Index: tools/scramble.py |
— | — | @@ -0,0 +1,51 @@ |
| 2 | +#!/usr/bin/env python
|
| 3 | +#
|
| 4 | +#
|
| 5 | +# Copyright 2010 TheSeven
|
| 6 | +#
|
| 7 | +#
|
| 8 | +# This file is part of TheSeven's iPod tools.
|
| 9 | +#
|
| 10 | +# TheSeven's iBugger is free software: you can redistribute it and/or
|
| 11 | +# modify it under the terms of the GNU General Public License as
|
| 12 | +# published by the Free Software Foundation, either version 2 of the
|
| 13 | +# License, or (at your option) any later version.
|
| 14 | +#
|
| 15 | +# TheSeven's iBugger is distributed in the hope that it will be useful,
|
| 16 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 17 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
| 18 | +# See the GNU General Public License for more details.
|
| 19 | +#
|
| 20 | +# You should have received a copy of the GNU General Public License along
|
| 21 | +# with TheSeven's iPod tools. If not, see <http://www.gnu.org/licenses/>.
|
| 22 | +#
|
| 23 | +#
|
| 24 | +
|
| 25 | +
|
| 26 | +import sys
|
| 27 | +import struct
|
| 28 | +
|
| 29 | +from optparse import *
|
| 30 | +
|
| 31 | +parser = OptionParser("usage: %prog [options] <infile> <outfile>")
|
| 32 | +parser.add_option("--signature", metavar = "SIGN",
|
| 33 | + help = "The device signature. Must be 4 characters, e.g. \"nn2x\". (mandantory)")
|
| 34 | +parser.add_option("--targetid", type = "int", metavar = "ID",
|
| 35 | + help = "The numeric target ID. (mandantory)")
|
| 36 | +(options, args) = parser.parse_args()
|
| 37 | +if len(args) != 2: parser.error("incorrect number of arguments")
|
| 38 | +if not options.signature: parser.error("please specify a device signature")
|
| 39 | +if not options.targetid: parser.error("please specify numeric target id")
|
| 40 | +if len(options.signature) != 4: parser.error("device signature must be 4 characters")
|
| 41 | +
|
| 42 | +file = open(args[0], "rb")
|
| 43 | +data = file.read()
|
| 44 | +file.close()
|
| 45 | +
|
| 46 | +checksum = options.targetid
|
| 47 | +for i in range(len(data)):
|
| 48 | + checksum = (checksum + struct.unpack("B", data[i])[0]) & 0xffffffff
|
| 49 | +
|
| 50 | +file = open(args[1], "wb")
|
| 51 | +file.write(struct.pack(">I", checksum) + options.signature + data)
|
| 52 | +file.close()
|
Index: apps/installer-nano2g/flashfiles |
Property changes on: apps/installer-nano2g/flashfiles |
___________________________________________________________________ |
Modified: svn:ignore |
## -4,3 +4,4 ## |
1 | 53 | iloader.conf |
2 | 54 | iloader.embiosapp.ucl |
3 | 55 | uninstaller-nano2g.embiosapp.ucl |
| 56 | +embios-ipodnano2g.bin |
Index: apps/installer-nano2g/Makefile |
— | — | @@ -22,7 +22,7 @@ |
23 | 23 | COMPILECONFIG := python $(ILOADERDIR)/tools/compileconfig.py
|
24 | 24 | EMBIOSBOOTCFG := python $(EMBIOSDIR)/tools/embiosbootcfg.py
|
25 | 25 | EMBIOSEMBEDAPP := python $(EMBIOSDIR)/tools/embiosembedapp.py
|
26 | | -CRYPTFW := python $(TOOLSDIR)/ipodcrypt.py nano2g-cryptfw
|
| 26 | +CRYPTFW := python $(EMBIOSDIR)/tools/ipodcrypt.py nano2g-cryptfirmware
|
27 | 27 | SCRAMBLE := python $(TOOLSDIR)/scramble.py
|
28 | 28 |
|
29 | 29 | CFLAGS += -Os -fno-pie -fno-stack-protector -fomit-frame-pointer -I. -I$(EMBIOSDIR)/export -ffunction-sections -fdata-sections -mcpu=arm940t
|
Index: apps/installer-nano2g |
Property changes on: apps/installer-nano2g |
___________________________________________________________________ |
Modified: svn:ignore |
## -1 +1,2 ## |
30 | 30 | build |
| 31 | +flashfiles.built |
Index: embios/trunk/tools/ipodcrypt.py |
— | — | @@ -0,0 +1,59 @@ |
| 2 | +#!/usr/bin/env python
|
| 3 | +#
|
| 4 | +#
|
| 5 | +# Copyright 2010 TheSeven
|
| 6 | +#
|
| 7 | +#
|
| 8 | +# This file is part of TheSeven's iPod tools.
|
| 9 | +#
|
| 10 | +# TheSeven's iBugger is free software: you can redistribute it and/or
|
| 11 | +# modify it under the terms of the GNU General Public License as
|
| 12 | +# published by the Free Software Foundation, either version 2 of the
|
| 13 | +# License, or (at your option) any later version.
|
| 14 | +#
|
| 15 | +# TheSeven's iBugger is distributed in the hope that it will be useful,
|
| 16 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 17 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
| 18 | +# See the GNU General Public License for more details.
|
| 19 | +#
|
| 20 | +# You should have received a copy of the GNU General Public License along
|
| 21 | +# with TheSeven's iPod tools. If not, see <http://www.gnu.org/licenses/>.
|
| 22 | +#
|
| 23 | +#
|
| 24 | +
|
| 25 | +
|
| 26 | +import sys
|
| 27 | +import libipodcrypto
|
| 28 | +
|
| 29 | +
|
| 30 | +def usage():
|
| 31 | + print ""
|
| 32 | + print "Please provide a command and (if needed) parameters as command line arguments"
|
| 33 | + print ""
|
| 34 | + print "Available commands:"
|
| 35 | + print " nano2g-cryptdfu <infile> <outfile>"
|
| 36 | + print " nano2g-decryptdfu <infile> <outfile>"
|
| 37 | + print " nano2g-cryptfirmware <infile> <outfile>"
|
| 38 | + print " nano2g-decryptfirmware <infile> <outfile>"
|
| 39 | + exit(2)
|
| 40 | +
|
| 41 | +
|
| 42 | +def parsecommand(argv):
|
| 43 | + if len(argv) != 4: usage()
|
| 44 | +
|
| 45 | + elif argv[1] == "nano2g-cryptdfu":
|
| 46 | + libipodcrypto.nano2gcryptdfufile(argv[2], argv[3])
|
| 47 | +
|
| 48 | + elif argv[1] == "nano2g-decryptdfu":
|
| 49 | + libipodcrypto.nano2gdecryptdfufile(argv[2], argv[3])
|
| 50 | +
|
| 51 | + elif argv[1] == "nano2g-cryptfirmware":
|
| 52 | + libipodcrypto.nano2gcryptfirmwarefile(argv[2], argv[3])
|
| 53 | +
|
| 54 | + elif argv[1] == "nano2g-decryptfirmware":
|
| 55 | + libipodcrypto.nano2gdecryptfirmwarefile(argv[2], argv[3])
|
| 56 | +
|
| 57 | + else: usage()
|
| 58 | +
|
| 59 | +
|
| 60 | +parsecommand(sys.argv)
|
Index: embios/trunk/tools/libipodcrypto.py |
— | — | @@ -0,0 +1,103 @@ |
| 2 | +#!/usr/bin/env python
|
| 3 | +#
|
| 4 | +#
|
| 5 | +# Copyright 2010 TheSeven
|
| 6 | +#
|
| 7 | +#
|
| 8 | +# This file is part of emBIOS.
|
| 9 | +#
|
| 10 | +# emBIOS is free software: you can redistribute it and/or
|
| 11 | +# modify it under the terms of the GNU General Public License as
|
| 12 | +# published by the Free Software Foundation, either version 2 of the
|
| 13 | +# License, or (at your option) any later version.
|
| 14 | +#
|
| 15 | +# emBIOS is distributed in the hope that it will be useful,
|
| 16 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 17 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
| 18 | +# See the GNU General Public License for more details.
|
| 19 | +#
|
| 20 | +# You should have received a copy of the GNU General Public License
|
| 21 | +# along with emBIOS. If not, see <http://www.gnu.org/licenses/>.
|
| 22 | +#
|
| 23 | +#
|
| 24 | +
|
| 25 | +
|
| 26 | +import sys
|
| 27 | +import struct
|
| 28 | +import time
|
| 29 | +import libembios
|
| 30 | +from libembios import Error
|
| 31 | +import libembiosdata
|
| 32 | +
|
| 33 | +
|
| 34 | +def nano2gcryptdfu(data):
|
| 35 | + data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")
|
| 36 | + header = "87011.0\0\0\x08\0\0" + struct.pack("<I", len(data))
|
| 37 | + embios = libembios.Embios()
|
| 38 | + embios.write(0x08000000, header.ljust(0x800, "\0") + data)
|
| 39 | + embios.timeout = 20000
|
| 40 | + embios.hmac_sha1(0x08000800, len(data), 0x08000010)
|
| 41 | + embios.hmac_sha1(0x08000000, 0x40, 0x08000040)
|
| 42 | + embios.aesencrypt(0x08000000, len(data) + 0x800, 1)
|
| 43 | + return embios.read(0x08000000, len(data) + 0x800)
|
| 44 | +
|
| 45 | +
|
| 46 | +def nano2gdecryptdfu(data):
|
| 47 | + embios = libembios.Embios()
|
| 48 | + embios.write(0x08000000, data)
|
| 49 | + embios.timeout = 20000
|
| 50 | + embios.aesdecrypt(0x08000000, len(data), 1)
|
| 51 | + return embios.read(0x08000800, len(data) - 0x800)
|
| 52 | +
|
| 53 | +
|
| 54 | +def nano2gcryptfirmware(data):
|
| 55 | + data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")
|
| 56 | + header = "\0\0\0\0\0x02\0\0\0\0x01\0\0\0\0x40\0\0\0\0\0\0\0" + struct.pack("<I", len(data))
|
| 57 | + embios = libembios.Embios()
|
| 58 | + embios.write(0x08000000, header.ljust(0x800, "\0") + data)
|
| 59 | + embios.timeout = 20000
|
| 60 | + embios.hmac_sha1(0x08000800, len(data), 0x0800001c)
|
| 61 | + embios.hmac_sha1(0x08000000, 0x200, 0x080001d4)
|
| 62 | + embios.aesencrypt(0x08000800, len(data), 1)
|
| 63 | + return embios.read(0x08000000, len(data) + 0x800)
|
| 64 | +
|
| 65 | +
|
| 66 | +def nano2gdecryptfirmware(data):
|
| 67 | + embios = libembios.Embios()
|
| 68 | + embios.write(0x08000000, data)
|
| 69 | + embios.timeout = 20000
|
| 70 | + embios.aesdecrypt(0x08000800, len(data) - 0x800, 1)
|
| 71 | + return embios.read(0x08000800, len(data) - 0x800)
|
| 72 | +
|
| 73 | +
|
| 74 | +def nano2gcryptdfufile(infile, outfile):
|
| 75 | + print(outfile)
|
| 76 | + infile = open(infile, "rb")
|
| 77 | + outfile = open(outfile, "wb")
|
| 78 | + outfile.write(nano2gcryptdfu(infile.read()))
|
| 79 | + infile.close()
|
| 80 | + outfile.close()
|
| 81 | +
|
| 82 | +
|
| 83 | +def nano2gdecryptdfufile(infile, outfile):
|
| 84 | + infile = open(infile, "rb")
|
| 85 | + outfile = open(outfile, "wb")
|
| 86 | + outfile.write(nano2gdecryptdfu(infile.read()))
|
| 87 | + infile.close()
|
| 88 | + outfile.close()
|
| 89 | +
|
| 90 | +
|
| 91 | +def nano2gcryptfirmwarefile(infile, outfile):
|
| 92 | + infile = open(infile, "rb")
|
| 93 | + outfile = open(outfile, "wb")
|
| 94 | + outfile.write(nano2gcryptfirmware(infile.read()))
|
| 95 | + infile.close()
|
| 96 | + outfile.close()
|
| 97 | +
|
| 98 | +
|
| 99 | +def nano2gdecryptfirmwarefile(infile, outfile):
|
| 100 | + infile = open(infile, "rb")
|
| 101 | + outfile = open(outfile, "wb")
|
| 102 | + outfile.write(nano2gdecryptfirmware(infile.read()))
|
| 103 | + infile.close()
|
| 104 | + outfile.close()
|
Index: embios/trunk/usb/usb.c |
— | — | @@ -555,6 +555,7 @@ |
556 | 556 | dbgactionoffset = ((uint16_t*)dbgrecvbuf)[3];
|
557 | 557 | dbgactionaddr = dbgrecvbuf[2];
|
558 | 558 | dbgactionlength = dbgrecvbuf[3];
|
| 559 | + break;
|
559 | 560 | #endif
|
560 | 561 | #ifdef HAVE_HMACSHA1
|
561 | 562 | case 26: // HMACSHA1
|
— | — | @@ -562,6 +563,7 @@ |
563 | 564 | dbgactionaddr = dbgrecvbuf[1];
|
564 | 565 | dbgactionlength = dbgrecvbuf[2];
|
565 | 566 | dbgactionoffset = dbgrecvbuf[3];
|
| 567 | + break;
|
566 | 568 | #endif
|
567 | 569 | default:
|
568 | 570 | dbgsendbuf[0] = 2;
|
Index: embios/trunk/loader/ipodnano2g/main.S |
— | — | @@ -149,7 +149,7 @@ |
150 | 150 | str r5, [r0,#0x88]
|
151 | 151 | add r4, r6, #0x00200000
|
152 | 152 | str r1, [r4,#0x08]
|
153 | | - mov r5, #0xb7
|
| 153 | + mov r5, #0xf3
|
154 | 154 | str r5, [r4]
|
155 | 155 | mov r5, #0x10
|
156 | 156 | str r5, [r4,#0x04]
|
— | — | @@ -1548,7 +1548,7 @@ |
1549 | 1549 | str r0, [r12,#0x0c]
|
1550 | 1550 | mov r4, #0xf0
|
1551 | 1551 | str r4, [r12,#0x04]
|
1552 | | - mov r4, #0xf3
|
| 1552 | + mov r4, #0xb7
|
1553 | 1553 | str r4, [r12]
|
1554 | 1554 | bl i2cwait
|
1555 | 1555 | str r1, [r12,#0x0c]
|
— | — | @@ -1586,7 +1586,7 @@ |
1587 | 1587 | str r0, [r12,#0x0c]
|
1588 | 1588 | mov r4, #0xf0
|
1589 | 1589 | str r4, [r12,#0x04]
|
1590 | | - mov r4, #0xf3
|
| 1590 | + mov r4, #0xb7
|
1591 | 1591 | str r4, [r12]
|
1592 | 1592 | bl i2cwait
|
1593 | 1593 | str r1, [r12,#0x0c]
|
— | — | @@ -1601,7 +1601,7 @@ |
1602 | 1602 | bl i2cwait
|
1603 | 1603 | i2crecv_read:
|
1604 | 1604 | subs r3, r3, #1
|
1605 | | - moveq r4, #0x73
|
| 1605 | + moveq r4, #0x37
|
1606 | 1606 | str r4, [r12]
|
1607 | 1607 | bl i2cwait
|
1608 | 1608 | ldr r0, [r12,#0x0c]
|
— | — | @@ -1611,7 +1611,7 @@ |
1612 | 1612 | bne i2crecv_read
|
1613 | 1613 | mov r1, #0x90
|
1614 | 1614 | str r1, [r12,#0x04]
|
1615 | | - mov r1, #0xf3
|
| 1615 | + mov r1, #0xb7
|
1616 | 1616 | str r1, [r12]
|
1617 | 1617 | i2crecv_wait:
|
1618 | 1618 | ldr r1, [r12,#0x04]
|
Index: embios/trunk/loader/ipodnano2g/Makefile |
— | — | @@ -1,7 +1,7 @@ |
2 | 2 | NAME := embiosldr-ipodnano2g
|
3 | 3 | BOOTADDR = 24008000
|
4 | 4 |
|
5 | | -TOOLSDIR ?= ../../../../tools/
|
| 5 | +EMBIOSDIR ?= ../../
|
6 | 6 |
|
7 | 7 | CROSS ?= arm-none-eabi-
|
8 | 8 | CC := $(CROSS)gcc
|
— | — | @@ -9,7 +9,7 @@ |
10 | 10 | LD := $(CROSS)ld
|
11 | 11 | OBJCOPY := $(CROSS)objcopy
|
12 | 12 | UCLPACK := ucl2e10singleblk
|
13 | | -CRYPTDFU := python $(TOOLSDIR)/ipodcrypt.py nano2g-cryptdfu
|
| 13 | +CRYPTDFU := python $(EMBIOSDIR)/tools/ipodcrypt.py nano2g-cryptdfu
|
14 | 14 |
|
15 | 15 | CFLAGS += -Os -fno-pie -fno-stack-protector -fomit-frame-pointer -I. -ffunction-sections -fdata-sections -mcpu=arm940t
|
16 | 16 | LDFLAGS += "$(shell $(CC) -print-libgcc-file-name)" --gc-sections
|