Best toolset for reverse engineering PPC app?

Anything about Mac emulation that does not belong in the above categories.

Moderators: Cat_7, Ronald P. Regensburg

Post Reply
data-ux
Space Cadet
Posts: 4
Joined: Tue Apr 27, 2021 1:13 pm

Best toolset for reverse engineering PPC app?

Post by data-ux »

My goal is to reverse engineer a Classic Mac PPC game's on disk data files (to enable modding). Running the game in an emulator should make it "easy" to inspect memory, stop/resume execution of code, trace file access to the byte level etc. if the emulator supports it.

The game I'm targeting only seems to run in SheepShaver (no luck with QEMU). I've read that BasiliskII can be built with cxmon debugger included. Is is possible to include cxmon with SheepShaver? What other tools could I use?

It would be great to have a toolbox that can:
- Disassemble the program code and produce a graph of procedures (who calls what)
- Trace file access to show what part of a file is being read by which procedure from above
- Monitor changes at specified memory addresses and halt execution when it happens showing which procedure changed the memory

Like I said, should be "easy" in an emulator environment. :wink:
Well at least easy compared to running on actual hardware.
User avatar
adespoton
Forum All-Star
Posts: 4227
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Best toolset for reverse engineering PPC app?

Post by adespoton »

Best toolset for reverse engineering a PPC app is IDAPro PPC.
data-ux
Space Cadet
Posts: 4
Joined: Tue Apr 27, 2021 1:13 pm

Re: Best toolset for reverse engineering PPC app?

Post by data-ux »

I actually got the game running in QEMU, just had to boot with extensions disabled. I found the QEMU feature to start with gdb server active (-s option). This way I can use a gdb client to connect and set breakpoints etc.

While studying the game files, I found out it’s not fully ported to PPC. The main app file is 68k only (no data fork). The app loads PPC code from a separate file and executes this code at some point. I figured that reversing a mixed mode app is too much of a hassle so I decided to focus on reversing the 68k version of the code.

Unfortunately qemu-system-m68k does not run MacOS so I cannot use the nice gdb workflow mentioned above. So I have settled on using tools that work inside classic MacOS: Resorcerer, MacNosy and MacsBug.

While digging in different versions of the target game, I hit the jackpot! An early version of the game has debug symbols included in the code. And I have found that 68k assembly is much easier to learn/understand than PPC assembly so I happy with working in 68k.
User avatar
adespoton
Forum All-Star
Posts: 4227
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Best toolset for reverse engineering PPC app?

Post by adespoton »

Yeah; MC680x0 has defined registers, which make it really easy to set a watchpoint on a specific register and see the values change. On PPC, all the registers are multi-use, so you could end up seeing unrelated values passing in and out of the register you're watching, with the values you want to watch being restored after the register is temporarily used for something else. Makes register debugging a bit of a pain. But if you debug mostly using toolbox calls, those stay essentially the same, so you can just watch for when they get loaded onto the stack and break there -- and then step through that code and watch your registers for changes.
Post Reply