More utilities

SenaBitWiggler/ASMQuälcode.txt

@@ -4,10 +4,10 @@
 1x  ld      ld      ld      ld      ld      ld      ld      ld
 2x  bgt     st      st      st      ??      st      st      st
 3x  add     add     add     add     add     add     add     add
-4x
+4x  addc    addc    addc    addc    addc    addc    addc    addc
 5x  sub     sub     sub     sub     sub     sub     sub     sub
-6x
-7x
+6x  subc    subc    subc    subc    subc    subc    subc    subc
+7x  nadd    nadd    nadd    nadd    nadd    nadd    nadd    nadd
 8x  cmp     cmp     cmp     cmp     cmp     cmp     cmp     cmp
 9x  xmult   xmult   xmult   xmult   xdiv    xdiv    xdiv    xdiv       
 ax  asl;lsl asl;lsl asl;lsl asl;lsl lsr;asr lsr;asr lsr;asr lsr;asr
@@ -20,19 +20,19 @@ fx          bne     bne     bne             beq     beq     beq
 ##   x8     x9      xa      xb      xc      xd      xe      xf      
 0x          MDFY    st xh   enterl                  ld xh   leavel
 1x  ld      ld      ld      ld      ld      ld      ld      ld
-2x  ??      st      st      st      bcz     st      st      st
+2x  blt     st      st      st      bcz     st      st      st
 3x  add     add     add     add     add     add     add     add
-4x
+4x  addc    addc    addc    addc    addc    addc    addc    addc
 5x  sub     sub     sub     sub     sub     sub     sub     sub
-6x
-7x
+6x  subc    subc    subc    subc    subc    subc    subc    subc
+7x  nadd    nadd    nadd    nadd    nadd    nadd    nadd    nadd
 8x  cmp     cmp     cmp     cmp     cmp     cmp     cmp     cmp
 9x          tst     tst     tst             bsr     bsr     bsr
 ax
 bx  or      or      or      or      or      or      or      or
 cx  and     and     and     and     and     and     and     and  
 dx  xor     xor     xor     xor     xor     xor     xor     xor
-ex
+ex  bpl
 fx          bcc     bcc     bcc             bcs     bcs     bcs
 
 

SenaBitWiggler/src/main/java/de/nplusc/izc/senabitwiggler/EntryPoint.java

@@ -120,6 +120,9 @@ public class EntryPoint implements Runnable
             case ResignDFU:
                 Jailbreaker.resignDFU(input.getPath(),output);
                 break;
+            case FlashFS512x:
+                FlashFSUnWiggler.unpackFSQCC512x(input,output);
+                break;
         }
     }
 }
@@ -135,7 +138,8 @@ enum Modes
     ReassembleForPrompts,
     Jailbreak,
     DumpFlashes,
-    ResignDFU
+    ResignDFU,
+    FlashFS512x
 }
 
 // http://www.tinyosshop.com/download/ADK_CSR867x.WIN4.3.1.5.zip für die tools

SenaBitWiggler/src/main/java/de/nplusc/izc/senabitwiggler/FlashFSUnWiggler.java

@@ -0,0 +1,110 @@
+package de.nplusc.izc.senabitwiggler;
+
+import com.google.common.primitives.Ints;
+import com.google.common.primitives.Shorts;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+
+public class FlashFSUnWiggler {
+    private static class FileMetadata
+    {
+        private int offset;
+        private boolean is_dir;
+        private int length;
+        private int offset_fname;
+        private String filename;
+        private String parentpath;
+    }
+    public static void unpackFSQCC512x(File firmware, File outfolder)
+    {
+        try (RandomAccessFile f = new RandomAccessFile(firmware,"r")) {
+            byte[] javaisDipshit = new byte[4];
+            byte[] javaShorty = new byte[2];
+            int magic = f.readInt(); //ignored
+            f.read(javaisDipshit);
+            int sizeFile = Ints.fromBytes(javaisDipshit[3],javaisDipshit[2],javaisDipshit[1],javaisDipshit[0]);
+            if(sizeFile>f.length())
+            {
+
+                System.out.println(sizeFile);
+                System.err.println("ZOINKS!!!, mismatch");
+                return;
+            }
+            f.read(javaisDipshit);
+            int countFileRecords = Ints.fromBytes(javaisDipshit[3],javaisDipshit[2],javaisDipshit[1],javaisDipshit[0]);
+            FileMetadata[] files = new FileMetadata[countFileRecords];
+            for(int i=0;i<countFileRecords;i++)
+            {
+                FileMetadata fmd = new FileMetadata();
+                f.read(javaisDipshit);
+                int sizeAndFlags = Ints.fromBytes(javaisDipshit[3],javaisDipshit[2],javaisDipshit[1],javaisDipshit[0]);
+                int size = sizeAndFlags&0x00FFFFFF;
+                System.out.println(sizeAndFlags);
+                System.out.println(size);
+
+                fmd.offset_fname=size;
+                if((sizeAndFlags&0xFF000000)<0)
+                {
+                    System.out.println("dir");
+                    fmd.is_dir=true;
+                }
+                f.read(javaisDipshit);
+                fmd.offset=Ints.fromBytes(javaisDipshit[3],javaisDipshit[2],javaisDipshit[1],javaisDipshit[0]);
+                f.read(javaisDipshit);
+                fmd.length=Ints.fromBytes(javaisDipshit[3],javaisDipshit[2],javaisDipshit[1],javaisDipshit[0]);
+                files[i]=fmd;
+            }
+            for(int i=0;i<countFileRecords;i++)
+            {
+                FileMetadata fmd = files[i];
+                if(fmd.offset_fname==0)
+                {
+                    fmd.filename="";
+                    fmd.parentpath="";
+                }
+                else
+                {
+                    f.seek(fmd.offset_fname);
+                    f.read(javaShorty);
+                    short fnlength = Shorts.fromBytes(javaShorty[1],javaShorty[0]);
+                    byte[] fname = new byte[fnlength];
+                    f.read(fname);
+                    String s = File.separator+new String(fname);
+                    fmd.filename=s;
+                }
+                if(fmd.is_dir)
+                {
+                    new File(outfolder+fmd.parentpath+fmd.filename).mkdirs();
+
+                    for(int j= 0;j< fmd.length;j++)
+                    {
+                        int subfiles = fmd.offset+j-1;
+                        files[subfiles].parentpath=fmd.parentpath+fmd.filename;
+                    }
+                }
+                else
+                {
+
+                    System.out.println("Reading:"+fmd.parentpath+fmd.filename+"("+fmd.length+")@"+fmd.offset);
+                    byte[] filecontent = new byte[fmd.length];
+                    if(fmd.length>0)
+                    {
+                        f.seek(fmd.offset);
+                        f.read(filecontent);
+
+                        RandomAccessFile out = new RandomAccessFile(outfolder+fmd.parentpath+fmd.filename,"rw");
+                        out.write(filecontent);
+                    }
+                }
+            }
+        } catch (FileNotFoundException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+
+    }
+}

SenaBitWiggler/src/main/java/de/nplusc/izc/senabitwiggler/VmAppFIleExtraction.java

@@ -103,6 +103,106 @@ public class VmAppFIleExtraction {
             e.printStackTrace();
         }
     }
+/*
+    public static void importVmImage(File output, String inputfolder)
+    {
+        Yaml y = new Yaml();
+        byte filler = 0x00;
+        try (RandomAccessFile f = new RandomAccessFile(output,"rw")) {
+            RandomAccessFile code = new RandomAccessFile(inputfolder+File.separator+"code.bin","r");
+            RandomAccessFile data = new RandomAccessFile(inputfolder+File.separator+"data.bin","r");
+            VMImageHeader h = y.loadAs(new FileReader(new File(inputfolder+File.separator+"header.yml")),VMImageHeader.class);
+
+            long len = f.length()/2;
+            if(len>Integer.MAX_VALUE)
+            {
+                System.out.println("Ugggh, File too big");
+                return;
+            }
+
+            short[] checksumarray = new short[(int)len];
+
+            for(int i=0;i<len;i++)
+            {
+                checksumarray[i]=f.readShort();
+            }
+            if(Utils.xorsum(checksumarray)!=0)
+            {
+                System.err.println("Smells like Dead Beef, the data seems to be corrupt");
+                System.exit(1);
+            }
+            f.seek(0);
+
+
+
+            byte[] magic = new byte[8];
+            f.read(magic);
+
+            h.setHeader(magic);
+
+            byte[] shortPants = new byte[2];
+            byte[] integer = new byte[4];
+            f.read(shortPants);
+            h.setUnknownMagic(Ints.fromBytes(filler,filler,shortPants[0],shortPants[1]));
+
+            f.read(integer);
+            h.setSizeCodeInWords(Longs.fromBytes(filler,filler,filler,filler,integer[0],integer[1],integer[2],integer[3]));
+            f.read(shortPants);
+            h.setSzConstantsInWords(Ints.fromBytes(filler,filler,shortPants[0],shortPants[1]));
+            f.read(shortPants);
+            h.setSzGlobalsInWords(Ints.fromBytes(filler,filler,shortPants[0],shortPants[1]));
+            f.read(shortPants);
+            h.setSzStack(Ints.fromBytes(filler,filler,shortPants[0],shortPants[1]));
+            f.read(shortPants);
+            h.setAddressMain(Ints.fromBytes(filler,filler,shortPants[0],shortPants[1]));
+            f.read(shortPants);
+            h.setUnknownFlag(Shorts.fromBytes(shortPants[0],shortPants[1]));
+            f.read(shortPants);
+            h.setSyscallCompatId(Ints.fromBytes(filler,filler,shortPants[0],shortPants[1]));
+            byte[] trapsets = new byte[8];
+            f.read(trapsets);
+            h.setTrapSet(trapsets);
+            h.setTrapSetStringlied(Utils.bytesToHex(trapsets));
+            f.read(integer);
+            h.setSizeFileInWords(Longs.fromBytes(filler,filler,filler,filler,integer[0],integer[1],integer[2],integer[3]));
+            f.read(shortPants);
+            h.setChksum(Shorts.fromBytes(shortPants[0],shortPants[1]));
+            f.read(shortPants);
+            h.setUnknown_parameter_b(Shorts.fromBytes(shortPants[0],shortPants[1]));
+            f.read(integer);
+            h.setEtcetcaddress(Longs.fromBytes(filler,filler,filler,filler,integer[0],integer[1],integer[2],integer[3]));
+
+            f.read(shortPants);
+            h.setUnknown_twiddled_bits(Shorts.fromBytes(shortPants[0],shortPants[1]));
+
+            Yaml y = new Yaml();
+
+            y.dump(h, new FileWriter(new File(output+File.separator+"header.yml")));
+
+            f.seek(0);
+
+            RandomAccessFile hdrRaw = new RandomAccessFile(output+File.separator+"header.bin","rw");
+            byte[] header = new byte[0x30];
+            f.read(header);
+            hdrRaw.write(header);
+            byte[] code = new byte[(int)h.getSizeCodeInWords()*2];
+            f.read(code);
+            RandomAccessFile codeRaw = new RandomAccessFile(output+File.separator+"code.bin","rw");
+            codeRaw.write(code);
+
+            byte[] constants = new byte[h.getSzConstantsInWords()*2];
+            f.read(constants);
+            RandomAccessFile dataRaw = new RandomAccessFile(output+File.separator+"data.bin","rw");
+            dataRaw.write(constants);
+
+
+        } catch (FileNotFoundException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+*/
 
 
 }

SenaBitWiggler/src/main/java/de/nplusc/izc/senabitwiggler/XAPDisAsm.java

@@ -32,7 +32,9 @@ public class XAPDisAsm {
         {
             badOpCode += (Utils.bytesToHex(Shorts.toByteArray(opcode[i])));
         }
-        return OpcodeAddressRangeToString(address,opcode.length+(modified?1:0))+":Invalid OpCode: "+badOpCode;
+        String invalidCode = OpcodeAddressRangeToString(address,opcode.length+(modified?1:0))+":Invalid OpCode: "+badOpCode;
+        System.err.println(invalidCode);
+        return invalidCode;
     };
     public static OpCodeMangler[] manglers = new OpCodeMangler[256];
         static {
@@ -227,7 +229,10 @@ public class XAPDisAsm {
             };
 
             OpCodeMangler add = GetBasicMangler("add",(short)0x30);
+            OpCodeMangler nadd = GetBasicMangler("nadd",(short)0x70);
+            OpCodeMangler addc = GetBasicMangler("addc",(short)0x40);
             OpCodeMangler sub = GetBasicMangler("sub",(short)0x50);
+            OpCodeMangler subc = GetBasicMangler("sub",(short)0x60);
             OpCodeMangler or = GetBasicMangler("or",(short)0xb0);
             OpCodeMangler and = GetBasicMangler("and",(short)0xc0);
             OpCodeMangler xor = GetBasicMangler("xor",(short)0xd0);
@@ -304,10 +309,26 @@ public class XAPDisAsm {
                         label="bgt";
                         value = ParamManglerAddress(valueSigned);
                         break;
+                    case 0x24:
+                        label="bge";
+                        value = ParamManglerAddress(valueSigned);
+                        break;
+                    case 0x28:
+                        label="blt";
+                        value = ParamManglerAddress(valueSigned);
+                        break;
                     case 0x2c:
                         label="bcz";
                         value = ParamManglerAddress(valueSigned);
                         break;
+                    case 0xe8:
+                        label="bpl";
+                        value = ParamManglerAddress(valueSigned);
+                        break;
+                    case 0xec:
+                        label="bmi";
+                        value = ParamManglerAddress(valueSigned);
+                        break;
                 }
                 String potentialTargetAddress=addressToString(address+opcode.length-1+valueSigned);
                 return OpcodeAddressRangeToString(address,opcode.length)+":"+label+":"+value+"; Target="+potentialTargetAddress+" OR "+addressToString(valueUnsigned);
@@ -365,11 +386,11 @@ public class XAPDisAsm {
             manglers[0x21]=st;
             manglers[0x22]=st;
             manglers[0x23]=st;
-            manglers[0x24]=invalid;
+            manglers[0x24]=bxx;//bge
             manglers[0x25]=st;
             manglers[0x26]=st;
             manglers[0x27]=st;
-            manglers[0x28]=invalid;
+            manglers[0x28]=bxx; //ble
             manglers[0x29]=st;
             manglers[0x2a]=st;
             manglers[0x2b]=st;
@@ -396,22 +417,22 @@ public class XAPDisAsm {
             manglers[0x3e]=add;
             manglers[0x3f]=add;
 
-            manglers[0x40]=invalid;
-            manglers[0x41]=invalid;
-            manglers[0x42]=invalid;
-            manglers[0x43]=invalid;
-            manglers[0x44]=invalid;
-            manglers[0x45]=invalid;
-            manglers[0x46]=invalid;
-            manglers[0x47]=invalid;
-            manglers[0x48]=invalid;
-            manglers[0x49]=invalid;
-            manglers[0x4a]=invalid;
-            manglers[0x4b]=invalid;
-            manglers[0x4c]=invalid;
-            manglers[0x4d]=invalid;
-            manglers[0x4e]=invalid;
-            manglers[0x4f]=invalid;
+            manglers[0x40]=addc;
+            manglers[0x41]=addc;
+            manglers[0x42]=addc;
+            manglers[0x43]=addc;
+            manglers[0x44]=addc;
+            manglers[0x45]=addc;
+            manglers[0x46]=addc;
+            manglers[0x47]=addc;
+            manglers[0x48]=addc;
+            manglers[0x49]=addc;
+            manglers[0x4a]=addc;
+            manglers[0x4b]=addc;
+            manglers[0x4c]=addc;
+            manglers[0x4d]=addc;
+            manglers[0x4e]=addc;
+            manglers[0x4f]=addc;
 
 
 
@@ -432,39 +453,39 @@ public class XAPDisAsm {
             manglers[0x5e]=sub;
             manglers[0x5f]=sub;
 
-            manglers[0x60]=invalid;
-            manglers[0x61]=invalid;
-            manglers[0x62]=invalid;
-            manglers[0x63]=invalid;
-            manglers[0x64]=invalid;
-            manglers[0x65]=invalid;
-            manglers[0x66]=invalid;
-            manglers[0x67]=invalid;
-            manglers[0x68]=invalid;
-            manglers[0x69]=invalid;
-            manglers[0x6a]=invalid;
-            manglers[0x6b]=invalid;
-            manglers[0x6c]=invalid;
-            manglers[0x6d]=invalid;
-            manglers[0x6e]=invalid;
-            manglers[0x6f]=invalid;
-
-            manglers[0x70]=invalid;
-            manglers[0x71]=invalid;
-            manglers[0x72]=invalid;
-            manglers[0x73]=invalid;
-            manglers[0x74]=invalid;
-            manglers[0x75]=invalid;
-            manglers[0x76]=invalid;
-            manglers[0x77]=invalid;
-            manglers[0x78]=invalid;
-            manglers[0x79]=invalid;
-            manglers[0x7a]=invalid;
-            manglers[0x7b]=invalid;
-            manglers[0x7c]=invalid;
-            manglers[0x7d]=invalid;
-            manglers[0x7e]=invalid;
-            manglers[0x7f]=invalid;
+            manglers[0x60]=subc;
+            manglers[0x61]=subc;
+            manglers[0x62]=subc;
+            manglers[0x63]=subc;
+            manglers[0x64]=subc;
+            manglers[0x65]=subc;
+            manglers[0x66]=subc;
+            manglers[0x67]=subc;
+            manglers[0x68]=subc;
+            manglers[0x69]=subc;
+            manglers[0x6a]=subc;
+            manglers[0x6b]=subc;
+            manglers[0x6c]=subc;
+            manglers[0x6d]=subc;
+            manglers[0x6e]=subc;
+            manglers[0x6f]=subc;
+
+            manglers[0x70]=nadd;
+            manglers[0x71]=nadd;
+            manglers[0x72]=nadd;
+            manglers[0x73]=nadd;
+            manglers[0x74]=nadd;
+            manglers[0x75]=nadd;
+            manglers[0x76]=nadd;
+            manglers[0x77]=nadd;
+            manglers[0x78]=nadd;
+            manglers[0x79]=nadd;
+            manglers[0x7a]=nadd;
+            manglers[0x7b]=nadd;
+            manglers[0x7c]=nadd;
+            manglers[0x7d]=nadd;
+            manglers[0x7e]=nadd;
+            manglers[0x7f]=nadd;
 
             manglers[0x80]=cmp;
             manglers[0x81]=cmp;
@@ -491,7 +512,7 @@ public class XAPDisAsm {
             manglers[0x95]=xdiv;
             manglers[0x96]=xdiv;
             manglers[0x97]=xdiv;
-            manglers[0x98]=invalid;
+            manglers[0x98]=tst;
             manglers[0x99]=tst;
             manglers[0x9a]=tst;
             manglers[0x9b]=tst;
@@ -583,11 +604,11 @@ public class XAPDisAsm {
             manglers[0xe5]=blt;
             manglers[0xe6]=blt;
             manglers[0xe7]=blt;
-            manglers[0xe8]=invalid;
+            manglers[0xe8]=bxx; // bpl
             manglers[0xe9]=invalid;
             manglers[0xea]=invalid;
             manglers[0xeb]=invalid;
-            manglers[0xec]=invalid;
+            manglers[0xec]=bxx; //bmi
             manglers[0xed]=invalid;
             manglers[0xee]=invalid;
             manglers[0xef]=invalid;