X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/rsbs2/blobdiff_plain/6fc57dcd5431aa5e19febfadb242de1e80f16c8f..205e2b01ed35952a01a2b87e46e58325d529306b:/firmware.c diff --git a/firmware.c b/firmware.c index 67f1f0a..84b4e92 100644 --- a/firmware.c +++ b/firmware.c @@ -5,29 +5,396 @@ #include #include #include +#include #include #include "rsb-crc.h" +#define FINDSTR(addr, str) (!strncmp((char*)addr, str, strlen(str))) + +struct properties { + unsigned int magic; + unsigned char unknown0; + unsigned char unknown1; + unsigned char right_rw; + unsigned char rw_mask; + unsigned char type1; + unsigned char unknown5; + unsigned char unknown6; + unsigned char unknown7; + unsigned char type2; + unsigned char val[]; +}; + +#define PROP_ACTION_TRUE (1<<0) +#define PROP_ACTION_FALSE (1<<1) +#define PROP_ACTION_RO (1<<2) +#define PROP_ACTION_RW (1<<3) + +#define PROP_STATUS_NOTFOUND (0) +#define PROP_STATUS_WRONGTYPE (1<<0) +#define PROP_STATUS_WRONGRIGHTS (1<<1) +#define PROP_STATUS_SAMEVAL (1<<2) +#define PROP_STATUS_SUCCESS (1<<3) + +struct propaction { + char *property; + unsigned int action; + unsigned int status; + struct propaction *next; +}; + +void show_properties(unsigned char *fw, int len) +{ + int i; + + for (i = 0; i < (len-100 /* XXX */); i++) { + if (FINDSTR(fw+i, "/default/fw_prop/") || + FINDSTR(fw+i, "/default/fw_setup/") || + FINDSTR(fw+i, "/default/oem_prop/")) { + struct properties *prop; + unsigned char *pos = fw + i; + + printf("0x%08x: found setting: %s ", i, pos); + + prop = (struct properties*)(pos + strlen((char*)pos) + 1); + + if (prop->magic != 0x83011111) { + printf("ignoring...\n"); + continue; + } + + if (prop->type1 == 0x00 && prop->type2 == 0x04) { + printf("STRING: '%s' ", prop->val); + } else if (prop->type1 == 0x01 && prop->type2 == 0x01) { + printf("BOOL: %s ",(*prop->val ? "TRUE" : "FALSE")); + } else if (prop->type1 == 0x04 && prop->type2 == 0x02) { + printf("VAL: 0x%x ", *((unsigned int*)prop->val)); + } else { + printf("0x%02x 0x%2x...ignoring\n", prop->type1, prop->type2); + continue; + } + + if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) { + printf("(R-) "); + } else if (prop->right_rw == 0x01) { + printf("(RW mask: 0x%02x) ", prop->rw_mask); + } else { + printf("(UNK 0x%02x 0x%02x) ", prop->right_rw, prop->rw_mask); + } + printf("\n"); + } + } +} + +void change_properties(unsigned char *fw, int len, struct propaction *paction) +{ + int i; + struct propaction *cpaction; + + for (i = 0; i < (len-100 /* XXX */); i++) { + cpaction = paction; + while (cpaction != NULL) { + if (FINDSTR(fw + i, cpaction->property)) { + break; + } + cpaction = cpaction->next; + } + if (cpaction != NULL) { + struct properties *prop; + unsigned char *pos = fw + i; + + prop = (struct properties*)(pos + strlen((char*)pos) + 1); + + if (prop->magic != 0x83011111) { + continue; + } + + if (cpaction->action & (PROP_ACTION_TRUE|PROP_ACTION_FALSE)) { + if (prop->type1 == 0x01 && prop->type2 == 0x01) { + if (cpaction->action & PROP_ACTION_TRUE) { + if (*prop->val == 0x00) { + *prop->val = 0x01; + cpaction->status |= PROP_STATUS_SUCCESS; + } else { + cpaction->status |= PROP_STATUS_SAMEVAL; + } + } else { + if (*prop->val == 0x01) { + *prop->val = 0x00; + cpaction->status |= PROP_STATUS_SUCCESS; + } else { + cpaction->status |= PROP_STATUS_SAMEVAL; + } + } + } else { + cpaction->status = PROP_STATUS_WRONGTYPE; + } + } + if (cpaction->action & PROP_ACTION_RW) { + if (prop->right_rw == 0x00 && prop->rw_mask == 0x00) { + prop->right_rw = 0x01; + prop->rw_mask = 0x02; + cpaction->status |= PROP_STATUS_SUCCESS; + } else { + cpaction->status |= PROP_STATUS_WRONGRIGHTS; + } + } + if (cpaction->action & PROP_ACTION_RO) { + if (prop->right_rw == 0x01 && prop->rw_mask == 0x02) { + prop->right_rw = 0x00; + prop->rw_mask = 0x00; + cpaction->status |= PROP_STATUS_SUCCESS; + } else { + cpaction->status |= PROP_STATUS_WRONGRIGHTS; + } + } + } + } +} + +#define BD_SERIAL1 0x14,0x02 +#define BD_ICMB 0x14,0x04 +#define BD_LAN 0x14,0x08 +#define BD_SERIAL2 0x14,0x10 +#define BD_SERIAL3 0x14,0x20 +#define BD_USB 0x14,0x40 +#define BD_PCI 0x15,0x03 +#define BD_LPC 0x15,0x04 +#define BD_VGA 0x15,0x08 +#define BD_BATTERY 0x15,0x10 +#define BD_ACDC 0x15,0x20 +#define BD_STANDBY 0x15,0x40 +#define BD_POWERCONN 0x15,0x70 +#define BD_DVI 0x15,0x80 +#define BD_PWRATX 0x16,0x01 +#define BD_PWRRELAY 0x16,0x02 +#define BD_PS2A 0x19,0xff + +#define MAGIC(fn, args...) fn(args) + +#define _BD_IS_SET(bd, byte, bits) (bd[byte] & bits) +#define BD_IS_SET(bd, ident) MAGIC(_BD_IS_SET, bd, BD_##ident) +#define BD_TEXT(bd, ident) (BD_IS_SET(bd, ident) ? "TRUE" : "FALSE") + +#define _BD_SET(bd, byte, bits) (bd[byte] |= bits) +#define BD_SET(bd, ident) MAGIC(_BD_SET, bd, BD_##ident) + +void print_boarddescription(unsigned char *bd) +{ + int j; + + for (j = 0; j < 32; j++) { + printf("%02x ", *(bd+j)); + } + printf("\n"); + + /* com/agilent/rmc/amr/AmrMaster.class + * com/agilent/rmc/mgui/RmcPanel.class + * com/agilent/rmc/mgui/panels/AvrManualConfig.class + * com/agilent/rmc/mgui/panels/CardConf.jad + * com/agilent/rmc/mgui/panels/PowerMgmtConf.jad + * com/agilent/rmc/mgui/panels/RemoteDiskConf.jad + */ + printf("\tserial1Present\t\t: %s\n", BD_TEXT(bd, SERIAL1)); + printf("\ticmbPresent\t\t: %s\n", BD_TEXT(bd, ICMB)); + printf("\tlanPresent\t\t: %s\n", BD_TEXT(bd, LAN)); + printf("\tserial2Present\t\t: %s\n", BD_TEXT(bd, SERIAL2)); + printf("\tserial3Present\t\t: %s\n", BD_TEXT(bd, SERIAL3)); + printf("\tusbPresent\t\t: %s\n", BD_TEXT(bd, USB)); + printf("\tpciPresent\t\t: %s\n", BD_TEXT(bd, PCI)); + printf("\tlpcPresent\t\t: %s\n", BD_TEXT(bd, LPC)); + printf("\tvgaPresent\t\t: %s\n", BD_TEXT(bd, VGA)); + printf("\tbatteryPresent\t\t: %s\n", BD_TEXT(bd, BATTERY)); + printf("\tacdcPresent\t\t: %s\n", BD_TEXT(bd, ACDC)); + printf("\tstandbyPresent\t\t: %s\n", BD_TEXT(bd, STANDBY)); + printf("\thasPowerConnectors\t: %s\n", BD_TEXT(bd, POWERCONN)); + printf("\tdviPresent\t\t: %s\n", BD_TEXT(bd, DVI)); + printf("\tpowerSwitchATX\t\t: %s\n", BD_TEXT(bd, PWRATX)); + printf("\tpowerSwitchRelay\t: %s\n", BD_TEXT(bd, PWRRELAY)); + /* 22 & 4 */ + printf("\tps2aPresent\t\t: %s\n", BD_TEXT(bd, PS2A)); +} + +void handle_boarddescription(unsigned char *fw, int len, int patch) +{ + int i; + + for (i = len - (strlen("pdata")+1); i > 0; i--) { + if (FINDSTR(fw+i, "pdata")) { + unsigned char *pos = fw + i + strlen("pdata") + 1; + + /* MAGIC? */ + if (*((unsigned int*)pos) != 0x00002802) { + continue; + } + + pos += 26; + + /* MAGIC2? */ + if (*((unsigned int*)pos) != 0x00500101) { + continue; + } + + if (patch) { + /* Enable ATX and relay power switching */ + BD_SET(pos, PWRATX); + BD_SET(pos, PWRRELAY); + /* ATX standby */ + BD_SET(pos, STANDBY); + } + printf("0x%08x: BOARD_DESCRIPTION: ", pos-fw); + print_boarddescription(pos); + + break; + } + } +} + +void syntax(char *name) +{ + fprintf(stderr,"Syntax: %s parameters firmware.bin\n", name); + fprintf(stderr,"parameters as follows:\n"); + fprintf(stderr,"\t-d\t\tdisplay all properties of the image\n"); + fprintf(stderr,"\t-u\t\tupdate checksum of the image\n"); + fprintf(stderr,"\t-b\t\tmodify BOARD_DESCRIPTION for more power-switch options\n"); + fprintf(stderr,"\t-t property\tset 'property' to true\n"); + fprintf(stderr,"\t-f property\tset 'property' to false\n"); + fprintf(stderr,"\t-w property\tallow read-write access to 'property'\n"); + fprintf(stderr,"\t-r property\tallow read-only access to 'property'\n"); + exit(1); +} + +void add_action(int opt, char *optarg, struct propaction **paction) { + struct propaction *pos = *paction; + struct propaction *prev = NULL; + + while (pos != NULL) { + if (!strcmp(pos->property, optarg)) + break; + prev = pos; + pos = pos->next; + } + + if (pos == NULL) { + pos = malloc(sizeof(struct propaction)); + if (pos == NULL) { + perror("malloc"); + exit(1); + } + bzero(pos, sizeof(struct propaction)); + pos->property = optarg; + + if (prev == NULL) { + *paction = pos; + } else { + prev->next = pos; + } + } + + switch(opt) { + case 't': + if (pos->action & PROP_ACTION_FALSE) { + fprintf(stderr,"inconsistent requests for %s\n",pos->property); + exit(1); + } + pos->action |= PROP_ACTION_TRUE; + break; + case 'f': + if (pos->action & PROP_ACTION_TRUE) { + fprintf(stderr,"inconsistent requests for %s\n",pos->property); + exit(1); + } + pos->action |= PROP_ACTION_FALSE; + break; + case 'w': + if (pos->action & PROP_ACTION_RO) { + fprintf(stderr,"inconsistent requests for %s\n",pos->property); + exit(1); + } + pos->action |= PROP_ACTION_RW; + break; + case 'r': + if (pos->action & PROP_ACTION_RW) { + fprintf(stderr,"inconsistent requests for %s\n",pos->property); + exit(1); + } + pos->action |= PROP_ACTION_RO; + break; + } +} + +int check_crc(unsigned char *fw, int len) +{ + int ret; + unsigned int crc, oldcrc; + + ret = rsb_crc2(fw, len, 0x55335053, &crc); + oldcrc = (unsigned int)*((unsigned int*)(fw + len - 4)); + + printf("Checksum: 0x%08x (%s), should be: 0x%08x\n", + crc, + (ret ? "NOT OK" : "OK"), + oldcrc); + + return ret; +} + int main(int argc, char **argv) { struct stat statbuf; + char *file = NULL; unsigned char *fw; int fd; int remaining; int ret; - unsigned int crc, oldcrc; + int opt; + unsigned int crc; + struct propaction *paction = NULL; + int showall = 0; + int update_crc = 0; + int patch_bd = 0; + int patch_fw = 0; - if (argc != 2) { - fprintf(stderr,"Syntax: %s firmware.bin\n", argv[0]); - exit(1); + if (argc < 2) + syntax(argv[0]); + + while ((opt = getopt(argc, argv, "dubt:f:w:r:")) != -1) { + switch(opt) { + case 'd': + showall = 1; + break; + case 'u': + update_crc = 1; + break; + case 'b': + patch_bd = 1; + break; + case 't': + case 'f': + case 'w': + case 'r': + patch_fw = 1; + add_action(opt, optarg, &paction); + break; + default: + syntax(argv[0]); + } + } + + if (argc > optind) { + file = argv[optind]; + } else { + syntax(argv[0]); } - if (stat(argv[1], &statbuf) == -1) { + if (stat(file, &statbuf) == -1) { + fprintf(stderr,"%s: ", file); perror("stat"); exit(1); } - if ((fd = open(argv[1], O_RDONLY)) == -1) { + if ((fd = open(file, O_RDONLY)) == -1) { + fprintf(stderr,"%s: ", file); perror("open"); exit(1); } @@ -48,11 +415,86 @@ int main(int argc, char **argv) } remaining -= ret; } + close(fd); + + ret = check_crc(fw, statbuf.st_size); + if ((ret != 0) && (!update_crc)) { + fprintf(stderr,"Checksum incorrect, aborting...\n"); + } + + if (patch_fw) { + struct propaction *cpaction = paction; + + change_properties(fw, statbuf.st_size, paction); + + printf("\nProperty change results:\n"); + while(cpaction != NULL) { + printf("%s: ", cpaction->property); + + if (cpaction->status == PROP_STATUS_NOTFOUND) + printf("NOTFOUND "); + if (cpaction->status & PROP_STATUS_SUCCESS) + printf("SUCCESS "); + if (cpaction->status & PROP_STATUS_SAMEVAL) + printf("SAMEVAL "); + if (cpaction->status & PROP_STATUS_WRONGTYPE) + printf("WRONGTYPE "); + if (cpaction->status & PROP_STATUS_WRONGRIGHTS) + printf("WRONGRIGHTS "); + printf("\n"); + + cpaction = cpaction->next; + } + printf("\n"); + } + + if (patch_bd) { + handle_boarddescription(fw, statbuf.st_size -4, 1); + } - ret = rsb_crc2(fw, statbuf.st_size, 0x55335053, &crc); - oldcrc = (unsigned int)*((unsigned int*)(fw + statbuf.st_size - 4)); + if (showall) { + show_properties(fw, statbuf.st_size - 4); + handle_boarddescription(fw, statbuf.st_size -4, 0); + } + + if (update_crc || patch_fw || patch_bd) { + ret = rsb_crc2(fw, statbuf.st_size, 0x55335053, &crc); + if (ret == 4) { + *((unsigned int*)(fw + statbuf.st_size - 4)) = crc; + } - printf("Checksum: 0x%08x, should be: 0x%08x\n", crc, oldcrc); + if (check_crc(fw, statbuf.st_size) == 0) { + char *newfile; + newfile = malloc(strlen(file) + strlen(".patched") + 1); + if (newfile == NULL) { + perror("malloc"); + exit(1); + } + strcpy(newfile, file); + strcat(newfile, ".patched"); + + printf("Writing %s\n", newfile); + if ((fd = open(newfile, O_WRONLY|O_CREAT, 0644)) == -1) { + fprintf(stderr,"%s: ", file); + perror("open"); + exit(1); + } + + remaining = statbuf.st_size; + + while(remaining) { + if ((ret = write(fd, fw + (statbuf.st_size - remaining), remaining)) == -1) { + perror("write"); + exit(1); + } + remaining -= ret; + } + close(fd); + } else { + fprintf(stderr,"Can't set correct checksum, aborting...\n"); + } + } + exit(0); }