devs/foxbox
1
0
Fork 0
forked from len0rd/rockbox
Code Pull requests Activity

adfuload: utility to upload and exec binary using brom adfu mode of atj213x SoC

Browse source 
Change-Id: If52aa34124be2801c2ac316641ff9aa0bbd837c6
This commit is contained in:
Marcin Bukat 2013-12-11 15:42:25 +01:00
parent 01d8cc6f39
commit b5ca0cffac
4 changed files with 591 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
utils/atj2137/adfuload/Makefile Normal file
View file

@ -0,0 +1,7 @@
all: adfuload
adfuload: adfuload.c encrypt.c
gcc -g -std=c99 -o $@ -W -Wall -I/usr/include/libusb-1.0/ $^ -lusb-1.0
clean:
rm -fr *.o adfuload

467
utils/atj2137/adfuload/adfuload.c Normal file
View file

@ -0,0 +1,467 @@
/***************************************************************************
* __________ __ ___.
* Open \______ \ ____ ____ | | _\_ |__ _______ ___
* Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
* Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
* Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
* \/ \/ \/ \/ \/
*
* Copyright (C) 2013 by Marcin Bukat
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
****************************************************************************/
#include <stdlib.h>
#include <libusb.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <stdbool.h>
#include "encrypt.h"
#define VERSION "v0.1"
#define RETRY_MAX 5
#define USB_TIMEOUT 512
#define VENDORID 0x10d6
#define PRODUCTID 0xff96
#define OUT_EP 0x01
#define IN_EP 0x82
#define CBW_SIGNATURE 0x43425355
#define CSW_SIGNATURE 0x53425355
struct CBWCB_t
{
uint8_t cbCode;
uint8_t cbLun;
uint32_t LBA;
uint32_t cbLen;
uint8_t reseved;
uint8_t control;
} __attribute__((__packed__));
struct CBW_t
{
uint32_t dCBWSignature;
uint32_t dCBWTag;
uint32_t dCBWDataTransferLength;
uint8_t bmCBWFlags;
uint8_t bCBWLUN;
uint8_t bCBWCBLength;
uint8_t CBWCB[16];
} __attribute__((__packed__));
struct CSW_t
{
uint32_t dCSWSignature;
uint32_t dCSWTag;
uint32_t dCSWDataResidue;
uint8_t bCSWStatus;
} __attribute__((__packed__));
static int send_msc_cmd(libusb_device_handle *hdev, void *cbwcb, uint32_t data_len, uint32_t *reftag)
{
struct CBW_t cbw;
int ret, repeat, transferred;
memset(&cbw, 0, sizeof(cbw));
cbw.dCBWSignature = CBW_SIGNATURE;
cbw.dCBWTag = 0;
cbw.dCBWDataTransferLength = data_len;
cbw.bmCBWFlags = 0;
cbw.bCBWLUN = 0;
cbw.bCBWCBLength = ((((char *)cbwcb)[0] == 0x10) ? 0 : 0x10);
memcpy(cbw.CBWCB, cbwcb, sizeof(struct CBWCB_t));
*reftag = cbw.dCBWTag;
do
{
/* transfer command to the device */
ret = libusb_bulk_transfer(hdev, OUT_EP, (unsigned char*)&cbw, 31, &transferred, USB_TIMEOUT);
if (ret == LIBUSB_ERROR_PIPE)
{
libusb_clear_halt(hdev, OUT_EP);
}
repeat++;
} while ((ret == LIBUSB_ERROR_PIPE) && (repeat < RETRY_MAX));
if (ret != LIBUSB_SUCCESS)
{
printf("error: command transfer error\n");
return -1;
}
return 0;
}
static int get_msc_csw(libusb_device_handle *hdev, uint32_t reftag)
{
struct CSW_t csw;
int ret, repeat, transferred;
/* get CSW response from device */
repeat = 0;
do
{
ret = libusb_bulk_transfer(hdev, IN_EP, (unsigned char *)&csw, 13, &transferred, USB_TIMEOUT);
if (ret == LIBUSB_ERROR_PIPE)
{
libusb_clear_halt(hdev, IN_EP);
}
repeat++;
} while ((ret == LIBUSB_ERROR_PIPE) && (repeat < RETRY_MAX));
if (ret != LIBUSB_SUCCESS)
{
printf("error reading CSW\n");
return -3;
}
if (transferred != 13)
{
printf("error wrong size of CSW packet\n");
return -4;
}
if (csw.dCSWSignature != CSW_SIGNATURE)
{
printf("error: wrong CSW signature.\n");
return -5;
}
if (csw.dCSWTag != reftag)
{
printf("error: CSW dCSWTag mismatch. Is 0x%x, expected 0x%x\n", csw.dCSWTag, reftag);
return -6;
}
if (csw.bCSWStatus)
{
/* In case of CSW indicating error dump the content of the packet */
printf ("dCSWSignature: 0x%0x\n", csw.dCSWSignature);
printf ("dCSWTag: 0x%0x\n", csw.dCSWTag);
printf ("dCSWDataResidue: 0x%0x\n", csw.dCSWDataResidue);
printf ("bCSWStatus: 0x%0x\n", csw.bCSWStatus);
}
return csw.bCSWStatus;
}
static void adfu_upload(libusb_device_handle *hdev, unsigned char *buf, int size, uint32_t address)
{
uint8_t cmdbuf[16];
uint32_t reftag;
int transferred;
memset(cmdbuf, 0, sizeof(cmdbuf));
fprintf(stderr,"[info]: loading binary @ 0x%08x size %d bytes\n", address, size);
cmdbuf[0] = 0x05; /* transfer */
cmdbuf[1] = address & 0xff; /* addr LSB */
cmdbuf[2] = (address >> 8) & 0xff;
cmdbuf[3] = (address >> 16) & 0xff;
cmdbuf[4] = (address >> 24) & 0xff; /* addr MSB */
cmdbuf[5] = size & 0xff; /* len LSB */
cmdbuf[6] = (size >> 8) & 0xff;
cmdbuf[7] = (size >> 16) & 0xff;
cmdbuf[8] = (size >> 24) & 0xff; /* len MSB */
send_msc_cmd(hdev, (void *)cmdbuf, size, &reftag);
libusb_bulk_transfer(hdev, OUT_EP, buf, size, &transferred, USB_TIMEOUT);
fprintf(stderr, "[info]: actual xfered data: %d bytes\n", transferred);
/* get CSW from device*/
fprintf(stderr, "[info]: CSW status: %d\n", get_msc_csw(hdev, reftag));
}
#if 0
/* unused, I'll leve it here for reference */
static void adfu_download(libusb_device_handle *hdev, unsigned char *buf, int size, uint32_t address)
{
uint8_t cmdbuf[16];
int transferred, ret, repeat;
uint32_t reftag;
fprintf(stderr, "[info]: downloading %d bytes from 0x%08x\n", size, address);
memset(cmdbuf, 0, sizeof(cmdbuf));
cmdbuf[0] = 0x05;
cmdbuf[1] = address & 0xff; /* addr LSB */
cmdbuf[2] = (address >> 8) & 0xff;
cmdbuf[3] = (address >> 16) & 0xff;
cmdbuf[4] = (address >> 24) & 0xff; /* addr MSB */
cmdbuf[5] = size & 0xff; /* len LSB */
cmdbuf[6] = (size >> 8) & 0xff;
cmdbuf[7] = (size >> 16) & 0xff;
cmdbuf[8] = (size >> 24) & 0xff; /* len MSB */
cmdbuf[9] = 0x80; /* send data from device */
send_msc_cmd(hdev, (void *)cmdbuf, size, &reftag);
memset(buf, 0, sizeof(buf));
/* get data from device */
repeat = 0;
do
{
ret = libusb_bulk_transfer(hdev, IN_EP, buf, size, &transferred, USB_TIMEOUT);
if (ret == LIBUSB_ERROR_PIPE)
{
libusb_clear_halt(hdev, IN_EP);
}
repeat++;
} while ((ret == LIBUSB_ERROR_PIPE) && (repeat < RETRY_MAX));
fprintf(stderr, "[info]: actual xfered data: %d bytes\n", transferred);
/* get CSW from device*/
fprintf(stderr, "[info]: CSW status: %d\n", get_msc_csw(hdev, reftag));
}
#endif
static void adfu_execute(libusb_device_handle *hdev, uint32_t address)
{
uint8_t cmdbuf[16];
uint32_t reftag;
fprintf(stderr, "[info]: jumping to address 0x%08x\n", address);
memset(cmdbuf, 0, sizeof(cmdbuf));
cmdbuf[0] = 0x10; /* execute */
cmdbuf[1] = address & 0xff; /* addr LSB */
cmdbuf[2] = (address >> 8) & 0xff;
cmdbuf[3] = (address >> 16) & 0xff;
cmdbuf[4] = (address >> 24) & 0xff; /* addr MSB */
send_msc_cmd(hdev, (void *)cmdbuf, 0, &reftag);
/* get CSW from device*/
fprintf(stderr, "[info]: CSW status: %d\n", get_msc_csw(hdev, reftag));
}
static void usage(char *name)
{
printf("usage: (sudo) %s [-e] -s1 stage1.bin -s2 stage2.bin\n", name);
printf("stage1.bin - binary of the stage1 (ADEC_N63.BIN for example)\n");
printf("stage2.bin - binary of the custom user code\n");
printf("\n");
printf("options:\n");
printf("-e - encode stage1 binary as needed by brom adfu mode\n");
}
int main (int argc, char **argv)
{
libusb_device_handle *hdev;
int ret = 0;
int i = 1;
uint8_t *buf;
uint32_t filesize, filesize_round;
char *s1_filename, *s2_filename;
bool encode = false;
FILE *fp;
while (i < argc)
{
if (strcmp(argv[i],"-e") == 0)
{
encode = true;
i++;
}
else if (strcmp(argv[i],"-s1") == 0)
{
i++;
if (i == argc)
{
usage(argv[0]);
return -1;
}
s1_filename = argv[i];
i++;
}
else if (strcmp(argv[i],"-s2") == 0)
{
i++;
if (i == argc)
{
usage(argv[0]);
return -2;
}
s2_filename = argv[i];
i++;
}
else
{
usage(argv[0]);
return -3;
}
}
/* print banner */
fprintf(stderr,"adfuload " VERSION "\n");
fprintf(stderr,"(C) Marcin Bukat 2013\n");
fprintf(stderr,"This is free software; see the source for copying conditions. There is NO\n");
fprintf(stderr,"warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\n");
/* initialize libusb */
libusb_init(NULL);
hdev = libusb_open_device_with_vid_pid(NULL, VENDORID, PRODUCTID);
if (hdev == NULL)
{
fprintf(stderr, "[error]: can't open device with VID:PID=0x%0x:0x%0x\n", VENDORID, PRODUCTID);
libusb_exit(NULL);
return -4;
}
ret = libusb_kernel_driver_active(hdev, 0);
if (ret < 0)
{
fprintf(stderr, "[error]: checking kernel driver active\n");
ret = -5;
goto end;
}
else
{
if (ret)
libusb_detach_kernel_driver(hdev, 0);
}
ret = libusb_set_configuration(hdev, 1);
if (ret < 0)
{
fprintf(stderr, "[error]: could not select configuration (1)\n");
ret = -6;
goto end;
}
ret = libusb_claim_interface(hdev, 0);
if (ret < 0)
{
fprintf(stderr, "[error]: could not claim interface #0\n");
ret = -7;
goto end;
}
ret = libusb_set_interface_alt_setting(hdev, 0, 0);
if ( ret != LIBUSB_SUCCESS)
{
fprintf(stderr, "[error]: could not set alt setting for interface #0\n");
ret = -8;
goto end;
}
fp = fopen(s1_filename, "rb");
if (fp == NULL)
{
fprintf(stderr, "[error]: Could not open file \"%s\"\n", s1_filename);
ret = -10;
goto end;
}
fseek(fp, 0, SEEK_END);
filesize = (uint32_t)ftell(fp);
fseek(fp, 0, SEEK_SET);
filesize_round = ( (filesize + 511) / 512 ) * 512;
buf = malloc(filesize_round);
if (buf == NULL)
{
fprintf(stderr, "[error]: Cannot allocate %d bytes of memory\n", filesize_round);
ret = -11;
goto end_fclose;
}
if (fread(buf, 1, filesize, fp) != filesize)
{
fprintf(stderr, "[error]: can't read file: %s\n", s1_filename);
ret = -12;
goto end_free;
}
fclose(fp);
fprintf(stderr, "[info]: file %s\n", s2_filename);
if (encode)
{
fprintf(stderr, "[info]: encrypting binary\n");
ret = encrypt(buf, filesize_round);
if (ret)
{
fprintf(stderr, "[error]: can't encrypt binary\n");
ret = -13;
goto end_free;
}
}
adfu_upload(hdev, buf, filesize_round, 0xb4040000);
adfu_execute(hdev, 0xb4040000);
/* Now ADEC_N63.BIN should be operational */
/* upload custom binary and run it */
fp = fopen(s2_filename, "rb");
if (fp == NULL)
{
fprintf(stderr, "[error]: could not open file \"%s\"\n", s2_filename);
ret = -20;
goto end;
}
fseek(fp, 0, SEEK_END);
filesize = (uint32_t)ftell(fp);
fseek(fp, 0, SEEK_SET);
buf = realloc(buf, filesize);
if (buf == NULL)
{
fprintf(stderr, "[error]: can't allocate %d bytes of memory\n", filesize);
ret = -21;
goto end_fclose;
}
if (fread(buf, 1, filesize, fp) != filesize)
{
fprintf(stderr, "[error]: can't read file: %s\n", s2_filename);
ret = -22;
goto end_free;
}
fprintf(stderr, "[info]: file %s\n", s2_filename);
/* upload binary to the begining of DRAM */
adfu_upload(hdev, buf, filesize, 0xa0000000);
adfu_execute(hdev, 0xa0000000);
end_free:
free(buf);
end_fclose:
fclose(fp);
end:
libusb_close(hdev);
libusb_exit(NULL);
return ret;
}

96
utils/atj2137/adfuload/encrypt.c Normal file
View file

@ -0,0 +1,96 @@
/***************************************************************************
* __________ __ ___.
* Open \______ \ ____ ____ | | _\_ |__ _______ ___
* Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
* Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
* Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
* \/ \/ \/ \/ \/
*
* Copyright (C) 2013 by Amaury Pouly
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
****************************************************************************/
const unsigned char xor_key[512] =
{
0x9b, 0x94, 0xf6, 0x9e, 0x2f, 0x0a, 0x40, 0xfd, 0x9a, 0x78, 0x2c, 0xdd, 0x4f, 0x96, 0x5e, 0xdd,
0xc9, 0x01, 0xd3, 0x9d, 0x71, 0x8f, 0xda, 0xbb, 0xc1, 0xdf, 0x5f, 0x01, 0xaa, 0x35, 0x6f, 0xdc,
0x33, 0x85, 0xf9, 0x10, 0x64, 0xce, 0xd2, 0xab, 0x62, 0xaa, 0xfc, 0x37, 0xdb, 0x22, 0x28, 0x34,
0xa4, 0xc6, 0x79, 0xc6, 0xa1, 0xfe, 0x8b, 0xaa, 0xe6, 0x9b, 0xb4, 0x6e, 0x1b, 0xb1, 0x8a, 0xe2,
0x25, 0xa9, 0xa5, 0xca, 0x03, 0x92, 0xa6, 0xd5, 0xf5, 0xb8, 0x77, 0xd3, 0xe4, 0x78, 0xd5, 0x22,
0xfe, 0x52, 0x0c, 0x69, 0xa1, 0x40, 0x02, 0x89, 0x7a, 0x46, 0x77, 0xd1, 0xee, 0x4b, 0x8b, 0x72,
0xb8, 0x27, 0x81, 0x32, 0xd4, 0xfd, 0xc2, 0x64, 0x9c, 0xcb, 0x25, 0x17, 0x32, 0x3f, 0x6d, 0x8e,
0x1d, 0xcd, 0x14, 0xf0, 0x37, 0xfe, 0x47, 0x41, 0xc6, 0x0b, 0x31, 0x91, 0xe9, 0xaa, 0x7c, 0x73,
0x36, 0x28, 0x15, 0xb1, 0xa1, 0xb8, 0x30, 0x3e, 0x9f, 0x0b, 0x8d, 0x6c, 0x8c, 0x20, 0xf9, 0x5f,
0x4a, 0x5e, 0x17, 0xc2, 0x2c, 0xe0, 0x60, 0xb8, 0x12, 0x10, 0x69, 0x16, 0xd5, 0x77, 0x64, 0xcf,
0xe5, 0xd3, 0xea, 0xb0, 0x30, 0x6a, 0xf8, 0x4d, 0x46, 0x9f, 0x37, 0x3b, 0xbb, 0xc3, 0x80, 0x7f,
0xcd, 0x2d, 0x9f, 0x47, 0x47, 0x8d, 0x57, 0xd8, 0xa6, 0x7d, 0xa7, 0xc8, 0x79, 0x59, 0x4c, 0x6d,
0x0e, 0x51, 0x87, 0x95, 0x4a, 0xbc, 0x20, 0x77, 0xd9, 0xaf, 0xab, 0xea, 0x88, 0xcf, 0x0a, 0xd5,
0xee, 0x63, 0x33, 0xe7, 0x52, 0xae, 0x34, 0x88, 0xc9, 0x7b, 0x74, 0x0f, 0x9f, 0xf9, 0x3b, 0x35,
0xf8, 0xc9, 0x74, 0xc9, 0xb7, 0x56, 0xb2, 0xa6, 0x9f, 0x65, 0x72, 0xe3, 0xb8, 0xed, 0xa0, 0x49,
0xf5, 0x28, 0x5c, 0x0a, 0x13, 0xea, 0xfd, 0xaf, 0xc4, 0x32, 0x56, 0x53, 0x0d, 0xfe, 0x39, 0x0f,
0xed, 0x64, 0x3a, 0xb5, 0x3f, 0xdf, 0xb5, 0xc1, 0xe1, 0xe7, 0x13, 0x8c, 0x16, 0xc4, 0x48, 0xc3,
0x29, 0xa3, 0xa0, 0x18, 0x54, 0xea, 0xbc, 0x37, 0xdf, 0xc9, 0xd7, 0xfc, 0x8c, 0x11, 0x4f, 0xe3,
0x33, 0x4a, 0x60, 0xc0, 0xaa, 0x00, 0x32, 0xb0, 0xe7, 0x5d, 0x16, 0x4f, 0x69, 0xfd, 0x0c, 0x2b,
0xd4, 0xfd, 0x8a, 0x79, 0xdb, 0x55, 0x78, 0x07, 0x62, 0x68, 0x7f, 0x72, 0xe4, 0xda, 0x83, 0x99,
0x13, 0xa2, 0x6e, 0x51, 0xbf, 0x60, 0x30, 0x5b, 0xf9, 0xf0, 0x04, 0x93, 0x78, 0x3f, 0xf4, 0x69,
0x3c, 0x5d, 0x9f, 0x95, 0x70, 0xd4, 0x3a, 0x07, 0x95, 0x39, 0xd5, 0x1d, 0xdd, 0x00, 0xdf, 0x19,
0xd5, 0x94, 0xed, 0xd2, 0x47, 0xa8, 0xb7, 0xaa, 0x5f, 0xc7, 0x63, 0xbf, 0x0c, 0x33, 0x07, 0x66,
0xa9, 0xec, 0x69, 0xd5, 0xdd, 0x0f, 0x09, 0x1f, 0xc0, 0x61, 0x61, 0x66, 0x3f, 0x2c, 0x6b, 0x4b,
0xc1, 0x4a, 0x64, 0xaa, 0x0b, 0x7f, 0xd0, 0x85, 0x60, 0x0c, 0xbe, 0x3d, 0xed, 0x80, 0x4d, 0x08,
0x65, 0xd2, 0x6f, 0x9f, 0xe9, 0xad, 0xed, 0x37, 0x2a, 0x0b, 0xab, 0x00, 0xd1, 0x05, 0x2e, 0x18,
0x1f, 0xe9, 0x5b, 0x41, 0xd0, 0x8e, 0x81, 0xd4, 0x46, 0xe4, 0x9a, 0x74, 0xe3, 0xcf, 0xce, 0x38,
0xb7, 0x36, 0x39, 0x5c, 0x5b, 0x57, 0xee, 0x37, 0x1c, 0x5d, 0x3c, 0x6d, 0x5c, 0x34, 0x30, 0x66,
0x36, 0x9c, 0x5a, 0xff, 0x61, 0x7c, 0xd4, 0x7f, 0x57, 0x79, 0x81, 0xcc, 0xb6, 0xc8, 0x93, 0xdf,
0xe6, 0x40, 0x50, 0x75, 0xfc, 0xb4, 0x15, 0x07, 0xde, 0x7f, 0x9b, 0xfd, 0xa8, 0x60, 0x79, 0x1f,
0x4f, 0x89, 0xea, 0x4c, 0x85, 0xf2, 0xd1, 0x6e, 0xdc, 0xf3, 0xfa, 0xad, 0x2d, 0x12, 0xa3, 0xe3,
0x3b, 0x1a, 0x3b, 0x50, 0x94, 0x6d, 0x69, 0x90, 0xb8, 0x9a, 0x50, 0xc9, 0x7d, 0x32, 0x12, 0x29,
};
static void perm_it(unsigned char *data, int length)
{
int i, j;
for(i = 0; (i + 12) < length; i += 12)
{
unsigned char perm[8];
perm[0] = data[i + 1];
perm[1] = data[i + 7];
perm[2] = data[i + 2];
perm[3] = data[i + 4];
perm[4] = data[i + 0];
perm[5] = data[i + 6];
perm[6] = data[i + 3];
perm[7] = data[i + 5];
for(j = 0; j < 8; j++)
data[i + j] = perm[j];
}
}
static void xor_it(unsigned char *data, int length)
{
int i, j;
for(i = 0; i < length; i += 4)
{
unsigned char Ekey = xor_key[xor_key[data[i]] + 256];
for(j = 1; j < 4; j++)
data[i + j] ^= Ekey;
}
}
int encrypt(unsigned char *data, int length)
{
if (length % 512)
return -1;
xor_it(data, length);
perm_it(data, length);
return 0;
}

21
utils/atj2137/adfuload/encrypt.h Normal file
View file

@ -0,0 +1,21 @@
/***************************************************************************
* __________ __ ___.
* Open \______ \ ____ ____ | | _\_ |__ _______ ___
* Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
* Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
* Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
* \/ \/ \/ \/ \/
*
* Copyright (C) 2013 by Amaury Pouly
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
****************************************************************************/
int encrypt(unsigned char *data, int length);