search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Always save manually entered proxy values.
[Rockbox.git] / bootloader / main-pp.c
blobdd8b7984ca48a97d28cc52b07aabfe07b079ae5a
1 /***************************************************************************
2 * __________ __ ___.
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
7 * \/ \/ \/ \/ \/
8 * $Id$
9 *
10 * Copyright (C) 2006 by Barry Wardell
11 *
12 * Based on Rockbox iriver bootloader by Linus Nielsen Feltzing
13 * and the ipodlinux bootloader by Daniel Palffy and Bernard Leach
14 *
15 * All files in this archive are subject to the GNU General Public License.
16 * See the file COPYING in the source tree root for full license agreement.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ****************************************************************************/
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include "common.h"
25 #include "cpu.h"
26 #include "file.h"
27 #include "system.h"
28 #include "kernel.h"
29 #include "lcd.h"
30 #include "font.h"
31 #include "ata.h"
32 #include "button.h"
33 #include "disk.h"
34 #include "crc32-mi4.h"
35 #include <string.h>
36 #ifdef SANSA_E200
37 #include "usb.h"
38 #endif
39
40
41 /* Button definitions */
42 #if CONFIG_KEYPAD == IRIVER_H10_PAD
43 #define BOOTLOADER_BOOT_OF BUTTON_LEFT
44
45 #elif CONFIG_KEYPAD == SANSA_E200_PAD
46 #define BOOTLOADER_BOOT_OF BUTTON_LEFT
47
48 #endif
49
50 /* Maximum allowed firmware image size. 10MB is more than enough */
51 #define MAX_LOADSIZE (10*1024*1024)
52
53 /* A buffer to load the original firmware or Rockbox into */
54 unsigned char *loadbuffer = (unsigned char *)DRAM_START;
55
56 /* Bootloader version */
57 char version[] = APPSVERSION;
58
59 /* Locations and sizes in hidden partition on Sansa */
60 #ifdef SANSA_E200
61 #define PPMI_SECTOR_OFFSET 1024
62 #define PPMI_SECTORS 1
63 #define MI4_HEADER_SECTORS 1
64 #define NUM_PARTITIONS 2
65
66 #else
67 #define NUM_PARTITIONS 1
68
69 #endif
70
71 #define MI4_HEADER_SIZE 0x200
72
73 /* mi4 header structure */
74 struct mi4header_t {
75 unsigned char magic[4];
76 uint32_t version;
77 uint32_t length;
78 uint32_t crc32;
79 uint32_t enctype;
80 uint32_t mi4size;
81 uint32_t plaintext;
82 uint32_t dsa_key[10];
83 uint32_t pad[109];
84 unsigned char type[4];
85 unsigned char model[4];
86 };
87
88 /* PPMI header structure */
89 struct ppmi_header_t {
90 unsigned char magic[4];
91 uint32_t length;
92 uint32_t pad[126];
93 };
94
95 inline unsigned int le2int(unsigned char* buf)
96 {
97 int32_t res = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0];
98
99 return res;
100 }
101
102 inline void int2le(unsigned int val, unsigned char* addr)
103 {
104 addr[0] = val & 0xFF;
105 addr[1] = (val >> 8) & 0xff;
106 addr[2] = (val >> 16) & 0xff;
107 addr[3] = (val >> 24) & 0xff;
108 }
109
110 struct tea_key {
111 const char * name;
112 uint32_t key[4];
113 };
114
115 #define NUM_KEYS 11
116 struct tea_key tea_keytable[] = {
117 { "default" , { 0x20d36cc0, 0x10e8c07d, 0xc0e7dcaa, 0x107eb080 } },
118 { "sansa", { 0xe494e96e, 0x3ee32966, 0x6f48512b, 0xa93fbb42 } },
119 { "sansa_gh", { 0xd7b10538, 0xc662945b, 0x1b3fce68, 0xf389c0e6 } },
120 { "rhapsody", { 0x7aa9c8dc, 0xbed0a82a, 0x16204cc7, 0x5904ef38 } },
121 { "p610", { 0x950e83dc, 0xec4907f9, 0x023734b9, 0x10cfb7c7 } },
122 { "p640", { 0x220c5f23, 0xd04df68e, 0x431b5e25, 0x4dcc1fa1 } },
123 { "virgin", { 0xe83c29a1, 0x04862973, 0xa9b3f0d4, 0x38be2a9c } },
124 { "20gc_eng", { 0x0240772c, 0x6f3329b5, 0x3ec9a6c5, 0xb0c9e493 } },
125 { "20gc_fre", { 0xbede8817, 0xb23bfe4f, 0x80aa682d, 0xd13f598c } },
126 { "elio_p722", { 0x6af3b9f8, 0x777483f5, 0xae8181cc, 0xfa6d8a84 } },
127 { "c200", { 0xbf2d06fa, 0xf0e23d59, 0x29738132, 0xe2d04ca7 } },
128 };
129
130 /*
131
132 tea_decrypt() from http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm
133
134 "Following is an adaptation of the reference encryption and decryption
135 routines in C, released into the public domain by David Wheeler and
136 Roger Needham:"
137
138 */
139
140 /* NOTE: The mi4 version of TEA uses a different initial value to sum compared
141 to the reference implementation and the main loop is 8 iterations, not
142 32.
143 */
144
145 static void tea_decrypt(uint32_t* v0, uint32_t* v1, uint32_t* k) {
146 uint32_t sum=0xF1BBCDC8, i; /* set up */
147 uint32_t delta=0x9E3779B9; /* a key schedule constant */
148 uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
149 for(i=0; i<8; i++) { /* basic cycle start */
150 *v1 -= ((*v0<<4) + k2) ^ (*v0 + sum) ^ ((*v0>>5) + k3);
151 *v0 -= ((*v1<<4) + k0) ^ (*v1 + sum) ^ ((*v1>>5) + k1);
152 sum -= delta; /* end cycle */
153 }
154 }
155
156 /* mi4 files are encrypted in 64-bit blocks (two little-endian 32-bit
157 integers) and the key is incremented after each block
158 */
159
160 static void tea_decrypt_buf(unsigned char* src, unsigned char* dest, size_t n, uint32_t * key)
161 {
162 uint32_t v0, v1;
163 unsigned int i;
164
165 for (i = 0; i < (n / 8); i++) {
166 v0 = le2int(src);
167 v1 = le2int(src+4);
168
169 tea_decrypt(&v0, &v1, key);
170
171 int2le(v0, dest);
172 int2le(v1, dest+4);
173
174 src += 8;
175 dest += 8;
176
177 /* Now increment the key */
178 key[0]++;
179 if (key[0]==0) {
180 key[1]++;
181 if (key[1]==0) {
182 key[2]++;
183 if (key[2]==0) {
184 key[3]++;
185 }
186 }
187 }
188 }
189 }
190
191 static inline bool tea_test_key(unsigned char magic_enc[8], uint32_t * key, int unaligned)
192 {
193 unsigned char magic_dec[8];
194 tea_decrypt_buf(magic_enc, magic_dec, 8, key);
195
196 return (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55);
197 }
198
199 static int tea_find_key(struct mi4header_t *mi4header, int fd)
200 {
201 int i, rc;
202 unsigned int j;
203 uint32_t key[4];
204 unsigned char magic_enc[8];
205 int key_found = -1;
206 unsigned int magic_location = mi4header->length-4;
207 int unaligned = 0;
208
209 if ( (magic_location % 8) != 0 )
210 {
211 unaligned = 1;
212 magic_location -= 4;
213 }
214
215 /* Load encrypted magic 0xaa55aa55 to check key */
216 lseek(fd, MI4_HEADER_SIZE + magic_location, SEEK_SET);
217 rc = read(fd, magic_enc, 8);
218 if(rc < 8 )
219 return EREAD_IMAGE_FAILED;
220
221 printf("Searching for key:");
222
223 for (i=0; i < NUM_KEYS && (key_found<0) ; i++) {
224 key[0] = tea_keytable[i].key[0];
225 key[1] = tea_keytable[i].key[1];
226 key[2] = tea_keytable[i].key[2];
227 key[3] = tea_keytable[i].key[3];
228
229 /* Now increment the key */
230 for(j=0; j<((magic_location-mi4header->plaintext)/8); j++){
231 key[0]++;
232 if (key[0]==0) {
233 key[1]++;
234 if (key[1]==0) {
235 key[2]++;
236 if (key[2]==0) {
237 key[3]++;
238 }
239 }
240 }
241 }
242
243 if (tea_test_key(magic_enc,key,unaligned))
244 {
245 key_found = i;
246 printf("%s...found", tea_keytable[i].name);
247 } else {
248 /* printf("%s...failed", tea_keytable[i].name); */
249 }
250 }
251
252 return key_found;
253 }
254
255
256 /* Load mi4 format firmware image */
257 int load_mi4(unsigned char* buf, char* firmware, unsigned int buffer_size)
258 {
259 int fd;
260 struct mi4header_t mi4header;
261 int rc;
262 unsigned long sum;
263 char filename[MAX_PATH];
264
265 snprintf(filename,sizeof(filename),"/.rockbox/%s",firmware);
266 fd = open(filename, O_RDONLY);
267 if(fd < 0)
268 {
269 snprintf(filename,sizeof(filename),"/%s",firmware);
270 fd = open(filename, O_RDONLY);
271 if(fd < 0)
272 return EFILE_NOT_FOUND;
273 }
274
275 read(fd, &mi4header, MI4_HEADER_SIZE);
276
277 /* MI4 file size */
278 printf("mi4 size: %x", mi4header.mi4size);
279
280 if ((mi4header.mi4size-MI4_HEADER_SIZE) > buffer_size)
281 return EFILE_TOO_BIG;
282
283 /* CRC32 */
284 printf("CRC32: %x", mi4header.crc32);
285
286 /* Rockbox model id */
287 printf("Model id: %.4s", mi4header.model);
288
289 /* Read binary type (RBOS, RBBL) */
290 printf("Binary type: %.4s", mi4header.type);
291
292 /* Load firmware file */
293 lseek(fd, MI4_HEADER_SIZE, SEEK_SET);
294 rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE);
295 if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE)
296 return EREAD_IMAGE_FAILED;
297
298 /* Check CRC32 to see if we have a valid file */
299 sum = chksum_crc32 (buf, mi4header.mi4size - MI4_HEADER_SIZE);
300
301 printf("Calculated CRC32: %x", sum);
302
303 if(sum != mi4header.crc32)
304 return EBAD_CHKSUM;
305
306 if( (mi4header.plaintext + MI4_HEADER_SIZE) != mi4header.mi4size)
307 {
308 /* Load encrypted firmware */
309 int key_index = tea_find_key(&mi4header, fd);
310
311 if (key_index < 0)
312 return EINVALID_FORMAT;
313
314 /* Plaintext part is already loaded */
315 buf += mi4header.plaintext;
316
317 /* Decrypt in-place */
318 tea_decrypt_buf(buf, buf,
319 mi4header.mi4size-(mi4header.plaintext+MI4_HEADER_SIZE),
320 tea_keytable[key_index].key);
321
322 printf("%s key used", tea_keytable[key_index].name);
323
324 /* Check decryption was successfull */
325 if(le2int(&buf[mi4header.length-mi4header.plaintext-4]) != 0xaa55aa55)
326 {
327 return EREAD_IMAGE_FAILED;
328 }
329 }
330
331 return EOK;
332 }
333
334 #ifdef SANSA_E200
335 struct OFDB_info {
336 char *version;
337 int version_length;
338 int sector;
339 int offset;
340 } OFDatabaseOffsets[] = {
341 { "PP5022AF-05.51-S301-01.11-S301.01.11A-D", 39, 0x3c08, 0xe1 },
342 { "PP5022AF-05.51-S301-00.12-S301.00.12E-D", 39, 0x3c5c, 0x2 },
343 { "PP5022AF-05.51-S301-00.12-S301.00.12A-D", 39, 0x3c08, 0xe1 },
344 };
345
346 /* Load mi4 firmware from a hidden disk partition */
347 int load_mi4_part(unsigned char* buf, struct partinfo* pinfo,
348 unsigned int buffer_size, bool disable_rebuild)
349 {
350 struct mi4header_t mi4header;
351 struct ppmi_header_t ppmi_header;
352 unsigned long sum;
353
354 /* Read header to find out how long the mi4 file is. */
355 ata_read_sectors(IF_MV2(0,) pinfo->start + PPMI_SECTOR_OFFSET,
356 PPMI_SECTORS, &ppmi_header);
357
358 /* The first four characters at 0x80000 (sector 1024) should be PPMI*/
359 if( memcmp(ppmi_header.magic, "PPMI", 4) )
360 return EFILE_NOT_FOUND;
361
362 printf("BL mi4 size: %x", ppmi_header.length);
363
364 /* Read mi4 header of the OF */
365 ata_read_sectors(IF_MV2(0,) pinfo->start + PPMI_SECTOR_OFFSET + PPMI_SECTORS
366 + (ppmi_header.length/512), MI4_HEADER_SECTORS, &mi4header);
367
368 /* We don't support encrypted mi4 files yet */
369 if( (mi4header.plaintext) != (mi4header.mi4size-MI4_HEADER_SIZE))
370 return EINVALID_FORMAT;
371
372 /* MI4 file size */
373 printf("OF mi4 size: %x", mi4header.mi4size);
374
375 if ((mi4header.mi4size-MI4_HEADER_SIZE) > buffer_size)
376 return EFILE_TOO_BIG;
377
378 /* CRC32 */
379 printf("CRC32: %x", mi4header.crc32);
380
381 /* Rockbox model id */
382 printf("Model id: %.4s", mi4header.model);
383
384 /* Read binary type (RBOS, RBBL) */
385 printf("Binary type: %.4s", mi4header.type);
386
387 /* Load firmware */
388 ata_read_sectors(IF_MV2(0,) pinfo->start + PPMI_SECTOR_OFFSET + PPMI_SECTORS
389 + (ppmi_header.length/512) + MI4_HEADER_SECTORS,
390 (mi4header.mi4size-MI4_HEADER_SIZE)/512, buf);
391
392 /* Check CRC32 to see if we have a valid file */
393 sum = chksum_crc32 (buf,mi4header.mi4size-MI4_HEADER_SIZE);
394
395 printf("Calculated CRC32: %x", sum);
396
397 if(sum != mi4header.crc32)
398 return EBAD_CHKSUM;
399
400 if (disable_rebuild)
401 {
402 char block[512];
403 int sector = 0, offset = 0;
404 unsigned int i;
405 /* check which known version we have */
406 /* These are taken from the PPPS section, 0x00780240 */
407 ata_read_sectors(IF_MV2(0,) pinfo->start + 0x3C01, 1, block);
408 for (i=0; i<sizeof(OFDatabaseOffsets)/sizeof(*OFDatabaseOffsets); i++)
409 {
410 if (!memcmp(&block[0x40], OFDatabaseOffsets[i].version,
411 OFDatabaseOffsets[i].version_length))
412 {
413 sector = pinfo->start + OFDatabaseOffsets[i].sector;
414 offset = OFDatabaseOffsets[i].offset;
415 break;
416 }
417 }
418 if (sector && offset)
419 {
420 ata_read_sectors(IF_MV2(0,) sector, 1, block);
421 block[offset] = 0;
422 ata_write_sectors(IF_MV2(0,) sector, 1, block);
423 }
424 }
425 return EOK;
426 }
427 #endif
428
429 void* main(void)
430 {
431 #ifndef SANSA_E200
432 char buf[256];
433 unsigned short* identify_info;
434 #endif
435 int i;
436 int btn;
437 int rc;
438 int num_partitions;
439 struct partinfo* pinfo;
440 #ifdef SANSA_E200
441 int usb_retry = 0;
442 bool usb = false;
443 #endif
444
445 chksum_crc32gentab ();
446
447 system_init();
448 kernel_init();
449 lcd_init();
450 font_init();
451 button_init();
452
453 lcd_set_foreground(LCD_WHITE);
454 lcd_set_background(LCD_BLACK);
455 lcd_clear_display();
456
457 btn = button_read_device();
458 #ifdef SANSA_E200
459 usb_init();
460 while (usb_retry < 5 && !usb)
461 {
462 usb_retry++;
463 sleep(HZ/4);
464 usb = usb_detect();
465 }
466 if (usb)
467 btn |= BOOTLOADER_BOOT_OF;
468 #endif
469 /* Enable bootloader messages if any button is pressed */
470 if (btn)
471 verbose = true;
472
473 lcd_setfont(FONT_SYSFIXED);
474
475 printf("Rockbox boot loader");
476 printf("Version: %s", version);
477 printf(MODEL_NAME);
478
479 i=ata_init();
480 #ifndef SANSA_E200
481 if (i==0) {
482 identify_info=ata_get_identify();
483 /* Show model */
484 for (i=0; i < 20; i++) {
485 ((unsigned short*)buf)[i]=htobe16(identify_info[i+27]);
486 }
487 buf[40]=0;
488 for (i=39; i && buf[i]==' '; i--) {
489 buf[i]=0;
490 }
491 printf(buf);
492 } else {
493 error(EATA, i);
494 }
495 #endif
496
497 disk_init(IF_MV(0));
498 num_partitions = disk_mount_all();
499 if (num_partitions<=0)
500 {
501 error(EDISK,num_partitions);
502 }
503
504 /* Just list the first 2 partitions since we don't have any devices yet
505 that have more than that */
506 for(i=0; i<NUM_PARTITIONS; i++)
507 {
508 pinfo = disk_partinfo(i);
509 printf("Partition %d: 0x%02x %ld MB",
510 i, pinfo->type, pinfo->size / 2048);
511 }
512
513 if(btn & BOOTLOADER_BOOT_OF)
514 {
515 /* Load original mi4 firmware in to a memory buffer called loadbuffer.
516 The rest of the loading is done in crt0.S.
517 1) First try reading from the hidden partition (on Sansa only).
518 2) Next try a decrypted mi4 file in /System/OF.mi4
519 3) Finally, try a raw firmware binary in /System/OF.mi4. It should be
520 a mi4 firmware decrypted and header stripped using mi4code.
521 */
522 printf("Loading original firmware...");
523
524 #ifdef SANSA_E200
525 /* First try a (hidden) firmware partition */
526 printf("Trying firmware partition");
527 pinfo = disk_partinfo(1);
528 if(pinfo->type == PARTITION_TYPE_OS2_HIDDEN_C_DRIVE)
529 {
530 rc = load_mi4_part(loadbuffer, pinfo, MAX_LOADSIZE, usb);
531 if (rc < EOK) {
532 printf("Can't load from partition");
533 printf(strerror(rc));
534 } else {
535 return (void*)loadbuffer;
536 }
537 } else {
538 printf("No hidden partition found.");
539 }
540 #endif
541
542 printf("Trying /System/OF.mi4");
543 rc=load_mi4(loadbuffer, "/System/OF.mi4", MAX_LOADSIZE);
544 if (rc < EOK) {
545 printf("Can't load /System/OF.mi4");
546 printf(strerror(rc));
547 } else {
548 return (void*)loadbuffer;
549 }
550
551 printf("Trying /System/OF.bin");
552 rc=load_raw_firmware(loadbuffer, "/System/OF.bin", MAX_LOADSIZE);
553 if (rc < EOK) {
554 printf("Can't load /System/OF.bin");
555 printf(strerror(rc));
556 } else {
557 return (void*)loadbuffer;
558 }
559
560 error(0, 0);
561
562 } else {
563 #if 0 /* e200: enable to be able to dump the hidden partition */
564 if(btn & BUTTON_UP)
565 {
566 int fd;
567 pinfo = disk_partinfo(1);
568 fd = open("/part.bin", O_CREAT|O_RDWR);
569 char sector[512];
570 for(i=0; i<40960; i++){
571 if (!(i%100))
572 {
573 printf("dumping sector %d", i);
574 }
575 ata_read_sectors(pinfo->start + i,1 , sector);
576 write(fd,sector,512);
577 }
578 close(fd);
579 }
580 #endif
581 printf("Loading Rockbox...");
582 rc=load_mi4(loadbuffer, BOOTFILE, MAX_LOADSIZE);
583 if (rc < EOK) {
584 printf("Can't load %s:", BOOTFILE);
585 printf(strerror(rc));
586
587 /* Try loading rockbox from old rockbox.e200/rockbox.h10 format */
588 rc=load_firmware(loadbuffer, OLD_BOOTFILE, MAX_LOADSIZE);
589 if (rc < EOK) {
590 printf("Can't load %s:", OLD_BOOTFILE);
591 error(EBOOTFILE, rc);
592 }
593 }
594 }
595
596 return (void*)loadbuffer;
597 }
598
599 #ifndef SANSA_E200
600 /* These functions are present in the firmware library, but we reimplement
601 them here because the originals do a lot more than we want */
602 void usb_acknowledge(void)
603 {
604 }
605
606 void usb_wait_for_disconnect(void)
607 {
608 }
609 #endif
610
Open Source Jukebox Firmware