1 /***************************************************************************
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
10 * Copyright (C) 2007 by Dave Chapman
12 * Based on mkboot, Copyright (C) 2005 by Linus Nielsen Feltzing
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version 2
17 * of the License, or (at your option) any later version.
19 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 * KIND, either express or implied.
22 ****************************************************************************/
27 #include <sys/types.h>
31 #include "telechips.h"
35 Append a Rockbox bootloader to a Telechips original firmware file.
37 The first instruction in a TCC firmware file is always of the form:
41 where [pc, #xxx] is the entry point of the firmware - e.g. 0x20000020
43 mktccboot appends the Rockbox bootloader to the end of the original
44 firmware image and replaces the contents of [pc, #xxx] with the entry
45 point of our bootloader - i.e. the length of the original firmware plus
48 It then stores the original entry point from [pc, #xxx] in a fixed
49 offset in the Rockbox boootloader, which is used by the bootloader to
52 Finally, mktccboot corrects the length and CRCs in the main firmware
53 header, creating a new legal firmware file which can be installed on
58 /* win32 compatibility */
64 static void put_uint32le(uint32_t x
, unsigned char* p
)
67 p
[1] = (x
>> 8) & 0xff;
68 p
[2] = (x
>> 16) & 0xff;
69 p
[3] = (x
>> 24) & 0xff;
72 static uint32_t get_uint32le(unsigned char* p
)
74 return (p
[3] << 24) | (p
[2] << 16) | (p
[1]<<8) | p
[0];
79 printf("Usage: mktccboot <firmware file> <boot file> <output file>\n");
84 static off_t
filesize(int fd
) {
87 if (fstat(fd
,&buf
) < 0) {
88 perror("[ERR] Checking filesize of input file");
95 #define DRAMORIG 0x20000000
96 /* Injects a bootloader into a Telechips 77X/78X firmware file */
97 unsigned char *patch_firmware_tcc(unsigned char *of_buf
, int of_size
,
98 unsigned char *boot_buf
, int boot_size
, int *patched_size
)
100 unsigned char *patched_buf
;
101 uint32_t ldr
, old_ep_offset
, new_ep_offset
;
104 patched_buf
= malloc(of_size
+ boot_size
);
108 memcpy(patched_buf
, of_buf
, of_size
);
109 memcpy(patched_buf
+ of_size
, boot_buf
, boot_size
);
111 ldr
= get_uint32le(patched_buf
);
113 /* TODO: Verify it's a LDR instruction */
114 of_offset
= (ldr
& 0xfff) + 8;
115 old_ep_offset
= get_uint32le(patched_buf
+ of_offset
);
116 new_ep_offset
= DRAMORIG
+ of_size
;
118 printf("OF entry point: 0x%08x\n", old_ep_offset
);
119 printf("New entry point: 0x%08x\n", new_ep_offset
+ 8);
121 /* Save the OF entry point at the start of the bootloader image */
122 put_uint32le(old_ep_offset
, patched_buf
+ of_size
);
123 put_uint32le(new_ep_offset
, patched_buf
+ of_size
+ 4);
125 /* Change the OF entry point to the third word in our bootloader */
126 put_uint32le(new_ep_offset
+ 8, patched_buf
+ of_offset
);
128 telechips_encode_crc(patched_buf
, of_size
+ boot_size
);
129 *patched_size
= of_size
+ boot_size
;
134 unsigned char *file_read(char *filename
, int *size
)
136 unsigned char *buf
= NULL
;
139 /* Open file for reading */
140 fd
= open(filename
, O_RDONLY
|O_BINARY
);
143 printf("[ERR] Could open file for reading, aborting\n");
148 /* Get file size, and allocate a buffer of that size */
149 *size
= filesize(fd
);
153 printf("[ERR] Could not allocate memory, aborting\n");
157 /* Read the file's content to the buffer */
158 n
= read(fd
, buf
, *size
);
161 printf("[ERR] Could not read from %s\n", filename
);
178 int main(int argc
, char *argv
[])
180 char *infile
, *bootfile
, *outfile
;
182 int n
, of_size
, boot_size
, patched_size
;
183 unsigned char *of_buf
;
184 unsigned char *boot_buf
= NULL
;
185 unsigned char* image
= NULL
;
196 /* Read OF and boot files */
197 of_buf
= file_read(infile
, &of_size
);
204 boot_buf
= file_read(bootfile
, &boot_size
);
211 /* Allocate buffer for patched firmware */
212 image
= malloc(of_size
+ boot_size
);
215 printf("[ERR] Could not allocate memory, aborting\n");
220 /* Create the patched firmware */
221 image
= patch_firmware_tcc(of_buf
, of_size
, boot_buf
, boot_size
,
225 printf("[ERR] Error creating patched firmware, aborting\n");
230 fdout
= open(outfile
, O_WRONLY
|O_CREAT
|O_TRUNC
|O_BINARY
, 0644);
238 n
= write(fdout
, image
, patched_size
);
239 if (n
!= patched_size
)
241 printf("[ERR] Could not write output file %s\n",outfile
);