diff options
author | Dominik Riebeling <Dominik.Riebeling@gmail.com> | 2021-12-15 21:04:28 +0100 |
---|---|---|
committer | Dominik Riebeling <Dominik.Riebeling@gmail.com> | 2021-12-24 18:05:53 +0100 |
commit | c876d3bbefe0dc00c27ca0c12d29da5874946962 (patch) | |
tree | 69f468a185a369b01998314bc3ecc19b70f4fcaa /utils/mkzenboot/mkzenboot.c | |
parent | 6c6f0757d7a902feb293be165d1490c42bc8e7ad (diff) | |
download | rockbox-c876d3bbefe0dc00c27ca0c12d29da5874946962.tar.gz rockbox-c876d3bbefe0dc00c27ca0c12d29da5874946962.zip |
rbutil: Merge rbutil with utils folder.
rbutil uses several components from the utils folder, and can be
considered part of utils too. Having it in a separate folder is an
arbitrary split that doesn't help anymore these days, so merge them.
This also allows other utils to easily use libtools.make without the
need to navigate to a different folder.
Change-Id: I3fc2f4de19e3e776553efb5dea5f779dfec0dc21
Diffstat (limited to 'utils/mkzenboot/mkzenboot.c')
-rw-r--r-- | utils/mkzenboot/mkzenboot.c | 697 |
1 files changed, 697 insertions, 0 deletions
diff --git a/utils/mkzenboot/mkzenboot.c b/utils/mkzenboot/mkzenboot.c new file mode 100644 index 0000000000..88d6821759 --- /dev/null +++ b/utils/mkzenboot/mkzenboot.c | |||
@@ -0,0 +1,697 @@ | |||
1 | /*************************************************************************** | ||
2 | * __________ __ ___. | ||
3 | * Open \______ \ ____ ____ | | _\_ |__ _______ ___ | ||
4 | * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / | ||
5 | * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < | ||
6 | * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ | ||
7 | * \/ \/ \/ \/ \/ | ||
8 | * $Id$ | ||
9 | * | ||
10 | * Copyright (C) 2008 by Maurus Cuelenaere | ||
11 | * Based on zenutils by Rasmus Ry <rasmus.ry{at}gmail.com> | ||
12 | * Copyright (C) 2013 by Amaury Pouly | ||
13 | * | ||
14 | * This program is free software; you can redistribute it and/or | ||
15 | * modify it under the terms of the GNU General Public License | ||
16 | * as published by the Free Software Foundation; either version 2 | ||
17 | * of the License, or (at your option) any later version. | ||
18 | * | ||
19 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
20 | * KIND, either express or implied. | ||
21 | * | ||
22 | ****************************************************************************/ | ||
23 | #include <stdio.h> | ||
24 | #include <stdlib.h> | ||
25 | #include <stdarg.h> | ||
26 | #include <string.h> | ||
27 | #include "mkzenboot.h" | ||
28 | #include "utils.h" | ||
29 | #include "dualboot.h" | ||
30 | |||
31 | /** | ||
32 | * Keys used by players | ||
33 | */ | ||
34 | static const char null_key_v1[] = "CTL:N0MAD|PDE0.SIGN."; | ||
35 | static const char null_key_v2[] = "CTL:N0MAD|PDE0.DPMP."; | ||
36 | static const char null_key_v3[] = "CTL:N0MAD|PDE0.DPFP."; | ||
37 | static const char null_key_v4[] = "CTL:Z3N07|PDE0.DPMP."; | ||
38 | |||
39 | static const char tl_zvm_key[] = "1sN0TM3D az u~may th1nk*" | ||
40 | "Creative Zen Vision:M"; | ||
41 | static const char tl_zvm60_key[] = "1sN0TM3D az u~may th1nk*" | ||
42 | "Creative Zen Vision:M (D" | ||
43 | "VP-HD0004)"; | ||
44 | static const char tl_zen_key[] = "1sN0TM3D az u~may th1nk*" | ||
45 | "Creative ZEN"; | ||
46 | static const char tl_zenxf_key[] = "1sN0TM3D az u~may th1nk*" | ||
47 | "Creative ZEN X-Fi"; | ||
48 | static const char tl_zenmo_key[] = "1sN0TM3D az u~may th1nk*" | ||
49 | "Creative ZEN Mozaic"; | ||
50 | static const char tl_zv_key[] = "1sN0TM3D az u~may th1nk*" | ||
51 | "Creative Zen Vision"; | ||
52 | static const char tl_zvw_key[] = "1sN0TM3D az u~may th1nk*" | ||
53 | "Creative ZEN Vision W"; | ||
54 | static const char tl_zm_key[] = "1sN0TM3D az u~may th1nk*" | ||
55 | "Creative Zen Micro"; | ||
56 | static const char tl_zmp_key[] = "1sN0TM3D az u~may th1nk*" | ||
57 | "Creative Zen MicroPhoto"; | ||
58 | static const char tl_zs_key[] = "1sN0TM3D az u~may th1nk*" | ||
59 | "Creative Zen Sleek"; | ||
60 | static const char tl_zsp_key[] = "1sN0TM3D az u~may th1nk*" | ||
61 | "Creative Zen Sleek Photo"; | ||
62 | static const char tl_zt_key[] = "1sN0TM3D az u~may th1nk*" | ||
63 | "Creative Zen Touch"; | ||
64 | static const char tl_zx_key[] = "1sN0TM3D az u~may th1nk*" | ||
65 | "NOMAD Jukebox Zen Xtra"; | ||
66 | static const char tl_zenv_key[] = "1sN0TM3D az u~may th1nk*" | ||
67 | "Creative ZEN V"; | ||
68 | static const char tl_zenvp_key[] = "1sN0TM3D az u~may th1nk*" | ||
69 | "Creative ZEN V Plus"; | ||
70 | static const char tl_zenvv_key[] = "1sN0TM3D az u~may th1nk*" | ||
71 | "Creative ZEN V (Video)"; | ||
72 | |||
73 | struct player_info_t | ||
74 | { | ||
75 | const char* name; | ||
76 | const char* null_key; /* HMAC-SHA1 key */ | ||
77 | const char* tl_key; /* BlowFish key */ | ||
78 | bool big_endian; | ||
79 | char *cinf; | ||
80 | }; | ||
81 | |||
82 | static struct player_info_t zen_players[] = | ||
83 | { | ||
84 | {"Zen Vision:M", null_key_v2, tl_zvm_key, false, NULL}, | ||
85 | {"Zen Vision:M 60GB", null_key_v2, tl_zvm60_key, false, NULL}, | ||
86 | {"Zen", null_key_v4, tl_zen_key, false, "Creative ZEN"}, | ||
87 | {"Zen X-Fi", null_key_v4, tl_zenxf_key, false, "Creative ZEN X-Fi"}, | ||
88 | {"Zen Mozaic", null_key_v4, tl_zenmo_key, false, "Creative ZEN Mozaic"}, | ||
89 | {"Zen Vision", null_key_v2, tl_zv_key, false, NULL}, | ||
90 | {"Zen Vision W", null_key_v2, tl_zvw_key, false, NULL}, | ||
91 | {"Zen Micro", null_key_v1, tl_zm_key, true, NULL}, | ||
92 | {"Zen MicroPhoto", null_key_v1, tl_zmp_key, true, NULL}, | ||
93 | {"Zen Sleek", null_key_v1, tl_zs_key, true, NULL}, | ||
94 | {"Zen SleekPhoto", null_key_v1, tl_zsp_key, true, NULL}, | ||
95 | {"Zen Touch", null_key_v1, tl_zt_key, true, NULL}, | ||
96 | {"Zen Xtra", null_key_v1, tl_zx_key, true, NULL}, | ||
97 | {"Zen V", null_key_v3, tl_zenv_key, false, "Creative ZEN V"}, | ||
98 | {"Zen V Plus", null_key_v3, tl_zenvp_key, false, NULL}, | ||
99 | {"Zen V Video", null_key_v3, tl_zenvv_key, false, NULL}, | ||
100 | {NULL, NULL, NULL, false, NULL} | ||
101 | }; | ||
102 | |||
103 | /** | ||
104 | * Information on how to patch firmwares | ||
105 | */ | ||
106 | struct zen_model_desc_t | ||
107 | { | ||
108 | /* Descriptive name of this model (must match player in zen_players[]) */ | ||
109 | const char *model_name; | ||
110 | /* Model name used in the Rockbox header in ".zen" files - these match the | ||
111 | -add parameter to the "scramble" tool */ | ||
112 | const char *rb_model_name; | ||
113 | /* Model number used to initialise the checksum in the Rockbox header in | ||
114 | ".zen" files - these are the same as MODEL_NUMBER in config-target.h */ | ||
115 | const int rb_model_num; | ||
116 | /* Bootloader load address */ | ||
117 | uint32_t bootloader_addr; | ||
118 | /* Dualboot code for this model */ | ||
119 | const unsigned char *dualboot; | ||
120 | /* Size of dualboot functions for this model */ | ||
121 | int dualboot_size; | ||
122 | }; | ||
123 | |||
124 | /* keep this consistent with the address in dualboot.lds */ | ||
125 | static const struct zen_model_desc_t zen_models[] = | ||
126 | { | ||
127 | [MODEL_UNKNOWN] = | ||
128 | { | ||
129 | "Unknown", " ", 0, 0, NULL, 0 | ||
130 | }, | ||
131 | [MODEL_ZENV] = | ||
132 | { | ||
133 | "Zen V", "zenv", 92, 0x61000000, dualboot_zenv, sizeof(dualboot_zenv) | ||
134 | }, | ||
135 | [MODEL_ZENXFI] = | ||
136 | { | ||
137 | "Zen X-Fi", "zxfi", 86, 0x41000000, dualboot_zenxfi, sizeof(dualboot_zenxfi) | ||
138 | }, | ||
139 | [MODEL_ZENMOZAIC] = | ||
140 | { | ||
141 | "Zen Mozaic", "zmoz", 87, 0x41000000, dualboot_zenmozaic, sizeof(dualboot_zenmozaic) | ||
142 | }, | ||
143 | [MODEL_ZEN] = | ||
144 | { | ||
145 | "Zen", "zen", 90, 0x41000000, dualboot_zen, sizeof(dualboot_zen) | ||
146 | }, | ||
147 | }; | ||
148 | |||
149 | /** | ||
150 | * MD5 knowledge base | ||
151 | */ | ||
152 | |||
153 | struct zen_md5sum_t | ||
154 | { | ||
155 | /* Device model */ | ||
156 | enum zen_model_t model; | ||
157 | /* md5sum of the file */ | ||
158 | char *md5sum; | ||
159 | /* Version string */ | ||
160 | const char *version; | ||
161 | }; | ||
162 | |||
163 | static const struct zen_md5sum_t zen_sums[] = | ||
164 | { | ||
165 | /** Zen Mozaic */ | ||
166 | { | ||
167 | /* Version 1.06.01 */ | ||
168 | MODEL_ZENMOZAIC, "8441402a8db9f92659b05f05c0abe8fb", "1.06.01" | ||
169 | }, | ||
170 | { | ||
171 | /* Version 1.06.01e */ | ||
172 | MODEL_ZENMOZAIC, "88a856f8273b2bc3fcacf1f067a44aa8", "1.06.01e" | ||
173 | }, | ||
174 | /** Zen X-Fi */ | ||
175 | { | ||
176 | /* Version 1.04.08e */ | ||
177 | MODEL_ZENXFI, "f07e2e75069289a2aa14c6583bd9643b", "1.04.08e" | ||
178 | }, | ||
179 | { | ||
180 | /* Version 1.04.08 */ | ||
181 | MODEL_ZENXFI, "c3cddf8468d8c8982e93aa9986c5a152", "1.04.08" | ||
182 | }, | ||
183 | /** Zen V */ | ||
184 | { | ||
185 | /* Version 1.32.01e */ | ||
186 | MODEL_ZENV, "2f6d3e619557583c30132ac87221bc3e", "1.32.01e" | ||
187 | }, | ||
188 | /** Zen */ | ||
189 | { | ||
190 | /* Version 1.21.03e */ | ||
191 | MODEL_ZEN, "1fe28f587f87ac3c280281db28c42465", "1.21.03e" | ||
192 | } | ||
193 | }; | ||
194 | |||
195 | #define NR_ZEN_PLAYERS (sizeof(zen_players) / sizeof(zen_players[0])) | ||
196 | #define NR_ZEN_SUMS (sizeof(zen_sums) / sizeof(zen_sums[0])) | ||
197 | #define NR_ZEN_MODELS (sizeof(zen_models) / sizeof(zen_models[0])) | ||
198 | |||
199 | #define MAGIC_ROCK 0x726f636b /* 'rock' */ | ||
200 | #define MAGIC_RECOVERY 0xfee1dead | ||
201 | #define MAGIC_NORMAL 0xcafebabe | ||
202 | |||
203 | /** | ||
204 | * Stolen from various places in our codebase | ||
205 | */ | ||
206 | |||
207 | /** | ||
208 | * EDOC file format | ||
209 | */ | ||
210 | struct edoc_header_t | ||
211 | { | ||
212 | char magic[4]; | ||
213 | uint32_t total_size; | ||
214 | uint32_t zero; | ||
215 | }; | ||
216 | |||
217 | struct edoc_section_header_t | ||
218 | { | ||
219 | uint32_t addr; | ||
220 | uint32_t size; | ||
221 | uint32_t checksum; | ||
222 | }; | ||
223 | |||
224 | uint32_t edoc_checksum(void *buffer, size_t size) | ||
225 | { | ||
226 | uint32_t c = 0; | ||
227 | uint32_t *p = buffer; | ||
228 | while(size >= 4) | ||
229 | { | ||
230 | c += *p + (*p >> 16); | ||
231 | p++; | ||
232 | size -= 4; | ||
233 | } | ||
234 | if(size != 0) | ||
235 | printf("[WARN] EDOC Checksum section size is not a multiple of 4 bytes, result is undefined!\n"); | ||
236 | return c & 0xffff; | ||
237 | } | ||
238 | |||
239 | #define errorf(err, ...) do { printf(__VA_ARGS__); return err; } while(0) | ||
240 | |||
241 | /** | ||
242 | * How does patching code work | ||
243 | * --------------------------- | ||
244 | * | ||
245 | * All Creative firmwares work the same: they start at 0 and the code sequence at | ||
246 | * 0 always contains the vector table with ldr with offsets: | ||
247 | * 0: e59ff018 ldr pc, [pc, #24] ; 0x20 | ||
248 | * 4: e59ff018 ldr pc, [pc, #24] ; 0x24 | ||
249 | * 8: e59ff018 ldr pc, [pc, #24] ; 0x28 | ||
250 | * c: e59ff018 ldr pc, [pc, #24] ; 0x2c | ||
251 | * 10: e59ff018 ldr pc, [pc, #24] ; 0x30 | ||
252 | * 14: e59ff018 ldr pc, [pc, #24] ; 0x34 | ||
253 | * 18: e59ff018 ldr pc, [pc, #24] ; 0x38 | ||
254 | * 1c: e59ff018 ldr pc, [pc, #24] ; 0x3c | ||
255 | * 20: 0000dbd4 .word start | ||
256 | * 24: 0000dcac .word undef_instr_handler | ||
257 | * 28: 0000dcb0 .word software_int_handler | ||
258 | * 2c: 0000dcb4 .word prefetch_abort_handler | ||
259 | * 30: 0000dcb8 .word data_abort_handler | ||
260 | * 34: 0000dcbc .word reserved_handler | ||
261 | * 38: 0000dcc0 .word irq_handler | ||
262 | * 3c: 0000dd08 .word fiq_handler | ||
263 | * | ||
264 | * To build a dual-boot image, we modify the start address to point to some | ||
265 | * code we added to the image. Specifically we first add the stub, then | ||
266 | * the rockbox image. We also write the old start address to this | ||
267 | * stub so that it can either decide to run rockbox or patch back the | ||
268 | * start address and jump to 0. | ||
269 | * Singleboot and recovery is handled the same way except that both targets use | ||
270 | * the same address and we drop the OF, so we create a fake vector table! | ||
271 | */ | ||
272 | |||
273 | struct dualboot_footer_t | ||
274 | { | ||
275 | uint32_t magic; | ||
276 | uint32_t of_addr; | ||
277 | uint32_t rb_addr; | ||
278 | uint32_t boot_arg; | ||
279 | } __attribute__((packed)); | ||
280 | |||
281 | #define FOOTER_MAGIC 0x1ceb00da | ||
282 | |||
283 | static enum zen_error_t create_fake_image(uint8_t **fw, uint32_t *fw_size) | ||
284 | { | ||
285 | /** We need to create a fake EDOC image, so first a header and one section | ||
286 | * header with one data chunk. */ | ||
287 | /** The fake image is as follows: | ||
288 | * 0: e59ff018 ldr pc, [pc, #24] ; 0x20 | ||
289 | * 4: e59ff018 ldr pc, [pc, #24] ; 0x24 | ||
290 | * 8: e59ff018 ldr pc, [pc, #24] ; 0x28 | ||
291 | * c: e59ff018 ldr pc, [pc, #24] ; 0x2c | ||
292 | * 10: e59ff018 ldr pc, [pc, #24] ; 0x30 | ||
293 | * 14: e59ff018 ldr pc, [pc, #24] ; 0x34 | ||
294 | * 18: e59ff018 ldr pc, [pc, #24] ; 0x38 | ||
295 | * 1c: e59ff018 ldr pc, [pc, #24] ; 0x3c | ||
296 | * 20: 00000040 .word hang | ||
297 | * 24: 00000040 .word hang | ||
298 | * 28: 00000040 .word hang | ||
299 | * 2c: 00000040 .word hang | ||
300 | * 30: 00000040 .word hang | ||
301 | * 34: 00000040 .word hang | ||
302 | * 38: 00000040 .word hang | ||
303 | * 3c: 00000040 .word hang | ||
304 | * 40 <hang>: | ||
305 | * 40: eafffffe b 40 <hang> */ | ||
306 | *fw_size = sizeof(struct edoc_header_t) + sizeof(struct edoc_section_header_t) + 0x44; | ||
307 | *fw = malloc(*fw_size); | ||
308 | if(*fw == NULL) | ||
309 | errorf(ZEN_ERROR, "[ERR] Allocation failed"); | ||
310 | struct edoc_header_t *hdr = (void *)*fw; | ||
311 | memcpy(hdr->magic, "EDOC", 4); | ||
312 | hdr->total_size = *fw_size - sizeof(struct edoc_header_t) + 4; | ||
313 | hdr->zero = 0; | ||
314 | struct edoc_section_header_t *sec = (void *)(hdr + 1); | ||
315 | sec->addr = 0; | ||
316 | sec->size = 0x44; | ||
317 | uint32_t *p = (void *)(sec + 1); | ||
318 | p[0] = p[1] = p[2] = p[3] = p[4] = p[5] = p[6] = p[7] = 0xe59ff018; | ||
319 | p[8] = p[9] = p[10] = p[11] = p[12] = p[13] = p[14] = p[15] = 0x40; | ||
320 | p[16] = 0xeafffffe; | ||
321 | sec->checksum = edoc_checksum(p, 0x44); | ||
322 | return ZEN_SUCCESS; | ||
323 | } | ||
324 | |||
325 | static enum zen_error_t patch_firmware(uint8_t **fw, uint32_t *fw_size, | ||
326 | void *boot, size_t boot_size, struct zen_option_t opt) | ||
327 | { | ||
328 | /* check if dualboot stub is available */ | ||
329 | const void *dualboot = zen_models[opt.model].dualboot; | ||
330 | int dualboot_size = zen_models[opt.model].dualboot_size; | ||
331 | uint32_t dualboot_addr = zen_models[opt.model].bootloader_addr; | ||
332 | if(dualboot == NULL) | ||
333 | errorf(ZEN_DONT_KNOW_HOW_TO_PATCH, "[ERR] I don't have a dualboot stub for this model\n"); | ||
334 | /* if not asked to dualboot, drop OF and create a fake image */ | ||
335 | if(opt.output != ZEN_DUALBOOT) | ||
336 | { | ||
337 | enum zen_error_t ret = create_fake_image(fw, fw_size); | ||
338 | if(ret != ZEN_SUCCESS) | ||
339 | return ret; | ||
340 | } | ||
341 | /* compute final image size: add stub + bootloader in one block as a section */ | ||
342 | int extra_size = sizeof(struct edoc_section_header_t) + dualboot_size + boot_size; | ||
343 | *fw_size += extra_size; | ||
344 | *fw = realloc(*fw, *fw_size); | ||
345 | if(*fw == NULL) | ||
346 | errorf(ZEN_ERROR, "[ERR] Allocation failed"); | ||
347 | /* sanity check */ | ||
348 | struct edoc_header_t *hdr = (void *)*fw; | ||
349 | if(memcmp(hdr->magic, "EDOC", 4) != 0) | ||
350 | errorf(ZEN_FW_INVALID, "[ERR] Firmware doesn't use EDOC format\n"); | ||
351 | /* validate image and find OF start addr */ | ||
352 | uint32_t of_addr = 0; | ||
353 | struct edoc_section_header_t *sec_hdr = (void *)(hdr + 1); | ||
354 | while((void *)sec_hdr - (void *)&hdr->zero < hdr->total_size) | ||
355 | { | ||
356 | if(sec_hdr->checksum != edoc_checksum(sec_hdr + 1, sec_hdr->size)) | ||
357 | errorf(ZEN_FW_INVALID, "[ERR] Firmware checksum error\n"); | ||
358 | if(sec_hdr->addr == 0) | ||
359 | { | ||
360 | uint32_t *start_vector = ((void *)(sec_hdr + 1) + 0x20); | ||
361 | /* extract address */ | ||
362 | of_addr = *(uint32_t *)start_vector; | ||
363 | /* patch vector */ | ||
364 | *start_vector = dualboot_addr; | ||
365 | /* fix checksum */ | ||
366 | sec_hdr->checksum = edoc_checksum(sec_hdr + 1, sec_hdr->size); | ||
367 | } | ||
368 | sec_hdr = (void *)(sec_hdr + 1) + sec_hdr->size; | ||
369 | } | ||
370 | if(of_addr == 0) | ||
371 | errorf(ZEN_FW_INVALID, "[ERR] Firmware doesn't have the expected format\n"); | ||
372 | printf("[INFO] OF start address: %#x\n", of_addr); | ||
373 | /* add extra section */ | ||
374 | sec_hdr->addr = dualboot_addr; | ||
375 | sec_hdr->size = dualboot_size + boot_size; | ||
376 | /* add extra data */ | ||
377 | memcpy(sec_hdr + 1, dualboot, dualboot_size); | ||
378 | memcpy((void *)(sec_hdr + 1) + dualboot_size, boot, boot_size); | ||
379 | /* locate and patch dualboot footer */ | ||
380 | struct dualboot_footer_t *footer = (void *)(sec_hdr + 1) + dualboot_size - | ||
381 | sizeof(struct dualboot_footer_t); | ||
382 | if(footer->magic != FOOTER_MAGIC) | ||
383 | errorf(ZEN_FW_INVALID, "[ERR] Footer magic mismatch\n"); | ||
384 | uint32_t rb_addr = dualboot_addr + dualboot_size; | ||
385 | printf("[INFO] RB start address: %#x\n", rb_addr); | ||
386 | footer->of_addr = opt.output == ZEN_DUALBOOT ? of_addr : rb_addr; | ||
387 | footer->rb_addr = rb_addr; | ||
388 | footer->boot_arg = opt.output == ZEN_RECOVERY ? 0xfee1dead : 0xcafebabe; | ||
389 | printf("[INFO] Footer: 0x%08x 0x%08x 0x%08x\n", footer->of_addr, footer->rb_addr, | ||
390 | footer->boot_arg); | ||
391 | /* fix image */ | ||
392 | sec_hdr->checksum = edoc_checksum(sec_hdr + 1, sec_hdr->size); | ||
393 | hdr->total_size += extra_size; | ||
394 | return ZEN_SUCCESS; | ||
395 | } | ||
396 | |||
397 | struct player_info_t *get_player_info(enum zen_model_t model) | ||
398 | { | ||
399 | for(int i = 0; zen_players[i].name; i++) | ||
400 | if(strcmp(zen_models[model].model_name, zen_players[i].name) == 0) | ||
401 | return &zen_players[i]; | ||
402 | return NULL; | ||
403 | } | ||
404 | |||
405 | enum zen_error_t build_firmware(void *exec, size_t exec_size, void *boot, size_t boot_size, | ||
406 | const char *outfile, struct zen_option_t opt) | ||
407 | { | ||
408 | uint8_t *buffer = exec; | ||
409 | /** find player info */ | ||
410 | struct player_info_t *player = get_player_info(opt.model); | ||
411 | if(player == NULL) | ||
412 | errorf(ZEN_UNSUPPORTED, "[ERR] There is no player info for this model\n"); | ||
413 | if(player->big_endian) | ||
414 | errorf(ZEN_UNSUPPORTED, "[ERR] Big-endian players are currently unsupported\n"); | ||
415 | |||
416 | /** Find Win32 PE .data section */ | ||
417 | uint32_t data_ptr; | ||
418 | uint32_t data_size; | ||
419 | enum zen_error_t err = find_pe_data(exec, exec_size, &data_ptr, &data_size); | ||
420 | if(err != ZEN_SUCCESS) | ||
421 | errorf(err, "[ERR] Cannot find .data section\n"); | ||
422 | printf("[INFO] .data section is at 0x%x with size 0x%x\n", data_ptr, data_size); | ||
423 | |||
424 | /** look for firmware and key in data section */ | ||
425 | uint32_t fw_offset = find_firmware_offset(&buffer[data_ptr], data_size); | ||
426 | if(fw_offset == 0) | ||
427 | errorf(ZEN_FW_INVALID, "[ERR] Couldn't find firmware offset\n"); | ||
428 | uint32_t fw_size = le2int(&buffer[data_ptr + fw_offset]); | ||
429 | printf("[INFO] Firmware offset is at 0x%x with size 0x%x\n", data_ptr + fw_offset, fw_size); | ||
430 | const char *fw_key = find_firmware_key(exec, exec_size); | ||
431 | if(fw_key == NULL) | ||
432 | errorf(ZEN_FW_INVALID, "[ERR] Couldn't find firmware key\n"); | ||
433 | printf("[INFO] Firmware key is %s\n", fw_key); | ||
434 | |||
435 | /** descramble firmware */ | ||
436 | printf("[INFO] Descrambling firmware... "); | ||
437 | if(!crypt_firmware(fw_key, &buffer[data_ptr + fw_offset + 4], fw_size)) | ||
438 | errorf(ZEN_ERROR, "Fail!\n"); | ||
439 | else | ||
440 | printf("Done!\n"); | ||
441 | /** decompress it */ | ||
442 | uint8_t *out_buffer = malloc(fw_size * 2); | ||
443 | if(out_buffer == NULL) | ||
444 | errorf(ZEN_ERROR, "[ERR] Couldn't allocate memory"); | ||
445 | memset(out_buffer, 0, fw_size * 2); | ||
446 | printf("[INFO] Decompressing firmware... "); | ||
447 | char *err_msg; | ||
448 | if(!inflate_to_buffer(&buffer[data_ptr + fw_offset + 4], fw_size, out_buffer, | ||
449 | fw_size * 2, &err_msg)) | ||
450 | errorf(ZEN_ERROR, "Fail!\n[ERR] ZLib error: %s\n", err_msg); | ||
451 | else | ||
452 | printf("Done!\n"); | ||
453 | |||
454 | /** check format and resize the buffer */ | ||
455 | if(memcmp(out_buffer, "FFIC", 4) != 0) | ||
456 | errorf(ZEN_FW_INVALID, "[ERR] CIFF header doesn't match\n"); | ||
457 | uint32_t ciff_size = le2int(&out_buffer[4]) + 8 + 28; /* CIFF block + NULL block*/ | ||
458 | printf("[INFO] Total firmware size: %d\n", ciff_size); | ||
459 | out_buffer = realloc(out_buffer, ciff_size); | ||
460 | if(out_buffer == NULL) | ||
461 | errorf(ZEN_ERROR, "[ERR] Cannot resize memory block\n"); | ||
462 | |||
463 | /** look for firmware file */ | ||
464 | printf("[INFO] Locating encoded block... "); | ||
465 | uint32_t fw_off = 8; | ||
466 | uint8_t *cinf_ptr = NULL; | ||
467 | while(memcmp(&out_buffer[fw_off], " LT\xa9", 4) != 0 && fw_off < ciff_size) | ||
468 | { | ||
469 | if(memcmp(&out_buffer[fw_off], "FNIC", 4) == 0) | ||
470 | { | ||
471 | cinf_ptr = &out_buffer[fw_off + 8]; | ||
472 | fw_off += 4 + 4 + 96; | ||
473 | } | ||
474 | else if(memcmp(&out_buffer[fw_off], "ATAD", 4) == 0) | ||
475 | { | ||
476 | fw_off += 4; | ||
477 | fw_off += le2int(&out_buffer[fw_off]); | ||
478 | fw_off += 4; | ||
479 | } | ||
480 | else | ||
481 | errorf(ZEN_FW_INVALID, "Fail!\n[ERR] Unknown block\n"); | ||
482 | } | ||
483 | if(fw_off >= ciff_size || memcmp(&out_buffer[fw_off], " LT\xa9", 4) != 0) | ||
484 | errorf(ZEN_FW_INVALID, "Fail!\n[ERR] Couldn't find encoded block\n"); | ||
485 | if(!cinf_ptr) | ||
486 | errorf(ZEN_FW_INVALID, "Fail!\n[ERR] Couldn't find CINF\n"); | ||
487 | printf("Done!\n"); | ||
488 | |||
489 | /** validate player if possible */ | ||
490 | printf("[INFO] Checking player model..."); | ||
491 | if(player->cinf) | ||
492 | { | ||
493 | char cinf_ascii[96]; | ||
494 | for(int j = 0; j < 96; j++) | ||
495 | cinf_ascii[j] = *(unsigned short *)&cinf_ptr[2 * j]; | ||
496 | if(strncmp(cinf_ascii, player->cinf, 96) != 0) | ||
497 | errorf(ZEN_FW_MISMATCH, "Fail!\n[ERR] Player mismatch: CINF indicates '%s' instead of '%s'\n", | ||
498 | cinf_ascii, player->cinf); | ||
499 | else | ||
500 | printf("Done!\n"); | ||
501 | } | ||
502 | else | ||
503 | printf("Bypass!\n"); | ||
504 | |||
505 | /** decrypt firmware */ | ||
506 | printf("[INFO] Decrypting encoded block... "); | ||
507 | uint32_t iv[2]; | ||
508 | iv[0] = 0; | ||
509 | iv[1] = swap(le2int(&out_buffer[fw_off + 4])); | ||
510 | if(!bf_cbc_decrypt((unsigned char*)player->tl_key, strlen(player->tl_key) + 1, | ||
511 | &out_buffer[fw_off + 8], le2int(&out_buffer[fw_off + 4]), (const unsigned char*)&iv)) | ||
512 | errorf(ZEN_ERROR, "Fail!\n[ERR] Couldn't decrypt encoded block\n"); | ||
513 | printf("Done!\n"); | ||
514 | |||
515 | /** sanity checks on firmware */ | ||
516 | uint32_t jrm_size = le2int(&out_buffer[fw_off + 8]); | ||
517 | if(jrm_size > le2int(&out_buffer[fw_off + 4]) * 3) | ||
518 | errorf(ZEN_FW_INVALID, "[ERR] Decrypted length of encoded block is unexpectedly large: 0x%08x\n", jrm_size); | ||
519 | printf("[INFO] Firmware size: %d\n", jrm_size); | ||
520 | uint8_t *jrm = malloc(jrm_size); | ||
521 | if(jrm == NULL) | ||
522 | errorf(ZEN_ERROR, "[ERR] Couldn't allocate memory\n"); | ||
523 | memset(buffer, 0, jrm_size); | ||
524 | |||
525 | /** decompress firmware */ | ||
526 | printf("[INFO] Decompressing encoded block... "); | ||
527 | if(!cenc_decode(&out_buffer[fw_off + 12], le2int(&out_buffer[fw_off + 4]) - 4, jrm, jrm_size)) | ||
528 | errorf(ZEN_ERROR, "Fail!\n[ERR] Couldn't decompress the encoded block\n"); | ||
529 | printf("Done!\n"); | ||
530 | |||
531 | /** Copy OF because patching might modify it */ | ||
532 | void *jrm_save = malloc(jrm_size); | ||
533 | uint32_t jrm_save_size = jrm_size; | ||
534 | if(jrm_save == NULL) | ||
535 | errorf(ZEN_ERROR, "[ERR] Couldn't allocate memory"); | ||
536 | memcpy(jrm_save, jrm, jrm_size); | ||
537 | |||
538 | /** Patch firmware */ | ||
539 | err = patch_firmware(&jrm, &jrm_size, boot, boot_size, opt); | ||
540 | if(err != ZEN_SUCCESS) | ||
541 | errorf(err, "[ERR] Couldn't patch firmware\n"); | ||
542 | |||
543 | /** Rebuild archive */ | ||
544 | bool keep_old_bits = opt.output == ZEN_DUALBOOT || opt.output == ZEN_MIXEDBOOT; | ||
545 | bool keep_of = opt.output == ZEN_MIXEDBOOT; | ||
546 | /* if we keep old stuff, keep everything up to LT block, otherwise just CIFF header */ | ||
547 | uint32_t off = keep_old_bits ? fw_off : 8; | ||
548 | /* move the rest of the archive if keeping old stuff */ | ||
549 | if(keep_old_bits) | ||
550 | { | ||
551 | uint32_t copy_off = fw_off + 8 + le2int(&out_buffer[fw_off + 4]); | ||
552 | uint32_t copy_size = ciff_size - fw_off - 8 - le2int(&out_buffer[fw_off + 4]) - 28; | ||
553 | memmove(&out_buffer[off], &out_buffer[copy_off], copy_size); | ||
554 | off += copy_size; | ||
555 | } | ||
556 | /* if we keep the OF, put a copy of it after renaming it to Hcreativeos.jrm */ | ||
557 | if(keep_of) | ||
558 | { | ||
559 | out_buffer = realloc(out_buffer, off + jrm_save_size + 40); | ||
560 | if(out_buffer == NULL) | ||
561 | errorf(ZEN_ERROR, "[ERR] Couldn't resize memory block\n"); | ||
562 | printf("[INFO] Renaming encoded block to Hcreativeos.jrm... "); | ||
563 | memcpy(&out_buffer[off], "ATAD", 4); | ||
564 | int2le(jrm_save_size + 32, &out_buffer[off + 4]); | ||
565 | memset(&out_buffer[off + 8], 0, 32); | ||
566 | memcpy(&out_buffer[off + 8], "H\0c\0r\0e\0a\0t\0i\0v\0e\0o\0s\0.\0j\0r\0m", 30); | ||
567 | memcpy(&out_buffer[off + 40], jrm_save, jrm_save_size); | ||
568 | off += jrm_save_size + 40; | ||
569 | printf("Done!\n"); | ||
570 | } | ||
571 | /* put modified firmware */ | ||
572 | out_buffer = realloc(out_buffer, off + jrm_size + 40); | ||
573 | if(out_buffer == NULL) | ||
574 | errorf(ZEN_ERROR, "[ERR] Couldn't resize memory block\n"); | ||
575 | printf("[INFO] Adding Hjukebox2.jrm... "); | ||
576 | memcpy(&out_buffer[off], "ATAD", 4); | ||
577 | int2le(jrm_size + 32, &out_buffer[off + 4]); | ||
578 | memset(&out_buffer[off + 8], 0, 32); | ||
579 | memcpy(&out_buffer[off + 8], "H\0j\0u\0k\0e\0b\0o\0x\0""2\0.\0j\0r\0m", 26); | ||
580 | memcpy(&out_buffer[off + 40], jrm, jrm_size); | ||
581 | off += jrm_size + 40; | ||
582 | printf("Done!\n"); | ||
583 | |||
584 | /** fix header */ | ||
585 | int2le(off - 8, &out_buffer[4]); | ||
586 | |||
587 | /** update checksum */ | ||
588 | printf("[INFO] Updating checksum... "); | ||
589 | out_buffer = realloc(out_buffer, off + 28); | ||
590 | if(out_buffer == NULL) | ||
591 | errorf(ZEN_ERROR, "[ERR] Couldn't resize memory block\n"); | ||
592 | memcpy(&out_buffer[off], "LLUN", 4); | ||
593 | int2le(20, &out_buffer[off + 4]); | ||
594 | hmac_sha1((unsigned char*)player->null_key, strlen(player->null_key), out_buffer, | ||
595 | off, &out_buffer[off + 8]); | ||
596 | off += 28; | ||
597 | printf("Done!\n"); | ||
598 | |||
599 | err = write_file(outfile, out_buffer, off); | ||
600 | |||
601 | free(jrm); | ||
602 | free(jrm_save); | ||
603 | free(out_buffer); | ||
604 | return err; | ||
605 | } | ||
606 | |||
607 | /* find an entry into zen_sums which matches the MD5 sum of a file */ | ||
608 | static enum zen_error_t find_model_by_md5sum(uint8_t file_md5sum[16], int *md5_idx) | ||
609 | { | ||
610 | int i = 0; | ||
611 | while(i < NR_ZEN_SUMS) | ||
612 | { | ||
613 | uint8_t md5[20]; | ||
614 | if(strlen(zen_sums[i].md5sum) != 32) | ||
615 | errorf(ZEN_ERROR, "[ERR][INTERNAL] Invalid MD5 sum in zen_sums\n"); | ||
616 | for(int j = 0; j < 16; j++) | ||
617 | { | ||
618 | uint8_t a, b; | ||
619 | if(convxdigit(zen_sums[i].md5sum[2 * j], &a) || convxdigit(zen_sums[i].md5sum[2 * j + 1], &b)) | ||
620 | errorf(ZEN_ERROR, "[ERR][INTERNAL] Bad checksum format: %s\n", zen_sums[i].md5sum); | ||
621 | md5[j] = (a << 4) | b; | ||
622 | } | ||
623 | if(memcmp(file_md5sum, md5, 16) == 0) | ||
624 | break; | ||
625 | i++; | ||
626 | } | ||
627 | if(i == NR_ZEN_SUMS) | ||
628 | errorf(ZEN_NO_MATCH, "[ERR] MD5 sum doesn't match any known file\n"); | ||
629 | *md5_idx = i; | ||
630 | return ZEN_SUCCESS; | ||
631 | } | ||
632 | |||
633 | enum zen_error_t mkzenboot(const char *infile, const char *bootfile, | ||
634 | const char *outfile, struct zen_option_t opt) | ||
635 | { | ||
636 | /* determine firmware model */ | ||
637 | void *fw; | ||
638 | size_t fw_size; | ||
639 | enum zen_error_t err = read_file(infile, &fw, &fw_size); | ||
640 | uint8_t file_md5sum[16]; | ||
641 | err = compute_md5sum_buf(fw, fw_size, file_md5sum); | ||
642 | if(err != ZEN_SUCCESS) | ||
643 | { | ||
644 | free(fw); | ||
645 | return err; | ||
646 | } | ||
647 | printf("[INFO] MD5 sum of the file: "); | ||
648 | for(int i = 0; i < 16; i++) | ||
649 | printf("%02X ", file_md5sum[i]); | ||
650 | printf("\n"); | ||
651 | if(opt.model == MODEL_UNKNOWN) | ||
652 | { | ||
653 | int idx; | ||
654 | err = find_model_by_md5sum(file_md5sum, &idx); | ||
655 | if(err != ZEN_SUCCESS) | ||
656 | { | ||
657 | free(fw); | ||
658 | errorf(err, "[ERR] Cannot determine model type\n"); | ||
659 | } | ||
660 | opt.model = zen_sums[idx].model; | ||
661 | printf("[INFO] MD5 matches %s, version %s\n", | ||
662 | zen_models[opt.model].model_name, zen_sums[idx].version); | ||
663 | } | ||
664 | printf("[INFO] Model is: %s\n", zen_models[opt.model].model_name); | ||
665 | /* load rockbox file */ | ||
666 | uint8_t *boot; | ||
667 | size_t boot_size; | ||
668 | err = read_file(bootfile, (void **)&boot, &boot_size); | ||
669 | if(err != ZEN_SUCCESS) | ||
670 | { | ||
671 | free(fw); | ||
672 | errorf(err, "[ERR] Cannot read boot file\n"); | ||
673 | } | ||
674 | /* validate checksum */ | ||
675 | if(memcmp(boot + 4, zen_models[opt.model].rb_model_name, 4) != 0) | ||
676 | { | ||
677 | free(fw); | ||
678 | free(boot); | ||
679 | errorf(ZEN_BOOT_MISMATCH, "[ERR] Boot model mismatch\n"); | ||
680 | } | ||
681 | printf("[INFO] Bootloader file matches model\n"); | ||
682 | uint32_t sum = zen_models[opt.model].rb_model_num; | ||
683 | for(int i = 8; i < boot_size; i++) | ||
684 | sum += boot[i]; | ||
685 | if(sum != be2int(boot)) | ||
686 | { | ||
687 | free(fw); | ||
688 | free(boot); | ||
689 | errorf(ZEN_BOOT_CHECKSUM_ERROR, "[ERR] Checksum mismatch\n"); | ||
690 | } | ||
691 | printf("[INFO] Bootloader file checksum is correct\n"); | ||
692 | /* produce file */ | ||
693 | err = build_firmware(fw, fw_size, boot + 8, boot_size - 8, outfile, opt); | ||
694 | free(boot); | ||
695 | free(fw); | ||
696 | return err; | ||
697 | } | ||