I have a decrypted Wii dump. I want to diassemble an IOS, so how would I do this? I have IDA, so what file do I dissasemble and how?



Edited 1 time(s). Last edit at 12/08/2008 04:26PM by tona.

Yuck, change your text color.
Well, if you want to disassemble IOS, first off, what module?
If it is not the kernel, just load it into IDA, and everything will go smooth.
If it is the kernel, you have to strip off a special header thing. In order to do this, just open it in your favorite hex editor, and delete up until the byte before the string ELF.
Then just load it in IDA.

Happy Hacking.

Okay thanks.
The color was just out of habit, I always post orange on forums =P
Anyway, I have some wierdness with my dump. All my titles seem to be there, in the titles folder. Except for BOOT2 (1-1), which I find really wierd. Also, I have an extra title, 1-0. Any explanation?

BOOT2 is not actually a title. 1-1 is just an alias that ES uses for it (who knows why? =/)
Also, 1-0 is a title created when you authenticate with the "SU" ticket, which has a titleID of 1-0. It is mainly for getting access to all content directories on the NAND.

Quote
SquidMan
BOOT2 is not actually a title. 1-1 is just an alias that ES uses for it (who knows why? =/)
Also, 1-0 is a title created when you authenticate with the "SU" ticket, which has a titleID of 1-0. It is mainly for getting access to all content directories on the NAND.

You'll only get this title if you use a funny looking SU ticket. Waninkoko's FS dumper used this, and I think my title deleter does, too.
Those tickets/TMDs just have the title id set arbitrarily to 1-0, it has no meaning.

Yeah, your "SU" ticket generator makes titles with title ID 1-0.
It really means nothing, so nothing to get concerned about.

Any way to use objdump/readelf in stead of IDA pro?

# arm-eabi-readelf -a 00000001.elf
will give me info about the ELF header and program headers but no disassembly.

#arm-eabi-objdump -D 00000001.elf
> 00000001.elf: file format elf32-bigarm

I am using the gcc toolchain from devkitarm.

Did anyone ever pursued this route?

Extract the .text section,(the section with the E flag) use ChangeBinEndian to flip the extracted bin from big-endian to separate little endian bin, then use arm-eabi-objdump to disassemble and RE. arm-eabi-objdump doesn't support big-endian.



Edited 1 time(s). Last edit at 05/19/2009 04:05AM by yellowstar.

erm. no. you'll need to add section headers to the ELF file because objdump doesn't like to just have some program headers. my version support big endian without any problems.