bin source to human readable convert

Go To Last Post
24 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello everybody,

i have .bin source extracted from mcu and i want to know how can i see it in human readable form for i can edit ?

 

binary sample :

FA CF 00 00 B8 DD AA B8 DE F0 00 FF ;

 

thanks

 

This topic has a solution.
Last Edited: Sat. Sep 7, 2019 - 10:28 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The tool you require is called a "Disassembler".

 

However, that will just get you back to assembler mnemonics - you won't get any symbolic information (function & variable names, etc).

 

And you certainly won't get back to the original 'C' source code!

 

But why are you trying to do this?

 

You're not trying to steal someone else's code, are you ... ?

 

 

Top Tips:

  1. How to properly post source code - see: https://www.avrfreaks.net/comment... - also how to properly include images/pictures
  2. "Garbage" characters on a serial terminal are (almost?) invariably due to wrong baud rate - see: https://learn.sparkfun.com/tutorials/serial-communication
  3. Wrong baud rate is usually due to not running at the speed you thought; check by blinking a LED to see if you get the speed you expected
  4. Difference between a crystal, and a crystal oscillatorhttps://www.avrfreaks.net/comment...
  5. When your question is resolved, mark the solution: https://www.avrfreaks.net/comment...
  6. Beginner's "Getting Started" tips: https://www.avrfreaks.net/comment...
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

awneil wrote:
You're not trying to steal someone else's code, are you ... ?

Now what would give you that impression? (Said with dripping sarcasm of course)

Jim

I would rather attempt something great and fail, than attempt nothing and succeed - Fortune Cookie

 

"The critical shortage here is not stuff, but time." - Johan Ekdahl

 

"Step N is required before you can do step N+1!" - ka7ehk

 

"If you want a career with a known path - become an undertaker. Dead people don't sue!" - Kartman

"Why is there a "Highway to Hell" and only a "Stairway to Heaven"? A prediction of the expected traffic load?"  - Lee "theusch"

 

Speak sweetly. It makes your words easier to digest when at a later date you have to eat them ;-)  - Source Unknown

Please Read: Code-of-Conduct

Atmel Studio6.2/AS7, DipTrace, Quartus, MPLAB, RSLogix user

This reply has been marked as the solution. 
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Just to give you and idea about how hard your job is here. If I write some fairly easy to read, sensible looking code like:

#include <avr/io.h>

int main() {
	static uint8_t count = 0;
	
	DDRB = 0xFC;
	while(1) {
		PORTB = count++;
	}
}

It generates the following binary:

:100000000C9434000C9446000C9446000C9446006A
:100010000C9446000C9446000C9446000C94460048
:100020000C9446000C9446000C9446000C94460038
:100030000C9446000C9446000C9446000C94460028
:100040000C9446000C9446000C9446000C94460018
:100050000C9446000C9446000C9446000C94460008
:100060000C9446000C94460011241FBECFEFD8E03C
:10007000DEBFCDBF21E0A0E0B1E001C01D92A13004
:10008000B207E1F70E9448000C9452000C94000063
:100090008CEF84B98091000191E0980F909300015A
:0800A00085B9F8CFF894FFCFF9
:00000001FF

Now, if I didn't have that source, but only had this binary the best I could hope to do is:

D:\test\test\Debug>avr-objdump -b binary -m avr5 -j .data -d test.bin

test.bin:     file format binary


Disassembly of section .data:

00000000 <.data>:
   0:   0c 94 34 00     jmp     0x68    ;  0x68
   4:   0c 94 46 00     jmp     0x8c    ;  0x8c
   8:   0c 94 46 00     jmp     0x8c    ;  0x8c
   c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  10:   0c 94 46 00     jmp     0x8c    ;  0x8c
  14:   0c 94 46 00     jmp     0x8c    ;  0x8c
  18:   0c 94 46 00     jmp     0x8c    ;  0x8c
  1c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  20:   0c 94 46 00     jmp     0x8c    ;  0x8c
  24:   0c 94 46 00     jmp     0x8c    ;  0x8c
  28:   0c 94 46 00     jmp     0x8c    ;  0x8c
  2c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  30:   0c 94 46 00     jmp     0x8c    ;  0x8c
  34:   0c 94 46 00     jmp     0x8c    ;  0x8c
  38:   0c 94 46 00     jmp     0x8c    ;  0x8c
  3c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  40:   0c 94 46 00     jmp     0x8c    ;  0x8c
  44:   0c 94 46 00     jmp     0x8c    ;  0x8c
  48:   0c 94 46 00     jmp     0x8c    ;  0x8c
  4c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  50:   0c 94 46 00     jmp     0x8c    ;  0x8c
  54:   0c 94 46 00     jmp     0x8c    ;  0x8c
  58:   0c 94 46 00     jmp     0x8c    ;  0x8c
  5c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  60:   0c 94 46 00     jmp     0x8c    ;  0x8c
  64:   0c 94 46 00     jmp     0x8c    ;  0x8c
  68:   11 24           eor     r1, r1
  6a:   1f be           out     0x3f, r1        ; 63
  6c:   cf ef           ldi     r28, 0xFF       ; 255
  6e:   d8 e0           ldi     r29, 0x08       ; 8
  70:   de bf           out     0x3e, r29       ; 62
  72:   cd bf           out     0x3d, r28       ; 61
  74:   21 e0           ldi     r18, 0x01       ; 1
  76:   a0 e0           ldi     r26, 0x00       ; 0
  78:   b1 e0           ldi     r27, 0x01       ; 1
  7a:   01 c0           rjmp    .+2             ;  0x7e
  7c:   1d 92           st      X+, r1
  7e:   a1 30           cpi     r26, 0x01       ; 1
  80:   b2 07           cpc     r27, r18
  82:   e1 f7           brne    .-8             ;  0x7c
  84:   0e 94 48 00     call    0x90    ;  0x90
  88:   0c 94 52 00     jmp     0xa4    ;  0xa4
  8c:   0c 94 00 00     jmp     0       ;  0x0
  90:   8c ef           ldi     r24, 0xFC       ; 252
  92:   84 b9           out     0x04, r24       ; 4
  94:   80 91 00 01     lds     r24, 0x0100
  98:   91 e0           ldi     r25, 0x01       ; 1
  9a:   98 0f           add     r25, r24
  9c:   90 93 00 01     sts     0x0100, r25
  a0:   85 b9           out     0x05, r24       ; 5
  a2:   f8 cf           rjmp    .-16            ;  0x94
  a4:   f8 94           cli
  a6:   ff cf           rjmp    .-2             ;  0xa6

So I guess it's how easily you think you can convert that unlabelled Asm code back to source? Now I happen to know that in most C programs this bit:

   0:   0c 94 34 00     jmp     0x68    ;  0x68
   4:   0c 94 46 00     jmp     0x8c    ;  0x8c
   8:   0c 94 46 00     jmp     0x8c    ;  0x8c
   c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  10:   0c 94 46 00     jmp     0x8c    ;  0x8c
  14:   0c 94 46 00     jmp     0x8c    ;  0x8c
  18:   0c 94 46 00     jmp     0x8c    ;  0x8c
  1c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  20:   0c 94 46 00     jmp     0x8c    ;  0x8c
  24:   0c 94 46 00     jmp     0x8c    ;  0x8c
  28:   0c 94 46 00     jmp     0x8c    ;  0x8c
  2c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  30:   0c 94 46 00     jmp     0x8c    ;  0x8c
  34:   0c 94 46 00     jmp     0x8c    ;  0x8c
  38:   0c 94 46 00     jmp     0x8c    ;  0x8c
  3c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  40:   0c 94 46 00     jmp     0x8c    ;  0x8c
  44:   0c 94 46 00     jmp     0x8c    ;  0x8c
  48:   0c 94 46 00     jmp     0x8c    ;  0x8c
  4c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  50:   0c 94 46 00     jmp     0x8c    ;  0x8c
  54:   0c 94 46 00     jmp     0x8c    ;  0x8c
  58:   0c 94 46 00     jmp     0x8c    ;  0x8c
  5c:   0c 94 46 00     jmp     0x8c    ;  0x8c
  60:   0c 94 46 00     jmp     0x8c    ;  0x8c
  64:   0c 94 46 00     jmp     0x8c    ;  0x8c

are the reset and interrupt vectors. And this bit:

  68:   11 24           eor     r1, r1
  6a:   1f be           out     0x3f, r1        ; 63
  6c:   cf ef           ldi     r28, 0xFF       ; 255
  6e:   d8 e0           ldi     r29, 0x08       ; 8
  70:   de bf           out     0x3e, r29       ; 62
  72:   cd bf           out     0x3d, r28       ; 61
  74:   21 e0           ldi     r18, 0x01       ; 1
  76:   a0 e0           ldi     r26, 0x00       ; 0
  78:   b1 e0           ldi     r27, 0x01       ; 1
  7a:   01 c0           rjmp    .+2             ;  0x7e
  7c:   1d 92           st      X+, r1
  7e:   a1 30           cpi     r26, 0x01       ; 1
  80:   b2 07           cpc     r27, r18
  82:   e1 f7           brne    .-8             ;  0x7c
  84:   0e 94 48 00     call    0x90    ;  0x90
  88:   0c 94 52 00     jmp     0xa4    ;  0xa4
  8c:   0c 94 00 00     jmp     0       ;  0x0

  a4:   f8 94           cli
  a6:   ff cf           rjmp    .-2             ;  0xa6

is known as the "C  Run Time" and is what allows the C code I wrote to be run. So the actual code I wrote:

	DDRB = 0xFC;
	while(1) {
		PORTB = count++;
	}

is really just:

  90:   8c ef           ldi     r24, 0xFC       ; 252
  92:   84 b9           out     0x04, r24       ; 4
  94:   80 91 00 01     lds     r24, 0x0100
  98:   91 e0           ldi     r25, 0x01       ; 1
  9a:   98 0f           add     r25, r24
  9c:   90 93 00 01     sts     0x0100, r25
  a0:   85 b9           out     0x05, r24       ; 5
  a2:   f8 cf           rjmp    .-16            ;  0x94

but do you really think you can get back to that clear C from those opcodes? I mean sure:

  90:   8c ef           ldi     r24, 0xFC       ; 252
  92:   84 b9           out     0x04, r24       ; 4

is writing 0xFC to IO address 0x04 and if I look up 0x04 in the datasheet I can find that this is the DDRB register address so now I worked out that those two opcodes are doing:

	DDRB = 0xFC;

but on anything but the most trivial of C programs (and this was) then doing this reverse engineering will likely take more time than it would take to write a program that created the same result from scratch.

 

Note also that when C has been used things get even worse when functions start to be called and local variables are used - because then you'll find a lot of apparently pointless stuff going on with things being moved into the right register (R25:R24 then R23:R22 etc) and then a load of movement with R29:R28 and the stack pointer as the C compiler (I'm thinking of avr-gcc particularly) creates variables on a "stack frame" then uses Y (29:28) to index into it.

 

Bottom line: what you are asking is an almost impossible task.

 

(which is good as it can stop people stealing other's code).

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

So better start developing your own code and dont st.... ;-)

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Just playing devil's advocate but there might be a legitimate reason why he only has access to the binary ("the dog ate my source file" or something?) so I wouldn't necessarily jump to conclusions.

 

Having said that I did too ;-)

clawson wrote:
(which is good as it can stop people stealing other's code).

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

LOL

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Any number of reasons this might be needed. Example: original coder went away and we cannot find the source. Been there, seen that.

 

That said, there are also lots of reasons why this could be very suspicious. 

 

'Tis worth at least being cautious!

 

Jim

Jim Wagner Oregon Research Electronics, Consulting Div. Tangent, OR, USA http://www.orelectronics.net

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello,

first,thank you for your reply;

Why ask me immediatly i stole the code of sombody else ? I asked , hey guys how can i reverse protected code ? no

So if you find into your cellar an old chinese tool who you remember its was funny tool,you open it,you read the mcu (unprotected) and now for hobby you start to think to new idea for updrade this tool with rewriting part of code to be better and up to date ? is it stole somthing ? i dont think. the tool factory doesnt exist anymore , where to find the devolopper who worked for that chinese factory to ask him ,hey hello guy can you send me your code from 10usd tool you develop in 1990 ? i dont even know if that guy is alive.....

Guys , when someone want his source doesnt read by other , first at all he protect it ,lock bits ; ect....

This is many many reason for somone cannot have the original source code in C.....stop to immediatly think someone who doesnt have original source is a thief...its like to be paranoid !

Also im newbies / beginer , i learn most alone with reading and looking tuto and i open everything is on my hand and i read it .....why ? becasue i like to do it and beacasue i learn.

i think this week i reading almost 10 mcu so im a thief ?

anyway thank you for your answer. have a nice day

Last Edited: Fri. Sep 6, 2019 - 12:21 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

@ka7ehk

Here is a responce full of maturity.thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Just becasue im beginer and im not capable to do it . i cannot not writting mine but i can edit / upgrade this one . and its for me for my hobby not for commercial.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

@clawson

thanks for your wonderfull and complete reply.Now i understand better and first at all i understand that is not an easy task as i thinked.Its not like an automatic convertion with a sofware.I understand that is too hard for my level of knowledge.But im happy becasue i learn somthing today.So result in my project is can only "clone" (write his binary machine code into a blank mcu) the same tool but i cannot edit it to add new fonction and make it up to date.

Even sombody with hight knowledge on compiling cannot really get the c as original?

regards,

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

krilin wrote:
is it stole somthing ?

Well, yes.  At least in general.  If you want to re-purpose that device you found in the basement, then write code for it.

 

If you want to reverse-engineer, then go for it.  No one says what you can or cannot do in the privacy of your own bedroom.  You could indeed allay our assumptions by telling us what device this is -- e.g. paintball gun; satellite TV controller; ... 

 

You can use a clean-room approach, ironically called a Chinese Wall.

 

So, after told how to disassemble, what have you gotten so far?

 

=========

 

This has all been gone through before.  Start here:  https://www.avrfreaks.net/forum/... which leads to https://www.avrfreaks.net/forum/...

And then change your username to Johnny5...

theusch wrote:

theusch wrote:

Quote:

Sorry to say, compiling is pretty much a one-way process.

No disassemble! (Johnny 5, Short Circuit) http://www.imdb.com/title/tt0091...Quote:

Stephanie Speck: [they're heading for the cliff] Oh, no - Jeez! Number Five, we're gonna be killed!

 

Number 5: Disassemble?

Stephanie Speck: Yes, disassemble ALL OVER THE PLACE! ...

Number 5: No disassemble Number Five!

 

 

 

 

 

You can put lipstick on a pig, but it is still a pig.

I've never met a pig I didn't like, as long as you have some salt and pepper.

Last Edited: Fri. Sep 6, 2019 - 12:25 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

krilin wrote:
Even sombody with hight knowledge on compiling cannot really get the c as original?
It's unlikely you will ever recreate C. What you might be able to work out is the general algorithmic approach used in the code and then use this to rewrite the code.

 

For example in my code in #4 you could probably work out that there was a one time write DDRB and then a repeated write to PORTB. So that  is the "algorithm". Now, starting from scratch you could sit down and write a whole new program that did a one time write to DDRB and then repeatedly wrote to PORTB. But it's unlikely you could actually recover anything like C code just from the binary alone.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thanks for making things clear. So, our assumptions are right.

Its stealing when you use the same code and try to redefine it in your own way. At universities they call it plagiarism, so if you are a student then start to learn how to make your assigments by your own and not to steal somebody else work. Sorry, but this is the fact that you said it by your own words.

Regards

EDIT: plagiarism of Bachelors/Masters/ Phd thesis have ruined peoples life before...so you better watch for the future :)

Last Edited: Fri. Sep 6, 2019 - 05:51 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

Its stealing when you use the same code and try to redefine it in your own way

Get off the soapbox! It's a broad brush you use here and unfortunately it is far from correct.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Well, am happy to see your defintion then. which is obviously correct Kartman?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I'm glad you are.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Welcome :), but you didnt answer ?! so I might take it back

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Please take the schoolboy stuff elsewhere. This is a technical discussion forum.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

@Moe123 , my topic was "bin source to human readable convert" . its a technical question as this is here a technical section forum. My topic wasnt "is it legit to edit the someone else code " so if you wont reply to the original topic as clawson as do it perfectly , do not reply,nobody forcing you to coming read my topic and to reply my topic ,nobody; i have post on the corect section, i have not post it on general talking , and you reply is out of subjet.Dont come here to try to give me life lesson as you first at all have to learning what you doing is simply calling "spaming".You only spam my topic who was "resolved solution" by clawson.

Please next time when i post on the forum do not come on my topic....im sure next time you will explain me you was the facebook real creator and zukerberg stolen you ....please beout my topic becasue you dont serve on nothing....

goodbye

 

Thank you clawson for the technical reply.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Ok, I think the posturing can stop now.....

 

@krilin,

  I am not defending the blowback comments of possible theft of IP by you in this post >I did make a sarcastic comment about it<, but you need to understand something as well.....we get a considerable amount of threads here asking the same question you have where the OP is out to steal the code for their own profit, or plagiarism for school classes.   Hence the the skepticism your thread had received.

 

Spoiler alert....I don't know anyone in this business that has not "peeked under the hood" to see how they did it.  But 99% of the folks I know did not steal the code.  the other1% I know are no longer friends or colleagues of mine.

 

So while I don't blame you for barking back at the dogs of criticism, understand where the barking can come from as well.

 

Let's all get back to other topics as this one has certainly run its course.

 

JIm

I would rather attempt something great and fail, than attempt nothing and succeed - Fortune Cookie

 

"The critical shortage here is not stuff, but time." - Johan Ekdahl

 

"Step N is required before you can do step N+1!" - ka7ehk

 

"If you want a career with a known path - become an undertaker. Dead people don't sue!" - Kartman

"Why is there a "Highway to Hell" and only a "Stairway to Heaven"? A prediction of the expected traffic load?"  - Lee "theusch"

 

Speak sweetly. It makes your words easier to digest when at a later date you have to eat them ;-)  - Source Unknown

Please Read: Code-of-Conduct

Atmel Studio6.2/AS7, DipTrace, Quartus, MPLAB, RSLogix user

Last Edited: Sat. Sep 7, 2019 - 02:04 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Facebook....my topic...bla bla bla....
stop coming with different names on the forum and stop stealing
.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Stealing code by reverse engineering the downloaded binary into disassembled mnemonics just never happens in the real world.  The only people that attempt it are beginners who are wondering if it can be done.  In theory, yes, it can be done; but in reality, no, it can't.

 

In the real world when you want an updated copy of some old program, you outline out into a flow chart or Warnier-Orr diagram everything that the original program does for any given set of inputs.  Then you write new code that works from the outline/flow chart/Warnier-Orr diagrams that you have previously made. 

 

  Well, actually, old-school developers do that.  Modern developers first check in depth on the internet if there is any previously written open-source code or library that someone else has already written (and posted the source code) for what it is that you want to do. If they find absolutely nothing, then they start the reconstruction process by documenting how the original code operated.

 

Topic locked