mirror of https://github.com/hak5/openwrt-owl.git
377 lines
7.3 KiB
C
377 lines
7.3 KiB
C
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
|
|
|
|
#define IMG_SIZE 0x3e0000
|
|
|
|
#define KERNEL_START 0x020000
|
|
#define KERNEL_SIZE 0x0b0000
|
|
|
|
#define ROOTFS_START 0x0d0000
|
|
#define ROOTFS_SIZE 0x30ffb2
|
|
|
|
char* app_name;
|
|
|
|
|
|
|
|
|
|
void print_usage(void)
|
|
{
|
|
fprintf(stderr, "usage: dgfirmware [<opts>] <img>\n");
|
|
fprintf(stderr, " <img> firmware image filename\n");
|
|
fprintf(stderr, " <opts> -h print this message\n");
|
|
fprintf(stderr, " -f fix the checksum\n");
|
|
fprintf(stderr, " -x <file> extract the rootfs file to <file>\n");
|
|
fprintf(stderr, " -xk <file> extract the kernel to <file>\n");
|
|
fprintf(stderr, " -m <file> merge in rootfs fil\e from <file>\n");
|
|
fprintf(stderr, " -k <file> merge in kernel from <file>\n");
|
|
fprintf(stderr, " -w <file> write back the modified firmware\n");
|
|
}
|
|
|
|
|
|
unsigned char* read_img(const char *fname)
|
|
{
|
|
FILE *fp;
|
|
int size;
|
|
unsigned char *img;
|
|
|
|
fp = fopen(fname, "rb");
|
|
if (fp == NULL) {
|
|
perror(app_name);
|
|
exit(-1);
|
|
}
|
|
|
|
fseek(fp, 0, SEEK_END);
|
|
size = ftell(fp);
|
|
|
|
if (size != IMG_SIZE) {
|
|
fprintf(stderr, "%s: image file has wrong size\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
|
|
rewind(fp);
|
|
|
|
img = malloc(IMG_SIZE);
|
|
if (img == NULL) {
|
|
perror(app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
|
|
if (fread(img, 1, IMG_SIZE, fp) != IMG_SIZE) {
|
|
fprintf(stderr, "%s: can't read image file\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
|
|
fclose(fp);
|
|
return img;
|
|
}
|
|
|
|
|
|
void write_img(unsigned char* img, const char *fname)
|
|
{
|
|
FILE *fp;
|
|
|
|
fp = fopen(fname, "wb");
|
|
if (fp == NULL) {
|
|
perror(app_name);
|
|
exit(-1);
|
|
}
|
|
|
|
if (fwrite(img, 1, IMG_SIZE, fp) != IMG_SIZE) {
|
|
fprintf(stderr, "%s: can't write image file\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
}
|
|
|
|
|
|
void write_rootfs(unsigned char* img, const char *fname)
|
|
{
|
|
FILE *fp;
|
|
|
|
fp = fopen(fname, "wb");
|
|
if (fp == NULL) {
|
|
perror(app_name);
|
|
exit(-1);
|
|
}
|
|
|
|
if (fwrite(img+ROOTFS_START, 1, ROOTFS_SIZE, fp) != ROOTFS_SIZE) {
|
|
fprintf(stderr, "%s: can't write image file\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
}
|
|
|
|
|
|
void write_kernel(unsigned char* img, const char *fname)
|
|
{
|
|
FILE *fp;
|
|
|
|
fp = fopen(fname, "wb");
|
|
if (fp == NULL) {
|
|
perror(app_name);
|
|
exit(-1);
|
|
}
|
|
|
|
if (fwrite(img+KERNEL_START, 1, KERNEL_SIZE, fp) != KERNEL_SIZE) {
|
|
fprintf(stderr, "%s: can't write kernel file\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
}
|
|
|
|
|
|
unsigned char* read_rootfs(unsigned char* img, const char *fname)
|
|
{
|
|
FILE *fp;
|
|
int size;
|
|
int i;
|
|
|
|
for (i=ROOTFS_START; i<ROOTFS_START+ROOTFS_SIZE; i++)
|
|
img[i] = 0xff;
|
|
|
|
fp = fopen(fname, "rb");
|
|
if (fp == NULL) {
|
|
perror(app_name);
|
|
exit(-1);
|
|
}
|
|
|
|
fseek(fp, 0, SEEK_END);
|
|
size = ftell(fp);
|
|
|
|
if (size > ROOTFS_SIZE) {
|
|
fprintf(stderr, "%s: rootfs image file is too big\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
|
|
rewind(fp);
|
|
|
|
if (fread(img+ROOTFS_START, 1, size, fp) != size) {
|
|
fprintf(stderr, "%s: can't read rootfs image file\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
|
|
fclose(fp);
|
|
return img;
|
|
}
|
|
|
|
|
|
unsigned char* read_kernel(unsigned char* img, const char *fname)
|
|
{
|
|
FILE *fp;
|
|
int size;
|
|
int i;
|
|
|
|
for (i=KERNEL_START; i<KERNEL_START+KERNEL_SIZE; i++)
|
|
img[i] = 0xff;
|
|
|
|
fp = fopen(fname, "rb");
|
|
if (fp == NULL) {
|
|
perror(app_name);
|
|
exit(-1);
|
|
}
|
|
|
|
fseek(fp, 0, SEEK_END);
|
|
size = ftell(fp);
|
|
|
|
if (size > KERNEL_SIZE) {
|
|
fprintf(stderr, "%s: kernel binary file is too big\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
|
|
rewind(fp);
|
|
|
|
if (fread(img+KERNEL_START, 1, size, fp) != size) {
|
|
fprintf(stderr, "%s: can't read kernel file\n", app_name);
|
|
fclose(fp);
|
|
exit(-1);
|
|
}
|
|
|
|
fclose(fp);
|
|
return img;
|
|
}
|
|
|
|
|
|
int get_checksum(unsigned char* img)
|
|
{
|
|
short unsigned s;
|
|
|
|
s = img[0x3dfffc] + (img[0x3dfffd]<<8);
|
|
|
|
return s;
|
|
}
|
|
|
|
|
|
void set_checksum(unsigned char*img, unsigned short sum)
|
|
{
|
|
img[0x3dfffc] = sum & 0xff;
|
|
img[0x3dfffd] = (sum>>8) & 0xff;
|
|
}
|
|
|
|
|
|
int compute_checksum(unsigned char* img)
|
|
{
|
|
int i;
|
|
short s=0;
|
|
|
|
for (i=0; i<0x3dfffc; i++)
|
|
s += img[i];
|
|
|
|
return s;
|
|
}
|
|
|
|
|
|
int main(int argc, char* argv[])
|
|
{
|
|
char *img_fname = NULL;
|
|
char *rootfs_fname = NULL;
|
|
char *kernel_fname = NULL;
|
|
char *new_img_fname = NULL;
|
|
|
|
int do_fix_checksum = 0;
|
|
int do_write = 0;
|
|
int do_write_rootfs = 0;
|
|
int do_read_rootfs = 0;
|
|
int do_write_kernel = 0;
|
|
int do_read_kernel = 0;
|
|
|
|
int i;
|
|
unsigned char *img;
|
|
unsigned short img_checksum;
|
|
unsigned short real_checksum;
|
|
|
|
app_name = argv[0];
|
|
|
|
for (i=1; i<argc; i++) {
|
|
if (!strcmp(argv[i], "-h")) {
|
|
print_usage();
|
|
return 0;
|
|
}
|
|
else if (!strcmp(argv[i], "-f")) {
|
|
do_fix_checksum = 1;
|
|
}
|
|
else if (!strcmp(argv[i], "-x")) {
|
|
if (i+1 >= argc) {
|
|
fprintf(stderr, "%s: missing argument\n", app_name);
|
|
return -1;
|
|
}
|
|
do_write_rootfs = 1;
|
|
rootfs_fname = argv[i+1];
|
|
i++;
|
|
}
|
|
else if (!strcmp(argv[i], "-xk")) {
|
|
if (i+1 >= argc) {
|
|
fprintf(stderr, "%s: missing argument\n", app_name);
|
|
return -1;
|
|
}
|
|
do_write_kernel = 1;
|
|
kernel_fname = argv[i+1];
|
|
i++;
|
|
}
|
|
else if (!strcmp(argv[i], "-m")) {
|
|
if (i+1 >= argc) {
|
|
fprintf(stderr, "%s: missing argument\n", app_name);
|
|
return -1;
|
|
}
|
|
do_read_rootfs = 1;
|
|
rootfs_fname = argv[i+1];
|
|
i++;
|
|
}
|
|
else if (!strcmp(argv[i], "-k")) {
|
|
if (i+1 >= argc) {
|
|
fprintf(stderr, "%s: missing argument\n", app_name);
|
|
return -1;
|
|
}
|
|
do_read_kernel = 1;
|
|
kernel_fname = argv[i+1];
|
|
i++;
|
|
}
|
|
else if (!strcmp(argv[i], "-w")) {
|
|
if (i+1 >= argc) {
|
|
fprintf(stderr, "%s: missing argument\n", app_name);
|
|
return -1;
|
|
}
|
|
do_write = 1;
|
|
new_img_fname = argv[i+1];
|
|
i++;
|
|
}
|
|
else if (img_fname != 0) {
|
|
fprintf(stderr, "%s: too many arguments\n", app_name);
|
|
return -1;
|
|
}
|
|
else {
|
|
img_fname = argv[i];
|
|
}
|
|
}
|
|
|
|
if (img_fname == NULL) {
|
|
fprintf(stderr, "%s: missing argument\n", app_name);
|
|
return -1;
|
|
}
|
|
|
|
if ((do_read_rootfs && do_write_rootfs) ||
|
|
(do_read_kernel && do_write_kernel)) {
|
|
fprintf(stderr, "%s: conflictuous options\n", app_name);
|
|
return -1;
|
|
}
|
|
|
|
printf ("** Read firmware file\n");
|
|
img = read_img(img_fname);
|
|
|
|
printf ("Firmware product: %s\n", img+0x3dffbd);
|
|
printf ("Firmware version: 1.%02d.%02d\n", (img[0x3dffeb] & 0x7f), img[0x3dffec]);
|
|
|
|
if (do_write_rootfs) {
|
|
printf ("** Write rootfs file\n");
|
|
write_rootfs(img, rootfs_fname);
|
|
}
|
|
|
|
if (do_write_kernel) {
|
|
printf ("** Write kernel file\n");
|
|
write_kernel(img, kernel_fname);
|
|
}
|
|
|
|
if (do_read_rootfs) {
|
|
printf ("** Read rootfs file\n");
|
|
read_rootfs(img, rootfs_fname);
|
|
do_fix_checksum = 1;
|
|
}
|
|
|
|
if (do_read_kernel) {
|
|
printf ("** Read kernel file\n");
|
|
read_kernel(img, kernel_fname);
|
|
do_fix_checksum = 1;
|
|
}
|
|
|
|
img_checksum = get_checksum(img);
|
|
real_checksum = compute_checksum(img);
|
|
|
|
printf ("image checksum = %04x\n", img_checksum);
|
|
printf ("real checksum = %04x\n", real_checksum);
|
|
|
|
if (do_fix_checksum) {
|
|
if (img_checksum != real_checksum) {
|
|
printf ("** Bad Checksum, fix it\n");
|
|
set_checksum(img, real_checksum);
|
|
}
|
|
else {
|
|
printf ("** Checksum is correct, good\n");
|
|
}
|
|
}
|
|
|
|
if (do_write) {
|
|
printf ("** Write image file\n");
|
|
write_img(img, new_img_fname);
|
|
}
|
|
|
|
free(img);
|
|
return 0;
|
|
}
|
|
|