rockbox/utils/hwpatcher/view.lua

--[[
Sansa View bootloader hacking
required argument (in order):
- path to bootloader
- path to output bootloader
- path to stub
]]-- 
require("lib")
require("arm")

if #arg < 3 then
    error("not enough argument to fuzep patcher")
end

local md5 = hwp.md5sum(arg[1])
if hwp.md5str(md5) ~= "4bc1760327c37b9ffd00315c8aa7f376" then
    error("MD5 sum of the file doesn't match")
end

local fw = hwp.load_file(arg[1])
local jump_instr_addr = arm.to_thumb(hwp.make_addr(0x753C))
local stub_addr = hwp.make_addr(0x137B0)
-- read old jump address
--local old_jump = arm.parse_branch(fw, jump_instr_addr)
--print(string.format("Old jump address: %s", old_jump))
-- put stub at the right place
local stub = hwp.load_bin_file(arg[3])
local stub_info = hwp.section_info(stub, "")
local stub_data = hwp.read(stub, hwp.make_addr(stub_info.addr, ""), stub_info.size)
hwp.write(fw, stub_addr, stub_data)
-- patch jump
local branch_to_stub = arm.make_branch(arm.to_arm(stub_addr), true)
arm.write_branch(fw, jump_instr_addr, branch_to_stub, hwp.inc_addr(stub_addr, stub_info.size))
-- read jump address
local new_jump = arm.parse_branch(fw, jump_instr_addr)
print(string.format("New jump address: %s", new_jump))
-- save
hwp.save_file(fw, arg[2])
Introduce hwpatcher, a tool to patch binaries This tool is a scriptable (lua) tool to patch binaries, it supports: - raw binary - ELF - SB(v1/v2) It also contains some basic routines to parse and generate useful arm/thumb code like jump or register load/store. This is very useful to take a firmware and patch an interrupt vector or some code to jump to an extra payload added to the binary. Examples are provided for several STMP based target which the payload is expected to be hwstub, and also for the Sansa View. A typical patcher usually requires three elements: - the lua patcher itself - the payload (hwstub for example) - (optional) a small stub either to jump properly to the payload or determine under which circumstance to do the jump (hold a key for example) Change-Id: I6d36020a3bc9e636615ac8221b7591ade5f251e3 2014-06-24 16:04:17 +00:00			`--[[`
			`Sansa View bootloader hacking`
			`required argument (in order):`
			`- path to bootloader`
			`- path to output bootloader`
			`- path to stub`
			`]]--`
			`require("lib")`
			`require("arm")`

			`if #arg < 3 then`
			`error("not enough argument to fuzep patcher")`
			`end`

			`local md5 = hwp.md5sum(arg[1])`
			`if hwp.md5str(md5) ~= "4bc1760327c37b9ffd00315c8aa7f376" then`
			`error("MD5 sum of the file doesn't match")`
			`end`

			`local fw = hwp.load_file(arg[1])`
			`local jump_instr_addr = arm.to_thumb(hwp.make_addr(0x753C))`
			`local stub_addr = hwp.make_addr(0x137B0)`
			`-- read old jump address`
			`--local old_jump = arm.parse_branch(fw, jump_instr_addr)`
			`--print(string.format("Old jump address: %s", old_jump))`
			`-- put stub at the right place`
			`local stub = hwp.load_bin_file(arg[3])`
			`local stub_info = hwp.section_info(stub, "")`
			`local stub_data = hwp.read(stub, hwp.make_addr(stub_info.addr, ""), stub_info.size)`
			`hwp.write(fw, stub_addr, stub_data)`
			`-- patch jump`
			`local branch_to_stub = arm.make_branch(arm.to_arm(stub_addr), true)`
			`arm.write_branch(fw, jump_instr_addr, branch_to_stub, hwp.inc_addr(stub_addr, stub_info.size))`
			`-- read jump address`
			`local new_jump = arm.parse_branch(fw, jump_instr_addr)`
			`print(string.format("New jump address: %s", new_jump))`
			`-- save`
			`hwp.save_file(fw, arg[2])`