Work-in-process Cell PPU (Playstation 3) ELF loader for Binary Ninja 4.x. Only supports decrypted PS3 executable ELFs EBOOT.BIN.
Tested with Binary Ninja:
4.1.5902-stable4.2.6455-stable
- Open binary ninja, Plugins -> Manage Plugins
- Search for
ps3 - Install the
binja-ps3plugin - Load a decrypted PS3 executable
- Select
Playstation 3 ELFbinary view
To define syscalls:
- Right-click anywhere
Pluginsps3-syscall-sweep
Syscalls will then appear under System types. Code references might be incomplete if run before analysis can finish or where decompilation fails.
- DWARF symbols are not recognized
- library import definitions don't have arguments
- system call definitions don't have arguments
- system calls are not registered with platform/system and thus are not lifted
- not tested on ELFs with multiple TOCs
- bninja does not lift many PPC instructions, breaking decompilation
Non-exhaustive list of unsupported instructions:
clrldi
lfs
fcmpu
stfs
lfd
fmuls
fadds
fmadds
fdivs
mtocrf
frsp
fcfid
cmpdi
fmr
stfd
vmaddfp
psq_lx
stvx
lwarx
stwcx
This plugin is released under an MIT license.
- https://www.psdevwiki.com/ps3/SELF_-_SPRX
- http://www.openwatcom.com/ftp/devel/docs/elf-64-gen.pdf
- https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html
- https://refspecs.linuxfoundation.org/elf/gabi4+/ch4.eheader.html
- https://github.com/clienthax/Ps3GhidraScripts
- https://github.com/RPCS3/rpcs3/
- https://binary.ninja/2020/01/08/guide-to-architecture-plugins-part1.html
- https://gist.github.com/xerpi/4aaf83ca59c33190c960881e3a364627#file-nidreader-py
- https://www.psdevwiki.com/ps3/PRX#PS3