search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
woops, menus stopped getting redrawn when the setting screen exited
[Rockbox.git] / rbutil / irivertools.cpp
blob1e6341923d7d184dd44300e8a0e23deda0e594b3
1 /***************************************************************************
2 * __________ __ ___.
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
7 * \/ \/ \/ \/ \/
8 * Module: rbutil
9 * File: irivertools.cpp
10 *
11 * Copyright (C) 2007 Dominik Wenger
12 *
13 * All files in this archive are subject to the GNU General Public License.
14 * See the file COPYING in the source tree root for full license agreement.
15 *
16 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
17 * KIND, either express or implied.
18 *
19 ****************************************************************************/
20
21 #include "irivertools.h"
22 #include "md5sum.h"
23
24
25 const unsigned char munge[] = {
26 0x7a, 0x36, 0xc4, 0x43, 0x49, 0x6b, 0x35, 0x4e, 0xa3, 0x46, 0x25, 0x84,
27 0x4d, 0x73, 0x74, 0x61
28 };
29
30 const unsigned char header_modify[] = "* IHPFIRM-DECODED ";
31
32 const char * const models[] = { "iHP-100", "iHP-120/iHP-140", "H300 series",
33 NULL };
34
35 /* aligns with models array; expected min firmware size */
36 const unsigned int firmware_minsize[] = { 0x100000, 0x100000, 0x200000 };
37 /* aligns with models array; expected max firmware size */
38 const unsigned int firmware_maxsize[] = { 0x200000, 0x200000, 0x400000 };
39
40 const unsigned char header[][16] = {
41 { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 },
42 { 0x20, 0x03, 0x08, 0x27, 0x24, 0x00, 0x02, 0x30, 0x19, 0x17, 0x65, 0x73,
43 0x85, 0x32, 0x83, 0x22 },
44 { 0x20, 0x04, 0x03, 0x27, 0x20, 0x50, 0x01, 0x70, 0x80, 0x30, 0x80, 0x06,
45 0x30, 0x19, 0x17, 0x65 }
46 };
47
48 /* begin mkboot.c excerpt */
49 unsigned char image[0x400000 + 0x220 + 0x400000/0x200];
50
51 bool mkboot(wxString infile, wxString outfile,wxString bootloader,int origin)
52 {
53 wxString err;
54 int i;
55 int len,bllen;
56 int actual_length, total_length, binary_length, num_chksums;
57
58 memset(image, 0xff, sizeof(image));
59
60 /* First, read the iriver original firmware into the image */
61 wxFile f;
62 if(!f.Open(infile))
63 {
64 ERR_DIALOG(wxT("Could not open: ") + infile, wxT("mkboot"));
65 return false;
66 }
67 i = f.Read(image,16);
68 if(i < 16) {
69 ERR_DIALOG(wxT("reading header failed"), wxT("mkboot"));
70 return false;
71 }
72
73 /* This is the length of the binary image without the scrambling
74 overhead (but including the ESTFBINR header) */
75 binary_length = image[4] + (image[5] << 8) +
76 (image[6] << 16) + (image[7] << 24);
77
78 /* Read the rest of the binary data, but not the checksum block */
79 len = binary_length+0x200-16;
80 i = f.Read(image+16, len);
81 if(i < len) {
82 ERR_DIALOG(wxT("reading firmware failed"),wxT("mkboot"));
83 return false;
84 }
85
86 f.Close();
87 /* Now, read the boot loader into the image */
88 if(!f.Open(bootloader))
89 {
90 ERR_DIALOG(wxT("Could not open: ") + bootloader, wxT("mkboot"));
91 return false;
92 }
93
94 bllen = f.Length();
95
96 i = f.Read(image+0x220 + origin, bllen);
97 if(i < bllen) {
98 ERR_DIALOG(wxT("reading bootloader failed"), wxT("mkboot"));
99 return false;
100 }
101
102 f.Close();
103
104 if(!f.Open(outfile,wxFile::write))
105 {
106 ERR_DIALOG(wxT("Could not open: ") + outfile, wxT("mkboot"));
107 return false;
108 }
109
110 /* Patch the reset vector to start the boot loader */
111 image[0x220 + 4] = image[origin + 0x220 + 4];
112 image[0x220 + 5] = image[origin + 0x220 + 5];
113 image[0x220 + 6] = image[origin + 0x220 + 6];
114 image[0x220 + 7] = image[origin + 0x220 + 7];
115
116 /* This is the actual length of the binary, excluding all headers */
117 actual_length = origin + bllen;
118
119 /* Patch the ESTFBINR header */
120 image[0x20c] = (actual_length >> 24) & 0xff;
121 image[0x20d] = (actual_length >> 16) & 0xff;
122 image[0x20e] = (actual_length >> 8) & 0xff;
123 image[0x20f] = actual_length & 0xff;
124
125 image[0x21c] = (actual_length >> 24) & 0xff;
126 image[0x21d] = (actual_length >> 16) & 0xff;
127 image[0x21e] = (actual_length >> 8) & 0xff;
128 image[0x21f] = actual_length & 0xff;
129
130 /* This is the length of the binary, including the ESTFBINR header and
131 rounded up to the nearest 0x200 boundary */
132 binary_length = (actual_length + 0x20 + 0x1ff) & 0xfffffe00;
133
134 /* The number of checksums, i.e number of 0x200 byte blocks */
135 num_chksums = binary_length / 0x200;
136
137 /* The total file length, including all headers and checksums */
138 total_length = binary_length + num_chksums + 0x200;
139
140 /* Patch the scrambler header with the new length info */
141 image[0] = total_length & 0xff;
142 image[1] = (total_length >> 8) & 0xff;
143 image[2] = (total_length >> 16) & 0xff;
144 image[3] = (total_length >> 24) & 0xff;
145
146 image[4] = binary_length & 0xff;
147 image[5] = (binary_length >> 8) & 0xff;
148 image[6] = (binary_length >> 16) & 0xff;
149 image[7] = (binary_length >> 24) & 0xff;
150
151 image[8] = num_chksums & 0xff;
152 image[9] = (num_chksums >> 8) & 0xff;
153 image[10] = (num_chksums >> 16) & 0xff;
154 image[11] = (num_chksums >> 24) & 0xff;
155
156 i = f.Write(image,total_length);
157 if(i < total_length) {
158 ERR_DIALOG(wxT("writing bootloader failed"), wxT("mkboot"));
159 return false;
160 }
161
162 f.Close();
163
164 return true;
165 }
166
167 /* end mkboot.c excerpt */
168
169
170 int intable(char *md5, struct sumpairs *table, int len)
171 {
172 int i;
173 for (i = 0; i < len; i++) {
174 if (strncmp(md5, table[i].unpatched, 32) == 0) {
175 return i;
176 }
177 }
178 return -1;
179 }
180
181
182
183
184 static int testheader( const unsigned char * const data )
185 {
186 const unsigned char * const d = data+16;
187 const char * const * m = models;
188 int index = 0;
189 while( *m )
190 {
191 if( memcmp( header[ index ], d, 16 ) == 0 )
192 return index;
193 index++;
194 m++;
195 };
196 return -1;
197 };
198
199 static void modifyheader( unsigned char * data )
200 {
201 const unsigned char * h = header_modify;
202 int i;
203 for( i=0; i<512; i++ )
204 {
205 if( *h == '\0' )
206 h = header_modify;
207 *data++ ^= *h++;
208 };
209 };
210
211 int iriver_decode(wxString infile_name, wxString outfile_name, unsigned int modify,
212 enum striptype stripmode )
213 {
214 wxString err;
215 wxFile infile;
216 wxFile outfile;
217 int i = -1;
218 unsigned char headerdata[512];
219 unsigned long dwLength1, dwLength2, dwLength3, fp = 0;
220 unsigned char blockdata[16+16];
221 unsigned char out[16];
222 unsigned char newmunge;
223 signed long lenread;
224 int s = 0;
225 unsigned char * pChecksums, * ppChecksums = 0;
226 unsigned char ck;
227
228 if(!infile.Open(infile_name))
229 {
230 ERR_DIALOG(wxT("Could not open: ") + infile_name, wxT("iriver_decode"));
231 return -1;
232 }
233 if(!outfile.Open(outfile_name,wxFile::write))
234 {
235 ERR_DIALOG(wxT("Could not open: ") + outfile_name,
236 wxT("iriver_decode"));
237 return -1;
238 }
239 lenread = infile.Read( headerdata, 512);
240 if( lenread != 512 )
241 {
242 ERR_DIALOG(wxT("This doesn't look like a valid encrypted iHP "
243 "firmware - reason: header length\n"),wxT("iriver_decode"));
244
245 infile.Close();
246 outfile.Close();
247 return -1;
248 };
249
250 i = testheader( headerdata );
251 if( i == -1 )
252 {
253 ERR_DIALOG( wxT( "This firmware is for an unknown model, or is not"
254 " a valid encrypted iHP firmware\n" ),wxT("iriver_decode"));
255 infile.Close();
256 outfile.Close();
257 return -1;
258 };
259 fprintf( stderr, "Model %s\n", models[ i ] );
260
261 dwLength1 = headerdata[0] | (headerdata[1]<<8) |
262 (headerdata[2]<<16) | (headerdata[3]<<24);
263 dwLength2 = headerdata[4] | (headerdata[5]<<8) |
264 (headerdata[6]<<16) | (headerdata[7]<<24);
265 dwLength3 = headerdata[8] | (headerdata[9]<<8) |
266 (headerdata[10]<<16) | (headerdata[11]<<24);
267
268 if( dwLength1 < firmware_minsize[ i ] ||
269 dwLength1 > firmware_maxsize[ i ] ||
270 dwLength2 < firmware_minsize[ i ] ||
271 dwLength2 > dwLength1 ||
272 dwLength3 > dwLength1 ||
273 dwLength2>>9 != dwLength3 ||
274 dwLength2+dwLength3+512 != dwLength1 )
275 {
276 ERR_DIALOG( wxT( "This doesn't look like a valid encrypted "
277 "iHP firmware - reason: file 'length' data\n" ),wxT("iriver_decode"));
278 infile.Close();
279 outfile.Close();
280 return -1;
281 };
282
283 pChecksums = ppChecksums = (unsigned char *)( malloc( dwLength3 ) );
284
285 if( modify )
286 {
287 modifyheader( headerdata );
288 };
289
290 if( stripmode == STRIP_NONE )
291 outfile.Write( headerdata, 512);
292
293 memset( blockdata, 0, 16 );
294
295 ck = 0;
296 while( ( fp < dwLength2 ) &&
297 ( lenread = infile.Read( blockdata+16, 16) == 16) )
298 {
299 fp += 16;
300
301 for( i=0; i<16; ++i )
302 {
303 newmunge = blockdata[16+i] ^ munge[i];
304 out[i] = newmunge ^ blockdata[i];
305 blockdata[i] = newmunge;
306 ck += out[i];
307 }
308
309 if( fp > ESTF_SIZE || stripmode != STRIP_HEADER_CHECKSUM_ESTF )
310 {
311 outfile.Write( out+4, 12);
312 outfile.Write( out, 4);
313 }
314 else
315 {
316 if( ESTF_SIZE - fp < 16 )
317 {
318 memcpy( out+4, blockdata+16, 12 );
319 memcpy( out, blockdata+28, 4 );
320 outfile.Write( blockdata+16+ESTF_SIZE-fp, ESTF_SIZE-fp);
321 }
322 }
323
324
325 if( s == 496 )
326 {
327 s = 0;
328 memset( blockdata, 0, 16 );
329 *ppChecksums++ = ck;
330 ck = 0;
331 }
332 else
333 s+=16;
334 };
335
336 if( fp != dwLength2 )
337 {
338 ERR_DIALOG( wxT( "This doesn't look like a valid encrypted "
339 "iHP firmware - reason: 'length2' mismatch\n" ),wxT("iriver_decode"));
340 infile.Close();
341 outfile.Close();
342 return -1;
343 };
344
345 fp = 0;
346 ppChecksums = pChecksums;
347 while( ( fp < dwLength3 ) &&
348 ( lenread = infile.Read( blockdata, 32 ) ) > 0 )
349 {
350 fp += lenread;
351 if( stripmode == STRIP_NONE )
352 outfile.Write( blockdata, lenread );
353 if( memcmp( ppChecksums, blockdata, lenread ) != 0 )
354 {
355 ERR_DIALOG( wxT( "This doesn't look like a valid encrypted "
356 "iHP firmware - reason: Checksum mismatch!" ),wxT("iriver_decode"));
357 infile.Close();
358 outfile.Close();
359 return -1;
360 };
361 ppChecksums += lenread;
362 };
363
364 if( fp != dwLength3 )
365 {
366 ERR_DIALOG(wxT( "This doesn't look like a valid encrypted "
367 "iHP firmware - reason: 'length3' mismatch\n" ),wxT("iriver_decode"));
368 infile.Close();
369 outfile.Close();
370 return -1;
371 };
372
373
374 fprintf( stderr, "File decoded correctly and all checksums matched!\n" );
375 switch( stripmode )
376 {
377 default:
378 case STRIP_NONE:
379 fprintf(stderr, "Output file contains all headers and "
380 "checksums\n");
381 break;
382 case STRIP_HEADER_CHECKSUM:
383 fprintf( stderr, "NB: output file contains only ESTFBINR header"
384 " and decoded firmware code\n" );
385 break;
386 case STRIP_HEADER_CHECKSUM_ESTF:
387 fprintf( stderr, "NB: output file contains only raw decoded "
388 "firmware code\n" );
389 break;
390 };
391
392 infile.Close();
393 outfile.Close();
394 return 0;
395
396 };
397
398 int iriver_encode(wxString infile_name, wxString outfile_name, unsigned int modify )
399 {
400 wxString err;
401 wxFile infile;
402 wxFile outfile;
403 int i = -1;
404 unsigned char headerdata[512];
405 unsigned long dwLength1, dwLength2, dwLength3, fp = 0;
406 unsigned char blockdata[16+16];
407 unsigned char out[16];
408 unsigned char newmunge;
409 signed long lenread;
410 int s = 0;
411 unsigned char * pChecksums, * ppChecksums;
412 unsigned char ck;
413
414 if(!infile.Open(infile_name,wxFile::read))
415 {
416 ERR_DIALOG(wxT("Could not open: ") + infile_name, wxT("iriver_decode"));
417 return -1;
418 }
419 if(!outfile.Open(outfile_name,wxFile::write))
420 {
421 ERR_DIALOG(wxT("Could not open: ") + outfile_name,
422 wxT("iriver_decode"));
423 return -1;
424 }
425
426 lenread = infile.Read( headerdata, 512 );
427 if( lenread != 512 )
428 {
429 ERR_DIALOG(wxT("This doesn't look like a valid decoded "
430 "iHP firmware - reason: header length\n"), wxT("iriver_decode"));
431 infile.Close();
432 outfile.Close();
433 };
434
435 if( modify )
436 {
437 modifyheader( headerdata ); /* reversible */
438 };
439
440 i = testheader( headerdata );
441 if( i == -1 )
442 {
443 ERR_DIALOG(wxT("This firmware is for an unknown model, or is not"
444 " a valid decoded iHP firmware\n"), wxT("iriver_decode"));
445 infile.Close();
446 outfile.Close();
447 };
448 fprintf( stderr, "Model %s\n", models[ i ] );
449
450 dwLength1 = headerdata[0] | (headerdata[1]<<8) |
451 (headerdata[2]<<16) | (headerdata[3]<<24);
452 dwLength2 = headerdata[4] | (headerdata[5]<<8) |
453 (headerdata[6]<<16) | (headerdata[7]<<24);
454 dwLength3 = headerdata[8] | (headerdata[9]<<8) |
455 (headerdata[10]<<16) | (headerdata[11]<<24);
456
457 if( dwLength1 < firmware_minsize[i] ||
458 dwLength1 > firmware_maxsize[i] ||
459 dwLength2 < firmware_minsize[i] ||
460 dwLength2 > dwLength1 ||
461 dwLength3 > dwLength1 ||
462 dwLength2+dwLength3+512 != dwLength1 )
463 {
464 ERR_DIALOG(wxT("This doesn't look like a valid decoded iHP"
465 " firmware - reason: file 'length' data\n"), wxT("iriver_decode"));
466 infile.Close();
467 outfile.Close();
468 };
469
470 pChecksums = ppChecksums = (unsigned char *)( malloc( dwLength3 ) );
471
472 outfile.Write( headerdata, 512);
473
474 memset( blockdata, 0, 16 );
475 ck = 0;
476 while( ( fp < dwLength2 ) &&
477 ( lenread = infile.Read( blockdata+16, 16) ) == 16 )
478 {
479 fp += 16;
480 for( i=0; i<16; ++i )
481 {
482 newmunge = blockdata[16+((12+i)&0xf)] ^ blockdata[i];
483 out[i] = newmunge ^ munge[i];
484 ck += blockdata[16+i];
485 blockdata[i] = newmunge;
486 };
487 outfile.Write( out, 16);
488
489 if( s == 496 )
490 {
491 s = 0;
492 memset( blockdata, 0, 16 );
493 *ppChecksums++ = ck;
494 ck = 0;
495 }
496 else
497 s+=16;
498 };
499
500 if( fp != dwLength2 )
501 {
502 ERR_DIALOG(wxT("This doesn't look like a valid decoded "
503 "iHP firmware - reason: 'length1' mismatch\n"), wxT("iriver_decode"));
504 infile.Close();
505 outfile.Close();
506 };
507
508 /* write out remainder w/out applying descrambler */
509 fp = 0;
510 lenread = dwLength3;
511 ppChecksums = pChecksums;
512 while( ( fp < dwLength3) &&
513 ( lenread = outfile.Write( ppChecksums, lenread) ) > 0 )
514 {
515 fp += lenread;
516 ppChecksums += lenread;
517 lenread = dwLength3 - fp;
518 };
519
520 if( fp != dwLength3 )
521 {
522 ERR_DIALOG(wxT("This doesn't look like a valid decoded "
523 "iHP firmware - reason: 'length2' mismatch\n"), wxT("iriver_decode"));
524 infile.Close();
525 outfile.Close();
526 };
527
528 fprintf( stderr, "File encoded successfully and checksum table built!\n" );
529
530 infile.Close();
531 outfile.Close();
532 return 0;
533
534 };
535
536 bool PatchFirmware(wxString firmware,wxString bootloader,int series, int table_entry)
537 {
538 wxString name1, name2, name3;
539
540 char md5sum_str[32];
541 struct sumpairs *sums;
542 int origin;
543
544 /* get pointer to the correct bootloader.bin */
545 switch(series) {
546 case 100:
547 sums = &h100pairs[0];
548 origin = 0x1f0000;
549 break;
550 case 120:
551 sums = &h120pairs[0];
552 origin = 0x1f0000;
553 break;
554 case 300:
555 sums = &h300pairs[0];
556 origin = 0x3f0000;
557 break;
558 }
559
560 name1 = gv->stdpaths->GetUserDataDir()
561 + wxT("" PATH_SEP "download" PATH_SEP "firmware.bin"),
562 /* descrambled file */
563 name2 = gv->stdpaths->GetUserDataDir()
564 + wxT("" PATH_SEP "download" PATH_SEP "new.bin");
565 /* patched file */
566 name3 = gv->stdpaths->GetUserDataDir()
567 + wxT("" PATH_SEP "download" PATH_SEP "new.hex");
568 if (iriver_decode(firmware, name1, FALSE, STRIP_NONE) == -1) {
569 ERR_DIALOG(wxT("Error in descramble"), wxT("Descramble Firmware"));
570 wxRemoveFile(name1);
571 wxRemoveFile(name2);
572 wxRemoveFile(name3);
573 return false;
574 }
575 if (!mkboot(name1, name2, bootloader, origin)) {
576 ERR_DIALOG(wxT("Error in patching"),wxT("Patching Firmware"));
577 wxRemoveFile(name1);
578 wxRemoveFile(name2);
579 wxRemoveFile(name3);
580 return false;
581 }
582 if (iriver_encode(name2, name3, FALSE) == -1) {
583 ERR_DIALOG(wxT("Error in scramble"),wxT("Scramble Firmware"));
584 wxRemoveFile(name1);
585 wxRemoveFile(name2);
586 wxRemoveFile(name3);
587 return false;
588 }
589 /* now md5sum it */
590 if (!FileMD5(name3, md5sum_str)) {
591 ERR_DIALOG(wxT("Error in checksumming"),wxT("Checksumming Firmware"));
592 wxRemoveFile(name1);
593 wxRemoveFile(name2);
594 wxRemoveFile(name3);
595 return false;
596 }
597 if (strncmp(sums[table_entry].patched, md5sum_str, 32) == 0) {
598 /* delete temp files */
599 wxRemoveFile(name1);
600 wxRemoveFile(name2);
601 }
602
603 return true;
604 }
605
Open Source Jukebox Firmware