1 /***************************************************************************
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
10 * Copyright (C) 2008 by Maurus Cuelenaere
12 * All files in this archive are subject to the GNU General Public License.
13 * See the file COPYING in the source tree root for full license agreement.
15 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
16 * KIND, either express or implied.
18 ****************************************************************************/
26 #include "hmac-sha1.h"
28 static const char null_key_v1
[] = "CTL:N0MAD|PDE0.SIGN.";
29 static const char null_key_v2
[] = "CTL:N0MAD|PDE0.DPMP.";
30 static const char null_key_v3
[] = "CTL:Z3N07|PDE0.DPMP.";
31 static const char null_key_v4
[] = "CTL:N0MAD|PDE0.DPFP.";
33 static const unsigned char bootloader_v1
[] =
35 0xD3, 0xF0, 0x29, 0xE3, /* MSR CPSR_cf, #0xD3 */
36 0x09, 0xF6, 0xA0, 0xE3 /* MOV PC, #0x900000 */
39 static const unsigned char bootloader_v2
[] =
41 0xD3, 0xF0, 0x29, 0xE3, /* MSR CPSR_cf, #0xD3 */
42 0x09, 0xF6, 0xA0, 0xE3 /* MOV PC, #0x40000000 */
45 static const unsigned char bootloader_v3
[] =
50 static const struct device_info devices
[] =
52 {"C\0r\0e\0a\0t\0i\0v\0e\0 \0Z\0e\0n\0 \0V\0i\0s\0i\0o\0n\0:\0M", 42, null_key_v2
, bootloader_v1
, sizeof(bootloader_v1
), 0x00900000},
53 {"C\0r\0e\0a\0t\0i\0v\0e\0 \0Z\0e\0n\0 \0V\0i\0s\0i\0o\0n\0:\0M\0 \0G\0o\0!", 50, null_key_v2
, bootloader_v1
, sizeof(bootloader_v1
), 0x00900000},
54 {"C\0r\0e\0a\0t\0i\0v\0e\0 \0Z\0e\0n\0 \0V\0i\0s\0i\0o\0n\0 \0©\0T\0L", 48, null_key_v2
, bootloader_v1
, sizeof(bootloader_v1
), 0x00900000},
55 {"C\0r\0e\0a\0t\0i\0v\0e\0 \0Z\0E\0N\0 \0V", 42, null_key_v4
, bootloader_v3
, sizeof(bootloader_v3
), 0x00000000},
56 {"C\0r\0e\0a\0t\0i\0v\0e\0 \0Z\0E\0N", 48, null_key_v3
, bootloader_v2
, sizeof(bootloader_v2
), 0x40000000}
60 Create a Zen Vision:M FRESCUE structure file
62 extern void int2le(unsigned int val
, unsigned char* addr
);
63 extern unsigned int le2int(unsigned char* buf
);
66 static int make_ciff_file(unsigned char *inbuf
, unsigned int length
,
67 unsigned char *outbuf
, int device
)
69 unsigned char key
[20];
70 memcpy(outbuf
, "FFIC", 4);
71 int2le(length
+90, &outbuf
[4]);
72 memcpy(&outbuf
[8], "FNIC", 4);
73 int2le(96, &outbuf
[0xC]);
74 memcpy(&outbuf
[0x10], devices
[device
].cinf
, devices
[device
].cinf_size
);
75 memset(&outbuf
[0x10+devices
[device
].cinf_size
], 0,
76 96 - devices
[device
].cinf_size
);
77 memcpy(&outbuf
[0x70], "ATAD", 4);
78 int2le(length
+32, &outbuf
[0x74]);
79 memcpy(&outbuf
[0x78], "H\0j\0u\0k\0e\0b\0o\0x\0\x32\0.\0j\0r\0m",
80 32); /*Unicode encoded*/
81 memcpy(&outbuf
[0x98], inbuf
, length
);
82 memcpy(&outbuf
[0x98+length
], "LLUN", 4);
83 int2le(20, &outbuf
[0x98+length
+4]);
85 hmac_sha1((unsigned char *)devices
[device
].null
, strlen(devices
[device
].null
),
86 outbuf
, 0x98+length
, key
);
87 memcpy(&outbuf
[0x98+length
+8], key
, 20);
88 return length
+0x90+0x1C+8;
91 static int make_jrm_file(unsigned char *inbuf
, unsigned int length
,
92 unsigned char *outbuf
, int device
)
97 /* Clear the header area to zero */
98 memset(outbuf
, 0, 0x18);
101 memcpy(outbuf
, "EDOC", 4);
103 #define SIZEOF_BOOTLOADER_CODE devices[device].bootloader_size
104 int2le(4+0xC+SIZEOF_BOOTLOADER_CODE
+0xC+length
, &outbuf
[0x4]);
105 /* 4 bytes of zero */
106 memset(&outbuf
[0x8], 0, 0x4);
108 /* First block starts here ... */
110 memset(&outbuf
[0xC], 0, 0x4);
112 int2le(SIZEOF_BOOTLOADER_CODE
, &outbuf
[0x10]);
114 for(i
=0; i
<SIZEOF_BOOTLOADER_CODE
; i
+= 4)
115 sum
+= le2int((unsigned char*)&devices
[device
].bootloader
[i
]) + (le2int((unsigned char*)&devices
[device
].bootloader
[i
])>>16);
116 int2le(sum
, &outbuf
[0x14]);
120 memcpy(&outbuf
[0x18], devices
[device
].bootloader
, SIZEOF_BOOTLOADER_CODE
);
122 /* Second block starts here ... */
123 /* Address = depends on target */
124 #define SB_START (0x18+SIZEOF_BOOTLOADER_CODE)
125 int2le(devices
[device
].memory_address
, &outbuf
[SB_START
]);
127 int2le(length
, &outbuf
[SB_START
+0x4]);
130 for(i
=0; i
<length
; i
+= 4)
131 sum
+= le2int(&inbuf
[i
]) + (le2int(&inbuf
[i
])>>16);
132 int2le(sum
, &outbuf
[SB_START
+0x8]);
133 outbuf
[SB_START
+0xA] = 0;
134 outbuf
[SB_START
+0xB] = 0;
136 memcpy(&outbuf
[SB_START
+0xC], inbuf
, length
);
138 return SB_START
+0xC+length
;
141 int zvm_encode(char *iname
, char *oname
, int device
)
146 unsigned char *outbuf
;
149 file
= fopen(iname
, "rb");
154 fseek(file
, 0, SEEK_END
);
155 length
= ftell(file
);
157 fseek(file
, 0, SEEK_SET
);
159 buf
= (unsigned char*)malloc(length
);
161 printf("out of memory!\n");
165 len
= fread(buf
, 1, length
, file
);
166 if(len
< (size_t)length
) {
172 outbuf
= (unsigned char*)malloc(length
+0x300);
175 printf("out of memory!\n");
178 length
= make_jrm_file(buf
, len
, outbuf
, device
);
180 buf
= (unsigned char*)malloc(length
+0x200);
181 memset(buf
, 0, length
+0x200);
182 length
= make_ciff_file(outbuf
, length
, buf
, device
);
185 file
= fopen(oname
, "wb");
192 len
= fwrite(buf
, 1, length
, file
);
193 if(len
< (size_t)length
) {