device-tree
Recently I was watching a series of YouTube videos by Hector Martin (Marcon) about the hypervisor he created to reverse engineer the Apple M1 silicon chip. If you're not familiar with him, he played an integral role in developing Asahi Linux; the first Linux distribution to run natively only Apple Computers with and M-series silicon chip. If you're into reverse engineering, especially reverse engineering CPUs/GPUs I would highly recommend visiting his website to watch his videos and learn about how he and his team were able to reverse the M1 CPU.
One video in particular, he mentioned something that I hadn't hear before, device tree. Aparently, the device tree is a data structure that maps out the computers hardware, allowing the Operating System to use it.
This filled in a missing piece for me, because I've wondered for a while how OS and hypervisor developers are aware of this information. It's quite useful for reverse engineering.
The methodology behind m1n1 uses dynamic analysis to observe how the OS communicates with the hardware, thus providing insight into the hardware itself. The philosophy is similar to security researchers who research side-channel attacks.
This is a great way to reverse engineer a CPU or GPU, but as you can see in the m1n1 source code it's no small task to write a hypervisor.
The Kernel Driver section in the Apple Developer documentation includes some useful information about device tree methods.
Here is a Wikipedia article on Device Tree in Linux.
On Linux distros, you can use the dtc command-line utility like this
On Apple, you can use homebrew to install the dtc binary, however, this would only be useful (I believe) if a device tree file is already present.
Macos provides another utility ioreg which can be used to explor the I/O registry, which includes the Device Tree. To learn more read the official documentation.
Check the man page for information.
That's all I'll include for now. I will add more as I learn.
Last updated