1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
|
/***************************************************************************
* __________ __ ___.
* Open \______ \ ____ ____ | | _\_ |__ _______ ___
* Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
* Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
* Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
* \/ \/ \/ \/ \/
* $Id$
*
* Copyright (C) 2005 by Linus Nielsen Feltzing
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
****************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "mkboot.h"
#define SECTOR_SIZE 0x200
#define RAW_IMAGE_SIZE 0x400000
#define TOTAL_IMAGE_SIZE (RAW_IMAGE_SIZE + HEADER2_SIZE)
#define ALIGNED_IMAGE_SIZE (TOTAL_IMAGE_SIZE + SECTOR_SIZE - (TOTAL_IMAGE_SIZE % SECTOR_SIZE))
#define HEADER1_SIZE SECTOR_SIZE
#define HEADER2_SIZE 0x20
#ifndef RBUTIL
static void usage(void)
{
printf("usage: mkboot <target> <firmware file> <boot file> <output file>\n");
printf("available targets:\n"
"\t-h100 Iriver H1x0\n"
"\t-h300 Iriver H3x0\n"
"\t-iax5 iAudio X5\n"
"\t-iam5 iAudio M5\n");
exit(1);
}
#endif
#ifndef RBUTIL
int main(int argc, char *argv[])
{
if(argc != 5)
{
usage();
return 1;
}
if ( ! strcmp(argv[1], "-h100"))
return mkboot_iriver(argv[2], argv[3], argv[4], 0x1f0000);
if ( ! strcmp(argv[1], "-h300"))
return mkboot_iriver(argv[2], argv[3], argv[4], 0x3f0000);
if ( ! strcmp(argv[1], "-iax5"))
return mkboot_iaudio(argv[2], argv[3], argv[4], 0);
if ( ! strcmp(argv[1], "-iam5"))
return mkboot_iaudio(argv[2], argv[3], argv[4], 1);
usage();
return 1;
}
#endif
/*
* initial header size plus
* the rounded up size (includes the raw data and its length header) plus
* the checksums for the raw data and its length header
*/
static unsigned char image[ALIGNED_IMAGE_SIZE + HEADER1_SIZE + ALIGNED_IMAGE_SIZE / SECTOR_SIZE];
int mkboot_iriver(const char* infile, const char* bootfile, const char* outfile, int origin)
{
FILE *f;
int i;
int len;
int actual_length, total_length, binary_length, num_chksums;
memset(image, 0xff, sizeof(image));
/* First, read the iriver original firmware into the image */
f = fopen(infile, "rb");
if(!f) {
perror(infile);
return -1;
}
i = fread(image, 1, 16, f);
if(i < 16) {
perror(infile);
fclose(f);
return -2;
}
/* This is the length of the binary image without the scrambling
overhead (but including the ESTFBINR header) */
binary_length = image[4] + (image[5] << 8) +
(image[6] << 16) + (image[7] << 24);
/* Read the rest of the binary data, but not the checksum block */
len = binary_length+0x200-16;
i = fread(image+16, 1, len, f);
if(i < len) {
perror(infile);
fclose(f);
return -3;
}
fclose(f);
/* Now, read the boot loader into the image */
f = fopen(bootfile, "rb");
if(!f) {
perror(bootfile);
fclose(f);
return -4;
}
fseek(f, 0, SEEK_END);
len = ftell(f);
fseek(f, 0, SEEK_SET);
i = fread(image+0x220 + origin, 1, len, f);
if(i < len) {
perror(bootfile);
fclose(f);
return -5;
}
fclose(f);
f = fopen(outfile, "wb");
if(!f) {
perror(outfile);
return -6;
}
/* Patch the reset vector to start the boot loader */
image[0x220 + 4] = image[origin + 0x220 + 4];
image[0x220 + 5] = image[origin + 0x220 + 5];
image[0x220 + 6] = image[origin + 0x220 + 6];
image[0x220 + 7] = image[origin + 0x220 + 7];
/* This is the actual length of the binary, excluding all headers */
actual_length = origin + len;
/* Patch the ESTFBINR header */
image[0x20c] = (actual_length >> 24) & 0xff;
image[0x20d] = (actual_length >> 16) & 0xff;
image[0x20e] = (actual_length >> 8) & 0xff;
image[0x20f] = actual_length & 0xff;
image[0x21c] = (actual_length >> 24) & 0xff;
image[0x21d] = (actual_length >> 16) & 0xff;
image[0x21e] = (actual_length >> 8) & 0xff;
image[0x21f] = actual_length & 0xff;
/* This is the length of the binary, including the ESTFBINR header and
rounded up to the nearest 0x200 boundary */
binary_length = (actual_length + 0x20 + 0x1ff) & 0xfffffe00;
/* The number of checksums, i.e number of 0x200 byte blocks */
num_chksums = binary_length / 0x200;
/* The total file length, including all headers and checksums */
total_length = binary_length + num_chksums + 0x200;
/* Patch the scrambler header with the new length info */
image[0] = total_length & 0xff;
image[1] = (total_length >> 8) & 0xff;
image[2] = (total_length >> 16) & 0xff;
image[3] = (total_length >> 24) & 0xff;
image[4] = binary_length & 0xff;
image[5] = (binary_length >> 8) & 0xff;
image[6] = (binary_length >> 16) & 0xff;
image[7] = (binary_length >> 24) & 0xff;
image[8] = num_chksums & 0xff;
image[9] = (num_chksums >> 8) & 0xff;
image[10] = (num_chksums >> 16) & 0xff;
image[11] = (num_chksums >> 24) & 0xff;
i = fwrite(image, 1, total_length, f);
if(i < total_length) {
perror(outfile);
fclose(f);
return -7;
}
printf("Wrote 0x%x bytes in %s\n", total_length, outfile);
fclose(f);
return 0;
}
/* iAudio firmware update file header size */
#define HEADER_SIZE 0x1030
/* Address of flash contents that get overwritten by a firmware update.
* Contents before this address contain the preloader and are not affected
* by a firmware update.
* -> Firmware update file contents starting at offset HEADER_SIZE end up
* in flash at address FLASH_START
*/
#define FLASH_START 0x00010000
/* Start of unused space in original firmware (flash address, not file
* offset!) where we patch in the Rockbox loader */
#define ROCKBOX_BOOTLOADER 0x00150000
/* End of unused space in original firmware */
#define BOOTLOADER_LIMIT 0x00170000
/* Patch the Rockbox bootloader into free space in the original firmware
* (starting at 0x150000). The preloader starts execution of the OF at
* 0x10000 which normally contains a jsr 0x10010. We also patch this to
* do a jsr 0x150000 to the Rockbox dual boot loader instead. If it then
* decides to start the OF instead of Rockbox, it simply does a jmp
* 0x10010 instead of loading Rockbox from disk.
*/
int mkboot_iaudio(const char* infile, const char* bootfile, const char* outfile, int model_nr)
{
size_t flength, blength;
unsigned char *bbuf, *fbuf, *p;
const unsigned char fsig[] = {
0x4e, 0xb9, 0x00, 0x01, 0x00, 0x10 }; /* jsr 0x10010 */
unsigned char bsig[2][8] = {
/* dualboot signatures */
{ 0x60, 0x06, 0x44, 0x42, 0x69, 0x61, 0x78, 0x35 }, /* X5 */
{ 0x60, 0x06, 0x44, 0x42, 0x69, 0x61, 0x6d, 0x35 }, /* M5 */ };
FILE *ffile, *bfile, *ofile;
unsigned char sum = 0;
int i;
/* read input files */
if ((bfile = fopen(bootfile, "rb")) == NULL) {
perror("Cannot open Rockbox bootloader file.\n");
return 1;
}
fseek(bfile, 0, SEEK_END);
blength = ftell(bfile);
fseek(bfile, 0, SEEK_SET);
if (blength + ROCKBOX_BOOTLOADER >= BOOTLOADER_LIMIT) {
fprintf(stderr, "Rockbox bootloader is too big.\n");
return 1;
}
if ((ffile = fopen(infile, "rb")) == NULL) {
perror("Cannot open original firmware file.");
return 1;
}
fseek(ffile, 0, SEEK_END);
flength = ftell(ffile);
fseek(ffile, 0, SEEK_SET);
bbuf = malloc(blength);
fbuf = malloc(flength);
if (!bbuf || !fbuf) {
fprintf(stderr, "Out of memory.\n");
return 1;
}
if ( fread(bbuf, 1, blength, bfile) < blength
|| fread(fbuf, 1, flength, ffile) < flength) {
fprintf(stderr, "Read error.\n");
return 1;
}
fclose(bfile);
fclose(ffile);
/* verify format of input files */
if (blength < 0x10 || memcmp(bbuf, bsig[model_nr], sizeof(bsig[0]))) {
fprintf(stderr, "Rockbox bootloader format error (is it bootloader.bin?).\n");
return 1;
}
if (flength < HEADER_SIZE-FLASH_START+BOOTLOADER_LIMIT
|| memcmp(fbuf+HEADER_SIZE, fsig, sizeof(fsig))) {
fprintf(stderr, "Original firmware format error.\n");
return 1;
}
/* verify firmware is not overrun */
for (i = ROCKBOX_BOOTLOADER; i < BOOTLOADER_LIMIT; i++) {
if (fbuf[HEADER_SIZE-FLASH_START+i] != 0xff) {
fprintf(stderr, "Original firmware has grown too much.\n");
return 1;
}
}
/* change jsr 0x10010 to jsr DUAL_BOOTLOADER */
p = fbuf + HEADER_SIZE + 2;
*p++ = (ROCKBOX_BOOTLOADER >> 24) & 0xff;
*p++ = (ROCKBOX_BOOTLOADER >> 16) & 0xff;
*p++ = (ROCKBOX_BOOTLOADER >> 8) & 0xff;
*p++ = (ROCKBOX_BOOTLOADER ) & 0xff;
p = fbuf + HEADER_SIZE + ROCKBOX_BOOTLOADER - FLASH_START;
memcpy(p, bbuf, blength);
/* recalc checksum */
for (i = HEADER_SIZE; (size_t)i < flength; i++)
sum += fbuf[i];
fbuf[0x102b] = sum;
/* write output */
if ((ofile = fopen(outfile, "wb")) == NULL) {
perror("Cannot open output file");
return 1;
}
if (fwrite(fbuf, 1, flength, ofile) < flength) {
fprintf(stderr, "Write error.\n");
return 1;
}
fclose(ofile);
free(bbuf);
free(fbuf);
return 0;
}
|