2008-07-11 16:51:25 +00:00
|
|
|
/* zenutils - Utilities for working with creative firmwares.
|
|
|
|
* Copyright 2007 (c) Rasmus Ry <rasmus.ry{at}gmail.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <iostream>
|
|
|
|
#include <iomanip>
|
|
|
|
#include <cstdio>
|
2009-06-10 15:14:32 +00:00
|
|
|
#include <getpot/GetPot>
|
2008-07-11 16:51:25 +00:00
|
|
|
#include <file.h>
|
|
|
|
#include <updater.h>
|
|
|
|
#include <utils.h>
|
|
|
|
#include <pe.h>
|
|
|
|
|
|
|
|
|
|
|
|
static const char VERSION[] = "0.1";
|
|
|
|
|
|
|
|
void print_version()
|
|
|
|
{
|
|
|
|
std::cout
|
|
|
|
<< "update_patch - Patches a Creative firmware into an updater"
|
|
|
|
" executable." << std::endl
|
|
|
|
<< "Version " << VERSION << std::endl
|
|
|
|
<< "Copyright (c) 2007 Rasmus Ry" << std::endl;
|
|
|
|
}
|
|
|
|
|
|
|
|
void print_help()
|
|
|
|
{
|
|
|
|
print_version();
|
|
|
|
std::cout << std::endl
|
|
|
|
<< "Usage: update_patch [command] [options]" << std::endl
|
|
|
|
<< std::endl
|
|
|
|
<< " Commands:" << std::endl
|
|
|
|
<< " -h,--help" << std::endl
|
|
|
|
<< " prints this message." << std::endl
|
|
|
|
<< " -u,--updater [file]" << std::endl
|
|
|
|
<< " specifies the updater executable." << std::endl
|
|
|
|
<< std::endl
|
|
|
|
<< " Options:" << std::endl
|
|
|
|
<< " -V,--verbose" << std::endl
|
|
|
|
<< " prints verbose messages." << std::endl
|
|
|
|
<< " -f,--firmware [file]" << std::endl
|
|
|
|
<< " specifies the firmware arhive file name." << std::endl
|
|
|
|
<< " -k,--key [key]" << std::endl
|
|
|
|
<< " specifies the firmware archive key." << std::endl
|
|
|
|
<< " -o,--offset [offset]" << std::endl
|
|
|
|
<< " specifies the firmware archive offset in c-style"
|
|
|
|
" hexadecimal." << std::endl
|
|
|
|
<< std::endl
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string options_name(const std::string& name)
|
|
|
|
{
|
|
|
|
return shared::replace_extension(name, ".opt");
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string default_firmware_name(const std::string& name)
|
|
|
|
{
|
|
|
|
return shared::replace_extension(name, "_rk.bin");
|
|
|
|
}
|
|
|
|
|
|
|
|
int process_arguments(int argc, char* argv[])
|
|
|
|
{
|
|
|
|
//--------------------------------------------------------------------
|
|
|
|
// Parse input variables.
|
|
|
|
//--------------------------------------------------------------------
|
|
|
|
|
|
|
|
GetPot cl(argc, argv);
|
|
|
|
if (cl.size() == 1 || cl.search(2, "-h", "--help"))
|
|
|
|
{
|
|
|
|
print_help();
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string updatername;
|
|
|
|
if (cl.search("-u") || cl.search("--updater"))
|
|
|
|
updatername = cl.next("");
|
|
|
|
if (updatername.empty())
|
|
|
|
{
|
|
|
|
std::cerr << "Updater executable must be specified." << std::endl;
|
|
|
|
return 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool verbose = false;
|
|
|
|
if (cl.search("-V") || cl.search("--verbose"))
|
|
|
|
verbose = true;
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Parsing options file..." << std::endl;
|
|
|
|
|
|
|
|
GetPot optfile(options_name(updatername.c_str()).c_str());
|
|
|
|
if (verbose)
|
|
|
|
optfile.print();
|
|
|
|
|
|
|
|
std::string firmwarename = optfile("firmware",
|
|
|
|
default_firmware_name(updatername).c_str());
|
|
|
|
dword offset_pa = optfile("offset", 0);
|
|
|
|
dword size = optfile("size", 0);
|
|
|
|
std::string key = optfile("key", "");
|
|
|
|
|
|
|
|
if (cl.search("-f") || cl.search("--firmware"))
|
|
|
|
firmwarename = cl.next(firmwarename.c_str());
|
|
|
|
|
|
|
|
std::string offset;
|
|
|
|
if (cl.search("-o") || cl.search("--offset"))
|
|
|
|
offset = cl.next("");
|
|
|
|
|
|
|
|
if (offset.empty() && !offset_pa)
|
|
|
|
{
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Looking for firmware archive offset..."
|
|
|
|
<< std::endl;
|
|
|
|
|
|
|
|
dword offset_va = 0;
|
|
|
|
if (!zen::find_firmware_archive(updatername, offset_va, offset_pa))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to find the firmware archive offset."
|
|
|
|
<< std::endl;
|
|
|
|
return 3;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (!offset_pa)
|
|
|
|
{
|
|
|
|
int offset_val;
|
|
|
|
if (!sscanf(offset.c_str(), "0x%x", &offset_val))
|
|
|
|
{
|
|
|
|
if (!sscanf(offset.c_str(), "0x%X", &offset_val))
|
|
|
|
{
|
|
|
|
std::cerr << "\'" << offset
|
|
|
|
<< "\' is not a valid c-style hexadecimal value."
|
|
|
|
<< std::endl;
|
|
|
|
return 4;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
offset_pa = static_cast<dword>(offset_val);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (key.empty())
|
|
|
|
{
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Looking for firmware archive key..."
|
|
|
|
<< std::endl;
|
|
|
|
shared::bytes buffer;
|
|
|
|
if (!shared::read_file(updatername, buffer))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to read the firmware updater executable."
|
|
|
|
<< std::endl;
|
|
|
|
return 5;
|
|
|
|
}
|
|
|
|
key = zen::find_firmware_key(&buffer[0], buffer.size());
|
|
|
|
if (key.empty())
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to find the firmware archive key."
|
|
|
|
<< std::endl;
|
|
|
|
return 6;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
{
|
|
|
|
std::cout << "[*] Printing input variables..." << std::endl;
|
|
|
|
std::cout << " Updater executable: " << updatername << std::endl;
|
|
|
|
std::cout << " Firmware archive: " << firmwarename << std::endl;
|
|
|
|
std::cout << " Key: " << key << std::endl;
|
|
|
|
std::cout << " Offset: "
|
|
|
|
<< std::hex << std::showbase << std::setw(10)
|
|
|
|
<< std::setfill('0') << std::internal
|
|
|
|
<< offset_pa << std::endl;
|
|
|
|
std::cout << " Size: "
|
|
|
|
<< std::hex << std::showbase << std::setw(10)
|
|
|
|
<< std::setfill('0') << std::internal
|
|
|
|
<< size << std::endl;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//--------------------------------------------------------------------
|
|
|
|
// Prepare the firmware archive for being patched into the updater.
|
|
|
|
//--------------------------------------------------------------------
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Reading firmware archive..." << std::endl;
|
|
|
|
|
|
|
|
shared::bytes buffer;
|
|
|
|
if (!shared::read_file(firmwarename, buffer))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to read the firmware archive." << std::endl;
|
|
|
|
return 7;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << " Bytes read: "
|
|
|
|
<< std::hex << std::showbase << std::setw(10)
|
|
|
|
<< std::setfill('0') << std::internal
|
|
|
|
<< buffer.size() << std::endl;
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Compressing firmware archive..." << std::endl;
|
|
|
|
|
|
|
|
std::string compfirmware = shared::replace_extension(firmwarename, ".def");
|
|
|
|
if (!shared::deflate_to_file(buffer, compfirmware.c_str()))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to compress the firmware archive." << std::endl;
|
|
|
|
return 8;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Reading compressed firmware archive..." << std::endl;
|
|
|
|
|
|
|
|
if (!shared::read_file(compfirmware, buffer))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to read the compressed firmware archive."
|
|
|
|
<< std::endl;
|
|
|
|
return 9;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << " Bytes read: "
|
|
|
|
<< std::hex << std::showbase << std::setw(10)
|
|
|
|
<< std::setfill('0') << std::internal
|
|
|
|
<< buffer.size() << std::endl;
|
|
|
|
|
|
|
|
// Delete the temporary firmware file.
|
|
|
|
std::remove(compfirmware.c_str());
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Encrypting compressed firmware archive..."
|
|
|
|
<< std::endl;
|
|
|
|
|
|
|
|
if (!zen::crypt_firmware(key.c_str(), &buffer[0], buffer.size()))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to encrypt the compressed firmware archive."
|
|
|
|
<< std::endl;
|
|
|
|
return 10;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//--------------------------------------------------------------------
|
|
|
|
// Backup the updater and patch the firmware archive into it.
|
|
|
|
//--------------------------------------------------------------------
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Backing up the updater executable..." << std::endl;
|
|
|
|
|
|
|
|
if (!shared::backup_file(updatername))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to backup the updater executable." << std::endl;
|
|
|
|
return 11;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Is there enough space within the existing firmware archive
|
|
|
|
// to hold the new one?
|
|
|
|
if (size < buffer.size())
|
|
|
|
{
|
|
|
|
// No, we need to add a new section to hold the new firmware archive.
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Adding new section to the updater executable..."
|
|
|
|
<< std::endl;
|
|
|
|
|
|
|
|
// Construct a new buffer with the archive size prepended.
|
|
|
|
shared::bytes newbuffer(buffer.size() + sizeof(dword));
|
|
|
|
*(dword*)&newbuffer[0] = static_cast<dword>(buffer.size());
|
|
|
|
std::copy(buffer.begin(), buffer.end(), &newbuffer[4]);
|
|
|
|
|
|
|
|
// Read the updater portable executable.
|
|
|
|
shared::pe_file pef;
|
|
|
|
if (!pef.read(updatername))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to read the updater portable executable"
|
|
|
|
" structure." << std::endl;
|
|
|
|
return 12;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Add a new section to the updater, containing the encrypted
|
|
|
|
// firmware archive.
|
|
|
|
shared::section_info newsection;
|
|
|
|
if (!pef.add_section(".firm", newbuffer, newsection))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to add an extra section to the updater"
|
|
|
|
" executable." << std::endl;
|
|
|
|
return 13;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Relocating code references to the firmware"
|
|
|
|
" archive..." << std::endl;
|
|
|
|
|
|
|
|
// Locate the code section.
|
|
|
|
shared::section_info textsection;
|
|
|
|
if (!pef.find_section(".text", textsection))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to find the code section in the updater"
|
|
|
|
" executable." << std::endl;
|
|
|
|
return 14;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read the code section data.
|
|
|
|
if (!shared::read_file(updatername, buffer, textsection.raw_address,
|
|
|
|
textsection.raw_size))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to read the code section from the updater"
|
|
|
|
" executable." << std::endl;
|
|
|
|
return 15;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Determine the addresses of the new and old firmware archives.
|
|
|
|
dword oldva = pef.pa_to_va(offset_pa);
|
|
|
|
dword newva = pef.pa_to_va(newsection.raw_address);
|
|
|
|
if (!oldva || !newva)
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to compute address of the new or old"
|
|
|
|
" archive." << std::endl;
|
|
|
|
return 16;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Relocate references to the old firmware archive.
|
|
|
|
dword imgbase = pef.get_image_base();
|
|
|
|
for (int i = 0, j = buffer.size() - sizeof(dword) + 1; i < j; i++)
|
|
|
|
{
|
|
|
|
dword val = *(dword*)&buffer[i];
|
|
|
|
if (val >= oldva && val <= (oldva + 3))
|
|
|
|
{
|
|
|
|
*(dword*)&buffer[i] = newva + (val - oldva);
|
|
|
|
if (verbose)
|
|
|
|
std::cout << " "
|
|
|
|
<< std::hex << std::showbase << std::setw(10)
|
|
|
|
<< std::setfill('0') << std::internal
|
|
|
|
<< (imgbase + textsection.virtual_address + i)
|
|
|
|
<< ": "
|
|
|
|
<< std::hex << std::showbase << std::setw(10)
|
|
|
|
<< std::setfill('0') << std::internal
|
|
|
|
<< val
|
|
|
|
<< " -> "
|
|
|
|
<< std::hex << std::showbase << std::setw(10)
|
|
|
|
<< std::setfill('0') << std::internal
|
|
|
|
<< (newva + (val - oldva)) << std::endl;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Write the relocated code section data.
|
|
|
|
if (!shared::write_file(updatername, buffer, false, textsection.raw_address,
|
|
|
|
buffer.size()))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to write the relocated code section to the"
|
|
|
|
" updater executable." << std::endl;
|
|
|
|
return 17;
|
|
|
|
}
|
|
|
|
} //if (size < buffer.size())
|
|
|
|
else
|
|
|
|
{
|
|
|
|
// Yes, overwrite the existing firmware archive.
|
|
|
|
if (verbose)
|
|
|
|
std::cout << "[*] Overwriting existing firmware archive..."
|
|
|
|
<< std::endl;
|
|
|
|
|
|
|
|
shared::bytes archive_size(sizeof(dword));
|
|
|
|
*(dword*)&archive_size[0] = buffer.size();
|
|
|
|
|
|
|
|
if (!shared::write_file(updatername, archive_size, false, offset_pa,
|
|
|
|
archive_size.size()))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to write archive size to the updater"
|
|
|
|
" executable." << std::endl;
|
|
|
|
return 18;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!shared::write_file(updatername, buffer, false,
|
|
|
|
offset_pa+archive_size.size(), buffer.size()))
|
|
|
|
{
|
|
|
|
std::cerr << "Failed to write the new archive to the updater"
|
|
|
|
" exectuable." << std::endl;
|
|
|
|
return 19;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int main(int argc, char* argv[])
|
|
|
|
{
|
|
|
|
try
|
|
|
|
{
|
|
|
|
return process_arguments(argc, argv);
|
|
|
|
}
|
|
|
|
catch (const std::exception& xcpt)
|
|
|
|
{
|
|
|
|
std::cerr << "Exception caught: " << xcpt.what() << std::endl;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
catch (...)
|
|
|
|
{
|
|
|
|
std::cerr << "Unknown exception caught." << std::endl;
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
return -3;
|
|
|
|
}
|