#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
+#include <string.h>
#include <strings.h>
#include "rsb-crc.h"
+#include "rsb-lz.h"
-struct fw_header {
- unsigned int unknown[8];
- unsigned int len;
- char ident[4];
- unsigned int offset;
- char desc[128];
+#define FINDSTR(addr, str) (!strncmp((char*)addr, str, strlen(str)))
+
+struct properties {
+ unsigned int magic;
+ unsigned char unknown0;
+ unsigned char unknown1;
+ unsigned char right_rw;
+ unsigned char rw_mask;
+ unsigned char type1;
+ unsigned char unknown5;
+ unsigned char unknown6;
+ unsigned char unknown7;
+ unsigned char type2;
+ unsigned char val[];
+};
+
+#define PROP_ACTION_TRUE (1<<0)
+#define PROP_ACTION_FALSE (1<<1)
+#define PROP_ACTION_RO (1<<2)
+#define PROP_ACTION_RW (1<<3)
+
+#define PROP_STATUS_NOTFOUND (0)
+#define PROP_STATUS_WRONGTYPE (1<<0)
+#define PROP_STATUS_WRONGRIGHTS (1<<1)
+#define PROP_STATUS_SAMEVAL (1<<2)
+#define PROP_STATUS_SUCCESS (1<<3)
+
+struct propaction {
+ char *property;
+ unsigned int action;
+ unsigned int status;
+ struct propaction *next;
};
-void parse_fw(unsigned char *fw, unsigned int off) {
- struct fw_header *header = (struct fw_header*)(fw + off);
- static unsigned int last_off;
+void show_properties(unsigned char *fw, int len)
+{
int i;
- printf("Address in file: 0x%08x, Difference to last: %u\n", off, off-last_off);
- printf("Unknown: ");
- for (i = 0; i < 8; i++)
- printf("0x%08x ", header->unknown[i]);
+ for (i = 0; i < (len-100 /* XXX */); i++) {
+ if (FINDSTR(fw+i, "/default/fw_prop/") ||
+ FINDSTR(fw+i, "/default/fw_setup/") ||
+ FINDSTR(fw+i, "/default/oem_prop/")) {
+ struct properties *prop;
+ unsigned char *pos = fw + i;
- printf("\n");
+ printf("0x%08x: found setting: %s ", i, pos);
+
+ prop = (struct properties*)(pos + strlen((char*)pos) + 1);
+
+ if (prop->magic != 0x83011111) {
+ printf("ignoring...\n");
+ continue;
+ }
+
+ if (prop->type1 == 0x00 && prop->type2 == 0x04) {
+ printf("STRING: '%s' ", prop->val);
+ } else if (prop->type1 == 0x01 && prop->type2 == 0x01) {
+ printf("BOOL: %s ",(*prop->val ? "TRUE" : "FALSE"));
+ } else if (prop->type1 == 0x04 && prop->type2 == 0x02) {
+ printf("VAL: 0x%x ", *((unsigned int*)prop->val));
+ } else {
+ printf("0x%02x 0x%2x...ignoring\n", prop->type1, prop->type2);
+ continue;
+ }
+
+ if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) {
+ printf("(R-) ");
+ } else if (prop->right_rw == 0x01) {
+ printf("(RW mask: 0x%02x) ", prop->rw_mask);
+ } else {
+ printf("(UNK 0x%02x 0x%02x) ", prop->right_rw, prop->rw_mask);
+ }
+ printf("\n");
+ }
+ }
+}
+
+void change_properties(unsigned char *fw, int len, struct propaction *paction)
+{
+ int i;
+ struct propaction *cpaction;
+
+ for (i = 0; i < (len-100 /* XXX */); i++) {
+ cpaction = paction;
+ while (cpaction != NULL) {
+ if (FINDSTR(fw + i, cpaction->property)) {
+ break;
+ }
+ cpaction = cpaction->next;
+ }
+ if (cpaction != NULL) {
+ struct properties *prop;
+ unsigned char *pos = fw + i;
+
+ prop = (struct properties*)(pos + strlen((char*)pos) + 1);
+
+ if (prop->magic != 0x83011111) {
+ continue;
+ }
+
+ if (cpaction->action & (PROP_ACTION_TRUE|PROP_ACTION_FALSE)) {
+ if (prop->type1 == 0x01 && prop->type2 == 0x01) {
+ if (cpaction->action & PROP_ACTION_TRUE) {
+ if (*prop->val == 0x00) {
+ *prop->val = 0x01;
+ cpaction->status |= PROP_STATUS_SUCCESS;
+ } else {
+ cpaction->status |= PROP_STATUS_SAMEVAL;
+ }
+ } else {
+ if (*prop->val == 0x01) {
+ *prop->val = 0x00;
+ cpaction->status |= PROP_STATUS_SUCCESS;
+ } else {
+ cpaction->status |= PROP_STATUS_SAMEVAL;
+ }
+ }
+ } else {
+ cpaction->status = PROP_STATUS_WRONGTYPE;
+ }
+ }
+ if (cpaction->action & PROP_ACTION_RW) {
+ if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) {
+ prop->right_rw = 0x01;
+ prop->rw_mask = 0x02;
+ cpaction->status |= PROP_STATUS_SUCCESS;
+ } else {
+ cpaction->status |= PROP_STATUS_WRONGRIGHTS;
+ }
+ }
+ if (cpaction->action & PROP_ACTION_RO) {
+ if (prop->right_rw == 0x01 && prop->rw_mask == 0x02) {
+ prop->right_rw = 0x00;
+ prop->rw_mask = 0x00;
+ cpaction->status |= PROP_STATUS_SUCCESS;
+ } else {
+ cpaction->status |= PROP_STATUS_WRONGRIGHTS;
+ }
+ }
+ }
+ }
+}
- printf("Length: %u, possible next entry at: 0x%08x\n", header->len, off + header->len + 22);
+#define BD_SERIAL1 0x14,0x02
+#define BD_ICMB 0x14,0x04
+#define BD_LAN 0x14,0x08
+#define BD_SERIAL2 0x14,0x10
+#define BD_SERIAL3 0x14,0x20
+#define BD_USB 0x14,0x40
+#define BD_PCI 0x15,0x03
+#define BD_LPC 0x15,0x04
+#define BD_VGA 0x15,0x08
+#define BD_BATTERY 0x15,0x10
+#define BD_ACDC 0x15,0x20
+#define BD_STANDBY 0x15,0x40
+#define BD_POWERCONN 0x15,0x70
+#define BD_DVI 0x15,0x80
+#define BD_PWRATX 0x16,0x01
+#define BD_PWRRELAY 0x16,0x02
+#define BD_PS2A 0x19,0xff
- printf("Identifier: %.4s\n", header->ident);
+#define MAGIC(fn, args...) fn(args)
- printf("Offset: 0x%08x\n", header->offset);
+#define _BD_IS_SET(bd, byte, bits) (bd[byte] & bits)
+#define BD_IS_SET(bd, ident) MAGIC(_BD_IS_SET, bd, BD_##ident)
+#define BD_TEXT(bd, ident) (BD_IS_SET(bd, ident) ? "TRUE" : "FALSE")
- printf("Descriptiom: %s\n", header->desc);
+#define _BD_SET(bd, byte, bits) (bd[byte] |= bits)
+#define BD_SET(bd, ident) MAGIC(_BD_SET, bd, BD_##ident)
+void print_boarddescription(unsigned char *bd)
+{
+ int j;
+
+ for (j = 0; j < 32; j++) {
+ printf("%02x ", *(bd+j));
+ }
printf("\n");
- last_off = off;
+
+ /* com/agilent/rmc/amr/AmrMaster.class
+ * com/agilent/rmc/mgui/RmcPanel.class
+ * com/agilent/rmc/mgui/panels/AvrManualConfig.class
+ * com/agilent/rmc/mgui/panels/CardConf.jad
+ * com/agilent/rmc/mgui/panels/PowerMgmtConf.jad
+ * com/agilent/rmc/mgui/panels/RemoteDiskConf.jad
+ */
+ printf("\tserial1Present\t\t: %s\n", BD_TEXT(bd, SERIAL1));
+ printf("\ticmbPresent\t\t: %s\n", BD_TEXT(bd, ICMB));
+ printf("\tlanPresent\t\t: %s\n", BD_TEXT(bd, LAN));
+ printf("\tserial2Present\t\t: %s\n", BD_TEXT(bd, SERIAL2));
+ printf("\tserial3Present\t\t: %s\n", BD_TEXT(bd, SERIAL3));
+ printf("\tusbPresent\t\t: %s\n", BD_TEXT(bd, USB));
+ printf("\tpciPresent\t\t: %s\n", BD_TEXT(bd, PCI));
+ printf("\tlpcPresent\t\t: %s\n", BD_TEXT(bd, LPC));
+ printf("\tvgaPresent\t\t: %s\n", BD_TEXT(bd, VGA));
+ printf("\tbatteryPresent\t\t: %s\n", BD_TEXT(bd, BATTERY));
+ printf("\tacdcPresent\t\t: %s\n", BD_TEXT(bd, ACDC));
+ printf("\tstandbyPresent\t\t: %s\n", BD_TEXT(bd, STANDBY));
+ printf("\thasPowerConnectors\t: %s\n", BD_TEXT(bd, POWERCONN));
+ printf("\tdviPresent\t\t: %s\n", BD_TEXT(bd, DVI));
+ printf("\tpowerSwitchATX\t\t: %s\n", BD_TEXT(bd, PWRATX));
+ printf("\tpowerSwitchRelay\t: %s\n", BD_TEXT(bd, PWRRELAY));
+ /* 22 & 4 */
+ printf("\tps2aPresent\t\t: %s\n", BD_TEXT(bd, PS2A));
+}
+
+void handle_boarddescription(unsigned char *fw, int len, int patch)
+{
+ int i;
+
+ for (i = len - (strlen("pdata")+1); i > 0; i--) {
+ if (FINDSTR(fw+i, "pdata")) {
+ unsigned char *pos = fw + i + strlen("pdata") + 1;
+
+ /* MAGIC? */
+ if (*((unsigned int*)pos) != 0x00002802) {
+ continue;
+ }
+
+ pos += 26;
+
+ /* MAGIC2? */
+ if (*((unsigned int*)pos) != 0x00500101) {
+ continue;
+ }
+
+ if (patch) {
+ /* Enable relay power switching */
+ BD_SET(pos, PWRRELAY);
+ }
+ printf("0x%08x: BOARD_DESCRIPTION: ", pos-fw);
+ print_boarddescription(pos);
+
+ break;
+ }
+ }
+}
+
+void syntax(char *name)
+{
+ fprintf(stderr,"Syntax: %s parameters firmware.bin\n", name);
+ fprintf(stderr,"parameters as follows:\n");
+ fprintf(stderr,"\t-d\t\tdisplay all properties of the image\n");
+ fprintf(stderr,"\t-u\t\tupdate checksum of the image\n");
+ fprintf(stderr,"\t-b\t\tmodify BOARD_DESCRIPTION for more power-switch options\n");
+ fprintf(stderr,"\t-e\t\textract files in firmware\n");
+ fprintf(stderr,"\t-t property\tset 'property' to true\n");
+ fprintf(stderr,"\t-f property\tset 'property' to false\n");
+ fprintf(stderr,"\t-w property\tallow read-write access to 'property'\n");
+ fprintf(stderr,"\t-r property\tallow read-only access to 'property'\n");
+ exit(1);
+}
+
+void add_action(int opt, char *optarg, struct propaction **paction) {
+ struct propaction *pos = *paction;
+ struct propaction *prev = NULL;
+
+ while (pos != NULL) {
+ if (!strcmp(pos->property, optarg))
+ break;
+ prev = pos;
+ pos = pos->next;
+ }
+
+ if (pos == NULL) {
+ pos = malloc(sizeof(struct propaction));
+ if (pos == NULL) {
+ perror("malloc");
+ exit(1);
+ }
+ bzero(pos, sizeof(struct propaction));
+ pos->property = optarg;
+
+ if (prev == NULL) {
+ *paction = pos;
+ } else {
+ prev->next = pos;
+ }
+ }
+
+ switch(opt) {
+ case 't':
+ if (pos->action & PROP_ACTION_FALSE) {
+ fprintf(stderr,"inconsistent requests for %s\n",pos->property);
+ exit(1);
+ }
+ pos->action |= PROP_ACTION_TRUE;
+ break;
+ case 'f':
+ if (pos->action & PROP_ACTION_TRUE) {
+ fprintf(stderr,"inconsistent requests for %s\n",pos->property);
+ exit(1);
+ }
+ pos->action |= PROP_ACTION_FALSE;
+ break;
+ case 'w':
+ if (pos->action & PROP_ACTION_RO) {
+ fprintf(stderr,"inconsistent requests for %s\n",pos->property);
+ exit(1);
+ }
+ pos->action |= PROP_ACTION_RW;
+ break;
+ case 'r':
+ if (pos->action & PROP_ACTION_RW) {
+ fprintf(stderr,"inconsistent requests for %s\n",pos->property);
+ exit(1);
+ }
+ pos->action |= PROP_ACTION_RO;
+ break;
+ }
+}
+
+int check_crc(unsigned char *fw, int len)
+{
+ int ret;
+ unsigned int crc, oldcrc;
+
+ ret = rsb_crc2(fw, len, 0x55335053, &crc);
+ oldcrc = (unsigned int)*((unsigned int*)(fw + len - 4));
+
+ printf("Checksum: 0x%08x (%s), should be: 0x%08x\n",
+ crc,
+ (ret ? "NOT OK" : "OK"),
+ oldcrc);
+
+ return ret;
}
int main(int argc, char **argv)
{
struct stat statbuf;
+ char *file = NULL;
unsigned char *fw;
int fd;
int remaining;
int ret;
+ int opt;
unsigned int crc;
+ struct propaction *paction = NULL;
+ int showall = 0;
+ int update_crc = 0;
+ int patch_bd = 0;
+ int patch_fw = 0;
+ int extract = 0;
- if (argc != 2) {
- fprintf(stderr,"Syntax: %s firmware.bin\n", argv[0]);
- exit(1);
+ if (argc < 2)
+ syntax(argv[0]);
+
+ while ((opt = getopt(argc, argv, "dubet:f:w:r:")) != -1) {
+ switch(opt) {
+ case 'd':
+ showall = 1;
+ break;
+ case 'u':
+ update_crc = 1;
+ break;
+ case 'b':
+ patch_bd = 1;
+ break;
+ case 'e':
+ extract = 1;
+ break;
+ case 't':
+ case 'f':
+ case 'w':
+ case 'r':
+ patch_fw = 1;
+ add_action(opt, optarg, &paction);
+ break;
+ default:
+ syntax(argv[0]);
+ }
}
- if (stat(argv[1], &statbuf) == -1) {
+ if (argc > optind) {
+ file = argv[optind];
+ } else {
+ syntax(argv[0]);
+ }
+
+ if (stat(file, &statbuf) == -1) {
+ fprintf(stderr,"%s: ", file);
perror("stat");
exit(1);
}
- if ((fd = open(argv[1], O_RDONLY)) == -1) {
+ if ((fd = open(file, O_RDONLY)) == -1) {
+ fprintf(stderr,"%s: ", file);
perror("open");
exit(1);
}
}
remaining -= ret;
}
+ close(fd);
+
+ ret = check_crc(fw, statbuf.st_size);
+ if ((ret != 0) && (!update_crc)) {
+ fprintf(stderr,"Checksum incorrect, aborting...\n");
+ }
+
+ if (patch_fw) {
+ struct propaction *cpaction = paction;
-#if 0
- parse_fw(fw, 0x0);
- parse_fw(fw, 0x555c0);
- parse_fw(fw, 0x5940e);
-#endif
+ change_properties(fw, statbuf.st_size, paction);
- crc = rsb_crc(0, fw, statbuf.st_size-4);
+ printf("\nProperty change results:\n");
+ while(cpaction != NULL) {
+ printf("%s: ", cpaction->property);
- printf("Length: %ld, Checksum: 0x%08x\n", statbuf.st_size-4, crc);
+ if (cpaction->status == PROP_STATUS_NOTFOUND)
+ printf("NOTFOUND ");
+ if (cpaction->status & PROP_STATUS_SUCCESS)
+ printf("SUCCESS ");
+ if (cpaction->status & PROP_STATUS_SAMEVAL)
+ printf("SAMEVAL ");
+ if (cpaction->status & PROP_STATUS_WRONGTYPE)
+ printf("WRONGTYPE ");
+ if (cpaction->status & PROP_STATUS_WRONGRIGHTS)
+ printf("WRONGRIGHTS ");
+ printf("\n");
+
+ cpaction = cpaction->next;
+ }
+ printf("\n");
+ }
+
+ if (patch_bd) {
+ handle_boarddescription(fw, statbuf.st_size -4, 1);
+ }
+
+ if (showall) {
+ show_properties(fw, statbuf.st_size - 4);
+ handle_boarddescription(fw, statbuf.st_size -4, 0);
+ }
+ if (extract) {
+ search_lz_sections(fw, statbuf.st_size - 4);
+ }
+
+ if (update_crc || patch_fw || patch_bd) {
+ ret = rsb_crc2(fw, statbuf.st_size, 0x55335053, &crc);
+ if (ret == 4) {
+ *((unsigned int*)(fw + statbuf.st_size - 4)) = crc;
+ }
+
+ if (check_crc(fw, statbuf.st_size) == 0) {
+ char *newfile;
+
+ newfile = malloc(strlen(file) + strlen(".patched") + 1);
+ if (newfile == NULL) {
+ perror("malloc");
+ exit(1);
+ }
+ strcpy(newfile, file);
+ strcat(newfile, ".patched");
+
+ printf("Writing %s\n", newfile);
+ if ((fd = open(newfile, O_WRONLY|O_CREAT, 0644)) == -1) {
+ fprintf(stderr,"%s: ", file);
+ perror("open");
+ exit(1);
+ }
+
+ remaining = statbuf.st_size;
+
+ while(remaining) {
+ if ((ret = write(fd, fw + (statbuf.st_size - remaining), remaining)) == -1) {
+ perror("write");
+ exit(1);
+ }
+ remaining -= ret;
+ }
+ close(fd);
+ } else {
+ fprintf(stderr,"Can't set correct checksum, aborting...\n");
+ }
+ }
+
exit(0);
}