Make sure we don't read past the end of a C-string in format_track_path. Second part...
[maemo-rb.git] / tools / iriver.c
blob4c949c66272d6e11a34c694815d767dcf46c31c9
1 /***************************************************************************
2 * __________ __ ___.
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
7 * \/ \/ \/ \/ \/
8 * $Id$
10 * Copyright (C) 2004 by Dave Hooper
12 * This particular source code file is licensed under the X11 license. See the
13 * bottom of the COPYING file for details on this license.
15 * Original code from http://www.beermex.com/@spc/ihpfirm.src.zip
16 * Details at http://www.rockbox.org/twiki/bin/view/Main/IriverToolsGuide
18 ****************************************************************************/
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <string.h>
23 #include "iriver.h"
25 const unsigned char munge[] = {
26 0x7a, 0x36, 0xc4, 0x43, 0x49, 0x6b, 0x35, 0x4e, 0xa3, 0x46, 0x25, 0x84,
27 0x4d, 0x73, 0x74, 0x61
30 const unsigned char header_modify[] = "* IHPFIRM-DECODED ";
32 const char * const models[] = { "iHP-100", "iHP-120/iHP-140", "H300 series",
33 NULL };
35 /* aligns with models array; expected min firmware size */
36 const unsigned int firmware_minsize[] = { 0x100000, 0x100000, 0x200000 };
37 /* aligns with models array; expected max firmware size */
38 const unsigned int firmware_maxsize[] = { 0x200000, 0x200000, 0x400000 };
40 const unsigned char header[][16] = {
41 { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 },
42 { 0x20, 0x03, 0x08, 0x27, 0x24, 0x00, 0x02, 0x30, 0x19, 0x17, 0x65, 0x73,
43 0x85, 0x32, 0x83, 0x22 },
44 { 0x20, 0x04, 0x03, 0x27, 0x20, 0x50, 0x01, 0x70, 0x80, 0x30, 0x80, 0x06,
45 0x30, 0x19, 0x17, 0x65 }
48 static int testheader( const unsigned char * const data )
50 const unsigned char * const d = data+16;
51 const char * const * m = models;
52 int ind = 0;
53 while( *m )
55 if( memcmp( header[ ind ], d, 16 ) == 0 )
56 return ind;
57 ind++;
58 m++;
60 return -1;
63 static void modifyheader( unsigned char * data )
65 const unsigned char * h = header_modify;
66 int i;
67 for( i=0; i<512; i++ )
69 if( *h == '\0' )
70 h = header_modify;
71 *data++ ^= *h++;
75 static FILE * openinfile( const char * filename )
77 FILE * F = fopen( filename, "rb" );
78 if( F == NULL )
80 fprintf( stderr, "Couldn't open input file %s\n", filename );
81 perror( "Error was " );
82 exit( -1 );
84 return F;
87 static FILE * openoutfile( const char * filename )
89 FILE * F = fopen( filename, "wb" );
90 if( F == NULL )
92 fprintf( stderr, "Couldn't open output file %s\n", filename );
93 perror( "Error was " );
94 exit( -1 );
96 return F;
99 int iriver_decode(const char *infile_name, const char *outfile_name, BOOL modify,
100 enum striptype stripmode )
102 FILE * infile = NULL;
103 FILE * outfile = NULL;
104 int i = -1;
105 unsigned char headerdata[512];
106 unsigned long dwLength1, dwLength2, dwLength3, fp = 0;
107 unsigned char blockdata[16+16];
108 unsigned char out[16];
109 unsigned char newmunge;
110 signed long lenread;
111 int s = 0;
112 unsigned char * pChecksums, * ppChecksums = 0;
113 unsigned char ck;
115 infile = openinfile(infile_name);
116 outfile = openoutfile(outfile_name);
118 lenread = fread( headerdata, 1, 512, infile );
119 if( lenread != 512 )
121 fprintf( stderr, "This doesn't look like a valid encrypted iHP "
122 "firmware - reason: header length\n" );
123 fclose(infile);
124 fclose(outfile);
125 return -1;
128 i = testheader( headerdata );
129 if( i == -1 )
131 fprintf( stderr, "This firmware is for an unknown model, or is not"
132 " a valid encrypted iHP firmware\n" );
133 fclose(infile);
134 fclose(outfile);
135 return -2;
137 fprintf( stderr, "Model %s\n", models[ i ] );
139 dwLength1 = headerdata[0] | (headerdata[1]<<8) |
140 (headerdata[2]<<16) | (headerdata[3]<<24);
141 dwLength2 = headerdata[4] | (headerdata[5]<<8) |
142 (headerdata[6]<<16) | (headerdata[7]<<24);
143 dwLength3 = headerdata[8] | (headerdata[9]<<8) |
144 (headerdata[10]<<16) | (headerdata[11]<<24);
146 if( dwLength1 < firmware_minsize[ i ] ||
147 dwLength1 > firmware_maxsize[ i ] ||
148 dwLength2 < firmware_minsize[ i ] ||
149 dwLength2 > dwLength1 ||
150 dwLength3 > dwLength1 ||
151 dwLength2>>9 != dwLength3 ||
152 dwLength2+dwLength3+512 != dwLength1 )
154 fprintf( stderr, "This doesn't look like a valid encrypted "
155 "iHP firmware - reason: file 'length' data\n" );
156 fclose(infile);
157 fclose(outfile);
158 return -3;
161 pChecksums = ppChecksums = (unsigned char *)( malloc( dwLength3 ) );
163 if( modify )
165 modifyheader( headerdata );
168 if( stripmode == STRIP_NONE )
169 fwrite( headerdata, 512, 1, outfile );
171 memset( blockdata, 0, 16 );
173 ck = 0;
174 while( ( fp < dwLength2 ) &&
175 ( lenread = fread( blockdata+16, 1, 16, infile ) ) == 16 )
177 fp += 16;
179 for( i=0; i<16; ++i )
181 newmunge = blockdata[16+i] ^ munge[i];
182 out[i] = newmunge ^ blockdata[i];
183 blockdata[i] = newmunge;
184 ck += out[i];
187 if( fp > ESTF_SIZE || stripmode != STRIP_HEADER_CHECKSUM_ESTF )
189 fwrite( out+4, 1, 12, outfile );
190 fwrite( out, 1, 4, outfile );
192 else
194 if( ESTF_SIZE - fp < 16 )
196 memcpy( out+4, blockdata+16, 12 );
197 memcpy( out, blockdata+28, 4 );
198 fwrite( blockdata+16+ESTF_SIZE-fp, 1, ESTF_SIZE-fp, outfile );
203 if( s == 496 )
205 s = 0;
206 memset( blockdata, 0, 16 );
207 *ppChecksums++ = ck;
208 ck = 0;
210 else
211 s+=16;
214 if( fp != dwLength2 )
216 fprintf( stderr, "This doesn't look like a valid encrypted "
217 "iHP firmware - reason: 'length2' mismatch\n" );
218 fclose(infile);
219 fclose(outfile);
220 return -4;
223 fp = 0;
224 ppChecksums = pChecksums;
225 while( ( fp < dwLength3 ) &&
226 ( lenread = fread( blockdata, 1, 32, infile ) ) > 0 )
228 fp += lenread;
229 if( stripmode == STRIP_NONE )
230 fwrite( blockdata, 1, lenread, outfile );
231 if( memcmp( ppChecksums, blockdata, lenread ) != 0 )
233 fprintf( stderr, "This doesn't look like a valid encrypted "
234 "iHP firmware - reason: Checksum mismatch!" );
235 fclose(infile);
236 fclose(outfile);
237 return -5;
239 ppChecksums += lenread;
242 if( fp != dwLength3 )
244 fprintf( stderr, "This doesn't look like a valid encrypted "
245 "iHP firmware - reason: 'length3' mismatch\n" );
246 fclose(infile);
247 fclose(outfile);
248 return -6;
252 fprintf( stderr, "File decoded correctly and all checksums matched!\n" );
253 switch( stripmode )
255 default:
256 case STRIP_NONE:
257 fprintf(stderr, "Output file contains all headers and "
258 "checksums\n");
259 break;
260 case STRIP_HEADER_CHECKSUM:
261 fprintf( stderr, "NB: output file contains only ESTFBINR header"
262 " and decoded firmware code\n" );
263 break;
264 case STRIP_HEADER_CHECKSUM_ESTF:
265 fprintf( stderr, "NB: output file contains only raw decoded "
266 "firmware code\n" );
267 break;
270 return 0;
273 int iriver_encode(const char *infile_name, const char *outfile_name, BOOL modify )
275 FILE * infile = NULL;
276 FILE * outfile = NULL;
277 int i = -1;
278 unsigned char headerdata[512];
279 unsigned long dwLength1, dwLength2, dwLength3, fp = 0;
280 unsigned char blockdata[16+16];
281 unsigned char out[16];
282 unsigned char newmunge;
283 signed long lenread;
284 int s = 0;
285 unsigned char * pChecksums, * ppChecksums;
286 unsigned char ck;
288 infile = openinfile(infile_name);
289 outfile = openoutfile(outfile_name);
291 lenread = fread( headerdata, 1, 512, infile );
292 if( lenread != 512 )
294 fprintf( stderr, "This doesn't look like a valid decoded "
295 "iHP firmware - reason: header length\n" );
296 fclose(infile);
297 fclose(outfile);
298 return -1;
301 if( modify )
303 modifyheader( headerdata ); /* reversible */
306 i = testheader( headerdata );
307 if( i == -1 )
309 fprintf( stderr, "This firmware is for an unknown model, or is not"
310 " a valid decoded iHP firmware\n" );
311 fclose(infile);
312 fclose(outfile);
313 return -2;
315 fprintf( stderr, "Model %s\n", models[ i ] );
317 dwLength1 = headerdata[0] | (headerdata[1]<<8) |
318 (headerdata[2]<<16) | (headerdata[3]<<24);
319 dwLength2 = headerdata[4] | (headerdata[5]<<8) |
320 (headerdata[6]<<16) | (headerdata[7]<<24);
321 dwLength3 = headerdata[8] | (headerdata[9]<<8) |
322 (headerdata[10]<<16) | (headerdata[11]<<24);
324 if( dwLength1 < firmware_minsize[i] ||
325 dwLength1 > firmware_maxsize[i] ||
326 dwLength2 < firmware_minsize[i] ||
327 dwLength2 > dwLength1 ||
328 dwLength3 > dwLength1 ||
329 dwLength2+dwLength3+512 != dwLength1 )
331 fprintf( stderr, "This doesn't look like a valid decoded iHP"
332 " firmware - reason: file 'length' data\n" );
333 fclose(infile);
334 fclose(outfile);
335 return -3;
338 pChecksums = ppChecksums = (unsigned char *)( malloc( dwLength3 ) );
340 fwrite( headerdata, 512, 1, outfile );
342 memset( blockdata, 0, 16 );
343 ck = 0;
344 while( ( fp < dwLength2 ) &&
345 ( lenread = fread( blockdata+16, 1, 16, infile ) ) == 16 )
347 fp += 16;
348 for( i=0; i<16; ++i )
350 newmunge = blockdata[16+((12+i)&0xf)] ^ blockdata[i];
351 out[i] = newmunge ^ munge[i];
352 ck += blockdata[16+i];
353 blockdata[i] = newmunge;
355 fwrite( out, 1, 16, outfile );
357 if( s == 496 )
359 s = 0;
360 memset( blockdata, 0, 16 );
361 *ppChecksums++ = ck;
362 ck = 0;
364 else
365 s+=16;
368 if( fp != dwLength2 )
370 fprintf( stderr, "This doesn't look like a valid decoded "
371 "iHP firmware - reason: 'length1' mismatch\n" );
372 fclose(infile);
373 fclose(outfile);
374 return -4;
377 /* write out remainder w/out applying descrambler */
378 fp = 0;
379 lenread = dwLength3;
380 ppChecksums = pChecksums;
381 while( ( fp < dwLength3) &&
382 ( lenread = fwrite( ppChecksums, 1, lenread, outfile ) ) > 0 )
384 fp += lenread;
385 ppChecksums += lenread;
386 lenread = dwLength3 - fp;
389 if( fp != dwLength3 )
391 fprintf( stderr, "This doesn't look like a valid decoded "
392 "iHP firmware - reason: 'length2' mismatch\n" );
393 fclose(infile);
394 fclose(outfile);
395 return -5;
398 fprintf( stderr, "File encoded successfully and checksum table built!\n" );
400 fclose(infile);
401 fclose(outfile);
402 return 0;