[Reverse Engineering] N64 Signature Files for IDA Pro/Radare2

Discussion in 'Nintendo Game Development' started by Amorri40, Nov 19, 2018.

  1. Amorri40

    Amorri40 Active Member

    Joined:
    Dec 25, 2017
    Messages:
    27
    Likes Received:
    28
    Introduction
    I have been able to create signature files for a couple of versions of the Official N64 SDK by Silicon Graphics. These are very useful when reverse engineering pretty much all N64 Games that are not in ELF format (pretty much all released n64 ROMs).

    How to Use
    1. Download the zip files from this post that you are interested in
    2. Extract the .sig file to the "sig/mips" folder in the root of your IDA Pro Installation
    3. Open your favorite game in IDA pro
    4. Go to File -> Load File -> FLIRT signature File..
    5. Select the version of the SDK that the game was developed with, or if you don't know which one, use the latest version of SDK as it is the most complete
    6. It will take a few minutes to parse
    7. After parsing all the library functions it managed to identify will be named and be a light blue colour.

    Features

    Turok Signatures Included
    Generated from the Official Turok 64 Source code.

    Yara Files Included
    You can use these with the Retargetable Decompiler and Radare2.

    IDA Pro Automatic Collision Solving
    In order to save time the script automatically fixes the .exc files by:
    * Picking the first candidate
    * adding collision_ to the name of the first candidate

    This means that when you apply one of the signatures to a stripped binary and a symbol starts with collision_, you need to go to the .exc file to find out which one it was.
    There is a couple of techniques to find out which of the collision candidates your function is correct, which will be covered later on.

    Future Projects
    * Convert N64 ROM to ELF
    * Create a JSON file of symbols plus the source library file
    - Useful for seeing what libraries games were compiled with
    - Useful for comparing different versions of libraries
    - Requires parsing the .pat files
    * Create radare2 Zignatures
     

    Attached Files:

  2. atkfromabove

    atkfromabove Rising Member

    Joined:
    Feb 20, 2014
    Messages:
    69
    Likes Received:
    12
    Awesome post, thanks for sharing. Reverse engineering has always been something I want to get into
     
  3. HI_Ricky

    HI_Ricky Gutsy Member

    Joined:
    Jun 7, 2007
    Messages:
    473
    Likes Received:
    95
    wow ,nice ~ thank you
     

Share This Page