]> git.zerfleddert.de Git - rsbs2/blob - firmware.c
e73d7cc817210913817de5c6cca8d1f1ee031274
[rsbs2] / firmware.c
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <sys/types.h>
4 #include <sys/stat.h>
5 #include <fcntl.h>
6 #include <unistd.h>
7 #include <errno.h>
8 #include <string.h>
9 #include <strings.h>
10 #include "rsb-crc.h"
11 #include "extract.h"
12
13 #define FINDSTR(addr, str) (!strncmp((char*)addr, str, strlen(str)))
14
15 struct properties {
16 unsigned int magic;
17 unsigned char unknown0;
18 unsigned char unknown1;
19 unsigned char right_rw;
20 unsigned char rw_mask;
21 unsigned char type1;
22 unsigned char unknown5;
23 unsigned char unknown6;
24 unsigned char unknown7;
25 unsigned char type2;
26 unsigned char val[];
27 };
28
29 #define PROP_ACTION_TRUE (1<<0)
30 #define PROP_ACTION_FALSE (1<<1)
31 #define PROP_ACTION_RO (1<<2)
32 #define PROP_ACTION_RW (1<<3)
33
34 #define PROP_STATUS_NOTFOUND (0)
35 #define PROP_STATUS_WRONGTYPE (1<<0)
36 #define PROP_STATUS_WRONGRIGHTS (1<<1)
37 #define PROP_STATUS_SAMEVAL (1<<2)
38 #define PROP_STATUS_SUCCESS (1<<3)
39
40 struct propaction {
41 char *property;
42 unsigned int action;
43 unsigned int status;
44 struct propaction *next;
45 };
46
47 void show_properties(unsigned char *fw, int len)
48 {
49 int i;
50
51 for (i = 0; i < (len-100 /* XXX */); i++) {
52 if (FINDSTR(fw+i, "/default/fw_prop/") ||
53 FINDSTR(fw+i, "/default/fw_setup/") ||
54 FINDSTR(fw+i, "/default/oem_prop/")) {
55 struct properties *prop;
56 unsigned char *pos = fw + i;
57
58 printf("0x%08x: found setting: %s ", i, pos);
59
60 prop = (struct properties*)(pos + strlen((char*)pos) + 1);
61
62 if (prop->magic != 0x83011111) {
63 printf("ignoring...\n");
64 continue;
65 }
66
67 if (prop->type1 == 0x00 && prop->type2 == 0x04) {
68 printf("STRING: '%s' ", prop->val);
69 } else if (prop->type1 == 0x01 && prop->type2 == 0x01) {
70 printf("BOOL: %s ",(*prop->val ? "TRUE" : "FALSE"));
71 } else if (prop->type1 == 0x04 && prop->type2 == 0x02) {
72 printf("VAL: 0x%x ", *((unsigned int*)prop->val));
73 } else {
74 printf("0x%02x 0x%2x...ignoring\n", prop->type1, prop->type2);
75 continue;
76 }
77
78 if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) {
79 printf("(R-)");
80 } else if (prop->right_rw == 0x01) {
81 printf("(RW mask: 0x%02x)", prop->rw_mask);
82 } else {
83 printf("(UNK 0x%02x 0x%02x)", prop->right_rw, prop->rw_mask);
84 }
85 printf(", length: %d\n", *((unsigned int*)(fw + i - 4)));
86 }
87 }
88 }
89
90 void change_properties(unsigned char *fw, int len, struct propaction *paction)
91 {
92 int i;
93 struct propaction *cpaction;
94
95 for (i = 0; i < (len-100 /* XXX */); i++) {
96 cpaction = paction;
97 while (cpaction != NULL) {
98 if (FINDSTR(fw + i, cpaction->property)) {
99 break;
100 }
101 cpaction = cpaction->next;
102 }
103 if (cpaction != NULL) {
104 struct properties *prop;
105 unsigned char *pos = fw + i;
106
107 prop = (struct properties*)(pos + strlen((char*)pos) + 1);
108
109 if (prop->magic != 0x83011111) {
110 continue;
111 }
112
113 if (cpaction->action & (PROP_ACTION_TRUE|PROP_ACTION_FALSE)) {
114 if (prop->type1 == 0x01 && prop->type2 == 0x01) {
115 if (cpaction->action & PROP_ACTION_TRUE) {
116 if (*prop->val == 0x00) {
117 *prop->val = 0x01;
118 cpaction->status |= PROP_STATUS_SUCCESS;
119 } else {
120 cpaction->status |= PROP_STATUS_SAMEVAL;
121 }
122 } else {
123 if (*prop->val == 0x01) {
124 *prop->val = 0x00;
125 cpaction->status |= PROP_STATUS_SUCCESS;
126 } else {
127 cpaction->status |= PROP_STATUS_SAMEVAL;
128 }
129 }
130 } else {
131 cpaction->status = PROP_STATUS_WRONGTYPE;
132 }
133 }
134 if (cpaction->action & PROP_ACTION_RW) {
135 if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) {
136 prop->right_rw = 0x01;
137 prop->rw_mask = 0x02;
138 cpaction->status |= PROP_STATUS_SUCCESS;
139 } else {
140 cpaction->status |= PROP_STATUS_WRONGRIGHTS;
141 }
142 }
143 if (cpaction->action & PROP_ACTION_RO) {
144 if (prop->right_rw == 0x01 && prop->rw_mask == 0x02) {
145 prop->right_rw = 0x00;
146 prop->rw_mask = 0x00;
147 cpaction->status |= PROP_STATUS_SUCCESS;
148 } else {
149 cpaction->status |= PROP_STATUS_WRONGRIGHTS;
150 }
151 }
152 }
153 }
154 }
155
156 #define BD_SERIAL1 0x14,0x02
157 #define BD_ICMB 0x14,0x04
158 #define BD_LAN 0x14,0x08
159 #define BD_SERIAL2 0x14,0x10
160 #define BD_SERIAL3 0x14,0x20
161 #define BD_USB 0x14,0x40
162 #define BD_PCI 0x15,0x03
163 #define BD_LPC 0x15,0x04
164 #define BD_VGA 0x15,0x08
165 #define BD_BATTERY 0x15,0x10
166 #define BD_ACDC 0x15,0x20
167 #define BD_STANDBY 0x15,0x40
168 #define BD_POWERCONN 0x15,0x70
169 #define BD_DVI 0x15,0x80
170 #define BD_PWRATX 0x16,0x01
171 #define BD_PWRRELAY 0x16,0x02
172 #define BD_PS2A 0x19,0xff
173
174 #define MAGIC(fn, args...) fn(args)
175
176 #define _BD_IS_SET(bd, byte, bits) (bd[byte] & bits)
177 #define BD_IS_SET(bd, ident) MAGIC(_BD_IS_SET, bd, BD_##ident)
178 #define BD_TEXT(bd, ident) (BD_IS_SET(bd, ident) ? "TRUE" : "FALSE")
179
180 #define _BD_SET(bd, byte, bits) (bd[byte] |= bits)
181 #define BD_SET(bd, ident) MAGIC(_BD_SET, bd, BD_##ident)
182
183 void print_boarddescription(unsigned char *bd)
184 {
185 int j;
186
187 for (j = 0; j < 32; j++) {
188 printf("%02x ", *(bd+j));
189 }
190 printf("\n");
191
192 /* com/agilent/rmc/amr/AmrMaster.class
193 * com/agilent/rmc/mgui/RmcPanel.class
194 * com/agilent/rmc/mgui/panels/AvrManualConfig.class
195 * com/agilent/rmc/mgui/panels/CardConf.jad
196 * com/agilent/rmc/mgui/panels/PowerMgmtConf.jad
197 * com/agilent/rmc/mgui/panels/RemoteDiskConf.jad
198 */
199 printf("\tserial1Present\t\t: %s\n", BD_TEXT(bd, SERIAL1));
200 printf("\ticmbPresent\t\t: %s\n", BD_TEXT(bd, ICMB));
201 printf("\tlanPresent\t\t: %s\n", BD_TEXT(bd, LAN));
202 printf("\tserial2Present\t\t: %s\n", BD_TEXT(bd, SERIAL2));
203 printf("\tserial3Present\t\t: %s\n", BD_TEXT(bd, SERIAL3));
204 printf("\tusbPresent\t\t: %s\n", BD_TEXT(bd, USB));
205 printf("\tpciPresent\t\t: %s\n", BD_TEXT(bd, PCI));
206 printf("\tlpcPresent\t\t: %s\n", BD_TEXT(bd, LPC));
207 printf("\tvgaPresent\t\t: %s\n", BD_TEXT(bd, VGA));
208 printf("\tbatteryPresent\t\t: %s\n", BD_TEXT(bd, BATTERY));
209 printf("\tacdcPresent\t\t: %s\n", BD_TEXT(bd, ACDC));
210 printf("\tstandbyPresent\t\t: %s\n", BD_TEXT(bd, STANDBY));
211 printf("\thasPowerConnectors\t: %s\n", BD_TEXT(bd, POWERCONN));
212 printf("\tdviPresent\t\t: %s\n", BD_TEXT(bd, DVI));
213 printf("\tpowerSwitchATX\t\t: %s\n", BD_TEXT(bd, PWRATX));
214 printf("\tpowerSwitchRelay\t: %s\n", BD_TEXT(bd, PWRRELAY));
215 /* 22 & 4 */
216 printf("\tps2aPresent\t\t: %s\n", BD_TEXT(bd, PS2A));
217 }
218
219 void handle_boarddescription(unsigned char *fw, int len, int patch)
220 {
221 int i;
222
223 for (i = len - (strlen("pdata")+1); i > 0; i--) {
224 if (FINDSTR(fw+i, "pdata")) {
225 unsigned char *pos = fw + i + strlen("pdata") + 1;
226
227 /* MAGIC? */
228 if (*((unsigned int*)pos) != 0x00002802) {
229 continue;
230 }
231
232 pos += 26;
233
234 /* MAGIC2? */
235 if (*((unsigned int*)pos) != 0x00500101) {
236 continue;
237 }
238
239 if (patch) {
240 /* Enable relay power switching */
241 BD_SET(pos, PWRRELAY);
242 }
243 printf("0x%08x: BOARD_DESCRIPTION: ", pos-fw);
244 print_boarddescription(pos);
245
246 break;
247 }
248 }
249 }
250
251 void syntax(char *name)
252 {
253 fprintf(stderr,"Syntax: %s parameters firmware.bin\n", name);
254 fprintf(stderr,"parameters as follows:\n");
255 fprintf(stderr,"\t-d\t\tdisplay all properties of the image\n");
256 fprintf(stderr,"\t-u\t\tupdate checksum of the image\n");
257 fprintf(stderr,"\t-b\t\tmodify BOARD_DESCRIPTION for more power-switch options\n");
258 fprintf(stderr,"\t-e\t\textract files in firmware\n");
259 fprintf(stderr,"\t-t property\tset 'property' to true\n");
260 fprintf(stderr,"\t-f property\tset 'property' to false\n");
261 fprintf(stderr,"\t-w property\tallow read-write access to 'property'\n");
262 fprintf(stderr,"\t-r property\tallow read-only access to 'property'\n");
263 exit(1);
264 }
265
266 void add_action(int opt, char *optarg, struct propaction **paction) {
267 struct propaction *pos = *paction;
268 struct propaction *prev = NULL;
269
270 while (pos != NULL) {
271 if (!strcmp(pos->property, optarg))
272 break;
273 prev = pos;
274 pos = pos->next;
275 }
276
277 if (pos == NULL) {
278 pos = malloc(sizeof(struct propaction));
279 if (pos == NULL) {
280 perror("malloc");
281 exit(1);
282 }
283 bzero(pos, sizeof(struct propaction));
284 pos->property = optarg;
285
286 if (prev == NULL) {
287 *paction = pos;
288 } else {
289 prev->next = pos;
290 }
291 }
292
293 switch(opt) {
294 case 't':
295 if (pos->action & PROP_ACTION_FALSE) {
296 fprintf(stderr,"inconsistent requests for %s\n",pos->property);
297 exit(1);
298 }
299 pos->action |= PROP_ACTION_TRUE;
300 break;
301 case 'f':
302 if (pos->action & PROP_ACTION_TRUE) {
303 fprintf(stderr,"inconsistent requests for %s\n",pos->property);
304 exit(1);
305 }
306 pos->action |= PROP_ACTION_FALSE;
307 break;
308 case 'w':
309 if (pos->action & PROP_ACTION_RO) {
310 fprintf(stderr,"inconsistent requests for %s\n",pos->property);
311 exit(1);
312 }
313 pos->action |= PROP_ACTION_RW;
314 break;
315 case 'r':
316 if (pos->action & PROP_ACTION_RW) {
317 fprintf(stderr,"inconsistent requests for %s\n",pos->property);
318 exit(1);
319 }
320 pos->action |= PROP_ACTION_RO;
321 break;
322 }
323 }
324
325 int check_crc(unsigned char *fw, int len)
326 {
327 int ret;
328 unsigned int crc, oldcrc;
329
330 ret = rsb_crc2(fw, len, 0x55335053, &crc);
331 oldcrc = (unsigned int)*((unsigned int*)(fw + len - 4));
332
333 printf("Checksum: 0x%08x (%s), should be: 0x%08x\n",
334 crc,
335 (ret ? "NOT OK" : "OK"),
336 oldcrc);
337
338 return ret;
339 }
340
341 int main(int argc, char **argv)
342 {
343 struct stat statbuf;
344 char *file = NULL;
345 unsigned char *fw;
346 int fd;
347 int remaining;
348 int ret;
349 int opt;
350 unsigned int crc;
351 struct propaction *paction = NULL;
352 int showall = 0;
353 int update_crc = 0;
354 int patch_bd = 0;
355 int patch_fw = 0;
356 int extract = 0;
357
358 if (argc < 2)
359 syntax(argv[0]);
360
361 while ((opt = getopt(argc, argv, "dubet:f:w:r:")) != -1) {
362 switch(opt) {
363 case 'd':
364 showall = 1;
365 break;
366 case 'u':
367 update_crc = 1;
368 break;
369 case 'b':
370 patch_bd = 1;
371 break;
372 case 'e':
373 extract = 1;
374 break;
375 case 't':
376 case 'f':
377 case 'w':
378 case 'r':
379 patch_fw = 1;
380 add_action(opt, optarg, &paction);
381 break;
382 default:
383 syntax(argv[0]);
384 }
385 }
386
387 if (argc > optind) {
388 file = argv[optind];
389 } else {
390 syntax(argv[0]);
391 }
392
393 if (stat(file, &statbuf) == -1) {
394 fprintf(stderr,"%s: ", file);
395 perror("stat");
396 exit(1);
397 }
398
399 if ((fd = open(file, O_RDONLY)) == -1) {
400 fprintf(stderr,"%s: ", file);
401 perror("open");
402 exit(1);
403 }
404
405 if ((fw = malloc(statbuf.st_size)) == NULL) {
406 perror("malloc");
407 exit(1);
408 }
409
410 bzero(fw, statbuf.st_size);
411
412 remaining = statbuf.st_size;
413
414 while(remaining) {
415 if ((ret = read(fd, fw + (statbuf.st_size - remaining), remaining)) == -1) {
416 perror("read");
417 exit(1);
418 }
419 remaining -= ret;
420 }
421 close(fd);
422
423 ret = check_crc(fw, statbuf.st_size);
424 if ((ret != 0) && (!update_crc)) {
425 fprintf(stderr,"Checksum incorrect, aborting...\n");
426 exit(1);
427 }
428
429 if (patch_fw) {
430 struct propaction *cpaction = paction;
431
432 change_properties(fw, statbuf.st_size, paction);
433
434 printf("\nProperty change results:\n");
435 while(cpaction != NULL) {
436 printf("%s: ", cpaction->property);
437
438 if (cpaction->status == PROP_STATUS_NOTFOUND)
439 printf("NOTFOUND ");
440 if (cpaction->status & PROP_STATUS_SUCCESS)
441 printf("SUCCESS ");
442 if (cpaction->status & PROP_STATUS_SAMEVAL)
443 printf("SAMEVAL ");
444 if (cpaction->status & PROP_STATUS_WRONGTYPE)
445 printf("WRONGTYPE ");
446 if (cpaction->status & PROP_STATUS_WRONGRIGHTS)
447 printf("WRONGRIGHTS ");
448 printf("\n");
449
450 cpaction = cpaction->next;
451 }
452 printf("\n");
453 }
454
455 if (patch_bd) {
456 handle_boarddescription(fw, statbuf.st_size -4, 1);
457 }
458
459 if (showall) {
460 show_properties(fw, statbuf.st_size - 4);
461 handle_boarddescription(fw, statbuf.st_size -4, 0);
462 }
463
464 if (extract) {
465 extract_files(fw, statbuf.st_size - 4);
466 }
467
468 if (update_crc || patch_fw || patch_bd) {
469 struct file_entry *fent;
470 char *last_name = NULL;
471
472 fent = get_next_file(fw, statbuf.st_size - 4);
473 while (fent != NULL) {
474 last_name = fent->name;
475 fent = get_next_file(NULL, 0);
476 }
477
478 if (strcmp(last_name, "pdata")) {
479 fprintf(stderr, "corrupt firmware image found (pdata is not last entry, aborting!\n");
480 exit(1);
481 }
482
483 ret = rsb_crc2(fw, statbuf.st_size, 0x55335053, &crc);
484 if (ret == 4) {
485 *((unsigned int*)(fw + statbuf.st_size - 4)) = crc;
486 }
487
488 if (check_crc(fw, statbuf.st_size) == 0) {
489 char *newfile;
490
491 newfile = malloc(strlen(file) + strlen(".patched") + 1);
492 if (newfile == NULL) {
493 perror("malloc");
494 exit(1);
495 }
496 strcpy(newfile, file);
497 strcat(newfile, ".patched");
498
499 printf("Writing %s\n", newfile);
500 if ((fd = open(newfile, O_WRONLY|O_CREAT, 0644)) == -1) {
501 fprintf(stderr,"%s: ", file);
502 perror("open");
503 exit(1);
504 }
505
506 remaining = statbuf.st_size;
507
508 while(remaining) {
509 if ((ret = write(fd, fw + (statbuf.st_size - remaining), remaining)) == -1) {
510 perror("write");
511 exit(1);
512 }
513 remaining -= ret;
514 }
515 close(fd);
516 } else {
517 fprintf(stderr,"Can't set correct checksum, aborting...\n");
518 }
519 }
520
521 exit(0);
522 }
Impressum, Datenschutz