Advertising (This ad goes away for registered users. You can Login or Register)

Are loaded modules on 3.60 obfuscated?

Open discussions on programming specifically for the PS Vita.
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Post Reply
173210
Guru
Posts: 195
Joined: Fri Jul 15, 2011 11:32 pm

Are loaded modules on 3.60 obfuscated?

Post by 173210 » Thu Aug 25, 2016 2:52 am

Hi! Now I'm facing a problem.

https://github.com/173210/vita-analyze/ ... 47430574b6
This tool has functionalities almost same with ones vitadump has, but
intended to be compatible with various tools which can handle ELF. So it
is for poor people who cannot afford to buy IDA Pro.

Unfortunately, it doesn't give any correct result with dump of modules
loaded on 3.61. As far as I see, the export table and the import table are
intact but library names, nids, and entry pointers look obfuscated.

Code: Select all

$ readelf -s SceBgAppUtil.elf

Symbol table '.symtab' contains 15 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 81097834    92 OBJECT  GLOBAL DEFAULT  UND module_info
     1: 81097715     0 THUMB_FUNC GLOBAL DEFAULT  UND module_start
     2: 8109771d     0 THUMB_FUNC GLOBAL DEFAULT  UND module_stop
     3: 00000001     0 THUMB_FUNC GLOBAL DEFAULT  UND export_00000000
     4: 00000000     0 FUNC    GLOBAL DEFAULT  UND export_00000000
     5: cae9ace6     0 FUNC    GLOBAL DEFAULT  UND export_00000000
     6: 81097944     4 OBJECT  GLOBAL DEFAULT  UND export_00050034
     7: 00000000     4 OBJECT  GLOBAL DEFAULT  UND export_00020000
     8: 00000000     0 FUNC    GLOBAL DEFAULT  UND `y^I�xy^I�hy^I��y^I�_0000
     9: 00000000    16 FUNC    GLOBAL DEFAULT  UND ��\����y��4�x�l��$"l^Uw^I
    10: 7c3525b5    16 FUNC    GLOBAL DEFAULT  UND ��\����y��4�x�l��$"l^Uw^I
    11: 81097691    16 FUNC    GLOBAL DEFAULT  UND ��\����y��4�x�l��$"l^Uw^I
    12: 53656353    16 FUNC    GLOBAL DEFAULT  UND x�l��$"l^Uw^I�^Yw^I�^]w^I
    13: 6c6c6568    16 FUNC    GLOBAL DEFAULT  UND x�l��$"l^Uw^I�^Yw^I�^]w^I
    14: 00637653     0 OBJECT  GLOBAL DEFAULT  UND x�l��$"l^Uw^I�^Yw^I�^]w^I
Are they really obfuscated?
Advertising
Donate!
Bitconin: 1Aq3NruiohEvUsGJAmHoXjTq764HDS5zef
Paypal: http://173210.github.io/

Post Reply

Return to “Programming and Security”