X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/rsbs2/blobdiff_plain/7f88d2b64892658d7fbc6e68b6fed4273526a465..1f1fa7b6b361da6fba6ec7f651ca589cb81a88c5:/firmware.c diff --git a/firmware.c b/firmware.c index 0361634..cd7927b 100644 --- a/firmware.c +++ b/firmware.c @@ -8,10 +8,43 @@ #include #include #include "rsb-crc.h" +#include "extract.h" #define FINDSTR(addr, str) (!strncmp((char*)addr, str, strlen(str))) -void handle_defaults(unsigned char *fw, int len, int patch) +struct properties { + unsigned int magic; + unsigned char unknown0; + unsigned char unknown1; + unsigned char right_rw; + unsigned char rw_mask; + unsigned char type1; + unsigned char unknown5; + unsigned char unknown6; + unsigned char unknown7; + unsigned char type2; + unsigned char val[]; +}; + +#define PROP_ACTION_TRUE (1<<0) +#define PROP_ACTION_FALSE (1<<1) +#define PROP_ACTION_RO (1<<2) +#define PROP_ACTION_RW (1<<3) + +#define PROP_STATUS_NOTFOUND (0) +#define PROP_STATUS_WRONGTYPE (1<<0) +#define PROP_STATUS_WRONGRIGHTS (1<<1) +#define PROP_STATUS_SAMEVAL (1<<2) +#define PROP_STATUS_SUCCESS (1<<3) + +struct propaction { + char *property; + unsigned int action; + unsigned int status; + struct propaction *next; +}; + +void show_properties(unsigned char *fw, int len) { int i; @@ -19,81 +52,352 @@ void handle_defaults(unsigned char *fw, int len, int patch) if (FINDSTR(fw+i, "/default/fw_prop/") || FINDSTR(fw+i, "/default/fw_setup/") || FINDSTR(fw+i, "/default/oem_prop/")) { + struct properties *prop; unsigned char *pos = fw + i; - unsigned char type1, type2; - unsigned char right_rw, rw_mask; - unsigned char *val; - printf("0x%08x: found setting: %s: ", i, pos); - - pos += strlen((char*)pos) + 1; + printf("0x%08x: found setting: %s ", i, pos); - if ((pos[0] != 0x11) || - (pos[1] != 0x11) || - (pos[2] != 0x01) || - (pos[3] != 0x83)) { + prop = (struct properties*)(pos + strlen((char*)pos) + 1); + + if (prop->magic != 0x83011111) { printf("ignoring...\n"); continue; } + if (prop->type1 == 0x00 && prop->type2 == 0x04) { + printf("STRING: '%s' ", prop->val); + } else if (prop->type1 == 0x01 && prop->type2 == 0x01) { + printf("BOOL: %s ",(*prop->val ? "TRUE" : "FALSE")); + } else if (prop->type1 == 0x04 && prop->type2 == 0x02) { + printf("VAL: 0x%x ", *((unsigned int*)prop->val)); + } else { + printf("0x%02x 0x%2x...ignoring\n", prop->type1, prop->type2); + continue; + } + + if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) { + printf("(R-)"); + } else if (prop->right_rw == 0x01) { + printf("(RW mask: 0x%02x)", prop->rw_mask); + } else { + printf("(UNK 0x%02x 0x%02x)", prop->right_rw, prop->rw_mask); + } + printf(", length: %d\n", *((unsigned int*)(fw + i - 4))); + } + } +} - pos += 4; +void change_properties(unsigned char *fw, int len, struct propaction *paction) +{ + int i; + struct propaction *cpaction; - right_rw = pos[2]; - rw_mask = pos[3]; + for (i = 0; i < (len-100 /* XXX */); i++) { + cpaction = paction; + while (cpaction != NULL) { + if (FINDSTR(fw + i, cpaction->property)) { + break; + } + cpaction = cpaction->next; + } + if (cpaction != NULL) { + struct properties *prop; + unsigned char *pos = fw + i; - type1 = pos[4]; - type2 = pos[8]; - val = pos + 9; + prop = (struct properties*)(pos + strlen((char*)pos) + 1); - if (type1 == 0x00 && type2 == 0x04) { - printf("STRING: %s ", val); - } else if (type1 == 0x01 && type2 == 0x01) { - printf("BOOL: %s ",(*val ? "TRUE" : "FALSE")); - } else if (type1 == 0x04 && type2 == 0x02) { - printf("VAL: 0x%x ", *((unsigned int*)val)); - } else { - printf("0x%02x 0x%2x...ignoring\n", type1, type2); + if (prop->magic != 0x83011111) { continue; } - if (right_rw == 0x00 && rw_mask == 0x00) { - printf("(R-) "); - } else if (right_rw == 0x01) { - printf("(RW mask: 0x%02x) ", rw_mask); - } else { - printf("(UNK 0x%02x 0x%02x) ", right_rw, rw_mask); + if (cpaction->action & (PROP_ACTION_TRUE|PROP_ACTION_FALSE)) { + if (prop->type1 == 0x01 && prop->type2 == 0x01) { + if (cpaction->action & PROP_ACTION_TRUE) { + if (*prop->val == 0x00) { + *prop->val = 0x01; + cpaction->status |= PROP_STATUS_SUCCESS; + } else { + cpaction->status |= PROP_STATUS_SAMEVAL; + } + } else { + if (*prop->val == 0x01) { + *prop->val = 0x00; + cpaction->status |= PROP_STATUS_SUCCESS; + } else { + cpaction->status |= PROP_STATUS_SAMEVAL; + } + } + } else { + cpaction->status = PROP_STATUS_WRONGTYPE; + } + } + if (cpaction->action & PROP_ACTION_RW) { + if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) { + prop->right_rw = 0x01; + prop->rw_mask = 0x02; + cpaction->status |= PROP_STATUS_SUCCESS; + } else { + cpaction->status |= PROP_STATUS_WRONGRIGHTS; + } + } + if (cpaction->action & PROP_ACTION_RO) { + if (prop->right_rw == 0x01 && prop->rw_mask == 0x02) { + prop->right_rw = 0x00; + prop->rw_mask = 0x00; + cpaction->status |= PROP_STATUS_SUCCESS; + } else { + cpaction->status |= PROP_STATUS_WRONGRIGHTS; + } } - printf("\n"); } } } +#define BD_SERIAL1 0x14,0x02 +#define BD_ICMB 0x14,0x04 +#define BD_LAN 0x14,0x08 +#define BD_SERIAL2 0x14,0x10 +#define BD_SERIAL3 0x14,0x20 +#define BD_USB 0x14,0x40 +#define BD_PCI 0x15,0x03 +#define BD_LPC 0x15,0x04 +#define BD_VGA 0x15,0x08 +#define BD_BATTERY 0x15,0x10 +#define BD_ACDC 0x15,0x20 +#define BD_STANDBY 0x15,0x40 +#define BD_POWERCONN 0x15,0x70 +#define BD_DVI 0x15,0x80 +#define BD_PWRATX 0x16,0x01 +#define BD_PWRRELAY 0x16,0x02 +#define BD_PS2A 0x19,0xff + +#define MAGIC(fn, args...) fn(args) + +#define _BD_IS_SET(bd, byte, bits) (bd[byte] & bits) +#define BD_IS_SET(bd, ident) MAGIC(_BD_IS_SET, bd, BD_##ident) +#define BD_TEXT(bd, ident) (BD_IS_SET(bd, ident) ? "TRUE" : "FALSE") + +#define _BD_SET(bd, byte, bits) (bd[byte] |= bits) +#define BD_SET(bd, ident) MAGIC(_BD_SET, bd, BD_##ident) + +void print_boarddescription(unsigned char *bd) +{ + int j; + + for (j = 0; j < 32; j++) { + printf("%02x ", *(bd+j)); + } + printf("\n"); + + /* com/agilent/rmc/amr/AmrMaster.class + * com/agilent/rmc/mgui/RmcPanel.class + * com/agilent/rmc/mgui/panels/AvrManualConfig.class + * com/agilent/rmc/mgui/panels/CardConf.jad + * com/agilent/rmc/mgui/panels/PowerMgmtConf.jad + * com/agilent/rmc/mgui/panels/RemoteDiskConf.jad + */ + printf("\tserial1Present\t\t: %s\n", BD_TEXT(bd, SERIAL1)); + printf("\ticmbPresent\t\t: %s\n", BD_TEXT(bd, ICMB)); + printf("\tlanPresent\t\t: %s\n", BD_TEXT(bd, LAN)); + printf("\tserial2Present\t\t: %s\n", BD_TEXT(bd, SERIAL2)); + printf("\tserial3Present\t\t: %s\n", BD_TEXT(bd, SERIAL3)); + printf("\tusbPresent\t\t: %s\n", BD_TEXT(bd, USB)); + printf("\tpciPresent\t\t: %s\n", BD_TEXT(bd, PCI)); + printf("\tlpcPresent\t\t: %s\n", BD_TEXT(bd, LPC)); + printf("\tvgaPresent\t\t: %s\n", BD_TEXT(bd, VGA)); + printf("\tbatteryPresent\t\t: %s\n", BD_TEXT(bd, BATTERY)); + printf("\tacdcPresent\t\t: %s\n", BD_TEXT(bd, ACDC)); + printf("\tstandbyPresent\t\t: %s\n", BD_TEXT(bd, STANDBY)); + printf("\thasPowerConnectors\t: %s\n", BD_TEXT(bd, POWERCONN)); + printf("\tdviPresent\t\t: %s\n", BD_TEXT(bd, DVI)); + printf("\tpowerSwitchATX\t\t: %s\n", BD_TEXT(bd, PWRATX)); + printf("\tpowerSwitchRelay\t: %s\n", BD_TEXT(bd, PWRRELAY)); + /* 22 & 4 */ + printf("\tps2aPresent\t\t: %s\n", BD_TEXT(bd, PS2A)); +} + void handle_boarddescription(unsigned char *fw, int len, int patch) { - /* 0x01 0x01 0x50 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x88 0x02 0xac 0x01 0xd0 0x05 0x00 0x00 0x6a 0x3a 0x00 0x00 0x06 0x00 0x01 0x00 0x00 0x00 0x00 0x00 */ + int i; + + for (i = len - (strlen("pdata")+1); i > 0; i--) { + if (FINDSTR(fw+i, "pdata")) { + unsigned char *pos = fw + i + strlen("pdata") + 1; + + /* MAGIC? */ + if (*((unsigned int*)pos) != 0x00002802) { + continue; + } + + pos += 26; + + /* MAGIC2? */ + if (*((unsigned int*)pos) != 0x00500101) { + continue; + } + + if (patch) { + /* Enable relay power switching */ + BD_SET(pos, PWRRELAY); + } + printf("0x%08x: BOARD_DESCRIPTION: ", pos-fw); + print_boarddescription(pos); + + break; + } + } +} + +void syntax(char *name) +{ + fprintf(stderr,"Syntax: %s parameters firmware.bin\n", name); + fprintf(stderr,"parameters as follows:\n"); + fprintf(stderr,"\t-d\t\tdisplay all properties of the image\n"); + fprintf(stderr,"\t-u\t\tupdate checksum of the image\n"); + fprintf(stderr,"\t-b\t\tmodify BOARD_DESCRIPTION for more power-switch options\n"); + fprintf(stderr,"\t-e\t\textract files in firmware\n"); + fprintf(stderr,"\t-t property\tset 'property' to true\n"); + fprintf(stderr,"\t-f property\tset 'property' to false\n"); + fprintf(stderr,"\t-w property\tallow read-write access to 'property'\n"); + fprintf(stderr,"\t-r property\tallow read-only access to 'property'\n"); + exit(1); +} + +void add_action(int opt, char *optarg, struct propaction **paction) { + struct propaction *pos = *paction; + struct propaction *prev = NULL; + + while (pos != NULL) { + if (!strcmp(pos->property, optarg)) + break; + prev = pos; + pos = pos->next; + } + + if (pos == NULL) { + pos = malloc(sizeof(struct propaction)); + if (pos == NULL) { + perror("malloc"); + exit(1); + } + bzero(pos, sizeof(struct propaction)); + pos->property = optarg; + + if (prev == NULL) { + *paction = pos; + } else { + prev->next = pos; + } + } + + switch(opt) { + case 't': + if (pos->action & PROP_ACTION_FALSE) { + fprintf(stderr,"inconsistent requests for %s\n",pos->property); + exit(1); + } + pos->action |= PROP_ACTION_TRUE; + break; + case 'f': + if (pos->action & PROP_ACTION_TRUE) { + fprintf(stderr,"inconsistent requests for %s\n",pos->property); + exit(1); + } + pos->action |= PROP_ACTION_FALSE; + break; + case 'w': + if (pos->action & PROP_ACTION_RO) { + fprintf(stderr,"inconsistent requests for %s\n",pos->property); + exit(1); + } + pos->action |= PROP_ACTION_RW; + break; + case 'r': + if (pos->action & PROP_ACTION_RW) { + fprintf(stderr,"inconsistent requests for %s\n",pos->property); + exit(1); + } + pos->action |= PROP_ACTION_RO; + break; + } +} + +int check_crc(unsigned char *fw, int len) +{ + int ret; + unsigned int crc, oldcrc; + + ret = rsb_crc2(fw, len, 0x55335053, &crc); + oldcrc = (unsigned int)*((unsigned int*)(fw + len - 4)); + + printf("Checksum: 0x%08x (%s), should be: 0x%08x\n", + crc, + (ret ? "NOT OK" : "OK"), + oldcrc); + + return ret; } int main(int argc, char **argv) { struct stat statbuf; + char *file = NULL; unsigned char *fw; int fd; int remaining; int ret; - unsigned int crc, oldcrc; + int opt; + unsigned int crc; + struct propaction *paction = NULL; + int showall = 0; + int update_crc = 0; + int patch_bd = 0; + int patch_fw = 0; + int extract = 0; - if (argc != 2) { - fprintf(stderr,"Syntax: %s firmware.bin\n", argv[0]); - exit(1); + if (argc < 2) + syntax(argv[0]); + + while ((opt = getopt(argc, argv, "dubet:f:w:r:")) != -1) { + switch(opt) { + case 'd': + showall = 1; + break; + case 'u': + update_crc = 1; + break; + case 'b': + patch_bd = 1; + break; + case 'e': + extract = 1; + break; + case 't': + case 'f': + case 'w': + case 'r': + patch_fw = 1; + add_action(opt, optarg, &paction); + break; + default: + syntax(argv[0]); + } } - if (stat(argv[1], &statbuf) == -1) { + if (argc > optind) { + file = argv[optind]; + } else { + syntax(argv[0]); + } + + if (stat(file, &statbuf) == -1) { + fprintf(stderr,"%s: ", file); perror("stat"); exit(1); } - if ((fd = open(argv[1], O_RDONLY)) == -1) { + if ((fd = open(file, O_RDONLY)) == -1) { + fprintf(stderr,"%s: ", file); perror("open"); exit(1); } @@ -114,23 +418,91 @@ int main(int argc, char **argv) } remaining -= ret; } + close(fd); + + ret = check_crc(fw, statbuf.st_size); + if ((ret != 0) && (!update_crc)) { + fprintf(stderr,"Checksum incorrect, aborting...\n"); + exit(1); + } - ret = rsb_crc2(fw, statbuf.st_size, 0x55335053, &crc); - oldcrc = (unsigned int)*((unsigned int*)(fw + statbuf.st_size - 4)); + if (patch_fw) { + struct propaction *cpaction = paction; - printf("Checksum: 0x%08x (%s), should be: 0x%08x\n", - crc, - (ret ? "NOT OK" : "OK"), - oldcrc); - - if (1) { - handle_defaults(fw, statbuf.st_size - 4, 0); - handle_boarddescription(fw, statbuf.st_size - 4, 0); - if (0) { - ret = rsb_crc2(fw, statbuf.st_size, 0x55335053, &crc); - printf("Checksum: 0x%08x\n", crc); + change_properties(fw, statbuf.st_size, paction); + + printf("\nProperty change results:\n"); + while(cpaction != NULL) { + printf("%s: ", cpaction->property); + + if (cpaction->status == PROP_STATUS_NOTFOUND) + printf("NOTFOUND "); + if (cpaction->status & PROP_STATUS_SUCCESS) + printf("SUCCESS "); + if (cpaction->status & PROP_STATUS_SAMEVAL) + printf("SAMEVAL "); + if (cpaction->status & PROP_STATUS_WRONGTYPE) + printf("WRONGTYPE "); + if (cpaction->status & PROP_STATUS_WRONGRIGHTS) + printf("WRONGRIGHTS "); + printf("\n"); + + cpaction = cpaction->next; } + printf("\n"); + } + + if (patch_bd) { + handle_boarddescription(fw, statbuf.st_size -4, 1); + } + + if (showall) { + show_properties(fw, statbuf.st_size - 4); + handle_boarddescription(fw, statbuf.st_size -4, 0); } + if (extract) { + extract_files(fw, statbuf.st_size - 4); + } + + if (update_crc || patch_fw || patch_bd) { + ret = rsb_crc2(fw, statbuf.st_size, 0x55335053, &crc); + if (ret == 4) { + *((unsigned int*)(fw + statbuf.st_size - 4)) = crc; + } + + if (check_crc(fw, statbuf.st_size) == 0) { + char *newfile; + + newfile = malloc(strlen(file) + strlen(".patched") + 1); + if (newfile == NULL) { + perror("malloc"); + exit(1); + } + strcpy(newfile, file); + strcat(newfile, ".patched"); + + printf("Writing %s\n", newfile); + if ((fd = open(newfile, O_WRONLY|O_CREAT, 0644)) == -1) { + fprintf(stderr,"%s: ", file); + perror("open"); + exit(1); + } + + remaining = statbuf.st_size; + + while(remaining) { + if ((ret = write(fd, fw + (statbuf.st_size - remaining), remaining)) == -1) { + perror("write"); + exit(1); + } + remaining -= ret; + } + close(fd); + } else { + fprintf(stderr,"Can't set correct checksum, aborting...\n"); + } + } + exit(0); }