yeah, i've back to the wii reverse engineering for writting
a plugin for radare to be able to debug in realtime the
console like if it was a local system.
This night..I sniffed some bits of the communication with usb-gecko
and easily discovered the command and arguments sent via usb. So,
I've decided to clone this protocol using libusb instead of their
proprietary driver.
The current state is 'some things works'. This means that it's able
to freeze and unfreeze the console. It theorically can write memory
and set breakpoints, but it's not tested yet.
The full commands will be something like:
"Usb-Gecko plugin help:\n"
"!load - load game from dvd\n"
"!stop - stops console (freeze)\n"
"!cont - continue console execution\n"
"!regs - (TODO) get cpu register information.\n"
"!bp[rwx] [addr] - (TODO) set breakpoint (or wp) for read, write or exec.\n"
"!shot [file] - (TODO) dump screenshot to bmp file.\n"
$ radare gecko://
Actually the plugin is not compiled by default, and you've to compile it and
added to the plugin.c list, but i'll fix this before the release ;)
The next week i'll center my efforts to be able to complete all the commands and
the read() one too. I've lot of ideas for it, doesnt any of you? :) when i'll
bbe able to read, the disasembly, code analysis, etc.. will work in the same
way.
FMI:
http://radare.nopcode.org/hg/radare?raw-file/8b68c80a38a5/src/plugins/wii/GECKO-PROTOCOL
http://radare.nopcode.org/hg/radare?raw-file/6286561fc40d/src/plugins/wii/MEMORY
Have fun! ;D
--pancake
_______________________________________________
radare mailing list
[email protected]
https://lists.nopcode.org/mailman/listinfo/radare
