diff options
Diffstat (limited to 'utils/hwpatcher/creative.lua')
-rw-r--r-- | utils/hwpatcher/creative.lua | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/utils/hwpatcher/creative.lua b/utils/hwpatcher/creative.lua new file mode 100644 index 0000000000..437785a0d5 --- /dev/null +++ b/utils/hwpatcher/creative.lua | |||
@@ -0,0 +1,49 @@ | |||
1 | --[[ | ||
2 | Creative ZEN hacking | ||
3 | required argument (in order): | ||
4 | - path to firmware | ||
5 | - path to output firmware | ||
6 | - path to blob | ||
7 | - path to stub | ||
8 | ]]-- | ||
9 | |||
10 | if #arg < 4 then | ||
11 | error("not enough argument to fuzep patcher") | ||
12 | end | ||
13 | |||
14 | local fw = hwp.load_file(arg[1]) | ||
15 | local irq_addr_pool = hwp.make_addr(0x38) | ||
16 | local proxy_addr = arm.to_arm(hwp.make_addr(0x402519A0)) | ||
17 | -- read old IRQ address pool | ||
18 | local old_irq_addr = hwp.make_addr(hwp.read32(fw, irq_addr_pool)) | ||
19 | print(string.format("Old IRQ address: %s", old_irq_addr)) | ||
20 | -- put stub at the beginning of the proxy | ||
21 | local stub = hwp.load_bin_file(arg[4]) | ||
22 | local stub_info = hwp.section_info(stub, "") | ||
23 | local stub_data = hwp.read(stub, hwp.make_addr(stub_info.addr, ""), stub_info.size) | ||
24 | hwp.write(fw, proxy_addr, stub_data) | ||
25 | local stub_addr = proxy_addr | ||
26 | proxy_addr = hwp.inc_addr(proxy_addr, stub_info.size) | ||
27 | -- modify irq | ||
28 | hwp.write32(fw, irq_addr_pool, proxy_addr.addr) | ||
29 | print(string.format("New IRQ address: %s", proxy_addr)) | ||
30 | -- in proxy, save registers | ||
31 | arm.write_save_regs(fw, proxy_addr) | ||
32 | proxy_addr = hwp.inc_addr(proxy_addr, 4) | ||
33 | -- load blob | ||
34 | local blob = hwp.load_bin_file(arg[3]) | ||
35 | local blob_info = hwp.section_info(blob, "") | ||
36 | -- patch blob with stub address | ||
37 | hwp.write32(blob, hwp.make_addr(blob_info.addr + 4, ""), stub_addr.addr) | ||
38 | -- write it ! | ||
39 | local blob_data = hwp.read(blob, hwp.make_addr(blob_info.addr, ""), blob_info.size) | ||
40 | hwp.write(fw, proxy_addr, blob_data) | ||
41 | proxy_addr = hwp.inc_addr(proxy_addr, blob_info.size) | ||
42 | -- restore registers | ||
43 | arm.write_restore_regs(fw, proxy_addr) | ||
44 | proxy_addr = hwp.inc_addr(proxy_addr, 4) | ||
45 | -- branch to old code | ||
46 | local branch_to_old = arm.make_branch(old_irq_addr, false) | ||
47 | arm.write_branch(fw, proxy_addr, branch_to_old, hwp.inc_addr(proxy_addr, 4)) | ||
48 | -- save | ||
49 | hwp.save_file(fw, arg[2]) | ||