forked from len0rd/rockbox
		
	cppcheck reported: [rockbox/utils/imxtools/sbtools/sb1.c:440]: (warning) Comparison of a boolean expression with an integer other than 0 or 1. Thanks to Thomas Jarosch Change-Id: I0078232706d4014a1f2acea310a7a0d0edf7788b
		
			
				
	
	
		
			728 lines
		
	
	
		
			No EOL
		
	
	
		
			24 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			728 lines
		
	
	
		
			No EOL
		
	
	
		
			24 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /***************************************************************************
 | |
|  *             __________               __   ___.
 | |
|  *   Open      \______   \ ____   ____ |  | _\_ |__   _______  ___
 | |
|  *   Source     |       _//  _ \_/ ___\|  |/ /| __ \ /  _ \  \/  /
 | |
|  *   Jukebox    |    |   (  <_> )  \___|    < | \_\ (  <_> > <  <
 | |
|  *   Firmware   |____|_  /\____/ \___  >__|_ \|___  /\____/__/\_ \
 | |
|  *                     \/            \/     \/    \/            \/
 | |
|  * $Id$
 | |
|  *
 | |
|  * Copyright (C) 2012 Amaury Pouly
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or
 | |
|  * modify it under the terms of the GNU General Public License
 | |
|  * as published by the Free Software Foundation; either version 2
 | |
|  * of the License, or (at your option) any later version.
 | |
|  *
 | |
|  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 | |
|  * KIND, either express or implied.
 | |
|  *
 | |
|  ****************************************************************************/
 | |
| #include <stdio.h>
 | |
| #include <time.h>
 | |
| #include <stdlib.h>
 | |
| #include <ctype.h>
 | |
| #include "misc.h"
 | |
| #include "crypto.h"
 | |
| #include "sb1.h"
 | |
| 
 | |
| static int sdram_size_table[] = {2, 8, 16, 32, 64};
 | |
| 
 | |
| #define NR_SDRAM_ENTRIES    (int)(sizeof(sdram_size_table) / sizeof(sdram_size_table[0]))
 | |
| 
 | |
| int sb1_sdram_size_by_index(int index)
 | |
| {
 | |
|     if(index < 0 || index >= NR_SDRAM_ENTRIES)
 | |
|         return -1;
 | |
|     return sdram_size_table[index];
 | |
| }
 | |
| 
 | |
| int sb1_sdram_index_by_size(int size)
 | |
| {
 | |
|     for(int i = 0; i < NR_SDRAM_ENTRIES; i++)
 | |
|         if(sdram_size_table[i] == size)
 | |
|             return i;
 | |
|     return -1;
 | |
| }
 | |
| 
 | |
| static uint16_t swap16(uint16_t t)
 | |
| {
 | |
|     return (t << 8) | (t >> 8);
 | |
| }
 | |
| 
 | |
| static void fix_version(struct sb1_version_t *ver)
 | |
| {
 | |
|     ver->major = swap16(ver->major);
 | |
|     ver->minor = swap16(ver->minor);
 | |
|     ver->revision = swap16(ver->revision);
 | |
| }
 | |
| 
 | |
| enum sb1_error_t sb1_write_file(struct sb1_file_t *sb, const char *filename)
 | |
| {
 | |
|     if(sb->key.method != CRYPTO_XOR_KEY)
 | |
|         return SB1_NO_VALID_KEY;
 | |
|     /* compute image size (without userdata) */
 | |
|     uint32_t image_size = 0;
 | |
|     image_size += sizeof(struct sb1_header_t);
 | |
|     for(int i = 0; i < sb->nr_insts; i++)
 | |
|     {
 | |
|         switch(sb->insts[i].cmd)
 | |
|         {
 | |
|             case SB1_INST_LOAD:
 | |
|                 image_size += 8 + ROUND_UP(sb->insts[i].size, 4);
 | |
|                 break;
 | |
|             case SB1_INST_FILL:
 | |
|             case SB1_INST_JUMP:
 | |
|             case SB1_INST_CALL:
 | |
|                 image_size += 12;
 | |
|                 break;
 | |
|             case SB1_INST_MODE:
 | |
|             case SB1_INST_SDRAM:
 | |
|                 image_size += 8;
 | |
|                 break;
 | |
|             default:
 | |
|                 bugp("Internal error: unknown SB instruction: %#x\n", sb->insts[i].cmd);
 | |
|         }
 | |
|     }
 | |
|     // now take crypto marks and sector size into account:
 | |
|     // there is one crypto mark per sector, ie 4 bytes for 508 = 512 (sector)
 | |
|     image_size += 4 * ((image_size + SECTOR_SIZE - 5) / (SECTOR_SIZE - 4));
 | |
|     image_size = ROUND_UP(image_size, SECTOR_SIZE);
 | |
| 
 | |
|     /* allocate buffer and fill it (ignoring crypto for now) */
 | |
|     void *buf = xmalloc(image_size);
 | |
|     struct sb1_header_t *header = buf;
 | |
|     memset(buf, 0, image_size);
 | |
|     header->rom_version = sb->rom_version;
 | |
|     header->image_size = image_size + sb->userdata_size;
 | |
|     header->header_size = sizeof(struct sb1_header_t);
 | |
|     header->userdata_offset = sb->userdata ? image_size : 0;
 | |
|     memcpy(&header->product_ver, &sb->product_ver, sizeof(sb->product_ver));
 | |
|     fix_version(&header->product_ver);
 | |
|     memcpy(&header->component_ver, &sb->component_ver, sizeof(sb->component_ver));
 | |
|     fix_version(&header->component_ver);
 | |
|     header->drive_tag = sb->drive_tag;
 | |
|     strncpy((void *)header->signature, "STMP", 4);
 | |
| 
 | |
|     struct sb1_cmd_header_t *cmd = (void *)(header + 1);
 | |
|     for(int i = 0; i < sb->nr_insts; i++)
 | |
|     {
 | |
|         int bytes = 0;
 | |
|         int size = 0;
 | |
|         switch(sb->insts[i].cmd)
 | |
|         {
 | |
|             case SB1_INST_LOAD:
 | |
|                 bytes = sb->insts[i].size;
 | |
|                 cmd->addr = sb->insts[i].addr;
 | |
|                 memcpy(cmd + 1, sb->insts[i].data, sb->insts[i].size);
 | |
|                 memset((void *)(cmd + 1) + sb->insts[i].size, 0,
 | |
|                     bytes - sb->insts[i].size);
 | |
|                 break;
 | |
|             case SB1_INST_FILL:
 | |
|                 bytes = sb->insts[i].size;
 | |
|                 size = 2;
 | |
|                 memcpy(cmd + 1, &sb->insts[i].pattern, 4);
 | |
|                 cmd->addr = sb->insts[i].addr;
 | |
|                 break;
 | |
|             case SB1_INST_JUMP:
 | |
|             case SB1_INST_CALL:
 | |
|                 bytes = 4;
 | |
|                 cmd->addr = sb->insts[i].addr;
 | |
|                 memcpy(cmd + 1, &sb->insts[i].argument, 4);
 | |
|                 break;
 | |
|             case SB1_INST_MODE:
 | |
|                 bytes = 0;
 | |
|                 cmd->addr = sb->insts[i].mode;
 | |
|                 break;
 | |
|             case SB1_INST_SDRAM:
 | |
|                 bytes = 0;
 | |
|                 cmd->addr = SB1_MK_ADDR_SDRAM(sb->insts[i].sdram.chip_select,
 | |
|                     sb->insts[i].sdram.size_index);
 | |
|                 break;
 | |
|             default:
 | |
|                 bugp("Internal error: unknown SB instruction: %#x\n", sb->insts[i].cmd);
 | |
|         }
 | |
| 
 | |
|         /* handle most common cases */
 | |
|         if(size == 0)
 | |
|             size = ROUND_UP(bytes, 4) / 4 + 1;
 | |
| 
 | |
|         cmd->cmd = SB1_MK_CMD(sb->insts[i].cmd, sb->insts[i].datatype,
 | |
|             bytes, sb->insts[i].critical,
 | |
|             size);
 | |
| 
 | |
|         cmd = (void *)cmd + 4 + size * 4;
 | |
|     }
 | |
| 
 | |
|     /* move everything to prepare crypto marks (start at the end !) */
 | |
|     for(int i = image_size / SECTOR_SIZE - 1; i >= 0; i--)
 | |
|         memmove(buf + i * SECTOR_SIZE, buf + i * (SECTOR_SIZE - 4), SECTOR_SIZE - 4);
 | |
| 
 | |
|     union xorcrypt_key_t key[2];
 | |
|     memcpy(key, sb->key.u.xor_key, sizeof(sb->key.u.xor_key));
 | |
|     void *ptr = header + 1;
 | |
|     int offset = header->header_size;
 | |
|     for(unsigned i = 0; i < image_size / SECTOR_SIZE; i++)
 | |
|     {
 | |
|         int size = SECTOR_SIZE - 4 - offset;
 | |
|         uint32_t mark = xor_encrypt(key, ptr, size);
 | |
|         *(uint32_t *)(ptr + size) = mark;
 | |
| 
 | |
|         ptr += size + 4;
 | |
|         offset = 0;
 | |
|     }
 | |
| 
 | |
|     FILE *fd = fopen(filename, "wb");
 | |
|     if(fd == NULL)
 | |
|         return SB1_OPEN_ERROR;
 | |
|     if(fwrite(buf, image_size, 1, fd) != 1)
 | |
|     {
 | |
|         free(buf);
 | |
|         return SB1_WRITE_ERROR;
 | |
|     }
 | |
|     free(buf);
 | |
|     if(sb->userdata)
 | |
|         fwrite(sb->userdata, sb->userdata_size, 1, fd);
 | |
|     fclose(fd);
 | |
| 
 | |
|     return SB1_SUCCESS;
 | |
| }
 | |
| 
 | |
| struct sb1_file_t *sb1_read_file(const char *filename, void *u,
 | |
|     generic_printf_t cprintf, enum sb1_error_t *err)
 | |
| {
 | |
|     return sb1_read_file_ex(filename, 0, -1, u, cprintf, err);
 | |
| }
 | |
| 
 | |
| struct sb1_file_t *sb1_read_file_ex(const char *filename, size_t offset, size_t size, void *u,
 | |
|     generic_printf_t cprintf, enum sb1_error_t *err)
 | |
| {
 | |
|     #define fatal(e, ...) \
 | |
|         do { if(err) *err = e; \
 | |
|             cprintf(u, true, GREY, __VA_ARGS__); \
 | |
|             free(buf); \
 | |
|             return NULL; } while(0)
 | |
| 
 | |
|     FILE *f = fopen(filename, "rb");
 | |
|     void *buf = NULL;
 | |
|     if(f == NULL)
 | |
|         fatal(SB1_OPEN_ERROR, "Cannot open file for reading\n");
 | |
|     fseek(f, 0, SEEK_END);
 | |
|     size_t read_size = ftell(f);
 | |
|     fseek(f, offset, SEEK_SET);
 | |
|     if(size != (size_t)-1)
 | |
|         read_size = size;
 | |
|     buf = xmalloc(read_size);
 | |
|     if(fread(buf, read_size, 1, f) != 1)
 | |
|     {
 | |
|         fclose(f);
 | |
|         fatal(SB1_READ_ERROR, "Cannot read file\n");
 | |
|     }
 | |
|     fclose(f);
 | |
| 
 | |
|     struct sb1_file_t *ret = sb1_read_memory(buf, read_size, u, cprintf, err);
 | |
|     free(buf);
 | |
|     return ret;
 | |
| 
 | |
|     #undef fatal
 | |
| }
 | |
| 
 | |
| static const char *sb1_cmd_name(int cmd)
 | |
| {
 | |
|     switch(cmd)
 | |
|     {
 | |
|         case SB1_INST_LOAD: return "load";
 | |
|         case SB1_INST_FILL: return "fill";
 | |
|         case SB1_INST_JUMP: return "jump";
 | |
|         case SB1_INST_CALL: return "call";
 | |
|         case SB1_INST_MODE: return "mode";
 | |
|         case SB1_INST_SDRAM: return "sdram";
 | |
|         default: return "unknown";
 | |
|     }
 | |
| }
 | |
| 
 | |
| static const char *sb1_datatype_name(int cmd)
 | |
| {
 | |
|     switch(cmd)
 | |
|     {
 | |
|         case SB1_DATATYPE_UINT32: return "uint32";
 | |
|         case SB1_DATATYPE_UINT16: return "uint16";
 | |
|         case SB1_DATATYPE_UINT8: return "uint8";
 | |
|         default: return "unknown";
 | |
|     }
 | |
| }
 | |
| 
 | |
| /* Quick and dirty way to check a key is valid.
 | |
|  * We don't do any form of format checking because we are trying to bruteforce
 | |
|  * the key anyway. Assume buffer is of size SECTOR_SIZE */
 | |
| bool sb1_is_key_valid_fast(void *buffer, union xorcrypt_key_t _key[2])
 | |
| {
 | |
|     struct sb1_header_t *header = (struct sb1_header_t *)buffer;
 | |
|     union xorcrypt_key_t key[2];
 | |
| 
 | |
|     uint8_t sector[SECTOR_SIZE];
 | |
|     /* copy key and data because it's modified by the crypto code */
 | |
|     memcpy(key, _key, sizeof(key));
 | |
|     memcpy(sector, header + 1, SECTOR_SIZE - header->header_size);
 | |
|     /* try to decrypt the first sector */
 | |
|     uint32_t mark = xor_decrypt(key, sector, SECTOR_SIZE - 4 - header->header_size);
 | |
|     /* copy key again it's modified by the crypto code */
 | |
|     return mark == *(uint32_t *)§or[SECTOR_SIZE - 4 - header->header_size];
 | |
| }
 | |
| 
 | |
| bool sb1_brute_force(const char *filename, void *u, generic_printf_t cprintf,
 | |
|     enum sb1_error_t *err, struct crypto_key_t *key)
 | |
| {
 | |
|     #define printf(c, ...) cprintf(u, false, c, __VA_ARGS__)
 | |
|     uint8_t sector[SECTOR_SIZE];
 | |
|     FILE *f = fopen(filename, "rb");
 | |
|     if(f == NULL)
 | |
|     {
 | |
|         printf("Cannot open file '%s' for reading: %m\n", filename);
 | |
|         *err = SB1_OPEN_ERROR;
 | |
|         return false;
 | |
|     }
 | |
|     if(fread(sector, sizeof(sector), 1, f) != 1)
 | |
|     {
 | |
|         printf("Cannot read file '%s': %m\n", filename);
 | |
|         *err = SB1_READ_ERROR;
 | |
|         fclose(f);
 | |
|         return false;
 | |
|     }
 | |
|     fclose(f);
 | |
| 
 | |
|     printf(BLUE, "Brute forcing key...\n");
 | |
|     time_t start_time = time(NULL);
 | |
|     uint32_t laserfuse[3] = {0, 0, 0};
 | |
|     unsigned last_print = 0;
 | |
|     do
 | |
|     {
 | |
|         for(int i = 0; i < 0x10000; i++)
 | |
|         {
 | |
|             laserfuse[2] = (i & 0xff00) << 8 | (i & 0xff);
 | |
|             xor_generate_key(laserfuse, key->u.xor_key);
 | |
|             if(g_debug)
 | |
|             {
 | |
|                 printf(GREEN, "Trying key");
 | |
|                 printf(GREEN, "[");
 | |
|                 printf(RED, "%08x", laserfuse[0]);
 | |
|                 printf(GREEN, ",");
 | |
|                 printf(RED, "%08x", laserfuse[1]);
 | |
|                 printf(GREEN, ",");
 | |
|                 printf(RED, "%08x", laserfuse[2]);
 | |
|                 printf(GREEN, "]:");
 | |
|                 for(int j = 0; j < 32; j++)
 | |
|                     printf(YELLOW, " %08x", key->u.xor_key[j / 16].k[j % 16]);
 | |
|             }
 | |
|             if(sb1_is_key_valid_fast(sector, key->u.xor_key))
 | |
|             {
 | |
|                 if(g_debug)
 | |
|                     printf(RED, " Ok\n");
 | |
|                 return true;
 | |
|             }
 | |
|             else
 | |
|             {
 | |
|                 if(g_debug)
 | |
|                     printf(RED, " No\n");
 | |
|             }
 | |
|         }
 | |
|         laserfuse[0]++;
 | |
| 
 | |
|         if(laserfuse[0] / 1000 != last_print)
 | |
|         {
 | |
|             time_t cur_time = time(NULL);
 | |
|             float key_per_sec = laserfuse[0] / (float)(cur_time - start_time);
 | |
|             float tot = 0x1000000LL / key_per_sec;
 | |
|             time_t eta_time = start_time + tot;
 | |
| 
 | |
|             printf(YELLOW, "%llu", laserfuse[0] * 0x10000LL);
 | |
|             printf(GREEN, " out of ");
 | |
|             printf(BLUE, "%llu", 0x1000000LL * 0x10000LL);
 | |
|             printf(GREEN, " tested (");
 | |
|             printf(RED, "%f%%", laserfuse[0] / (float)0x1000000LL * 100.0);
 | |
|             printf(GREEN, "), ");
 | |
|             printf(YELLOW, "%d", cur_time - start_time);
 | |
|             printf(GREEN, " seconds elapsed, ");
 | |
|             printf(BLUE, "%d", eta_time - cur_time);
 | |
|             printf(GREEN, " seconds remaining, [");
 | |
|             printf(RED, "%f", key_per_sec);
 | |
|             printf(GREEN, " keys/s], ETA ");
 | |
|             printf(YELLOW, "%s", ctime(&eta_time));
 | |
|             last_print = laserfuse[0] / 1000;
 | |
|         }
 | |
|     }while(laserfuse[0] != 0);
 | |
| 
 | |
|     *err = SB1_NO_VALID_KEY;
 | |
|     return false;
 | |
|     #undef printf
 | |
| }
 | |
| 
 | |
| struct sb1_file_t *sb1_read_memory(void *_buf, size_t filesize, void *u,
 | |
|     generic_printf_t cprintf, enum sb1_error_t *err)
 | |
| {
 | |
|     struct sb1_file_t *file = NULL;
 | |
|     uint8_t *buf = _buf;
 | |
| 
 | |
|     #define printf(c, ...) cprintf(u, false, c, __VA_ARGS__)
 | |
|     #define fatal(e, ...) \
 | |
|         do { if(err) *err = e; \
 | |
|             cprintf(u, true, GREY, __VA_ARGS__); \
 | |
|             sb1_free(file); \
 | |
|             return NULL; } while(0)
 | |
|     #define print_hex(c, p, len, nl) \
 | |
|         do { printf(c, ""); print_hex(p, len, nl); } while(0)
 | |
| 
 | |
|     file = xmalloc(sizeof(struct sb1_file_t));
 | |
|     memset(file, 0, sizeof(struct sb1_file_t));
 | |
|     struct sb1_header_t *header = (struct sb1_header_t *)buf;
 | |
| 
 | |
|     if(memcmp(header->signature, "STMP", 4) != 0)
 | |
|         fatal(SB1_FORMAT_ERROR, "Bad signature\n");
 | |
|     if(header->image_size > filesize)
 | |
|         fatal(SB1_FORMAT_ERROR, "File too small (should be at least %d bytes)\n",
 | |
|             header->image_size);
 | |
|     if(header->header_size != sizeof(struct sb1_header_t))
 | |
|         fatal(SB1_FORMAT_ERROR, "Bad header size\n");
 | |
| 
 | |
|     printf(BLUE, "Basic info:\n");
 | |
|     printf(GREEN, "  ROM version: ");
 | |
|     printf(YELLOW, "%x\n", header->rom_version);
 | |
|     printf(GREEN, "  Userdata offset: ");
 | |
|     printf(YELLOW, "%x\n", header->userdata_offset);
 | |
|     printf(GREEN, "  Pad: ");
 | |
|     printf(YELLOW, "%x\n", header->pad2);
 | |
| 
 | |
|     struct sb1_version_t product_ver = header->product_ver;
 | |
|     fix_version(&product_ver);
 | |
|     struct sb1_version_t component_ver = header->component_ver;
 | |
|     fix_version(&component_ver);
 | |
| 
 | |
|     printf(GREEN, "  Product version: ");
 | |
|     printf(YELLOW, "%X.%X.%X\n", product_ver.major, product_ver.minor, product_ver.revision);
 | |
|     printf(GREEN, "  Component version: ");
 | |
|     printf(YELLOW, "%X.%X.%X\n", component_ver.major, component_ver.minor, component_ver.revision);
 | |
| 
 | |
|     printf(GREEN, "  Drive tag: ");
 | |
|     printf(YELLOW, "%x\n", header->drive_tag);
 | |
| 
 | |
|     /* copy rom version, padding and drive tag */
 | |
|     /* copy versions */
 | |
|     memcpy(&file->product_ver, &product_ver, sizeof(product_ver));
 | |
|     memcpy(&file->component_ver, &component_ver, sizeof(component_ver));
 | |
|     file->rom_version = header->rom_version;
 | |
|     file->pad2 = header->pad2;
 | |
|     file->drive_tag = header->drive_tag;
 | |
| 
 | |
|     /* reduce size w.r.t to userdata part */
 | |
|     uint32_t userdata_size = 0;
 | |
|     if(header->userdata_offset != 0)
 | |
|     {
 | |
|         userdata_size = header->image_size - header->userdata_offset;
 | |
|         header->image_size -= userdata_size;
 | |
|     }
 | |
| 
 | |
|     if(header->image_size % SECTOR_SIZE)
 | |
|     {
 | |
|         if(!g_force)
 | |
|             printf(GREY, "Image size is not a multiple of sector size\n");
 | |
|         else
 | |
|             fatal(SB1_FORMAT_ERROR, "Image size is not a multiple of sector size\n");
 | |
|     }
 | |
| 
 | |
|     /* find key */
 | |
|     union xorcrypt_key_t key[2];
 | |
|     memset(key, 0, sizeof(key));
 | |
|     bool valid_key = false;
 | |
|     uint8_t sector[SECTOR_SIZE];
 | |
| 
 | |
|     for(int i = 0; i < g_nr_keys; i++)
 | |
|     {
 | |
|         if(g_key_array[i].method != CRYPTO_XOR_KEY)
 | |
|             continue;
 | |
|         /* copy key and data because it's modified by the crypto code */
 | |
|         memcpy(key, g_key_array[i].u.xor_key, sizeof(key));
 | |
|         memcpy(sector, header + 1, SECTOR_SIZE - header->header_size);
 | |
|         /* try to decrypt the first sector */
 | |
|         uint32_t mark = xor_decrypt(key, sector, SECTOR_SIZE - 4 - header->header_size);
 | |
|         /* copy key again it's modified by the crypto code */
 | |
|         memcpy(key, g_key_array[i].u.xor_key, sizeof(key));
 | |
|         if(mark != *(uint32_t *)§or[SECTOR_SIZE - 4 - header->header_size])
 | |
|             continue;
 | |
|         /* found ! */
 | |
|         valid_key = true;
 | |
|         break;
 | |
|     }
 | |
| 
 | |
|     if(!valid_key)
 | |
|     {
 | |
|         if(!g_force)
 | |
|             fatal(SB1_NO_VALID_KEY, "No valid key found\n");
 | |
|         printf(GREY, "No valid key found: forced to continue but this will fail\n");
 | |
|     }
 | |
| 
 | |
|     printf(BLUE, "Crypto\n");
 | |
|     for(int i = 0; i < 2; i++)
 | |
|     {
 | |
|         printf(RED, "  Key %d\n", i);
 | |
|         printf(OFF, "    ");
 | |
|         for(int j = 0; j < 64; j++)
 | |
|         {
 | |
|             printf(YELLOW, "%02x ", key[i].key[j]);
 | |
|             if((j + 1) % 16 == 0)
 | |
|             {
 | |
|                 printf(OFF, "\n");
 | |
|                 if(j + 1 != 64)
 | |
|                     printf(OFF, "    ");
 | |
|             }
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     memcpy(file->key.u.xor_key, key, sizeof(key));
 | |
| 
 | |
|     /* decrypt image in-place (and removing crypto markers) */
 | |
|     void *ptr = header + 1;
 | |
|     void *copy_ptr = header + 1;
 | |
|     int offset = header->header_size;
 | |
|     for(unsigned i = 0; i < header->image_size / SECTOR_SIZE; i++)
 | |
|     {
 | |
|         int size = SECTOR_SIZE - 4 - offset;
 | |
|         uint32_t mark = xor_decrypt(key, ptr, size);
 | |
|         if(mark != *(uint32_t *)(ptr + size) && !g_force)
 | |
|             fatal(SB1_CHECKSUM_ERROR, "Crypto mark mismatch\n");
 | |
|         memmove(copy_ptr, ptr, size);
 | |
| 
 | |
|         ptr += size + 4;
 | |
|         copy_ptr += size;
 | |
|         offset = 0;
 | |
|     }
 | |
| 
 | |
|     /* reduce image size given the removed marks */
 | |
|     header->image_size -= header->image_size / SECTOR_SIZE;
 | |
| 
 | |
|     printf(BLUE, "Commands\n");
 | |
|     struct sb1_cmd_header_t *cmd = (void *)(header + 1);
 | |
|     while((void *)cmd < (void *)header + header->image_size)
 | |
|     {
 | |
|         printf(GREEN, "  Command");
 | |
|         printf(YELLOW, " %#x\n", cmd->cmd);
 | |
|         printf(YELLOW, "    Size:");
 | |
|         printf(RED, " %#x\n", SB1_CMD_SIZE(cmd->cmd));
 | |
|         printf(YELLOW, "    Critical:");
 | |
|         printf(RED, " %d\n", SB1_CMD_CRITICAL(cmd->cmd));
 | |
|         printf(YELLOW, "    Data Type:");
 | |
|         printf(RED, " %#x ", SB1_CMD_DATATYPE(cmd->cmd));
 | |
|         printf(GREEN, "(%s)\n", sb1_datatype_name(SB1_CMD_DATATYPE(cmd->cmd)));
 | |
|         printf(YELLOW, "    Bytes:");
 | |
|         printf(RED, " %#x\n", SB1_CMD_BYTES(cmd->cmd));
 | |
|         printf(YELLOW, "    Boot:");
 | |
|         printf(RED, " %#x ", SB1_CMD_BOOT(cmd->cmd));
 | |
|         printf(GREEN, "(%s)\n", sb1_cmd_name(SB1_CMD_BOOT(cmd->cmd)));
 | |
| 
 | |
|         /* copy command */
 | |
|         struct sb1_inst_t inst;
 | |
|         memset(&inst, 0, sizeof(inst));
 | |
|         inst.cmd = SB1_CMD_BOOT(cmd->cmd);
 | |
|         inst.critical = SB1_CMD_CRITICAL(cmd->cmd);
 | |
|         inst.datatype = SB1_CMD_DATATYPE(cmd->cmd);
 | |
|         inst.size = SB1_CMD_BYTES(cmd->cmd);
 | |
| 
 | |
|         switch(SB1_CMD_BOOT(cmd->cmd))
 | |
|         {
 | |
|             case SB1_INST_SDRAM:
 | |
|                 inst.sdram.chip_select = SB1_ADDR_SDRAM_CS(cmd->addr);
 | |
|                 inst.sdram.size_index = SB1_ADDR_SDRAM_SZ(cmd->addr);
 | |
|                 printf(YELLOW, "    Ram:");
 | |
|                 printf(RED, " %#x", inst.addr);
 | |
|                 printf(GREEN, " (Chip Select=%d, Size=%d)\n", SB1_ADDR_SDRAM_CS(cmd->addr),
 | |
|                     sb1_sdram_size_by_index(SB1_ADDR_SDRAM_SZ(cmd->addr)));
 | |
|                 break;
 | |
|             case SB1_INST_MODE:
 | |
|                 inst.mode = cmd->addr;
 | |
|                 printf(YELLOW, "    Mode:");
 | |
|                 printf(RED, " %#x\n", inst.mode);
 | |
|                 break;
 | |
|             case SB1_INST_LOAD:
 | |
|                 inst.data = malloc(inst.size);
 | |
|                 memcpy(inst.data, cmd + 1, inst.size);
 | |
|                 inst.addr = cmd->addr;
 | |
|                 printf(YELLOW, "    Addr:");
 | |
|                 printf(RED, " %#x\n", inst.addr);
 | |
|                 break;
 | |
|             case SB1_INST_FILL:
 | |
|                 inst.addr = cmd->addr;
 | |
|                 inst.pattern = *(uint32_t *)(cmd + 1);
 | |
|                 printf(YELLOW, "    Addr:");
 | |
|                 printf(RED, " %#x\n", cmd->addr);
 | |
|                 printf(YELLOW, "    Pattern:");
 | |
|                 printf(RED, " %#x\n", inst.pattern);
 | |
|                 break;
 | |
|             case SB1_INST_CALL:
 | |
|             case SB1_INST_JUMP:
 | |
|                 inst.addr = cmd->addr;
 | |
|                 inst.argument = *(uint32_t *)(cmd + 1);
 | |
|                 printf(YELLOW, "    Addr:");
 | |
|                 printf(RED, " %#x\n", cmd->addr);
 | |
|                 printf(YELLOW, "    Argument:");
 | |
|                 printf(RED, " %#x\n", inst.argument);
 | |
|                 break;
 | |
|             default:
 | |
|                 printf(GREY, "WARNING: unknown SB command !\n");
 | |
|                 break;
 | |
|         }
 | |
| 
 | |
|         file->insts = augment_array(file->insts, sizeof(inst), file->nr_insts, &inst, 1);
 | |
|         file->nr_insts++;
 | |
| 
 | |
|         /* last instruction ? */
 | |
|         if(SB1_CMD_BOOT(cmd->cmd) == SB1_INST_JUMP ||
 | |
|                 SB1_CMD_BOOT(cmd->cmd) == SB1_INST_MODE)
 | |
|             break;
 | |
| 
 | |
|         cmd = (void *)cmd + 4 + 4 * SB1_CMD_SIZE(cmd->cmd);
 | |
|     }
 | |
| 
 | |
|     /* copy userdata */
 | |
|     file->userdata_size = userdata_size;
 | |
|     if(userdata_size > 0)
 | |
|     {
 | |
|         file->userdata = malloc(userdata_size);
 | |
|         memcpy(file->userdata, (void *)header + header->userdata_offset, userdata_size);
 | |
|     }
 | |
| 
 | |
|     return file;
 | |
|     #undef printf
 | |
|     #undef fatal
 | |
|     #undef print_hex
 | |
| }
 | |
| 
 | |
| void sb1_free(struct sb1_file_t *file)
 | |
| {
 | |
|     if(!file) return;
 | |
| 
 | |
|     for(int i = 0; i < file->nr_insts; i++)
 | |
|         free(file->insts[i].data);
 | |
|     free(file->insts);
 | |
|     free(file->userdata);
 | |
|     free(file);
 | |
| }
 | |
| 
 | |
| void sb1_dump(struct sb1_file_t *file, void *u, generic_printf_t cprintf)
 | |
| {
 | |
|     #define printf(c, ...) cprintf(u, false, c, __VA_ARGS__)
 | |
|     #define print_hex(c, p, len, nl) \
 | |
|         do { printf(c, ""); print_hex(p, len, nl); } while(0)
 | |
| 
 | |
|     #define TREE    RED
 | |
|     #define HEADER  GREEN
 | |
|     #define TEXT    YELLOW
 | |
|     #define TEXT2   BLUE
 | |
|     #define TEXT3   RED
 | |
|     #define SEP     OFF
 | |
| 
 | |
|     printf(BLUE, "SB1 File\n");
 | |
|     printf(TREE, "+-");
 | |
|     printf(HEADER, "Rom Ver: ");
 | |
|     printf(TEXT, "%x\n", file->rom_version);
 | |
|     printf(TREE, "+-");
 | |
|     printf(HEADER, "Pad: ");
 | |
|     printf(TEXT, "%x\n", file->pad2);
 | |
|     printf(TREE, "+-");
 | |
|     printf(HEADER, "Drive Tag: ");
 | |
|     printf(TEXT, "%x\n", file->drive_tag);
 | |
|     printf(TREE, "+-");
 | |
|     printf(HEADER, "Product Version: ");
 | |
|     printf(TEXT, "%X.%X.%X\n", file->product_ver.major, file->product_ver.minor,
 | |
|         file->product_ver.revision);
 | |
|     printf(TREE, "+-");
 | |
|     printf(HEADER, "Component Version: ");
 | |
|     printf(TEXT, "%X.%X.%X\n", file->component_ver.major, file->component_ver.minor,
 | |
|         file->component_ver.revision);
 | |
| 
 | |
|     for(int j = 0; j < file->nr_insts; j++)
 | |
|     {
 | |
|         struct sb1_inst_t *inst = &file->insts[j];
 | |
|         printf(TREE, "+-");
 | |
|         printf(HEADER, "Command\n");
 | |
|         printf(TREE, "|  +-");
 | |
|         switch(inst->cmd)
 | |
|         {
 | |
|             case SB1_INST_CALL:
 | |
|             case SB1_INST_JUMP:
 | |
|                 printf(HEADER, "%s", inst->cmd == SB1_INST_CALL ? "CALL" : "JUMP");
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT3, "crit=%d", inst->critical);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT, "addr=0x%08x", inst->addr);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT2, "arg=0x%08x\n", inst->argument);
 | |
|                 break;
 | |
|             case SB1_INST_LOAD:
 | |
|                 printf(HEADER, "LOAD");
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT3, "crit=%d", inst->critical);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT, "addr=0x%08x", inst->addr);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT2, "len=0x%08x\n", inst->size);
 | |
|                 break;
 | |
|             case SB1_INST_FILL:
 | |
|                 printf(HEADER, "FILL");
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT3, "crit=%d", inst->critical);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT, "addr=0x%08x", inst->addr);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT2, "len=0x%08x", inst->size);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT2, "pattern=0x%08x\n", inst->pattern);
 | |
|                 break;
 | |
|             case SB1_INST_MODE:
 | |
|                 printf(HEADER, "MODE");
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT3, "crit=%d", inst->critical);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT, "mode=0x%08x\n", inst->addr);
 | |
|                 break;
 | |
|             case SB1_INST_SDRAM:
 | |
|                 printf(HEADER, "SRAM");
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT3, "crit=%d", inst->critical);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT, "chip_select=%d", inst->sdram.chip_select);
 | |
|                 printf(SEP, " | ");
 | |
|                 printf(TEXT2, "chip_size=%d\n", sb1_sdram_size_by_index(inst->sdram.size_index));
 | |
|                 break;
 | |
|             default:
 | |
|                 printf(GREY, "[Unknown instruction %x]\n", inst->cmd);
 | |
|                 break;
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     #undef printf
 | |
|     #undef print_hex
 | |
| }
 | |
| 
 | |
| static struct crypto_key_t g_default_xor_key =
 | |
| {
 | |
|     .method = CRYPTO_XOR_KEY,
 | |
|     .u.xor_key =
 | |
|     {
 | |
|         {.k = {0x67ECAEF6, 0xB31FB961, 0x118A9F4C, 0xA32A97DA,
 | |
|         0x6CC39617, 0x5BC00314, 0x9D430685, 0x4D7DB502,
 | |
|         0xA347685E, 0x3C87E86C, 0x8987AAA0, 0x24B78EF1,
 | |
|         0x893B9605, 0x9BB8C2BE, 0x6D9544E2, 0x375B525C}},
 | |
|         {.k = {0x3F424704, 0x53B5A331, 0x6AD345A5, 0x20DCEC51,
 | |
|         0x743C8D3B, 0x444B3792, 0x0AF429569, 0xB7EE1111,
 | |
|         0x583BF768, 0x9683BF9A, 0x0B032D799, 0xFE4E78ED,
 | |
|         0xF20D08C2, 0xFA0BE4A2, 0x4D89C317, 0x887B2D6F}}
 | |
|     }
 | |
| };
 | |
| 
 | |
| void sb1_get_default_key(struct crypto_key_t *key)
 | |
| {
 | |
|     memcpy(key, &g_default_xor_key, sizeof(g_default_xor_key));
 | |
|     /* decrypt the xor key which is xor'ed */
 | |
|     for(int i = 0; i < 2; i++)
 | |
|         for(int j = 0; j < 16; j++)
 | |
|             key->u.xor_key[i].k[j] ^= 0xaa55aa55;
 | |
| } |