SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering

Introduction

When reverse-engineering bare-metal ARM firmwares often a lot of time is spent annotating the memory-mapped peripherals, to understand how the code interacts with the chip features. Creating these peripherals by hand is significant work: Reading the datasheets and creating all the different memory regions, structures and memory registers will take a long time.

SVD-Loader for Ghidra automates the entire generation of peripheral structs and memory maps for over 650 different microcontrollers: By parsing so-called SVD files (CMSIS System View Description) SVD-Loader is able to automatically annotate all peripherals of the controller, simplifying reverse-engineering of ARM firmwares significantly.

Download on Github

Usage

Load a binary file
Open it in the code-browser, do not analyze it
Run the SVD-Loader Script
Select an SVD file
Analyze the file

Before and after

By loading the SVD, the constants on the left (_DAT_40000200 etc.) get turned into easily readable structure reads & writes.

References

The generated Peripheral namespace allows easy browsing through all memory mapped peripherals. Blue peripherals have references to them, while black peripherals are unused.

Peripheral structures

SVD-Loader creates structures for the peripherals, grouping the registers of a peripheral together.