summaryrefslogtreecommitdiff
path: root/rbutil/rbutilqt/irivertools/irivertools.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'rbutil/rbutilqt/irivertools/irivertools.cpp')
-rw-r--r--rbutil/rbutilqt/irivertools/irivertools.cpp532
1 files changed, 532 insertions, 0 deletions
diff --git a/rbutil/rbutilqt/irivertools/irivertools.cpp b/rbutil/rbutilqt/irivertools/irivertools.cpp
new file mode 100644
index 0000000000..f2cc59a8c2
--- /dev/null
+++ b/rbutil/rbutilqt/irivertools/irivertools.cpp
@@ -0,0 +1,532 @@
+/***************************************************************************
+ * __________ __ ___.
+ * Open \______ \ ____ ____ | | _\_ |__ _______ ___
+ * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
+ * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
+ * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
+ * \/ \/ \/ \/ \/
+ * Module: rbutil
+ * File: irivertools.cpp
+ *
+ * Copyright (C) 2007 Dominik Wenger
+ *
+ * All files in this archive are subject to the GNU General Public License.
+ * See the file COPYING in the source tree root for full license agreement.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ****************************************************************************/
+
+#include "irivertools.h"
+
+
+const unsigned char munge[] = {
+ 0x7a, 0x36, 0xc4, 0x43, 0x49, 0x6b, 0x35, 0x4e, 0xa3, 0x46, 0x25, 0x84,
+ 0x4d, 0x73, 0x74, 0x61
+};
+
+const unsigned char header_modify[] = "* IHPFIRM-DECODED ";
+
+const char * const models[] = { "iHP-100", "iHP-120/iHP-140", "H300 series",
+ NULL };
+
+/* aligns with models array; expected min firmware size */
+const unsigned int firmware_minsize[] = { 0x100000, 0x100000, 0x200000 };
+/* aligns with models array; expected max firmware size */
+const unsigned int firmware_maxsize[] = { 0x200000, 0x200000, 0x400000 };
+
+const unsigned char header[][16] = {
+ { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 },
+ { 0x20, 0x03, 0x08, 0x27, 0x24, 0x00, 0x02, 0x30, 0x19, 0x17, 0x65, 0x73,
+ 0x85, 0x32, 0x83, 0x22 },
+ { 0x20, 0x04, 0x03, 0x27, 0x20, 0x50, 0x01, 0x70, 0x80, 0x30, 0x80, 0x06,
+ 0x30, 0x19, 0x17, 0x65 }
+};
+
+/* begin mkboot.c excerpt */
+unsigned char image[0x400000 + 0x220 + 0x400000/0x200];
+
+bool mkboot(QString infile, QString outfile,QString bootloader,int origin,Ui::InstallProgressFrm* dp)
+{
+ int i;
+ int len,bllen;
+ int actual_length, total_length, binary_length, num_chksums;
+
+ memset(image, 0xff, sizeof(image));
+
+ /* First, read the iriver original firmware into the image */
+ QFile f(infile);
+ if(!f.open(QIODevice::ReadOnly))
+ {
+ dp->listProgress->addItem("Could not open: %1" + infile);
+ return false;
+ }
+ i = f.read((char*)image,16);
+ if(i < 16) {
+ dp->listProgress->addItem("reading header failed");
+ return false;
+ }
+
+ /* This is the length of the binary image without the scrambling
+ overhead (but including the ESTFBINR header) */
+ binary_length = image[4] + (image[5] << 8) +
+ (image[6] << 16) + (image[7] << 24);
+
+ /* Read the rest of the binary data, but not the checksum block */
+ len = binary_length+0x200-16;
+ i = f.read((char*)image+16, len);
+ if(i < len) {
+ dp->listProgress->addItem("reading firmware failed");
+ return false;
+ }
+
+ f.close();
+ /* Now, read the boot loader into the image */
+ f.setFileName(bootloader);
+ if(!f.open(QIODevice::ReadOnly))
+ {
+ dp->listProgress->addItem("Could not open: %1" + bootloader);
+ return false;
+ }
+
+ bllen = f.size();
+
+ i = f.read((char*)image+0x220 + origin, bllen);
+ if(i < bllen) {
+ dp->listProgress->addItem("reading bootloader failed");
+ return false;
+ }
+
+ f.close();
+ f.setFileName(outfile);
+ if(!f.open(QIODevice::WriteOnly))
+ {
+ dp->listProgress->addItem("Could not open: %1" + outfile);
+ return false;
+ }
+
+ /* Patch the reset vector to start the boot loader */
+ image[0x220 + 4] = image[origin + 0x220 + 4];
+ image[0x220 + 5] = image[origin + 0x220 + 5];
+ image[0x220 + 6] = image[origin + 0x220 + 6];
+ image[0x220 + 7] = image[origin + 0x220 + 7];
+
+ /* This is the actual length of the binary, excluding all headers */
+ actual_length = origin + bllen;
+
+ /* Patch the ESTFBINR header */
+ image[0x20c] = (actual_length >> 24) & 0xff;
+ image[0x20d] = (actual_length >> 16) & 0xff;
+ image[0x20e] = (actual_length >> 8) & 0xff;
+ image[0x20f] = actual_length & 0xff;
+
+ image[0x21c] = (actual_length >> 24) & 0xff;
+ image[0x21d] = (actual_length >> 16) & 0xff;
+ image[0x21e] = (actual_length >> 8) & 0xff;
+ image[0x21f] = actual_length & 0xff;
+
+ /* This is the length of the binary, including the ESTFBINR header and
+ rounded up to the nearest 0x200 boundary */
+ binary_length = (actual_length + 0x20 + 0x1ff) & 0xfffffe00;
+
+ /* The number of checksums, i.e number of 0x200 byte blocks */
+ num_chksums = binary_length / 0x200;
+
+ /* The total file length, including all headers and checksums */
+ total_length = binary_length + num_chksums + 0x200;
+
+ /* Patch the scrambler header with the new length info */
+ image[0] = total_length & 0xff;
+ image[1] = (total_length >> 8) & 0xff;
+ image[2] = (total_length >> 16) & 0xff;
+ image[3] = (total_length >> 24) & 0xff;
+
+ image[4] = binary_length & 0xff;
+ image[5] = (binary_length >> 8) & 0xff;
+ image[6] = (binary_length >> 16) & 0xff;
+ image[7] = (binary_length >> 24) & 0xff;
+
+ image[8] = num_chksums & 0xff;
+ image[9] = (num_chksums >> 8) & 0xff;
+ image[10] = (num_chksums >> 16) & 0xff;
+ image[11] = (num_chksums >> 24) & 0xff;
+
+ i = f.write((char*)image,total_length);
+ if(i < total_length) {
+ dp->listProgress->addItem("writing bootloader failed");
+ return false;
+ }
+
+ f.close();
+
+ return true;
+}
+
+/* end mkboot.c excerpt */
+
+
+int intable(char *md5, struct sumpairs *table, int len)
+{
+ int i;
+ for (i = 0; i < len; i++) {
+ if (strncmp(md5, table[i].unpatched, 32) == 0) {
+ return i;
+ }
+ }
+ return -1;
+}
+
+
+
+
+static int testheader( const unsigned char * const data )
+{
+ const unsigned char * const d = data+16;
+ const char * const * m = models;
+ int index = 0;
+ while( *m )
+ {
+ if( memcmp( header[ index ], d, 16 ) == 0 )
+ return index;
+ index++;
+ m++;
+ };
+ return -1;
+};
+
+static void modifyheader( unsigned char * data )
+{
+ const unsigned char * h = header_modify;
+ int i;
+ for( i=0; i<512; i++ )
+ {
+ if( *h == '\0' )
+ h = header_modify;
+ *data++ ^= *h++;
+ };
+};
+
+int iriver_decode(QString infile_name, QString outfile_name, unsigned int modify,
+ enum striptype stripmode,Ui::InstallProgressFrm* dp )
+{
+ QFile infile(infile_name);
+ QFile outfile(outfile_name);
+ int i = -1;
+ unsigned char headerdata[512];
+ unsigned long dwLength1, dwLength2, dwLength3, fp = 0;
+ unsigned char blockdata[16+16];
+ unsigned char out[16];
+ unsigned char newmunge;
+ signed long lenread;
+ int s = 0;
+ unsigned char * pChecksums, * ppChecksums = 0;
+ unsigned char ck;
+
+
+ if(!infile.open(QIODevice::ReadOnly))
+ {
+ dp->listProgress->addItem("Could not open: %1" + infile_name);
+ return -1;
+ }
+ if(!outfile.open(QIODevice::WriteOnly))
+ {
+ dp->listProgress->addItem("Could not open: %1" + outfile_name);
+ return -1;
+ }
+ lenread = infile.read( (char*)headerdata, 512);
+ if( lenread != 512 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid encrypted iHP"
+ "firmware - reason: header length.");
+ infile.close();
+ outfile.close();
+ return -1;
+ };
+
+ i = testheader( headerdata );
+ if( i == -1 )
+ {
+ dp->listProgress->addItem("This firmware is for an unknown model, or is not"
+ " a valid encrypted iHP firmware.");
+ infile.close();
+ outfile.close();
+ return -1;
+ };
+ fprintf( stderr, "Model %s\n", models[ i ] );
+
+ dwLength1 = headerdata[0] | (headerdata[1]<<8) |
+ (headerdata[2]<<16) | (headerdata[3]<<24);
+ dwLength2 = headerdata[4] | (headerdata[5]<<8) |
+ (headerdata[6]<<16) | (headerdata[7]<<24);
+ dwLength3 = headerdata[8] | (headerdata[9]<<8) |
+ (headerdata[10]<<16) | (headerdata[11]<<24);
+
+ if( dwLength1 < firmware_minsize[ i ] ||
+ dwLength1 > firmware_maxsize[ i ] ||
+ dwLength2 < firmware_minsize[ i ] ||
+ dwLength2 > dwLength1 ||
+ dwLength3 > dwLength1 ||
+ dwLength2>>9 != dwLength3 ||
+ dwLength2+dwLength3+512 != dwLength1 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid encrypted "
+ "iHP firmware - reason: file 'length' data.");
+ infile.close();
+ outfile.close();
+ return -1;
+ };
+
+ pChecksums = ppChecksums = (unsigned char *)( malloc( dwLength3 ) );
+
+ if( modify )
+ {
+ modifyheader( headerdata );
+ };
+
+ if( stripmode == STRIP_NONE )
+ outfile.write( (char*)headerdata, 512);
+
+ memset( blockdata, 0, 16 );
+
+ ck = 0;
+ while( ( fp < dwLength2 ) &&
+ ( lenread = infile.read( (char*)blockdata+16, 16) == 16) )
+ {
+ fp += 16;
+
+ for( i=0; i<16; ++i )
+ {
+ newmunge = blockdata[16+i] ^ munge[i];
+ out[i] = newmunge ^ blockdata[i];
+ blockdata[i] = newmunge;
+ ck += out[i];
+ }
+
+ if( fp > ESTF_SIZE || stripmode != STRIP_HEADER_CHECKSUM_ESTF )
+ {
+ outfile.write( (char*)out+4, 12);
+ outfile.write( (char*)out, 4);
+ }
+ else
+ {
+ if( ESTF_SIZE - fp < 16 )
+ {
+ memcpy( out+4, blockdata+16, 12 );
+ memcpy( out, blockdata+28, 4 );
+ outfile.write((char*) blockdata+16+ESTF_SIZE-fp, ESTF_SIZE-fp);
+ }
+ }
+
+
+ if( s == 496 )
+ {
+ s = 0;
+ memset( blockdata, 0, 16 );
+ *ppChecksums++ = ck;
+ ck = 0;
+ }
+ else
+ s+=16;
+ };
+
+ if( fp != dwLength2 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid encrypted "
+ "iHP firmware - reason: 'length2' mismatch.");
+ infile.close();
+ outfile.close();
+ return -1;
+ };
+
+ fp = 0;
+ ppChecksums = pChecksums;
+ while( ( fp < dwLength3 ) &&
+ ( lenread = infile.read((char*) blockdata, 32 ) ) > 0 )
+ {
+ fp += lenread;
+ if( stripmode == STRIP_NONE )
+ outfile.write((char*) blockdata, lenread );
+ if( memcmp( ppChecksums, blockdata, lenread ) != 0 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid encrypted "
+ "iHP firmware - reason: Checksum mismatch!");
+ infile.close();
+ outfile.close();
+ return -1;
+ };
+ ppChecksums += lenread;
+ };
+
+ if( fp != dwLength3 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid encrypted "
+ "iHP firmware - reason: 'length3' mismatch.");
+ infile.close();
+ outfile.close();
+ return -1;
+ };
+
+
+ fprintf( stderr, "File decoded correctly and all checksums matched!\n" );
+ switch( stripmode )
+ {
+ default:
+ case STRIP_NONE:
+ fprintf(stderr, "Output file contains all headers and "
+ "checksums\n");
+ break;
+ case STRIP_HEADER_CHECKSUM:
+ fprintf( stderr, "NB: output file contains only ESTFBINR header"
+ " and decoded firmware code\n" );
+ break;
+ case STRIP_HEADER_CHECKSUM_ESTF:
+ fprintf( stderr, "NB: output file contains only raw decoded "
+ "firmware code\n" );
+ break;
+ };
+
+ infile.close();
+ outfile.close();
+ return 0;
+
+};
+
+int iriver_encode(QString infile_name, QString outfile_name, unsigned int modify,Ui::InstallProgressFrm* dp )
+{
+ QFile infile(infile_name);
+ QFile outfile(outfile_name);
+ int i = -1;
+ unsigned char headerdata[512];
+ unsigned long dwLength1, dwLength2, dwLength3, fp = 0;
+ unsigned char blockdata[16+16];
+ unsigned char out[16];
+ unsigned char newmunge;
+ signed long lenread;
+ int s = 0;
+ unsigned char * pChecksums, * ppChecksums;
+ unsigned char ck;
+
+ if(!infile.open(QIODevice::ReadOnly))
+ {
+ dp->listProgress->addItem("Could not open: %1" + infile_name);
+ return -1;
+ }
+ if(!outfile.open(QIODevice::WriteOnly))
+ {
+ dp->listProgress->addItem("Could not open: %1" + outfile_name);
+ return -1;
+ }
+
+ lenread = infile.read((char*) headerdata, 512 );
+ if( lenread != 512 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid decoded "
+ "iHP firmware - reason: header length.");
+ infile.close();
+ outfile.close();
+ };
+
+ if( modify )
+ {
+ modifyheader( headerdata ); /* reversible */
+ };
+
+ i = testheader( headerdata );
+ if( i == -1 )
+ {
+ dp->listProgress->addItem("This firmware is for an unknown model, or is not"
+ " a valid decoded iHP firmware.");
+ infile.close();
+ outfile.close();
+ };
+ fprintf( stderr, "Model %s\n", models[ i ] );
+
+ dwLength1 = headerdata[0] | (headerdata[1]<<8) |
+ (headerdata[2]<<16) | (headerdata[3]<<24);
+ dwLength2 = headerdata[4] | (headerdata[5]<<8) |
+ (headerdata[6]<<16) | (headerdata[7]<<24);
+ dwLength3 = headerdata[8] | (headerdata[9]<<8) |
+ (headerdata[10]<<16) | (headerdata[11]<<24);
+
+ if( dwLength1 < firmware_minsize[i] ||
+ dwLength1 > firmware_maxsize[i] ||
+ dwLength2 < firmware_minsize[i] ||
+ dwLength2 > dwLength1 ||
+ dwLength3 > dwLength1 ||
+ dwLength2+dwLength3+512 != dwLength1 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid decoded "
+ "iHP firmware - reason:file 'length' data.");
+ infile.close();
+ outfile.close();
+ };
+
+ pChecksums = ppChecksums = (unsigned char *)( malloc( dwLength3 ) );
+
+ outfile.write( (char*)headerdata, 512);
+
+ memset( blockdata, 0, 16 );
+ ck = 0;
+ while( ( fp < dwLength2 ) &&
+ ( lenread = infile.read((char*) blockdata+16, 16) ) == 16 )
+ {
+ fp += 16;
+ for( i=0; i<16; ++i )
+ {
+ newmunge = blockdata[16+((12+i)&0xf)] ^ blockdata[i];
+ out[i] = newmunge ^ munge[i];
+ ck += blockdata[16+i];
+ blockdata[i] = newmunge;
+ };
+ outfile.write( (char*)out, 16);
+
+ if( s == 496 )
+ {
+ s = 0;
+ memset( blockdata, 0, 16 );
+ *ppChecksums++ = ck;
+ ck = 0;
+ }
+ else
+ s+=16;
+ };
+
+ if( fp != dwLength2 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid decoded "
+ "iHP firmware - reason: 'length1' mismatch.");
+ infile.close();
+ outfile.close();
+ };
+
+ /* write out remainder w/out applying descrambler */
+ fp = 0;
+ lenread = dwLength3;
+ ppChecksums = pChecksums;
+ while( ( fp < dwLength3) &&
+ ( lenread = outfile.write((char*) ppChecksums, lenread) ) > 0 )
+ {
+ fp += lenread;
+ ppChecksums += lenread;
+ lenread = dwLength3 - fp;
+ };
+
+ if( fp != dwLength3 )
+ {
+ dp->listProgress->addItem("This doesn't look like a valid decoded "
+ "iHP firmware - 'length2' mismatch.");
+ infile.close();
+ outfile.close();
+ };
+
+ fprintf( stderr, "File encoded successfully and checksum table built!\n" );
+
+ infile.close();
+ outfile.close();
+ return 0;
+
+};
+
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 01:20:16 +0000