trying to figure out how to use your tools

For android: my assumption is the mdt + bxx files need to be merged into a single file which would be the hexagon elf - is this incorrect? Are you assuming the user does the before running your toolset?

Continuing the development of #4, with the CFG and CG created for the factorial_example.elf, the next step would be to execute REIL code between two functions (arbitrarily chosen for now), that would include the execution path between the first function (e.g., main) and all the calls that happen until the second function (e.g., malloc) is reached. No specific execution environment (i.e., register or memory values) is neither set nor looked for.

@cnheitman What would be the BARF API/code for that? (there is some commented code in the current example that go towards that direction)

When loading an elf that has strings - such as the QSR_STRING section. The ASCII strings are not properly detected - and do not appear to show up as ASCII when trying to select as string. Not sure the cause...

As mentioned in issue #1, the data references feature in the IDA proc. module is causing IDA to misbehave, so it is disabled by default, which causes many data elements (like strings) not to be correctly identified by IDA.

The translation for the Hexagon architecture is being developed in the reil branch in order to use BARF's REIL analysis tools. As first example of this use, the factorial_example.elf binary of this repository is being analyzed, in order to find all possible execution paths to a chosen function (e.g., malloc) with a particular execution environment (e.g., a specific value as its argument).

This example has as a final application the check of the reachability of CVE-2016-5080 in modem binaries, but it is also useful as a test case to add Hexagon architecture support dynamically to BARF.

Modifications to the BARF source code are being done in a forked repository, and will later be merged to the original project.