rbutil/mktccboot/mktccboot.c

   1 /***************************************************************************
   2  *             __________               __   ___.
   3  *   Open      \______   \ ____   ____ |  | _\_ |__   _______  ___
   4  *   Source     |       _//  _ \_/ ___\|  |/ /| __ \ /  _ \  \/  /
   5  *   Jukebox    |    |   (  <_> )  \___|    < | \_\ (  <_> > <  <
   6  *   Firmware   |____|_  /\____/ \___  >__|_ \|___  /\____/__/\_ \
   7  *                     \/            \/     \/    \/            \/
   8  * $Id$
   9  *
  10  * Copyright (C) 2007 by Dave Chapman
  11  *
  12  * Based on mkboot, Copyright (C) 2005 by Linus Nielsen Feltzing
  13  *
  14  * This program is free software; you can redistribute it and/or
  15  * modify it under the terms of the GNU General Public License
  16  * as published by the Free Software Foundation; either version 2
  17  * of the License, or (at your option) any later version.
  18  *
  19  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20  * KIND, either express or implied.
  21  *
  22  ****************************************************************************/
  23 #include <stdio.h>
  24 #include <stdlib.h>
  25 #include <string.h>
  26 #include <unistd.h>
  27 #include <sys/types.h>
  28 #include <sys/stat.h>
  29 #include <fcntl.h>
  30 #include <inttypes.h>
  31 #include "mktccboot.h"
  32 #include "telechips.h"
  33
  34 /*
  35
  36 Append a Rockbox bootloader to a Telechips original firmware file.
  37
  38 The first instruction in a TCC firmware file is always of the form:
  39
  40    ldr     pc, [pc, #xxx]
  41
  42 where [pc, #xxx] is the entry point of the firmware - e.g. 0x20000020
  43
  44 mktccboot appends the Rockbox bootloader to the end of the original
  45 firmware image and replaces the contents of [pc, #xxx] with the entry
  46 point of our bootloader - i.e. the length of the original firmware plus
  47 0x20000000.
  48
  49 It then stores the original entry point from [pc, #xxx] in a fixed
  50 offset in the Rockbox boootloader, which is used by the bootloader to
  51 dual-boot.
  52
  53 Finally, mktccboot corrects the length and CRCs in the main firmware
  54 header, creating a new legal firmware file which can be installed on
  55 the device.
  56
  57 */
  58
  59 /* win32 compatibility */
  60
  61 #ifndef O_BINARY
  62 #define O_BINARY 0
  63 #endif
  64
  65 static void put_uint32le(uint32_t x, unsigned char* p)
  66 {
  67     p[0] = x & 0xff;
  68     p[1] = (x >> 8) & 0xff;
  69     p[2] = (x >> 16) & 0xff;
  70     p[3] = (x >> 24) & 0xff;
  71 }
  72
  73 static uint32_t get_uint32le(unsigned char* p)
  74 {
  75     return (p[3] << 24) | (p[2] << 16) | (p[1]<<8) | p[0];
  76 }
  77
  78 void usage(void)
  79 {
  80     printf("Usage: mktccboot <firmware file> <boot file> <output file>\n");
  81
  82     exit(1);
  83 }
  84
  85 static off_t filesize(int fd) {
  86     struct stat buf;
  87
  88     if (fstat(fd,&buf) < 0) {
  89         perror("[ERR]  Checking filesize of input file");
  90         return -1;
  91     } else {
  92         return(buf.st_size);
  93     }
  94 }
  95
  96 #define DRAMORIG 0x20000000
  97 /* Injects a bootloader into a Telechips 77X/78X firmware file */
  98 unsigned char *patch_firmware_tcc(unsigned char *of_buf, int of_size,
  99         unsigned char *boot_buf, int boot_size, int *patched_size)
 100 {
 101     unsigned char *patched_buf;
 102     uint32_t ldr, old_ep_offset, new_ep_offset;
 103     int of_offset;
 104
 105     patched_buf = malloc(of_size + boot_size);
 106     if (!patched_buf)
 107         return NULL;
 108
 109     memcpy(patched_buf, of_buf, of_size);
 110     memcpy(patched_buf + of_size, boot_buf, boot_size);
 111
 112     ldr = get_uint32le(patched_buf);
 113
 114     /* TODO: Verify it's a LDR instruction */
 115     of_offset = (ldr & 0xfff) + 8;
 116     old_ep_offset = get_uint32le(patched_buf + of_offset);
 117     new_ep_offset = DRAMORIG + of_size;
 118
 119     printf("OF entry point: 0x%08x\n", old_ep_offset);
 120     printf("New entry point: 0x%08x\n", new_ep_offset + 8);
 121
 122     /* Save the OF entry point at the start of the bootloader image */
 123     put_uint32le(old_ep_offset, patched_buf + of_size);
 124     put_uint32le(new_ep_offset, patched_buf + of_size + 4);
 125
 126     /* Change the OF entry point to the third word in our bootloader */
 127     put_uint32le(new_ep_offset + 8, patched_buf + of_offset);
 128
 129     telechips_encode_crc(patched_buf, of_size + boot_size);
 130     *patched_size = of_size + boot_size;
 131
 132     return patched_buf;
 133 }
 134
 135 unsigned char *file_read(char *filename, int *size)
 136 {
 137     unsigned char *buf = NULL;
 138     int n, fd = -1;
 139
 140     /* Open file for reading */
 141     fd = open(filename, O_RDONLY|O_BINARY);
 142     if (fd < 0)
 143     {
 144         printf("[ERR] Could open file for reading, aborting\n");
 145         perror(filename);
 146         goto error;
 147     }
 148
 149     /* Get file size, and allocate a buffer of that size */
 150     *size = filesize(fd);
 151     buf = malloc(*size);
 152     if (buf == NULL)
 153     {
 154         printf("[ERR] Could not allocate memory, aborting\n");
 155         goto error;
 156     }
 157
 158     /* Read the file's content to the buffer */
 159     n = read(fd, buf, *size);
 160     if (n != *size)
 161     {
 162         printf("[ERR] Could not read from %s\n", filename);
 163         goto error;
 164     }
 165
 166     return buf;
 167
 168 error:
 169     if (fd >= 0)
 170         close(fd);
 171
 172     if (buf)
 173         free(buf);
 174
 175     return NULL;
 176 }
 177
 178 #ifndef LIB
 179 int main(int argc, char *argv[])
 180 {
 181     char *infile, *bootfile, *outfile;
 182     int fdout = -1;
 183     int n, of_size, boot_size, patched_size;
 184     unsigned char *of_buf;
 185     unsigned char *boot_buf = NULL;
 186     unsigned char* image = NULL;
 187     int ret = 0;
 188
 189     if(argc < 3) {
 190         usage();
 191     }
 192
 193     infile = argv[1];
 194     bootfile = argv[2];
 195     outfile = argv[3];
 196
 197     /* Read OF and boot files */
 198     of_buf = file_read(infile, &of_size);
 199     if (!of_buf)
 200     {
 201         ret = 1;
 202         goto error_exit;
 203     }
 204
 205     boot_buf = file_read(bootfile, &boot_size);
 206     if (!boot_buf)
 207     {
 208         ret = 3;
 209         goto error_exit;
 210     }
 211
 212     /* Allocate buffer for patched firmware */
 213     image = malloc(of_size + boot_size);
 214     if (image == NULL)
 215     {
 216         printf("[ERR] Could not allocate memory, aborting\n");
 217         ret = 4;
 218         goto error_exit;
 219     }
 220
 221     /* Create the patched firmware */
 222     image = patch_firmware_tcc(of_buf, of_size, boot_buf, boot_size,
 223             &patched_size);
 224     if (!image)
 225     {
 226         printf("[ERR] Error creating patched firmware, aborting\n");
 227         ret = 5;
 228         goto error_exit;
 229     }
 230
 231     fdout = open(outfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644);
 232     if (fdout < 0)
 233     {
 234         perror(outfile);
 235         ret = 6;
 236         goto error_exit;
 237     }
 238
 239     n = write(fdout, image, patched_size);
 240     if (n != patched_size)
 241     {
 242         printf("[ERR] Could not write output file %s\n",outfile);
 243         ret = 7;
 244         goto error_exit;
 245     }
 246
 247 error_exit:
 248
 249     if (fdout >= 0)
 250         close(fdout);
 251
 252     if (of_buf)
 253         free(of_buf);
 254
 255     if (boot_buf)
 256         free(boot_buf);
 257
 258     if (image)
 259         free(image);
 260
 261     return ret;
 262 }
 263 #endif