportedLoadSpecs(LoaderService.java:47)
			at ghidra.app.util.opinion.LoaderService.getAllSupportedLoadSpecs(LoaderService.java:71)
			at ghidra.plugin.importer.ImporterUtilities.importSingleFile(ImporterUtilities.java:286)
			at ghidra.plugin.importer.ImporterUtilities.showImportDialog(ImporterUtilities.java:154)
			at ghidra.plugin.importer.ImporterUtilities.lambda$showImportDialog$0(ImporterUtilities.java:106)
			at ghidra.util.task.TaskLauncher$2.run(TaskLauncher.java:117)
			at ghidra.util.task.Task.monitoredRun(Task.java:134)
			at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
			at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
			at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
			at java.base/java.lang.Thread.run(Thread.java:1583)

I've found this secmon loader but its only for IDA Pro https://github.com/SciresM/nx_secmon_ida_loader/blob/master/nx_secmon.py

Thanks.

Convert IPC locating/emulation to an analysis option

As per title.

Add automatic vtable/ipc func detection

As per title. Would be based on https://github.com/hthh/switch-reversing/

Make relocations show up in the "Relocation Table" window

Currently relocations are performed correctly, but they don't show up in the "Relocation Table" window. In IDA no such Window exists.

Mark PLT Functions as Thunks

When PLT entries are processed, symbols are created for each entry, and usually analysis automatically determines these to be functions, but it does not mark them as thunks to their actual implementations. Marking thunk functions improves navigation and makes it easier to (ab)use version tracking to apply sdk markup to sysmodules, since otherwise it can get confused by the sdk's use of dynamic binding compared to the sysmodule's use of static binding (implied matches fail, and the name-based correlators produce multiple matches).

Ghidra-Switch-Loader/src/main/java/adubbz/nx/loader/common/NXProgramBuilder.java

Lines 377 to 389 in a9dc0f2

    
           for (PltEntry entry : this.pltEntries) 
        
           { 
        
               if (gotNameLookup.containsKey(entry.target)) 
        
               { 
        
                   long addr = this.nxo.getBaseAddress() + entry.off; 
        
                   String name = gotNameLookup.get(entry.target); 
        
                   // TODO: Mark as func 
        
                   if (name != null && !name.isEmpty()) 
        
                   { 
        
                       this.createSymbol(this.aSpace.getAddress(addr), name, false, false, null); 
        
                   } 
        
               } 
        
           }

Analysis Task: Shared Return Calls - Index 0 out of bounds for lenght 0

Since I update to Ghidra 11 I'm having this problem (which is really annoying) and I don't know what it is due to....

Screenshot

Screenshot 2

Is it my problem, SwitchLoader's problem? Could you take a look at it?.

Thanks.

error: cannot find symbol getMsgCount() on ghidra 9.2.2

Hello,
I'm having the following error during the build of the Ghidra-Switch-Loader:

bash ./gradlew -PGHIDRA_INSTALL_DIR=/var/home/h0neybadger/Documents/switch/ghidra/ghidra_9.2.2_PUBLIC                      
Starting a Gradle Daemon (subsequent builds will be faster)                                                                                                             
                                                                                                                                                                        
> Task :compileJava                                                                                                                                                     
/var/home/h0neybadger/Documents/switch/ghidra/Ghidra-Switch-Loader/src/main/java/adubbz/nx/loader/common/MemoryBlockHelper.java:127: error: cannot find symbol          
        if (this.log.getMsgCount() > 0)                                                                                                                                 
                    ^                                                                                                                                                   
  symbol:   method getMsgCount()                                                                                                                                        
  location: variable log of type MessageLog                                                                                                                             
Note: /var/home/h0neybadger/Documents/switch/ghidra/Ghidra-Switch-Loader/src/main/java/adubbz/nx/analyzer/ipc/IPCEmulator.java uses or overrides a deprecated API.      
Note: Recompile with -Xlint:deprecation for details.                                                                                                                    
Note: /var/home/h0neybadger/Documents/switch/ghidra/Ghidra-Switch-Loader/src/main/java/adubbz/nx/analyzer/IPCAnalyzer.java uses unchecked or unsafe operations.         
Note: Recompile with -Xlint:unchecked for details.                                                                                                                      
1 error                                                                                                                                                                 
                                                                                                                                                                        
> Task :compileJava FAILED                                                                                                                                              
                                                                                                                                                                        
FAILURE: Build failed with an exception.                                                                                                                                
                                                                                                                                                                        
* What went wrong:                                                                                                                                                      
Execution failed for task ':compileJava'.                                                                                                                               
> Compilation failed; see the compiler error output for details.                                                                                                        
                                                                                                                                                                        
* Try:                                                                                                                                                                  
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.                    
                                                                                                                                                                        
* Get more help at https://help.gradle.org                                                                                                                              
                                                                                                                                                                        
BUILD FAILED in 44s

After a quick investigation, I replaced the this.log.getMsgCount() > 0 condition by this.log.hasMessages()

diff --git a/src/main/java/adubbz/nx/loader/common/MemoryBlockHelper.java b/src/main/java/adubbz/nx/loader/common/MemoryBlockHelper.java
index b51e29c..c0b34b1 100644
--- a/src/main/java/adubbz/nx/loader/common/MemoryBlockHelper.java
+++ b/src/main/java/adubbz/nx/loader/common/MemoryBlockHelper.java
@@ -124,7 +124,7 @@ public class MemoryBlockHelper
     
     public void flushLog()
     {
-        if (this.log.getMsgCount() > 0)
+        if (this.log.hasMessages())
         {
             Msg.info(this, this.log.toString());
             this.log.clear();

But I'm not sure if my setup is correct
https://github.com/NationalSecurityAgency/ghidra/blob/cbe83dcd7853dc09e7c05113a4cf9a5fb0fb1fad/Ghidra/Framework/Generic/src/main/java/ghidra/app/util/importer/MessageLog.java#L115

Let me know if I can help.

Upgrade for latest 9.1

Latest build isn't working on latest Ghidra release (October 2019 - sha 29d130dfe85da6ec45dfbf68a344506a8fdcc7cfe7f64a3e7ffb210052d1875e)

New version of Ghidra is incompatible with extension

After updating Ghidra, I get the error when loading the extension

Extension version for [SwitchLoader-1.4.0-67551bf-Ghidra_10.0.4.zip] is incompatible with Ghidra.

Build Date: 2021-Dec-22 0027 CET
Ghidra Version: 10.1.1
Java Home: /usr/lib/jvm/java-17-openjdk
JVM Version: N/A 17.0.1
OS: Linux 5.15.11-arch2-1 amd64

It does lack a lot of information, but this did work with previous versions

about the install

Upgrade for 9.2.2

The latest build is not working on Ghidra 9.2.2:

"Unexpected Loader exception from Nintendo Switch Binary" when importing a specific binary

when importing the main executable from The Binding of Isaac: Afterbirth+, I get this error in the logs:

This happens on both the updated and base versions.

I am using the latest build of the plugin with the latest version of Ghidra

How to recognize NXO file?

I see you have NXO support, but how do I use it?

I tried renaming 0x00 to KIP1,NSO0 etc. for fun. Obviously didn't work :)

Thanks :)

Standardise to use memory addresses

There's a lot of going back and forth between addresses and absolute offsets, and absolute offsets and relative offsets. Really this should all be standardized so everything uses absolute addresses.

latest update's naming scheme not compatible with AUR

when compiling the package, I get this error:

pkgver is not allowed to contain colons, forward slashes, hyphens or whitespace
pkgver() generated an invalid version: refs/heads/master.r0.g67551bf

not entirely sure if you maintain/care about the AUR, but may be something to look at

Throws error when importing BOTW or Celeste

Whenever I try to import the main NSO file of BOTW or Celeste dumped from my Switch, Ghidra throws an error. I've made sure that I have the lastest version of the JRE and JDK. I'm using Ghidra 9.1, with the extension for that version. Here's the error it gives:

java.lang.RuntimeException: java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer
	at generic.continues.ContinuesFactory.create(ContinuesFactory.java:61)
	at ghidra.app.util.bin.format.macho.MachHeader.createMachHeader(MachHeader.java:73)
	at ghidra.app.util.bin.format.macho.MachHeader.createMachHeader(MachHeader.java:61)
	at ghidra.app.util.opinion.MachoPrelinkUtils.parsePrelinkXml(MachoPrelinkUtils.java:56)
	at ghidra.file.formats.ios.prelink.PrelinkFileSystem.isValid(PrelinkFileSystem.java:79)
	at ghidra.formats.gfilesystem.factory.GFileSystemBaseFactory.probe(GFileSystemBaseFactory.java:66)
	at ghidra.formats.gfilesystem.factory.FileSystemFactoryMgr.test(FileSystemFactoryMgr.java:233)
	at ghidra.formats.gfilesystem.FileSystemService.isFileFilesystemContainer(FileSystemService.java:553)
	at ghidra.plugin.importer.ImporterUtilities.showImportDialog(ImporterUtilities.java:172)
	at ghidra.plugin.importer.ImporterUtilities.lambda$showImportDialog$0(ImporterUtilities.java:138)
	at ghidra.util.task.TaskLauncher$2.run(TaskLauncher.java:119)
	at ghidra.util.task.Task.monitoredRun(Task.java:126)
	at ghidra.util.task.TaskRunner.lambda$startTaskThread$1(TaskRunner.java:94)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
	at java.base/java.lang.Thread.run(Thread.java:831)
Caused by: java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer
	at generic.continues.ContinuesFactory.create(ContinuesFactory.java:45)
	... 15 more

---------------------------------------------------
Build Date: 2019-Oct-23 1737 EDT
Ghidra Version: 9.1
Java Home: C:\Program Files\Java\jdk-16.0.1
JVM Version: Oracle Corporation 16.0.1
OS: Windows 10 10.0 amd64
Workstation: 192.168.1.215

Is there a prebuilt release for 10.3.2?

Issue when installing

Hi, I have this issue when installing the extension

Extension version for [SwitchLoader-1.4.0-19ca180-Ghidra_10.2.2.zip] is incompatible with Ghidra.

Build Date: 2023-May-10 1508 EDT
Ghidra Version: 10.3
Java Home: C:\Program Files\Eclipse Adoptium\jdk-17.0.7.7-hotspot
JVM Version: Eclipse Adoptium 17.0.7
OS: Windows 11 10.0 amd64
Workstation: PC_DE_CHARLI

NSO header missing from tree/listing

I just noticed that when loading an NSO/exefs the loader deletes everything before the "MOD0" magik. That means the NSO header.

Is this a desired behavior?
I find this strange. I haven't seen this behavior on other binary formats.

If this is desired. Can I have a little explanation as to why it has to be done this way?

I would have loved to not create an issue about it but discussion is closed.

Crashing in Ghidra 9.1.1

It's not compatible with Ghidra 9.1.1

Import File - Uncaught Exception: java.lang.NoClassDefFoundError: ghidra/app/util/importer/MemoryConflictHandler
java.lang.NoClassDefFoundError: ghidra/app/util/importer/MemoryConflictHandler
at adubbz.nx.loader.SwitchLoader.loadProgram(SwitchLoader.java:109)
at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:112)
at ghidra.plugin.importer.ImporterUtilities.importSingleFile(ImporterUtilities.java:401)
at ghidra.plugin.importer.ImporterDialog.lambda$okCallback$7(ImporterDialog.java:351)
at ghidra.util.task.TaskLauncher$1.run(TaskLauncher.java:90)
at ghidra.util.task.Task.monitoredRun(Task.java:126)
at ghidra.util.task.TaskRunner.lambda$startTaskThread$1(TaskRunner.java:94)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)

Build Date: 2019-Dec-18 1306 EST
Ghidra Version: 9.1.1
Java Home: C:\Program Files\Java\jdk-11.0.4
JVM Version: Oracle Corporation 11.0.4
OS: Windows 10 10.0 amd64

Tested on Dragon's Dogma 1.0.1 main and Dark Souls 1.0.0 main

Switch Loader 1.5.0 for Ghidra 10.1.5

Here you can find Switch Loader 1.5.0 for Ghidra 10.1.5.

SwitchLoader-1.4.0-f9f52f7-Ghidra_10.1.5.zip
(Yes it says 1.4.0 but its because of an unmodified value)

NSO Loader: Index 0 out of bounds for length 0

Index 0 out of bounds for length 0
java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0
	at java.base/jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
	at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Preconditions.java:70)
	at java.base/jdk.internal.util.Preconditions.checkIndex(Preconditions.java:266)
	at java.base/java.util.Objects.checkIndex(Objects.java:361)
	at java.base/java.util.ArrayList.get(ArrayList.java:427)
	at adubbz.nx.loader.common.NXProgramBuilder.setupRelocations(NXProgramBuilder.java:270)
	at adubbz.nx.loader.common.NXProgramBuilder.load(NXProgramBuilder.java:117)
	at adubbz.nx.loader.SwitchLoader.loadProgramInto(SwitchLoader.java:164)
	at ghidra.app.util.opinion.AbstractProgramLoader.loadInto(AbstractProgramLoader.java:171)
	at adubbz.nx.loader.SwitchLoader.loadProgram(SwitchLoader.java:117)
	at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:132)
	at ghidra.plugin.importer.ImporterUtilities.importSingleFile(ImporterUtilities.java:388)
	at ghidra.plugin.importer.ImporterDialog.lambda$okCallback$7(ImporterDialog.java:347)
	at ghidra.util.task.TaskBuilder$TaskBuilderTask.run(TaskBuilder.java:306)
	at ghidra.util.task.Task.monitoredRun(Task.java:134)
	at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)

---------------------------------------------------
Build Date: 2023-Apr-05 1559 BST
Ghidra Version: 10.3
Java Home: /usr/lib/jvm/java-17-openjdk
JVM Version: N/A 17.0.7
OS: Linux 6.3.0-asahi-8-1-edge-ARCH aarch64

Sorry for the vagueness, I'm down a rabbithole rn so I'll circle back and provide more details later

NRO import failed

So when i want to import my NRO i get this error
application.zip

`Error importing file: application.nro
java.lang.NullPointerException
at adubbz.switchloader.common.NXProgramBuilder.load(NXProgramBuilder.java:148)
at adubbz.switchloader.nro0.NRO0ProgramBuilder.loadNRO0(NRO0ProgramBuilder.java:26)
at adubbz.switchloader.SwitchLoader.loadProgramInto(SwitchLoader.java:139)
at ghidra.app.util.opinion.AbstractProgramLoader.loadInto(AbstractProgramLoader.java:172)
at adubbz.switchloader.SwitchLoader.loadProgram(SwitchLoader.java:100)
at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:114)
at ghidra.plugin.importer.ImporterUtilities.doSingleImport(ImporterUtilities.java:360)
at ghidra.plugin.importer.ImporterDialog.lambda$okCallback$6(ImporterDialog.java:363)
at ghidra.util.task.TaskLauncher$1.run(TaskLauncher.java:93)
at ghidra.util.task.Task.monitoredRun(Task.java:128)
at ghidra.util.task.TaskLauncher.lambda$startBackgroundThread$2(TaskLauncher.java:315)
at java.base/java.lang.Thread.run(Thread.java:834)

Build Date: 2019-Apr-03 1342 EDT
Ghidra Version: 9.0.2
Java Home: /usr/lib/jvm/java-11-openjdk-amd64
JVM Version: Ubuntu 11.0.3
OS: Ubuntu 19.04 Kernel Linux 5.0.0-050000-generic amd64
Workstation: igamblenull-laptop`

Here is my NRO.
application.zip

Add support for kernel loading

As per title

Error When Installing

When I install the extension, it says “extension not compatible”. I’m using Java 17, could this be the problem? Do I have to use 11?

Add support for exporting working patched binaries

As per title. I believe by default, exporting just gives you all of the memory blocks in order, not a working binary (which is what we want).

New release for Ghidra 9.2.2?

You just updated Ghidra to support 9.2.2, but the latest release is back from April still. Could you put out a new release for those of us who don't want to/can't build a Java project?

Error when trying to install

Whenever I try to run the "./gradlew" command, it returns with an error about the module or command not being found. I might just be dumb, but could you please help me with this?

Base Addresses

I've been using this project for a couple months now and I haven't been able to figure out where the base address for nso files comes from. Why was 0x7100000000 chosen?

Add support for libnx's new GOT MOD0 extension

As per title. nxo64.py had support added in a commit today.

32-bit NSOs fail to import properly

I am using Ghidra to analyze the main.nso file for Mario Kart 8 Deluxe, which uses the 32-bit ARM instruction set. I can import it fine as a Raw Binary, but not everything is interpreted correctly. I installed this loader to see if it produced a better output.

When I select the NSO file, the loader indeed recognizes it as a Nintendo Switch Binary. However, after changing the language to ARM:LE:32:v8:default and importing the file, I get a 0 byte result, and the Listing view for my main.nso is completely blank. This happens for both the decompressed and compressed versions of the file.

Proper compatibility for Mario Kart's NSO (as well as the other few games with 32-bit executables) with this loader would be much appreciated!

Update to Ghidra 11.0

I can't update to Ghidra 11.0

I'm having issues with Gradle.

Could you fix it?.

	for (PltEntry entry : this.pltEntries)
	{
	if (gotNameLookup.containsKey(entry.target))
	{
	long addr = this.nxo.getBaseAddress() + entry.off;
	String name = gotNameLookup.get(entry.target);
	// TODO: Mark as func
	if (name != null && !name.isEmpty())
	{
	this.createSymbol(this.aSpace.getAddress(addr), name, false, false, null);
	}
	}
	}