2012-10-30 12:13:30 +00:00
|
|
|
/***************************************************************************
|
|
|
|
* __________ __ ___.
|
|
|
|
* Open \______ \ ____ ____ | | _\_ |__ _______ ___
|
|
|
|
* Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
|
|
|
|
* Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
|
|
|
|
* Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
|
|
|
|
* \/ \/ \/ \/ \/
|
|
|
|
* $Id$
|
|
|
|
*
|
|
|
|
* Copyright (C) 2012 Amaury Pouly
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
|
|
* KIND, either express or implied.
|
|
|
|
*
|
|
|
|
****************************************************************************/
|
2012-10-03 12:27:19 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <stdbool.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <getopt.h>
|
|
|
|
#include <stdarg.h>
|
|
|
|
#include <ctype.h>
|
2012-10-04 10:25:22 +00:00
|
|
|
#include <sys/stat.h>
|
2017-09-29 15:53:06 +00:00
|
|
|
#include "misc.h"
|
|
|
|
#include "fwu.h"
|
2017-09-29 16:22:30 +00:00
|
|
|
#include "afi.h"
|
|
|
|
#include "fw.h"
|
2012-10-03 12:27:19 +00:00
|
|
|
|
|
|
|
bool g_debug = false;
|
|
|
|
char *g_out_prefix = NULL;
|
2012-10-04 10:25:22 +00:00
|
|
|
char *g_in_file = NULL;
|
2012-10-03 12:27:19 +00:00
|
|
|
|
2012-10-04 10:25:22 +00:00
|
|
|
/* [add]: string to add when there is no extension
|
|
|
|
* [replace]: string to replace extension */
|
|
|
|
static void build_out_prefix(char *add, char *replace, bool slash)
|
|
|
|
{
|
|
|
|
if(g_out_prefix)
|
|
|
|
return;
|
|
|
|
/** copy input filename with extra space */
|
|
|
|
g_out_prefix = malloc(strlen(g_in_file) + strlen(add) + 16);
|
|
|
|
strcpy(g_out_prefix, g_in_file);
|
|
|
|
/** remove extension and add '/' */
|
|
|
|
char *filename = strrchr(g_out_prefix, '/');
|
|
|
|
// have p points to the beginning or after the last '/'
|
|
|
|
filename = (filename == NULL) ? g_out_prefix : filename + 1;
|
|
|
|
// extension ?
|
|
|
|
char *dot = strrchr(filename, '.');
|
|
|
|
if(dot)
|
|
|
|
{
|
|
|
|
*dot = 0; // cut at the dot
|
|
|
|
strcat(dot, replace);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
strcat(filename, add); // add extra string
|
|
|
|
|
|
|
|
if(slash)
|
|
|
|
{
|
|
|
|
strcat(filename, "/");
|
|
|
|
/** make sure the directory exists */
|
|
|
|
mkdir(g_out_prefix, S_IRWXU | S_IRGRP | S_IROTH);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-29 15:53:06 +00:00
|
|
|
static int do_fwu(uint8_t *buf, size_t size, enum fwu_mode_t mode)
|
2012-10-03 12:27:19 +00:00
|
|
|
{
|
2017-09-29 15:53:06 +00:00
|
|
|
int ret = fwu_decrypt(buf, &size, mode);
|
|
|
|
if(ret != 0)
|
|
|
|
return ret;
|
2012-10-03 12:27:19 +00:00
|
|
|
|
2017-09-29 15:53:06 +00:00
|
|
|
build_out_prefix(".afi", ".afi", false);
|
|
|
|
cprintf(GREY, "Descrambling to %s... ", g_out_prefix);
|
|
|
|
FILE *f = fopen(g_out_prefix, "wb");
|
|
|
|
if(f)
|
2012-10-03 12:27:19 +00:00
|
|
|
{
|
2017-09-29 15:53:06 +00:00
|
|
|
fwrite(buf, size, 1, f);
|
|
|
|
fclose(f);
|
|
|
|
cprintf(RED, "Ok\n");
|
|
|
|
return 0;
|
2012-10-03 12:27:19 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2017-09-29 15:53:06 +00:00
|
|
|
color(RED);
|
|
|
|
perror("Failed");
|
|
|
|
return 1;
|
2012-10-03 12:27:19 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-29 16:22:30 +00:00
|
|
|
static int unpack_afi_fw_cb(const char *filename, uint8_t *buf, size_t size)
|
2012-10-03 12:27:19 +00:00
|
|
|
{
|
2017-09-29 16:22:30 +00:00
|
|
|
char *name = malloc(strlen(g_out_prefix) + strlen(filename) + 16);
|
|
|
|
sprintf(name, "%s%s", g_out_prefix, filename);
|
2012-10-03 12:27:19 +00:00
|
|
|
|
2017-09-29 16:22:30 +00:00
|
|
|
cprintf(GREY, "Unpacking to %s... ", name);
|
|
|
|
FILE *f = fopen(name, "wb");
|
|
|
|
if(f)
|
2012-10-03 12:27:19 +00:00
|
|
|
{
|
2017-09-29 16:22:30 +00:00
|
|
|
fwrite(buf, size, 1, f);
|
|
|
|
fclose(f);
|
|
|
|
cprintf(RED, "Ok\n");
|
|
|
|
return 0;
|
2012-10-03 12:27:19 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2017-09-29 16:22:30 +00:00
|
|
|
color(RED);
|
|
|
|
perror("Failed");
|
2017-09-29 15:53:06 +00:00
|
|
|
return 1;
|
2012-10-03 12:27:19 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-29 16:22:30 +00:00
|
|
|
static int do_afi(uint8_t *buf, size_t size)
|
2012-10-03 12:27:19 +00:00
|
|
|
{
|
2017-09-29 16:22:30 +00:00
|
|
|
build_out_prefix(".fw", "", true);
|
|
|
|
return afi_unpack(buf, size, &unpack_afi_fw_cb);
|
2012-10-03 12:27:19 +00:00
|
|
|
}
|
|
|
|
|
2017-09-29 16:22:30 +00:00
|
|
|
static int do_fw(uint8_t *buf, size_t size)
|
2012-10-03 12:27:19 +00:00
|
|
|
{
|
2012-10-04 10:25:22 +00:00
|
|
|
build_out_prefix(".unpack", "", true);
|
2017-09-29 16:22:30 +00:00
|
|
|
return fw_unpack(buf, size, &unpack_afi_fw_cb);
|
2012-10-03 12:27:19 +00:00
|
|
|
}
|
|
|
|
static void usage(void)
|
|
|
|
{
|
|
|
|
printf("Usage: atjboottool [options] firmware\n");
|
|
|
|
printf("Options:\n");
|
2017-09-29 16:22:30 +00:00
|
|
|
printf(" -o <path> Set output file or output prefix\n");
|
|
|
|
printf(" -h/--help Display this message\n");
|
|
|
|
printf(" -d/--debug Display debug messages\n");
|
|
|
|
printf(" -c/--no-color Disable color output\n");
|
|
|
|
printf(" --fwu Unpack a FWU firmware file\n");
|
|
|
|
printf(" --afi Unpack a AFI archive file\n");
|
|
|
|
printf(" --fw Unpack a FW archive file\n");
|
|
|
|
printf(" --atj2127 Force ATJ2127 decryption mode\n");
|
2012-10-03 12:27:19 +00:00
|
|
|
printf("The default is to try to guess the format.\n");
|
|
|
|
printf("If several formats are specified, all are tried.\n");
|
2012-10-04 10:25:22 +00:00
|
|
|
printf("If no output prefix is specified, a default one is picked.\n");
|
2012-10-03 12:27:19 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
int main(int argc, char **argv)
|
|
|
|
{
|
|
|
|
bool try_fwu = false;
|
|
|
|
bool try_afi = false;
|
|
|
|
bool try_fw = false;
|
2017-09-29 15:53:06 +00:00
|
|
|
enum fwu_mode_t fwu_mode = FWU_AUTO;
|
atjboottool: cleanup and add support for atj2127
Several people asked me recently how to decrypt atj2127 firmware. Someone
posted on github (https://github.com/nfd/atj2127decrypt) a decrypt utility
clearly reverse engineered from some unknown source. The code is an absolute
horror but I concluded that ATJ changed very little between ATJ213x and ATJ2127
so I added support for the ATJ2127, credit to this github code that I stole
and rewrite (code was under MIT licence). At the same time do some small code
cleanups.
Note that there is not 100% sure way that I know to distinguish between the
two firmware types, so the code tries to do an educated guess to detect
ATJ2127. If this does not work, use --atj21217 option. Also note that contrary
to the github tool that decrypts and unpack in one go, this tool only does one
step at once. So first decrypt: HEX -> AFI, then unpack AFI -> files.
I also added for a different version of AFI. Based on AFI files I have, there
are, I think, two versions: the "old" ones (pre-ATJ213x) and "new" ones. The
tool only supported the new one but for some reason the ATJ2127 uses the old
ones without a mostly empty header. Strangely, even this mostly empty header
does not seem to follow the old layout as reverse engineered by the s1mp3
project (https://sourceforge.net/p/s1mp3/code/HEAD/tree/trunk/s1fwx/heads.h),
so in fact there might be three versions. In any case, only the header is
different, the rest of the file is identical so at the moment I just don't
print any header info for "old" files.
Change-Id: I1de61e64f433f6cacd239cd3c1ba469b9bb12442
2017-07-30 12:22:39 +00:00
|
|
|
|
2012-10-03 12:27:19 +00:00
|
|
|
while(1)
|
|
|
|
{
|
|
|
|
static struct option long_options[] =
|
|
|
|
{
|
2017-09-29 16:22:30 +00:00
|
|
|
{"help", no_argument, 0, 'h'},
|
2012-10-03 12:27:19 +00:00
|
|
|
{"debug", no_argument, 0, 'd'},
|
|
|
|
{"no-color", no_argument, 0, 'c'},
|
|
|
|
{"fwu", no_argument, 0, 'u'},
|
|
|
|
{"afi", no_argument, 0, 'a'},
|
|
|
|
{"fw", no_argument, 0, 'w'},
|
atjboottool: cleanup and add support for atj2127
Several people asked me recently how to decrypt atj2127 firmware. Someone
posted on github (https://github.com/nfd/atj2127decrypt) a decrypt utility
clearly reverse engineered from some unknown source. The code is an absolute
horror but I concluded that ATJ changed very little between ATJ213x and ATJ2127
so I added support for the ATJ2127, credit to this github code that I stole
and rewrite (code was under MIT licence). At the same time do some small code
cleanups.
Note that there is not 100% sure way that I know to distinguish between the
two firmware types, so the code tries to do an educated guess to detect
ATJ2127. If this does not work, use --atj21217 option. Also note that contrary
to the github tool that decrypts and unpack in one go, this tool only does one
step at once. So first decrypt: HEX -> AFI, then unpack AFI -> files.
I also added for a different version of AFI. Based on AFI files I have, there
are, I think, two versions: the "old" ones (pre-ATJ213x) and "new" ones. The
tool only supported the new one but for some reason the ATJ2127 uses the old
ones without a mostly empty header. Strangely, even this mostly empty header
does not seem to follow the old layout as reverse engineered by the s1mp3
project (https://sourceforge.net/p/s1mp3/code/HEAD/tree/trunk/s1fwx/heads.h),
so in fact there might be three versions. In any case, only the header is
different, the rest of the file is identical so at the moment I just don't
print any header info for "old" files.
Change-Id: I1de61e64f433f6cacd239cd3c1ba469b9bb12442
2017-07-30 12:22:39 +00:00
|
|
|
{"atj2127", no_argument, 0, '2'},
|
2012-10-03 12:27:19 +00:00
|
|
|
{0, 0, 0, 0}
|
|
|
|
};
|
|
|
|
|
2017-09-29 16:22:30 +00:00
|
|
|
int c = getopt_long(argc, argv, "hdco:a2", long_options, NULL);
|
2012-10-03 12:27:19 +00:00
|
|
|
if(c == -1)
|
|
|
|
break;
|
|
|
|
switch(c)
|
|
|
|
{
|
|
|
|
case -1:
|
|
|
|
break;
|
|
|
|
case 'c':
|
|
|
|
enable_color(false);
|
|
|
|
break;
|
|
|
|
case 'd':
|
|
|
|
g_debug = true;
|
|
|
|
break;
|
|
|
|
break;
|
2017-09-29 16:22:30 +00:00
|
|
|
case 'h':
|
2012-10-03 12:27:19 +00:00
|
|
|
usage();
|
|
|
|
break;
|
|
|
|
case 'o':
|
|
|
|
g_out_prefix = optarg;
|
|
|
|
break;
|
|
|
|
case 'a':
|
|
|
|
try_afi = true;
|
|
|
|
break;
|
|
|
|
case 'u':
|
|
|
|
try_fwu = true;
|
|
|
|
break;
|
|
|
|
case 'w':
|
|
|
|
try_fw = true;
|
|
|
|
break;
|
atjboottool: cleanup and add support for atj2127
Several people asked me recently how to decrypt atj2127 firmware. Someone
posted on github (https://github.com/nfd/atj2127decrypt) a decrypt utility
clearly reverse engineered from some unknown source. The code is an absolute
horror but I concluded that ATJ changed very little between ATJ213x and ATJ2127
so I added support for the ATJ2127, credit to this github code that I stole
and rewrite (code was under MIT licence). At the same time do some small code
cleanups.
Note that there is not 100% sure way that I know to distinguish between the
two firmware types, so the code tries to do an educated guess to detect
ATJ2127. If this does not work, use --atj21217 option. Also note that contrary
to the github tool that decrypts and unpack in one go, this tool only does one
step at once. So first decrypt: HEX -> AFI, then unpack AFI -> files.
I also added for a different version of AFI. Based on AFI files I have, there
are, I think, two versions: the "old" ones (pre-ATJ213x) and "new" ones. The
tool only supported the new one but for some reason the ATJ2127 uses the old
ones without a mostly empty header. Strangely, even this mostly empty header
does not seem to follow the old layout as reverse engineered by the s1mp3
project (https://sourceforge.net/p/s1mp3/code/HEAD/tree/trunk/s1fwx/heads.h),
so in fact there might be three versions. In any case, only the header is
different, the rest of the file is identical so at the moment I just don't
print any header info for "old" files.
Change-Id: I1de61e64f433f6cacd239cd3c1ba469b9bb12442
2017-07-30 12:22:39 +00:00
|
|
|
case '2':
|
2017-09-29 15:53:06 +00:00
|
|
|
fwu_mode = FWU_ATJ2127;
|
atjboottool: cleanup and add support for atj2127
Several people asked me recently how to decrypt atj2127 firmware. Someone
posted on github (https://github.com/nfd/atj2127decrypt) a decrypt utility
clearly reverse engineered from some unknown source. The code is an absolute
horror but I concluded that ATJ changed very little between ATJ213x and ATJ2127
so I added support for the ATJ2127, credit to this github code that I stole
and rewrite (code was under MIT licence). At the same time do some small code
cleanups.
Note that there is not 100% sure way that I know to distinguish between the
two firmware types, so the code tries to do an educated guess to detect
ATJ2127. If this does not work, use --atj21217 option. Also note that contrary
to the github tool that decrypts and unpack in one go, this tool only does one
step at once. So first decrypt: HEX -> AFI, then unpack AFI -> files.
I also added for a different version of AFI. Based on AFI files I have, there
are, I think, two versions: the "old" ones (pre-ATJ213x) and "new" ones. The
tool only supported the new one but for some reason the ATJ2127 uses the old
ones without a mostly empty header. Strangely, even this mostly empty header
does not seem to follow the old layout as reverse engineered by the s1mp3
project (https://sourceforge.net/p/s1mp3/code/HEAD/tree/trunk/s1fwx/heads.h),
so in fact there might be three versions. In any case, only the header is
different, the rest of the file is identical so at the moment I just don't
print any header info for "old" files.
Change-Id: I1de61e64f433f6cacd239cd3c1ba469b9bb12442
2017-07-30 12:22:39 +00:00
|
|
|
break;
|
2012-10-03 12:27:19 +00:00
|
|
|
default:
|
|
|
|
abort();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(argc - optind != 1)
|
|
|
|
{
|
|
|
|
usage();
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2012-10-04 10:25:22 +00:00
|
|
|
g_in_file = argv[optind];
|
|
|
|
FILE *fin = fopen(g_in_file, "r");
|
2012-10-03 12:27:19 +00:00
|
|
|
if(fin == NULL)
|
|
|
|
{
|
|
|
|
perror("Cannot open boot file");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
fseek(fin, 0, SEEK_END);
|
|
|
|
long size = ftell(fin);
|
|
|
|
fseek(fin, 0, SEEK_SET);
|
|
|
|
|
|
|
|
void *buf = malloc(size);
|
|
|
|
if(buf == NULL)
|
|
|
|
{
|
|
|
|
perror("Cannot allocate memory");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(fread(buf, size, 1, fin) != 1)
|
|
|
|
{
|
|
|
|
perror("Cannot read file");
|
|
|
|
return 1;
|
|
|
|
}
|
atjboottool: cleanup and add support for atj2127
Several people asked me recently how to decrypt atj2127 firmware. Someone
posted on github (https://github.com/nfd/atj2127decrypt) a decrypt utility
clearly reverse engineered from some unknown source. The code is an absolute
horror but I concluded that ATJ changed very little between ATJ213x and ATJ2127
so I added support for the ATJ2127, credit to this github code that I stole
and rewrite (code was under MIT licence). At the same time do some small code
cleanups.
Note that there is not 100% sure way that I know to distinguish between the
two firmware types, so the code tries to do an educated guess to detect
ATJ2127. If this does not work, use --atj21217 option. Also note that contrary
to the github tool that decrypts and unpack in one go, this tool only does one
step at once. So first decrypt: HEX -> AFI, then unpack AFI -> files.
I also added for a different version of AFI. Based on AFI files I have, there
are, I think, two versions: the "old" ones (pre-ATJ213x) and "new" ones. The
tool only supported the new one but for some reason the ATJ2127 uses the old
ones without a mostly empty header. Strangely, even this mostly empty header
does not seem to follow the old layout as reverse engineered by the s1mp3
project (https://sourceforge.net/p/s1mp3/code/HEAD/tree/trunk/s1fwx/heads.h),
so in fact there might be three versions. In any case, only the header is
different, the rest of the file is identical so at the moment I just don't
print any header info for "old" files.
Change-Id: I1de61e64f433f6cacd239cd3c1ba469b9bb12442
2017-07-30 12:22:39 +00:00
|
|
|
|
2012-10-03 12:27:19 +00:00
|
|
|
fclose(fin);
|
|
|
|
|
|
|
|
int ret = -99;
|
2017-09-29 15:53:06 +00:00
|
|
|
if(try_fwu || fwu_check(buf, size))
|
|
|
|
ret = do_fwu(buf, size, fwu_mode);
|
|
|
|
else if(try_afi || afi_check(buf, size))
|
2012-10-03 12:27:19 +00:00
|
|
|
ret = do_afi(buf, size);
|
2017-09-29 16:22:30 +00:00
|
|
|
else if(try_fw || fw_check(buf, size))
|
2012-10-03 12:27:19 +00:00
|
|
|
ret = do_fw(buf, size);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
cprintf(GREY, "No valid format found\n");
|
|
|
|
ret = 1;
|
|
|
|
}
|
atjboottool: cleanup and add support for atj2127
Several people asked me recently how to decrypt atj2127 firmware. Someone
posted on github (https://github.com/nfd/atj2127decrypt) a decrypt utility
clearly reverse engineered from some unknown source. The code is an absolute
horror but I concluded that ATJ changed very little between ATJ213x and ATJ2127
so I added support for the ATJ2127, credit to this github code that I stole
and rewrite (code was under MIT licence). At the same time do some small code
cleanups.
Note that there is not 100% sure way that I know to distinguish between the
two firmware types, so the code tries to do an educated guess to detect
ATJ2127. If this does not work, use --atj21217 option. Also note that contrary
to the github tool that decrypts and unpack in one go, this tool only does one
step at once. So first decrypt: HEX -> AFI, then unpack AFI -> files.
I also added for a different version of AFI. Based on AFI files I have, there
are, I think, two versions: the "old" ones (pre-ATJ213x) and "new" ones. The
tool only supported the new one but for some reason the ATJ2127 uses the old
ones without a mostly empty header. Strangely, even this mostly empty header
does not seem to follow the old layout as reverse engineered by the s1mp3
project (https://sourceforge.net/p/s1mp3/code/HEAD/tree/trunk/s1fwx/heads.h),
so in fact there might be three versions. In any case, only the header is
different, the rest of the file is identical so at the moment I just don't
print any header info for "old" files.
Change-Id: I1de61e64f433f6cacd239cd3c1ba469b9bb12442
2017-07-30 12:22:39 +00:00
|
|
|
|
2012-10-03 12:27:19 +00:00
|
|
|
if(ret != 0)
|
|
|
|
{
|
|
|
|
cprintf(GREY, "Error: %d", ret);
|
|
|
|
printf("\n");
|
|
|
|
ret = 2;
|
|
|
|
}
|
|
|
|
free(buf);
|
|
|
|
|
|
|
|
color(OFF);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|