| /*************************************************************************** |
| * __________ __ ___. |
| * Open \______ \ ____ ____ | | _\_ |__ _______ ___ |
| * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / |
| * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < |
| * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ |
| * \/ \/ \/ \/ \/ |
| * $Id$ |
| * |
| * Copyright (C) 2005 by Linus Nielsen Feltzing |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License |
| * as published by the Free Software Foundation; either version 2 |
| * of the License, or (at your option) any later version. |
| * |
| * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| * KIND, either express or implied. |
| * |
| ****************************************************************************/ |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include "mkboot.h" |
| |
| #ifndef RBUTIL |
| static void usage(void) |
| { |
| printf("usage: mkboot <target> <firmware file> <boot file> <output file>\n"); |
| printf("available targets:\n" |
| "\t-h100 Iriver H1x0\n" |
| "\t-h300 Iriver H3x0\n" |
| "\t-iax5 iAudio X5\n" |
| "\t-iam5 iAudio M5\n"); |
| |
| exit(1); |
| } |
| #endif |
| |
| #ifndef RBUTIL |
| int main(int argc, char *argv[]) |
| { |
| if(argc != 5) |
| { |
| usage(); |
| return 1; |
| } |
| |
| if ( ! strcmp(argv[1], "-h100")) |
| return mkboot_iriver(argv[2], argv[3], argv[4], 0x1f0000); |
| |
| if ( ! strcmp(argv[1], "-h300")) |
| return mkboot_iriver(argv[2], argv[3], argv[4], 0x3f0000); |
| |
| if ( ! strcmp(argv[1], "-iax5")) |
| return mkboot_iaudio(argv[2], argv[3], argv[4], 0); |
| |
| if ( ! strcmp(argv[1], "-iam5")) |
| return mkboot_iaudio(argv[2], argv[3], argv[4], 1); |
| |
| usage(); |
| return 1; |
| } |
| #endif |
| |
| static unsigned char image[0x400000 + 0x220 + 0x400000/0x200]; |
| |
| int mkboot_iriver(const char* infile, const char* bootfile, const char* outfile, int origin) |
| { |
| FILE *f; |
| int i; |
| int len; |
| int actual_length, total_length, binary_length, num_chksums; |
| |
| memset(image, 0xff, sizeof(image)); |
| |
| /* First, read the iriver original firmware into the image */ |
| f = fopen(infile, "rb"); |
| if(!f) { |
| perror(infile); |
| return -1; |
| } |
| |
| i = fread(image, 1, 16, f); |
| if(i < 16) { |
| perror(infile); |
| fclose(f); |
| return -2; |
| } |
| |
| /* This is the length of the binary image without the scrambling |
| overhead (but including the ESTFBINR header) */ |
| binary_length = image[4] + (image[5] << 8) + |
| (image[6] << 16) + (image[7] << 24); |
| |
| /* Read the rest of the binary data, but not the checksum block */ |
| len = binary_length+0x200-16; |
| i = fread(image+16, 1, len, f); |
| if(i < len) { |
| perror(infile); |
| fclose(f); |
| return -3; |
| } |
| |
| fclose(f); |
| |
| /* Now, read the boot loader into the image */ |
| f = fopen(bootfile, "rb"); |
| if(!f) { |
| perror(bootfile); |
| fclose(f); |
| return -4; |
| } |
| |
| fseek(f, 0, SEEK_END); |
| len = ftell(f); |
| |
| fseek(f, 0, SEEK_SET); |
| |
| i = fread(image+0x220 + origin, 1, len, f); |
| if(i < len) { |
| perror(bootfile); |
| fclose(f); |
| return -5; |
| } |
| |
| fclose(f); |
| |
| f = fopen(outfile, "wb"); |
| if(!f) { |
| perror(outfile); |
| return -6; |
| } |
| |
| /* Patch the reset vector to start the boot loader */ |
| image[0x220 + 4] = image[origin + 0x220 + 4]; |
| image[0x220 + 5] = image[origin + 0x220 + 5]; |
| image[0x220 + 6] = image[origin + 0x220 + 6]; |
| image[0x220 + 7] = image[origin + 0x220 + 7]; |
| |
| /* This is the actual length of the binary, excluding all headers */ |
| actual_length = origin + len; |
| |
| /* Patch the ESTFBINR header */ |
| image[0x20c] = (actual_length >> 24) & 0xff; |
| image[0x20d] = (actual_length >> 16) & 0xff; |
| image[0x20e] = (actual_length >> 8) & 0xff; |
| image[0x20f] = actual_length & 0xff; |
| |
| image[0x21c] = (actual_length >> 24) & 0xff; |
| image[0x21d] = (actual_length >> 16) & 0xff; |
| image[0x21e] = (actual_length >> 8) & 0xff; |
| image[0x21f] = actual_length & 0xff; |
| |
| /* This is the length of the binary, including the ESTFBINR header and |
| rounded up to the nearest 0x200 boundary */ |
| binary_length = (actual_length + 0x20 + 0x1ff) & 0xfffffe00; |
| |
| /* The number of checksums, i.e number of 0x200 byte blocks */ |
| num_chksums = binary_length / 0x200; |
| |
| /* The total file length, including all headers and checksums */ |
| total_length = binary_length + num_chksums + 0x200; |
| |
| /* Patch the scrambler header with the new length info */ |
| image[0] = total_length & 0xff; |
| image[1] = (total_length >> 8) & 0xff; |
| image[2] = (total_length >> 16) & 0xff; |
| image[3] = (total_length >> 24) & 0xff; |
| |
| image[4] = binary_length & 0xff; |
| image[5] = (binary_length >> 8) & 0xff; |
| image[6] = (binary_length >> 16) & 0xff; |
| image[7] = (binary_length >> 24) & 0xff; |
| |
| image[8] = num_chksums & 0xff; |
| image[9] = (num_chksums >> 8) & 0xff; |
| image[10] = (num_chksums >> 16) & 0xff; |
| image[11] = (num_chksums >> 24) & 0xff; |
| |
| i = fwrite(image, 1, total_length, f); |
| if(i < total_length) { |
| perror(outfile); |
| fclose(f); |
| return -7; |
| } |
| |
| printf("Wrote 0x%x bytes in %s\n", total_length, outfile); |
| |
| fclose(f); |
| |
| return 0; |
| } |
| |
| /* iAudio firmware update file header size */ |
| #define HEADER_SIZE 0x1030 |
| /* Address of flash contents that get overwritten by a firmware update. |
| * Contents before this address contain the preloader and are not affected |
| * by a firmware update. |
| * -> Firmware update file contents starting at offset HEADER_SIZE end up |
| * in flash at address FLASH_START |
| */ |
| #define FLASH_START 0x00010000 |
| /* Start of unused space in original firmware (flash address, not file |
| * offset!) where we patch in the Rockbox loader */ |
| #define ROCKBOX_BOOTLOADER 0x00150000 |
| /* End of unused space in original firmware */ |
| #define BOOTLOADER_LIMIT 0x00170000 |
| |
| /* Patch the Rockbox bootloader into free space in the original firmware |
| * (starting at 0x150000). The preloader starts execution of the OF at |
| * 0x10000 which normally contains a jsr 0x10010. We also patch this to |
| * do a jsr 0x150000 to the Rockbox dual boot loader instead. If it then |
| * decides to start the OF instead of Rockbox, it simply does a jmp |
| * 0x10010 instead of loading Rockbox from disk. |
| */ |
| int mkboot_iaudio(const char* infile, const char* bootfile, const char* outfile, int model_nr) |
| { |
| size_t flength, blength; |
| unsigned char *bbuf, *fbuf, *p; |
| const unsigned char fsig[] = { |
| 0x4e, 0xb9, 0x00, 0x01, 0x00, 0x10 }; /* jsr 0x10010 */ |
| unsigned char bsig[2][8] = { |
| /* dualboot signatures */ |
| { 0x60, 0x06, 0x44, 0x42, 0x69, 0x61, 0x78, 0x35 }, /* X5 */ |
| { 0x60, 0x06, 0x44, 0x42, 0x69, 0x61, 0x6d, 0x35 }, /* M5 */ }; |
| FILE *ffile, *bfile, *ofile; |
| unsigned char sum = 0; |
| int i; |
| |
| /* read input files */ |
| if ((bfile = fopen(bootfile, "rb")) == NULL) { |
| perror("Cannot open Rockbox bootloader file.\n"); |
| return 1; |
| } |
| |
| fseek(bfile, 0, SEEK_END); |
| blength = ftell(bfile); |
| fseek(bfile, 0, SEEK_SET); |
| |
| if (blength + ROCKBOX_BOOTLOADER >= BOOTLOADER_LIMIT) { |
| fprintf(stderr, "Rockbox bootloader is too big.\n"); |
| return 1; |
| } |
| |
| if ((ffile = fopen(infile, "rb")) == NULL) { |
| perror("Cannot open original firmware file."); |
| return 1; |
| } |
| |
| fseek(ffile, 0, SEEK_END); |
| flength = ftell(ffile); |
| fseek(ffile, 0, SEEK_SET); |
| |
| bbuf = malloc(blength); |
| fbuf = malloc(flength); |
| |
| if (!bbuf || !fbuf) { |
| fprintf(stderr, "Out of memory.\n"); |
| return 1; |
| } |
| |
| if ( fread(bbuf, 1, blength, bfile) < blength |
| || fread(fbuf, 1, flength, ffile) < flength) { |
| fprintf(stderr, "Read error.\n"); |
| return 1; |
| } |
| fclose(bfile); |
| fclose(ffile); |
| |
| /* verify format of input files */ |
| if (blength < 0x10 || memcmp(bbuf, bsig[model_nr], sizeof(bsig[0]))) { |
| fprintf(stderr, "Rockbox bootloader format error (is it bootloader.bin?).\n"); |
| return 1; |
| } |
| if (flength < HEADER_SIZE-FLASH_START+BOOTLOADER_LIMIT |
| || memcmp(fbuf+HEADER_SIZE, fsig, sizeof(fsig))) { |
| fprintf(stderr, "Original firmware format error.\n"); |
| return 1; |
| } |
| |
| /* verify firmware is not overrun */ |
| for (i = ROCKBOX_BOOTLOADER; i < BOOTLOADER_LIMIT; i++) { |
| if (fbuf[HEADER_SIZE-FLASH_START+i] != 0xff) { |
| fprintf(stderr, "Original firmware has grown too much.\n"); |
| return 1; |
| } |
| } |
| |
| /* change jsr 0x10010 to jsr DUAL_BOOTLOADER */ |
| p = fbuf + HEADER_SIZE + 2; |
| *p++ = (ROCKBOX_BOOTLOADER >> 24) & 0xff; |
| *p++ = (ROCKBOX_BOOTLOADER >> 16) & 0xff; |
| *p++ = (ROCKBOX_BOOTLOADER >> 8) & 0xff; |
| *p++ = (ROCKBOX_BOOTLOADER ) & 0xff; |
| |
| p = fbuf + HEADER_SIZE + ROCKBOX_BOOTLOADER - FLASH_START; |
| memcpy(p, bbuf, blength); |
| |
| /* recalc checksum */ |
| for (i = HEADER_SIZE; (size_t)i < flength; i++) |
| sum += fbuf[i]; |
| fbuf[0x102b] = sum; |
| |
| /* write output */ |
| if ((ofile = fopen(outfile, "wb")) == NULL) { |
| perror("Cannot open output file"); |
| return 1; |
| } |
| if (fwrite(fbuf, 1, flength, ofile) < flength) { |
| fprintf(stderr, "Write error.\n"); |
| return 1; |
| } |
| fclose(ofile); |
| free(bbuf); |
| free(fbuf); |
| |
| return 0; |
| } |