Garnet
/
sgx540-reversing
2
3
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Documentation and tooling from my PowerVR SGX540 reverse engineering project
37 Commits
1 Branch
0 Tags
469 KiB
C 84.4%
Java 6.9%
C++ 4.6%
TypeScript 3.9%
CMake 0.2%
 
 
 
 
 
Go to file
Garnet c15884751a Added the first pds binary found and updated the readme. 2022-10-16 13:33:30 +02:00
Android Fix directory location. 2022-07-08 16:39:08 +02:00
asm Fix up the names for the x86 preload hack. 2022-07-08 16:38:02 +02:00
hook-postmarket Added a TODO in the ldpreload code. 2022-08-02 00:32:18 +02:00
info Updated the documentation. 2022-08-02 00:12:10 +02:00
ukernel Added the first pds binary found and updated the readme. 2022-10-16 13:33:30 +02:00
.gitignore Heavily restructure the project 2022-07-08 16:33:56 +02:00
README.md Updated readme. 2022-08-10 20:51:45 +02:00

README.md

PowerVR SGX540 Reverse Engineering

This repository contains a set of tools and reverse engineered information on the PowerVR SGX540 gpu found in the Galaxy Tab 2 7.0 P3110 by samsung.

Note that all of the information container here has been derived exclusively from binaries and code published officially by Imagination Technologies that are publicly available.

Directory structure:

  • Android/ contains various analysis tools (including shader dumping tools) for android, they are mostly historial but might be useful again at some point
  • hook-postmarket/ contains the latest analysis tools for postmarketos, at the moment they are able to analyse the gpu initialization and dump/modify shaders through a mostly complete armv7 debugger backend and some notes about my findings
  • asm/ contains a disassembler and an assembler for the architecture, the disassembler is for now just done using hijacked official imgtech binaries (not provided in this repo)
  • info/ contains general information about the drivers and the architecture

Checklist:

  • Implement a disassembler
  • Figure out how to run this on postmarketos instead
  • Reverse the instruction encoding fully
  • Determine instruction semantics for the instructions that are commonly used in simple shaders
  • Implement an assembler (partial)
  • Implement a way of replacing shaders generated by the proprietary driver
  • Finish a writeup about the entire process
  • Reverse engineer the MOE mechanism
  • Reverse engineer PDS
  • Reverse engineer the microkernel
  • Perform some basic rendering independently of the userspace libgl