Firmware tools for Samsung YP-R0/YP-R1 (and possibly others) They have been rewritten for being completely free and as fast as possible. Successfully extracted, patched, repacked and flashed original firmware (tested on device and it worked) · tsiry-sandratraina.com/rockbox-zig@da8a6a9

+15 -8

utils/ypr0tools/Makefile

··· 1 + DEFINES= 2 + CC=gcc 3 + LD=gcc 4 + CFLAGS=-g -std=c99 -W -Wall $(DEFINES) 5 + LDFLAGS= 6 + BINS=fwcrypt fwdecrypt 1 7 2 - .PHONY: all clean 3 - PROGS = extract_section 4 - CC = gcc 5 - CFLAGS = -O1 -g -W -Wall 8 + all: $(BINS) 9 + 10 + %.o: %.c 11 + $(CC) $(CFLAGS) -c -o $@ $< 6 12 13 + fwdecrypt: fwdecrypt.o common.o ../../tools/fwpatcher/md5.o 14 + $(LD) -o $@ $^ $(LDFLAGS) 7 15 8 - all: $(PROGS) 9 - $(MAKE) -C cramfs-1.1 16 + fwcrypt: fwcrypt.o common.o ../../tools/fwpatcher/md5.o 17 + $(LD) -o $@ $^ $(LDFLAGS) 10 18 11 19 clean: 12 - $(MAKE) -C cramfs-1.1 clean 13 - rm -f extract_section 20 + rm -fr *.o $(BINS)

utils/ypr0tools/MuonEncrypt

This is a binary file and will not be displayed.

+3 -3

utils/ypr0tools/README

··· 2 2 To generate a firmware, run (paths may differ): 3 3 4 4 $ make 5 - $ ./unpack-firmware.sh R0.ROM /tmp/romfiles 6 - $ sudo ./patch-firmware.sh files /tmp/romfiles # needs sudo 7 - $ ./pack-firmware.sh R0.ROM /tmp/romfiles 5 + $ ./fwdecrypt R0.ROM <optional: destination path> 6 + $ sudo ./patch-firmware.sh files . # needs sudo 7 + $ ./fwcrypt R0.ROM <optional: source path> 8 8 9 9 After that, R0.ROM is patched and can load Rockbox. 10 10

+94

utils/ypr0tools/common.c

··· 1 + /*************************************************************************** 2 + * __________ __ ___. 3 + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ 4 + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / 5 + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < 6 + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ 7 + * \/ \/ \/ \/ \/ 8 + * 9 + * Copyright (C) 2013 Lorenzo Miori 10 + * 11 + * This program is free software; you can redistribute it and/or 12 + * modify it under the terms of the GNU General Public License 13 + * as published by the Free Software Foundation; either version 2 14 + * of the License, or (at your option) any later version. 15 + * 16 + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 17 + * KIND, either express or implied. 18 + * 19 + ****************************************************************************/ 20 + 21 + #include <stdio.h> 22 + #include <string.h> 23 + #include <stdlib.h> 24 + #include <stdarg.h> 25 + #include <getopt.h> 26 + #include <stdint.h> 27 + #include "common.h" 28 + #include "../../tools/fwpatcher/md5.h" 29 + 30 + uint8_t g_yp_key[] = 31 + { 32 + 0xa3, 0x04, 0xb9, 0xcd, 0x34, 0x13, 0x4a, 0x19, 0x19, 0x31, 0xdf, 0xbb, 33 + 0x8f, 0x3d, 0x7f, 0x09, 0x42, 0x3c, 0x96, 0x33, 0x41, 0xa9, 0x95, 0xf1, 34 + 0xd0, 0xac, 0x16, 0x37, 0x57, 0x35, 0x28, 0xe7, 0x0b, 0xc2, 0x12, 0x09, 35 + 0x39, 0x42, 0xd2, 0x96, 0xf5, 0x00, 0xd2, 0x23, 0x37, 0x24, 0xe2, 0x8e, 36 + 0x50, 0x3c, 0x6e, 0x23, 0xeb, 0x68, 0xed, 0x31, 0xb7, 0xee, 0xc0, 0xc7, 37 + 0x09, 0xf8, 0x39, 0x9d, 0x51, 0xed, 0x17, 0x95, 0x64, 0x09, 0xe0, 0xf9, 38 + 0xf0, 0xef, 0x86, 0xc0, 0x04, 0x46, 0x89, 0x8a, 0x6e, 0x27, 0x69, 0xde, 39 + 0xc7, 0x31, 0x1e, 0xee, 0x3c, 0x3f, 0x17, 0x05, 0x44, 0xbb, 0xbb, 0x1d, 40 + 0x3d, 0x5d, 0x6e, 0xf2, 0x78, 0x15, 0xd6, 0x3c, 0xcc, 0x7d, 0x67, 0x1a, 41 + 0xb8, 0xd2, 0x79, 0x54, 0x97, 0xa2, 0x58, 0x58, 0xf7, 0x4e, 0x5e, 0x50, 42 + 0x42, 0x69, 0xdc, 0xe7, 0x3a, 0x87, 0x2e, 0x22 43 + }; 44 + 45 + char* firmware_components[] = {"MBoot", "Linux", "RootFS", "Sysdata"}; 46 + char* firmware_filenames[] = {"MBoot.bin", "zImage", "cramfs-fsl.rom", "SYSDATA.bin"}; 47 + 48 + void cyclic_xor(void *data, int datasize, void *xor, int xorsize) 49 + { 50 + for(int i = 0; i < datasize; i++) 51 + *(uint8_t *)(data + i) ^= *(uint8_t *)(xor + (i % xorsize)); 52 + } 53 + 54 + size_t get_filesize(FILE* handle) 55 + { 56 + long size = 0; 57 + long old_pos = ftell(handle); 58 + fseek(handle, 0, SEEK_END); 59 + size = ftell(handle); 60 + fseek(handle, old_pos, SEEK_SET); 61 + return size; 62 + } 63 + 64 + /* A very rough implementation... */ 65 + void join_path(char* destination, char* first, char* second) 66 + { 67 + memset(destination, 0, MAX_PATH); 68 + if (first != NULL && strlen(first) > 0) 69 + { 70 + strcpy(destination, first); 71 + if (destination[strlen(destination) - 1] != DIR_SEPARATOR) 72 + { 73 + int l = strlen(destination); 74 + destination[l] = DIR_SEPARATOR; 75 + destination[l + 1] = '\0'; 76 + } 77 + } 78 + strcat(destination, second); 79 + } 80 + 81 + void md5sum(char* md5sum_string, char* data, unsigned long size) 82 + { 83 + uint8_t md5_checksum[16]; 84 + md5_context c; 85 + md5_starts(&c); 86 + md5_update(&c, (unsigned char*)data, size); 87 + md5_finish(&c, md5_checksum); 88 + memset(md5sum_string, 0, MD5_DIGEST_LENGTH*2+1); 89 + for (int i = 0; i < MD5_DIGEST_LENGTH; i++) 90 + { 91 + sprintf(md5sum_string, "%02x", md5_checksum[i]); 92 + md5sum_string+=2; 93 + } 94 + }

+86

utils/ypr0tools/common.h

··· 1 + /*************************************************************************** 2 + * __________ __ ___. 3 + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ 4 + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / 5 + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < 6 + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ 7 + * \/ \/ \/ \/ \/ 8 + * 9 + * Copyright (C) 2013 Lorenzo Miori 10 + * 11 + * This program is free software; you can redistribute it and/or 12 + * modify it under the terms of the GNU General Public License 13 + * as published by the Free Software Foundation; either version 2 14 + * of the License, or (at your option) any later version. 15 + * 16 + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 17 + * KIND, either express or implied. 18 + * 19 + ****************************************************************************/ 20 + 21 + #ifndef _COMMON_H_ 22 + #define _COMMON_H_ 23 + 24 + #include <stdio.h> 25 + #include <string.h> 26 + #include <stdlib.h> 27 + #include <stdarg.h> 28 + #include <getopt.h> 29 + #include <stdint.h> 30 + 31 + #if defined(WIN32) 32 + # define DIR_SEPARATOR '\\' 33 + #else 34 + # define DIR_SEPARATOR '/' 35 + #endif 36 + 37 + #define MAX_PATH 255 38 + 39 + /* 40 + * Firmware description 41 + */ 42 + 43 + #define GENERIC_HEADER_LINES 5 44 + #define MAX_HEADER_LEN 1000 45 + /* Empty space used by bootloader to store checksums */ 46 + #define MBOOT_CHECKSUM_OFFSET 96 47 + /* Length of the reserved space */ 48 + #define MBOOT_CHECKSUM_LENGTH 992 49 + 50 + /* In case we don't have RevisionInfo.txt file, mock values are fine */ 51 + #define YPR0_VERSION "Version : V1.25\n" 52 + #define YPR0_TARGET "Target : KR\n" 53 + #define YPR0_USER "User : rockbox\n" 54 + #define YPR0_DIR "Dir : /.rockbox\n" 55 + #define YPR0_TIME "BuildTime : 11/04/20 14:17:34\n" 56 + 57 + #define YPR0_COMPONENTS_COUNT 4 58 + 59 + #define MD5_DIGEST_LENGTH 16 60 + 61 + extern char* firmware_components[]; 62 + extern char* firmware_filenames[]; 63 + extern uint8_t g_yp_key[128]; 64 + 65 + struct firmware_data 66 + { 67 + char* component_data[YPR0_COMPONENTS_COUNT]; 68 + size_t component_size[YPR0_COMPONENTS_COUNT]; 69 + char component_checksum[YPR0_COMPONENTS_COUNT][MD5_DIGEST_LENGTH*2+1]; 70 + }; 71 + 72 + enum samsung_error_t 73 + { 74 + SAMSUNG_SUCCESS = 0, 75 + SAMSUNG_READ_ERROR = -1, 76 + SAMSUNG_FORMAT_ERROR = -2, 77 + SAMSUNG_MD5_ERROR = -3, 78 + SAMSUNG_WRITE_ERROR = -4, 79 + }; 80 + 81 + void cyclic_xor(void *data, int datasize, void *xor, int xorsize); 82 + size_t get_filesize(FILE* handle); 83 + void join_path(char* destination, char* first, char* second); 84 + void md5sum(char* component_checksum, char* data, unsigned long size); 85 + 86 + #endif /* _COMMON_H_ */

-85

utils/ypr0tools/extract_section.c

··· 1 - /*************************************************************************** 2 - * __________ __ ___. 3 - * Open \______ \ ____ ____ | | _\_ |__ _______ ___ 4 - * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / 5 - * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < 6 - * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ 7 - * \/ \/ \/ \/ \/ 8 - * $Id$ 9 - * 10 - * Copyright (C) 2011 Thomas Martitz 11 - * 12 - * This program is free software; you can redistribute it and/or 13 - * modify it under the terms of the GNU General Public License 14 - * as published by the Free Software Foundation; either version 2 15 - * of the License, or (at your option) any later version. 16 - * 17 - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 18 - * KIND, either express or implied. 19 - * 20 - ****************************************************************************/ 21 - 22 - #include <unistd.h> 23 - #include <sys/types.h> 24 - #include <sys/stat.h> 25 - #include <fcntl.h> 26 - #include <stdio.h> 27 - #include <stdlib.h> 28 - #include <stdarg.h> 29 - 30 - /* A simple replacement program for ( 31 - * dd if=$file1 of=$file2 bs=1 skip=$offset count=$size 32 - * 33 - * Written because byte-size operations with dd are unbearably slow. 34 - */ 35 - 36 - void usage(void) 37 - { 38 - fprintf(stderr, "Usage: extract_section <romfile> <outfile> <offset> <byte count>\n"); 39 - exit(1); 40 - } 41 - 42 - void die(const char* fmt, ...) 43 - { 44 - va_list ap; 45 - va_start(ap, fmt); 46 - vfprintf(stderr, fmt, ap); 47 - va_end(ap); 48 - exit(1); 49 - } 50 - 51 - int main(int argc, const char* argv[]) 52 - { 53 - if (argc != 5) 54 - usage(); 55 - 56 - int ifd, ofd; 57 - ssize_t size = atol(argv[4]); 58 - long skip = atol(argv[3]); 59 - 60 - if (!size) 61 - die("invalid byte count\n"); 62 - 63 - ifd = open(argv[1], O_RDONLY); 64 - if (ifd < 0) 65 - die("Could not open %s for reading!\n", argv[1]); 66 - 67 - ofd = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC, 0666); 68 - if (ofd < 0) 69 - die("Could not create %s\n", argv[2]); 70 - 71 - void *buf = malloc(size); 72 - if (!buf) die("OOM\n"); 73 - 74 - lseek(ifd, skip, SEEK_SET); 75 - lseek(ofd, 0, SEEK_SET); 76 - if (read(ifd, buf, size) != size) 77 - die("Read failed\n"); 78 - if (write(ofd, buf, size) != size) 79 - die("write failed\n"); 80 - 81 - close(ifd); 82 - close(ofd); 83 - 84 - exit(EXIT_SUCCESS); 85 - }

+170

utils/ypr0tools/fwcrypt.c

··· 1 + /*************************************************************************** 2 + * __________ __ ___. 3 + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ 4 + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / 5 + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < 6 + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ 7 + * \/ \/ \/ \/ \/ 8 + * 9 + * Copyright (C) 2013 Lorenzo Miori 10 + * 11 + * This program is free software; you can redistribute it and/or 12 + * modify it under the terms of the GNU General Public License 13 + * as published by the Free Software Foundation; either version 2 14 + * of the License, or (at your option) any later version. 15 + * 16 + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 17 + * KIND, either express or implied. 18 + * 19 + ****************************************************************************/ 20 + 21 + #include <stdio.h> 22 + #include <string.h> 23 + #include <stdlib.h> 24 + #include <stdarg.h> 25 + #include <getopt.h> 26 + #include <stdint.h> 27 + #include "common.h" 28 + 29 + static char* input_dir = NULL; 30 + static FILE* output_file = NULL; 31 + static struct firmware_data fw; 32 + 33 + static void cleanup(void) 34 + { 35 + for (int i = 0; i < YPR0_COMPONENTS_COUNT; i++) 36 + { 37 + free(fw.component_data[i]); 38 + } 39 + } 40 + 41 + static void die(int error) 42 + { 43 + if (output_file != NULL) 44 + fclose(output_file); 45 + free(input_dir); 46 + cleanup(); 47 + exit(error); 48 + } 49 + 50 + int main(int argc, char **argv) 51 + { 52 + FILE* component_handle = NULL; 53 + FILE* rev_info_file = NULL; 54 + int error = 0; 55 + char* tmp_path = malloc(MAX_PATH); 56 + 57 + memset(&fw, 0, sizeof(fw)); 58 + 59 + if (argc < 2) 60 + { 61 + printf( 62 + "Crypts Samsung YP-R0/YP-R1 ROM file format\n" 63 + "Usage: fwcrypt <output ROM file path\n" 64 + ); 65 + return 1; 66 + } 67 + 68 + input_dir = malloc(MAX_PATH); 69 + input_dir[0] = '\0'; 70 + if (argc > 2) 71 + { 72 + strcpy(input_dir, argv[2]); 73 + } 74 + 75 + /* open the output file for write */ 76 + output_file = fopen(argv[1], "wb"); 77 + if (output_file == NULL) 78 + { 79 + fprintf(stderr, "Cannot open file for writing: %m\n"); 80 + die(SAMSUNG_WRITE_ERROR); 81 + } 82 + 83 + /* write generic header */ 84 + join_path(tmp_path, input_dir, "RevisionInfo.txt"); 85 + rev_info_file = fopen(tmp_path, "rb"); 86 + if (rev_info_file != NULL) 87 + { 88 + for (int i = 0; i < GENERIC_HEADER_LINES; i++) 89 + { 90 + char header[MAX_HEADER_LEN]; 91 + error += fgets(header, MAX_HEADER_LEN, rev_info_file) == NULL; 92 + error += fprintf(output_file, "%s", header) != (signed)strlen(header); 93 + } 94 + fclose(rev_info_file); 95 + } 96 + else 97 + { 98 + /* write some generic information */ 99 + error += fprintf(output_file, YPR0_VERSION) != strlen(YPR0_VERSION); 100 + error += fprintf(output_file, YPR0_TARGET) != strlen(YPR0_TARGET); 101 + error += fprintf(output_file, YPR0_USER) != strlen(YPR0_USER); 102 + error += fprintf(output_file, YPR0_DIR) != strlen(YPR0_DIR); 103 + error += fprintf(output_file, YPR0_TIME) != strlen(YPR0_TIME); 104 + } 105 + 106 + if(error != 0) 107 + { 108 + fprintf(stderr, "Cannot write generic header\n"); 109 + die(SAMSUNG_WRITE_ERROR); 110 + } 111 + 112 + for (int i = 0; i < YPR0_COMPONENTS_COUNT; i++) 113 + { 114 + join_path(tmp_path, input_dir, firmware_filenames[i]); 115 + component_handle = fopen(tmp_path, "rb"); 116 + if (component_handle == NULL) 117 + { 118 + fprintf(stderr, "Error while reading firmware component.\n"); 119 + die(SAMSUNG_READ_ERROR); 120 + } 121 + fw.component_size[i] = get_filesize(component_handle); 122 + fw.component_data[i] = malloc(fw.component_size[i] * sizeof(char)); 123 + fread(fw.component_data[i], sizeof(char), fw.component_size[i], component_handle); 124 + fclose(component_handle); 125 + 126 + /* compute checksum */ 127 + md5sum(fw.component_checksum[i], fw.component_data[i], fw.component_size[i]); 128 + printf("%s : size(%ld),checksum(%s)\n", firmware_components[i], 129 + fw.component_size[i], fw.component_checksum[i]); 130 + /* write metadata header to file */ 131 + if (fprintf(output_file, "%s : size(%ld),checksum(%s)\n", firmware_components[i], 132 + fw.component_size[i], fw.component_checksum[i]) < 0) 133 + { 134 + fprintf(stderr, "Error writing to output file.\n"); 135 + die(SAMSUNG_WRITE_ERROR); 136 + } 137 + } 138 + 139 + /* write final data to the firmware file */ 140 + for (int i = 0; i < YPR0_COMPONENTS_COUNT; i++) 141 + { 142 + /* the bootloader needs to be patched: add checksum of the components */ 143 + if (strcmp("MBoot", firmware_components[i]) == 0) 144 + { 145 + int index=MBOOT_CHECKSUM_OFFSET; 146 + for (int z = 0; z < YPR0_COMPONENTS_COUNT; z++) 147 + { 148 + index += sprintf(fw.component_data[i] + index, "%ld:%s\n", 149 + fw.component_size[z], fw.component_checksum[z]); 150 + } 151 + } 152 + /* crypt data */ 153 + cyclic_xor(fw.component_data[i], fw.component_size[i], g_yp_key, sizeof(g_yp_key)); 154 + /* write data */ 155 + size_t written = fwrite(fw.component_data[i], sizeof(char), 156 + fw.component_size[i], output_file); 157 + if (written != fw.component_size[i]) 158 + { 159 + fprintf(stderr, "%s: error writing data to file. Written %ld bytes\n", 160 + firmware_components[i], written); 161 + die(SAMSUNG_WRITE_ERROR); 162 + } 163 + /* padding */ 164 + if (i < (YPR0_COMPONENTS_COUNT-1)) 165 + fputs("\0\0\0\0", output_file); 166 + } 167 + 168 + /* free the big amount of memory and close handles */ 169 + die(SAMSUNG_SUCCESS); 170 + }

+168

utils/ypr0tools/fwdecrypt.c

··· 1 + /*************************************************************************** 2 + * __________ __ ___. 3 + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ 4 + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / 5 + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < 6 + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ 7 + * \/ \/ \/ \/ \/ 8 + * 9 + * Copyright (C) 2013 Lorenzo Miori 10 + * 11 + * This program is free software; you can redistribute it and/or 12 + * modify it under the terms of the GNU General Public License 13 + * as published by the Free Software Foundation; either version 2 14 + * of the License, or (at your option) any later version. 15 + * 16 + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 17 + * KIND, either express or implied. 18 + * 19 + ****************************************************************************/ 20 + 21 + #include <stdio.h> 22 + #include <string.h> 23 + #include <stdlib.h> 24 + #include <stdarg.h> 25 + #include <getopt.h> 26 + #include <stdint.h> 27 + #include <stdbool.h> 28 + #include "common.h" 29 + 30 + static char* output_dir = NULL; 31 + static FILE* input_file = NULL; 32 + static struct firmware_data fw; 33 + 34 + static void cleanup(void) 35 + { 36 + for (int i = 0; i < YPR0_COMPONENTS_COUNT; i++) 37 + { 38 + free(fw.component_data[i]); 39 + } 40 + } 41 + 42 + static void die(int error) 43 + { 44 + if (input_file != NULL) 45 + fclose(input_file); 46 + free(output_dir); 47 + cleanup(); 48 + exit(error); 49 + } 50 + 51 + int main(int argc, char **argv) 52 + { 53 + FILE* component_handle = NULL; 54 + FILE* rev_info_file = NULL; 55 + char* tmp_path = malloc(MAX_PATH); 56 + int error = 0; 57 + bool md5sum_error = false; 58 + 59 + memset(&fw, 0, sizeof(fw)); 60 + 61 + if (argc < 2) 62 + { 63 + printf("Decrypts Samsung YP-R0/YP-R1 ROM file format\n" 64 + "Usage: fwdecrypt <ROM file path\n" 65 + ); 66 + return 1; 67 + } 68 + 69 + output_dir = malloc(MAX_PATH); 70 + output_dir[0] = '\0'; 71 + if (argc > 2) 72 + { 73 + strcpy(output_dir, argv[2]); 74 + } 75 + 76 + /* open the output file for write */ 77 + input_file = fopen(argv[1], "rb"); 78 + if (input_file == NULL) 79 + { 80 + fprintf(stderr, "Cannot open file for reading: %m\n"); 81 + die(SAMSUNG_READ_ERROR); 82 + } 83 + 84 + /* read some generic information */ 85 + join_path(tmp_path, output_dir, "RevisionInfo.txt"); 86 + rev_info_file = fopen(tmp_path, "w"); 87 + for (int i = 0; i < 5; i++) 88 + { 89 + char info[MAX_HEADER_LEN]; 90 + error += fgets(info, MAX_HEADER_LEN, input_file) == NULL; 91 + printf("%s", info); 92 + if (rev_info_file != NULL) 93 + fprintf(rev_info_file, "%s", info); 94 + } 95 + if (rev_info_file != NULL) 96 + fclose(rev_info_file); 97 + 98 + if (error != 0) 99 + { 100 + fprintf(stderr, "Cannot write generic header\n"); 101 + die(SAMSUNG_WRITE_ERROR); 102 + } 103 + 104 + /* read metadata */ 105 + for (int i = 0; i < YPR0_COMPONENTS_COUNT; i++) 106 + { 107 + char metadata[MAX_HEADER_LEN]; 108 + error += fgets(metadata, MAX_HEADER_LEN, input_file) == NULL; 109 + error += sscanf(metadata, "%*s : size(%ld),checksum(%s)", 110 + &fw.component_size[i], fw.component_checksum[i]) != 2; 111 + /* strip last ")" */ 112 + fw.component_checksum[i][strlen(fw.component_checksum[i])-1] = '\0'; 113 + printf("%s: %ld bytes -- MD5 %s\n", firmware_components[i], 114 + fw.component_size[i], fw.component_checksum[i]); 115 + } 116 + 117 + /* We start from the end because ROM header could have a different 118 + * line count or extra new-lines (noticed in some hacked ROMs) 119 + */ 120 + size_t current_pos = get_filesize(input_file); 121 + for (int i = YPR0_COMPONENTS_COUNT-1; i >= 0; i--) 122 + { 123 + 124 + fw.component_data[i] = malloc(fw.component_size[i]); 125 + current_pos -= fw.component_size[i]; 126 + fseek(input_file, current_pos, SEEK_SET); 127 + size_t bread = fread(fw.component_data[i], 1, fw.component_size[i], input_file); 128 + if (bread != fw.component_size[i]) 129 + fprintf(stderr, "%s: Read size mismatch: read %ld bytes, expected %ld bytes\n", 130 + firmware_components[i], bread, fw.component_size[i]); 131 + 132 + /* decrypt data */ 133 + cyclic_xor(fw.component_data[i], fw.component_size[i], g_yp_key, sizeof(g_yp_key)); 134 + 135 + /* unpatch bootloader */ 136 + if (strcmp("MBoot", firmware_components[i]) == 0) 137 + { 138 + memset(fw.component_data[i] + MBOOT_CHECKSUM_OFFSET, 0, MBOOT_CHECKSUM_LENGTH); 139 + } 140 + 141 + char md5sum_decrypted[MD5_DIGEST_LENGTH*2+1]; 142 + 143 + md5sum(md5sum_decrypted, fw.component_data[i], fw.component_size[i]); 144 + 145 + if (strcmp(md5sum_decrypted, fw.component_checksum[i]) != 0) 146 + { 147 + printf("%s: FAIL (md5sum doesn't match)\n", firmware_components[i]); 148 + md5sum_error = true; 149 + } 150 + 151 + join_path(tmp_path, output_dir, firmware_filenames[i]); 152 + component_handle = fopen(tmp_path, "wb"); 153 + 154 + if (component_handle == NULL) 155 + { 156 + fprintf(stderr, "Error opening file for writing. Is the directory valid and writeable?\n"); 157 + die(SAMSUNG_WRITE_ERROR); 158 + } 159 + 160 + fwrite(fw.component_data[i], 1, fw.component_size[i], component_handle); 161 + fclose(component_handle); 162 + 163 + } 164 + 165 + if (md5sum_error) 166 + die(SAMSUNG_MD5_ERROR); 167 + die(SAMSUNG_SUCCESS); 168 + }

-132

utils/ypr0tools/pack-firmware.sh

··· 1 - #!/bin/bash 2 - 3 - ###################################################################### 4 - # __________ __ ___. 5 - # Open \______ \ ____ ____ | | _\_ |__ _______ ___ 6 - # Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / 7 - # Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < 8 - # Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ 9 - # \/ \/ \/ \/ \/ 10 - # 11 - # * Script to generate a Samsung YP-R0 firmware file (R0.ROM) */ 12 - ###################################################################### 13 - # 14 - # This file was oringally called NewPack.sh, its origin is the R0 open source 15 - # package from Samsung. 16 - # 17 - # Muon Platform 18 - # Copyright (c) 2004-2009 Samsung Electronics, Inc. 19 - # All rights reserved. 20 - # 21 - # Rom Packaging Script 22 - # It needs sudoer privilege of rm, mkdir, cp, mkcramfs. 23 - # You can configure it in the /etc/sudoer file. 24 - # This script is very dangerous. Be careful to use. 25 - # 26 - # SangMan Sim<sangman.sim@samsung.com> 27 - 28 - # bail out early 29 - set -e 30 - 31 - DIR=${2:-"."} 32 - DIR=${DIR%/} 33 - REVISION="$DIR/RevisionInfo.txt" 34 - CRAMFS="$DIR/cramfs-fsl.rom" 35 - SYSDATA="$DIR/SYSDATA.bin" 36 - MBOOT="$DIR/MBoot.bin" 37 - MBOOT_TMP="${TMP_DIR:-$DIR}/MBoot.tmp" 38 - LINUX="$DIR/zImage" 39 - R0ROM=$1 40 - 41 - # some sanity checks 42 - if [ $# -lt 1 ] || [ $# -gt 2 ]; then 43 - echo "Usage $0 <rom file> [path to image files]" 44 - exit 1 45 - fi 46 - 47 - if [ ! -f ./MuonEncrypt ]; then 48 - echo "Couldn't find MuonEncrypt binary (try 'make')" 49 - exit 1 50 - fi 51 - 52 - if [ ! -e $REVISION ]; then 53 - cat >$REVISION <<EOF 54 - Version : V2.30 55 - Target : KR 56 - EOF 57 - fi 58 - 59 - 60 - function WriteImage { 61 - echo "Adding $1 to $R0ROM" 62 - #HEAD_STR=[`stat -c%s $1`/`md5sum $1 | cut -d " " -f 1`] 63 - #HEAD_SIZE=`echo $HEAD_STR | wc -c` 64 - #PACK_SIZE=`expr 44 - $HEAD_SIZE` 65 - 66 - #while [ $PACK_SIZE -gt 0 ] 67 - #do 68 - #PACK_SIZE=`expr $PACK_SIZE - 1` 69 - #echo -n 0 70 - #done 71 - 72 - ./MuonEncrypt $1 >> $R0ROM 73 - #cat $MBOOT >> $R0ROM 74 - } 75 - 76 - function Pack4Byte { 77 - FILE_SIZE=`stat -c%s $R0ROM` 78 - PACK_SIZE=`expr 4 - $FILE_SIZE % 4` 79 - 80 - if [ $PACK_SIZE != 4 ] 81 - then 82 - while [ $PACK_SIZE -gt 0 ] 83 - do 84 - PACK_SIZE=`expr $PACK_SIZE - 1` || true 85 - echo -en $1 >> $R0ROM 86 - done 87 - fi 88 - 89 - } 90 - 91 - echo Make $R0ROM 92 - 93 - cat $REVISION > $R0ROM 94 - echo User : $USER >> $R0ROM 95 - echo Dir : $PWD >> $R0ROM 96 - echo BuildTime : `date "+%y/%m/%d %H:%M:%S"` >> $R0ROM 97 - echo MBoot : size$`stat -c%s $MBOOT`$,checksum$`md5sum $MBOOT | cut -d " " -f 1`$ >> $R0ROM 98 - echo Linux : size$`stat -c%s $LINUX`$,checksum$`md5sum $LINUX | cut -d " " -f 1`$ >> $R0ROM 99 - echo RootFS : size$`stat -c%s $CRAMFS`$,checksum$`md5sum $CRAMFS | cut -d " " -f 1`$ >> $R0ROM 100 - echo Sysdata : size$`stat -c%s $SYSDATA`$,checksum$`md5sum $SYSDATA | cut -d " " -f 1`$ >> $R0ROM 101 - 102 - Pack4Byte "\\n" 103 - 104 - 105 - dd if=$MBOOT of=$MBOOT_TMP bs=96 count=1 2> /dev/null 106 - 107 - echo `stat -c%s $MBOOT`:`md5sum $MBOOT | cut -d " " -f 1` >> $MBOOT_TMP 108 - echo `stat -c%s $LINUX`:`md5sum $LINUX | cut -d " " -f 1` >> $MBOOT_TMP 109 - echo `stat -c%s $CRAMFS`:`md5sum $CRAMFS | cut -d " " -f 1` >> $MBOOT_TMP 110 - echo `stat -c%s $SYSDATA`:`md5sum $SYSDATA | cut -d " " -f 1` >> $MBOOT_TMP 111 - 112 - dd if=$MBOOT of=$MBOOT_TMP bs=1088 skip=1 seek=1 2> /dev/null 113 - WriteImage $MBOOT_TMP 114 - 115 - #rm $MBOOT_TMP 116 - 117 - Pack4Byte "0" 118 - 119 - WriteImage $LINUX 120 - 121 - Pack4Byte "0" 122 - 123 - WriteImage $CRAMFS 124 - 125 - Pack4Byte "0" 126 - 127 - WriteImage $SYSDATA 128 - 129 - echo $R0ROM : `stat -c%s $R0ROM`, `md5sum $R0ROM | cut -d " " -f 1` 130 - #head -9 $R0ROM 131 - 132 - echo "Done"

+85

utils/ypr0tools/test.sh

··· 1 + #!/bin/sh 2 + 3 + ###################################################################### 4 + # __________ __ ___. 5 + # Open \______ \ ____ ____ | | _\_ |__ _______ ___ 6 + # Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / 7 + # Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < 8 + # Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ 9 + # \/ \/ \/ \/ \/ 10 + # 11 + # Script to test packer and unpacker 12 + # Copyright (C) 2013 Lorenzo Miori 13 + ###################################################################### 14 + 15 + ROM_FILE="$1" 16 + TMP_FOLDER="" 17 + 18 + goto_temp() 19 + { 20 + if [ -n "$TMP_FOLDER" ] 21 + then 22 + cd $TMP_FOLDER 23 + fi 24 + } 25 + 26 + cleanup() 27 + { 28 + echo "$1" 29 + OLD_DIR=`pwd` 30 + goto_temp 31 + rm -f "$ROM_FILE"_TEST_CRYPT "MBoot.bin" "zImage" "cramfs-fsl.rom" "SYSDATA.bin" "TEST_MD5SUMS" "RevisionInfo.txt" > /dev/null 32 + cd $OLD_DIR 33 + if [ -n "$TMP_FOLDER" ] 34 + then 35 + rmdir $TMP_FOLDER 36 + fi 37 + make clean 38 + exit $2 39 + } 40 + 41 + if [ $# -lt 1 ] 42 + then 43 + cleanup "FAIL: Missing parameter! Run with: test.sh <path to working rom to test> <optional: destination to temporary files>" 1 44 + fi 45 + 46 + if [ $# -eq 2 ] 47 + then 48 + TMP_FOLDER="$2/" 49 + mkdir $TMP_FOLDER 50 + if [ $? -ne 0 ] 51 + then 52 + echo "FAIL: temporary directory exists!" 53 + fi 54 + fi 55 + 56 + # be sure we have the executables up-to-date 57 + make clean 58 + make 59 + 60 + ./fwdecrypt $1 $TMP_FOLDER 61 + if [ $? -ne 0 ] 62 + then 63 + cleanup "FAIL: Error while decrypting ROM file" 1 64 + fi 65 + 66 + ./fwcrypt $TMP_FOLDER$1_TEST_CRYPT $TMP_FOLDER 67 + if [ $? -ne 0 ] 68 + then 69 + cleanup "FAIL: Error while decrypting ROM file" 1 70 + fi 71 + 72 + OLD_DIR=`pwd` 73 + goto_temp 74 + 75 + md5sum MBoot.bin zImage cramfs-fsl.rom SYSDATA.bin RevisionInfo.txt > "TEST_MD5SUMS" 76 + 77 + md5sum --strict -c "TEST_MD5SUMS" 78 + if [ $? -ne 0 ] 79 + then 80 + cleanup "FAIL: MD5SUM mismatch!" 1 81 + fi 82 + 83 + cd $OLD_DIR 84 + 85 + cleanup "OK: test completed without errors." 0

-90

utils/ypr0tools/unpack-firmware.sh

··· 1 - #!/bin/bash 2 - 3 - ###################################################################### 4 - # __________ __ ___. 5 - # Open \______ \ ____ ____ | | _\_ |__ _______ ___ 6 - # Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / 7 - # Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < 8 - # Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ 9 - # \/ \/ \/ \/ \/ 10 - # 11 - # * Script to unpack a Samsung YP-R0 firmware file (R0.ROM) */ 12 - ###################################################################### 13 - 14 - # The file was originally called MuonDecrypt.sh 15 - # 16 - # I'm not sure about the original author of this file, as it wasn't included in Samsung package. 17 - # But I guess it was done by JeanLouis, an Italian user of the Hardware Upgrade Forum. If needed, we should search throug old posts for that... 18 - # 19 - 20 - 21 - # bail out early 22 - set -e 23 - 24 - # some sanity checks 25 - if [ $# -lt 1 ] || [ $# -gt 2 ]; then 26 - echo "Usage $0 <rom file> [out dir]" 27 - exit 1 28 - fi 29 - 30 - 31 - ROM=$1 32 - DIR=${2:-"."} 33 - DIR=${DIR%/} 34 - MBOOT="$DIR/MBoot.bin" 35 - MBOOT_TMP="${TMP_DIR:-$DIR}/MBoot.tmp" 36 - LINUX="$DIR/zImage" 37 - CRAMFS="$DIR/cramfs-fsl.rom" 38 - SYSDATA="$DIR/SYSDATA.bin" 39 - MD5SUMS="$DIR/MD5SUMS" 40 - TMP="${TMP_DIR:-$DIR}/_$$.tmp" 41 - 42 - 43 - if [ ! -f ./extract_section ]; then 44 - echo "Couldn't find extract_section binary (try 'make')" 45 - exit 1 46 - fi 47 - 48 - if [ ! -f ./MuonEncrypt ]; then 49 - echo "Couldn't find MuonEncrypt binary (try 'make')" 50 - exit 1 51 - fi 52 - 53 - mkdir -p $DIR 54 - 55 - if [ ! -w $DIR ]; then 56 - echo "Target dir not writable" 57 - exit 1 58 - fi 59 - 60 - ExtractAndDecrypt() { 61 - START=$(expr $START - $2) 62 - echo "Extracting $1..." 63 - ./extract_section $ROM $TMP $START $2 64 - echo "Decrypt $1..." 65 - ./MuonEncrypt $TMP > $1 66 - } 67 - 68 - size=( `head -n 9 $ROM | tail -n 4 | while read LINE; do echo $LINE | cut -d$ -f 2 | cut -d$ -f 1; done`) 69 - checksum=( `head -n 9 $ROM | tail -n 4 | while read LINE; do echo $LINE | cut -d$ -f 3 | cut -d$ -f 1; done`) 70 - 71 - echo "${checksum[0]} $MBOOT" > $MD5SUMS 72 - echo "${checksum[1]} $LINUX" >> $MD5SUMS 73 - echo "${checksum[2]} $CRAMFS" >> $MD5SUMS 74 - echo "${checksum[3]} $SYSDATA" >> $MD5SUMS 75 - 76 - START=`stat -c%s $ROM` 77 - 78 - ExtractAndDecrypt $SYSDATA ${size[3]} 79 - ExtractAndDecrypt $CRAMFS ${size[2]} 80 - ExtractAndDecrypt $LINUX ${size[1]} 81 - ExtractAndDecrypt $MBOOT_TMP ${size[0]} 82 - 83 - rm $TMP 84 - echo "Create $MBOOT..." 85 - dd if=$MBOOT_TMP of=$MBOOT bs=96 count=1 2>/dev/null 86 - dd if=$MBOOT_TMP of=$MBOOT bs=1088 skip=1 seek=1 2>/dev/null 87 - rm $MBOOT_TMP 88 - 89 - echo "Check integrity:" 90 - md5sum -c $MD5SUMS