N64 Decompiling With Ghidra RetroReversing

1/25/2020 N64 Decompiling with Ghidra · RetroReversing
 Retro Reversing
Home / Nintendo 64 / Decompiling Nintendo 64 Games
N64 ROM Decompiling With Ghidra - N64LoaderWV
N64 Decompiling with Ghidra

Edit on Github | Updated: 25 January 2020
Importing a Nintendo 64 ROM

Download and Install Ghidra
Before following the steps on this post please make sure you have a working
Ghidra environment setup.
So you should be able to run the script ghidraRun (contains .bat on windows)
and it should start up Ghidra.
Download the Loader

Ghidra doesn’t support Nintendo 64 ROMS out of the box, presumably because
not a lot of malware was written for the N64 and thus the NSA would never
need one.
https://www.retroreversing.com/n64-decompiling 1/35
Luckily a user known as Warranty Voider

Retro has created a loader module which
Reversing

enables us to import N64 ROMS like any other executable 1 .
You can find it here: GitHub - zeroKilo/N64LoaderWV: Ghidra Loader Module

for N64 ROMs
On the GitHub page you need to either select clone or Download as zip , we
would suggest just downloading the zip for now.
You only need to clone if you are planning on contributing, but even then you
would probably fork first and then clone.
Import a ROM file

Find a .z64 file and import it into the project, it should come up as “N64 Loader
by Warranty Voider”, but if it comes up as “binary” then it has not been
installed correctly.
If the N64 Loader option doesn’t appear for you then you probably don’t have
JDK 12 or higher, you can either install JDK12 or build the plugin yourself on
jdk11 which is what I did and works just fine :)
Detecting N64 API signatures

After importing the game into Ghidra you will notice that all the functions have
default names that start with: FUN_ .
These names are not very helpful and we know that the games were compiled
with a version of the Official Nintendo 64 SDK, so if we could find those
libraries in the binary then we can give them useful names and help start
solving the puzzle.
Downloading pre-generated Signature files

Over on AssemblerGames there is a pack of Signature Files for N64 SDK
libraries. You can think of these as a sort of regular expression for compiled
function code. It is not always accurate but it is a great start, you can download
them from assembler games Here
Using IDA Pro’s Signature files with ApplySig

 Retro Reversing
After downloading you will notice that these were created for the competing
Disassembler called IDA Pro . So in order to open them in Ghidra we need a
plugin, the plugin we are looking for is called ApplySig.py .
However currently the plugin ApplySig.py doesn’t work with the N64 Loader
due to the addresses as it gives the following error:
java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: Invalid address

0x80000450L
In order to get ApplySig to work you need a patch to ApplySig from user
celophi which is available here: Update ApplySig.py by celophi · Pull Request
#7 · NWMonster/ApplySig · GitHub
To run it you need to put the script in your home/ghidra_scripts folder and run
the “Script Manager” tool, select the checkbox beside ApplySig then click the
green run icon.
It will then ask for the *.sig file to open, make sure to select one of the sig files
that you downloaded earlier 2 .
Importing N64 Types

If you have a version of the N64 SDK then you can use the Parse C Source
feature of Ghidra to automatically import structs/classes/defines etc from C
Header files. This can save a lot of time from creating them all manually.
If there are any errors with the parsing of the C files then you will need to
locate the generated file called: CParserPlugin.out . Normally it is generated
in the current users home directory so you can run:
cat ~/CParserPlugin.out
 Retro Reversing
Setting up the memory map
By default the ghidra loader only loads the .rom, .ram and .boot, but there is
much more to the N64 memory map than these sections, and in fact your game
will use its own sections too. So it is important you know your way around the
Memory Map editor which can be viewed by selecting: Window -> Memory Map .
Here are a few default sections you might want to add:
Show entries
10 Search:
Name Start Address Length
MI_BASE 0XA300000 0x100000
RI_BASE 0xA400000 0x100000
Showing 1 to 2 of 2 entries Previous 1 Next
References
1. N64 ROM Decompiling With Ghidra - N64LoaderWV - YouTube ↩
2. Assembler Games N64 Signatures ↩
introduction tutorial n64 ghidra decompiling
 0  
 Retro Reversing
What do you think?

0 Responses
Upvote Funny Love Surprised
Angry Sad
1 Comment Retro Reversing 

1 Login
 Recommend t Tweet f Share Sort by Best
Join the discussion…
LOG IN WITH
OR SIGN UP WITH DISQUS ?
Name
kataxeb • a month ago

I love N64 games, like a little kid my parents buy me the console
and I play Super Mario a lot, now I play the same games but with
N64 emulator and downloading N64 ROMs. This is ana amzing
d ti l id f l i th N64 ith hid
TABLE OF CONTENTS
Importing a Nintendo 64 ROM
Download and Install Ghidra

 Download the Loader Retro Reversing
Import a ROM file
Detecting N64 API signatures

Downloading pre-generated Signature files
Using IDA Pro’s Signature files with ApplySig
Importing N64 Types
Setting up the memory map
References
RECOMMENDED CONTENT
n64
Bung Doctor v64 (N64)
 Retro Reversing
n64
Cleaning up n64split assembly code
n64
Datel Action Replay Professional (N64)

 Retro Reversing
n64
Maestro64
 Retro Reversing
n64
Mario Kart 64
 Retro Reversing
n64
Emulator Game Memory corruption
 Retro Reversing
n64
Mupen64+ Reversers Edition
n64
Mupen64+ Emulator Source Code Analysis
 Retro Reversing
n64
Mystical Ninja N64 Memory Rom Editing
 Retro Reversing
n64
N64 Rom Memory Hacking (Paper Mario)
 Retro Reversing
n64
N64 Boot Code Analysis
 Retro Reversing
n64
Nintendo 64 Hardware Architecture
 Retro Reversing
n64
N64 MIPS Assembly Video Tutorials
 Retro Reversing
n64
N64 RDP - Reality Display Processor
 Retro Reversing
n64
N64 RSP - Reality Signal Processor
n64
N64 Reversing Introduction
 Retro Reversing
n64
N64 Sound and Music
 Retro Reversing
n64
N64 3D Modelling Software
n64
Nintendo Seal of Approval
 Retro Reversing
n64
Official Nintendo 64 (Ultra 64) Development Kit Hardware
 Retro Reversing
n64
How Retro Cartridges/ROMS worked
 Retro Reversing
n64
Reversing Games with Mupen64+
 Retro Reversing
n64
Super Mario 64
 Retro Reversing
n64
Turok 64 Official Source Code Analysis
 Retro Reversing
n64
N64 ROM Visualizer (.z64)
n64
Official N64 SDK Setup (MacOSX/Linux/Win)
n64
N64 Rom Analysis with Radare2

 Retro Reversing
tutorial
Introduction to Decompiling C++ with Ghidra
 Retro Reversing
tutorial
How to reverse engineer a microchip
 Retro Reversing
tutorial
Emulator Game Memory corruption
 Retro Reversing
tutorial
N64 MIPS Assembly Video Tutorials
 Retro Reversing
tutorial
Using PDB files for Reverse Engineering
 Retro Reversing
tutorial
PSYQ SDK Setup on MacOSX/Linux
 Retro Reversing
tutorial
Official N64 SDK Setup (MacOSX/Linux/Win)
 Retro Reversing
ghidra
Introduction to Decompiling C++ with Ghidra
ABOUT RETROREVERSING
RetroReversing is a hand-picked list of the best Reverse Engineering material

available on the web. All our content is of high quality and all content references the
original source.
HELP US PROVIDE THE CORRECT ANSWER
"The best way to get the right answer on the internet is not to ask a question; it's to
post the wrong answer." - Cunningham's Law
 
Copyright © 2020 Retro Reversing. All rights reserved.

 Retro Reversing

N64 Decompiling With Ghidra RetroReversing

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

N64 Decompiling With Ghidra RetroReversing

Uploaded by

Copyright:

Available Formats

1/25/2020 N64 Decompiling with Ghidra · RetroReversing

Home / Nintendo 64 / Decompiling Nintendo 64 Games

N64 ROM Decompiling With Ghidra - N64LoaderWV

N64 Decompiling with Ghidra

Importing a Nintendo 64 ROM

Download the Loader

Luckily a user known as Warranty Voider

You can find it here: GitHub - zeroKilo/N64LoaderWV: Ghidra Loader Module

Import a ROM file

Detecting N64 API signatures

Downloading pre-generated Signature files

Using IDA Pro’s Signature files with ApplySig

java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: Invalid address

Importing N64 Types

Here are a few default sections you might want to add:

Name Start Address Length

MI_BASE 0XA300000 0x100000

RI_BASE 0xA400000 0x100000

Showing 1 to 2 of 2 entries Previous 1 Next

introduction tutorial n64 ghidra decompiling

What do you think?

Upvote Funny Love Surprised

1 Comment Retro Reversing 

 Recommend t Tweet f Share Sort by Best

Join the discussion…

kataxeb • a month ago

Importing a Nintendo 64 ROM

Download and Install Ghidra

Detecting N64 API signatures

Importing N64 Types

Setting up the memory map

Bung Doctor v64 (N64)

Cleaning up n64split assembly code

Datel Action Replay Professional (N64)

Emulator Game Memory corruption

Mupen64+ Reversers Edition

Mupen64+ Emulator Source Code Analysis

Mystical Ninja N64 Memory Rom Editing

N64 Rom Memory Hacking (Paper Mario)

N64 Boot Code Analysis

Nintendo 64 Hardware Architecture

N64 MIPS Assembly Video Tutorials

N64 RDP - Reality Display Processor

N64 RSP - Reality Signal Processor

N64 Reversing Introduction

N64 Sound and Music

N64 3D Modelling Software

Nintendo Seal of Approval

Official Nintendo 64 (Ultra 64) Development Kit Hardware

How Retro Cartridges/ROMS worked

Reversing Games with Mupen64+

Turok 64 Official Source Code Analysis

N64 ROM Visualizer (.z64)

Official N64 SDK Setup (MacOSX/Linux/Win)

N64 Rom Analysis with Radare2

Introduction to Decompiling C++ with Ghidra

How to reverse engineer a microchip

Emulator Game Memory corruption

N64 MIPS Assembly Video Tutorials

Using PDB files for Reverse Engineering

PSYQ SDK Setup on MacOSX/Linux

Official N64 SDK Setup (MacOSX/Linux/Win)

Introduction to Decompiling C++ with Ghidra