Can I indentify whether a hex file is arduino based?

Projects Programming
1

Hello, I have a firmware hex file of some device, and I was wondering if there is any way for me to identify whether this device is arduino based?

I obviously can't assume that ay hex file is arduino related, but the hex file itself looks just like a hex file compiled by arduino which makes me wonder if that is actually the case.

Is there any way for me to further check this? :slight_smile:

Thanks!

2

Did you look at a hex dump? Can you post it?

3

aarg:
Did you look at a hex dump? Can you post it?

I did look at the hex dump, it doesn't necessarily give me any information as far as I can see(of course that things like that require much deeper looking).

Seems like I can't attach the hex file or paste it raw due to characters limit, here is a link to pastebin:

Thanks :slight_smile:

4

(deleted)

5

There shouldn't be a character limit on an attachment. In fact, it is small enough to post inline.

6

spycatcher2k:
What is some device?
Why does this matter? You can't do anything with it?
NO - attach the file here, I'm not going to wase time going to an off site url!

Not really, even if it was made in the Arduino IDE, the compiler does a great job of optimising it, there is almost no wway to know its source.

You can't attach a hex file and there is a character limit of 9000 characters, feel free to check it yourself.
Honestly, you answer in a very unpleasant way, if you don't feel like helping, please don't do so. Thanks.

7

Wow, such attitude! Well, I did this before i saw your post...

temp.txt (30.2 KB)

8

aarg:
Wow, such attitude! Well, I did this before i saw your post...

Yeah, a txt file is different than hex I guess as far as attaching cares.

9

(deleted)

10

@msacco

24 hr time out to learn how to play nice with others.

Could you also take a few moments to Learn How To Use The Forum.
It will help you get the best out of the forum in the future.
Other general help and troubleshooting advice can be found here.

11

With no other data provided, I think about the best you can do is decompile it and see if the results look like they could be for an AVR.
https://onlinedisassembler.com/odaweb/

Once decompiled, then you could try to disassemble it and see if the results look like C code.
https://onlinedisassembler.com/static/home/index.html

Or maybe it's disassemble, then decompile. Has been awhile since I played with the tools.

12

The hex file format used by Arduino has been around for decades, and could be intended for any of thousands, if not tens of thousands of different devices. Even if it were intended for an Arduino, of what use could it possibly be?

Forget the hex file -- just put random bytes into program memory and see what happens.

13

Well, the avr-objdump utility will read .hex files, and if you tell it that the .hex file is from an AVR, it will do its best to disassemble the file into assembly language. avr-gcc compiled programs would be relatively recognizable at that point - they start off with a table of rjmp or jmp instructions that make of the "vector table for startup and ISRs at location 0, and the startup jump will go to "typical C startup code" that initializes some registers and data areas. It's pretty distinct.

An ARM Cortex binary is similarly recognizable.

For your .hex file, I see:

 [b]avr-objdump -mavr5 -D /Downloads/foo.hex |more      
[/b]
/Downloads/foo.hex:     file format ihex


Disassembly of section .sec1:

00003567 <.sec1>:
    3567:       12 20           and     r1, r2

    3569:       46 12           cpse    r4, r22
    356b:       20 03           mulsu   r18, r16
    356d:       12 44           sbci    r17, 0x42       ; 66
    356f:       c2 75           andi    r28, 0x52       ; 82
    3571:       ff 80           ldd     r15, Y+7        ; 0x07
    3573:       7d c0           rjmp    .+250           ;  0x366f
    3575:       7c 8a           std     Y+20, r7        ; 0x14
    3577:       7f 02           muls    r23, r31
    3579:       12 3d           cpi     r17, 0xD2       ; 210

so, not an AVR Arduino sketch. Not sensible AVR code at all... Not sensible ARM Cortex code, either.

In fact, it looks like the file contains 80-odd distinct discontinuous, non-monotonically-increasing, and perhaps overlapping segments. Which is "weird", and I don't know WTH it would be.

14

msacco:
You can't attach a hex file

It's true that some file types cannot be attached but txt can be so you can put the hex in notepad and use that.

Is the file really over 9000 characters? If it is, given what you are asking I would imagine that a truncated version might be enough to be helpful.