1 /***************************************************************************
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
10 * Copyright (C) 2002 - 2007 by Björn Stenberg
12 * All files in this archive are subject to the GNU General Public License.
13 * See the file COPYING in the source tree root for full license agreement.
15 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
16 * KIND, either express or implied.
18 ****************************************************************************/
26 #include "gigabeats.h"
28 #include "telechips.h"
30 #include "iaudio_bl_flash.h"
32 int iaudio_encode(char *iname
, char *oname
, char *idstring
);
33 int ipod_encode(char *iname
, char *oname
, int fw_ver
, bool fake_rsrc
);
37 ARCHOS_PLAYER
, /* and V1 recorder */
44 static unsigned int size_limit
[] =
46 0x32000, /* ARCHOS_PLAYER */
47 0x64000, /* ARCHOS_V2RECORDER */
48 0x64000, /* ARCHOS_FMRECORDER */
49 0x64000, /* ARCHOS_ONDIO_SP */
50 0x64000 /* ARCHOS_ONDIO_FM */
53 void short2le(unsigned short val
, unsigned char* addr
)
56 addr
[1] = (val
>> 8) & 0xff;
59 unsigned int le2int(unsigned char* buf
)
61 unsigned int res
= (buf
[3] << 24) | (buf
[2] << 16) | (buf
[1] << 8) | buf
[0];
66 void int2le(unsigned int val
, unsigned char* addr
)
69 addr
[1] = (val
>> 8) & 0xff;
70 addr
[2] = (val
>> 16) & 0xff;
71 addr
[3] = (val
>> 24) & 0xff;
74 void int2be(unsigned int val
, unsigned char* addr
)
76 addr
[0] = (val
>> 24) & 0xff;
77 addr
[1] = (val
>> 16) & 0xff;
78 addr
[2] = (val
>> 8) & 0xff;
82 void short2be(unsigned short val
, unsigned char* addr
)
84 addr
[0] = (val
>> 8) & 0xff;
90 printf("usage: scramble [options] <input file> <output file> [xor string]\n");
92 "\t-fm Archos FM recorder format\n"
93 "\t-v2 Archos V2 recorder format\n"
94 "\t-ofm Archos Ondio FM recorder format\n"
95 "\t-osp Archos Ondio SP format\n"
96 "\t-neo SSI Neo format\n"
97 "\t-mm=X Archos Multimedia format (X values: A=JBMM, B=AV1xx, C=AV3xx)\n"
98 "\t-iriver iRiver format\n"
99 "\t-iaudiox5 iAudio X5 format\n"
100 "\t-iaudiox5v iAudio X5V format\n"
101 "\t-iaudiom5 iAudio M5 format\n"
102 "\t-iaudiom3 iAudio M3 format\n");
103 printf("\t-ipod3g ipod firmware partition format (3rd Gen)\n"
104 "\t-ipod4g ipod firmware partition format (4th Gen, Mini, Nano, Photo/Color)\n"
105 "\t-ipod5g ipod firmware partition format (5th Gen - aka Video)\n"
106 "\t-creative=X Creative firmware structure format\n"
107 "\t (X values: zvm, zvm60, zenvision\n"
109 printf("\t-gigabeat Toshiba Gigabeat F/X format\n"
110 "\t-gigabeats Toshiba Gigabeat S format\n"
111 "\t-mi4v2 PortalPlayer .mi4 format (revision 010201)\n"
112 "\t-mi4v3 PortalPlayer .mi4 format (revision 010301)\n"
113 "\t-mi4r Sandisk Rhapsody .mi4 format\n"
114 "\t All mi4 options take two optional arguments:\n");
115 printf("\t -model=XXXX where XXXX is the model id string\n"
116 "\t -type=XXXX where XXXX is a string indicating the \n"
117 "\t type of binary, eg. RBOS, RBBL\n"
118 "\t-tcc=X Telechips generic firmware format (X values: sum, crc)\n"
119 "\t-add=X Rockbox generic \"add-up\" checksum format\n"
120 "\t (X values: h100, h120, h140, h300, ipco, nano, ipvd, mn2g\n"
121 "\t ip3g, ip4g, mini, iax5, iam5, iam3, h10, h10_5gb,\n"
122 "\t tpj2, c200, e200, giga, gigs, m100, m500, d2,\n");
123 printf("\t 9200)\n");
124 printf("\nNo option results in Archos standard player/recorder format.\n");
129 int main (int argc
, char** argv
)
131 unsigned long length
,i
,slen
=0;
132 unsigned char *inbuf
,*outbuf
;
133 unsigned short crc
=0;
134 unsigned long chksum
=0; /* 32 bit checksum */
135 unsigned char header
[24];
136 char *iname
= argv
[1];
137 char *oname
= argv
[2];
138 char *xorstring
=NULL
;
142 unsigned long modelnum
;
145 enum { none
, scramble
, xor, tcc_sum
, tcc_crc
, add
} method
= scramble
;
147 model_id
= ARCHOS_PLAYER
;
153 if(!strcmp(argv
[1], "-fm")) {
158 model_id
= ARCHOS_FMRECORDER
;
161 else if(!strcmp(argv
[1], "-v2")) {
166 model_id
= ARCHOS_V2RECORDER
;
169 else if(!strcmp(argv
[1], "-ofm")) {
174 model_id
= ARCHOS_ONDIO_FM
;
177 else if(!strcmp(argv
[1], "-osp")) {
182 model_id
= ARCHOS_ONDIO_SP
;
185 else if(!strcmp(argv
[1], "-neo")) {
191 else if(!strncmp(argv
[1], "-mm=", 4)) {
196 version
= argv
[1][4];
200 printf("Multimedia needs an xor string\n");
204 else if(!strncmp(argv
[1], "-tcc=", 4)) {
209 if(!strcmp(&argv
[1][5], "sum"))
211 else if(!strcmp(&argv
[1][5], "crc"))
214 fprintf(stderr
, "unsupported TCC method: %s\n", &argv
[1][5]);
218 else if(!strncmp(argv
[1], "-add=", 5)) {
223 if(!strcmp(&argv
[1][5], "h120"))
225 else if(!strcmp(&argv
[1][5], "h140"))
226 modelnum
= 0; /* the same as the h120 */
227 else if(!strcmp(&argv
[1][5], "h100"))
229 else if(!strcmp(&argv
[1][5], "h300"))
231 else if(!strcmp(&argv
[1][5], "ipco"))
233 else if(!strcmp(&argv
[1][5], "nano"))
235 else if(!strcmp(&argv
[1][5], "ipvd"))
237 else if(!strcmp(&argv
[1][5], "fp7x"))
239 else if(!strcmp(&argv
[1][5], "ip3g"))
241 else if(!strcmp(&argv
[1][5], "ip4g"))
243 else if(!strcmp(&argv
[1][5], "mini"))
245 else if(!strcmp(&argv
[1][5], "iax5"))
247 else if(!strcmp(&argv
[1][5], "mn2g"))
249 else if(!strcmp(&argv
[1][5], "h10"))
251 else if(!strcmp(&argv
[1][5], "h10_5gb"))
253 else if(!strcmp(&argv
[1][5], "tpj2"))
255 else if(!strcmp(&argv
[1][5], "e200"))
257 else if(!strcmp(&argv
[1][5], "iam5"))
259 else if(!strcmp(&argv
[1][5], "giga"))
261 else if(!strcmp(&argv
[1][5], "1g2g"))
263 else if(!strcmp(&argv
[1][5], "c200"))
265 else if(!strcmp(&argv
[1][5], "gigs"))
267 else if(!strcmp(&argv
[1][5], "m500"))
269 else if(!strcmp(&argv
[1][5], "m100"))
271 else if(!strcmp(&argv
[1][5], "d2"))
273 else if(!strcmp(&argv
[1][5], "iam3"))
275 else if(!strcmp(&argv
[1][5], "9200")) /* Philips SA9200 */
278 fprintf(stderr
, "unsupported model: %s\n", &argv
[1][5]);
281 /* we store a 4-letter model name too, for humans */
282 strcpy(modelname
, &argv
[1][5]);
283 chksum
= modelnum
; /* start checksum calcs with this */
286 else if(!strcmp(argv
[1], "-iriver")) {
287 /* iRiver code dealt with in the iriver.c code */
290 return (iriver_encode(iname
, oname
, FALSE
) != 0) ? -1 : 0;
292 else if(!strcmp(argv
[1], "-gigabeat")) {
293 /* iRiver code dealt with in the iriver.c code */
296 gigabeat_code(iname
, oname
);
299 else if(!strcmp(argv
[1], "-gigabeats")) {
302 gigabeat_s_code(iname
, oname
);
305 else if(!strcmp(argv
[1], "-iaudiox5")) {
308 return iaudio_encode(iname
, oname
, "COWON_X5_FW");
310 else if(!strcmp(argv
[1], "-iaudiox5v")) {
313 return iaudio_encode(iname
, oname
, "COWON_X5V_FW");
315 else if(!strcmp(argv
[1], "-iaudiom5")) {
318 return iaudio_encode(iname
, oname
, "COWON_M5_FW");
320 else if(!strcmp(argv
[1], "-iaudiom3")) {
323 return iaudio_encode(iname
, oname
, "COWON_M3_FW");
325 else if(!strcmp(argv
[1], "-ipod3g")) {
328 return ipod_encode(iname
, oname
, 2, false); /* Firmware image v2 */
330 else if(!strcmp(argv
[1], "-ipod4g")) {
333 return ipod_encode(iname
, oname
, 3, false); /* Firmware image v3 */
335 else if(!strcmp(argv
[1], "-ipod5g")) {
338 return ipod_encode(iname
, oname
, 3, true); /* Firmware image v3 */
340 else if(!strncmp(argv
[1], "-creative=", 10)) {
343 if(!strcmp(&argv
[1][10], "zvm"))
344 return zvm_encode(iname
, oname
, ZENVISIONM
);
345 else if(!strcmp(&argv
[1][10], "zvm60"))
346 return zvm_encode(iname
, oname
, ZENVISIONM60
);
347 else if(!strcmp(&argv
[1][10], "zenvision"))
348 return zvm_encode(iname
, oname
, ZENVISION
);
349 else if(!strcmp(&argv
[1][10], "zenv"))
350 return zvm_encode(iname
, oname
, ZENV
);
351 else if(!strcmp(&argv
[1][10], "zen"))
352 return zvm_encode(iname
, oname
, ZEN
);
354 fprintf(stderr
, "unsupported Creative device: %s\n", &argv
[1][10]);
358 else if(!strncmp(argv
[1], "-mi4", 4)) {
363 if(!strcmp(&argv
[1][4], "v2")) {
364 mi4magic
= MI4_MAGIC_DEFAULT
;
365 version
= 0x00010201;
367 else if(!strcmp(&argv
[1][4], "v3")) {
368 mi4magic
= MI4_MAGIC_DEFAULT
;
369 version
= 0x00010301;
371 else if(!strcmp(&argv
[1][4], "r")) {
372 mi4magic
= MI4_MAGIC_R
;
373 version
= 0x00010301;
376 printf( "Invalid mi4 version: %s\n", &argv
[1][4]);
383 if(!strncmp(argv
[2], "-model=", 7)) {
386 strncpy(model
, &argv
[2][7], 4);
388 if(!strncmp(argv
[3], "-type=", 6)) {
391 strncpy(type
, &argv
[3][6], 4);
395 return mi4_encode(iname
, oname
, version
, mi4magic
, model
, type
);
399 file
= fopen(iname
,"rb");
404 fseek(file
,0,SEEK_END
);
405 length
= ftell(file
);
406 length
= (length
+ 3) & ~3; /* Round up to nearest 4 byte boundary */
408 if ((method
== scramble
) &&
409 ((length
+ headerlen
) >= size_limit
[model_id
])) {
410 printf("error: firmware image is %ld bytes while max size is %u!\n",
412 size_limit
[model_id
]);
417 fseek(file
,0,SEEK_SET
);
418 inbuf
= malloc(length
);
420 outbuf
= malloc(length
*2);
421 else if(method
== add
)
422 outbuf
= malloc(length
+ 8);
424 outbuf
= malloc(length
);
425 if ( !inbuf
|| !outbuf
) {
426 printf("out of memory!\n");
430 /* zero-fill the last 4 bytes to make sure there's no rubbish there
431 when we write the size-aligned file later */
432 memset(outbuf
+length
-4, 0, 4);
436 i
=fread(inbuf
,1,length
,file
);
446 for (i
= 0; i
< length
; i
++) {
447 /* add 8 unsigned bits but keep a 32 bit sum */
453 for (i
= 0; i
< length
; i
++) {
454 unsigned long addr
= (i
>> 2) + ((i
% 4) * slen
);
455 unsigned char data
= inbuf
[i
];
456 data
= ~((data
<< 1) | ((data
>> 7) & 1)); /* poor man's ROL */
464 for (i
=0; i
<length
; i
++) {
466 outbuf
[slen
++] = 0xff; /* all data is uncompressed */
467 outbuf
[slen
++] = inbuf
[i
];
472 /* dummy case just to silence picky compilers */
476 if((method
== none
) || (method
== scramble
) || (method
== xor)) {
477 /* calculate checksum */
478 for (i
=0;i
<length
;i
++)
482 memset(header
, 0, sizeof header
);
487 int2be(chksum
, header
); /* checksum, big-endian */
488 memcpy(&header
[4], modelname
, 4); /* 4 bytes model name */
489 memcpy(outbuf
, inbuf
, length
); /* the input buffer to output*/
495 memcpy(outbuf
, inbuf
, length
); /* the input buffer to output*/
496 telechips_encode_sum(outbuf
, length
);
500 memcpy(outbuf
, inbuf
, length
); /* the input buffer to output*/
501 telechips_encode_crc(outbuf
, length
);
505 if (headerlen
== 6) {
506 int2be(length
, header
);
507 header
[4] = (crc
>> 8) & 0xff;
508 header
[5] = crc
& 0xff;
514 header
[3] = 0xff; /* ??? */
516 header
[6] = (crc
>> 8) & 0xff;
517 header
[7] = crc
& 0xff;
519 header
[11] = version
;
521 header
[15] = headerlen
; /* really? */
523 int2be(length
, &header
[20]);
529 int xorlen
= strlen(xorstring
);
532 for (i
=0; i
<slen
; i
++)
533 outbuf
[i
] ^= xorstring
[i
& (xorlen
-1)];
535 /* calculate checksum */
536 for (i
=0; i
<slen
; i
++)
539 header
[0] = header
[2] = 'Z';
540 header
[1] = header
[3] = version
;
541 int2le(length
, &header
[4]);
542 int2le(slen
, &header
[8]);
543 int2le(crc
, &header
[12]);
548 #define MY_FIRMWARE_TYPE "Rockbox"
549 #define MY_HEADER_VERSION 1
551 strncpy((char *)header
, MY_FIRMWARE_TYPE
,9);
552 header
[9]='\0'; /*shouldn't have to, but to be SURE */
553 header
[10]=MY_HEADER_VERSION
&0xFF;
554 header
[11]=(crc
>>8)&0xFF;
556 int2be(sizeof(header
), &header
[12]);
561 file
= fopen(oname
,"wb");
567 if ( !fwrite(header
,headerlen
,1,file
) ) {
572 if ( !fwrite(outbuf
,length
,1,file
) ) {
584 int iaudio_encode(char *iname
, char *oname
, char *idstring
)
589 unsigned char *outbuf
;
591 unsigned char sum
= 0;
593 file
= fopen(iname
, "rb");
598 fseek(file
,0,SEEK_END
);
599 length
= ftell(file
);
601 fseek(file
,0,SEEK_SET
);
602 outbuf
= malloc(length
+0x1030);
605 printf("out of memory!\n");
609 len
= fread(outbuf
+0x1030, 1, length
, file
);
610 if(len
< (size_t) length
) {
615 memset(outbuf
, 0, 0x1030);
616 strcpy((char *)outbuf
, idstring
);
617 memcpy(outbuf
+0x20, iaudio_bl_flash
,
618 BMPWIDTH_iaudio_bl_flash
* (BMPHEIGHT_iaudio_bl_flash
/8) * 2);
619 short2be(BMPWIDTH_iaudio_bl_flash
, &outbuf
[0x10]);
620 short2be((BMPHEIGHT_iaudio_bl_flash
/8), &outbuf
[0x12]);
623 for(i
= 0; i
< length
;i
++)
624 sum
+= outbuf
[0x1030 + i
];
626 int2be(length
, &outbuf
[0x1024]);
627 outbuf
[0x102b] = sum
;
631 file
= fopen(oname
, "wb");
637 len
= fwrite(outbuf
, 1, length
+0x1030, file
);
638 if(len
< (size_t)length
) {
648 /* Create an ipod firmware partition image
650 fw_ver = 2 for 3rd Gen ipods, 3 for all later ipods including 5g.
652 This function doesn't yet handle the Broadcom resource image for the 5g,
653 so the resulting images won't be usable.
655 This has also only been tested on an ipod Photo
658 int ipod_encode(char *iname
, char *oname
, int fw_ver
, bool fake_rsrc
)
660 static const char *apple_stop_sign
= "{{~~ /-----\\ "\
681 unsigned int sum
= 0;
682 unsigned int rsrcsum
= 0;
683 unsigned char *outbuf
;
687 file
= fopen(iname
, "rb");
692 fseek(file
,0,SEEK_END
);
693 length
= ftell(file
);
695 fseek(file
,0,SEEK_SET
);
697 bufsize
=(length
+0x4600);
699 bufsize
= (bufsize
+ 0x400) & ~0x200;
702 outbuf
= malloc(bufsize
);
705 printf("out of memory!\n");
709 len
= fread(outbuf
+0x4600, 1, length
, file
);
710 if(len
< (size_t)length
) {
716 /* Calculate checksum for later use in header */
717 for(i
= 0x4600; i
< 0x4600+length
;i
++)
720 /* Clear the header area to zero */
721 memset(outbuf
, 0, 0x4600);
723 /* APPLE STOP SIGN */
724 strcpy((char *)outbuf
, apple_stop_sign
);
727 memcpy(&outbuf
[0x100],"]ih[",4); /* Magic */
728 int2le(0x4000, &outbuf
[0x104]); /* Firmware offset relative to 0x200 */
729 short2le(0x10c, &outbuf
[0x108]); /* Location of extended header */
730 short2le(fw_ver
, &outbuf
[0x10a]);
732 /* Firmware Directory - "osos" entry */
733 memcpy(&outbuf
[0x4200],"!ATAsoso",8); /* dev and type */
734 int2le(0, &outbuf
[0x4208]); /* id */
735 int2le(0x4400, &outbuf
[0x420c]); /* devOffset */
736 int2le(length
, &outbuf
[0x4210]); /* Length of firmware */
737 int2le(0x10000000, &outbuf
[0x4214]); /* Addr */
738 int2le(0, &outbuf
[0x4218]); /* Entry Offset */
739 int2le(sum
, &outbuf
[0x421c]); /* Checksum */
740 int2le(0x00006012, &outbuf
[0x4220]); /* vers - 0x6012 is a guess */
741 int2le(0xffffffff, &outbuf
[0x4224]); /* LoadAddr - for flash images */
743 /* "rsrc" entry (if applicable) */
745 rsrcoffset
=(length
+0x4600+0x200) & ~0x200;
749 memcpy(&outbuf
[0x4228],"!ATAcrsr",8); /* dev and type */
750 int2le(0, &outbuf
[0x4230]); /* id */
751 int2le(rsrcoffset
, &outbuf
[0x4234]); /* devOffset */
752 int2le(rsrclength
, &outbuf
[0x4238]); /* Length of firmware */
753 int2le(0x10000000, &outbuf
[0x423c]); /* Addr */
754 int2le(0, &outbuf
[0x4240]); /* Entry Offset */
755 int2le(rsrcsum
, &outbuf
[0x4244]); /* Checksum */
756 int2le(0x0000b000, &outbuf
[0x4248]); /* vers */
757 int2le(0xffffffff, &outbuf
[0x424c]); /* LoadAddr - for flash images */
760 file
= fopen(oname
, "wb");
766 len
= fwrite(outbuf
, 1, length
+0x4600, file
);
767 if(len
< (size_t)length
) {