diff options
Diffstat (limited to 'rbutil/rbutilqt/irivertools/irivertools.cpp')
-rw-r--r-- | rbutil/rbutilqt/irivertools/irivertools.cpp | 532 |
1 files changed, 532 insertions, 0 deletions
diff --git a/rbutil/rbutilqt/irivertools/irivertools.cpp b/rbutil/rbutilqt/irivertools/irivertools.cpp new file mode 100644 index 0000000000..f2cc59a8c2 --- /dev/null +++ b/rbutil/rbutilqt/irivertools/irivertools.cpp | |||
@@ -0,0 +1,532 @@ | |||
1 | /*************************************************************************** | ||
2 | * __________ __ ___. | ||
3 | * Open \______ \ ____ ____ | | _\_ |__ _______ ___ | ||
4 | * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / | ||
5 | * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < | ||
6 | * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ | ||
7 | * \/ \/ \/ \/ \/ | ||
8 | * Module: rbutil | ||
9 | * File: irivertools.cpp | ||
10 | * | ||
11 | * Copyright (C) 2007 Dominik Wenger | ||
12 | * | ||
13 | * All files in this archive are subject to the GNU General Public License. | ||
14 | * See the file COPYING in the source tree root for full license agreement. | ||
15 | * | ||
16 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
17 | * KIND, either express or implied. | ||
18 | * | ||
19 | ****************************************************************************/ | ||
20 | |||
21 | #include "irivertools.h" | ||
22 | |||
23 | |||
24 | const unsigned char munge[] = { | ||
25 | 0x7a, 0x36, 0xc4, 0x43, 0x49, 0x6b, 0x35, 0x4e, 0xa3, 0x46, 0x25, 0x84, | ||
26 | 0x4d, 0x73, 0x74, 0x61 | ||
27 | }; | ||
28 | |||
29 | const unsigned char header_modify[] = "* IHPFIRM-DECODED "; | ||
30 | |||
31 | const char * const models[] = { "iHP-100", "iHP-120/iHP-140", "H300 series", | ||
32 | NULL }; | ||
33 | |||
34 | /* aligns with models array; expected min firmware size */ | ||
35 | const unsigned int firmware_minsize[] = { 0x100000, 0x100000, 0x200000 }; | ||
36 | /* aligns with models array; expected max firmware size */ | ||
37 | const unsigned int firmware_maxsize[] = { 0x200000, 0x200000, 0x400000 }; | ||
38 | |||
39 | const unsigned char header[][16] = { | ||
40 | { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }, | ||
41 | { 0x20, 0x03, 0x08, 0x27, 0x24, 0x00, 0x02, 0x30, 0x19, 0x17, 0x65, 0x73, | ||
42 | 0x85, 0x32, 0x83, 0x22 }, | ||
43 | { 0x20, 0x04, 0x03, 0x27, 0x20, 0x50, 0x01, 0x70, 0x80, 0x30, 0x80, 0x06, | ||
44 | 0x30, 0x19, 0x17, 0x65 } | ||
45 | }; | ||
46 | |||
47 | /* begin mkboot.c excerpt */ | ||
48 | unsigned char image[0x400000 + 0x220 + 0x400000/0x200]; | ||
49 | |||
50 | bool mkboot(QString infile, QString outfile,QString bootloader,int origin,Ui::InstallProgressFrm* dp) | ||
51 | { | ||
52 | int i; | ||
53 | int len,bllen; | ||
54 | int actual_length, total_length, binary_length, num_chksums; | ||
55 | |||
56 | memset(image, 0xff, sizeof(image)); | ||
57 | |||
58 | /* First, read the iriver original firmware into the image */ | ||
59 | QFile f(infile); | ||
60 | if(!f.open(QIODevice::ReadOnly)) | ||
61 | { | ||
62 | dp->listProgress->addItem("Could not open: %1" + infile); | ||
63 | return false; | ||
64 | } | ||
65 | i = f.read((char*)image,16); | ||
66 | if(i < 16) { | ||
67 | dp->listProgress->addItem("reading header failed"); | ||
68 | return false; | ||
69 | } | ||
70 | |||
71 | /* This is the length of the binary image without the scrambling | ||
72 | overhead (but including the ESTFBINR header) */ | ||
73 | binary_length = image[4] + (image[5] << 8) + | ||
74 | (image[6] << 16) + (image[7] << 24); | ||
75 | |||
76 | /* Read the rest of the binary data, but not the checksum block */ | ||
77 | len = binary_length+0x200-16; | ||
78 | i = f.read((char*)image+16, len); | ||
79 | if(i < len) { | ||
80 | dp->listProgress->addItem("reading firmware failed"); | ||
81 | return false; | ||
82 | } | ||
83 | |||
84 | f.close(); | ||
85 | /* Now, read the boot loader into the image */ | ||
86 | f.setFileName(bootloader); | ||
87 | if(!f.open(QIODevice::ReadOnly)) | ||
88 | { | ||
89 | dp->listProgress->addItem("Could not open: %1" + bootloader); | ||
90 | return false; | ||
91 | } | ||
92 | |||
93 | bllen = f.size(); | ||
94 | |||
95 | i = f.read((char*)image+0x220 + origin, bllen); | ||
96 | if(i < bllen) { | ||
97 | dp->listProgress->addItem("reading bootloader failed"); | ||
98 | return false; | ||
99 | } | ||
100 | |||
101 | f.close(); | ||
102 | f.setFileName(outfile); | ||
103 | if(!f.open(QIODevice::WriteOnly)) | ||
104 | { | ||
105 | dp->listProgress->addItem("Could not open: %1" + outfile); | ||
106 | return false; | ||
107 | } | ||
108 | |||
109 | /* Patch the reset vector to start the boot loader */ | ||
110 | image[0x220 + 4] = image[origin + 0x220 + 4]; | ||
111 | image[0x220 + 5] = image[origin + 0x220 + 5]; | ||
112 | image[0x220 + 6] = image[origin + 0x220 + 6]; | ||
113 | image[0x220 + 7] = image[origin + 0x220 + 7]; | ||
114 | |||
115 | /* This is the actual length of the binary, excluding all headers */ | ||
116 | actual_length = origin + bllen; | ||
117 | |||
118 | /* Patch the ESTFBINR header */ | ||
119 | image[0x20c] = (actual_length >> 24) & 0xff; | ||
120 | image[0x20d] = (actual_length >> 16) & 0xff; | ||
121 | image[0x20e] = (actual_length >> 8) & 0xff; | ||
122 | image[0x20f] = actual_length & 0xff; | ||
123 | |||
124 | image[0x21c] = (actual_length >> 24) & 0xff; | ||
125 | image[0x21d] = (actual_length >> 16) & 0xff; | ||
126 | image[0x21e] = (actual_length >> 8) & 0xff; | ||
127 | image[0x21f] = actual_length & 0xff; | ||
128 | |||
129 | /* This is the length of the binary, including the ESTFBINR header and | ||
130 | rounded up to the nearest 0x200 boundary */ | ||
131 | binary_length = (actual_length + 0x20 + 0x1ff) & 0xfffffe00; | ||
132 | |||
133 | /* The number of checksums, i.e number of 0x200 byte blocks */ | ||
134 | num_chksums = binary_length / 0x200; | ||
135 | |||
136 | /* The total file length, including all headers and checksums */ | ||
137 | total_length = binary_length + num_chksums + 0x200; | ||
138 | |||
139 | /* Patch the scrambler header with the new length info */ | ||
140 | image[0] = total_length & 0xff; | ||
141 | image[1] = (total_length >> 8) & 0xff; | ||
142 | image[2] = (total_length >> 16) & 0xff; | ||
143 | image[3] = (total_length >> 24) & 0xff; | ||
144 | |||
145 | image[4] = binary_length & 0xff; | ||
146 | image[5] = (binary_length >> 8) & 0xff; | ||
147 | image[6] = (binary_length >> 16) & 0xff; | ||
148 | image[7] = (binary_length >> 24) & 0xff; | ||
149 | |||
150 | image[8] = num_chksums & 0xff; | ||
151 | image[9] = (num_chksums >> 8) & 0xff; | ||
152 | image[10] = (num_chksums >> 16) & 0xff; | ||
153 | image[11] = (num_chksums >> 24) & 0xff; | ||
154 | |||
155 | i = f.write((char*)image,total_length); | ||
156 | if(i < total_length) { | ||
157 | dp->listProgress->addItem("writing bootloader failed"); | ||
158 | return false; | ||
159 | } | ||
160 | |||
161 | f.close(); | ||
162 | |||
163 | return true; | ||
164 | } | ||
165 | |||
166 | /* end mkboot.c excerpt */ | ||
167 | |||
168 | |||
169 | int intable(char *md5, struct sumpairs *table, int len) | ||
170 | { | ||
171 | int i; | ||
172 | for (i = 0; i < len; i++) { | ||
173 | if (strncmp(md5, table[i].unpatched, 32) == 0) { | ||
174 | return i; | ||
175 | } | ||
176 | } | ||
177 | return -1; | ||
178 | } | ||
179 | |||
180 | |||
181 | |||
182 | |||
183 | static int testheader( const unsigned char * const data ) | ||
184 | { | ||
185 | const unsigned char * const d = data+16; | ||
186 | const char * const * m = models; | ||
187 | int index = 0; | ||
188 | while( *m ) | ||
189 | { | ||
190 | if( memcmp( header[ index ], d, 16 ) == 0 ) | ||
191 | return index; | ||
192 | index++; | ||
193 | m++; | ||
194 | }; | ||
195 | return -1; | ||
196 | }; | ||
197 | |||
198 | static void modifyheader( unsigned char * data ) | ||
199 | { | ||
200 | const unsigned char * h = header_modify; | ||
201 | int i; | ||
202 | for( i=0; i<512; i++ ) | ||
203 | { | ||
204 | if( *h == '\0' ) | ||
205 | h = header_modify; | ||
206 | *data++ ^= *h++; | ||
207 | }; | ||
208 | }; | ||
209 | |||
210 | int iriver_decode(QString infile_name, QString outfile_name, unsigned int modify, | ||
211 | enum striptype stripmode,Ui::InstallProgressFrm* dp ) | ||
212 | { | ||
213 | QFile infile(infile_name); | ||
214 | QFile outfile(outfile_name); | ||
215 | int i = -1; | ||
216 | unsigned char headerdata[512]; | ||
217 | unsigned long dwLength1, dwLength2, dwLength3, fp = 0; | ||
218 | unsigned char blockdata[16+16]; | ||
219 | unsigned char out[16]; | ||
220 | unsigned char newmunge; | ||
221 | signed long lenread; | ||
222 | int s = 0; | ||
223 | unsigned char * pChecksums, * ppChecksums = 0; | ||
224 | unsigned char ck; | ||
225 | |||
226 | |||
227 | if(!infile.open(QIODevice::ReadOnly)) | ||
228 | { | ||
229 | dp->listProgress->addItem("Could not open: %1" + infile_name); | ||
230 | return -1; | ||
231 | } | ||
232 | if(!outfile.open(QIODevice::WriteOnly)) | ||
233 | { | ||
234 | dp->listProgress->addItem("Could not open: %1" + outfile_name); | ||
235 | return -1; | ||
236 | } | ||
237 | lenread = infile.read( (char*)headerdata, 512); | ||
238 | if( lenread != 512 ) | ||
239 | { | ||
240 | dp->listProgress->addItem("This doesn't look like a valid encrypted iHP" | ||
241 | "firmware - reason: header length."); | ||
242 | infile.close(); | ||
243 | outfile.close(); | ||
244 | return -1; | ||
245 | }; | ||
246 | |||
247 | i = testheader( headerdata ); | ||
248 | if( i == -1 ) | ||
249 | { | ||
250 | dp->listProgress->addItem("This firmware is for an unknown model, or is not" | ||
251 | " a valid encrypted iHP firmware."); | ||
252 | infile.close(); | ||
253 | outfile.close(); | ||
254 | return -1; | ||
255 | }; | ||
256 | fprintf( stderr, "Model %s\n", models[ i ] ); | ||
257 | |||
258 | dwLength1 = headerdata[0] | (headerdata[1]<<8) | | ||
259 | (headerdata[2]<<16) | (headerdata[3]<<24); | ||
260 | dwLength2 = headerdata[4] | (headerdata[5]<<8) | | ||
261 | (headerdata[6]<<16) | (headerdata[7]<<24); | ||
262 | dwLength3 = headerdata[8] | (headerdata[9]<<8) | | ||
263 | (headerdata[10]<<16) | (headerdata[11]<<24); | ||
264 | |||
265 | if( dwLength1 < firmware_minsize[ i ] || | ||
266 | dwLength1 > firmware_maxsize[ i ] || | ||
267 | dwLength2 < firmware_minsize[ i ] || | ||
268 | dwLength2 > dwLength1 || | ||
269 | dwLength3 > dwLength1 || | ||
270 | dwLength2>>9 != dwLength3 || | ||
271 | dwLength2+dwLength3+512 != dwLength1 ) | ||
272 | { | ||
273 | dp->listProgress->addItem("This doesn't look like a valid encrypted " | ||
274 | "iHP firmware - reason: file 'length' data."); | ||
275 | infile.close(); | ||
276 | outfile.close(); | ||
277 | return -1; | ||
278 | }; | ||
279 | |||
280 | pChecksums = ppChecksums = (unsigned char *)( malloc( dwLength3 ) ); | ||
281 | |||
282 | if( modify ) | ||
283 | { | ||
284 | modifyheader( headerdata ); | ||
285 | }; | ||
286 | |||
287 | if( stripmode == STRIP_NONE ) | ||
288 | outfile.write( (char*)headerdata, 512); | ||
289 | |||
290 | memset( blockdata, 0, 16 ); | ||
291 | |||
292 | ck = 0; | ||
293 | while( ( fp < dwLength2 ) && | ||
294 | ( lenread = infile.read( (char*)blockdata+16, 16) == 16) ) | ||
295 | { | ||
296 | fp += 16; | ||
297 | |||
298 | for( i=0; i<16; ++i ) | ||
299 | { | ||
300 | newmunge = blockdata[16+i] ^ munge[i]; | ||
301 | out[i] = newmunge ^ blockdata[i]; | ||
302 | blockdata[i] = newmunge; | ||
303 | ck += out[i]; | ||
304 | } | ||
305 | |||
306 | if( fp > ESTF_SIZE || stripmode != STRIP_HEADER_CHECKSUM_ESTF ) | ||
307 | { | ||
308 | outfile.write( (char*)out+4, 12); | ||
309 | outfile.write( (char*)out, 4); | ||
310 | } | ||
311 | else | ||
312 | { | ||
313 | if( ESTF_SIZE - fp < 16 ) | ||
314 | { | ||
315 | memcpy( out+4, blockdata+16, 12 ); | ||
316 | memcpy( out, blockdata+28, 4 ); | ||
317 | outfile.write((char*) blockdata+16+ESTF_SIZE-fp, ESTF_SIZE-fp); | ||
318 | } | ||
319 | } | ||
320 | |||
321 | |||
322 | if( s == 496 ) | ||
323 | { | ||
324 | s = 0; | ||
325 | memset( blockdata, 0, 16 ); | ||
326 | *ppChecksums++ = ck; | ||
327 | ck = 0; | ||
328 | } | ||
329 | else | ||
330 | s+=16; | ||
331 | }; | ||
332 | |||
333 | if( fp != dwLength2 ) | ||
334 | { | ||
335 | dp->listProgress->addItem("This doesn't look like a valid encrypted " | ||
336 | "iHP firmware - reason: 'length2' mismatch."); | ||
337 | infile.close(); | ||
338 | outfile.close(); | ||
339 | return -1; | ||
340 | }; | ||
341 | |||
342 | fp = 0; | ||
343 | ppChecksums = pChecksums; | ||
344 | while( ( fp < dwLength3 ) && | ||
345 | ( lenread = infile.read((char*) blockdata, 32 ) ) > 0 ) | ||
346 | { | ||
347 | fp += lenread; | ||
348 | if( stripmode == STRIP_NONE ) | ||
349 | outfile.write((char*) blockdata, lenread ); | ||
350 | if( memcmp( ppChecksums, blockdata, lenread ) != 0 ) | ||
351 | { | ||
352 | dp->listProgress->addItem("This doesn't look like a valid encrypted " | ||
353 | "iHP firmware - reason: Checksum mismatch!"); | ||
354 | infile.close(); | ||
355 | outfile.close(); | ||
356 | return -1; | ||
357 | }; | ||
358 | ppChecksums += lenread; | ||
359 | }; | ||
360 | |||
361 | if( fp != dwLength3 ) | ||
362 | { | ||
363 | dp->listProgress->addItem("This doesn't look like a valid encrypted " | ||
364 | "iHP firmware - reason: 'length3' mismatch."); | ||
365 | infile.close(); | ||
366 | outfile.close(); | ||
367 | return -1; | ||
368 | }; | ||
369 | |||
370 | |||
371 | fprintf( stderr, "File decoded correctly and all checksums matched!\n" ); | ||
372 | switch( stripmode ) | ||
373 | { | ||
374 | default: | ||
375 | case STRIP_NONE: | ||
376 | fprintf(stderr, "Output file contains all headers and " | ||
377 | "checksums\n"); | ||
378 | break; | ||
379 | case STRIP_HEADER_CHECKSUM: | ||
380 | fprintf( stderr, "NB: output file contains only ESTFBINR header" | ||
381 | " and decoded firmware code\n" ); | ||
382 | break; | ||
383 | case STRIP_HEADER_CHECKSUM_ESTF: | ||
384 | fprintf( stderr, "NB: output file contains only raw decoded " | ||
385 | "firmware code\n" ); | ||
386 | break; | ||
387 | }; | ||
388 | |||
389 | infile.close(); | ||
390 | outfile.close(); | ||
391 | return 0; | ||
392 | |||
393 | }; | ||
394 | |||
395 | int iriver_encode(QString infile_name, QString outfile_name, unsigned int modify,Ui::InstallProgressFrm* dp ) | ||
396 | { | ||
397 | QFile infile(infile_name); | ||
398 | QFile outfile(outfile_name); | ||
399 | int i = -1; | ||
400 | unsigned char headerdata[512]; | ||
401 | unsigned long dwLength1, dwLength2, dwLength3, fp = 0; | ||
402 | unsigned char blockdata[16+16]; | ||
403 | unsigned char out[16]; | ||
404 | unsigned char newmunge; | ||
405 | signed long lenread; | ||
406 | int s = 0; | ||
407 | unsigned char * pChecksums, * ppChecksums; | ||
408 | unsigned char ck; | ||
409 | |||
410 | if(!infile.open(QIODevice::ReadOnly)) | ||
411 | { | ||
412 | dp->listProgress->addItem("Could not open: %1" + infile_name); | ||
413 | return -1; | ||
414 | } | ||
415 | if(!outfile.open(QIODevice::WriteOnly)) | ||
416 | { | ||
417 | dp->listProgress->addItem("Could not open: %1" + outfile_name); | ||
418 | return -1; | ||
419 | } | ||
420 | |||
421 | lenread = infile.read((char*) headerdata, 512 ); | ||
422 | if( lenread != 512 ) | ||
423 | { | ||
424 | dp->listProgress->addItem("This doesn't look like a valid decoded " | ||
425 | "iHP firmware - reason: header length."); | ||
426 | infile.close(); | ||
427 | outfile.close(); | ||
428 | }; | ||
429 | |||
430 | if( modify ) | ||
431 | { | ||
432 | modifyheader( headerdata ); /* reversible */ | ||
433 | }; | ||
434 | |||
435 | i = testheader( headerdata ); | ||
436 | if( i == -1 ) | ||
437 | { | ||
438 | dp->listProgress->addItem("This firmware is for an unknown model, or is not" | ||
439 | " a valid decoded iHP firmware."); | ||
440 | infile.close(); | ||
441 | outfile.close(); | ||
442 | }; | ||
443 | fprintf( stderr, "Model %s\n", models[ i ] ); | ||
444 | |||
445 | dwLength1 = headerdata[0] | (headerdata[1]<<8) | | ||
446 | (headerdata[2]<<16) | (headerdata[3]<<24); | ||
447 | dwLength2 = headerdata[4] | (headerdata[5]<<8) | | ||
448 | (headerdata[6]<<16) | (headerdata[7]<<24); | ||
449 | dwLength3 = headerdata[8] | (headerdata[9]<<8) | | ||
450 | (headerdata[10]<<16) | (headerdata[11]<<24); | ||
451 | |||
452 | if( dwLength1 < firmware_minsize[i] || | ||
453 | dwLength1 > firmware_maxsize[i] || | ||
454 | dwLength2 < firmware_minsize[i] || | ||
455 | dwLength2 > dwLength1 || | ||
456 | dwLength3 > dwLength1 || | ||
457 | dwLength2+dwLength3+512 != dwLength1 ) | ||
458 | { | ||
459 | dp->listProgress->addItem("This doesn't look like a valid decoded " | ||
460 | "iHP firmware - reason:file 'length' data."); | ||
461 | infile.close(); | ||
462 | outfile.close(); | ||
463 | }; | ||
464 | |||
465 | pChecksums = ppChecksums = (unsigned char *)( malloc( dwLength3 ) ); | ||
466 | |||
467 | outfile.write( (char*)headerdata, 512); | ||
468 | |||
469 | memset( blockdata, 0, 16 ); | ||
470 | ck = 0; | ||
471 | while( ( fp < dwLength2 ) && | ||
472 | ( lenread = infile.read((char*) blockdata+16, 16) ) == 16 ) | ||
473 | { | ||
474 | fp += 16; | ||
475 | for( i=0; i<16; ++i ) | ||
476 | { | ||
477 | newmunge = blockdata[16+((12+i)&0xf)] ^ blockdata[i]; | ||
478 | out[i] = newmunge ^ munge[i]; | ||
479 | ck += blockdata[16+i]; | ||
480 | blockdata[i] = newmunge; | ||
481 | }; | ||
482 | outfile.write( (char*)out, 16); | ||
483 | |||
484 | if( s == 496 ) | ||
485 | { | ||
486 | s = 0; | ||
487 | memset( blockdata, 0, 16 ); | ||
488 | *ppChecksums++ = ck; | ||
489 | ck = 0; | ||
490 | } | ||
491 | else | ||
492 | s+=16; | ||
493 | }; | ||
494 | |||
495 | if( fp != dwLength2 ) | ||
496 | { | ||
497 | dp->listProgress->addItem("This doesn't look like a valid decoded " | ||
498 | "iHP firmware - reason: 'length1' mismatch."); | ||
499 | infile.close(); | ||
500 | outfile.close(); | ||
501 | }; | ||
502 | |||
503 | /* write out remainder w/out applying descrambler */ | ||
504 | fp = 0; | ||
505 | lenread = dwLength3; | ||
506 | ppChecksums = pChecksums; | ||
507 | while( ( fp < dwLength3) && | ||
508 | ( lenread = outfile.write((char*) ppChecksums, lenread) ) > 0 ) | ||
509 | { | ||
510 | fp += lenread; | ||
511 | ppChecksums += lenread; | ||
512 | lenread = dwLength3 - fp; | ||
513 | }; | ||
514 | |||
515 | if( fp != dwLength3 ) | ||
516 | { | ||
517 | dp->listProgress->addItem("This doesn't look like a valid decoded " | ||
518 | "iHP firmware - 'length2' mismatch."); | ||
519 | infile.close(); | ||
520 | outfile.close(); | ||
521 | }; | ||
522 | |||
523 | fprintf( stderr, "File encoded successfully and checksum table built!\n" ); | ||
524 | |||
525 | infile.close(); | ||
526 | outfile.close(); | ||
527 | return 0; | ||
528 | |||
529 | }; | ||
530 | |||
531 | |||
532 | |||