From c9a028cc183d638c16ca9a8858b783b1830be16f Mon Sep 17 00:00:00 2001 From: Amaury Pouly Date: Tue, 24 Jun 2014 18:04:17 +0200 Subject: Introduce hwpatcher, a tool to patch binaries This tool is a scriptable (lua) tool to patch binaries, it supports: - raw binary - ELF - SB(v1/v2) It also contains some basic routines to parse and generate useful arm/thumb code like jump or register load/store. This is very useful to take a firmware and patch an interrupt vector or some code to jump to an extra payload added to the binary. Examples are provided for several STMP based target which the payload is expected to be hwstub, and also for the Sansa View. A typical patcher usually requires three elements: - the lua patcher itself - the payload (hwstub for example) - (optional) a small stub either to jump properly to the payload or determine under which circumstance to do the jump (hold a key for example) Change-Id: I6d36020a3bc9e636615ac8221b7591ade5f251e3 --- utils/hwpatcher/lib.lua | 107 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 utils/hwpatcher/lib.lua (limited to 'utils/hwpatcher/lib.lua') diff --git a/utils/hwpatcher/lib.lua b/utils/hwpatcher/lib.lua new file mode 100644 index 0000000000..7a3e4a4115 --- /dev/null +++ b/utils/hwpatcher/lib.lua @@ -0,0 +1,107 @@ +--[[ +hwpatcher library + +The C code provides the following functions. + +At global level: +- quit() Quit the interactive mode +- exit() Same as quit() + +In the hwp table: +- load_file(filename) Load a firmware and guess type +- load_elf_file(filename) Load a firmware as ELF +- load_sb_file(filename) Load a firmware as SB +- load_sb1_file(filename) Load a firmware as SB1 +- load_bin_file(filename) Load a firmware as binary +- save_file(obj, filename) Save a firmware to a file +- read(obj, addr, len) Read data from a firmware +- write(obj, addr, data) Write data to a firmware +- section_info(obj, sec) Return information about a section in a table (or nil) +- md5sum(filename) Compute the MD5 sum of a file + +Data read/written from/to a firmware must must be an array of bytes. +The address must be a table of the following fields: +- address: contain the address +- section: optional section name +Data section information is a table with the following fields: +- address: first address if the section +- size: size of the section +We provide the following functions to help dealing with addresses: +- make_addr + +]]-- + +function hwp.deepcopy(o, seen) + seen = seen or {} + if o == nil then return nil end + if seen[o] then return seen[o] end + + local no + if type(o) == 'table' then + no = {} + seen[o] = no + + for k, v in next, o, nil do + no[hwp.deepcopy(k, seen)] = hwp.deepcopy(v, seen) + end + setmetatable(no, hwp.deepcopy(getmetatable(o), seen)) + else -- number, string, boolean, etc + no = o + end + return no +end + +function hwp.make_addr(addr, section) + local t = {addr = addr, section = section} + local addr_to_string = function(self) + if self.section == nil then + return string.format("%#x", self.addr) + else + return string.format("%#x@%s", self.addr, self.section) + end + end + setmetatable(t, {__tostring = addr_to_string}) + return t +end + +function hwp.inc_addr(addr, amount) + return hwp.make_addr(addr.addr + amount, addr.section) +end + +-- pack an array of bytes in a integer (little-endian) +function hwp.pack(arr) + local v = 0 + for i = #arr, 1, -1 do + v = bit32.bor(bit32.lshift(v, 8),bit32.band(arr[i], 0xff)) + end + return v +end + +-- do the converse +function hwp.unpack(v, n) + local t = {} + for i = 1, n do + t[i] = bit32.band(v, 0xff) + v = bit32.rshift(v, 8) + end + return t +end + +-- read a 32-bit value +function hwp.read32(obj, addr) + return hwp.pack(hwp.read(obj, addr, 4)) +end + +-- write a 32-bit value +function hwp.write32(obj, addr, v) + return hwp.write(obj, addr, hwp.unpack(v, 4)) +end + +-- convert a MD5 hash to a string +function hwp.md5str(md5) + local s = "" + for i = 1, #md5 do + s = s .. string.format("%02x", md5[i]) + end + return s +end -- cgit v1.2.3