Pages: [1]

Author Topic: Reverse engineering Arm (Korg) firmware  (Read 2941 times)

0 Members and 1 Guest are viewing this topic.

Offline maranite

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Reverse engineering Arm (Korg) firmware
« on: October 09, 2014, 08:23:38 pm »
I've been puzzled for weeks now by the firmware for the Korg Krome keyboard, and need some help with reversing the file.

Korg's firmware update contain a file called mainapp.cmp

I cant find any resources online that suggest what a cmp file is (in an ARM context) and havent found any magic keys in the file that give it away.

I dont have access to the bootloader, so hacking any deobfustication code is out of the question too.


How do I go about this task?  It looks as though its extremely unlikely to succeed when:
1. The firmware is not nix based
2. The updates dont include the full firmware.
3. The bootloader is locked inside a SoC  (which appears to have jtag disabled)

Is there an approach for this sort of thing, or am I at a dead end?
Report to moderator   Logged

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Reverse engineering Arm (Korg) firmware
« Reply #1 on: October 09, 2014, 08:53:47 pm »
Can you share some of the files on here? Might be a cool challenge for some.
Report to moderator   Logged
~Factionwars

Offline HTH

  • Official EZ Slut
  • Administrator
  • Knight
  • *
  • Posts: 395
  • Cookies: 158
  • EZ Titan
    • View Profile
Re: Reverse engineering Arm (Korg) firmware
« Reply #2 on: October 10, 2014, 01:35:46 am »
I too am curious. I could probably shed some light on it, as could many others here.

Side question: Have you looked at HOW JTAG is disabled? I know that they've been disabled in many ways, from removing a jumper, to in the software, to just straight up making the pins hard to find. That may help you, finding and reenabling it i mean.
Report to moderator   Logged
<ande> HTH is love, HTH is life
<TurboBorland> hth is the only person on this server I can say would successfully spitefuck peoples women

Offline 0E 800

  • Not a VIP
  • VIP
  • Baron
  • *
  • Posts: 895
  • Cookies: 131
  • • тнε ιηтεяηεт ιs мү яεcүcℓε-вιη •
    • View Profile
Re: Reverse engineering Arm (Korg) firmware
« Reply #3 on: October 10, 2014, 01:43:52 am »
This seems to be the best bet:

OP thread on another forum:
http://www.korgforums.com/forum/phpBB2/viewtopic.php?t=92884

Quote
There are several tools to reverse engineer ARM firmware.
Tools like binwalk are usually used for scrambled firmwares (which korg rarely does).
Try to figure out the exact ARM chipset, and check http://onlinedisassembler.com or the linux radare tools.

Reverse engineering is timeconsuming (and legal when you purchased the product itself).
Report to moderator   Logged
The invariable mark of wisdom is to see the miraculous in the common.

Offline maranite

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Re: Reverse engineering Arm (Korg) firmware
« Reply #4 on: October 12, 2014, 08:21:48 pm »
That thread on korgforums was started by me.

Binwalk and onlinedisassembler both comeup empty handed.
The firmware appears to contain "nth byte" obfustication...  I.e in a hex editor you'll see the word "KOR.G"... or "progr.am"    I dont know for a fact that the cpu is arm based, its an assumption given that the predecessor (the M50 which has a nearly identical GUI and features) is ARM based.

But.. running the hex into Arm diassemblers rapdily starts reporting invalid instructions.... so the file format definately has some sort of structure or encoding to it (I.e. not vanilla executable). The tail of the file contains many similar repeated blocks... which I'm assuming are either the bitmaps used to represrnt instruments, or (perhaps more likely) the DSP code that gets downloaded into the korg edsx engine.

The avtual firmware can be downloaded at http://i.korg.com/uploads/Download/USA_KROME_V103_E1.zip.

Report to moderator   Logged
Pages: [1]