diff options
Diffstat (limited to 'apps')
-rw-r--r-- | apps/filetypes.c | 3 | ||||
-rw-r--r-- | apps/plugins/SOURCES | 4 | ||||
-rw-r--r-- | apps/plugins/crypt_firmware.c | 346 | ||||
-rw-r--r-- | apps/plugins/viewers.config | 2 |
4 files changed, 355 insertions, 0 deletions
diff --git a/apps/filetypes.c b/apps/filetypes.c index ffa7161693..ed3d938fe9 100644 --- a/apps/filetypes.c +++ b/apps/filetypes.c | |||
@@ -111,6 +111,9 @@ static const struct filetype inbuilt_filetypes[] = { | |||
111 | #ifdef BOOTFILE_EXT | 111 | #ifdef BOOTFILE_EXT |
112 | { BOOTFILE_EXT, FILE_ATTR_MOD, Icon_Firmware, VOICE_EXT_AJZ }, | 112 | { BOOTFILE_EXT, FILE_ATTR_MOD, Icon_Firmware, VOICE_EXT_AJZ }, |
113 | #endif | 113 | #endif |
114 | #ifdef BOOTFILE_EXT2 | ||
115 | { BOOTFILE_EXT2, FILE_ATTR_MOD, Icon_Firmware, VOICE_EXT_AJZ }, | ||
116 | #endif | ||
114 | }; | 117 | }; |
115 | 118 | ||
116 | void tree_get_filetypes(const struct filetype** types, int* count) | 119 | void tree_get_filetypes(const struct filetype** types, int* count) |
diff --git a/apps/plugins/SOURCES b/apps/plugins/SOURCES index 4cfc3a8b0f..a15564d0be 100644 --- a/apps/plugins/SOURCES +++ b/apps/plugins/SOURCES | |||
@@ -29,6 +29,10 @@ firmware_flash.c | |||
29 | rockbox_flash.c | 29 | rockbox_flash.c |
30 | #endif /* CONFIG_CPU */ | 30 | #endif /* CONFIG_CPU */ |
31 | 31 | ||
32 | #if defined(IPOD_NANO2G) && !defined(SIMULATOR) | ||
33 | crypt_firmware.c | ||
34 | #endif | ||
35 | |||
32 | #if (CONFIG_CODEC == SWCODEC) && defined(HAVE_RECORDING) && \ | 36 | #if (CONFIG_CODEC == SWCODEC) && defined(HAVE_RECORDING) && \ |
33 | (defined(HAVE_LINE_IN) || defined(HAVE_MIC_IN)) | 37 | (defined(HAVE_LINE_IN) || defined(HAVE_MIC_IN)) |
34 | pitch_detector.c | 38 | pitch_detector.c |
diff --git a/apps/plugins/crypt_firmware.c b/apps/plugins/crypt_firmware.c new file mode 100644 index 0000000000..6bfeeabe00 --- /dev/null +++ b/apps/plugins/crypt_firmware.c | |||
@@ -0,0 +1,346 @@ | |||
1 | /*************************************************************************** | ||
2 | * | ||
3 | * __________ __ ___. | ||
4 | * Open \______ \ ____ ____ | | _\_ |__ _______ ___ | ||
5 | * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / | ||
6 | * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < | ||
7 | * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ | ||
8 | * \/ \/ \/ \/ \/ | ||
9 | * | ||
10 | * $Id: $ | ||
11 | * | ||
12 | * Rockbox plugin copyright (C) 2009 Dave Chapman. | ||
13 | * Based on encryption code (C) 2009 Michael Sparmann | ||
14 | * | ||
15 | * This program is free software; you can redistribute it and/or | ||
16 | * modify it under the terms of the GNU General Public License | ||
17 | * as published by the Free Software Foundation; either version 2 | ||
18 | * of the License, or (at your option) any later version. | ||
19 | * | ||
20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
21 | * KIND, either express or implied. | ||
22 | * | ||
23 | ****************************************************************************/ | ||
24 | |||
25 | /* | ||
26 | |||
27 | This viewer plugin is for the encryption/decryption of iPod Nano | ||
28 | (2nd generation) firmware images using the hardware AES crypto unit | ||
29 | in such devices. | ||
30 | |||
31 | Encrypted images are stored with the modelname "nn2x" and extension | ||
32 | ".ipodx" Unencrypted images use "nn2g" and ".ipod". | ||
33 | |||
34 | Heavily based on Payloads/CryptFirmware/main.c from iBugger. | ||
35 | |||
36 | The (C) from that file is as follows: | ||
37 | |||
38 | Copyright 2009 TheSeven | ||
39 | |||
40 | This file is part of TheSeven's iBugger. | ||
41 | |||
42 | TheSeven's iBugger is free software: you can redistribute it and/or | ||
43 | modify it under the terms of the GNU General Public License as | ||
44 | published by the Free Software Foundation, either version 2 of the | ||
45 | License, or (at your option) any later version. | ||
46 | |||
47 | TheSeven's iBugger is distributed in the hope that it will be useful, | ||
48 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
49 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
50 | See the GNU General Public License for more details. | ||
51 | |||
52 | You should have received a copy of the GNU General Public License along | ||
53 | with TheSeven's iBugger. If not, see <http://www.gnu.org/licenses/>. | ||
54 | |||
55 | */ | ||
56 | |||
57 | #include "plugin.h" | ||
58 | |||
59 | PLUGIN_HEADER | ||
60 | |||
61 | static void aes_encrypt(void* data, uint32_t size) | ||
62 | { | ||
63 | uint32_t ptr, i; | ||
64 | uint32_t go = 1; | ||
65 | PWRCONEXT &= ~0x400; | ||
66 | AESTYPE = 1; | ||
67 | AESUNKREG0 = 1; | ||
68 | AESUNKREG0 = 0; | ||
69 | AESCONTROL = 1; | ||
70 | AESKEYLEN = 9; | ||
71 | AESOUTSIZE = size; | ||
72 | AESAUXSIZE = 0x10; | ||
73 | AESINSIZE = 0x10; | ||
74 | AESSIZE3 = 0x10; | ||
75 | for (ptr = 0; ptr < (size >> 2); ptr += 4) | ||
76 | { | ||
77 | AESOUTADDR = (uint32_t)data + (ptr << 2); | ||
78 | AESINADDR = (uint32_t)data + (ptr << 2); | ||
79 | AESAUXADDR = (uint32_t)data + (ptr << 2); | ||
80 | if (ptr != 0) | ||
81 | for (i = 0; i < 4; i++) | ||
82 | ((uint32_t*)data)[ptr + i] ^= ((uint32_t*)data)[ptr + i - 4]; | ||
83 | AESSTATUS = 6; | ||
84 | AESGO = go; | ||
85 | go = 3; | ||
86 | while ((AESSTATUS & 6) == 0); | ||
87 | } | ||
88 | AESCONTROL = 0; | ||
89 | PWRCONEXT |= 0x400; | ||
90 | } | ||
91 | |||
92 | static void aes_decrypt(void* data, uint32_t size) | ||
93 | { | ||
94 | uint32_t ptr, i; | ||
95 | uint32_t go = 1; | ||
96 | PWRCONEXT &= ~0x400; | ||
97 | AESTYPE = 1; | ||
98 | AESUNKREG0 = 1; | ||
99 | AESUNKREG0 = 0; | ||
100 | AESCONTROL = 1; | ||
101 | AESKEYLEN = 8; | ||
102 | AESOUTSIZE = size; | ||
103 | AESAUXSIZE = 0x10; | ||
104 | AESINSIZE = 0x10; | ||
105 | AESSIZE3 = 0x10; | ||
106 | for (ptr = (size >> 2) - 4; ; ptr -= 4) | ||
107 | { | ||
108 | AESOUTADDR = (uint32_t)data + (ptr << 2); | ||
109 | AESINADDR = (uint32_t)data + (ptr << 2); | ||
110 | AESAUXADDR = (uint32_t)data + (ptr << 2); | ||
111 | AESSTATUS = 6; | ||
112 | AESGO = go; | ||
113 | go = 3; | ||
114 | while ((AESSTATUS & 6) == 0); | ||
115 | if (ptr == 0) break; | ||
116 | for (i = 0; i < 4; i++) | ||
117 | ((uint32_t*)data)[ptr + i] ^= ((uint32_t*)data)[ptr + i - 4]; | ||
118 | } | ||
119 | AESCONTROL = 0; | ||
120 | PWRCONEXT |= 0x400; | ||
121 | } | ||
122 | |||
123 | static void calc_hash(uint32_t* data, uint32_t size, uint32_t* result) | ||
124 | { | ||
125 | uint32_t ptr, i; | ||
126 | uint32_t ctrl = 2; | ||
127 | |||
128 | PWRCONEXT &= ~0x4; | ||
129 | |||
130 | for (ptr = 0; ptr < (size >> 2); ptr += 0x10) | ||
131 | { | ||
132 | for (i = 0; i < 0x10; i++) HASHDATAIN[i] = data[ptr + i]; | ||
133 | HASHCTRL = ctrl; | ||
134 | ctrl = 0xA; | ||
135 | while ((HASHCTRL & 1) != 0); | ||
136 | } | ||
137 | for (i = 0; i < 5; i ++) result[i] = HASHRESULT[i]; | ||
138 | |||
139 | PWRCONEXT |= 0x4; | ||
140 | } | ||
141 | |||
142 | static uint32_t get_uint32be(unsigned char* buf) | ||
143 | { | ||
144 | return (uint32_t)((buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]); | ||
145 | } | ||
146 | |||
147 | static void put_uint32be(unsigned char* buf, uint32_t x) | ||
148 | { | ||
149 | buf[0] = (x & 0xff000000) >> 24; | ||
150 | buf[1] = (x & 0xff0000) >> 16; | ||
151 | buf[2] = (x & 0xff00) >> 8; | ||
152 | buf[3] = x & 0xff; | ||
153 | } | ||
154 | |||
155 | static uint32_t calc_checksum(uint32_t sum, unsigned char* buf, int len) | ||
156 | { | ||
157 | int i; | ||
158 | |||
159 | for (i = 0; i < len ; i++) { | ||
160 | sum += buf[i]; | ||
161 | } | ||
162 | |||
163 | return sum; | ||
164 | } | ||
165 | |||
166 | enum plugin_status plugin_start(const void* parameter) | ||
167 | { | ||
168 | int fd; | ||
169 | int length; | ||
170 | int n; | ||
171 | ssize_t buf_size; | ||
172 | uint32_t* buf; | ||
173 | int size; | ||
174 | uint32_t sum; | ||
175 | uint32_t hash[0x200]; | ||
176 | char outputfilename[MAX_PATH]; | ||
177 | |||
178 | fd = rb->open(parameter,O_RDONLY); | ||
179 | |||
180 | if (fd < 0) { | ||
181 | rb->splash(HZ*2, "Cannot open file"); | ||
182 | return PLUGIN_ERROR; | ||
183 | } | ||
184 | |||
185 | length = rb->filesize(fd); | ||
186 | |||
187 | if (length < 12) { | ||
188 | rb->splash(HZ*2, "File too small"); | ||
189 | return PLUGIN_ERROR; | ||
190 | } | ||
191 | |||
192 | if (length > buf_size) { | ||
193 | rb->splash(HZ*2, "File too big"); | ||
194 | return PLUGIN_ERROR; | ||
195 | } | ||
196 | |||
197 | /* Get the audio buffer */ | ||
198 | buf = rb->plugin_get_audio_buffer((size_t *)&buf_size); | ||
199 | |||
200 | /* Use uncached alias for buf - equivalent to buf |= 0x40000000 */ | ||
201 | buf += 0x10000000; | ||
202 | |||
203 | n = rb->read(fd, buf, length); | ||
204 | if (n < length) { | ||
205 | rb->splash(HZ*2, "Cannot read file"); | ||
206 | return PLUGIN_ERROR; | ||
207 | } | ||
208 | rb->close(fd); | ||
209 | |||
210 | size = length - 8; /* Size of firmware image */ | ||
211 | |||
212 | if (calc_checksum(MODEL_NUMBER, (unsigned char*)(buf + 2), size) != | ||
213 | get_uint32be((unsigned char*)buf)) { | ||
214 | rb->splash(HZ*2, "Bad checksum in input file"); | ||
215 | return PLUGIN_ERROR; | ||
216 | } | ||
217 | |||
218 | n = rb->strlen(parameter); | ||
219 | if (memcmp(buf+1,"nn2g",4)==0) { | ||
220 | /* Encrypting - Input file should be .ipod, output file is .ipodx */ | ||
221 | |||
222 | if ((n < 6) || (rb->strcmp(parameter+n-5,".ipod") != 0)) { | ||
223 | rb->splash(HZ*2, "Input filename must be .ipod"); | ||
224 | return PLUGIN_ERROR; | ||
225 | } | ||
226 | |||
227 | if (n + 2 > MAX_PATH) { | ||
228 | rb->splash(HZ*2, "Filename too long"); | ||
229 | return PLUGIN_ERROR; | ||
230 | } | ||
231 | |||
232 | size = (size + 0x3f) & ~0x3f; /* Pad to multiple of 64 bytes */ | ||
233 | if (size > (length - 8)) { | ||
234 | rb->memset(&buf[length/4], 0, size - (length - 8)); | ||
235 | } | ||
236 | |||
237 | rb->strlcpy(outputfilename, parameter, MAX_PATH); | ||
238 | outputfilename[n] = 'x'; | ||
239 | outputfilename[n+1] = 0; | ||
240 | |||
241 | /* Everything is OK, now do the encryption */ | ||
242 | |||
243 | /* 1 - Calculate hashes */ | ||
244 | |||
245 | rb->memset(hash, 0, sizeof(hash)); | ||
246 | |||
247 | hash[1] = 2; | ||
248 | hash[2] = 1; | ||
249 | hash[3] = 0x40; | ||
250 | hash[5] = size; | ||
251 | |||
252 | calc_hash(buf + 2, size, &hash[7]); | ||
253 | calc_hash(hash, 0x200, &hash[0x75]); | ||
254 | |||
255 | /* 2 - Do the encryption */ | ||
256 | |||
257 | rb->splash(0, "Encrypting..."); | ||
258 | aes_encrypt(buf + 2, size); | ||
259 | |||
260 | /* 3 - Update the Rockbox header */ | ||
261 | |||
262 | sum = calc_checksum(MODEL_NUMBER, (unsigned char*)hash, sizeof(hash)); | ||
263 | sum = calc_checksum(sum, (unsigned char*)(buf + 2), size); | ||
264 | put_uint32be((unsigned char*)buf, sum); | ||
265 | memcpy(buf + 1, "nn2x", 4); | ||
266 | |||
267 | /* 4 - Write to disk */ | ||
268 | fd = rb->open(outputfilename,O_WRONLY|O_CREAT|O_TRUNC); | ||
269 | |||
270 | if (fd < 0) { | ||
271 | rb->splash(HZ*2, "Could not open output file"); | ||
272 | return PLUGIN_ERROR; | ||
273 | } | ||
274 | |||
275 | n = rb->write(fd, buf, 8); | ||
276 | n = rb->write(fd, hash, sizeof(hash)); | ||
277 | n = rb->write(fd, buf + 2, size); | ||
278 | |||
279 | rb->close(fd); | ||
280 | } else if (memcmp(buf + 1,"nn2x",4)==0) { | ||
281 | /* Decrypting - Input file should be .ipodx, output file is .ipod */ | ||
282 | |||
283 | if ((n < 7) || (rb->strcmp(parameter+n-6,".ipodx") != 0)) { | ||
284 | rb->splash(HZ*2, "Input filename must be .ipodx"); | ||
285 | return PLUGIN_ERROR; | ||
286 | } | ||
287 | |||
288 | rb->strlcpy(outputfilename, parameter, MAX_PATH); | ||
289 | outputfilename[n-1] = 0; /* Remove "x" at end of filename */ | ||
290 | |||
291 | /* Everything is OK, now do the decryption */ | ||
292 | |||
293 | size -= 0x800; /* Remove hash size from firmware size */ | ||
294 | |||
295 | /* 1 - Decrypt */ | ||
296 | |||
297 | rb->splash(0, "Decrypting..."); | ||
298 | |||
299 | aes_decrypt(&buf[0x202], size); | ||
300 | |||
301 | /* 2 - Calculate hashes to verify decryption */ | ||
302 | |||
303 | rb->lcd_clear_display(); | ||
304 | rb->splash(0, "Calculating hash..."); | ||
305 | |||
306 | rb->memset(hash, 0, sizeof(hash)); | ||
307 | |||
308 | hash[1] = 2; | ||
309 | hash[2] = 1; | ||
310 | hash[3] = 0x40; | ||
311 | hash[5] = size; | ||
312 | |||
313 | calc_hash(&buf[0x202], size, &hash[7]); | ||
314 | calc_hash(hash, 0x200, &hash[0x75]); | ||
315 | |||
316 | if ((memcmp(hash + 7, buf + 9, 20) != 0) || | ||
317 | (memcmp(hash + 75, buf + 77, 20) != 0)) { | ||
318 | rb->splash(HZ*2, "Decryption failed - bad hash"); | ||
319 | return PLUGIN_ERROR; | ||
320 | } | ||
321 | |||
322 | /* 3 - Update the Rockbox header */ | ||
323 | |||
324 | sum = calc_checksum(MODEL_NUMBER, (unsigned char*)(&buf[0x202]), size); | ||
325 | put_uint32be((unsigned char*)buf, sum); | ||
326 | memcpy(buf + 1, "nn2g", 4); | ||
327 | |||
328 | /* 4 - Write to disk */ | ||
329 | fd = rb->open(outputfilename,O_WRONLY|O_CREAT|O_TRUNC); | ||
330 | |||
331 | if (fd < 0) { | ||
332 | rb->splash(HZ*2, "Could not open output file"); | ||
333 | return PLUGIN_ERROR; | ||
334 | } | ||
335 | |||
336 | n = rb->write(fd, buf, 8); | ||
337 | n = rb->write(fd, &buf[0x202], size); | ||
338 | |||
339 | rb->close(fd); | ||
340 | } else { | ||
341 | rb->splash(HZ*2,"Invalid input file"); | ||
342 | return PLUGIN_ERROR; | ||
343 | } | ||
344 | |||
345 | return PLUGIN_OK; | ||
346 | } | ||
diff --git a/apps/plugins/viewers.config b/apps/plugins/viewers.config index a572c6abfa..e3b15fe116 100644 --- a/apps/plugins/viewers.config +++ b/apps/plugins/viewers.config | |||
@@ -58,3 +58,5 @@ link,viewers/shortcuts_view,- | |||
58 | *,viewers/shortcuts_append,- | 58 | *,viewers/shortcuts_append,- |
59 | *,apps/md5sum,- | 59 | *,apps/md5sum,- |
60 | lua,viewers/lua,- | 60 | lua,viewers/lua,- |
61 | ipod,viewers/crypt_firmware,- | ||
62 | ipodx,viewers/crypt_firmware,- | ||