There is something weird going on: the Sony website has two different entries:
- NW-ZX300/NW-ZX300A/NW-A45/NW-A47/NW-A45HN/NW-A46HN
- NW-ZX300,NW-ZX300A update(20181004)/NW-ZX300G
with slightly different nvp entries, but it is impossible to tell whether
an NW-ZX300(A) belong to one or the other. Since the diff is very small,
I am adding this as nw-zx300g but treat all devices as nz-zx300 since the
destination node is the same and that is the main usage of the tool anyway.
Change-Id: I3dc2fdec52650f938d568bed578184f6bc43d130
If the model is not known (ie model ID in the database) but another device from
the same series is known, then the database information probably applies and
one can use the "force" option -s to tell the tool to ignore the model ID.
Automatically print such advice when the series can be guessed.
Change-Id: I6bcc7aa29693df8c3d7d8e709ece7cea650be717
swr/swl instructions used for word aligning were wrong. This
made memset() terribly broken. I can't imagine how it went
uncaught for soooo long. Spotted by Solomon Peachy.
I run unit tests for alignments 0,1,2,3
size 1, 2, 3, 4, 5, 63, 64, 65, 127, 128, 129;
and fill pattern 0x00 and other (since 0 is special case in this
implementation).
Change-Id: I513a10734335fe97734c10ab5a6c3e3fb3f4687a
Previously only atomic read/write 8/16/32 were exposed. But it is useful to
be able to read a whole buffer at once, this is more efficient than N times
read8.
Change-Id: I06e331641e1ab1f74c0e16e8c432eafb398e8e6d
The encryption definitely uses some standard elliptic curve encryption over
binary fields (163 and 233 bits, standard polynomials). It is still unclear
how this is used in the actual encryption, the key authentification and
derivation do not look standard.
Change-Id: I6b9180ff7e6115e1dceca8489e986a02a9ea6fc9
Now print list of devices immediately even if the rest of the command line
is empty (ie 'scsitool -s ?' works, whereas before one would need an actual
device to even get a list). Add more information in the help_us command:
print kas, lyr and fpi.
Change-Id: Icfeeaeebe28c774a74ca54661357fafa25c3d114
The tool now provides more useful information for developers when the device
is not supported. Is also has a new verb "help_us" that also prints all this
information (notably the device info and model ID).
Change-Id: I04baec8fff23eb83a0408add6296b5d42e9aa8e7
We still miss the model IDS for those device so scsitool won't be able to
recognize them automatically.
Change-Id: I17ae0f0d95c011cea8e289def63c7673b6c4b667
DES ignores the parity bit of each byte (making the 64-bit key really 56-bit),
but the current code skipped the parity bit of each half-byte, thus missing
some keys.
Change-Id: Ia523ebb944e458905b7de1742df151df22166150
Strangely it has the SAME encryption key as the E450. Either they didn't bother
changing it or more likely they have exactly the same internals and a slightly
different case.
Change-Id: I39ab88845b3e40db34160c2e61dde421f391df44
SUPPORTED SERIES:
- NWZ-E450
- NWZ-E460
- NWZ-E470
- NWZ-E580
- NWZ-A10
NOTES:
- bootloader makefile convert an extra font to be installed alongside the bootloader
since sysfont is way too small
- the toolsicon bitmap comes from the Oxygen iconset
- touchscreen driver is untested
TODO:
- implement audio routing driver (pcm is handled by pcm-alsa)
- fix playback: it crashes on illegal instruction in DEBUG builds
- find out why the browser starts at / instead of /contents
- implement radio support
- implement return to OF for usb handling
- calibrate battery curve (NB: of can report a battery level on a 0-5 scale but
probabl don't want to use that ?)
- implement simulator build (we need a nice image of the player)
- figure out if we can detect jack removal
POTENTIAL TODOS:
- try to build a usb serial gadget and gdbserver
Change-Id: Ic77d71e0651355d47cc4e423a40fb64a60c69a80
Several people asked me recently how to decrypt atj2127 firmware. Someone
posted on github (https://github.com/nfd/atj2127decrypt) a decrypt utility
clearly reverse engineered from some unknown source. The code is an absolute
horror but I concluded that ATJ changed very little between ATJ213x and ATJ2127
so I added support for the ATJ2127, credit to this github code that I stole
and rewrite (code was under MIT licence). At the same time do some small code
cleanups.
Note that there is not 100% sure way that I know to distinguish between the
two firmware types, so the code tries to do an educated guess to detect
ATJ2127. If this does not work, use --atj21217 option. Also note that contrary
to the github tool that decrypts and unpack in one go, this tool only does one
step at once. So first decrypt: HEX -> AFI, then unpack AFI -> files.
I also added for a different version of AFI. Based on AFI files I have, there
are, I think, two versions: the "old" ones (pre-ATJ213x) and "new" ones. The
tool only supported the new one but for some reason the ATJ2127 uses the old
ones without a mostly empty header. Strangely, even this mostly empty header
does not seem to follow the old layout as reverse engineered by the s1mp3
project (https://sourceforge.net/p/s1mp3/code/HEAD/tree/trunk/s1fwx/heads.h),
so in fact there might be three versions. In any case, only the header is
different, the rest of the file is identical so at the moment I just don't
print any header info for "old" files.
Change-Id: I1de61e64f433f6cacd239cd3c1ba469b9bb12442
The devinfo request returned the raw data, now the tool prints the various
fields. Also add support for the dhp (destination/headphones/color ...): this
one is untested because it's only supported starting from A10 or A20. There is
still a problem with the dpcc prop: although it should work for DEVINFO, it does
not, despite the fact that the get_dev_info command works and is internally (on
the Sony) translated into a dpcc request. I keep the code just in case.
Change-Id: I5aa8ef4afb0b11d3c0ddfa3d38f3e737ee1aff66
The detailled error message is only printed if -d switch is on command line,
otherwise there is no error message which is wrong so fix that.
Change-Id: I397541c467940e9b290ee8d4ae704368b1ce132b
I am unsure about the names of the player, the manual says A36HN and A37HN but
at the same time there is a A35 and A35HN with the same ID, and Sony does not
usually put the "HN" in its device list.
Change-Id: Idbf32970aa334b30f1b8947a78b8eebd524b193b
