2011-12-25 22:40:57 +08:00
|
|
|
De-obfuscated JSLinux
|
2011-12-21 12:31:17 +08:00
|
|
|
=========================================================
|
|
|
|
|
2014-10-22 05:06:29 +08:00
|
|
|
I wanted to understand how the amazing [JsLinux][1] worked, so in a
|
|
|
|
fit of mania I hand de-obfuscated the codebase while studying it over
|
|
|
|
a few days' time. In the off-chance someone else might be interested
|
|
|
|
in this code as a basis for further weird in-browser x86 hacking I
|
|
|
|
posted this redacted version of the code here, with permission of
|
|
|
|
Mr. Bellard.
|
|
|
|
|
|
|
|
I highly recommend checking out another open-source x86 emulation
|
|
|
|
project that includes vga support, "v86" ([demo][6] / [source][7]).
|
|
|
|
There's yet another open-source 386-style emulator in javascript
|
2015-02-04 09:38:08 +08:00
|
|
|
called [jslm32][3].
|
|
|
|
|
|
|
|
For a simpler RISC architecture, take a look at the linux on
|
|
|
|
[jor1k][5] emulator project.
|
|
|
|
|
|
|
|
Finally, the [Angel][8] emulator ([source][9]) shows off the elegant
|
|
|
|
open-ISA 64bit [RISC-V][10] architecture that is being brought to
|
|
|
|
silicon by the [lowrisc][11] team. This is by far the cleanest
|
|
|
|
architecture for studying general low-level hardware and operating
|
|
|
|
system implementation details.
|
2013-03-20 02:26:51 +08:00
|
|
|
|
2011-12-21 13:34:38 +08:00
|
|
|
### Status
|
2013-09-16 11:16:18 +08:00
|
|
|
|
2014-10-22 05:06:29 +08:00
|
|
|
The current codebase should run on most modern versions of Chrome,
|
|
|
|
Safari, and Firefox. If you're running it locally, you will need to
|
|
|
|
load it via a local server to allow the XHR requests to load the
|
|
|
|
binaries.
|
2013-09-16 11:16:18 +08:00
|
|
|
|
2014-10-22 05:06:29 +08:00
|
|
|
jslinux-deobfuscated is still a dense, messy code base from any
|
|
|
|
pedagogic point of view. However for those interested in
|
|
|
|
Mr. Bellard's code, this version is nowhere near so incomprehensible
|
|
|
|
as the original. Nearly all of the global variables and function
|
|
|
|
names have been named somewhat sensibly. Many pointers to references
|
|
|
|
have been added to the source.
|
2011-12-25 22:40:57 +08:00
|
|
|
|
2014-10-22 05:06:29 +08:00
|
|
|
The core opcode execution loop has been commented to indicate what
|
|
|
|
instruction the opcode refers to.
|
2014-10-20 06:49:33 +08:00
|
|
|
|
|
|
|
### Unresolved
|
2011-12-21 12:31:17 +08:00
|
|
|
|
2014-10-22 05:06:29 +08:00
|
|
|
One mystery is, why does CPUID(1) return 8 << 8 in EBX? EBX[15:8] is
|
|
|
|
now used to indicate CLFLUSH line size, but that field must have been
|
|
|
|
used for something else in the past.
|
2013-03-20 03:09:51 +08:00
|
|
|
|
2014-10-22 05:06:29 +08:00
|
|
|
The CALL/RET/INT/IRET routines are still quite confused and haven't
|
|
|
|
yet been rewritten. The code dealing with segmentation, and some of
|
|
|
|
the code for real-mode remains relatively messy.
|
2014-10-20 06:49:33 +08:00
|
|
|
|
|
|
|
Any recommendations / clarifications are welcome!
|
|
|
|
|
2011-12-25 22:40:57 +08:00
|
|
|
### ETC
|
2011-12-22 13:04:09 +08:00
|
|
|
|
2014-10-22 05:06:29 +08:00
|
|
|
I highly recommend, by the way, the excellent [JSShaper][2] library
|
|
|
|
for transforming large javascript code bases. The hacks I made from
|
|
|
|
it are in this repo: a little symbol-name-transformer node.js script
|
|
|
|
and an emacs function for doing this in live buffers.
|
2011-12-21 12:31:17 +08:00
|
|
|
|
2013-03-29 10:43:44 +08:00
|
|
|
### License
|
|
|
|
|
2014-10-22 05:06:29 +08:00
|
|
|
This is a pedagogical/aesthetic derivative of the original JSLinux
|
|
|
|
code Copyright (c) 2011-2014 Fabrice Bellard. It is posted here with
|
|
|
|
permission of the original author subject to his original
|
|
|
|
constraints : Redistribution or commercial use is prohibited without
|
|
|
|
the (original) author's permission.
|
2011-12-22 13:04:09 +08:00
|
|
|
|
|
|
|
### References
|
|
|
|
Some other helpful references for understanding what's going on:
|
|
|
|
|
2011-12-23 01:01:41 +08:00
|
|
|
#### x86
|
2015-11-07 16:09:14 +08:00
|
|
|
- http://pdos.csail.mit.edu/6.828/2010/readings/i386/toc.htm
|
2013-03-19 19:42:47 +08:00
|
|
|
- http://pdos.csail.mit.edu/6.828/2010/readings/i386.pdf (PDF of above)
|
2011-12-23 01:01:41 +08:00
|
|
|
- http://ref.x86asm.net/coder32.html
|
2013-03-19 19:42:47 +08:00
|
|
|
- http://www.sandpile.org/
|
2011-12-23 01:01:41 +08:00
|
|
|
- http://en.wikibooks.org/wiki/X86_Assembly/X86_Architecture
|
|
|
|
- http://en.wikipedia.org/wiki/X86
|
|
|
|
- http://en.wikipedia.org/wiki/Control_register
|
|
|
|
- http://en.wikipedia.org/wiki/X86_assembly_language
|
|
|
|
- http://en.wikipedia.org/wiki/Translation_lookaside_buffer
|
|
|
|
|
|
|
|
#### Bit Hacking
|
|
|
|
- http://graphics.stanford.edu/~seander/bithacks.html
|
|
|
|
|
|
|
|
#### Other devices
|
|
|
|
- http://en.wikibooks.org/wiki/Serial_Programming/8250_UART_Programming
|
2011-12-21 12:31:17 +08:00
|
|
|
|
|
|
|
[1]: http://bellard.org/jslinux/tech.html
|
2013-03-19 20:11:33 +08:00
|
|
|
[2]: http://jsshaper.org
|
2013-03-20 02:26:13 +08:00
|
|
|
[3]: https://github.com/ubercomp/jslm32
|
2013-09-16 11:16:18 +08:00
|
|
|
[4]: https://bugs.webkit.org/show_bug.cgi?id=72154
|
2014-10-20 06:49:33 +08:00
|
|
|
[5]: https://github.com/s-macke/jor1k
|
2014-10-22 05:06:29 +08:00
|
|
|
[6]: http://copy.sh/v86/
|
|
|
|
[7]: https://github.com/copy/v86
|
2015-02-04 09:38:08 +08:00
|
|
|
[8]: http://riscv.org/angel/
|
|
|
|
[9]: https://github.com/ucb-bar/riscv-angel
|
|
|
|
[10]: http://riscv.org/
|
|
|
|
[11]: http://www.lowrisc.org/
|