I don’t really know why, I’d like to have a place to publish some of my thoughts. This blog should be about all the stuff that I think is interesting, like electronics, science, technology or environment. Some of my posts will be in English and some of them in German, as I’m a German native speaker. So be prepared to get some interesting reading here in the future.
Let’s start with something that I’m currently into, a SPU decompiler. If you never heard about a SPU, you should probably look here and here. It’s one of eight co-processor cores of the Cell/B.E. platform, that is also used in the Sony-PS3 for example. One of the remarkable properties of such a processor core is, that it can be isolated, which means, that all of it’s memory (the 265kb local storage) is only accessible from itself and not longer from the main processor code (the PPU). The program images for such isolated SPUs on the PS3 are encrypted. With the rvk-list exploit, published by fail0verflow at 27c3 (which was actually told to them by mathieulh in the first place), certain SPU binaries could be dumped. Later geohot published the keys used by metldr (it’s the loader that loads isoldr, that loades isolated binaries), so every isolated binary could be decrypted easily.
But there is the problem, that SPU assembly is just pain in the ass to read/reverse engineer if you never looked at it before. So I got the idea to write a decompiler for it, as it is a RISC processor. You can get my current source code for it at the github project page. Currently it disassembles the binary, finds all subroutines and constructs the control flow graph for all of them. The next task is to determine the control structures and register usage of each block.
Thats all for today folks.