This Python script, named FindMyMips.py, is designed to help you calculate the base address (load address) of a binary file by analyzing its disassembled code and searching for specific patterns in the assembly instructions. It can be particularly useful when reverse engineering binaries and determining where they are meant to be loaded in memory.
The python script is based on a PHP script with similar purpose written by Carlo Meijer from Midnight Blue.
Before you get started, make sure you have the following prerequisites installed:
- Python (3.6 or higher)
mips-linux-gnu-objdump(for disassembling binary files)
- Clone this repository to your local machine:
git clone https://github.com/yourusername/findmymips.git- Navigate to the project directory:
cd findmymips- Run the script, providing the path to your binary file as a command-line argument:
python FindMyMips.py your_binary_file.bin- The script will output the best guesses for the base address along with their corresponding scores. The top candidates are displayed, making it easier for you to identify the likely base address.
-
The script first extracts strings from the binary file that contain the "%d" placeholder, which are often used as references for calculating base addresses.
-
It then disassembles the binary file to obtain references from the assembly instructions. These references are recorded and used for base address calculations. (based on lui and addi pairs)
-
A scoring mechanism is applied to different base addresses relative to the selected pivot point (a randomly chosen string containing "%d"). The score reflects the number of valid references found at each calculated base address.
-
Finally, the script presents the top candidates for the base address based on their scores.
If you find any issues or have suggestions for improvements, please feel free to open an issue or pull request in this repository.