Major rework of mkamsboot, extending work done by Rafael Carre. We now build one "dualboot.bin" mini-bootloader per target and embed it in the mkamsboot binary. The user of mkamsboot just needs to provide an original firmware file, and a Rockbox bootloader file. This code currently supports just the Clip (hardware revision 1) and the E200v2 - button checks are needed for the other V2 targets. NOTE: This is completely untested on-target, and may brick your device.
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@18767 a1c6a512-1295-4272-9138-f99709370657
This commit is contained in:
parent
ced0adc527
commit
1c4bcfac69
6 changed files with 623 additions and 247 deletions
|
@ -1,56 +1,94 @@
|
|||
# Change INFILE to point to your original firmware file
|
||||
INFILE=$(HOME)/FW/AMS/CLIP/m300a-1.1.17A.bin
|
||||
|
||||
# OUTFILE is the file you copy to your device's root and rename to
|
||||
# (e.g.) m300a.bin
|
||||
OUTFILE=patched.bin
|
||||
# We use the UCL code available in the Rockbox tools/ directory
|
||||
|
||||
# The uclpack command
|
||||
UCLPACK=../../tools/uclpack
|
||||
CFLAGS=-I../../tools/ucl/include
|
||||
LIBUCL=../../tools/ucl/src/libucl.a
|
||||
|
||||
all: $(OUTFILE)
|
||||
# Edit the following variables (plus copy/paste another set of rules) when
|
||||
# adding a new target. mkamsboot.c also needs to be edited to refer to these
|
||||
# new images.
|
||||
#
|
||||
# If anyone reading this wants to improve this makefile, please do!
|
||||
|
||||
mkamsboot: mkamsboot.c
|
||||
gcc -o mkamsboot -W -Wall mkamsboot.c
|
||||
BOOTIMAGES = bootimg_clip.o bootimg_e200v2.o
|
||||
BOOTHEADERS = bootimg_clip.h bootimg_e200v2.h
|
||||
|
||||
extract_fw: extract_fw.c
|
||||
gcc -o extract_fw -W -Wall extract_fw.c
|
||||
CLIPFILES = dualboot-clip.o dualboot-clip.elf dualboot-clip.o \
|
||||
dualboot-clip.bin bootimg_clip.c bootimg_clip.h
|
||||
|
||||
E200V2FILES = dualboot-e200v2.o dualboot-e200v2.elf dualboot-e200v2.o \
|
||||
dualboot-e200v2.bin bootimg_e200v2.c bootimg_e200v2.h
|
||||
|
||||
all: mkamsboot
|
||||
|
||||
$(LIBUCL):
|
||||
make -C ../../tools/ucl/src libucl.a
|
||||
|
||||
mkamsboot.o: mkamsboot.c $(BOOTHEADERS) uclimg.h
|
||||
gcc $(CFLAGS) -c -o mkamsboot.o -W -Wall mkamsboot.c
|
||||
|
||||
mkamsboot: mkamsboot.o $(BOOTIMAGES) uclimg.o $(LIBUCL)
|
||||
gcc -o mkamsboot mkamsboot.o $(BOOTIMAGES) uclimg.o $(LIBUCL)
|
||||
|
||||
# Rules for our test ARM application - assemble, link, then extract
|
||||
# the binary code
|
||||
|
||||
test.o: test.S
|
||||
arm-elf-as -o test.o test.S
|
||||
# CLIP
|
||||
|
||||
test.elf: test.o
|
||||
arm-elf-ld -e 0 -Ttext=0 -o test.elf test.o
|
||||
dualboot-clip.o: dualboot.S
|
||||
arm-elf-gcc -DSANSA_CLIP -c -o dualboot-clip.o dualboot.S
|
||||
|
||||
test.bin: test.elf
|
||||
arm-elf-objcopy -O binary test.elf test.bin
|
||||
dualboot-clip.elf: dualboot-clip.o
|
||||
arm-elf-ld -e 0 -Ttext=0 -o dualboot-clip.elf dualboot-clip.o
|
||||
|
||||
# Rules for the ucl unpack function - this is inserted in the padding at
|
||||
# the end of the original firmware block
|
||||
dualboot-clip.bin: dualboot-clip.elf
|
||||
arm-elf-objcopy -O binary dualboot-clip.elf dualboot-clip.bin
|
||||
|
||||
bootimg_clip.c bootimg_clip.h: dualboot-clip.bin bin2c
|
||||
./bin2c dualboot-clip.bin bootimg_clip
|
||||
|
||||
bootimg_clip.o: bootimg_clip.c
|
||||
gcc -c -o bootimg_clip.o bootimg_clip.c
|
||||
|
||||
# E200V2
|
||||
|
||||
dualboot-e200v2.o: dualboot.S
|
||||
arm-elf-gcc -DSANSA_E200V2 -c -o dualboot-e200v2.o dualboot.S
|
||||
|
||||
dualboot-e200v2.elf: dualboot-e200v2.o
|
||||
arm-elf-ld -e 0 -Ttext=0 -o dualboot-e200v2.elf dualboot-e200v2.o
|
||||
|
||||
dualboot-e200v2.bin: dualboot-e200v2.elf
|
||||
arm-elf-objcopy -O binary dualboot-e200v2.elf dualboot-e200v2.bin
|
||||
|
||||
bootimg_e200v2.c bootimg_e200v2.h: dualboot-e200v2.bin bin2c
|
||||
./bin2c dualboot-e200v2.bin bootimg_e200v2
|
||||
|
||||
bootimg_e200v2.o: bootimg_e200v2.c
|
||||
gcc -c -o bootimg_e200v2.o bootimg_e200v2.c
|
||||
|
||||
# Rules for the ucl unpack function
|
||||
nrv2e_d8.o: nrv2e_d8.S
|
||||
arm-elf-gcc -DPURE_THUMB -c -o nrv2e_d8.o nrv2e_d8.S
|
||||
|
||||
# NOTE: this function has no absolute references, so the link address (-e)
|
||||
# is irrelevant. We just link at address 0.
|
||||
# is irrelevant. We just link at address 0, but it can run from anywhere.
|
||||
nrv2e_d8.elf: nrv2e_d8.o
|
||||
arm-elf-ld -e 0 -Ttext=0 -o nrv2e_d8.elf nrv2e_d8.o
|
||||
|
||||
nrv2e_d8.bin: nrv2e_d8.elf
|
||||
arm-elf-objcopy -O binary nrv2e_d8.elf nrv2e_d8.bin
|
||||
|
||||
firmware_block.ucl: firmware_block.bin
|
||||
$(UCLPACK) --best --2e firmware_block.bin firmware_block.ucl
|
||||
uclimg.c uclimg.h: nrv2e_d8.bin bin2c
|
||||
./bin2c nrv2e_d8.bin uclimg
|
||||
|
||||
firmware_block.bin: $(INFILE) extract_fw
|
||||
./extract_fw $(INFILE) firmware_block.bin
|
||||
uclimg.o: uclimg.c
|
||||
gcc -c -o uclimg.o uclimg.c
|
||||
|
||||
$(OUTFILE): mkamsboot firmware_block.ucl test.bin nrv2e_d8.bin $(INFILE)
|
||||
./mkamsboot $(INFILE) firmware_block.ucl test.bin nrv2e_d8.bin $(OUTFILE)
|
||||
bin2c: bin2c.c
|
||||
gcc -o bin2c bin2c.c
|
||||
|
||||
clean:
|
||||
rm -fr amsinfo mkamsboot test.o test.elf test.bin extract_fw \
|
||||
nrv2e_d8.o nrv2e_d8.elf nrv2e_d8.bin firmware_block.bin \
|
||||
firmware_block.ucl $(OUTFILE) *~
|
||||
rm -f mkamsboot mkamsboot.o nrv2e_d8.o nrv2e_d8.elf nrv2e_d8.bin *~ \
|
||||
bin2c uclimg.c uclimg.h uclimg.o \
|
||||
$(BOOTIMAGES) $(CLIPFILES) $(E200V2FILES)
|
||||
|
|
|
@ -1,10 +1,6 @@
|
|||
mkamsboot
|
||||
---------
|
||||
|
||||
A tool to inject some code (contained in test.S) into a firmware file.
|
||||
|
||||
Edit the INFILE variable in the Makefile to point to the original
|
||||
firmware file you want to patch, edit "test.S" appropriately, and then
|
||||
type "make".
|
||||
|
||||
A tool to inject a bootloader into a Sansa V2 (AMS) firmware file.
|
||||
|
||||
See comments in mkamsboot.c and dualboot.S for more information.
|
||||
|
|
134
rbutil/mkamsboot/bin2c.c
Normal file
134
rbutil/mkamsboot/bin2c.c
Normal file
|
@ -0,0 +1,134 @@
|
|||
/***************************************************************************
|
||||
* __________ __ ___.
|
||||
* Open \______ \ ____ ____ | | _\_ |__ _______ ___
|
||||
* Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
|
||||
* Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
|
||||
* Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
|
||||
* \/ \/ \/ \/ \/
|
||||
* $Id$
|
||||
*
|
||||
* Copyright (C) 2007 Dave Chapman
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifndef O_BINARY
|
||||
#define O_BINARY 0
|
||||
#endif
|
||||
|
||||
static off_t filesize(int fd)
|
||||
{
|
||||
struct stat buf;
|
||||
|
||||
fstat(fd,&buf);
|
||||
return buf.st_size;
|
||||
}
|
||||
|
||||
static int write_cfile(const unsigned char* buf, off_t len, const char* cname)
|
||||
{
|
||||
char filename[256];
|
||||
FILE* fp;
|
||||
int i;
|
||||
|
||||
snprintf(filename,256,"%s.c",cname);
|
||||
|
||||
fp = fopen(filename,"w+");
|
||||
if (fp == NULL) {
|
||||
fprintf(stderr,"Couldn't open %s\n",filename);
|
||||
return -1;
|
||||
}
|
||||
|
||||
fprintf(fp,"/* Generated by bin2c */\n\n");
|
||||
fprintf(fp,"unsigned char %s[%d] = {",cname,len);
|
||||
|
||||
for (i=0;i<len;i++) {
|
||||
if ((i % 16) == 0) {
|
||||
fprintf(fp,"\n ");
|
||||
}
|
||||
if (i == (len-1)) {
|
||||
fprintf(fp,"0x%02x",buf[i]);
|
||||
} else {
|
||||
fprintf(fp,"0x%02x, ",buf[i]);
|
||||
}
|
||||
}
|
||||
fprintf(fp,"\n};\n");
|
||||
|
||||
fclose(fp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int write_hfile(off_t len, const char* cname)
|
||||
{
|
||||
char filename[256];
|
||||
FILE* fp;
|
||||
|
||||
snprintf(filename,256,"%s.h",cname);
|
||||
fp = fopen(filename,"w+");
|
||||
if (fp == NULL) {
|
||||
fprintf(stderr,"Couldn't open %s\n",filename);
|
||||
return -1;
|
||||
}
|
||||
|
||||
fprintf(fp,"/* Generated by bin2c */\n\n");
|
||||
fprintf(fp,"extern unsigned char %s[%d];\n",cname,len);
|
||||
fclose(fp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int main (int argc, char* argv[])
|
||||
{
|
||||
char* infile;
|
||||
char* cname;
|
||||
int fd;
|
||||
unsigned char* buf;
|
||||
int len;
|
||||
int n;
|
||||
|
||||
if (argc != 3) {
|
||||
fprintf(stderr,"Usage: bin2c file cname\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
infile=argv[1];
|
||||
cname=argv[2];
|
||||
|
||||
fd = open(infile,O_RDONLY|O_BINARY);
|
||||
if (fd < 0) {
|
||||
fprintf(stderr,"Can not open %s\n",infile);
|
||||
return 0;
|
||||
}
|
||||
|
||||
len = filesize(fd);
|
||||
|
||||
buf = malloc(len);
|
||||
n = read(fd,buf,len);
|
||||
if (n < len) {
|
||||
fprintf(stderr,"Short read, aborting\n");
|
||||
return 0;
|
||||
}
|
||||
close(fd);
|
||||
|
||||
if (write_cfile(buf,len,cname) < 0) {
|
||||
return -1;
|
||||
}
|
||||
if (write_hfile(len,cname) < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
126
rbutil/mkamsboot/dualboot.S
Normal file
126
rbutil/mkamsboot/dualboot.S
Normal file
|
@ -0,0 +1,126 @@
|
|||
.text
|
||||
|
||||
/* This is the size of the Clip's RAM, but there is nothing to be gained
|
||||
(at the moment) by making use of the larger RAM of other targets */
|
||||
|
||||
.set DRAM_SIZE, 0x50000
|
||||
|
||||
.set GPIOA, 0xC80B0000
|
||||
.set GPIOB, 0xC80C0000
|
||||
.set GPIOC, 0xC80D0000
|
||||
.set GPIOD, 0xC80E0000
|
||||
.set CGU_PERI, 0xC80F0014
|
||||
|
||||
|
||||
/* Vectors */
|
||||
ldr pc, =start
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
|
||||
/* These values are filled in by mkamsboot - don't move them from offset 0x20 */
|
||||
uclunpack_end: .word 0 /* End of the ucl_unpack function */
|
||||
uclunpack_size: .word 0 /* Size in bytes of the ucl_unpack function */
|
||||
|
||||
ucl_of_end: .word 0 /* End of the ucl-compressed OF image */
|
||||
ucl_of_size: .word 0 /* Size in bytes of the compressed OF image */
|
||||
|
||||
ucl_rb_end: .word 0 /* End of the ucl-compressed RB image */
|
||||
ucl_rb_size: .word 0 /* Size in bytes of the compressed RB image */
|
||||
|
||||
|
||||
start:
|
||||
/* First copy the UCL unpack function to the end of RAM */
|
||||
ldr r0, uclunpack_end /* Source */
|
||||
ldr r1, uclunpack_size /* Source length */
|
||||
sub r2, r0, r1 /* Source start - 1*/
|
||||
|
||||
ldr r3, =DRAM_SIZE /* Destination end */
|
||||
|
||||
uclcopy:
|
||||
ldrb r4, [r0], #-1
|
||||
strb r4, [r3], #-1
|
||||
cmp r2, r3
|
||||
bne uclcopy
|
||||
|
||||
add r5, r2, #2 /* r5 is entry point of copy of uclunpack */
|
||||
/* function, plus one (for thumb mode */
|
||||
|
||||
/* enable gpio clock */
|
||||
ldr r0, =CGU_PERI
|
||||
ldr r1, [r0]
|
||||
orr r1, r1, #(1<<16)
|
||||
str r1, [r0]
|
||||
|
||||
/* we check A3 unconditionally of the model because it seems to be */
|
||||
/* either hold, either usb on every model */
|
||||
|
||||
ldr r0, =GPIOA
|
||||
mov r1, #0
|
||||
str r1, [r0, #0x400]
|
||||
ldr r1, [r0, #0x20] /* read pin A3 */
|
||||
|
||||
cmp r1, #0
|
||||
bne boot_of
|
||||
|
||||
/* here are model specific tests, for dual boot without a computer */
|
||||
|
||||
#ifdef SANSA_CLIP
|
||||
/* HOME button */
|
||||
ldr r0, =GPIOB
|
||||
mov r1, #0
|
||||
str r1, [r0, #0x400]
|
||||
ldr r1, [r0, #0x10] /* read pin B2 */
|
||||
|
||||
cmp r1, #0
|
||||
bne boot_of
|
||||
#elif defined(SANSA_E200V2)
|
||||
/* DOWN button */
|
||||
ldr r0, =GPIOC
|
||||
mov r1, #0
|
||||
str r1, [r0, #0x400]
|
||||
ldr r1, [r0, #0x100] /* read pin C6 */
|
||||
|
||||
cmp r1, #0 /* C6 = #0 means button pressed */
|
||||
beq boot_of
|
||||
#else
|
||||
#error No target-specific key check defined!
|
||||
#endif
|
||||
|
||||
/* No button was held, so we boot rockbox */
|
||||
ldr r0, ucl_rb_end /* Address of compressed image */
|
||||
ldr r1, ucl_rb_size /* Compressed size */
|
||||
b decompress
|
||||
|
||||
boot_of:
|
||||
ldr r0, ucl_of_end /* Address of compressed image */
|
||||
ldr r1, ucl_of_size /* Compressed size */
|
||||
|
||||
|
||||
decompress:
|
||||
/* At this point: */
|
||||
/* r5 = entry point (plus one for thumb) of uclunpack function */
|
||||
/* r3 = destination_end for copy of UCL image */
|
||||
/* r0 = source_end for UCL image to copy */
|
||||
/* r1 = size of UCL image to copy */
|
||||
|
||||
sub r4, r3, r1 /* r4 := destination_start - 1 */
|
||||
|
||||
fw_copy:
|
||||
ldrb r2, [r0], #-1
|
||||
strb r2, [r3], #-1
|
||||
cmp r3, r4 /* Stop when we reached dest_start-1 */
|
||||
bne fw_copy
|
||||
|
||||
/* Call the ucl decompress function, which will branch to 0x0 */
|
||||
/* on completion */
|
||||
add r0, r3, #1 /* r0 := Start of compressed image */
|
||||
/* r1 already contains compressed size */
|
||||
mov r2, #0 /* r2 := Destination for unpacking */
|
||||
bx r5 /* Branch to uclunpack, switching to thumb */
|
||||
|
||||
/* never reached */
|
|
@ -30,36 +30,46 @@ We replace the main firmware block (bytes 0x400..0x400+firmware_size)
|
|||
as follows:
|
||||
|
||||
|
||||
--------------------- 0x0
|
||||
---------------------- 0x0
|
||||
| |
|
||||
| Rockbox bootloader |
|
||||
| Dual-boot code |
|
||||
| |
|
||||
|---------------------|
|
||||
|----------------------|
|
||||
| EMPTY SPACE |
|
||||
|---------------------|
|
||||
| ucl unpack function |
|
||||
|---------------------|
|
||||
|----------------------|
|
||||
| |
|
||||
| compressed RB image |
|
||||
| |
|
||||
|----------------------|
|
||||
| |
|
||||
| compressed OF image |
|
||||
| |
|
||||
| |
|
||||
---------------------
|
||||
|----------------------|
|
||||
| UCL unpack function |
|
||||
----------------------
|
||||
|
||||
This entire block fits into the space previously occupied by the main
|
||||
firmware block, and gives about 40KB of space to store the Rockbox
|
||||
bootloader. This could be increased if we also UCL compress the
|
||||
Rockbox bootloader.
|
||||
firmware block - the space saved by compressing the OF image is used
|
||||
to store the compressed version of the Rockbox bootloader. The OF
|
||||
image is typically about 120KB, which allows us to store a Rockbox
|
||||
bootloader with an uncompressed size of about 60KB-70KB.
|
||||
|
||||
mkamsboot then corrects the checksums and writes a new legal firmware
|
||||
file which can be installed on the device.
|
||||
|
||||
Our bootloader first checks for the "dual-boot" keypress, and then either:
|
||||
When the Sansa device boots, this firmware block is loaded to RAM at
|
||||
address 0x0 and executed.
|
||||
|
||||
a) Copies the ucl unpack function and compressed OF image to an unused
|
||||
part of RAM and then branches to the ucl_unpack function, which
|
||||
will then branch to 0x0 after decompressing the OF to that location.
|
||||
Firstly, the dual-boot code will copy the UCL unpack function to the
|
||||
end of RAM.
|
||||
|
||||
Then, depending on the detection of the dual-boot keypress, either the
|
||||
OF image or the Rockbox image is copied to the end of RAM (just before
|
||||
the ucl unpack function) and uncompress it to the start of RAM.
|
||||
|
||||
Finally, the ucl unpack function branches to address 0x0, passing
|
||||
execution to the uncompressed firmware.
|
||||
|
||||
b) Continues running with our test code
|
||||
|
||||
*/
|
||||
|
||||
|
@ -73,14 +83,62 @@ b) Continues running with our test code
|
|||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <ucl/ucl.h>
|
||||
|
||||
/* Headers for ARM code binaries */
|
||||
#include "uclimg.h"
|
||||
#include "bootimg_clip.h"
|
||||
#include "bootimg_e200v2.h"
|
||||
|
||||
/* Win32 compatibility */
|
||||
#ifndef O_BINARY
|
||||
#define O_BINARY 0
|
||||
#endif
|
||||
|
||||
#ifndef VERSION
|
||||
#define VERSION "0.1"
|
||||
#endif
|
||||
|
||||
#define PAD_TO_BOUNDARY(x) (((x) + 0x1ff) & ~0x1ff)
|
||||
enum
|
||||
{
|
||||
MODEL_UNKNOWN = -1,
|
||||
MODEL_FUZE = 0,
|
||||
MODEL_CLIP,
|
||||
MODEL_CLIPV2,
|
||||
MODEL_E200,
|
||||
MODEL_M200,
|
||||
MODEL_C200
|
||||
};
|
||||
|
||||
static const char* model_names[] =
|
||||
{
|
||||
"Fuze",
|
||||
"Clip",
|
||||
"Clip V2",
|
||||
"E200",
|
||||
"M200",
|
||||
"C200"
|
||||
};
|
||||
|
||||
static const unsigned char* bootloaders[] =
|
||||
{
|
||||
NULL,
|
||||
bootimg_clip,
|
||||
NULL,
|
||||
bootimg_e200v2,
|
||||
NULL,
|
||||
NULL
|
||||
};
|
||||
|
||||
static const int bootloader_sizes[] =
|
||||
{
|
||||
0,
|
||||
sizeof(bootimg_clip),
|
||||
0,
|
||||
sizeof(bootimg_e200v2),
|
||||
0,
|
||||
0
|
||||
};
|
||||
|
||||
|
||||
/* This magic should appear at the start of any UCL file */
|
||||
|
@ -105,12 +163,6 @@ static uint32_t get_uint32le(unsigned char* p)
|
|||
return p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
|
||||
}
|
||||
|
||||
static uint32_t get_uint32be(unsigned char* p)
|
||||
{
|
||||
return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
|
||||
|
||||
}
|
||||
|
||||
static void put_uint32le(unsigned char* p, uint32_t x)
|
||||
{
|
||||
p[0] = x & 0xff;
|
||||
|
@ -130,186 +182,271 @@ static int calc_checksum(unsigned char* buf, uint32_t n)
|
|||
return sum;
|
||||
}
|
||||
|
||||
void usage(void)
|
||||
static int get_model(int model_id)
|
||||
{
|
||||
printf("Usage: mkamsboot <firmware file> <ucl image> <boot file> <ucl unpack file> <output file>\n");
|
||||
switch(model_id)
|
||||
{
|
||||
case 0x1e:
|
||||
return MODEL_FUZE;
|
||||
case 0x22:
|
||||
return MODEL_CLIP;
|
||||
case 0x23:
|
||||
return MODEL_C200;
|
||||
case 0x24:
|
||||
return MODEL_E200;
|
||||
case 0x25:
|
||||
return MODEL_M200;
|
||||
case 0x27:
|
||||
return MODEL_CLIPV2;
|
||||
}
|
||||
|
||||
exit(1);
|
||||
return MODEL_UNKNOWN;
|
||||
}
|
||||
|
||||
|
||||
static unsigned char* uclpack(unsigned char* inbuf, int insize, int* outsize)
|
||||
{
|
||||
int maxsize;
|
||||
unsigned char* outbuf;
|
||||
int r;
|
||||
|
||||
/* The following formula comes from the UCL documentation */
|
||||
maxsize = insize + (insize / 8) + 256;
|
||||
|
||||
/* Allocate some memory for the output buffer */
|
||||
outbuf = malloc(maxsize);
|
||||
|
||||
if (outbuf == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
r = ucl_nrv2e_99_compress(
|
||||
(const ucl_bytep) inbuf,
|
||||
(ucl_uint) insize,
|
||||
(ucl_bytep) outbuf,
|
||||
(ucl_uintp) outsize,
|
||||
0, 10, NULL, NULL);
|
||||
|
||||
if (r != UCL_E_OK || *outsize > maxsize)
|
||||
{
|
||||
/* this should NEVER happen, and implies memory corruption */
|
||||
fprintf(stderr, "internal error - compression failed: %d\n", r);
|
||||
free(outbuf);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return outbuf;
|
||||
}
|
||||
|
||||
static unsigned char* load_file(char* filename, off_t* bufsize)
|
||||
{
|
||||
int fd;
|
||||
unsigned char* buf;
|
||||
off_t n;
|
||||
|
||||
fd = open(filename, O_RDONLY|O_BINARY);
|
||||
if (fd < 0)
|
||||
{
|
||||
fprintf(stderr,"[ERR] Could not open %s for reading\n",filename);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
*bufsize = filesize(fd);
|
||||
|
||||
buf = malloc(*bufsize);
|
||||
if (buf == NULL) {
|
||||
fprintf(stderr,"[ERR] Could not allocate memory for %s\n",filename);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
n = read(fd, buf, *bufsize);
|
||||
|
||||
if (n != *bufsize) {
|
||||
fprintf(stderr,"[ERR] Could not read file %s\n",filename);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return buf;
|
||||
}
|
||||
|
||||
|
||||
int main(int argc, char* argv[])
|
||||
{
|
||||
char *infile, *uclfile, *bootfile, *uclunpackfile, *outfile;
|
||||
int fdin, fducl, fdboot, fduclunpack, fdout;
|
||||
char *infile, *bootfile, *outfile;
|
||||
int fdout;
|
||||
off_t len;
|
||||
unsigned char uclheader[26];
|
||||
uint32_t n;
|
||||
unsigned char* buf;
|
||||
uint32_t firmware_size;
|
||||
uint32_t firmware_paddedsize;
|
||||
uint32_t bootloader_size;
|
||||
int firmware_size;
|
||||
off_t bootloader_size;
|
||||
uint32_t ucl_size;
|
||||
uint32_t ucl_paddedsize;
|
||||
uint32_t uclunpack_size;
|
||||
uint32_t sum,filesum;
|
||||
uint8_t model_id;
|
||||
int model;
|
||||
uint32_t i;
|
||||
unsigned char* of_packed;
|
||||
int of_packedsize;
|
||||
unsigned char* rb_unpacked;
|
||||
unsigned char* rb_packed;
|
||||
int rb_packedsize;
|
||||
int fw_version;
|
||||
int totalsize;
|
||||
unsigned char* p;
|
||||
|
||||
if(argc != 6) {
|
||||
usage();
|
||||
fprintf(stderr,"mkamsboot v" VERSION " - (C) Dave Chapman 2008\n");
|
||||
fprintf(stderr,"This is free software; see the source for copying conditions. There is NO\n");
|
||||
fprintf(stderr,"warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\n");
|
||||
|
||||
if(argc != 4) {
|
||||
printf("Usage: mkamsboot <firmware file> <boot file> <output file>\n\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
infile = argv[1];
|
||||
uclfile = argv[2];
|
||||
bootfile = argv[3];
|
||||
uclunpackfile = argv[4];
|
||||
outfile = argv[5];
|
||||
bootfile = argv[2];
|
||||
outfile = argv[3];
|
||||
|
||||
/* Open the bootloader file */
|
||||
fdboot = open(bootfile, O_RDONLY|O_BINARY);
|
||||
if (fdboot < 0)
|
||||
{
|
||||
fprintf(stderr,"[ERR] Could not open %s for reading\n",bootfile);
|
||||
/* Load bootloader file */
|
||||
rb_unpacked = load_file(bootfile, &bootloader_size);
|
||||
if (rb_unpacked == NULL) {
|
||||
fprintf(stderr,"[ERR] Could not load %s\n",bootfile);
|
||||
return 1;
|
||||
}
|
||||
|
||||
bootloader_size = filesize(fdboot);
|
||||
/* Load original firmware file */
|
||||
buf = load_file(infile, &len);
|
||||
|
||||
|
||||
/* Open the UCL-compressed image of the firmware block */
|
||||
fduclunpack = open(uclunpackfile, O_RDONLY|O_BINARY);
|
||||
if (fduclunpack < 0)
|
||||
{
|
||||
fprintf(stderr,"[ERR] Could not open %s for reading\n",uclunpackfile);
|
||||
if (buf == NULL) {
|
||||
fprintf(stderr,"[ERR] Could not load bootloader file\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
uclunpack_size = filesize(fduclunpack);
|
||||
/* TODO: Do some more sanity checks on the OF image - e.g. checksum */
|
||||
|
||||
if (get_uint32le(&buf[0x204])==0x0000f000) {
|
||||
fw_version = 2;
|
||||
model_id = buf[0x219];
|
||||
} else {
|
||||
fw_version = 1;
|
||||
model_id = buf[0x215];
|
||||
}
|
||||
|
||||
/* Open the UCL-compressed image of the firmware block */
|
||||
fducl = open(uclfile, O_RDONLY|O_BINARY);
|
||||
if (fducl < 0)
|
||||
{
|
||||
fprintf(stderr,"[ERR] Could not open %s for reading\n",uclfile);
|
||||
model = get_model(model_id);
|
||||
|
||||
if (model == MODEL_UNKNOWN) {
|
||||
fprintf(stderr,"[ERR] Unknown firmware - model id 0x%02x\n",model_id);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Some UCL file sanity checks */
|
||||
n = read(fducl, uclheader, sizeof(uclheader));
|
||||
|
||||
if (n != sizeof(uclheader)) {
|
||||
fprintf(stderr,"[ERR] Could not read header from UCL file\n");
|
||||
if (bootloaders[model] == NULL) {
|
||||
fprintf(stderr,"[ERR] Unsupported model - \"%s\"\n",model_names[model]);
|
||||
free(buf);
|
||||
free(rb_unpacked);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (memcmp(uclmagic, uclheader, sizeof(uclmagic))!=0) {
|
||||
fprintf(stderr,"[ERR] Invalid UCL file\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (uclheader[12] != 0x2e) {
|
||||
fprintf(stderr,"[ERR] Unsupported UCL compression format (0x%02x) - only 0x2e supported.\n",uclheader[12]);
|
||||
return 1;
|
||||
}
|
||||
ucl_size = get_uint32be(&uclheader[22]) + 8;
|
||||
ucl_paddedsize = (ucl_size + 3) & ~0x3;
|
||||
|
||||
if (ucl_size + 26 > (unsigned)filesize(fducl)) {
|
||||
fprintf(stderr, "[ERR] Size mismatch in UCL file\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Open the firmware file */
|
||||
fdin = open(infile,O_RDONLY|O_BINARY);
|
||||
|
||||
if (fdin < 0) {
|
||||
fprintf(stderr,"[ERR] Could not open %s for reading\n",infile);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ((len = filesize(fdin)) < 0)
|
||||
return 1;
|
||||
|
||||
/* Allocate memory for the OF image - we don't change the size */
|
||||
if ((buf = malloc(len)) == NULL) {
|
||||
fprintf(stderr,"[ERR] Could not allocate buffer for input file (%d bytes)\n",(int)len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
n = read(fdin, buf, len);
|
||||
|
||||
if (n != (uint32_t)len) {
|
||||
fprintf(stderr,"[ERR] Could not read firmware file\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
close(fdin);
|
||||
printf("[INFO] Patching %s firmware\n",model_names[model]);
|
||||
|
||||
/* Get the firmware size */
|
||||
firmware_size = get_uint32le(&buf[0x0c]);
|
||||
|
||||
/* Round size up to next multiple of 0x200 */
|
||||
/* Compress the original firmware image */
|
||||
of_packed = uclpack(buf + 0x400, firmware_size, &of_packedsize);
|
||||
if (of_packed == NULL) {
|
||||
fprintf(stderr,"[ERR] Could not compress original firmware\n");
|
||||
free(buf);
|
||||
free(rb_unpacked);
|
||||
return 1;
|
||||
}
|
||||
|
||||
firmware_paddedsize = PAD_TO_BOUNDARY(firmware_size);
|
||||
rb_packed = uclpack(rb_unpacked, bootloader_size, &rb_packedsize);
|
||||
if (rb_packed == NULL) {
|
||||
fprintf(stderr,"[ERR] Could not compress %s\n",bootfile);
|
||||
free(buf);
|
||||
free(rb_unpacked);
|
||||
free(of_packed);
|
||||
return 1;
|
||||
}
|
||||
|
||||
fprintf(stderr,"Original firmware size - %d bytes\n",firmware_size);
|
||||
fprintf(stderr,"Padded firmware size - %d bytes\n",firmware_paddedsize);
|
||||
fprintf(stderr,"Bootloader size - %d bytes\n",bootloader_size);
|
||||
fprintf(stderr,"UCL image size - %d bytes (%d bytes padded)\n",ucl_size,ucl_paddedsize);
|
||||
fprintf(stderr,"UCL unpack function size - %d bytes\n",uclunpack_size);
|
||||
fprintf(stderr,"Original total size of firmware - %d bytes\n",(int)len);
|
||||
/* We are finished with the unpacked version of the bootloader */
|
||||
free(rb_unpacked);
|
||||
|
||||
/* Check we have room for our bootloader - in the future, we could UCL
|
||||
pack this image as well if we need to. */
|
||||
if (bootloader_size > (firmware_size - ucl_paddedsize - uclunpack_size)) {
|
||||
fprintf(stderr,"[ERR] Bootloader too large (%d bytes, %d available)\n",
|
||||
bootloader_size, firmware_size - ucl_paddedsize - uclunpack_size);
|
||||
fprintf(stderr,"[INFO] Original firmware size: %d bytes\n",firmware_size);
|
||||
fprintf(stderr,"[INFO] Packed OF size: %d bytes\n",of_packedsize);
|
||||
fprintf(stderr,"[INFO] Bootloader size: %d bytes\n",(int)bootloader_size);
|
||||
fprintf(stderr,"[INFO] Packed bootloader size: %d bytes\n",rb_packedsize);
|
||||
fprintf(stderr,"[INFO] Dual-boot function size: %d bytes\n",bootloader_sizes[model]);
|
||||
fprintf(stderr,"[INFO] UCL unpack function size: %d bytes\n",sizeof(uclimg));
|
||||
|
||||
totalsize = bootloader_sizes[model] + sizeof(uclimg) + of_packedsize +
|
||||
rb_packedsize;
|
||||
|
||||
fprintf(stderr,"[INFO] Total size of new image: %d bytes\n",totalsize);
|
||||
|
||||
if (totalsize > firmware_size) {
|
||||
fprintf(stderr,"[ERR] No room to insert bootloader, aborting\n");
|
||||
free(buf);
|
||||
free(rb_unpacked);
|
||||
free(of_packed);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Zero the original firmware area - not needed, but helps debugging */
|
||||
memset(buf + 0x400, 0, firmware_size);
|
||||
|
||||
/* Locate our bootloader code at the start of the firmware block */
|
||||
n = read(fdboot, buf + 0x400, bootloader_size);
|
||||
|
||||
if (n != bootloader_size) {
|
||||
fprintf(stderr,"[ERR] Could not load bootloader file\n");
|
||||
return 1;
|
||||
}
|
||||
close(fdboot);
|
||||
/* Insert dual-boot bootloader at offset 0 */
|
||||
memcpy(buf + 0x400, bootloaders[model], bootloader_sizes[model]);
|
||||
|
||||
/* Locate the compressed image of the original firmware block at the end
|
||||
of the firmware block */
|
||||
n = read(fducl, buf + 0x400 + firmware_size - ucl_paddedsize, ucl_size);
|
||||
/* We are filling the firmware buffer backwards from the end */
|
||||
p = buf + 0x400 + firmware_size;
|
||||
|
||||
if (n != ucl_size) {
|
||||
fprintf(stderr,"[ERR] Could not load ucl file\n");
|
||||
return 1;
|
||||
}
|
||||
close(fducl);
|
||||
/* 1 - UCL unpack function */
|
||||
p -= sizeof(uclimg);
|
||||
memcpy(p, uclimg, sizeof(uclimg));
|
||||
|
||||
/* 2 - Compressed copy of original firmware */
|
||||
p -= of_packedsize;
|
||||
memcpy(p, of_packed, of_packedsize);
|
||||
|
||||
/* 3 - Compressed copy of Rockbox bootloader */
|
||||
p -= rb_packedsize;
|
||||
memcpy(p, rb_packed, rb_packedsize);
|
||||
|
||||
/* Write the locations of the various images to the variables at the
|
||||
start of the dualboot image - we save the location of the last byte
|
||||
in each image, along with the size in bytes */
|
||||
|
||||
/* UCL unpack function */
|
||||
put_uint32le(&buf[0x420], firmware_size);
|
||||
put_uint32le(&buf[0x424], sizeof(uclimg));
|
||||
|
||||
/* Compressed original firmware image */
|
||||
put_uint32le(&buf[0x428], firmware_size - sizeof(uclimg));
|
||||
put_uint32le(&buf[0x42c], of_packedsize);
|
||||
|
||||
/* Compressed Rockbox image */
|
||||
put_uint32le(&buf[0x430], firmware_size - sizeof(uclimg) - of_packedsize);
|
||||
put_uint32le(&buf[0x434], rb_packedsize);
|
||||
|
||||
|
||||
/* Locate our UCL unpack function before copy of the compressed firmware */
|
||||
n = read(fduclunpack, buf + 0x400 + firmware_size - ucl_paddedsize - uclunpack_size, uclunpack_size);
|
||||
|
||||
if (n != uclunpack_size) {
|
||||
fprintf(stderr,"[ERR] Could not load uclunpack file\n");
|
||||
return 1;
|
||||
}
|
||||
close(fduclunpack);
|
||||
|
||||
put_uint32le(&buf[0x420], 0x40000 - ucl_paddedsize - uclunpack_size + 1); /* UCL unpack entry point */
|
||||
put_uint32le(&buf[0x424], 0x40000 - ucl_paddedsize); /* Location of OF */
|
||||
put_uint32le(&buf[0x428], ucl_size); /* Size of UCL image */
|
||||
put_uint32le(&buf[0x42c], firmware_size - uclunpack_size - ucl_paddedsize); /* Start of data to copy */
|
||||
put_uint32le(&buf[0x430], uclunpack_size + ucl_paddedsize); /* Size of data to copy */
|
||||
|
||||
/* Update checksum */
|
||||
/* Update the firmware block checksum */
|
||||
sum = calc_checksum(buf + 0x400,firmware_size);
|
||||
|
||||
if (fw_version == 1) {
|
||||
put_uint32le(&buf[0x04], sum);
|
||||
put_uint32le(&buf[0x204], sum);
|
||||
} else {
|
||||
/* TODO: Verify that this is correct for the v2 firmware */
|
||||
|
||||
put_uint32le(&buf[0x08], sum);
|
||||
put_uint32le(&buf[0x208], sum);
|
||||
|
||||
/* Update the header checksums */
|
||||
put_uint32le(&buf[0x1fc], calc_checksum(buf, 0x1fc));
|
||||
put_uint32le(&buf[0x3fc], calc_checksum(buf + 0x200, 0x1fc));
|
||||
}
|
||||
|
||||
/* Update the whole-file checksum */
|
||||
filesum = 0;
|
||||
|
|
|
@ -1,55 +0,0 @@
|
|||
/* int ucl_nrv2e_decompress_8(const unsigned char *src, unsigned char *dst,
|
||||
unsigned long *dst_len) */
|
||||
|
||||
.text
|
||||
.global ucl_nrv2e_decompress_8
|
||||
|
||||
|
||||
/* Vectors */
|
||||
ldr pc, =start
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
.word 0
|
||||
|
||||
/* These values are filled in by mkamsboot - don't move them from offset 0x20 */
|
||||
ucl_unpack: .word 0 /* Entry point (plus 1 - for thumb) of ucl_unpack after copy*/
|
||||
ucl_start: .word 0 /* Start of the ucl-compressed OF image after copy */
|
||||
ucl_size: .word 0 /* Length in bytes of the compressed OF image */
|
||||
copy_start: .word 0 /* Start of the copy of the ucl_unpack function */
|
||||
copy_size: .word 0 /* uclunpack_size + ucl_paddedsize */
|
||||
|
||||
start:
|
||||
/* A delay loop - just to prove we're running */
|
||||
mov r1, #0x500000 /* Approximately 5 seconds */
|
||||
loop: subs r1, r1, #1
|
||||
bne loop
|
||||
|
||||
/* First copy the compressed firmware to unused RAM */
|
||||
|
||||
ldr r0, copy_start /* Source */
|
||||
ldr r1, copy_size /* Source length */
|
||||
|
||||
mov r2, #0x40000 /* Destination end */
|
||||
sub r2, r2, r1
|
||||
|
||||
memcpy:
|
||||
ldrb r3, [r0], #1
|
||||
strb r3, [r2], #1
|
||||
cmp r2, #0x40000 /* Stop when we reached dest_end */
|
||||
bne memcpy
|
||||
|
||||
/* Call the ucl decompress function, which will branch to 0x0 */
|
||||
/* on completion */
|
||||
|
||||
ldr r0, ucl_start /* Address of compressed image */
|
||||
ldr r1, ucl_size /* Compressed size */
|
||||
mov r2, #0 /* Destination */
|
||||
|
||||
ldr r3, ucl_unpack
|
||||
bx r3
|
||||
|
||||
/* never reached */
|
Loading…
Reference in a new issue