Hello,
I have tried for a long time to find information about reversing on the SPARC platform / Solaris mainly without any luck. I was wondering if anyone here has some tips or pointers, or even links ot material concerning the matter. Even finding information about SPARC assembler isn't easy. Also I have asked this on other boards, anyone know if it would be possible to write a piece of software to either:
1. intercept and fake return HOST-ID calls on SPARC or
2. redirect calls to another utility?

How are HOST-ID calls handled?

Any help would as usual be greatly appreciated. thanks in advance.

// SuperCali

heya,

I seem to remember at least a couple linux re tuts on fraviaa's old site, but can't remember whether there wer any sun tuts. But there is a unix tut section at h**p://azrael.mine.nu/underground/
and I remember at least one sun tut, maybe more.

Hope that helps a bit,
william

Thanks alot for the link, I'm looking at it now and it seems cool, at least one essay there for Sun and a couple for unix in general.

// SuperCali

...or try going to Mammon_'s site.

...Greythorne's linux reversing site is good too...

(Search for the same name on Google)


Have Phun

Hiya,

I seem to remember that platform, so I dug into my library and found a book that will help you Super. Its called
'Sparc Architecture, Assembly Language Programming, & C'.
The author is ' Richard P. Paul' and the ISBN is
'0-13-876889-7'.

With that info you should be able to get a copy, I seem to remember buying it at B&N a few years back...

Looking thru it now, theres really alot if info in it. Let me know if you can't get one.

UoK

I don't mean to sound sarcastic, but "man gethostid" would be a good start.

There an "ID PROM" (allegedly) on the motherboard that the Sparcs read from on boot. They drop this 32-bit identifier into a kernel variable (I believe called "host_id". There's a function in libc called "gethostid" that simply retrieves and returns the kernel variable.

So, you could: 1) modify the variable in the kernel after boot, 2) remove the call from libc.so and replace it with one of your own, 3) if it's a statically linked binary, you can isolate the call to gethostid and repair the function in the original binary, 4) or if it has to make a syscall to get the kernel variable (it might, I'm guessing here) you could replace the system call.

Actually, I'm looking at it a quick bit now, and it looks like gethostid is actually a call to sysinfo, which is SYS_systeminfo, so you'd probably want to target that instead.

hth

UrgeOverKill thanks alot for the info I'll see if I can get ahold of the book over here. Really appreciate the help !!!

Unregistered... doh... for some reason I never thoght to look in the man pages as I suspected it would be kinda hush hush as it is heavily relied upon for protections... oh well :|, then again it's not like it's some super-secret formula for world domination so I guess it was obviuos it would at least have a notice in there about it.

Thanks for the other info aswell.

// SuperCali