Windows CE SuperH3 Exploit Development Part 1: Tools and Sources of Information
There’s a big sources section for this one, for good reason. There are many amazing guides to x86 Windows exploit development, ARM Windows CE program cracking, and SuperH assembly. As of now, however, there seem to be no guides to SuperH3 Windows CE exploit development. For this reason I’ve had to combine information from a variety of sources in order to create this tutorial.
Tools used in this tutorial:
- A Windows XP SP3 installation is required to use most of the tools involved in this tutorial. Many of these tools will not run on an operating system higher than XP due to UAC and compatibility issues.
- Microsoft Embedded Visual Tools 3.0 — The debugger in this tool suite has long been used to crack programs, provides great low level debugging information. There are keys out there for those who look hard enough.
- ActiveSync 3.5 or the H/PC Pro Emulator — We need either a physical or a virtual machine to debug on.
- Optional — The Reneas C/C++ Compiler for the SuperH family — Includes it’s own debugger as well as an assembler. May be useful for shellcoding.
- IDA Pro — Supports the SH3 ISA for static analysis.
- M3Cro — A tool run on the Windows CE device itself, supports scripting and macros, useful for program testing. Available here:
M3cro 2.1 (details view) - Windows CE Software Compatibility List - HPC Factor
Windows CE Software Compatibility for M3cro 2.1 (details view)
- Optional — UAEDT — This one is super cool. It’s a debugger that can help automate on-device stress testing. Unfortunately, to this point I have not been able to get it working. If I can, I will definitely include it in a future tutorial. Currently I’m using a Jornada 690 for debugging, but I have another SuperH palmtop that it may work fine on.
In the next installation of this series, I will start reverse engineering and debugging Windows CE applications.