Source

Magic Lantern / dissect_fw.c

Full commit
/*
 * Based on version 3.2 from chdk site.
 */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stddef.h>
#include <stdint.h>
#include <stdarg.h>
#include <sys/stat.h>
#include <sys/types.h>

#define SIZE_CHECK( struct_name, size ) \
	static char _size_check_##struct_name[ \
		sizeof(struct struct_name) == size ? 0 : -1 \
	] __attribute__((unused))


struct fw_header_t
{
	uint32_t	model_id;		// offset 0x00
	uint8_t		pad0[ 0x0C ];		// offset 0x04
	char		version[ 0x10 ];	// offset 0x10
	uint32_t	crc;			// offset 0x20
	uint32_t	flasher_offset;		// offset 0x24, points to 0xB0
	uint32_t	file_header_size;	// offset 0x28, must be 0x120
	uint32_t	some_size;		// offset 0x2C
	uint32_t	_data_offset;		// offset 0x30
	uint32_t	unknown1;		// offset 0x34
	uint32_t	file_size;		// offset 0x38
	uint32_t	unknown2;		// offset 0x3C
	uint32_t	sha1_hash;		// offset 0x40
	uint32_t	pad2[ 7 ];		// offset 0x44-0x5C
	uint32_t	data_offset;		// offset 0x60
	uint8_t		pad3[ 0x58 ];		// offset 0x64
	uint32_t	data_len;		// offset 0xBC
	uint8_t		pad4[ 0x60 ];		// offset 0xC0
} __attribute__((packed));

SIZE_CHECK( fw_header_t, 0x120 );


char CRYPT1[512] = { 0x07, 0x9E, 0xD5, 0x5E, 0x19, 0xB5, 0xE6, 0x2B, 0x17, 0xA5,
                     0xC1, 0xA2, 0xBD, 0x59, 0x38, 0x68, 0xEC, 0xFE, 0x2D, 0x8C,
                     0x14, 0x99, 0xE6, 0xB9, 0x54, 0xAD, 0x85, 0x84, 0x40, 0x48,
                     0xCE, 0x78, 0xA4, 0xA0, 0xA7, 0x4B, 0xEC, 0x59, 0xCD, 0x93,
                     0xD8, 0x8C, 0xA7, 0x33, 0xB0, 0xA1, 0x78, 0x66, 0x0A, 0x8C,
                     0xB6, 0x26, 0x80, 0xDB, 0x49, 0xC1, 0x54, 0xD9, 0x88, 0x0C,
                     0xA2, 0x8A, 0xF1, 0x68, 0x2A, 0xBC, 0x12, 0x93, 0x23, 0x74,
                     0x11, 0x4C, 0x66, 0x67, 0x93, 0x81, 0x12, 0x6B, 0x04, 0x52,
                     0x79, 0xEC, 0x90, 0xD4, 0xF7, 0x1E, 0xB9, 0x6B, 0xEB, 0x6C,
                     0xF9, 0x86, 0x58, 0x97, 0xDA, 0xF0, 0x7D, 0x3D, 0xC4, 0xEA,
                     0x8F, 0x48, 0x75, 0x21, 0x62, 0xC7, 0x5F, 0xFB, 0x93, 0xF9,
                     0xC3, 0x91, 0x83, 0xF6, 0x64, 0x46, 0xA9, 0x14, 0x64, 0xCB,
                     0xF2, 0x4C, 0xAB, 0x8F, 0xE9, 0xAE, 0xC9, 0xE8, 0xC3, 0x5D,
                     0xC0, 0x07, 0xD4, 0xD2, 0xD5, 0xEC, 0x7E, 0x89, 0x3E, 0x65,
                     0x66, 0xDA, 0x2A, 0xB1, 0xB7, 0xD0, 0x47, 0x0A, 0x3A, 0x93,
                     0x52, 0x49, 0x5F, 0xAB, 0xD7, 0x21, 0x79, 0xF0, 0xF7, 0xAF,
                     0x90, 0x60, 0x52, 0x88, 0x80, 0x7F, 0x31, 0xBA, 0xF3, 0x2D,
                     0x04, 0xA2, 0xE8, 0x66, 0xB5, 0x68, 0x6D, 0x15, 0x58, 0x94,
                     0x1C, 0xC4, 0x16, 0x68, 0xF3, 0xE2, 0x20, 0x68, 0x89, 0x3E,
                     0x08, 0xD8, 0x43, 0xA2, 0xD0, 0x27, 0x55, 0x58, 0x51, 0xF6,
                     0x8B, 0x49, 0x14, 0xF6, 0xE9, 0xBD, 0x37, 0xFB, 0x80, 0xBA,
                     0x99, 0xAD, 0x4C, 0x55, 0xC1, 0xDD, 0x89, 0xDE, 0xF8, 0x2D,
                     0x72, 0x2C, 0xB9, 0x37, 0x84, 0x45, 0x34, 0x9D, 0xBE, 0x83,
                     0x42, 0x9A, 0x2D, 0xD7, 0x78, 0xE5, 0x0F, 0xAC, 0xA7, 0xCC,
                     0xC3, 0x35, 0xDC, 0x56, 0x7F, 0xBD, 0xC4, 0xBF, 0xA1, 0x41,
                     0x44, 0x5F, 0xAD, 0x45, 0x68, 0x65, 0x7F, 0x10, 0x73, 0x4B,
                     0x89, 0x72, 0x2F, 0xDA, 0xD0, 0xC3, 0x3F, 0x26, 0xD9, 0x5E,
                     0x94, 0x61, 0xF8, 0x21, 0x19, 0xD5, 0xF9, 0x1B, 0x18, 0xF5,
                     0xDD, 0x26, 0x79, 0xF4, 0xF2, 0x44, 0x77, 0x44, 0xCD, 0x83,
                     0x44, 0x12, 0xCE, 0x37, 0xB9, 0x25, 0xDE, 0x0F, 0x12, 0x2A,
                     0x5D, 0xD6, 0x7D, 0x1F, 0x39, 0x10, 0x4F, 0x7F, 0xB9, 0x75,
                     0x1C, 0xAB, 0x8B, 0x43, 0xEB, 0x3D, 0xC1, 0x8C, 0xCB, 0x2B,
                     0x1E, 0x45, 0x7D, 0x31, 0x1A, 0xC9, 0x8B, 0xDB, 0x65, 0xD0,
                     0x75, 0x50, 0xEB, 0xB3, 0x65, 0xFB, 0x05, 0xCE, 0xC0, 0xCF,
                     0x58, 0x24, 0xFB, 0x1C, 0x94, 0x4B, 0x6A, 0x15, 0xEF, 0x32,
                     0xB3, 0x9B, 0x63, 0x91, 0xC2, 0x61, 0xE6, 0x66, 0x0A, 0xCA,
                     0xA8, 0xE5, 0x5B, 0x98, 0x95, 0x52, 0xAA, 0x9F, 0xC5, 0xB0,
                     0x9D, 0x3A, 0x98, 0x43, 0x2D, 0x7D, 0x14, 0x74, 0x34, 0x6B,
                     0xB1, 0x11, 0x19, 0x64, 0x07, 0x7D, 0x11, 0x0B, 0x13, 0x77,
                     0xE4, 0x46, 0x86, 0xEF, 0x2B, 0x7F, 0x5E, 0x05, 0xF1, 0xB4,
                     0x12, 0xC3, 0xAB, 0x34, 0xCA, 0x64, 0x62, 0x76, 0xA1, 0xDF,
                     0x37, 0x8F, 0xBF, 0xFA, 0xB3, 0x5C, 0xE4, 0x59, 0x84, 0x22,
                     0xD1, 0x26, 0x8B, 0x5F, 0x8D, 0x44, 0x92, 0xD5, 0xDD, 0x61,
                     0x0F, 0xF2, 0xA1, 0xC9, 0x02, 0x9C, 0x6F, 0xAC, 0x4A, 0x36,
                     0x99, 0x19, 0xDF, 0xF3, 0x20, 0xBF, 0xD9, 0x02, 0xAE, 0x08,
                     0xF7, 0xC0, 0x6D, 0xA8, 0x24, 0x93, 0x94, 0xD4, 0x40, 0xF9,
                     0x67, 0xE2, 0x5C, 0x3B, 0x37, 0xDF, 0xC8, 0xDB, 0x70, 0x18,
                     0xC5, 0xA2, 0x55, 0x5A, 0x04, 0xB6, 0x40, 0x63, 0xDE, 0xF6,
                     0x4C, 0x78, 0x6F, 0xC7, 0xC2, 0x59, 0xB6, 0x8B, 0xF4, 0x35,
                     0x31, 0x19, 0x4F, 0xE2, 0x56, 0x39, 0x50, 0x5C, 0x65, 0x0C,
                     0x29, 0xF2, 0x22, 0xE1, 0x35, 0x51, 0xE1, 0x91, 0x89, 0x52,
                     0xF3, 0x64 };

char CRYPT2[513] = { 0xB8, 0xE4, 0x0F, 0xD5, 0xAC, 0x6B, 0x38, 0x5F, 0x4F, 0x75,
                     0x21, 0x0F, 0x38, 0x3B, 0x43, 0x0D, 0x9F, 0xD8, 0x46, 0xCA,
                     0xB0, 0x7C, 0x26, 0x71, 0x6D, 0xCA, 0xB4, 0x48, 0xBE, 0x3C,
                     0x96, 0xAE, 0xCE, 0x63, 0x88, 0xC2, 0x9A, 0x63, 0x49, 0x5F,
                     0xEF, 0xB9, 0x1F, 0xB8, 0x46, 0x66, 0x98, 0xF3, 0x95, 0xB9,
                     0xBF, 0xBA, 0x15, 0x47, 0x56, 0x3A, 0x70, 0x88, 0x0A, 0x8D,
                     0x20, 0x3C, 0x2E, 0x1A, 0x76, 0xDE, 0xE8, 0xB6, 0x9A, 0x65,
                     0x6B, 0xD8, 0x93, 0xF1, 0x55, 0xC5, 0x65, 0xA7, 0x97, 0xF3,
                     0xC7, 0x43, 0x2E, 0xED, 0xA5, 0x19, 0x80, 0xB4, 0xFE, 0x39,
                     0x02, 0xD2, 0xDE, 0xF7, 0x4D, 0x31, 0x61, 0x10, 0xC0, 0x45,
                     0x26, 0x9D, 0x37, 0x94, 0x2C, 0x19, 0xA7, 0xC7, 0x1A, 0xAC,
                     0xD8, 0xEC, 0xFA, 0x9D, 0x2E, 0x18, 0xFB, 0x8E, 0x26, 0x25,
                     0xAD, 0x43, 0xC0, 0x59, 0x3B, 0x6E, 0x55, 0xFA, 0x27, 0x18,
                     0x21, 0xED, 0x36, 0x54, 0x04, 0xB9, 0x9B, 0x54, 0x5E, 0x12,
                     0x31, 0x9E, 0x86, 0xBC, 0xD6, 0x7A, 0x54, 0xF2, 0x02, 0x8B,
                     0x39, 0xC1, 0x4A, 0xAD, 0x3D, 0x3A, 0x12, 0x5A, 0x90, 0x3D,
                     0xD5, 0x6F, 0x4E, 0x30, 0xE5, 0xFC, 0xAF, 0x75, 0x10, 0xB2,
                     0x0E, 0xE2, 0x8A, 0x9F, 0x46, 0x2B, 0x34, 0xEA, 0x87, 0x73,
                     0xB7, 0x39, 0x51, 0x9B, 0xAB, 0x62, 0x27, 0xA8, 0xF1, 0xD7,
                     0xE7, 0xF2, 0xE3, 0xAE, 0x9F, 0x21, 0x8F, 0x8F, 0x70, 0x0D,
                     0x4B, 0x0D, 0x7B, 0x25, 0xFC, 0xC9, 0x8C, 0xF6, 0xD5, 0x21,
                     0xC1, 0xC8, 0xF9, 0x75, 0xAD, 0xE7, 0xA7, 0xB3, 0xF5, 0x31,
                     0xB1, 0xF6, 0x66, 0x7B, 0xCA, 0x34, 0xDA, 0xCD, 0x37, 0xAB,
                     0x80, 0x44, 0x2F, 0x1C, 0x5B, 0xD3, 0x05, 0x94, 0x65, 0xC7,
                     0xDC, 0xC3, 0x82, 0xAF, 0x8F, 0xA6, 0x56, 0x62, 0x28, 0x54,
                     0x7E, 0xF8, 0xEE, 0x49, 0x78, 0xD9, 0x4B, 0xA8, 0x81, 0xDD,
                     0x3B, 0x71, 0xD2, 0x36, 0xB9, 0x18, 0xC9, 0x2D, 0xD7, 0x78,
                     0xFD, 0x66, 0xE7, 0x85, 0xF2, 0x0F, 0xFC, 0xEB, 0x8B, 0x93,
                     0x76, 0x48, 0x53, 0xF8, 0x05, 0x94, 0x93, 0xAC, 0x68, 0xE2,
                     0x3A, 0xB2, 0xE4, 0x65, 0x8B, 0x47, 0x75, 0x49, 0xF4, 0x5F,
                     0x59, 0x64, 0x5A, 0x16, 0x3B, 0xB2, 0xB7, 0x37, 0x50, 0xA3,
                     0xBA, 0x4B, 0xB4, 0xE6, 0xAF, 0x9A, 0xC7, 0x6E, 0x15, 0x51,
                     0x88, 0xB5, 0xE0, 0xFA, 0x09, 0xB4, 0x90, 0x47, 0xDD, 0x3D,
                     0x86, 0x90, 0xA9, 0x12, 0x30, 0x2F, 0x79, 0x83, 0xDF, 0xF1,
                     0xA8, 0x2D, 0xC9, 0xBC, 0xFB, 0xBD, 0x61, 0x93, 0x3F, 0x18,
                     0xB9, 0x38, 0x5C, 0xCA, 0x20, 0x58, 0x3B, 0x1C, 0xF3, 0xD9,
                     0x56, 0xBE, 0x5F, 0x1A, 0x3E, 0x0F, 0x18, 0xD5, 0xF1, 0xA2,
                     0xFD, 0x8B, 0xB0, 0x27, 0x67, 0x0F, 0xB8, 0x4D, 0x51, 0xEB,
                     0x8B, 0x2C, 0x50, 0x14, 0xDC, 0xD2, 0xAD, 0x7E, 0x06, 0xFE,
                     0x6A, 0x4D, 0x26, 0x38, 0x37, 0x9E, 0x77, 0x16, 0xBF, 0xB4,
                     0xA0, 0xF9, 0x0A, 0x64, 0x0E, 0x7F, 0xD0, 0xF4, 0xE5, 0x72,
                     0x82, 0x72, 0xC8, 0x7A, 0xB7, 0xEC, 0x8D, 0x53, 0x14, 0x2D,
                     0xA5, 0x98, 0xAD, 0xBE, 0x17, 0x83, 0x42, 0xD4, 0xC4, 0x04,
                     0xE7, 0xC2, 0x4D, 0x20, 0x05, 0xDE, 0xAA, 0xE8, 0x09, 0xE7,
                     0x45, 0x15, 0x74, 0xEF, 0x7F, 0x6E, 0x38, 0x76, 0xAA, 0x5B,
                     0x44, 0xCC, 0xFD, 0x82, 0x12, 0xF6, 0xDA, 0x33, 0x84, 0x0A,
                     0x6A, 0x5B, 0x34, 0xE7, 0x9E, 0x22, 0x10, 0xF5, 0x8C, 0xA0,
                     0xCA, 0x92, 0x58, 0xA1, 0xD0, 0x46, 0x47, 0xDA, 0xF6, 0x43,
                     0x3C, 0xF1, 0x17, 0x8F, 0x50, 0xE4, 0xFD, 0x33, 0xBD, 0x46,
                     0x83, 0x41, 0x0E, 0xD5, 0x27, 0x0D, 0xB2, 0x87, 0x86, 0x16,
                     0x82, 0x1D, 0xDD, 0xE7, 0xE1, 0xEF, 0x29, 0x5D, 0x48, 0xF4,
                     0xFC, 0xF2, 0x1D };


void
getoffsets(
	uintptr_t		base,
	unsigned int *		o1,
	unsigned int *		o2
)
{
	unsigned int		a = base;
	unsigned int		b = 0xFF803FE1;

	// Get high 32 bits of multiplication
	unsigned int		highbits = ((long long) a * b) >> 32;
	
	*o1 = (base<<23) >> 23; // base&0x100?
	*o2 = base - ((highbits>>9)+(highbits&0xFFFFFE00));
}




void
decrypt_block(
	unsigned char *		buf,
	size_t			bytes,
	uintptr_t		base
)
{
	unsigned int		offset1;
	unsigned int		offset2;
	unsigned int		i;

	getoffsets( base, &offset1, &offset2 );

	for( i=0 ; i<bytes ; i++ )
	{
		buf[i] ^= CRYPT1[offset1] ^ CRYPT2[offset2] ^ 0x37;

		if( ++offset1 >= 512 )
			offset1 = 0;
		if( ++offset2 >= 513 )
			offset2 = 0;
	}
}


FILE *
sfopen(
	const char *		mode,
	const char *		fmt,
	...
)
{
	char			filename[ 256 ];
	va_list ap;
	va_start( ap, fmt );
	int len = vsnprintf( filename, sizeof(filename), fmt, ap );
	va_end( ap );

	if( len == sizeof(filename) )
		return 0;

	fprintf( stderr, "Opening '%s'\n", filename );
	FILE * fp = fopen( filename, mode );
	if( !fp )
		perror( filename );

	return fp;
}


int
main(
	int			argc,
	char **			argv
)
{
	uint32_t i;

	if( argc <= 1 )
	{
		fprintf( stderr,
			"Usage: %s inputfile [out_dir [files_prefix]]\n",
			argv[0]
		);

		return EXIT_FAILURE;
	}

	const char * input_file = argv[1];
	const char * out_dir = argc <= 2 ? "." : argv[2];
	const char * prefix = argc <= 3 ? input_file : argv[3];

	mkdir( out_dir, 0777 );

	FILE * in = fopen( input_file, "rb" );
	if( !in )
	{
		perror( input_file );
		return EXIT_FAILURE;
	}

	FILE * rep = sfopen( "wb", "%s.csv", input_file );
	if( !rep )
		return EXIT_FAILURE;

	fseek( in, 0, SEEK_END );
	uint32_t file_size = ftell( in );
	fseek( in, 0, SEEK_SET );
	unsigned char *data = malloc(file_size);


	fprintf( rep, "head,,%s\n", input_file );
	fprintf( rep, "file size,,0x%8.8X\n", file_size );

	fread( data, file_size, 1, in );
	fclose(in);

	struct fw_header_t * const hdr = (void*) data;
	const uint32_t data_offset = hdr->data_offset;
	const uint32_t data_len = hdr->data_len;
	const size_t hdr_size = sizeof(*hdr);

	printf( "Firmware version: '%s' model %08x\n",
		hdr->version,
		hdr->model_id
	);

	printf( "Body length/offset: 0x%x + 0x%x\n",
		data_len,
		data_offset
	);

	printf( "CRC32: %08x\n", hdr->crc );

	FILE * out = sfopen( "wb", "%s/%s.0.header.bin", out_dir, prefix );
	if( !out )
		return EXIT_FAILURE;
	fwrite( hdr, hdr_size, 1, out );
	fclose( out );

	for( i=0 ; i<hdr_size/4 ; i++ )
	{
		uint32_t *arr = (uint32_t*) hdr;
		fprintf( rep, ",0x%2.2X,0x%8.8X\n", i*4, arr[i] );
	}

	out = sfopen( "wb", "%s/%s.1.flasher.bin", out_dir, prefix );
	if( !out )
		return EXIT_FAILURE;

	decrypt_block( data+hdr_size, data_offset-hdr_size, data_len );

	fwrite( data+hdr_size, data_offset-hdr_size, 1, out );
	fclose( out );

	out = sfopen( "wb", "%s/%s.2.data_head.bin", out_dir, prefix );
	if( !out )
		return EXIT_FAILURE;

	fwrite( data+data_offset, 0x18, 1, out );
	fclose( out );

	fprintf( rep, "data head\n" );


	out = sfopen( "wb", "%s/%s.3.data_body.bin", out_dir, prefix );
	if( !out )
		return EXIT_FAILURE;

//	decrypt_block( data + data_offset + 0x18, file_size - data_offset - 0x18 , arr[0x2f]);
	fwrite(
		data + data_offset + 0x18,
		file_size - data_offset - 0x18,
		1,
		out
	);

	fclose(out);

	return 0;
}