diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 52 |
1 files changed, 51 insertions, 1 deletions
@@ -244,4 +244,54 @@ The `executables/hexen.py` script provides a utility to send raw hex payloads an * If you press Enter, nothing is saved for that attempt. * The script checks if the directory for the `MAGIC` file exists and if the file is writable, providing error messages if issues are encountered. -This tool aims to simplify the process of testing variations of known packet structures, especially when only the checksum isnt known
\ No newline at end of file +This tool aims to simplify the process of testing variations of known packet structures, especially when only the checksum isnt known + +# MQX ARM M4 Firmware Analysis Tools + +This toolkit provides specialized tools for analyzing MQX ARM M4 firmware, with a particular focus on identifying IP packet checksum algorithms. + +## Tools Overview + +1. **improved_disassembler.py**: An enhanced disassembler with visual formatting, pattern recognition, and network protocol awareness. + +2. **checksum_finder.py**: A specialized tool focused specifically on finding checksum algorithms in firmware. + +## Installation + +Install the required dependencies: + +```bash +pip install -r requirements.txt +``` + +## Usage + +### Analyzing firmware with the improved disassembler + +```bash +python improved_disassembler.py path/to/firmware.bin -o analysis_output.txt -b 0x08000000 +``` + +### Finding checksum algorithms + +```bash +python checksum_finder.py path/to/firmware.bin -o checksum_analysis.txt -b 0x08000000 +``` + +## Tool Features + +- Color-coded output for better readability (in terminal) +- Detection of network-related strings and constants +- Pattern-based identification of common checksum algorithms +- Context-aware disassembly around potential checksum code +- Export analysis to text files for further examination + +## Understanding the Results + +The tools look for: + +- **IP header constants**: Values commonly found in IP header processing (0x0800, 0x45, 0x06, etc.) +- **Checksum patterns**: Common instruction sequences used in checksum calculations +- **Network strings**: TCP/IP-related strings in the firmware + +When a potential checksum implementation is found, the tools provide the surrounding context to help understand the algorithm.
\ No newline at end of file |