File dump_fw.c changed (mode: 100644) (index d0254dd..65c74a4) |
51 |
51 |
* Apart from the header, the output format is compatible with the |
* Apart from the header, the output format is compatible with the |
52 |
52 |
* spectrum_cs image. The header is arbitrary. |
* spectrum_cs image. The header is arbitrary. |
53 |
53 |
* |
* |
54 |
|
* TODO: ensure the output is LE, rather than relying on x86 byte orderring |
|
55 |
54 |
*/ |
*/ |
56 |
55 |
|
|
57 |
56 |
#include <stdio.h> |
#include <stdio.h> |
|
63 |
62 |
#define STA_SUFFIX "_sta.fw" |
#define STA_SUFFIX "_sta.fw" |
64 |
63 |
#define VERSION "HFW000" |
#define VERSION "HFW000" |
65 |
64 |
|
|
|
65 |
|
/* 0xAABB to 0xBBAA */ |
|
66 |
|
#define swap_bytes_16(value) \ |
|
67 |
|
((((value) >> 8) & 0xFF) | \ |
|
68 |
|
(((value) & 0xFF) << 8)) |
|
69 |
|
/* 0xAABBCCDD to 0xDDCCBBAA */ |
|
70 |
|
#define reverse_bytes_32(value) \ |
|
71 |
|
((((value) >> 24) & 0x0000FF) | \ |
|
72 |
|
(((value) >> 8) & 0x00FF00) | \ |
|
73 |
|
(((value) << 8) & 0xFF0000) | \ |
|
74 |
|
(((value) & 0xFF) << 24)) |
|
75 |
|
/* 0xAABBCCDD to 0xBBAADDCC */ |
|
76 |
|
#define swap_bytes_32(value) \ |
|
77 |
|
((((value) >> 8) & 0x00FF00FF) | \ |
|
78 |
|
(((value) << 8) & 0xFF00FF00)) |
|
79 |
|
/* 0xAABBCCDD to 0xCCDDAABB */ |
|
80 |
|
#define swap_words_32(value) \ |
|
81 |
|
((((value) >> 16) & 0x0000FFFF) | \ |
|
82 |
|
(((value) << 16) & 0xFFFF0000)) |
|
83 |
|
|
|
84 |
|
/* address 0 1 2 3 */ |
|
85 |
|
/* Pure LE stores 0x12345678 as 0x78 0x56 0x34 0x12 */ |
|
86 |
|
/* Pure BE stores 0x12345678 as 0x12 0x34 0x56 0x78 */ |
|
87 |
|
/* BEW+LEB stores 0x12345678 as 0x34 0x12 0x78 0x56 */ |
|
88 |
|
/* LEW+BEB stores 0x12345678 as 0x56 0x78 0x12 0x34 */ |
|
89 |
|
int host_bytes_in_word_be = 0; |
|
90 |
|
int host_words_in_dword_be = 0; |
|
91 |
|
|
|
92 |
|
#define host_to_le16(value) \ |
|
93 |
|
host_bytes_in_word_be ? swap_bytes_16(value) : (value); |
|
94 |
|
#define host_to_le32(value) \ |
|
95 |
|
host_words_in_dword_be ? \ |
|
96 |
|
(host_bytes_in_word_be ? reverse_bytes_32(value) \ |
|
97 |
|
: swap_bytes_32(value)) : \ |
|
98 |
|
(host_bytes_in_word_be ? swap_words_32(value) : (value)); |
|
99 |
|
|
|
100 |
|
#define le16_to_host(value) \ |
|
101 |
|
host_bytes_in_word_be ? swap_bytes_16(value) : (value); |
|
102 |
|
#define le32_to_host(value) \ |
|
103 |
|
host_words_in_dword_be ? \ |
|
104 |
|
(host_bytes_in_word_be ? reverse_bytes_32(value) \ |
|
105 |
|
: swap_bytes_32(value)) : \ |
|
106 |
|
(host_bytes_in_word_be ? swap_words_32(value) : (value)); |
|
107 |
|
|
|
108 |
|
typedef unsigned int u32; |
|
109 |
|
typedef unsigned short u16; |
|
110 |
|
typedef unsigned char u8; |
|
111 |
|
|
|
112 |
|
/* Checking endianess at runtime because performance isn't an issue, |
|
113 |
|
* and I'd rather not add a configure step since this is slotting into the |
|
114 |
|
* Agere source code. */ |
|
115 |
|
void check_endianess(void) { |
|
116 |
|
union { |
|
117 |
|
u32 dword; |
|
118 |
|
u16 word[2]; |
|
119 |
|
u8 byte[4]; |
|
120 |
|
} data; |
|
121 |
|
|
|
122 |
|
data.dword = 0x12345678; |
|
123 |
|
if (data.word[0] == 0x1234) { |
|
124 |
|
host_words_in_dword_be = 1; |
|
125 |
|
} |
|
126 |
|
else if (data.word[0] == 0x5678) { |
|
127 |
|
host_words_in_dword_be = 0; |
|
128 |
|
} else { |
|
129 |
|
fprintf(stderr, "Can't determine endianess of host!\n"); |
|
130 |
|
exit(1); |
|
131 |
|
} |
|
132 |
|
|
|
133 |
|
data.word[0] = 0x1234; |
|
134 |
|
if (data.byte[0] == 0x12) { |
|
135 |
|
host_bytes_in_word_be = 1; |
|
136 |
|
} else if (data.byte[0] == 0x34) { |
|
137 |
|
host_bytes_in_word_be = 0; |
|
138 |
|
} else { |
|
139 |
|
fprintf(stderr, "Can't determine endianess of host!\n"); |
|
140 |
|
} |
|
141 |
|
|
|
142 |
|
if (host_bytes_in_word_be == host_words_in_dword_be) { |
|
143 |
|
fprintf (stdout, "Detected %s host\n", |
|
144 |
|
host_bytes_in_word_be ? "big endian" : "little endian"); |
|
145 |
|
} else { |
|
146 |
|
fprintf (stdout, "Detected host with mixed endianess\n"); |
|
147 |
|
} |
|
148 |
|
return; |
|
149 |
|
} |
66 |
150 |
|
|
67 |
151 |
size_t count_blocks(memimage *image) |
size_t count_blocks(memimage *image) |
68 |
152 |
{ |
{ |
69 |
|
CFG_PROG_STRCT *p = image->codep; |
|
|
153 |
|
#if __wl_lkm < 718 |
|
154 |
|
# define MEMBLOCK memblock |
|
155 |
|
# define BLKSIZE p->size |
|
156 |
|
# define IF_HAVE_SEGMENT |
|
157 |
|
#else |
|
158 |
|
# define MEMBLOCK CFG_PROG_STRCT |
|
159 |
|
# define BLKSIZE p->len |
|
160 |
|
# define IF_HAVE_SEGMENT if (p->segment_size) |
|
161 |
|
#endif |
|
162 |
|
|
|
163 |
|
MEMBLOCK *p = image->codep; |
70 |
164 |
size_t count = 0; |
size_t count = 0; |
71 |
|
while (p->len) |
|
|
165 |
|
while (BLKSIZE) |
72 |
166 |
{ |
{ |
73 |
167 |
/* Ignore zero data segments which will not be written */ |
/* Ignore zero data segments which will not be written */ |
74 |
|
if (p->segment_size) |
|
|
168 |
|
IF_HAVE_SEGMENT |
|
169 |
|
{ |
75 |
170 |
count++; |
count++; |
|
171 |
|
} |
76 |
172 |
p++; |
p++; |
77 |
173 |
} |
} |
78 |
174 |
return count; |
return count; |
79 |
175 |
} |
} |
80 |
176 |
|
|
|
177 |
|
|
81 |
178 |
size_t count_pdr(plugrecord *r) |
size_t count_pdr(plugrecord *r) |
82 |
179 |
{ |
{ |
83 |
180 |
size_t count = 0; |
size_t count = 0; |
|
... |
... |
size_t count_pdr(plugrecord *r) |
94 |
191 |
|
|
95 |
192 |
size_t acc_block_size(memimage *image) |
size_t acc_block_size(memimage *image) |
96 |
193 |
{ |
{ |
97 |
|
CFG_PROG_STRCT *p = image->codep; |
|
|
194 |
|
#if __wl_lkm < 718 |
|
195 |
|
# define MEMBLOCK memblock |
|
196 |
|
# define BLKSIZE p->size |
|
197 |
|
# define SEGSIZE p->size |
|
198 |
|
# define IF_HAVE_SEGMENT |
|
199 |
|
#else |
|
200 |
|
# define MEMBLOCK CFG_PROG_STRCT |
|
201 |
|
# define BLKSIZE p->len |
|
202 |
|
# define SEGSIZE p->segment_size |
|
203 |
|
# define IF_HAVE_SEGMENT if (p->segment_size) |
|
204 |
|
#endif |
|
205 |
|
|
|
206 |
|
MEMBLOCK *p = image->codep; |
98 |
207 |
size_t len = 0; |
size_t len = 0; |
99 |
|
while (p->len) |
|
|
208 |
|
while (BLKSIZE) |
100 |
209 |
{ |
{ |
101 |
|
if (p->segment_size) |
|
102 |
|
len += p->segment_size; |
|
|
210 |
|
/* Ignore zero data segments which will not be written */ |
|
211 |
|
IF_HAVE_SEGMENT |
|
212 |
|
{ |
|
213 |
|
len += SEGSIZE; |
|
214 |
|
} |
103 |
215 |
p++; |
p++; |
104 |
216 |
} |
} |
105 |
217 |
return len; |
return len; |
106 |
218 |
} |
} |
107 |
219 |
|
|
108 |
|
typedef unsigned int u32; |
|
109 |
|
typedef unsigned short u16; |
|
110 |
|
|
|
111 |
220 |
void dump_blocks(FILE* f, memimage *image) |
void dump_blocks(FILE* f, memimage *image) |
112 |
221 |
{ |
{ |
113 |
|
CFG_PROG_STRCT *p = image->codep; |
|
114 |
|
u32 end_addr = 0xFFFFFFFFu; /* Agree with spectrum BLOCK_END */ |
|
115 |
|
u16 end_size = 0u; /* a sensible size that won't screw the reader */ |
|
116 |
|
while (p->len) |
|
|
222 |
|
#if __wl_lkm < 718 |
|
223 |
|
# define MEMBLOCK memblock |
|
224 |
|
# define BLKSIZE p->size |
|
225 |
|
# define SEGSIZE p->size |
|
226 |
|
# define NICADDR p->addr |
|
227 |
|
# define SEGDATA &(p->data[4]) /* Avoid initial CRC */ |
|
228 |
|
# define IF_HAVE_SEGMENT |
|
229 |
|
#else |
|
230 |
|
# define MEMBLOCK CFG_PROG_STRCT |
|
231 |
|
# define BLKSIZE p->len |
|
232 |
|
# define SEGSIZE p->segment_size |
|
233 |
|
# define NICADDR p->nic_addr |
|
234 |
|
# define SEGDATA p->host_addr |
|
235 |
|
# define IF_HAVE_SEGMENT if (p->segment_size) |
|
236 |
|
#endif |
|
237 |
|
|
|
238 |
|
MEMBLOCK *p = image->codep; |
|
239 |
|
u8 block_hdr[sizeof(NICADDR) + sizeof(SEGSIZE)]; |
|
240 |
|
u32 *addr = (u32 *) &block_hdr[0]; |
|
241 |
|
u16 *size = (u16 *) &block_hdr[sizeof(NICADDR)]; |
|
242 |
|
|
|
243 |
|
while (BLKSIZE) |
117 |
244 |
{ |
{ |
118 |
|
if (p->segment_size) |
|
|
245 |
|
IF_HAVE_SEGMENT |
119 |
246 |
{ |
{ |
120 |
247 |
/* There is data to program in this block */ |
/* There is data to program in this block */ |
121 |
|
fwrite (&p->nic_addr, 1, sizeof(p->nic_addr), f); |
|
122 |
|
fwrite (&p->segment_size, 1, sizeof(p->segment_size), f); |
|
123 |
|
fwrite (p->host_addr, 1, p->segment_size, f); |
|
|
248 |
|
*addr = host_to_le32(NICADDR); |
|
249 |
|
*size = host_to_le16(SEGSIZE); |
|
250 |
|
fwrite (&block_hdr, 1, sizeof(block_hdr), f); |
|
251 |
|
fwrite (SEGDATA, 1, SEGSIZE, f); |
124 |
252 |
} |
} |
125 |
|
/* else PROG_STOP, entry point command, or terminating block */ |
|
126 |
253 |
p++; |
p++; |
127 |
254 |
} |
} |
128 |
|
fwrite (&end_addr, 1, sizeof(end_addr), f); |
|
129 |
|
fwrite (&end_size, 1, sizeof(end_size), f); |
|
|
255 |
|
*addr = host_to_le32(0xFFFFFFFFu); /* Agree with spectrum BLOCK_END */ |
|
256 |
|
*size = host_to_le16(0u); |
|
257 |
|
|
|
258 |
|
fwrite (&block_hdr, 1, sizeof(block_hdr), f); |
130 |
259 |
|
|
131 |
260 |
return; |
return; |
132 |
261 |
} |
} |
133 |
262 |
|
|
134 |
263 |
void dump_pdr(FILE *f, plugrecord *r) |
void dump_pdr(FILE *f, plugrecord *r) |
135 |
264 |
{ |
{ |
136 |
|
u32 end = 0u; |
|
|
265 |
|
u8 pdr[sizeof(r->code) + sizeof(r->addr) + sizeof(r->len)]; |
|
266 |
|
u32 *code = (u32*) &pdr[0]; |
|
267 |
|
u32 *addr = (u32*) &pdr[sizeof(r->code)]; |
|
268 |
|
u32 *len = (u32*) &pdr[sizeof(r->code) + sizeof(r->addr)]; |
137 |
269 |
|
|
138 |
270 |
if (!r) |
if (!r) |
139 |
271 |
goto terminate; |
goto terminate; |
140 |
272 |
|
|
141 |
273 |
while (r->code) |
while (r->code) |
142 |
274 |
{ |
{ |
143 |
|
fwrite(&r->code, 1, sizeof(r->code), f); |
|
144 |
|
fwrite(&r->addr, 1, sizeof(r->addr), f); |
|
145 |
|
fwrite(&r->len, 1, sizeof(r->len), f); |
|
|
275 |
|
*code = host_to_le32(r->code); |
|
276 |
|
*addr = host_to_le32(r->addr); |
|
277 |
|
*len = host_to_le32(r->len); |
|
278 |
|
fwrite(&pdr, 1, sizeof(pdr), f); |
146 |
279 |
r++; |
r++; |
147 |
280 |
} |
} |
148 |
281 |
terminate: |
terminate: |
149 |
282 |
/* Terminate the PDR list */ |
/* Terminate the PDR list */ |
150 |
|
fwrite(&end, 1, sizeof(end), f); |
|
151 |
|
fwrite(&end, 1, sizeof(end), f); |
|
152 |
|
fwrite(&end, 1, sizeof(end), f); |
|
|
283 |
|
*code = 0; |
|
284 |
|
*addr = 0; |
|
285 |
|
*len = 0; |
|
286 |
|
fwrite(&pdr, 1, sizeof(pdr), f); |
153 |
287 |
return; |
return; |
154 |
288 |
} |
} |
155 |
289 |
|
|
156 |
290 |
void dump_image(FILE* f, memimage *image) |
void dump_image(FILE* f, memimage *image) |
157 |
291 |
{ |
{ |
|
292 |
|
u32 image_header[6]; |
158 |
293 |
u32 blocks = count_blocks(image); |
u32 blocks = count_blocks(image); |
159 |
294 |
u32 blk_offset = 0; /* Immediately after header */ |
u32 blk_offset = 0; /* Immediately after header */ |
160 |
295 |
u32 pdr_offset = (acc_block_size(image) + |
u32 pdr_offset = (acc_block_size(image) + |
|
... |
... |
void dump_image(FILE* f, memimage *image) |
165 |
300 |
((count_pdr(image->priplug) + 1) * sizeof(u32) * 3); |
((count_pdr(image->priplug) + 1) * sizeof(u32) * 3); |
166 |
301 |
u16 headersize = ((sizeof(VERSION)-1) + |
u16 headersize = ((sizeof(VERSION)-1) + |
167 |
302 |
sizeof(u16) + |
sizeof(u16) + |
168 |
|
(sizeof(u32)*6) + |
|
169 |
|
sizeof(image->signature)); |
|
170 |
|
|
|
|
303 |
|
(sizeof(u32)*6) |
|
304 |
|
#if __wl_lkm >= 718 |
|
305 |
|
+ sizeof(image->signature) |
|
306 |
|
#endif |
|
307 |
|
); |
|
308 |
|
u32 *ptr = &image_header[0]; |
171 |
309 |
fwrite (VERSION, 1, sizeof(VERSION)-1, f); |
fwrite (VERSION, 1, sizeof(VERSION)-1, f); |
|
310 |
|
headersize = host_to_le16(headersize); |
172 |
311 |
fwrite (&headersize, 1, sizeof(headersize), f); |
fwrite (&headersize, 1, sizeof(headersize), f); |
173 |
|
fwrite (&image->execution, 1, sizeof(image->execution), f); |
|
174 |
|
fwrite (&blocks, 1, sizeof(blocks), f); |
|
175 |
|
fwrite (&blk_offset, 1, sizeof(blk_offset), f); |
|
176 |
|
fwrite (&pdr_offset, 1, sizeof(pdr_offset), f); |
|
177 |
|
fwrite (&pri_offset, 1, sizeof(pri_offset), f); |
|
178 |
|
fwrite (&cpt_offset, 1, sizeof(cpt_offset), f); |
|
|
312 |
|
|
|
313 |
|
*ptr = host_to_le32(image->execution); |
|
314 |
|
ptr++; |
|
315 |
|
*ptr = host_to_le32(blocks); |
|
316 |
|
ptr++; |
|
317 |
|
*ptr = host_to_le32(blk_offset); |
|
318 |
|
ptr++; |
|
319 |
|
*ptr = host_to_le32(pdr_offset); |
|
320 |
|
ptr++; |
|
321 |
|
*ptr = host_to_le32(pri_offset); |
|
322 |
|
ptr++; |
|
323 |
|
*ptr = host_to_le32(cpt_offset); |
|
324 |
|
ptr++; |
|
325 |
|
fwrite (&image_header, 1, sizeof(image_header), f); |
|
326 |
|
#if __wl_lkm >= 718 |
179 |
327 |
fwrite (&image->signature, 1, sizeof(image->signature), f); |
fwrite (&image->signature, 1, sizeof(image->signature), f); |
|
328 |
|
#endif |
180 |
329 |
|
|
181 |
330 |
dump_blocks(f, image); |
dump_blocks(f, image); |
182 |
331 |
dump_pdr(f, image->pdaplug); |
dump_pdr(f, image->pdaplug); |
|
... |
... |
int main (int argc, char** argv) |
207 |
356 |
return 1; |
return 1; |
208 |
357 |
} |
} |
209 |
358 |
|
|
|
359 |
|
check_endianess(); |
|
360 |
|
|
210 |
361 |
len = strlen(argv[1]); |
len = strlen(argv[1]); |
211 |
362 |
ap_filename = malloc(len + sizeof(AP_SUFFIX) + 1); |
ap_filename = malloc(len + sizeof(AP_SUFFIX) + 1); |
212 |
363 |
if (!ap_filename) |
if (!ap_filename) |
|
... |
... |
int main (int argc, char** argv) |
228 |
379 |
{ |
{ |
229 |
380 |
dump_image(ap_file, &ap); |
dump_image(ap_file, &ap); |
230 |
381 |
fclose(ap_file); |
fclose(ap_file); |
|
382 |
|
fprintf (stdout, "Written %s\n", ap_filename); |
231 |
383 |
} |
} |
232 |
384 |
free(ap_filename); |
free(ap_filename); |
233 |
385 |
|
|
|
... |
... |
int main (int argc, char** argv) |
251 |
403 |
{ |
{ |
252 |
404 |
dump_image(sta_file, &station); |
dump_image(sta_file, &station); |
253 |
405 |
fclose(sta_file); |
fclose(sta_file); |
|
406 |
|
fprintf (stdout, "Written %s\n", sta_filename); |
254 |
407 |
} |
} |
255 |
408 |
free(sta_filename); |
free(sta_filename); |
256 |
409 |
|
|
File hfwget.c changed (mode: 100644) (index c3f0952..a7a3b4c) |
2 |
2 |
* Hermes AP firmware extractor for Windows drivers (c) 2003 by Mark Smith |
* Hermes AP firmware extractor for Windows drivers (c) 2003 by Mark Smith |
3 |
3 |
* This may be distributed freely under the GPL v2 so long as this copyright |
* This may be distributed freely under the GPL v2 so long as this copyright |
4 |
4 |
* notice is included. |
* notice is included. |
|
5 |
|
* |
|
6 |
|
* Following modifications (c) 2007 David Kilroy |
|
7 |
|
* primary plug data |
|
8 |
|
* compatibility info |
|
9 |
|
* firmware identification |
|
10 |
|
* unidentified drivers (guesswork for wldel48b, and old wlluc48) |
|
11 |
|
* binary output format for linux kernel driver |
|
12 |
|
* |
|
13 |
|
* These modifications may be distributed freely under the GPL v2 so |
|
14 |
|
* long as this copyright notice is included. |
5 |
15 |
*/ |
*/ |
6 |
16 |
#include <stdio.h> |
#include <stdio.h> |
7 |
17 |
#include <stdlib.h> |
#include <stdlib.h> |
|
... |
... |
struct _plugarray { |
23 |
33 |
unsigned int length; |
unsigned int length; |
24 |
34 |
}; |
}; |
25 |
35 |
|
|
|
36 |
|
struct _ident_info { |
|
37 |
|
unsigned short int size; |
|
38 |
|
unsigned short int code; |
|
39 |
|
unsigned short int comp_id; |
|
40 |
|
unsigned short int variant; |
|
41 |
|
unsigned short int version_major; |
|
42 |
|
unsigned short int version_minor; |
|
43 |
|
}; |
|
44 |
|
|
|
45 |
|
struct _compat_info { |
|
46 |
|
unsigned short int size; |
|
47 |
|
unsigned short int code; |
|
48 |
|
unsigned short int role; |
|
49 |
|
unsigned short int id; |
|
50 |
|
struct |
|
51 |
|
{ |
|
52 |
|
unsigned short int variant; |
|
53 |
|
unsigned short int bottom; |
|
54 |
|
unsigned short int top; |
|
55 |
|
} range[20]; |
|
56 |
|
}; |
|
57 |
|
|
26 |
58 |
struct firmwareblock { |
struct firmwareblock { |
27 |
|
struct _segarray *segarray; |
|
28 |
|
unsigned int halfentry; |
|
29 |
|
struct _plugarray *plugarray; |
|
|
59 |
|
struct _segarray *segarray; |
|
60 |
|
unsigned int halfentry; |
|
61 |
|
struct _plugarray *plugarray; |
|
62 |
|
struct _plugarray *pri_plugarray; |
|
63 |
|
struct _compat_info *compat; |
|
64 |
|
struct _ident_info *ident; |
30 |
65 |
} *firmware; |
} *firmware; |
31 |
66 |
|
|
|
67 |
|
static const struct |
|
68 |
|
{ |
|
69 |
|
unsigned short int id; |
|
70 |
|
char *comp_string; |
|
71 |
|
} compat_table[] = |
|
72 |
|
{ |
|
73 |
|
/* Firmware type */ |
|
74 |
|
{ 21, "Primary firmware" }, |
|
75 |
|
{ 22, "Intermediate firmware" }, |
|
76 |
|
{ 31, "Station firmware" }, |
|
77 |
|
{ 32, "AP firmware" }, |
|
78 |
|
|
|
79 |
|
/* Driver type */ |
|
80 |
|
{ 41, "Windows 9x/NT Miniport NDIS 3.1" }, |
|
81 |
|
{ 42, "Packet" }, |
|
82 |
|
{ 43, "DOS ODI" }, |
|
83 |
|
{ 44, "32 bit ODI" }, |
|
84 |
|
{ 45, "Mac OS" }, |
|
85 |
|
{ 46, "Windows CE Miniport" }, |
|
86 |
|
{ 47, "Linux HCF-light based (public domain)" }, |
|
87 |
|
{ 48, "Windows 9x/NT Miniport NDIS 5.0" }, |
|
88 |
|
{ 49, "Linux HCF-library based" }, |
|
89 |
|
{ 50, "QNX" }, |
|
90 |
|
{ 51, "Windows 9x/NT Miniport NDIS 5.0 USB" }, |
|
91 |
|
{ 52, "Windows 9x/NT Miniport NDIS 4.0" }, |
|
92 |
|
{ 53, "VxWorks END Station driver" }, |
|
93 |
|
{ 54, "VxWorks END Access Point driver" }, |
|
94 |
|
{ 55, "Mac OS?" }, |
|
95 |
|
{ 56, "VxWorks END Station/AP driver" }, |
32 |
96 |
|
|
33 |
|
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature, unsigned char hexchar); |
|
|
97 |
|
/* Others */ |
|
98 |
|
{ 63, "WaveLAN Station FW update utility" }, |
|
99 |
|
{ 81, "WaveLAN/IEEE AP" }, |
|
100 |
|
{ 83, "WaveLAN/IEEE Ethernet Converter" }, |
|
101 |
|
{ 87, "USB Boot Loader" }, |
|
102 |
|
}; |
|
103 |
|
|
|
104 |
|
static int savefirmware(unsigned char *data, |
|
105 |
|
unsigned int flen, |
|
106 |
|
unsigned int signature, |
|
107 |
|
unsigned char hexchar); |
34 |
108 |
|
|
35 |
109 |
/* |
/* |
36 |
110 |
* Main |
* Main |
37 |
111 |
*/ |
*/ |
38 |
112 |
int main(int argc, char *argv[]) |
int main(int argc, char *argv[]) |
39 |
113 |
{ |
{ |
40 |
|
FILE *input, *output; |
|
41 |
|
unsigned char *data, *offset, *end, *hexstringoffs, *page1start, *peheader; |
|
42 |
|
unsigned char hexstring[16]; |
|
43 |
|
unsigned int i, j, flen, found, imagebase, vfwoffs, fwblock; |
|
|
114 |
|
FILE *input; |
|
115 |
|
unsigned char *data; |
|
116 |
|
unsigned int flen; |
44 |
117 |
|
|
45 |
118 |
printf("Lucent Firmware Extractor v1.0 alpha\n(c) 2003 Mark Smith (username 'Mark' on HermesAP board)\n"); |
printf("Lucent Firmware Extractor v1.0 alpha\n(c) 2003 Mark Smith (username 'Mark' on HermesAP board)\n"); |
46 |
119 |
|
|
|
... |
... |
int main(int argc, char *argv[]) |
70 |
143 |
fclose(input); |
fclose(input); |
71 |
144 |
|
|
72 |
145 |
// Dump Tertiary firmware |
// Dump Tertiary firmware |
73 |
|
printf("\nAttempting to dump tertiary firmware:\n"); |
|
74 |
|
savefirmware(data, flen, 0xfbfe4461, 'T'); |
|
|
146 |
|
printf("\nAttempting to dump tertiary (AP) firmware:\n"); |
|
147 |
|
(void) savefirmware(data, flen, 0xfbfe4461, 'T'); |
75 |
148 |
printf("\nAttempting to dump station firmware:\n"); |
printf("\nAttempting to dump station firmware:\n"); |
76 |
|
savefirmware(data, flen, 0x63fc600f, 'R'); |
|
|
149 |
|
(void) savefirmware(data, flen, 0x63fc600f, 'R'); |
77 |
150 |
|
|
78 |
151 |
free(data); |
free(data); |
79 |
152 |
printf("\nAll dumps complete.\n\n"); |
printf("\nAll dumps complete.\n\n"); |
80 |
153 |
return 0; |
return 0; |
81 |
154 |
} |
} |
82 |
155 |
|
|
83 |
|
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature, unsigned char hexchar) |
|
|
156 |
|
#define GUESS_OFFSET 0xC000 |
|
157 |
|
#define GUESS_FILENAME "guess000.hex" |
|
158 |
|
|
|
159 |
|
/* Returns zero, or a negative number to indicate an error */ |
|
160 |
|
static int savefirmware(unsigned char *data, |
|
161 |
|
unsigned int flen, |
|
162 |
|
unsigned int signature, |
|
163 |
|
unsigned char hexchar) |
84 |
164 |
{ |
{ |
85 |
165 |
FILE *output; |
FILE *output; |
86 |
166 |
unsigned char *offset, *end, *hexstringoffs, *page1start, *peheader; |
unsigned char *offset, *end, *hexstringoffs, *page1start, *peheader; |
87 |
167 |
unsigned char hexstring[16]; |
unsigned char hexstring[16]; |
88 |
|
unsigned int i, j, found, imagebase, vfwoffs, fwblock; |
|
|
168 |
|
unsigned int i, found, imagebase, vfwoffs, fwblock; |
89 |
169 |
|
|
90 |
170 |
// Find the ?1XXYYZZ.HEX string |
// Find the ?1XXYYZZ.HEX string |
91 |
171 |
offset = data; |
offset = data; |
92 |
172 |
end = (unsigned char *)((unsigned int)data + flen); |
end = (unsigned char *)((unsigned int)data + flen); |
|
173 |
|
|
93 |
174 |
for (found = false; found == false && offset != NULL; ) { |
for (found = false; found == false && offset != NULL; ) { |
94 |
175 |
offset = memchr(offset, hexchar, (unsigned int)(end - offset)); |
offset = memchr(offset, hexchar, (unsigned int)(end - offset)); |
95 |
176 |
|
|
|
... |
... |
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature |
102 |
183 |
} |
} |
103 |
184 |
} |
} |
104 |
185 |
|
|
105 |
|
if (offset == NULL) { |
|
106 |
|
printf("%c-firmware not found!\n", hexchar); |
|
107 |
|
exit(-1); |
|
108 |
|
} |
|
|
186 |
|
if (offset != NULL) |
|
187 |
|
{ |
|
188 |
|
strncpy(hexstring, offset, 13); |
|
189 |
|
hexstring[13] = 0; |
109 |
190 |
|
|
110 |
|
strncpy(hexstring, offset, 13); |
|
111 |
|
hexstring[13] = 0; |
|
|
191 |
|
printf("Found firmware %s at file offset 0x%08x\n", |
|
192 |
|
hexstring, offset-data); |
|
193 |
|
} |
|
194 |
|
else |
|
195 |
|
{ |
|
196 |
|
printf("%c-firmware not found!\n", hexchar); |
|
197 |
|
printf("searching for signature from 0x%x\n", GUESS_OFFSET); |
|
198 |
|
|
|
199 |
|
strncpy(hexstring, GUESS_FILENAME,13); |
|
200 |
|
hexstring[13] = 0; |
|
201 |
|
offset = data + GUESS_OFFSET; |
|
202 |
|
} |
112 |
203 |
|
|
113 |
|
printf("Found firmware %s at file offset 0x%08x\n", hexstring, offset-data); |
|
114 |
204 |
printf("Searching for firmware start signature 0x%08x...\n", signature); |
printf("Searching for firmware start signature 0x%08x...\n", signature); |
115 |
205 |
|
|
116 |
206 |
// Really should use a mask here, but its not necessary for the moment. |
// Really should use a mask here, but its not necessary for the moment. |
|
... |
... |
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature |
121 |
211 |
|
|
122 |
212 |
if (found == false) { |
if (found == false) { |
123 |
213 |
printf("Signature not found!\n"); |
printf("Signature not found!\n"); |
124 |
|
exit(-2); |
|
|
214 |
|
return -2; |
125 |
215 |
} else { |
} else { |
126 |
216 |
page1start = offset; |
page1start = offset; |
127 |
217 |
|
|
|
... |
... |
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature |
129 |
219 |
} |
} |
130 |
220 |
|
|
131 |
221 |
peheader = (unsigned char *)(*(unsigned int *)(data + 0x3c)); |
peheader = (unsigned char *)(*(unsigned int *)(data + 0x3c)); |
132 |
|
printf("Reading DOS driver header...\nPE header located at file offset 0x%08x\n", peheader); |
|
|
222 |
|
printf("Reading DOS driver header...\nPE header located at file offset 0x%p\n", peheader); |
133 |
223 |
imagebase = (unsigned int)(*(unsigned int *)((unsigned int)peheader + (unsigned int)data + 0x34)); |
imagebase = (unsigned int)(*(unsigned int *)((unsigned int)peheader + (unsigned int)data + 0x34)); |
134 |
224 |
vfwoffs = (unsigned int)((unsigned int)page1start - (unsigned int)data + imagebase); |
vfwoffs = (unsigned int)((unsigned int)page1start - (unsigned int)data + imagebase); |
135 |
225 |
printf("PE imagebase is 0x%08x, therefore virtual offset of firmware is 0x%08x\n", |
printf("PE imagebase is 0x%08x, therefore virtual offset of firmware is 0x%08x\n", |
|
... |
... |
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature |
145 |
235 |
fwblock = (unsigned int)offset - 7 + imagebase - (unsigned int)data; |
fwblock = (unsigned int)offset - 7 + imagebase - (unsigned int)data; |
146 |
236 |
if (found == false) { |
if (found == false) { |
147 |
237 |
printf("Tertiary table not found - contact Mark!\n"); |
printf("Tertiary table not found - contact Mark!\n"); |
148 |
|
exit(-3); |
|
|
238 |
|
return -3; |
149 |
239 |
} else { |
} else { |
150 |
240 |
printf("Found at virtual offset 0x%08x\n", fwblock); |
printf("Found at virtual offset 0x%08x\n", fwblock); |
151 |
241 |
} |
} |
|
... |
... |
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature |
159 |
249 |
firmware = (struct firmwareblock *)++offset; |
firmware = (struct firmwareblock *)++offset; |
160 |
250 |
if (found == false) { |
if (found == false) { |
161 |
251 |
printf("Main table not found - contact Mark!\n"); |
printf("Main table not found - contact Mark!\n"); |
162 |
|
exit(-4); |
|
|
252 |
|
return -4; |
163 |
253 |
} else { |
} else { |
164 |
254 |
printf("Found at file offset 0x%08x\n", offset - data); |
printf("Found at file offset 0x%08x\n", offset - data); |
165 |
255 |
} |
} |
166 |
256 |
|
|
167 |
257 |
|
|
168 |
258 |
printf("Entry point at 0x%08x\n", firmware->halfentry * 2); |
printf("Entry point at 0x%08x\n", firmware->halfentry * 2); |
169 |
|
(unsigned int)firmware->segarray += (unsigned int)data - imagebase; |
|
|
259 |
|
firmware->segarray = (struct _segarray *) |
|
260 |
|
((unsigned int)firmware->segarray + |
|
261 |
|
(unsigned int)data - imagebase); |
170 |
262 |
for (i = 0; i < 4 && firmware->segarray[i].offset != 0; i++) { |
for (i = 0; i < 4 && firmware->segarray[i].offset != 0; i++) { |
171 |
|
(unsigned int)firmware->segarray[i].data -= imagebase - 4; |
|
|
263 |
|
unsigned int temp = |
|
264 |
|
((unsigned int)firmware->segarray[i].data - (imagebase - 4)); |
|
265 |
|
firmware->segarray[i].data = (unsigned char *) (temp + data); |
172 |
266 |
printf("Segment: %d File offs: 0x%08x Target mem: 0x%08x Length 0x%08x\n", |
printf("Segment: %d File offs: 0x%08x Target mem: 0x%08x Length 0x%08x\n", |
173 |
267 |
i, |
i, |
174 |
|
firmware->segarray[i].data, |
|
|
268 |
|
temp, |
175 |
269 |
firmware->segarray[i].offset, |
firmware->segarray[i].offset, |
176 |
270 |
firmware->segarray[i].size); |
firmware->segarray[i].size); |
177 |
271 |
} |
} |
178 |
|
printf("Plugrecords at file offset 0x%08x\n", (unsigned int)firmware->plugarray - imagebase); |
|
|
272 |
|
printf("Production Data plugrecords at file offset 0x%08x\n", (unsigned int)firmware->plugarray - imagebase); |
179 |
273 |
|
|
180 |
274 |
hexstring[9] = 0; |
hexstring[9] = 0; |
181 |
275 |
strcat(hexstring, "hfw"); |
strcat(hexstring, "hfw"); |
|
... |
... |
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature |
183 |
277 |
printf("Dumping to %s...\n", hexstring); |
printf("Dumping to %s...\n", hexstring); |
184 |
278 |
if ((output = fopen(hexstring, "wb")) == NULL) { |
if ((output = fopen(hexstring, "wb")) == NULL) { |
185 |
279 |
printf("Unable to open %s, aborting.\n", hexstring); |
printf("Unable to open %s, aborting.\n", hexstring); |
186 |
|
exit(-5); |
|
|
280 |
|
return -5; |
187 |
281 |
} |
} |
188 |
282 |
|
|
189 |
|
(unsigned int)firmware->plugarray += (unsigned int)data - imagebase; |
|
|
283 |
|
firmware->plugarray = (struct _plugarray *) |
|
284 |
|
((unsigned int)firmware->plugarray + |
|
285 |
|
(unsigned int)data - imagebase); |
190 |
286 |
|
|
|
287 |
|
|
|
288 |
|
printf("Primary plugrecords at file offset 0x%08x\n", (unsigned int)firmware->pri_plugarray - imagebase); |
|
289 |
|
printf("Compatibility info at file offset 0x%08x\n", (unsigned int)firmware->compat - imagebase); |
|
290 |
|
printf("Identity info at file offset 0x%08x\n", (unsigned int)firmware->ident - imagebase); |
|
291 |
|
|
|
292 |
|
firmware->pri_plugarray = (struct _plugarray *) |
|
293 |
|
((unsigned int) firmware->pri_plugarray + |
|
294 |
|
(unsigned int)data - imagebase); |
|
295 |
|
firmware->compat = (struct _compat_info *) |
|
296 |
|
((unsigned int)firmware->compat + |
|
297 |
|
(unsigned int)data - imagebase); |
|
298 |
|
firmware->ident = (struct _ident_info *) |
|
299 |
|
((unsigned int)firmware->ident + |
|
300 |
|
(unsigned int)data - imagebase); |
|
301 |
|
|
|
302 |
|
if (firmware->ident->code == 0xFD20u) |
|
303 |
|
{ |
|
304 |
|
for (i = 0; |
|
305 |
|
i < sizeof(compat_table)/sizeof(compat_table[0]); |
|
306 |
|
i++) |
|
307 |
|
{ |
|
308 |
|
if (compat_table[i].id == firmware->ident->comp_id) |
|
309 |
|
break; |
|
310 |
|
} |
|
311 |
|
/* Print FW ident information */ |
|
312 |
|
printf("Firmware identity: %s, Variant %d Version %d.%2d\n", |
|
313 |
|
compat_table[i].comp_string, |
|
314 |
|
firmware->ident->variant, |
|
315 |
|
firmware->ident->version_major, |
|
316 |
|
firmware->ident->version_minor); |
|
317 |
|
} |
|
318 |
|
|
|
319 |
|
#if 0 /* original hermesap format */ |
191 |
320 |
fprintf(output, "HFW1\nENTRY %08X\n", firmware->halfentry * 2); |
fprintf(output, "HFW1\nENTRY %08X\n", firmware->halfentry * 2); |
192 |
321 |
for (i = 0; firmware->plugarray[i].code != 0; i++) { |
for (i = 0; firmware->plugarray[i].code != 0; i++) { |
193 |
322 |
fprintf(output, "PLUG %08X %08X %08X\n", |
fprintf(output, "PLUG %08X %08X %08X\n", |
|
... |
... |
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature |
196 |
325 |
firmware->plugarray[i].length); |
firmware->plugarray[i].length); |
197 |
326 |
} |
} |
198 |
327 |
|
|
199 |
|
for (i = 0; firmware->segarray[i].offset != 0; i++) { |
|
200 |
|
(unsigned int)firmware->segarray[i].data += (unsigned int)data; |
|
|
328 |
|
for (i = 0; firmware->segarray[i].offset != 0; i++) |
|
329 |
|
{ |
|
330 |
|
unsigned int j; |
201 |
331 |
if (i != 0) |
if (i != 0) |
202 |
332 |
fprintf(output, "\n"); |
fprintf(output, "\n"); |
203 |
333 |
fprintf(output, "SEG %08X %08X %08X", |
fprintf(output, "SEG %08X %08X %08X", |
|
... |
... |
void savefirmware(unsigned char *data, unsigned int flen, unsigned int signature |
216 |
346 |
} |
} |
217 |
347 |
|
|
218 |
348 |
fputc('\n', output); |
fputc('\n', output); |
|
349 |
|
#else /* binary kernel format */ |
|
350 |
|
/* Note: does not deal with BE/LE issues */ |
|
351 |
|
{ |
|
352 |
|
unsigned long int l = 0; |
|
353 |
|
unsigned short int s = 0; |
|
354 |
|
unsigned long int prev_offset = 0; |
|
355 |
|
fwrite ("HFW000", 1, 6, output); |
|
356 |
|
s = 6 + 2 + (6*4) + 16; // headersize |
|
357 |
|
fwrite (&s, 1, sizeof(s), output); |
|
358 |
|
l = firmware->halfentry; // entrypoint |
|
359 |
|
fwrite (&l, 1, sizeof(l), output); |
|
360 |
|
l = 2; // number of blocks, hardcoded for now |
|
361 |
|
fwrite (&l, 1, sizeof(l), output); |
|
362 |
|
l = 0; // offset to block data |
|
363 |
|
fwrite (&l, 1, sizeof(l), output); |
|
364 |
|
|
|
365 |
|
// pdr offset |
|
366 |
|
l = 0; |
|
367 |
|
for (s = 0; firmware->segarray[s].offset != 0; s++) |
|
368 |
|
{ |
|
369 |
|
l += firmware->segarray[s].size; |
|
370 |
|
} |
|
371 |
|
l = l + (s + 1) * (4 + 2); |
|
372 |
|
fwrite (&l, 1, sizeof(l), output); |
|
373 |
|
|
|
374 |
|
// pri offset |
|
375 |
|
prev_offset = l; |
|
376 |
|
for (l = 0; firmware->plugarray[l].code != 0; l++); |
|
377 |
|
l = prev_offset + (l+1) * 4 * 3; |
|
378 |
|
fwrite (&l, 1, sizeof(l), output); |
|
379 |
|
|
|
380 |
|
// cpt offset |
|
381 |
|
prev_offset = l; |
|
382 |
|
for (l = 0; firmware->pri_plugarray[l].code != 0; l++); |
|
383 |
|
l = prev_offset + (l+1) * 4 * 3; |
|
384 |
|
fwrite (&l, 1, sizeof(l), output); |
|
385 |
|
fwrite ("1234567890123456",1,16,output); // fw sig |
|
386 |
|
|
|
387 |
|
for (i = 0; firmware->segarray[i].offset != 0; i++) |
|
388 |
|
{ |
|
389 |
|
l = firmware->segarray[i].offset; // addr |
|
390 |
|
s = firmware->segarray[i].size; // size |
|
391 |
|
|
|
392 |
|
if (s > 0) |
|
393 |
|
{ |
|
394 |
|
fwrite(&l, 1, sizeof(l), output); |
|
395 |
|
fwrite(&s, 1, sizeof(s), output); |
|
396 |
|
fwrite(firmware->segarray[i].data,1,s,output); // data |
|
397 |
|
} |
|
398 |
|
} |
|
399 |
|
l = 0xFFFFFFFFu; // set block end |
|
400 |
|
s = 0; |
|
401 |
|
fwrite(&l, 1, sizeof(l), output); |
|
402 |
|
fwrite(&s, 1, sizeof(s), output); |
|
403 |
|
|
|
404 |
|
for (i = 0; firmware->plugarray[i].code != 0; i++) { |
|
405 |
|
l = firmware->plugarray[i].code; |
|
406 |
|
fwrite(&l, 1, sizeof(l), output); |
|
407 |
|
l = firmware->plugarray[i].targ_off; |
|
408 |
|
fwrite(&l, 1, sizeof(l), output); |
|
409 |
|
l = firmware->plugarray[i].length; |
|
410 |
|
fwrite(&l, 1, sizeof(l), output); |
|
411 |
|
} |
|
412 |
|
l = 0; // pdr end |
|
413 |
|
fwrite(&l, 1, sizeof(l), output); |
|
414 |
|
fwrite(&l, 1, sizeof(l), output); |
|
415 |
|
fwrite(&l, 1, sizeof(l), output); |
|
416 |
|
|
|
417 |
|
for (i = 0; firmware->pri_plugarray[i].code != 0; i++) { |
|
418 |
|
l = firmware->pri_plugarray[i].code; |
|
419 |
|
fwrite(&l, 1, sizeof(l), output); |
|
420 |
|
l = firmware->pri_plugarray[i].targ_off; |
|
421 |
|
fwrite(&l, 1, sizeof(l), output); |
|
422 |
|
l = firmware->pri_plugarray[i].length; |
|
423 |
|
fwrite(&l, 1, sizeof(l), output); |
|
424 |
|
} |
|
425 |
|
l = 0; // pdr end |
|
426 |
|
fwrite(&l, 1, sizeof(l), output); |
|
427 |
|
fwrite(&l, 1, sizeof(l), output); |
|
428 |
|
fwrite(&l, 1, sizeof(l), output); |
|
429 |
|
} |
|
430 |
|
#endif |
219 |
431 |
fclose(output); |
fclose(output); |
220 |
432 |
printf("Dump of %s complete.\n", hexstring); |
printf("Dump of %s complete.\n", hexstring); |
|
433 |
|
|
|
434 |
|
return 0; /* success */ |
221 |
435 |
} |
} |