alt Hacker NewsHow did reverse engineering m16c prove challenging? I recently extracted a 4 stage encrypted payload from an M16C arch that also used time-based encryption. Each time it was run, the output was different. The time based key was also rotating.
It used a very simple custom encryption for the time stuff and AES in ECB mode.
Protip Ghidra does not emulate inherent CPU behavior of INDEX instructions, behaviour not specified in ISA. I had to backport M32C instructions and patch M16C slaspec to emulate this behavior, caused by compiler bugs.
Have you published anything about this anywhere? I also had to work on the SLEIGH file for the M16C.
Overall it just seemed like the processor definition for Ghidra needed more work.