[Reverse Engineering] PS2 Signature Files for IDA Pro

Discussion in 'Sony Programming and Development' started by Amorri40, Feb 11, 2018.

  1. Amorri40

    Amorri40 Active Member

    Joined:
    Dec 25, 2017
    Messages:
    27
    Likes Received:
    30
    Introduction
    Thanks to pool7 I have been able to create signature files for many versions of the Official PS2 SDK. These are very useful when reverse engineering PS2 Games that have had all their symbols stripped from the resulting ELF.

    How to Use
    1. Download the zip files from this post that you are interested in
    2. Extract the .sig file to the "sig/mips" folder in the root of your IDA Pro Installation
    3. Open your favorite game in IDA pro
    4. Go to File -> Load File -> FLIRT signature File..
    5. Select the version of the SDK that the game was developed with, or if you don't know use the 3.0.3 as it is the most complete
    6. It will take a few minutes to parse
    7. After parsing all the library functions it managed to identify will be named and be a light blue colour.

    Features

    Automatic Collision Solving
    In order to save time the script automatically fixes the .exc files by:
    * Picking the first candidate
    * adding collision_ to the name of the first candidate

    This means that when you apply one of the signatures to a stripped binary and a symbol starts with collision_, you need to go to the .exc file to find out which one it was.
    There is a couple of techniques to find out which of the collision candidates your function is correct, which will be covered later on.

    Problems to solve

    Unknown relocation type 8
    The following error stops use from creating signature files for some libraries:
    ```
    librtgcond.a: unknown relocation type 8. (section 1, addr 32c)
    ```
    Very common with the Renderware libraries.
    Not sure how to fix this issue, and what is a relocation type?
    Even IDA Pro when opening the file says it contains "non standard use of relocations"

    Future Projects
    * Convert un-stripped ELF files into patterns/signatures
    * Create a JSON file of symbols plus the source library file
    - Useful for seeing what libraries games were compiled with
    - Useful for comparing different versions of libraries
    - Requires parsing the .pat files​
    * Create radare2 Zignatures
     

    Attached Files:

  2. Anonamous

    Anonamous Newly Registered

    Joined:
    Jan 10, 2012
    Messages:
    4
    Likes Received:
    2
    Thank you for this, these are extremely useful. I have attempted to convert the pat files to yara but I figured I would just ask as I would prefer to have them directly from the libraries. May you create the yara files from the libraries using retdec-signature-from-library-creator.py from retdec? It would be greatly appreciated. Retdec and the python script can be found on its github page here. https://github.com/avast-tl/retdec
     
    pool7 likes this.
  3. Amorri40

    Amorri40 Active Member

    Joined:
    Dec 25, 2017
    Messages:
    27
    Likes Received:
    30
    Retdec looks really cool, I have converted the libraries to .yara source files and have attached them to this post.
    Let me know how you get on with them and any retdec ps2 tips you might have :)
     

    Attached Files:

  4. Anonamous

    Anonamous Newly Registered

    Joined:
    Jan 10, 2012
    Messages:
    4
    Likes Received:
    2
    Excellent thank you. There is also script files in their repository that will go through the header files and generate information for the dissembler. They are under retdec/scripts/type_extractor. You can just run gen_cstdlib_and_linux_jsons.sh and pass the argument --cstdlib-headers and give it the directory to the sdk and it will output the information in the cstdlib.json file. If you could also run this through them it would be extremely appreciated as it will help the dissembler with the types and arguments to the funcitons. I'm only asking for this now as I just discovered it yesterday and ran it through the open source ps2sdk and already noticed a significant difference with functions like memcpy. Having it for the official ps2sdk libraries would be extremely useful.

    So far with retdec the only advantage I have really noticed instead of using ps2dis or ida is that it does an excellent job of finding the classes and their constructors/virtual functions.
     
    pool7 likes this.

Share This Page