diff options
Diffstat (limited to 'utils/AMS')
-rw-r--r-- | utils/AMS/hacking/Makefile | 56 | ||||
-rw-r--r-- | utils/AMS/hacking/README | 9 | ||||
-rw-r--r-- | utils/AMS/hacking/extract_fw.c | 129 | ||||
-rw-r--r-- | utils/AMS/hacking/mkamsboot.c | 341 | ||||
-rw-r--r-- | utils/AMS/hacking/nrv2e_d8.S | 194 | ||||
-rw-r--r-- | utils/AMS/hacking/test.S | 55 |
6 files changed, 2 insertions, 782 deletions
diff --git a/utils/AMS/hacking/Makefile b/utils/AMS/hacking/Makefile index 8f48d611c8..1a297bc3ab 100644 --- a/utils/AMS/hacking/Makefile +++ b/utils/AMS/hacking/Makefile | |||
@@ -1,59 +1,7 @@ | |||
1 | # Change INFILE to point to your original firmware file | 1 | all: amsinfo |
2 | INFILE=$(HOME)/FW/AMS/CLIP/m300a-1.1.17A.bin | ||
3 | |||
4 | # OUTFILE is the file you copy to your device's root and rename to | ||
5 | # (e.g.) m300a.bin | ||
6 | OUTFILE=patched.bin | ||
7 | |||
8 | # The uclpack command | ||
9 | UCLPACK=../../../tools/uclpack | ||
10 | |||
11 | all: amsinfo $(OUTFILE) | ||
12 | 2 | ||
13 | amsinfo: amsinfo.c | 3 | amsinfo: amsinfo.c |
14 | gcc -o amsinfo -W -Wall amsinfo.c | 4 | gcc -o amsinfo -W -Wall amsinfo.c |
15 | 5 | ||
16 | mkamsboot: mkamsboot.c | ||
17 | gcc -o mkamsboot -W -Wall mkamsboot.c | ||
18 | |||
19 | extract_fw: extract_fw.c | ||
20 | gcc -o extract_fw -W -Wall extract_fw.c | ||
21 | |||
22 | # Rules for our test ARM application - assemble, link, then extract | ||
23 | # the binary code | ||
24 | |||
25 | test.o: test.S | ||
26 | arm-elf-as -o test.o test.S | ||
27 | |||
28 | test.elf: test.o | ||
29 | arm-elf-ld -e 0 -Ttext=0 -o test.elf test.o | ||
30 | |||
31 | test.bin: test.elf | ||
32 | arm-elf-objcopy -O binary test.elf test.bin | ||
33 | |||
34 | # Rules for the ucl unpack function - this is inserted in the padding at | ||
35 | # the end of the original firmware block | ||
36 | nrv2e_d8.o: nrv2e_d8.S | ||
37 | arm-elf-gcc -DPURE_THUMB -c -o nrv2e_d8.o nrv2e_d8.S | ||
38 | |||
39 | # NOTE: this function has no absolute references, so the link address (-e) | ||
40 | # is irrelevant. We just link at address 0. | ||
41 | nrv2e_d8.elf: nrv2e_d8.o | ||
42 | arm-elf-ld -e 0 -Ttext=0 -o nrv2e_d8.elf nrv2e_d8.o | ||
43 | |||
44 | nrv2e_d8.bin: nrv2e_d8.elf | ||
45 | arm-elf-objcopy -O binary nrv2e_d8.elf nrv2e_d8.bin | ||
46 | |||
47 | firmware_block.ucl: firmware_block.bin | ||
48 | $(UCLPACK) --best --2e firmware_block.bin firmware_block.ucl | ||
49 | |||
50 | firmware_block.bin: $(INFILE) extract_fw | ||
51 | ./extract_fw $(INFILE) firmware_block.bin | ||
52 | |||
53 | $(OUTFILE): mkamsboot firmware_block.ucl test.bin nrv2e_d8.bin $(INFILE) | ||
54 | ./mkamsboot $(INFILE) firmware_block.ucl test.bin nrv2e_d8.bin $(OUTFILE) | ||
55 | |||
56 | clean: | 6 | clean: |
57 | rm -fr amsinfo mkamsboot test.o test.elf test.bin extract_fw \ | 7 | rm -fr amsinfo |
58 | nrv2e_d8.o nrv2e_d8.elf nrv2e_d8.bin firmware_block.bin \ | ||
59 | firmware_block.ucl $(OUTFILE) *~ | ||
diff --git a/utils/AMS/hacking/README b/utils/AMS/hacking/README index ce16f954cd..59bb27ebae 100644 --- a/utils/AMS/hacking/README +++ b/utils/AMS/hacking/README | |||
@@ -5,12 +5,3 @@ This directory contains the following tools related to the Sansa V2 | |||
5 | 5 | ||
6 | A tool that dumps information from an AMS firmware file. | 6 | A tool that dumps information from an AMS firmware file. |
7 | 7 | ||
8 | 2) mkamsboot | ||
9 | |||
10 | A tool to inject some code (contained in test.S) into a firmware file. | ||
11 | |||
12 | Edit the INFILE variable in the Makefile to point to the original | ||
13 | firmware file you want to patch, edit "test.S" appropriately, and then | ||
14 | type "make". | ||
15 | |||
16 | |||
diff --git a/utils/AMS/hacking/extract_fw.c b/utils/AMS/hacking/extract_fw.c deleted file mode 100644 index e91d1f8de1..0000000000 --- a/utils/AMS/hacking/extract_fw.c +++ /dev/null | |||
@@ -1,129 +0,0 @@ | |||
1 | /* | ||
2 | |||
3 | extract_fw.c - extract the main firmware image from a Sansa V2 (AMS) firmware | ||
4 | file | ||
5 | |||
6 | Copyright (C) Dave Chapman 2008 | ||
7 | |||
8 | This program is free software; you can redistribute it and/or modify | ||
9 | it under the terms of the GNU General Public License as published by | ||
10 | the Free Software Foundation; either version 2 of the License, or | ||
11 | (at your option) any later version. | ||
12 | |||
13 | This program is distributed in the hope that it will be useful, | ||
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
16 | GNU General Public License for more details. | ||
17 | |||
18 | You should have received a copy of the GNU General Public License | ||
19 | along with this program; if not, write to the Free Software | ||
20 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA | ||
21 | |||
22 | */ | ||
23 | |||
24 | |||
25 | #include <stdio.h> | ||
26 | #include <stdlib.h> | ||
27 | #include <stdint.h> | ||
28 | #include <sys/types.h> | ||
29 | #include <sys/stat.h> | ||
30 | #include <fcntl.h> | ||
31 | #include <unistd.h> | ||
32 | #include <string.h> | ||
33 | |||
34 | |||
35 | /* Win32 compatibility */ | ||
36 | #ifndef O_BINARY | ||
37 | #define O_BINARY 0 | ||
38 | #endif | ||
39 | |||
40 | |||
41 | static off_t filesize(int fd) { | ||
42 | struct stat buf; | ||
43 | |||
44 | if (fstat(fd,&buf) < 0) { | ||
45 | perror("[ERR] Checking filesize of input file"); | ||
46 | return -1; | ||
47 | } else { | ||
48 | return(buf.st_size); | ||
49 | } | ||
50 | } | ||
51 | |||
52 | static uint32_t get_uint32le(unsigned char* p) | ||
53 | { | ||
54 | return p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); | ||
55 | } | ||
56 | |||
57 | void usage(void) | ||
58 | { | ||
59 | printf("Usage: extract_fw <firmware file> <output file>\n"); | ||
60 | |||
61 | exit(1); | ||
62 | } | ||
63 | |||
64 | int main(int argc, char* argv[]) | ||
65 | { | ||
66 | char *infile, *outfile; | ||
67 | int fdin, fdout; | ||
68 | off_t len; | ||
69 | uint32_t n; | ||
70 | unsigned char* buf; | ||
71 | uint32_t firmware_size; | ||
72 | |||
73 | if(argc != 3) { | ||
74 | usage(); | ||
75 | } | ||
76 | |||
77 | infile = argv[1]; | ||
78 | outfile = argv[2]; | ||
79 | |||
80 | /* Open the firmware file */ | ||
81 | fdin = open(infile,O_RDONLY|O_BINARY); | ||
82 | |||
83 | if (fdin < 0) { | ||
84 | fprintf(stderr,"[ERR] Could not open %s for reading\n",infile); | ||
85 | return 1; | ||
86 | } | ||
87 | |||
88 | if ((len = filesize(fdin)) < 0) | ||
89 | return 1; | ||
90 | |||
91 | /* We will need no more memory than the total size plus the bootloader size | ||
92 | padded to a boundary */ | ||
93 | if ((buf = malloc(len)) == NULL) { | ||
94 | fprintf(stderr,"[ERR] Could not allocate buffer for input file (%d bytes)\n",(int)len); | ||
95 | return 1; | ||
96 | } | ||
97 | |||
98 | n = read(fdin, buf, len); | ||
99 | |||
100 | if (n != (uint32_t)len) { | ||
101 | fprintf(stderr,"[ERR] Could not read firmware file\n"); | ||
102 | return 1; | ||
103 | } | ||
104 | |||
105 | close(fdin); | ||
106 | |||
107 | /* Get the firmware size */ | ||
108 | firmware_size = get_uint32le(&buf[0x0c]); | ||
109 | |||
110 | fdout = open(outfile, O_CREAT|O_TRUNC|O_WRONLY|O_BINARY,0666); | ||
111 | |||
112 | if (fdout < 0) { | ||
113 | fprintf(stderr,"[ERR] Could not open %s for writing\n",outfile); | ||
114 | return 1; | ||
115 | } | ||
116 | |||
117 | n = write(fdout, buf + 0x400, firmware_size); | ||
118 | |||
119 | if (n != (uint32_t)firmware_size) { | ||
120 | fprintf(stderr,"[ERR] Could not write firmware block\n"); | ||
121 | return 1; | ||
122 | } | ||
123 | |||
124 | /* Clean up */ | ||
125 | close(fdout); | ||
126 | free(buf); | ||
127 | |||
128 | return 0; | ||
129 | } | ||
diff --git a/utils/AMS/hacking/mkamsboot.c b/utils/AMS/hacking/mkamsboot.c deleted file mode 100644 index 52ead58b69..0000000000 --- a/utils/AMS/hacking/mkamsboot.c +++ /dev/null | |||
@@ -1,341 +0,0 @@ | |||
1 | /* | ||
2 | |||
3 | mkamsboot.c - a tool for merging bootloader code into an Sansa V2 | ||
4 | (AMS) firmware file | ||
5 | |||
6 | Copyright (C) Dave Chapman 2008 | ||
7 | |||
8 | This program is free software; you can redistribute it and/or modify | ||
9 | it under the terms of the GNU General Public License as published by | ||
10 | the Free Software Foundation; either version 2 of the License, or | ||
11 | (at your option) any later version. | ||
12 | |||
13 | This program is distributed in the hope that it will be useful, | ||
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
16 | GNU General Public License for more details. | ||
17 | |||
18 | You should have received a copy of the GNU General Public License | ||
19 | along with this program; if not, write to the Free Software | ||
20 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA | ||
21 | |||
22 | */ | ||
23 | |||
24 | |||
25 | /* | ||
26 | |||
27 | Insert a Rockbox bootloader into an AMS original firmware file. | ||
28 | |||
29 | We replace the main firmware block (bytes 0x400..0x400+firmware_size) | ||
30 | as follows: | ||
31 | |||
32 | |||
33 | --------------------- 0x0 | ||
34 | | | | ||
35 | | Rockbox bootloader | | ||
36 | | | | ||
37 | |---------------------| | ||
38 | | EMPTY SPACE | | ||
39 | |---------------------| | ||
40 | | ucl unpack function | | ||
41 | |---------------------| | ||
42 | | | | ||
43 | | compressed OF image | | ||
44 | | | | ||
45 | | | | ||
46 | --------------------- | ||
47 | |||
48 | This entire block fits into the space previously occupied by the main | ||
49 | firmware block, and gives about 40KB of space to store the Rockbox | ||
50 | bootloader. This could be increased if we also UCL compress the | ||
51 | Rockbox bootloader. | ||
52 | |||
53 | mkamsboot then corrects the checksums and writes a new legal firmware | ||
54 | file which can be installed on the device. | ||
55 | |||
56 | Our bootloader first checks for the "dual-boot" keypress, and then either: | ||
57 | |||
58 | a) Copies the ucl unpack function and compressed OF image to an unused | ||
59 | part of RAM and then branches to the ucl_unpack function, which | ||
60 | will then branch to 0x0 after decompressing the OF to that location. | ||
61 | |||
62 | b) Continues running with our test code | ||
63 | |||
64 | */ | ||
65 | |||
66 | |||
67 | #include <stdio.h> | ||
68 | #include <stdlib.h> | ||
69 | #include <stdint.h> | ||
70 | #include <sys/types.h> | ||
71 | #include <sys/stat.h> | ||
72 | #include <fcntl.h> | ||
73 | #include <unistd.h> | ||
74 | #include <string.h> | ||
75 | |||
76 | |||
77 | /* Win32 compatibility */ | ||
78 | #ifndef O_BINARY | ||
79 | #define O_BINARY 0 | ||
80 | #endif | ||
81 | |||
82 | |||
83 | #define PAD_TO_BOUNDARY(x) (((x) + 0x1ff) & ~0x1ff) | ||
84 | |||
85 | |||
86 | /* This magic should appear at the start of any UCL file */ | ||
87 | static const unsigned char uclmagic[] = { | ||
88 | 0x00, 0xe9, 0x55, 0x43, 0x4c, 0xff, 0x01, 0x1a | ||
89 | }; | ||
90 | |||
91 | |||
92 | static off_t filesize(int fd) { | ||
93 | struct stat buf; | ||
94 | |||
95 | if (fstat(fd,&buf) < 0) { | ||
96 | perror("[ERR] Checking filesize of input file"); | ||
97 | return -1; | ||
98 | } else { | ||
99 | return(buf.st_size); | ||
100 | } | ||
101 | } | ||
102 | |||
103 | static uint32_t get_uint32le(unsigned char* p) | ||
104 | { | ||
105 | return p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); | ||
106 | } | ||
107 | |||
108 | static uint32_t get_uint32be(unsigned char* p) | ||
109 | { | ||
110 | return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; | ||
111 | |||
112 | } | ||
113 | |||
114 | static void put_uint32le(unsigned char* p, uint32_t x) | ||
115 | { | ||
116 | p[0] = x & 0xff; | ||
117 | p[1] = (x >> 8) & 0xff; | ||
118 | p[2] = (x >> 16) & 0xff; | ||
119 | p[3] = (x >> 24) & 0xff; | ||
120 | } | ||
121 | |||
122 | static int calc_checksum(unsigned char* buf, uint32_t n) | ||
123 | { | ||
124 | uint32_t sum = 0; | ||
125 | uint32_t i; | ||
126 | |||
127 | for (i=0;i<n;i+=4) | ||
128 | sum += get_uint32le(buf + i); | ||
129 | |||
130 | return sum; | ||
131 | } | ||
132 | |||
133 | void usage(void) | ||
134 | { | ||
135 | printf("Usage: mkamsboot <firmware file> <ucl image> <boot file> <ucl unpack file> <output file>\n"); | ||
136 | |||
137 | exit(1); | ||
138 | } | ||
139 | |||
140 | int main(int argc, char* argv[]) | ||
141 | { | ||
142 | char *infile, *uclfile, *bootfile, *uclunpackfile, *outfile; | ||
143 | int fdin, fducl, fdboot, fduclunpack, fdout; | ||
144 | off_t len; | ||
145 | unsigned char uclheader[26]; | ||
146 | uint32_t n; | ||
147 | unsigned char* buf; | ||
148 | uint32_t firmware_size; | ||
149 | uint32_t firmware_paddedsize; | ||
150 | uint32_t bootloader_size; | ||
151 | uint32_t ucl_size; | ||
152 | uint32_t ucl_paddedsize; | ||
153 | uint32_t uclunpack_size; | ||
154 | uint32_t sum,filesum; | ||
155 | uint32_t i; | ||
156 | |||
157 | if(argc != 6) { | ||
158 | usage(); | ||
159 | } | ||
160 | |||
161 | infile = argv[1]; | ||
162 | uclfile = argv[2]; | ||
163 | bootfile = argv[3]; | ||
164 | uclunpackfile = argv[4]; | ||
165 | outfile = argv[5]; | ||
166 | |||
167 | /* Open the bootloader file */ | ||
168 | fdboot = open(bootfile, O_RDONLY|O_BINARY); | ||
169 | if (fdboot < 0) | ||
170 | { | ||
171 | fprintf(stderr,"[ERR] Could not open %s for reading\n",bootfile); | ||
172 | return 1; | ||
173 | } | ||
174 | |||
175 | bootloader_size = filesize(fdboot); | ||
176 | |||
177 | |||
178 | /* Open the UCL-compressed image of the firmware block */ | ||
179 | fduclunpack = open(uclunpackfile, O_RDONLY|O_BINARY); | ||
180 | if (fduclunpack < 0) | ||
181 | { | ||
182 | fprintf(stderr,"[ERR] Could not open %s for reading\n",uclunpackfile); | ||
183 | return 1; | ||
184 | } | ||
185 | |||
186 | uclunpack_size = filesize(fduclunpack); | ||
187 | |||
188 | |||
189 | /* Open the UCL-compressed image of the firmware block */ | ||
190 | fducl = open(uclfile, O_RDONLY|O_BINARY); | ||
191 | if (fducl < 0) | ||
192 | { | ||
193 | fprintf(stderr,"[ERR] Could not open %s for reading\n",uclfile); | ||
194 | return 1; | ||
195 | } | ||
196 | |||
197 | /* Some UCL file sanity checks */ | ||
198 | n = read(fducl, uclheader, sizeof(uclheader)); | ||
199 | |||
200 | if (n != sizeof(uclheader)) { | ||
201 | fprintf(stderr,"[ERR] Could not read header from UCL file\n"); | ||
202 | return 1; | ||
203 | } | ||
204 | |||
205 | if (memcmp(uclmagic, uclheader, sizeof(uclmagic))!=0) { | ||
206 | fprintf(stderr,"[ERR] Invalid UCL file\n"); | ||
207 | return 1; | ||
208 | } | ||
209 | |||
210 | if (uclheader[12] != 0x2e) { | ||
211 | fprintf(stderr,"[ERR] Unsupported UCL compression format (0x%02x) - only 0x2e supported.\n",uclheader[12]); | ||
212 | return 1; | ||
213 | } | ||
214 | ucl_size = get_uint32be(&uclheader[22]) + 8; | ||
215 | ucl_paddedsize = (ucl_size + 3) & ~0x3; | ||
216 | |||
217 | if (ucl_size + 26 > (unsigned)filesize(fducl)) { | ||
218 | fprintf(stderr, "[ERR] Size mismatch in UCL file\n"); | ||
219 | return 1; | ||
220 | } | ||
221 | |||
222 | /* Open the firmware file */ | ||
223 | fdin = open(infile,O_RDONLY|O_BINARY); | ||
224 | |||
225 | if (fdin < 0) { | ||
226 | fprintf(stderr,"[ERR] Could not open %s for reading\n",infile); | ||
227 | return 1; | ||
228 | } | ||
229 | |||
230 | if ((len = filesize(fdin)) < 0) | ||
231 | return 1; | ||
232 | |||
233 | /* Allocate memory for the OF image - we don't change the size */ | ||
234 | if ((buf = malloc(len)) == NULL) { | ||
235 | fprintf(stderr,"[ERR] Could not allocate buffer for input file (%d bytes)\n",(int)len); | ||
236 | return 1; | ||
237 | } | ||
238 | |||
239 | n = read(fdin, buf, len); | ||
240 | |||
241 | if (n != (uint32_t)len) { | ||
242 | fprintf(stderr,"[ERR] Could not read firmware file\n"); | ||
243 | return 1; | ||
244 | } | ||
245 | |||
246 | close(fdin); | ||
247 | |||
248 | /* Get the firmware size */ | ||
249 | firmware_size = get_uint32le(&buf[0x0c]); | ||
250 | |||
251 | /* Round size up to next multiple of 0x200 */ | ||
252 | |||
253 | firmware_paddedsize = PAD_TO_BOUNDARY(firmware_size); | ||
254 | |||
255 | fprintf(stderr,"Original firmware size - %d bytes\n",firmware_size); | ||
256 | fprintf(stderr,"Padded firmware size - %d bytes\n",firmware_paddedsize); | ||
257 | fprintf(stderr,"Bootloader size - %d bytes\n",bootloader_size); | ||
258 | fprintf(stderr,"UCL image size - %d bytes (%d bytes padded)\n",ucl_size,ucl_paddedsize); | ||
259 | fprintf(stderr,"UCL unpack function size - %d bytes\n",uclunpack_size); | ||
260 | fprintf(stderr,"Original total size of firmware - %d bytes\n",(int)len); | ||
261 | |||
262 | /* Check we have room for our bootloader - in the future, we could UCL | ||
263 | pack this image as well if we need to. */ | ||
264 | if (bootloader_size > (firmware_size - ucl_paddedsize - uclunpack_size)) { | ||
265 | fprintf(stderr,"[ERR] Bootloader too large (%d bytes, %d available)\n", | ||
266 | bootloader_size, firmware_size - ucl_paddedsize - uclunpack_size); | ||
267 | return 1; | ||
268 | } | ||
269 | |||
270 | /* Zero the original firmware area - not needed, but helps debugging */ | ||
271 | memset(buf + 0x400, 0, firmware_size); | ||
272 | |||
273 | /* Locate our bootloader code at the start of the firmware block */ | ||
274 | n = read(fdboot, buf + 0x400, bootloader_size); | ||
275 | |||
276 | if (n != bootloader_size) { | ||
277 | fprintf(stderr,"[ERR] Could not load bootloader file\n"); | ||
278 | return 1; | ||
279 | } | ||
280 | close(fdboot); | ||
281 | |||
282 | /* Locate the compressed image of the original firmware block at the end | ||
283 | of the firmware block */ | ||
284 | n = read(fducl, buf + 0x400 + firmware_size - ucl_paddedsize, ucl_size); | ||
285 | |||
286 | if (n != ucl_size) { | ||
287 | fprintf(stderr,"[ERR] Could not load ucl file\n"); | ||
288 | return 1; | ||
289 | } | ||
290 | close(fducl); | ||
291 | |||
292 | |||
293 | /* Locate our UCL unpack function before copy of the compressed firmware */ | ||
294 | n = read(fduclunpack, buf + 0x400 + firmware_size - ucl_paddedsize - uclunpack_size, uclunpack_size); | ||
295 | |||
296 | if (n != uclunpack_size) { | ||
297 | fprintf(stderr,"[ERR] Could not load uclunpack file\n"); | ||
298 | return 1; | ||
299 | } | ||
300 | close(fduclunpack); | ||
301 | |||
302 | put_uint32le(&buf[0x420], 0x40000 - ucl_paddedsize - uclunpack_size + 1); /* UCL unpack entry point */ | ||
303 | put_uint32le(&buf[0x424], 0x40000 - ucl_paddedsize); /* Location of OF */ | ||
304 | put_uint32le(&buf[0x428], ucl_size); /* Size of UCL image */ | ||
305 | put_uint32le(&buf[0x42c], firmware_size - uclunpack_size - ucl_paddedsize); /* Start of data to copy */ | ||
306 | put_uint32le(&buf[0x430], uclunpack_size + ucl_paddedsize); /* Size of data to copy */ | ||
307 | |||
308 | /* Update checksum */ | ||
309 | sum = calc_checksum(buf + 0x400,firmware_size); | ||
310 | |||
311 | put_uint32le(&buf[0x04], sum); | ||
312 | put_uint32le(&buf[0x204], sum); | ||
313 | |||
314 | /* Update the whole-file checksum */ | ||
315 | filesum = 0; | ||
316 | for (i=0;i < (unsigned)len - 4; i+=4) | ||
317 | filesum += get_uint32le(&buf[i]); | ||
318 | |||
319 | put_uint32le(buf + len - 4, filesum); | ||
320 | |||
321 | |||
322 | /* Write the new firmware */ | ||
323 | fdout = open(outfile, O_CREAT|O_TRUNC|O_WRONLY|O_BINARY,0666); | ||
324 | |||
325 | if (fdout < 0) { | ||
326 | fprintf(stderr,"[ERR] Could not open %s for writing\n",outfile); | ||
327 | return 1; | ||
328 | } | ||
329 | |||
330 | n = write(fdout, buf, len); | ||
331 | |||
332 | if (n != (unsigned)len) { | ||
333 | fprintf(stderr,"[ERR] Could not write firmware file\n"); | ||
334 | return 1; | ||
335 | } | ||
336 | |||
337 | close(fdout); | ||
338 | |||
339 | return 0; | ||
340 | |||
341 | } | ||
diff --git a/utils/AMS/hacking/nrv2e_d8.S b/utils/AMS/hacking/nrv2e_d8.S deleted file mode 100644 index 89cb76dead..0000000000 --- a/utils/AMS/hacking/nrv2e_d8.S +++ /dev/null | |||
@@ -1,194 +0,0 @@ | |||
1 | /* arm_nrv2e_d8.S -- ARM decompressor for NRV2E | ||
2 | |||
3 | This file is part of the UPX executable compressor. | ||
4 | |||
5 | Copyright (C) 1996-2008 Markus Franz Xaver Johannes Oberhumer | ||
6 | Copyright (C) 1996-2008 Laszlo Molnar | ||
7 | Copyright (C) 2000-2008 John F. Reiser | ||
8 | All Rights Reserved. | ||
9 | |||
10 | UPX and the UCL library are free software; you can redistribute them | ||
11 | and/or modify them under the terms of the GNU General Public License as | ||
12 | published by the Free Software Foundation; either version 2 of | ||
13 | the License, or (at your option) any later version. | ||
14 | |||
15 | This program is distributed in the hope that it will be useful, | ||
16 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
18 | GNU General Public License for more details. | ||
19 | |||
20 | You should have received a copy of the GNU General Public License | ||
21 | along with this program; see the file COPYING. | ||
22 | If not, write to the Free Software Foundation, Inc., | ||
23 | 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
24 | |||
25 | Markus F.X.J. Oberhumer Laszlo Molnar | ||
26 | <markus@oberhumer.com> <ml1050@users.sourceforge.net> | ||
27 | |||
28 | John F. Reiser | ||
29 | <jreiser@users.sourceforge.net> | ||
30 | */ | ||
31 | #define SAFE 0 /* 1 for src+dst bounds checking: cost 40 bytes */ | ||
32 | |||
33 | #define src r0 | ||
34 | #define len r1 /* overlaps 'cnt' */ | ||
35 | #define dst r2 | ||
36 | #define tmp r3 | ||
37 | #define bits r4 | ||
38 | #define off r5 | ||
39 | #define wrnk r6 /* 0x500 M2_MAX_OFFSET before "wrinkle" */ | ||
40 | #define srclim r7 | ||
41 | #if 1==SAFE /*{*/ | ||
42 | #define dstlim r12 | ||
43 | #endif /*}*/ | ||
44 | |||
45 | #define cnt r1 /* overlaps 'len' while reading an offset */ | ||
46 | |||
47 | #if 1==SAFE /*{*/ | ||
48 | #define CHECK_SRC cmp src,srclim; bhs bad_src_n2e | ||
49 | #define CHECK_DST cmp dst,dstlim; bhs bad_dst_n2e | ||
50 | #else /*}{*/ | ||
51 | #define CHECK_SRC /*empty*/ | ||
52 | #define CHECK_DST /*empty*/ | ||
53 | #endif /*}*/ | ||
54 | |||
55 | #if 0 /*{ DEBUG only: check newly-decompressed against original dst */ | ||
56 | #define CHECK_BYTE \ | ||
57 | push {wrnk}; \ | ||
58 | ldrb wrnk,[dst]; \ | ||
59 | cmp wrnk,tmp; beq 0f; bkpt; \ | ||
60 | 0: pop {wrnk} | ||
61 | #else /*}{*/ | ||
62 | #define CHECK_BYTE /*empty*/ | ||
63 | #endif /*}*/ | ||
64 | |||
65 | /* "mov lr,pc; bxx ..." implements conditional subroutine call */ | ||
66 | #define GETBIT add bits,bits; mov lr,pc; beq get1_n2e | ||
67 | |||
68 | #define getnextb(reg) GETBIT; adc reg,reg | ||
69 | #define jnextb0 GETBIT; bcc | ||
70 | #define jnextb1 GETBIT; bcs | ||
71 | |||
72 | #ifndef PURE_THUMB | ||
73 | ucl_nrv2e_decompress_8: .globl ucl_nrv2e_decompress_8 @ ARM mode | ||
74 | .type ucl_nrv2e_decompress_8, %function | ||
75 | /* error = (*)(char const *src, int len_src, char *dst, int *plen_dst) | ||
76 | Actual decompressed length is stored through plen_dst. | ||
77 | For SAFE mode: at call, *plen_dst must be allowed length of output buffer. | ||
78 | */ | ||
79 | adr r12,1+.thumb_nrv2e_d8; bx r12 @ enter THUMB mode | ||
80 | #endif | ||
81 | .code 16 @ THUMB mode | ||
82 | .thumb_func | ||
83 | |||
84 | .thumb_nrv2e_d8: | ||
85 | #if 0 | ||
86 | push {r2,r3, r4,r5,r6,r7, lr} | ||
87 | #define sp_DST0 0 /* stack offset of original dst */ | ||
88 | #endif | ||
89 | add srclim,len,src @ srclim= eof_src; | ||
90 | #if 1==SAFE /*{*/ | ||
91 | ldr tmp,[r3] @ len_dst | ||
92 | add tmp,dst | ||
93 | mov dstlim,tmp | ||
94 | #endif /*}*/ | ||
95 | mov bits,#1; neg off,bits @ off= -1 initial condition | ||
96 | lsl bits,#31 @ 1<<31: refill next time | ||
97 | mov wrnk,#5 | ||
98 | lsl wrnk,#8 @ 0x500 @ nrv2e M2_MAX_OFFSET | ||
99 | b top_n2e | ||
100 | |||
101 | #if 1==SAFE /*{*/ | ||
102 | bad_dst_n2e: # return value will be 2 | ||
103 | add src,srclim,#1 | ||
104 | bad_src_n2e: # return value will be 1 | ||
105 | add src,#1 | ||
106 | #endif /*}*/ | ||
107 | eof_n2e: | ||
108 | #if 0 | ||
109 | pop {r3,r4} @ r3= orig_dst; r4= plen_dst | ||
110 | sub src,srclim @ 0 if actual src length equals expected length | ||
111 | sub dst,r3 @ actual dst length | ||
112 | str dst,[r4] | ||
113 | pop {r4,r5,r6,r7 /*,pc*/} | ||
114 | pop {r1}; bx r1 @ "pop {,pc}" fails return to ARM mode on ARMv4T | ||
115 | #else | ||
116 | mov r0, #0 | ||
117 | bx r0 /* Branch to 0x0, switch to ARM mode */ | ||
118 | #endif | ||
119 | |||
120 | get1_n2e: @ In: Carry set [from adding 0x80000000 (1<<31) to itself] | ||
121 | ldrb bits,[src] @ zero-extend next byte | ||
122 | adc bits,bits @ double and insert CarryIn as low bit | ||
123 | CHECK_SRC | ||
124 | add src,#1 | ||
125 | lsl bits,#24 @ move to top byte, and set CarryOut from old bit 8 | ||
126 | mov pc,lr @ return, stay in current (THUMB) mode | ||
127 | |||
128 | lit_n2e: | ||
129 | CHECK_SRC; ldrb tmp,[src]; add src,#1 | ||
130 | CHECK_BYTE | ||
131 | CHECK_DST; strb tmp,[dst]; add dst,#1 | ||
132 | top_n2e: | ||
133 | jnextb1 lit_n2e | ||
134 | mov cnt,#1; b getoff_n2e | ||
135 | |||
136 | off_n2e: | ||
137 | sub cnt,#1 | ||
138 | getnextb(cnt) | ||
139 | getoff_n2e: | ||
140 | getnextb(cnt) | ||
141 | jnextb0 off_n2e | ||
142 | |||
143 | sub tmp,cnt,#3 @ set Carry | ||
144 | mov len,#0 @ Carry unaffected | ||
145 | blo offprev_n2e @ cnt was 2; tests Carry only | ||
146 | lsl tmp,#8 | ||
147 | CHECK_SRC; ldrb off,[src]; add src,#1 @ low 7+1 bits | ||
148 | orr off,tmp | ||
149 | mvn off,off; beq eof_n2e @ off= ~off | ||
150 | asr off,#1; bcs lenlast_n2e | ||
151 | b lenmore_n2e | ||
152 | |||
153 | offprev_n2e: | ||
154 | jnextb1 lenlast_n2e | ||
155 | lenmore_n2e: | ||
156 | mov len,#1 | ||
157 | jnextb1 lenlast_n2e | ||
158 | len_n2e: | ||
159 | getnextb(len) | ||
160 | jnextb0 len_n2e | ||
161 | add len,#6-2 | ||
162 | b gotlen_n2e | ||
163 | |||
164 | lenlast_n2e: | ||
165 | getnextb(len) @ 0,1,2,3 | ||
166 | add len,#2 | ||
167 | gotlen_n2e: @ 'cmn': add the inputs, set condition codes, discard the sum | ||
168 | cmn wrnk,off; bcs near_n2e @ within M2_MAX_OFFSET | ||
169 | add len,#1 @ too far away, so minimum match length is 3 | ||
170 | near_n2e: | ||
171 | #if 1==SAFE /*{*/ | ||
172 | ldr tmp,[sp,#sp_DST0] | ||
173 | sub tmp,dst | ||
174 | sub tmp,off; bhi bad_dst_n2e @ reaching back too far | ||
175 | |||
176 | add tmp,dst,cnt | ||
177 | cmp tmp,dstlim; bhi bad_dst_n2e @ too much output | ||
178 | #endif /*}*/ | ||
179 | ldrb tmp,[dst] @ force cacheline allocate | ||
180 | copy_n2e: | ||
181 | ldrb tmp,[dst,off] | ||
182 | CHECK_BYTE | ||
183 | strb tmp,[dst]; add dst,#1 | ||
184 | sub len,#1; bne copy_n2e | ||
185 | b top_n2e | ||
186 | |||
187 | #ifndef PURE_THUMB | ||
188 | .size ucl_nrv2e_decompress_8, .-ucl_nrv2e_decompress_8 | ||
189 | #endif | ||
190 | |||
191 | /* | ||
192 | vi:ts=8:et:nowrap | ||
193 | */ | ||
194 | |||
diff --git a/utils/AMS/hacking/test.S b/utils/AMS/hacking/test.S deleted file mode 100644 index a4757b44ce..0000000000 --- a/utils/AMS/hacking/test.S +++ /dev/null | |||
@@ -1,55 +0,0 @@ | |||
1 | /* int ucl_nrv2e_decompress_8(const unsigned char *src, unsigned char *dst, | ||
2 | unsigned long *dst_len) */ | ||
3 | |||
4 | .text | ||
5 | .global ucl_nrv2e_decompress_8 | ||
6 | |||
7 | |||
8 | /* Vectors */ | ||
9 | ldr pc, =start | ||
10 | .word 0 | ||
11 | .word 0 | ||
12 | .word 0 | ||
13 | .word 0 | ||
14 | .word 0 | ||
15 | .word 0 | ||
16 | .word 0 | ||
17 | |||
18 | /* These values are filled in by mkamsboot - don't move them from offset 0x20 */ | ||
19 | ucl_unpack: .word 0 /* Entry point (plus 1 - for thumb) of ucl_unpack after copy*/ | ||
20 | ucl_start: .word 0 /* Start of the ucl-compressed OF image after copy */ | ||
21 | ucl_size: .word 0 /* Length in bytes of the compressed OF image */ | ||
22 | copy_start: .word 0 /* Start of the copy of the ucl_unpack function */ | ||
23 | copy_size: .word 0 /* uclunpack_size + ucl_paddedsize */ | ||
24 | |||
25 | start: | ||
26 | /* A delay loop - just to prove we're running */ | ||
27 | mov r1, #0x500000 /* Approximately 5 seconds */ | ||
28 | loop: subs r1, r1, #1 | ||
29 | bne loop | ||
30 | |||
31 | /* First copy the compressed firmware to unused RAM */ | ||
32 | |||
33 | ldr r0, copy_start /* Source */ | ||
34 | ldr r1, copy_size /* Source length */ | ||
35 | |||
36 | mov r2, #0x40000 /* Destination end */ | ||
37 | sub r2, r2, r1 | ||
38 | |||
39 | memcpy: | ||
40 | ldrb r3, [r0], #1 | ||
41 | strb r3, [r2], #1 | ||
42 | cmp r2, #0x40000 /* Stop when we reached dest_end */ | ||
43 | bne memcpy | ||
44 | |||
45 | /* Call the ucl decompress function, which will branch to 0x0 */ | ||
46 | /* on completion */ | ||
47 | |||
48 | ldr r0, ucl_start /* Address of compressed image */ | ||
49 | ldr r1, ucl_size /* Compressed size */ | ||
50 | mov r2, #0 /* Destination */ | ||
51 | |||
52 | ldr r3, ucl_unpack | ||
53 | bx r3 | ||
54 | |||
55 | /* never reached */ | ||