IDA Pro / Disassembler / chipset / where to begin?

[odingalt]

A flurry of questions, since I am not sure where to begin.

Dumping the firmware from the DVD drive seems to be the easy part, step 1.  Once I am sitting here holding a .bin of the DVD firmware, does anyone have any spec sheets or CPU manuals for the DVD drive?  Anyone know what kind of CPU is on the DVD drive?  I am familiar mostly with Motorola and Atmel assembly neumatics.

Where to start?

=================================================Begin fun

This is my old satellite modifiying web-site, please forgive me, I have 40 gigs free bandwidth each month for file storage.  I have found in my experience on the satellite side of testing, that manufacturers will often REMOVE valuable documentation from their web-site at the request of their larger customers.  I encourage you to hoard as much as this information from corporate web-sites as you can while it is available!

I have created a shared repository for CPU documents and such.  Please PM me if you have valuable spec sheets, etc. to add and I will get it added to the repository for everyone to share.  Please let me know if there is a better way to share than this.

http://westcoastmods.com/ShareFile/

*List of current documents in the repository:

Panasonic 32-bit AM3 (MN103 equivalent?) microcomputer brochure: A00013TE04.pdf
Panasonic MN1030/MN103S Series Instruction Manual: 13250-040e.pdf (Submitted by StonerSmurf, link below in this thread)

*List of other valuable repositories:

Panasonic home for many various model MN103 manuals:

https://www.semicon.panasonic.co.jp/cgi-bin/micom/manual/download/dwld_series.cgi?email=general&mode=general&lang=2&type=0

MN103 On-board serial programming manuals!:

https://www.semicon.panasonic.co.jp/e-micom/manual/download/index.html

[twizter]

As far as i know the
Hitachi-LG (HL) has the MN103 CPU

and im not sure about the TS because i haven't seen too much development questions on it.

[odingalt]

Excellent info.  Anyone know exact part numbers of chips on DVD drives we can begin a list?  I can then hoard the appropriate manuals.  For theMN103 for example, there are 10-15 slight variations of that CPU.  I'm not sure which is used in the drive that you are speaking of.

[stonersmurf]

Disassembler module for IDA can be found here http://hitmen.c02.at/html/xbox360_releases.html
and
Data manual for mn103 can be found on the same site here http://hitmen.c02.at/files/docs/xbox360/13250-040e.pdf

[odingalt]

Wow stoner!  That is info like gold.  EXACTLY WHAT I NEEDED!  Thank you very much for sharing.  I am very, very rusty.  Let me give you some of my background.  My deepest experience in these kinds of fields was programming blockers for sat testing cards in assembly.  I also did some very amateur hardware modifications to satellite receivers using XiLinx FPGA's.  I have very limited C and high level programming skills and am very slow when you try to teach me something.  I end up asking many details do forgive me if I come across sounding very stupid.  I have been a power utility engineer for 30 months now and am very rusty in the computer/electronics/assembly area as it is no long my professional field.

I hope this thread can become a knowledge repository for rusty guys like me who stumble upon these forums.  Sometimes it's hard to find that one good manual, piece of software, schematic, etc.!

Keep in touch!

[odingalt]

Now I only hope I can find that old copy of IDA!!  God I hope I saved it!

[stonersmurf]

Now I only hope I can find that old copy of IDA!!  God I hope I saved it!

check out the usual places....

[BlueCop]

thats a pretty specific tracker. you might as well just say thepiratebay or something. lets keep the piracy hints in pm or something. keep the public face of the site be as legal as possible.

[odingalt]

My bad.  Been awhile since I've surfed the web.  *SMACKS FOREHEAD* *TWICE*  It's all coming back to me 

Side bar, if you guys are really into this stuff as a hobby, they have a project on reverse engineering commercial receivers and turning them into FTA (free to air) receivers, more or less.  Same concept - using the ST20 processor and dissassembling the firmware that's stored in a FLASH EEPROM.  Interesting project, definitely for those with beefed up brains and some serious IDA experience.

http://id-discussions.com

[MacDennis]

The information and links above is actually all you need. There's actually not any more stuff about the MN103 CPU, all relevant information has been mentioned. Another good start is to read, read and re-read the original firmware hacking thread and note down all information relevant to your cpu/drive. That's what I did, writing a summary. And in IDA, try to reverse engineer and comments as many routines as possible. I didn't know much about the MN103 cpu and IDA a few months ago, I do know.

[Green]

have some noob questions again... 

Rom startaddress is 0x90000020? First place to press "c"?
Anyway, IDA stops at 0x90000173. Why? DATA?
How are you suppose to know where the code starts again?

I understand you guys don't have the energy to answer

[odingalt]

I am in the same boat.  Not sure what settings to load into IDA  .  How do you know how the flash is hooked up in the DVD to the CPU?  How do you know the starting address, offset, or entry point?  I cannot find the useful portion in the MN103 manual.  Any help?

[MacDennis]

Create RAM section. Start adress: 0x00000000, size: 0x00010000
ROM section. Start address: 0x90000000, size: 0x00040000
Input file, loading address: 0x90000000

Select the 'ROM0:90000000' line. Now select: Edit > Begin selection
Now browse to the 'ROM0:9003FFFF' line, all lines should be selected now.
Press 'c' and force the disassembly.