This is a new architecture plugin for Binary Ninja reverse engineering platform. It adds support for Qualcomm's Hexagon CPUs.
Main features:
- Complete disassembler support. Plugin decodes individual instructions, parses and tokenizes instruction operands, and populates branch information for all packets:
- Partial decompiler support. Plugin lifts (a subset of) Hexagon instructions to Binary Ninja's Low-Level Intermediate Language (LLIL). Lifter manages clobbered registers, implements ".new" semantics and packet level branch semantics. Thanks to BN's IL modules, the LLIL representation is lifted to pseudo-C, High-Level IL (HLIL), producing readable, decompiled code:
-
Setup and build instructions.
-
High level design document.
The plugin is very much in Alpha stage. Only around 40% of Hexagon's > 2000 instructions are currently lifted to LLIL. Feedback, bug reports and PRs are welcome.
This plugin was built using QEMU's Hexagon target by Taylor Simpson from Qualcomm Innovation Center.
Instruction lifters are auto generated by parsing semantics descriptions. These descriptions are preprocessed using PCPP by Niall Douglas and David Beazley, and parsed using Lark-parser by Erez Shinan.
This project is a derivative work of QEMU's Hexagon target, therefore, it is licensed under GPLv2, as the original work.