mirror of
				https://github.com/Rockbox/rockbox.git
				synced 2025-10-21 22:17:37 -04:00 
			
		
		
		
	This tool is a scriptable (lua) tool to patch binaries, it supports: - raw binary - ELF - SB(v1/v2) It also contains some basic routines to parse and generate useful arm/thumb code like jump or register load/store. This is very useful to take a firmware and patch an interrupt vector or some code to jump to an extra payload added to the binary. Examples are provided for several STMP based target which the payload is expected to be hwstub, and also for the Sansa View. A typical patcher usually requires three elements: - the lua patcher itself - the payload (hwstub for example) - (optional) a small stub either to jump properly to the payload or determine under which circumstance to do the jump (hold a key for example) Change-Id: I6d36020a3bc9e636615ac8221b7591ade5f251e3
		
			
				
	
	
		
			38 lines
		
	
	
		
			No EOL
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Lua
		
	
	
	
	
	
			
		
		
	
	
			38 lines
		
	
	
		
			No EOL
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Lua
		
	
	
	
	
	
| --[[
 | |
| Fuze+ RB hacking
 | |
| required argument (in order):
 | |
| - path to firmware
 | |
| - path to output firmware
 | |
| - path to blob
 | |
| ]]-- 
 | |
| 
 | |
| if #arg < 3 then
 | |
|     error("not enough argument to fuzep patcher")
 | |
| end
 | |
| 
 | |
| local fw = hwp.load_file(arg[1])
 | |
| local irq_addr_pool = hwp.make_addr(0x38)
 | |
| local proxy_addr = arm.to_arm(hwp.make_addr(0x60115ba4))
 | |
| -- read old IRQ address pool
 | |
| local old_irq_addr = hwp.make_addr(hwp.read32(fw, irq_addr_pool))
 | |
| print(string.format("Old IRQ address: %s", old_irq_addr))
 | |
| -- modify it
 | |
| hwp.write32(fw, irq_addr_pool, proxy_addr.addr)
 | |
| print(string.format("New IRQ address: %s", proxy_addr))
 | |
| -- in proxy, save registers
 | |
| arm.write_save_regs(fw, proxy_addr)
 | |
| proxy_addr = hwp.inc_addr(proxy_addr, 4)
 | |
| -- do some work
 | |
| local blob = hwp.load_bin_file(arg[3])
 | |
| local blob_info = hwp.section_info(blob, "")
 | |
| local blob_data = hwp.read(blob, hwp.make_addr(blob_info.addr, ""), blob_info.size)
 | |
| hwp.write(fw, proxy_addr, blob_data)
 | |
| proxy_addr = hwp.inc_addr(proxy_addr, blob_info.size)
 | |
| -- restore registers
 | |
| arm.write_restore_regs(fw, proxy_addr)
 | |
| proxy_addr = hwp.inc_addr(proxy_addr, 4)
 | |
| -- branch to old code
 | |
| local branch_to_old = arm.make_branch(old_irq_addr, false)
 | |
| arm.write_branch(fw, proxy_addr, branch_to_old)
 | |
| -- save
 | |
| hwp.save_file(fw, arg[2]) |