1 files changed, 346 insertions, 0 deletions
diff --git a/apps/plugins/crypt_firmware.c b/apps/plugins/crypt_firmware.c
new file mode 100644
index 0000000000..6bfeeabe00
--- /dev/null
+++ b/apps/plugins/crypt_firmware.c
@@ -0,0 +1,346 @@
+/***************************************************************************
+ *
+ *             __________               __   ___.
+ *   Open      \______   \ ____   ____ |  | _\_ |__   _______  ___
+ *   Source     |       _//  _ \_/ ___\|  |/ /| __ \ /  _ \  \/  /
+ *   Jukebox    |    |   (  <_> )  \___|    < | \_\ (  <_> > <  <
+ *   Firmware   |____|_  /\____/ \___  >__|_ \|___  /\____/__/\_ \
+ *                     \/            \/     \/    \/            \/
+ *
+ * $Id: $
+ * 
+ * Rockbox plugin copyright (C) 2009 Dave Chapman.
+ * Based on encryption code (C) 2009 Michael Sparmann
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ****************************************************************************/
+/* 
+   This viewer plugin is for the encryption/decryption of iPod Nano
+   (2nd generation) firmware images using the hardware AES crypto unit
+   in such devices.
+   Encrypted images are stored with the modelname "nn2x" and extension
+   ".ipodx" Unencrypted images use "nn2g" and ".ipod".
+   Heavily based on Payloads/CryptFirmware/main.c from iBugger.
+   The (C) from that file is as follows:
+    Copyright 2009 TheSeven
+    This file is part of TheSeven's iBugger.
+    TheSeven's iBugger is free software: you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation, either version 2 of the
+    License, or (at your option) any later version.
+    TheSeven's iBugger is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+    See the GNU General Public License for more details.
+    You should have received a copy of the GNU General Public License along
+    with TheSeven's iBugger.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "plugin.h"
+PLUGIN_HEADER
+static void aes_encrypt(void* data, uint32_t size)
+{
+    uint32_t ptr, i;
+    uint32_t go = 1;
+    PWRCONEXT &= ~0x400;
+    AESTYPE = 1;
+    AESUNKREG0 = 1;
+    AESUNKREG0 = 0;
+    AESCONTROL = 1;
+    AESKEYLEN = 9;
+    AESOUTSIZE = size;
+    AESAUXSIZE = 0x10;
+    AESINSIZE = 0x10;
+    AESSIZE3 = 0x10;
+    for (ptr = 0; ptr < (size >> 2); ptr += 4)
+    {
+        AESOUTADDR = (uint32_t)data + (ptr << 2);
+        AESINADDR = (uint32_t)data + (ptr << 2);
+        AESAUXADDR = (uint32_t)data + (ptr << 2);
+        if (ptr != 0)
+            for (i = 0; i < 4; i++)
+                ((uint32_t*)data)[ptr + i] ^= ((uint32_t*)data)[ptr + i - 4];
+        AESSTATUS = 6;
+        AESGO = go;
+        go = 3;
+        while ((AESSTATUS & 6) == 0);
+    }
+    AESCONTROL = 0;
+    PWRCONEXT |= 0x400;
+}
+static void aes_decrypt(void* data, uint32_t size)
+{
+    uint32_t ptr, i;
+    uint32_t go = 1;
+    PWRCONEXT &= ~0x400;
+    AESTYPE = 1;
+    AESUNKREG0 = 1;
+    AESUNKREG0 = 0;
+    AESCONTROL = 1;
+    AESKEYLEN = 8;
+    AESOUTSIZE = size;
+    AESAUXSIZE = 0x10;
+    AESINSIZE = 0x10;
+    AESSIZE3 = 0x10;
+    for (ptr = (size >> 2) - 4; ; ptr -= 4)
+    {
+        AESOUTADDR = (uint32_t)data + (ptr << 2);
+        AESINADDR = (uint32_t)data + (ptr << 2);
+        AESAUXADDR = (uint32_t)data + (ptr << 2);
+        AESSTATUS = 6;
+        AESGO = go;
+        go = 3;
+        while ((AESSTATUS & 6) == 0);
+        if (ptr == 0) break;
+        for (i = 0; i < 4; i++)
+            ((uint32_t*)data)[ptr + i] ^= ((uint32_t*)data)[ptr + i - 4];
+    }
+    AESCONTROL = 0;
+    PWRCONEXT |= 0x400;
+}
+static void calc_hash(uint32_t* data, uint32_t size, uint32_t* result)
+{
+    uint32_t ptr, i;
+    uint32_t ctrl = 2;
+    PWRCONEXT &= ~0x4;
+    for (ptr = 0; ptr < (size >> 2); ptr += 0x10)
+    {
+      for (i = 0; i < 0x10; i++) HASHDATAIN[i] = data[ptr + i];
+      HASHCTRL = ctrl;
+      ctrl = 0xA;
+      while ((HASHCTRL & 1) != 0);
+    }
+    for (i = 0; i < 5; i ++) result[i] = HASHRESULT[i];
+    PWRCONEXT |= 0x4;
+}
+static uint32_t get_uint32be(unsigned char* buf)
+{
+    return (uint32_t)((buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]);
+}
+static void put_uint32be(unsigned char* buf, uint32_t x)
+{
+    buf[0] = (x & 0xff000000) >> 24;
+    buf[1] = (x & 0xff0000) >> 16;
+    buf[2] = (x & 0xff00) >> 8;
+    buf[3] = x & 0xff;
+}
+static uint32_t calc_checksum(uint32_t sum, unsigned char* buf, int len)
+{
+   int i;
+   for (i = 0; i < len ; i++) {
+      sum += buf[i];
+   }
+   return sum;
+}
+enum plugin_status plugin_start(const void* parameter)
+{
+    int fd;
+    int length;
+    int n;
+    ssize_t buf_size;
+    uint32_t* buf;
+    int size;
+    uint32_t sum;
+    uint32_t hash[0x200];
+    char outputfilename[MAX_PATH];
+    fd = rb->open(parameter,O_RDONLY);
+    if (fd < 0) {
+        rb->splash(HZ*2, "Cannot open file");
+        return PLUGIN_ERROR;
+    }
+    length = rb->filesize(fd);
+    if (length < 12) {
+        rb->splash(HZ*2, "File too small");
+        return PLUGIN_ERROR;
+    }
+    if (length > buf_size) {
+        rb->splash(HZ*2, "File too big");
+        return PLUGIN_ERROR;
+    }
+    /* Get the audio buffer */
+    buf = rb->plugin_get_audio_buffer((size_t *)&buf_size);
+    /* Use uncached alias for buf - equivalent to buf |= 0x40000000 */
+    buf += 0x10000000;
+    n = rb->read(fd, buf, length);
+    if (n < length) {
+        rb->splash(HZ*2, "Cannot read file");
+        return PLUGIN_ERROR;
+    }
+    rb->close(fd);
+    size = length - 8;  /* Size of firmware image */
+    if (calc_checksum(MODEL_NUMBER, (unsigned char*)(buf + 2), size) != 
+        get_uint32be((unsigned char*)buf)) {
+        rb->splash(HZ*2, "Bad checksum in input file");
+        return PLUGIN_ERROR;
+    }
+    n = rb->strlen(parameter);
+    if (memcmp(buf+1,"nn2g",4)==0) {
+        /* Encrypting - Input file should be .ipod, output file is .ipodx */
+        if ((n < 6) || (rb->strcmp(parameter+n-5,".ipod") != 0)) {
+            rb->splash(HZ*2, "Input filename must be .ipod");
+            return PLUGIN_ERROR;
+        }
+        if (n + 2 > MAX_PATH) {
+            rb->splash(HZ*2, "Filename too long");
+            return PLUGIN_ERROR;
+        }
+        size = (size + 0x3f) & ~0x3f;  /* Pad to multiple of 64 bytes */
+        if (size > (length - 8)) {
+            rb->memset(&buf[length/4], 0, size - (length - 8));
+        }
+        rb->strlcpy(outputfilename, parameter, MAX_PATH);
+        outputfilename[n] = 'x';
+        outputfilename[n+1] = 0;
+        /* Everything is OK, now do the encryption */
+        /* 1 - Calculate hashes */
+        rb->memset(hash, 0, sizeof(hash));
+        hash[1] = 2;
+        hash[2] = 1;
+        hash[3] = 0x40;
+        hash[5] = size;
+        calc_hash(buf + 2, size, &hash[7]);
+        calc_hash(hash, 0x200, &hash[0x75]);
+        /* 2 - Do the encryption */
+        rb->splash(0, "Encrypting...");
+        aes_encrypt(buf + 2, size);
+        /* 3 - Update the Rockbox header */
+        sum = calc_checksum(MODEL_NUMBER, (unsigned char*)hash, sizeof(hash));
+        sum = calc_checksum(sum, (unsigned char*)(buf + 2), size); 
+        put_uint32be((unsigned char*)buf, sum);
+        memcpy(buf + 1, "nn2x", 4);
+        /* 4 - Write to disk */
+        fd = rb->open(outputfilename,O_WRONLY|O_CREAT|O_TRUNC);
+        if (fd < 0) {
+            rb->splash(HZ*2, "Could not open output file");
+            return PLUGIN_ERROR;
+        }
+        n = rb->write(fd, buf, 8);
+        n = rb->write(fd, hash, sizeof(hash));
+        n = rb->write(fd, buf + 2, size);
+        rb->close(fd);
+    } else if (memcmp(buf + 1,"nn2x",4)==0) {
+        /* Decrypting - Input file should be .ipodx, output file is .ipod */
+        if ((n < 7) || (rb->strcmp(parameter+n-6,".ipodx") != 0)) {
+            rb->splash(HZ*2, "Input filename must be .ipodx");
+            return PLUGIN_ERROR;
+        }
+        rb->strlcpy(outputfilename, parameter, MAX_PATH);
+        outputfilename[n-1] = 0;  /* Remove "x" at end of filename */
+        /* Everything is OK, now do the decryption */
+        size -= 0x800;  /* Remove hash size from firmware size */
+        /* 1 - Decrypt */
+        rb->splash(0, "Decrypting...");
+        aes_decrypt(&buf[0x202], size);
+        /* 2 - Calculate hashes to verify decryption */
+        rb->lcd_clear_display();
+        rb->splash(0, "Calculating hash...");
+        rb->memset(hash, 0, sizeof(hash));
+        hash[1] = 2;
+        hash[2] = 1;
+        hash[3] = 0x40;
+        hash[5] = size;
+        calc_hash(&buf[0x202], size, &hash[7]);
+        calc_hash(hash, 0x200, &hash[0x75]);
+        if ((memcmp(hash + 7, buf + 9, 20) != 0) ||
+            (memcmp(hash + 75, buf + 77, 20) != 0)) {
+            rb->splash(HZ*2, "Decryption failed - bad hash");
+            return PLUGIN_ERROR;
+        }
+        /* 3 - Update the Rockbox header */
+        sum = calc_checksum(MODEL_NUMBER, (unsigned char*)(&buf[0x202]), size); 
+        put_uint32be((unsigned char*)buf, sum);
+        memcpy(buf + 1, "nn2g", 4);
+        /* 4 - Write to disk */
+        fd = rb->open(outputfilename,O_WRONLY|O_CREAT|O_TRUNC);
+        if (fd < 0) {
+            rb->splash(HZ*2, "Could not open output file");
+            return PLUGIN_ERROR;
+        }
+        n = rb->write(fd, buf, 8);
+        n = rb->write(fd, &buf[0x202], size);
+        rb->close(fd);
+    } else {
+        rb->splash(HZ*2,"Invalid input file");
+        return PLUGIN_ERROR;
+    }
+    return PLUGIN_OK;
+}

diff --git a/apps/plugins/crypt_firmware.c b/apps/plugins/crypt_firmware.c new file mode 100644 index 0000000000..6bfeeabe00 --- /dev/null +++ b/apps/plugins/crypt_firmware.c
@@ -0,0 +1,346 @@
	1	/***************************************************************************
	2	*
	3	* __________ __ ___.
	4	* Open \______ \ ____ ____ \| \| _\_ \|__ _______ ___
	5	* Source \| _// _ \_/ ___\\| \|/ /\| __ \ / _ \ \/ /
	6	* Jukebox \| \| ( <_> ) \___\| < \| \_\ ( <_> > < <
	7	* Firmware \|____\|_ /\____/ \___ >__\|_ \\|___ /\____/__/\_ \
	8	* \/ \/ \/ \/ \/
	9	*
	10	* $Id: $
	11	*
	12	* Rockbox plugin copyright (C) 2009 Dave Chapman.
	13	* Based on encryption code (C) 2009 Michael Sparmann
	14	*
	15	* This program is free software; you can redistribute it and/or
	16	* modify it under the terms of the GNU General Public License
	17	* as published by the Free Software Foundation; either version 2
	18	* of the License, or (at your option) any later version.
	19	*
	20	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
	21	* KIND, either express or implied.
	22	*
	23	****************************************************************************/
	24
	25	/*
	26
	27	This viewer plugin is for the encryption/decryption of iPod Nano
	28	(2nd generation) firmware images using the hardware AES crypto unit
	29	in such devices.
	30
	31	Encrypted images are stored with the modelname "nn2x" and extension
	32	".ipodx" Unencrypted images use "nn2g" and ".ipod".
	33
	34	Heavily based on Payloads/CryptFirmware/main.c from iBugger.
	35
	36	The (C) from that file is as follows:
	37
	38	Copyright 2009 TheSeven
	39
	40	This file is part of TheSeven's iBugger.
	41
	42	TheSeven's iBugger is free software: you can redistribute it and/or
	43	modify it under the terms of the GNU General Public License as
	44	published by the Free Software Foundation, either version 2 of the
	45	License, or (at your option) any later version.
	46
	47	TheSeven's iBugger is distributed in the hope that it will be useful,
	48	but WITHOUT ANY WARRANTY; without even the implied warranty of
	49	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	50	See the GNU General Public License for more details.
	51
	52	You should have received a copy of the GNU General Public License along
	53	with TheSeven's iBugger. If not, see <http://www.gnu.org/licenses/>.
	54
	55	*/
	56
	57	#include "plugin.h"
	58
	59	PLUGIN_HEADER
	60
	61	static void aes_encrypt(void* data, uint32_t size)
	62	{
	63	uint32_t ptr, i;
	64	uint32_t go = 1;
	65	PWRCONEXT &= ~0x400;
	66	AESTYPE = 1;
	67	AESUNKREG0 = 1;
	68	AESUNKREG0 = 0;
	69	AESCONTROL = 1;
	70	AESKEYLEN = 9;
	71	AESOUTSIZE = size;
	72	AESAUXSIZE = 0x10;
	73	AESINSIZE = 0x10;
	74	AESSIZE3 = 0x10;
	75	for (ptr = 0; ptr < (size >> 2); ptr += 4)
	76	{
	77	AESOUTADDR = (uint32_t)data + (ptr << 2);
	78	AESINADDR = (uint32_t)data + (ptr << 2);
	79	AESAUXADDR = (uint32_t)data + (ptr << 2);
	80	if (ptr != 0)
	81	for (i = 0; i < 4; i++)
	82	((uint32_t)data)[ptr + i] ^= ((uint32_t)data)[ptr + i - 4];
	83	AESSTATUS = 6;
	84	AESGO = go;
	85	go = 3;
	86	while ((AESSTATUS & 6) == 0);
	87	}
	88	AESCONTROL = 0;
	89	PWRCONEXT \|= 0x400;
	90	}
	91
	92	static void aes_decrypt(void* data, uint32_t size)
	93	{
	94	uint32_t ptr, i;
	95	uint32_t go = 1;
	96	PWRCONEXT &= ~0x400;
	97	AESTYPE = 1;
	98	AESUNKREG0 = 1;
	99	AESUNKREG0 = 0;
	100	AESCONTROL = 1;
	101	AESKEYLEN = 8;
	102	AESOUTSIZE = size;
	103	AESAUXSIZE = 0x10;
	104	AESINSIZE = 0x10;
	105	AESSIZE3 = 0x10;
	106	for (ptr = (size >> 2) - 4; ; ptr -= 4)
	107	{
	108	AESOUTADDR = (uint32_t)data + (ptr << 2);
	109	AESINADDR = (uint32_t)data + (ptr << 2);
	110	AESAUXADDR = (uint32_t)data + (ptr << 2);
	111	AESSTATUS = 6;
	112	AESGO = go;
	113	go = 3;
	114	while ((AESSTATUS & 6) == 0);
	115	if (ptr == 0) break;
	116	for (i = 0; i < 4; i++)
	117	((uint32_t)data)[ptr + i] ^= ((uint32_t)data)[ptr + i - 4];
	118	}
	119	AESCONTROL = 0;
	120	PWRCONEXT \|= 0x400;
	121	}
	122
	123	static void calc_hash(uint32_t* data, uint32_t size, uint32_t* result)
	124	{
	125	uint32_t ptr, i;
	126	uint32_t ctrl = 2;
	127
	128	PWRCONEXT &= ~0x4;
	129
	130	for (ptr = 0; ptr < (size >> 2); ptr += 0x10)
	131	{
	132	for (i = 0; i < 0x10; i++) HASHDATAIN[i] = data[ptr + i];
	133	HASHCTRL = ctrl;
	134	ctrl = 0xA;
	135	while ((HASHCTRL & 1) != 0);
	136	}
	137	for (i = 0; i < 5; i ++) result[i] = HASHRESULT[i];
	138
	139	PWRCONEXT \|= 0x4;
	140	}
	141
	142	static uint32_t get_uint32be(unsigned char* buf)
	143	{
	144	return (uint32_t)((buf[0] << 24) \| (buf[1] << 16) \| (buf[2] << 8) \| buf[3]);
	145	}
	146
	147	static void put_uint32be(unsigned char* buf, uint32_t x)
	148	{
	149	buf[0] = (x & 0xff000000) >> 24;
	150	buf[1] = (x & 0xff0000) >> 16;
	151	buf[2] = (x & 0xff00) >> 8;
	152	buf[3] = x & 0xff;
	153	}
	154
	155	static uint32_t calc_checksum(uint32_t sum, unsigned char* buf, int len)
	156	{
	157	int i;
	158
	159	for (i = 0; i < len ; i++) {
	160	sum += buf[i];
	161	}
	162
	163	return sum;
	164	}
	165
	166	enum plugin_status plugin_start(const void* parameter)
	167	{
	168	int fd;
	169	int length;
	170	int n;
	171	ssize_t buf_size;
	172	uint32_t* buf;
	173	int size;
	174	uint32_t sum;
	175	uint32_t hash[0x200];
	176	char outputfilename[MAX_PATH];
	177
	178	fd = rb->open(parameter,O_RDONLY);
	179
	180	if (fd < 0) {
	181	rb->splash(HZ*2, "Cannot open file");
	182	return PLUGIN_ERROR;
	183	}
	184
	185	length = rb->filesize(fd);
	186
	187	if (length < 12) {
	188	rb->splash(HZ*2, "File too small");
	189	return PLUGIN_ERROR;
	190	}
	191
	192	if (length > buf_size) {
	193	rb->splash(HZ*2, "File too big");
	194	return PLUGIN_ERROR;
	195	}
	196
	197	/* Get the audio buffer */
	198	buf = rb->plugin_get_audio_buffer((size_t *)&buf_size);
	199
	200	/* Use uncached alias for buf - equivalent to buf \|= 0x40000000 */
	201	buf += 0x10000000;
	202
	203	n = rb->read(fd, buf, length);
	204	if (n < length) {
	205	rb->splash(HZ*2, "Cannot read file");
	206	return PLUGIN_ERROR;
	207	}
	208	rb->close(fd);
	209
	210	size = length - 8; /* Size of firmware image */
	211
	212	if (calc_checksum(MODEL_NUMBER, (unsigned char*)(buf + 2), size) !=
	213	get_uint32be((unsigned char*)buf)) {
	214	rb->splash(HZ*2, "Bad checksum in input file");
	215	return PLUGIN_ERROR;
	216	}
	217
	218	n = rb->strlen(parameter);
	219	if (memcmp(buf+1,"nn2g",4)==0) {
	220	/* Encrypting - Input file should be .ipod, output file is .ipodx */
	221
	222	if ((n < 6) \|\| (rb->strcmp(parameter+n-5,".ipod") != 0)) {
	223	rb->splash(HZ*2, "Input filename must be .ipod");
	224	return PLUGIN_ERROR;
	225	}
	226
	227	if (n + 2 > MAX_PATH) {
	228	rb->splash(HZ*2, "Filename too long");
	229	return PLUGIN_ERROR;
	230	}
	231
	232	size = (size + 0x3f) & ~0x3f; /* Pad to multiple of 64 bytes */
	233	if (size > (length - 8)) {
	234	rb->memset(&buf[length/4], 0, size - (length - 8));
	235	}
	236
	237	rb->strlcpy(outputfilename, parameter, MAX_PATH);
	238	outputfilename[n] = 'x';
	239	outputfilename[n+1] = 0;
	240
	241	/* Everything is OK, now do the encryption */
	242
	243	/* 1 - Calculate hashes */
	244
	245	rb->memset(hash, 0, sizeof(hash));
	246
	247	hash[1] = 2;
	248	hash[2] = 1;
	249	hash[3] = 0x40;
	250	hash[5] = size;
	251
	252	calc_hash(buf + 2, size, &hash[7]);
	253	calc_hash(hash, 0x200, &hash[0x75]);
	254
	255	/* 2 - Do the encryption */
	256
	257	rb->splash(0, "Encrypting...");
	258	aes_encrypt(buf + 2, size);
	259
	260	/* 3 - Update the Rockbox header */
	261
	262	sum = calc_checksum(MODEL_NUMBER, (unsigned char*)hash, sizeof(hash));
	263	sum = calc_checksum(sum, (unsigned char*)(buf + 2), size);
	264	put_uint32be((unsigned char*)buf, sum);
	265	memcpy(buf + 1, "nn2x", 4);
	266
	267	/* 4 - Write to disk */
	268	fd = rb->open(outputfilename,O_WRONLY\|O_CREAT\|O_TRUNC);
	269
	270	if (fd < 0) {
	271	rb->splash(HZ*2, "Could not open output file");
	272	return PLUGIN_ERROR;
	273	}
	274
	275	n = rb->write(fd, buf, 8);
	276	n = rb->write(fd, hash, sizeof(hash));
	277	n = rb->write(fd, buf + 2, size);
	278
	279	rb->close(fd);
	280	} else if (memcmp(buf + 1,"nn2x",4)==0) {
	281	/* Decrypting - Input file should be .ipodx, output file is .ipod */
	282
	283	if ((n < 7) \|\| (rb->strcmp(parameter+n-6,".ipodx") != 0)) {
	284	rb->splash(HZ*2, "Input filename must be .ipodx");
	285	return PLUGIN_ERROR;
	286	}
	287
	288	rb->strlcpy(outputfilename, parameter, MAX_PATH);
	289	outputfilename[n-1] = 0; /* Remove "x" at end of filename */
	290
	291	/* Everything is OK, now do the decryption */
	292
	293	size -= 0x800; /* Remove hash size from firmware size */
	294
	295	/* 1 - Decrypt */
	296
	297	rb->splash(0, "Decrypting...");
	298
	299	aes_decrypt(&buf[0x202], size);
	300
	301	/* 2 - Calculate hashes to verify decryption */
	302
	303	rb->lcd_clear_display();
	304	rb->splash(0, "Calculating hash...");
	305
	306	rb->memset(hash, 0, sizeof(hash));
	307
	308	hash[1] = 2;
	309	hash[2] = 1;
	310	hash[3] = 0x40;
	311	hash[5] = size;
	312
	313	calc_hash(&buf[0x202], size, &hash[7]);
	314	calc_hash(hash, 0x200, &hash[0x75]);
	315
	316	if ((memcmp(hash + 7, buf + 9, 20) != 0) \|\|
	317	(memcmp(hash + 75, buf + 77, 20) != 0)) {
	318	rb->splash(HZ*2, "Decryption failed - bad hash");
	319	return PLUGIN_ERROR;
	320	}
	321
	322	/* 3 - Update the Rockbox header */
	323
	324	sum = calc_checksum(MODEL_NUMBER, (unsigned char*)(&buf[0x202]), size);
	325	put_uint32be((unsigned char*)buf, sum);
	326	memcpy(buf + 1, "nn2g", 4);
	327
	328	/* 4 - Write to disk */
	329	fd = rb->open(outputfilename,O_WRONLY\|O_CREAT\|O_TRUNC);
	330
	331	if (fd < 0) {
	332	rb->splash(HZ*2, "Could not open output file");
	333	return PLUGIN_ERROR;
	334	}
	335
	336	n = rb->write(fd, buf, 8);
	337	n = rb->write(fd, &buf[0x202], size);
	338
	339	rb->close(fd);
	340	} else {
	341	rb->splash(HZ*2,"Invalid input file");
	342	return PLUGIN_ERROR;
	343	}
	344
	345	return PLUGIN_OK;
	346	}