eydis
A lightweight (basic and slow) ARM reverse engineering tool.
I. Requierements
II. Usage
usage: eydis [-d] <image>
-w [file] specify a database,
-b [addr] specify the rebase address, # "-b 0x100000000"
-s [offset] start from a specified offset, # "-s 0x30"
-e [offset] end to a specified offset. # "-e 0x200"
By the way, eydis has a built-in shell:
eydis > help
[shell_help]: exit exit safely eydis,
[shell_help]: save save a patched file,
[shell_help]: reload reload the actual disassemblage,
[shell_help]: patch [addr] [hex] patch a certain instruction of the image,
[shell_help]: name [old_name] [new_name] rename an existing subroutine,
[shell_help]: set [start_addr] [end_addr] set new disassembling limits.
Examples
- If you own a database (with the original file corresponding to) with renamed subroutines, you can specify it before running eydis with the
-w
argument:
$ eydis -d original_arm_file.bin -w db_with_renamed_functions
- If you ever need to patch one of the file that you are disassembling, you can use the
patch
command:
The base_addr
will be 0x240000000
here
eydis > patch 0x24000d4b0 0x00008052 (< The patch in hexadecimal, not swapped)
(^ Address where the patch has to be)
I advise to use this website.
- If you ever need to rename a subroutine, you can use the
name
command:
eydis > name sub_2400112C8 _DERImg4Decode (< Its new name)
(^ the actual name of the subroutine)
- Disassembling a whole file may be boring (because waiting for the end can be very long) but you can re-specify (either before running eydis or after with the shell) the disassembling limits, here is an example with the shell:
eydis > set 0x30 0x7c (< Where the disassemblage will ends)
(^ Where the disassemblage will starts)
Then when everything is done, you can use the reload
command to display or save
to save your modified file!
III. The 'TODO' list
> Optimize the most possible the whole program,
> Make a better user experience (using the 'ncurses' library),
> Find the end of the regulars functions (so the prints can ends faster),
> Avoid to re-print the whole image every times that the 'reload' command is called,
> Avoid to use GNU readline (I use it because it is more advanced than a simple stdin read).
(they all are long and hard tasks and I don't even know if I can do everything...)
IV. Notes
-
Eydis was made for learning purpose and is not really meant to be a complete disassembler,
-
If there is any bugs | issues | problems | wishes, please, report it in the
Issues
section!! -
A 32bit support is planned but not for now (however, if it is absolutely necessary I will do my best),
-
This project is still under development so please enjoy at least the time you will spend with it (^v^)