Awesome
μBlaze Architecture Plugin for Binary Ninja
This is a plugin for Binary Ninja that adds MicroBlaze architecture support.
MicroBlaze is a configurable soft processor core from Xilinx going all the way back to their Spartan-II series of FPGAs. It can be found in a variety of roles within larger FPGA designs: from bare-bones microcontroller, to full Linux application processor, to early-boot embedded controller.
Features
This plugin works on Linux binaries:
- Relocations† for working Triage Summary imports!
- Syscall arguments!‡
- That one cursed ELF
e_machinevalue that's no longer used!
This plugin supports bare-metal firmware:
- Bus transfer and MSR intrinsics!
- Intrinsics for privileged operations!
- 64-bit instruction≠ extensions!
Minor, unimportant quality of life things:
- Nice disassembly of relative branches and 32-bit immediates!
- Delay slots are properly lifted!
- Disassemblesキ all configuration options in UG984 (v2020.2) even the weird ones!
Usage
All ELF files should Just Work™ but otherwise:
- Likely use
ublaze32bearchitecture for older designs. - Likely use
ublaze32learchitecture for newer Zynq designs. - The
linux-ublaze32xxdefault platforms aren't meaningfully different fromarch.standalone_platform, you don't need to override them. - If HLIL looks broken, check source to see if that configuration option has been properly implemented yet.
If you want to cite this plugin please use:
<pre> @online{ublaze-arch-plugin, title = {{\mu}Blaze Architecture Plugin for Binary Ninja}, url = {https://github.com/amtal/microblaze}, doi = {10.5281/zenodo.4749823}, author = {amtal}, year = 2021, } </pre>Caveats
† relocations not well-tested, probably buggy
‡ minimum viable product, BYOSyscall typelib/headers
≠ literally just the added 64-from-32 instructions, but 64-bit architecture variant should be trivial if anyone needs it now
キbut definitely does not lift correctly, if someone has a clever cross-config validation plan lmk