]> git.zerfleddert.de Git - rsbs2/blob - firmware.c
fb5b007e5b2b8e9e3968c740286b90d01f8a8ed2
[rsbs2] / firmware.c
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <sys/types.h>
4 #include <sys/stat.h>
5 #include <fcntl.h>
6 #include <unistd.h>
7 #include <errno.h>
8 #include <string.h>
9 #include <strings.h>
10 #include "rsb-crc.h"
11 #include "extract.h"
12
13 #define FINDSTR(addr, str) (!strncmp((char*)addr, str, strlen(str)))
14
15 struct properties {
16 unsigned int magic;
17 unsigned char unknown0;
18 unsigned char unknown1;
19 unsigned char right_rw;
20 unsigned char rw_mask;
21 unsigned char type1;
22 unsigned char unknown5;
23 unsigned char unknown6;
24 unsigned char unknown7;
25 unsigned char type2;
26 unsigned char val[];
27 };
28
29 #define PROP_ACTION_TRUE (1<<0)
30 #define PROP_ACTION_FALSE (1<<1)
31 #define PROP_ACTION_RO (1<<2)
32 #define PROP_ACTION_RW (1<<3)
33
34 #define PROP_STATUS_NOTFOUND (0)
35 #define PROP_STATUS_WRONGTYPE (1<<0)
36 #define PROP_STATUS_WRONGRIGHTS (1<<1)
37 #define PROP_STATUS_SAMEVAL (1<<2)
38 #define PROP_STATUS_SUCCESS (1<<3)
39
40 struct propaction {
41 char *property;
42 unsigned int action;
43 unsigned int status;
44 struct propaction *next;
45 };
46
47 void show_properties(unsigned char *fw, int len)
48 {
49 struct file_entry *fent;
50
51 for (fent = get_next_file(fw, len); fent != NULL; fent = get_next_file(NULL, 0)) {
52 if (FINDSTR(fent->name, "/default/fw_prop/") ||
53 FINDSTR(fent->name, "/default/fw_setup/") ||
54 FINDSTR(fent->name, "/default/oem_prop/")) {
55 struct properties *prop;
56
57 printf("0x%08x: found setting: %s ", fent->start - fw, fent->name);
58
59 prop = (struct properties*)fent->start;
60
61 if (prop->magic != 0x83011111) {
62 printf("ignoring...\n");
63 continue;
64 }
65
66 if (prop->type1 == 0x00 && prop->type2 == 0x04) {
67 printf("STRING: '%s' ", prop->val);
68 } else if (prop->type1 == 0x01 && prop->type2 == 0x01) {
69 printf("BOOL: %s ",(*prop->val ? "TRUE" : "FALSE"));
70 } else if (prop->type1 == 0x04 && prop->type2 == 0x02) {
71 printf("VAL: 0x%x ", *((unsigned int*)prop->val));
72 } else {
73 printf("0x%02x 0x%2x...ignoring\n", prop->type1, prop->type2);
74 continue;
75 }
76
77 if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) {
78 printf("(R-)");
79 } else if (prop->right_rw == 0x01) {
80 printf("(RW mask: 0x%02x)", prop->rw_mask);
81 } else {
82 printf("(UNK 0x%02x 0x%02x)", prop->right_rw, prop->rw_mask);
83 }
84 printf(", length: %d\n", fent->length);
85 }
86 }
87 }
88
89 void change_properties(unsigned char *fw, int len, struct propaction *paction)
90 {
91 struct file_entry *fent;
92 struct propaction *cpaction;
93
94 for (fent = get_next_file(fw, len); fent != NULL; fent = get_next_file(NULL, 0)) {
95 cpaction = paction;
96 while (cpaction != NULL) {
97 if (FINDSTR(fent->name, cpaction->property)) {
98 break;
99 }
100 cpaction = cpaction->next;
101 }
102 if (cpaction != NULL) {
103 struct properties *prop;
104
105 prop = (struct properties*)fent->start;
106
107 if (prop->magic != 0x83011111) {
108 continue;
109 }
110
111 if (cpaction->action & (PROP_ACTION_TRUE|PROP_ACTION_FALSE)) {
112 if (prop->type1 == 0x01 && prop->type2 == 0x01) {
113 if (cpaction->action & PROP_ACTION_TRUE) {
114 if (*prop->val == 0x00) {
115 *prop->val = 0x01;
116 cpaction->status |= PROP_STATUS_SUCCESS;
117 } else {
118 cpaction->status |= PROP_STATUS_SAMEVAL;
119 }
120 } else {
121 if (*prop->val == 0x01) {
122 *prop->val = 0x00;
123 cpaction->status |= PROP_STATUS_SUCCESS;
124 } else {
125 cpaction->status |= PROP_STATUS_SAMEVAL;
126 }
127 }
128 } else {
129 cpaction->status = PROP_STATUS_WRONGTYPE;
130 }
131 }
132 if (cpaction->action & PROP_ACTION_RW) {
133 if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) {
134 prop->right_rw = 0x01;
135 prop->rw_mask = 0x02;
136 cpaction->status |= PROP_STATUS_SUCCESS;
137 } else {
138 cpaction->status |= PROP_STATUS_WRONGRIGHTS;
139 }
140 }
141 if (cpaction->action & PROP_ACTION_RO) {
142 if (prop->right_rw == 0x01 && prop->rw_mask == 0x02) {
143 prop->right_rw = 0x00;
144 prop->rw_mask = 0x00;
145 cpaction->status |= PROP_STATUS_SUCCESS;
146 } else {
147 cpaction->status |= PROP_STATUS_WRONGRIGHTS;
148 }
149 }
150 }
151 }
152 }
153
154 #define BD_SERIAL1 0x14,0x02
155 #define BD_ICMB 0x14,0x04
156 #define BD_LAN 0x14,0x08
157 #define BD_SERIAL2 0x14,0x10
158 #define BD_SERIAL3 0x14,0x20
159 #define BD_USB 0x14,0x40
160 #define BD_PCI 0x15,0x03
161 #define BD_LPC 0x15,0x04
162 #define BD_VGA 0x15,0x08
163 #define BD_BATTERY 0x15,0x10
164 #define BD_ACDC 0x15,0x20
165 #define BD_STANDBY 0x15,0x40
166 #define BD_POWERCONN 0x15,0x70
167 #define BD_DVI 0x15,0x80
168 #define BD_PWRATX 0x16,0x01
169 #define BD_PWRRELAY 0x16,0x02
170 #define BD_PS2A 0x19,0xff
171
172 #define MAGIC(fn, args...) fn(args)
173
174 #define _BD_IS_SET(bd, byte, bits) (bd[byte] & bits)
175 #define BD_IS_SET(bd, ident) MAGIC(_BD_IS_SET, bd, BD_##ident)
176 #define BD_TEXT(bd, ident) (BD_IS_SET(bd, ident) ? "TRUE" : "FALSE")
177
178 #define _BD_SET(bd, byte, bits) (bd[byte] |= bits)
179 #define BD_SET(bd, ident) MAGIC(_BD_SET, bd, BD_##ident)
180
181 void print_boarddescription(unsigned char *bd)
182 {
183 int j;
184
185 for (j = 0; j < 32; j++) {
186 printf("%02x ", *(bd+j));
187 }
188 printf("\n");
189
190 /* com/agilent/rmc/amr/AmrMaster.class
191 * com/agilent/rmc/mgui/RmcPanel.class
192 * com/agilent/rmc/mgui/panels/AvrManualConfig.class
193 * com/agilent/rmc/mgui/panels/CardConf.jad
194 * com/agilent/rmc/mgui/panels/PowerMgmtConf.jad
195 * com/agilent/rmc/mgui/panels/RemoteDiskConf.jad
196 */
197 printf("\tserial1Present\t\t: %s\n", BD_TEXT(bd, SERIAL1));
198 printf("\ticmbPresent\t\t: %s\n", BD_TEXT(bd, ICMB));
199 printf("\tlanPresent\t\t: %s\n", BD_TEXT(bd, LAN));
200 printf("\tserial2Present\t\t: %s\n", BD_TEXT(bd, SERIAL2));
201 printf("\tserial3Present\t\t: %s\n", BD_TEXT(bd, SERIAL3));
202 printf("\tusbPresent\t\t: %s\n", BD_TEXT(bd, USB));
203 printf("\tpciPresent\t\t: %s\n", BD_TEXT(bd, PCI));
204 printf("\tlpcPresent\t\t: %s\n", BD_TEXT(bd, LPC));
205 printf("\tvgaPresent\t\t: %s\n", BD_TEXT(bd, VGA));
206 printf("\tbatteryPresent\t\t: %s\n", BD_TEXT(bd, BATTERY));
207 printf("\tacdcPresent\t\t: %s\n", BD_TEXT(bd, ACDC));
208 printf("\tstandbyPresent\t\t: %s\n", BD_TEXT(bd, STANDBY));
209 printf("\thasPowerConnectors\t: %s\n", BD_TEXT(bd, POWERCONN));
210 printf("\tdviPresent\t\t: %s\n", BD_TEXT(bd, DVI));
211 printf("\tpowerSwitchATX\t\t: %s\n", BD_TEXT(bd, PWRATX));
212 printf("\tpowerSwitchRelay\t: %s\n", BD_TEXT(bd, PWRRELAY));
213 /* 22 & 4 */
214 printf("\tps2aPresent\t\t: %s\n", BD_TEXT(bd, PS2A));
215 }
216
217 void handle_boarddescription(unsigned char *fw, int len, int patch)
218 {
219 struct file_entry *fent;
220 unsigned char *pos;
221
222 for (fent = get_next_file(fw, len); fent != NULL; fent = get_next_file(NULL, 0)) {
223 if (!strcmp(fent->name, "pdata"))
224 break;
225 }
226
227 if (fent == NULL) {
228 fprintf(stderr, "pdata file not found, aborting!\n");
229 exit(1);
230 }
231
232
233 pos = fent->start;
234 /* MAGIC? */
235 if (*((unsigned int*)pos) != 0x00002802) {
236 fprintf(stderr, "pdata magic does not match, aborting!\n");
237 exit(1);
238 }
239
240 pos += 26;
241
242 /* MAGIC2? */
243 if (*((unsigned int*)pos) != 0x00500101) {
244 fprintf(stderr, "pdata magic2 does not match, aborting!\n");
245 exit(1);
246 }
247
248 if (patch) {
249 /* Enable ATX and relay power switching */
250 BD_SET(pos, PWRATX);
251 BD_SET(pos, PWRRELAY);
252 }
253
254 printf("0x%08x: BOARD_DESCRIPTION: ", fent->start - fw);
255 print_boarddescription(pos);
256 }
257
258 void syntax(char *name)
259 {
260 fprintf(stderr,"Syntax: %s parameters firmware.bin\n", name);
261 fprintf(stderr,"parameters as follows:\n");
262 fprintf(stderr,"\t-d\t\tdisplay all properties of the image\n");
263 fprintf(stderr,"\t-u\t\tupdate checksum of the image\n");
264 fprintf(stderr,"\t-b\t\tmodify BOARD_DESCRIPTION for more power-switch options\n");
265 fprintf(stderr,"\t-e\t\textract files in firmware\n");
266 fprintf(stderr,"\t-t property\tset 'property' to true\n");
267 fprintf(stderr,"\t-f property\tset 'property' to false\n");
268 fprintf(stderr,"\t-w property\tallow read-write access to 'property'\n");
269 fprintf(stderr,"\t-r property\tallow read-only access to 'property'\n");
270 exit(1);
271 }
272
273 void add_action(int opt, char *optarg, struct propaction **paction) {
274 struct propaction *pos = *paction;
275 struct propaction *prev = NULL;
276
277 while (pos != NULL) {
278 if (!strcmp(pos->property, optarg))
279 break;
280 prev = pos;
281 pos = pos->next;
282 }
283
284 if (pos == NULL) {
285 pos = malloc(sizeof(struct propaction));
286 if (pos == NULL) {
287 perror("malloc");
288 exit(1);
289 }
290 bzero(pos, sizeof(struct propaction));
291 pos->property = optarg;
292
293 if (prev == NULL) {
294 *paction = pos;
295 } else {
296 prev->next = pos;
297 }
298 }
299
300 switch(opt) {
301 case 't':
302 if (pos->action & PROP_ACTION_FALSE) {
303 fprintf(stderr,"inconsistent requests for %s\n",pos->property);
304 exit(1);
305 }
306 pos->action |= PROP_ACTION_TRUE;
307 break;
308 case 'f':
309 if (pos->action & PROP_ACTION_TRUE) {
310 fprintf(stderr,"inconsistent requests for %s\n",pos->property);
311 exit(1);
312 }
313 pos->action |= PROP_ACTION_FALSE;
314 break;
315 case 'w':
316 if (pos->action & PROP_ACTION_RO) {
317 fprintf(stderr,"inconsistent requests for %s\n",pos->property);
318 exit(1);
319 }
320 pos->action |= PROP_ACTION_RW;
321 break;
322 case 'r':
323 if (pos->action & PROP_ACTION_RW) {
324 fprintf(stderr,"inconsistent requests for %s\n",pos->property);
325 exit(1);
326 }
327 pos->action |= PROP_ACTION_RO;
328 break;
329 }
330 }
331
332 int check_crc(unsigned char *fw, int len)
333 {
334 int ret;
335 unsigned int crc, oldcrc;
336
337 ret = rsb_crc2(fw, len, 0x55335053, &crc);
338 oldcrc = (unsigned int)*((unsigned int*)(fw + len - 4));
339
340 printf("Checksum: 0x%08x (%s), should be: 0x%08x\n",
341 crc,
342 (ret ? "NOT OK" : "OK"),
343 oldcrc);
344
345 return ret;
346 }
347
348 int check_image(unsigned char *fw, int len)
349 {
350 struct file_entry *fent;
351 char *last_name = NULL;
352
353 fent = get_next_file(fw, len);
354 while (fent != NULL) {
355 last_name = fent->name;
356 fent = get_next_file(NULL, 0);
357 }
358
359 if (strcmp(last_name, "pdata")) {
360 return 1;
361 }
362
363 return 0;
364 }
365
366 int main(int argc, char **argv)
367 {
368 struct stat statbuf;
369 char *file = NULL;
370 unsigned char *fw;
371 int fd;
372 int remaining;
373 int ret;
374 int opt;
375 unsigned int crc;
376 struct propaction *paction = NULL;
377 int showall = 0;
378 int update_crc = 0;
379 int patch_bd = 0;
380 int patch_fw = 0;
381 int extract = 0;
382
383 if (argc < 2)
384 syntax(argv[0]);
385
386 while ((opt = getopt(argc, argv, "dubet:f:w:r:")) != -1) {
387 switch(opt) {
388 case 'd':
389 showall = 1;
390 break;
391 case 'u':
392 update_crc = 1;
393 break;
394 case 'b':
395 patch_bd = 1;
396 break;
397 case 'e':
398 extract = 1;
399 break;
400 case 't':
401 case 'f':
402 case 'w':
403 case 'r':
404 patch_fw = 1;
405 add_action(opt, optarg, &paction);
406 break;
407 default:
408 syntax(argv[0]);
409 }
410 }
411
412 if (argc > optind) {
413 file = argv[optind];
414 } else {
415 syntax(argv[0]);
416 }
417
418 if (stat(file, &statbuf) == -1) {
419 fprintf(stderr,"%s: ", file);
420 perror("stat");
421 exit(1);
422 }
423
424 if ((fd = open(file, O_RDONLY)) == -1) {
425 fprintf(stderr,"%s: ", file);
426 perror("open");
427 exit(1);
428 }
429
430 if ((fw = malloc(statbuf.st_size)) == NULL) {
431 perror("malloc");
432 exit(1);
433 }
434
435 bzero(fw, statbuf.st_size);
436
437 remaining = statbuf.st_size;
438
439 while(remaining) {
440 if ((ret = read(fd, fw + (statbuf.st_size - remaining), remaining)) == -1) {
441 perror("read");
442 exit(1);
443 }
444 remaining -= ret;
445 }
446 close(fd);
447
448 ret = check_crc(fw, statbuf.st_size);
449 if ((ret != 0) && (!update_crc)) {
450 fprintf(stderr,"Checksum incorrect, aborting...\n");
451 exit(1);
452 }
453
454 if (check_image(fw, statbuf.st_size-4) != 0) {
455 fprintf(stderr, "corrupt firmware image found (pdata is not last entry), aborting!\n");
456 exit(1);
457 }
458
459 if (patch_fw) {
460 struct propaction *cpaction = paction;
461
462 change_properties(fw, statbuf.st_size, paction);
463
464 printf("\nProperty change results:\n");
465 while(cpaction != NULL) {
466 printf("%s: ", cpaction->property);
467
468 if (cpaction->status == PROP_STATUS_NOTFOUND)
469 printf("NOTFOUND ");
470 if (cpaction->status & PROP_STATUS_SUCCESS)
471 printf("SUCCESS ");
472 if (cpaction->status & PROP_STATUS_SAMEVAL)
473 printf("SAMEVAL ");
474 if (cpaction->status & PROP_STATUS_WRONGTYPE)
475 printf("WRONGTYPE ");
476 if (cpaction->status & PROP_STATUS_WRONGRIGHTS)
477 printf("WRONGRIGHTS ");
478 printf("\n");
479
480 cpaction = cpaction->next;
481 }
482 printf("\n");
483 }
484
485 if (patch_bd) {
486 handle_boarddescription(fw, statbuf.st_size -4, 1);
487 }
488
489 if (showall) {
490 show_properties(fw, statbuf.st_size - 4);
491 handle_boarddescription(fw, statbuf.st_size -4, 0);
492 }
493
494 if (extract) {
495 extract_files(fw, statbuf.st_size - 4);
496 }
497
498 if (update_crc || patch_fw || patch_bd) {
499 ret = rsb_crc2(fw, statbuf.st_size, 0x55335053, &crc);
500 if (ret == 4) {
501 *((unsigned int*)(fw + statbuf.st_size - 4)) = crc;
502 }
503
504 if (check_crc(fw, statbuf.st_size) == 0) {
505 char *newfile;
506
507 newfile = malloc(strlen(file) + strlen(".patched") + 1);
508 if (newfile == NULL) {
509 perror("malloc");
510 exit(1);
511 }
512 strcpy(newfile, file);
513 strcat(newfile, ".patched");
514
515 printf("Writing %s\n", newfile);
516 if ((fd = open(newfile, O_WRONLY|O_CREAT, 0644)) == -1) {
517 fprintf(stderr,"%s: ", file);
518 perror("open");
519 exit(1);
520 }
521
522 remaining = statbuf.st_size;
523
524 while(remaining) {
525 if ((ret = write(fd, fw + (statbuf.st_size - remaining), remaining)) == -1) {
526 perror("write");
527 exit(1);
528 }
529 remaining -= ret;
530 }
531 close(fd);
532 } else {
533 fprintf(stderr,"Can't set correct checksum, aborting...\n");
534 }
535 }
536
537 exit(0);
538 }
Impressum, Datenschutz