mirror of
https://github.com/hamishcoleman/thinkpad-ec
synced 2024-11-18 03:25:33 +00:00
598 lines
14 KiB
Perl
Executable File
598 lines
14 KiB
Perl
Executable File
#!/usr/bin/env perl
|
|
use warnings;
|
|
use strict;
|
|
#
|
|
# Given an FL2 file from the Lenovo BIOS update, try to recognise which
|
|
# packing system was used and allow the EC firmware image inside it to
|
|
# be extracted or reinserted
|
|
#
|
|
# Note that this script is just intended to deal with the container and
|
|
# any actions needed to extract or insert into the container - It does
|
|
# not check any checksums within the IMG - that should be left to
|
|
# the img manipulating tools (like mec tools).
|
|
#
|
|
# This script now supports extracting a couple of FL1 files, so its name
|
|
# is starting to be wrong.
|
|
|
|
package FL2::base;
|
|
use warnings;
|
|
use strict;
|
|
#
|
|
# The base class for all the various types of FL2 encapsulation
|
|
#
|
|
|
|
use IO::File;
|
|
|
|
sub new {
|
|
my $class = shift;
|
|
my $fh = shift || return undef; # must have a file handle
|
|
my $self = {};
|
|
bless $self, $class;
|
|
$self->{fh} = $fh;
|
|
$self->{filesize} = (stat($self->{fh}))[7];
|
|
|
|
return $self->_check();
|
|
}
|
|
|
|
sub set_offset_size {
|
|
my $self = shift;
|
|
$self->{offset} = shift;
|
|
$self->{size} = shift;
|
|
return $self;
|
|
}
|
|
|
|
sub offset { return shift->{offset}; }
|
|
sub size { return shift->{size}; }
|
|
|
|
|
|
sub get_block {
|
|
my $self = shift;
|
|
my $offset = shift;
|
|
my $size = shift;
|
|
|
|
return undef if (!$self->{fh}->seek($offset, 0));
|
|
|
|
my $buf;
|
|
my $count = $self->{fh}->sysread($buf, $size);
|
|
|
|
return undef if ($count != $size);
|
|
|
|
return \$buf;
|
|
}
|
|
|
|
# The base class simply says "no" to any checks - override to use
|
|
sub _check {
|
|
return undef;
|
|
}
|
|
|
|
# Once a subclass has set the length and size, we can go and double check it
|
|
# has the expected copyright message
|
|
sub _check_copyright {
|
|
my $self = shift;
|
|
|
|
my $expect = "(C) Copyright IBM Corp. 2001, 2005 All Rights Reserved ";
|
|
my $check_size = length($expect);
|
|
my @offsets = (
|
|
0x268,
|
|
0x264,
|
|
);
|
|
|
|
while (@offsets) {
|
|
my $check_offset = shift @offsets;
|
|
|
|
my $buf = $self->get_block($self->offset()+$check_offset, $check_size);
|
|
|
|
return undef if (!defined($buf));
|
|
|
|
if ($$buf eq $expect) {
|
|
$self->{flag}{copyright}=$check_offset;
|
|
return $self;
|
|
}
|
|
}
|
|
|
|
return undef;
|
|
}
|
|
|
|
# Helper function, called by the real classes if they support extraction
|
|
sub _extract {
|
|
my $self = shift;
|
|
my $imgfile = shift;
|
|
|
|
my $buf = $self->get_block($self->offset(),$self->size());
|
|
die("bad read") if (!defined($buf));
|
|
|
|
my $fh = IO::File->new($imgfile, "w");
|
|
if (!defined($fh)) {
|
|
warn("Could not open $imgfile: $!");
|
|
return undef;
|
|
}
|
|
|
|
my $count = $fh->syswrite($$buf);
|
|
if ($count != $self->size()) {
|
|
unlink($imgfile);
|
|
die("bad write");
|
|
}
|
|
|
|
return $self;
|
|
}
|
|
|
|
# Helper function, called by the real classes if they support insertion
|
|
sub _insert {
|
|
my $self = shift;
|
|
my $imgfile = shift;
|
|
|
|
my $fh = IO::File->new($imgfile, "r");
|
|
if (!defined($fh)) {
|
|
warn("Could not open $imgfile: $!");
|
|
return undef;
|
|
}
|
|
|
|
my $buf;
|
|
my $count = $fh->sysread($buf, $self->size());
|
|
if ($count != $self->size()) {
|
|
unlink($imgfile);
|
|
die("bad read");
|
|
}
|
|
|
|
if (!$self->{fh}->seek($self->offset(), 0)) {
|
|
unlink($imgfile);
|
|
die("bad seek");
|
|
}
|
|
|
|
$count = $self->{fh}->syswrite($buf);
|
|
if ($count != $self->size()) {
|
|
unlink($imgfile);
|
|
die("bad write");
|
|
}
|
|
|
|
return $self;
|
|
}
|
|
|
|
1;
|
|
|
|
package FL2::prefix_ff;
|
|
use warnings;
|
|
use strict;
|
|
#
|
|
# Look for FL2 files that consist entirely of 0xff up until the IMG
|
|
#
|
|
|
|
use base qw(FL2::base);
|
|
|
|
sub _check {
|
|
my $self = shift;
|
|
|
|
# List of known file sizes (basically a doublecheck on the signature)
|
|
my $known = {
|
|
8523776 => [0x500000, 0x20000],
|
|
12718080 => [0x500000, 0x30000],
|
|
16912384 => [0x500000, 0x30000],
|
|
};
|
|
|
|
my $check_offset = 0;
|
|
my $check_size = 0x1000;
|
|
my $buf = $self->get_block($check_offset, $check_size);
|
|
|
|
return undef if (!defined($buf));
|
|
return undef if (!defined($known->{$self->{filesize}}));
|
|
|
|
return undef if ($$buf ne "\xff"x$check_size);
|
|
|
|
$self->{flag}{encrypted}="yes";
|
|
# All current examples of this format were encrypted
|
|
|
|
$self->set_offset_size(@{$known->{$self->{filesize}}});
|
|
return $self->_check_copyright();
|
|
}
|
|
|
|
sub extract {
|
|
return shift->_extract(shift);
|
|
}
|
|
|
|
sub insert {
|
|
return shift->_insert(shift);
|
|
}
|
|
|
|
1;
|
|
|
|
package FL2::prefix_garbage;
|
|
use warnings;
|
|
use strict;
|
|
#
|
|
# Look for FL2 files that have garbage at the beginning and large areas of
|
|
# 0xff before the IMG
|
|
#
|
|
|
|
use base qw(FL2::base);
|
|
|
|
sub _check {
|
|
my $self = shift;
|
|
|
|
# List of known file sizes (basically a doublecheck on the signature)
|
|
my $known = {
|
|
4240490 => [0x290000, 0x20000],
|
|
};
|
|
|
|
my $check_offset = 0x21000;
|
|
my $check_size = 0x1000;
|
|
my $buf = $self->get_block($check_offset, $check_size);
|
|
|
|
return undef if (!defined($buf));
|
|
return undef if (!defined($known->{$self->{filesize}}));
|
|
|
|
return undef if ($$buf ne "\xff"x$check_size);
|
|
|
|
$self->{flag}{encrypted}="no";
|
|
# All current examples of this format were not encrypted
|
|
|
|
$self->set_offset_size(@{$known->{$self->{filesize}}});
|
|
return $self->_check_copyright();
|
|
}
|
|
|
|
sub extract {
|
|
return shift->_extract(shift);
|
|
}
|
|
|
|
sub insert {
|
|
return shift->_insert(shift);
|
|
}
|
|
|
|
1;
|
|
|
|
package FL2::prefix_nothing;
|
|
use warnings;
|
|
use strict;
|
|
#
|
|
# Some FL2 files are simply the IMG data, with no header or container.
|
|
# For these, we can check the copyright string from inside the IMG
|
|
#
|
|
|
|
use base qw(FL2::base);
|
|
|
|
sub _check {
|
|
my $self = shift;
|
|
|
|
# List of known file sizes (basically a doublecheck on the signature)
|
|
my $known = {
|
|
196608 => [0, 0x30000],
|
|
};
|
|
|
|
return undef if (!defined($known->{$self->{filesize}}));
|
|
|
|
$self->{flag}{encrypted}="yes";
|
|
# All current examples of this format were encrypted
|
|
|
|
$self->set_offset_size(@{$known->{$self->{filesize}}});
|
|
return $self->_check_copyright();
|
|
}
|
|
|
|
sub extract {
|
|
return shift->_extract(shift);
|
|
}
|
|
|
|
sub insert {
|
|
return shift->_insert(shift);
|
|
}
|
|
|
|
1;
|
|
|
|
package FL2::prefix_head;
|
|
use warnings;
|
|
use strict;
|
|
#
|
|
# Look for FL2 files that have a "_EC" prefix header at their start
|
|
#
|
|
|
|
use base qw(FL2::base);
|
|
|
|
sub _check {
|
|
my $self = shift;
|
|
|
|
# List of known file sizes (basically a doublecheck on the signature)
|
|
# We also store the encryption flag in here
|
|
my $known = {
|
|
196896 => 'yes',
|
|
262176 => 'no',
|
|
286752 => 'no',
|
|
};
|
|
|
|
my $header_offset = 0;
|
|
my $header_size = 0x20;
|
|
my $trailer_size = 0x100;
|
|
|
|
my $buf = $self->get_block($header_offset, $header_size);
|
|
|
|
if (!defined($buf)) {
|
|
warn("Bad Read");
|
|
return undef;
|
|
}
|
|
|
|
my @fields = qw(
|
|
signature filesize imgsize unk1
|
|
unk2 maybe_csum all_00_1 all_00_2
|
|
);
|
|
my @values = unpack("a4VVVVVVV",$$buf);
|
|
map { $self->{header}{$fields[$_]} = $values[$_] } (0..scalar(@fields)-1);
|
|
|
|
return undef if ($self->{header}{signature} ne "_EC\x01");
|
|
return undef if ($self->{header}{filesize} != $self->{filesize});
|
|
|
|
if (!defined($known->{$self->{filesize}})) {
|
|
warn("filesize not in whitelist");
|
|
return undef;
|
|
}
|
|
|
|
if ($self->{header}{imgsize}+$header_size+$trailer_size == $self->{filesize}) {
|
|
# there is an additional block of 0x100 appended to the FL2, outside
|
|
# of the header defined IMG file
|
|
# - I expect this is the digital signature
|
|
$self->{flag}{trailer}="external";
|
|
} elsif ($self->{header}{imgsize}+$header_size == $self->{filesize}) {
|
|
# the additional block still looks like it is there, but they have
|
|
# changed the accounting to count it in the IMG - these files are also
|
|
# significantly larger in size
|
|
$self->{flag}{trailer}="internal";
|
|
} else {
|
|
return undef;
|
|
}
|
|
|
|
# FIXME
|
|
# - is that a csum? how to generate it and check it?
|
|
|
|
$self->{flag}{encrypted} = $known->{$self->{filesize}};
|
|
|
|
$self->set_offset_size($header_size, $self->{header}{imgsize});
|
|
return $self->_check_copyright();
|
|
}
|
|
|
|
sub extract {
|
|
return shift->_extract(shift);
|
|
}
|
|
|
|
# Note, no insert() will work until we know how to generate the checksum
|
|
#sub insert {
|
|
# my $self = shift;
|
|
# my $imgfile = shift;
|
|
#
|
|
# my $write = $self->_insert($imgfile);
|
|
#
|
|
# Calculate checksum
|
|
# write checksum to header
|
|
#}
|
|
|
|
|
|
1;
|
|
|
|
package FL1::PFH_header;
|
|
use warnings;
|
|
use strict;
|
|
#
|
|
# Look for FL1 files that have a "$PFH" prefix header near their end
|
|
#
|
|
# Seen in at least the l530 firmware updates
|
|
#
|
|
# Thanks for skochinsky for the details:
|
|
# https://github.com/hamishcoleman/thinkpad-ec/issues/46
|
|
#
|
|
|
|
use base qw(FL2::base);
|
|
|
|
sub _find_capsule_header {
|
|
my $self = shift;
|
|
my $buf = $self->get_block(0,16);
|
|
return undef if (!defined($buf));
|
|
$buf = $$buf;
|
|
|
|
my $capsule_uuid = "\xbd\x86\x66\x3b\x76\x0d\x30\x40\xb7\x0e\xb5\x51\x9e\x2f\xc5\xa0";
|
|
|
|
if ($buf eq $capsule_uuid) {
|
|
# TODO
|
|
# - while I am reading the capsule signature, I dont understand
|
|
# why the magic offset doesnt match anything in the capsule header
|
|
return 0x1d0;
|
|
}
|
|
return undef;
|
|
}
|
|
|
|
sub _find_pfh {
|
|
my $self = shift;
|
|
my $offset = 0;
|
|
|
|
while ($offset < $self->{filesize}) {
|
|
my $buf = $self->get_block($offset, 4);
|
|
return undef if (!defined($buf));
|
|
$buf = $$buf;
|
|
|
|
if ($buf eq '$PFH') {
|
|
return $offset;
|
|
}
|
|
|
|
$offset+=0x10;
|
|
}
|
|
|
|
return undef; # not found
|
|
}
|
|
|
|
sub _check {
|
|
my $self = shift;
|
|
|
|
# List of known file sizes (basically a doublecheck on the signature)
|
|
my $known = {
|
|
9437264 => 1,
|
|
12587008 => 1,
|
|
};
|
|
|
|
my $capsule_offset_hack = $self->_find_capsule_header() ||0;
|
|
|
|
my $header_offset = $self->_find_pfh();
|
|
return undef if (!defined($header_offset));
|
|
|
|
my $header_size = 4+4+4+2+4+2+4+4;
|
|
|
|
my $buf = $self->get_block($header_offset, $header_size);
|
|
|
|
return undef if (!defined($buf));
|
|
return undef if (!defined($known->{$self->{filesize}}));
|
|
|
|
my @fields = qw(
|
|
signature version headersize headerchecksum
|
|
totalimagesize totalimagechecksum
|
|
numberofimages imagetableoffset
|
|
);
|
|
my @values = unpack("a4VVvVvVV",$$buf);
|
|
map { $self->{header}{$fields[$_]} = $values[$_] } (0..scalar(@fields)-1);
|
|
|
|
return undef if ($self->{header}{signature} ne '$PFH');
|
|
|
|
# now load the partition table
|
|
$buf = $self->get_block(
|
|
$self->{header}{imagetableoffset}+$capsule_offset_hack,
|
|
(4+4+8+4)*$self->{header}{numberofimages}
|
|
);
|
|
return undef if (!defined($buf));
|
|
|
|
$buf = $$buf;
|
|
|
|
while ($buf) {
|
|
my ($FileOffset, $Size, $FlashAddress, $NameOffset, $rest) =
|
|
unpack("VVQVa*",$buf);
|
|
$buf = $rest;
|
|
|
|
my $buf2 = $self->get_block(
|
|
$NameOffset+$capsule_offset_hack,
|
|
32 # TODO - just a guess at the max name size
|
|
);
|
|
return undef if (!defined($buf2));
|
|
|
|
my $name = unpack("Z*",$$buf2);
|
|
|
|
if ($name eq 'Ec') {
|
|
$self->set_offset_size(
|
|
$FileOffset+$capsule_offset_hack,
|
|
$Size,
|
|
);
|
|
return $self;
|
|
}
|
|
}
|
|
|
|
return undef;
|
|
}
|
|
|
|
sub extract {
|
|
return shift->_extract(shift);
|
|
}
|
|
|
|
# no insert() will work until we know how to generate the checksums
|
|
|
|
|
|
1;
|
|
|
|
# TODO
|
|
# - 8muj19us.iso has yet another format:
|
|
# It is all 0xff until 0x500000, however it then looks like it has a header.
|
|
# There is certainly not the normal copyright string, and the EC version
|
|
# string is in entirely the wrong place
|
|
# 00500000 45 43 20 49 4d 41 47 45 30 00 00 00 00 00 00 00 |EC IMAGE0.......|
|
|
# 00500010 d0 08 38 4d 48 54 37 39 57 57 00 00 00 20 02 00 |..8MHT79WW... ..|
|
|
# 00500020 00 00 00 00 31 36 01 00 00 00 00 00 0d b3 9e 00 |....16..........|
|
|
|
|
package main;
|
|
use warnings;
|
|
use strict;
|
|
|
|
use Data::Dumper;
|
|
$Data::Dumper::Indent = 1;
|
|
$Data::Dumper::Sortkeys = 1;
|
|
$Data::Dumper::Quotekeys = 0;
|
|
|
|
use IO::File;
|
|
|
|
# Call each of the detectors in turn to try to find the location of the IMG
|
|
sub detect_img {
|
|
my $fl2name = shift;
|
|
|
|
my $fh = IO::File->new($fl2name, "r+");
|
|
if (!defined($fh)) {
|
|
warn("Could not open $fl2name: $!");
|
|
return undef;
|
|
}
|
|
|
|
my $object;
|
|
if (!defined($object)) {
|
|
$object = FL2::prefix_ff->new($fh);
|
|
}
|
|
if (!defined($object)) {
|
|
$object = FL2::prefix_garbage->new($fh);
|
|
}
|
|
if (!defined($object)) {
|
|
$object = FL2::prefix_nothing->new($fh);
|
|
}
|
|
if (!defined($object)) {
|
|
$object = FL2::prefix_head->new($fh);
|
|
}
|
|
if (!defined($object)) {
|
|
$object = FL1::PFH_header->new($fh);
|
|
}
|
|
|
|
return $object;
|
|
}
|
|
|
|
sub main() {
|
|
# get args
|
|
my $cmd = shift @ARGV;
|
|
if (!defined($cmd)) {
|
|
die("Need command");
|
|
}
|
|
|
|
my $fl2file = shift @ARGV;
|
|
if (!defined($fl2file)) {
|
|
die("Need FL2 filename");
|
|
}
|
|
|
|
my $imgfile = shift @ARGV;
|
|
if ($cmd ne 'check' && !defined($imgfile)) {
|
|
die("Need IMG filename");
|
|
}
|
|
|
|
# validity check args
|
|
if ($cmd ne "from_fl2" && $cmd ne "to_fl2" && $cmd ne "check") {
|
|
die("direction must be one of 'from_fl2' or 'to_fl2'");
|
|
}
|
|
|
|
if ( ! -e $fl2file ) {
|
|
die("FL2 file $fl2file must exist");
|
|
}
|
|
|
|
my $object = detect_img($fl2file);
|
|
if (!defined($object)) {
|
|
printf("Could not determine IMG details for %s\n", $fl2file);
|
|
exit(1);
|
|
}
|
|
printf("IMG at offset 0x%x size 0x%x (%s %s)\n",
|
|
$object->offset(),
|
|
$object->size(),
|
|
ref($object),
|
|
$fl2file,
|
|
);
|
|
|
|
#if verbose
|
|
# print(Dumper($object));
|
|
|
|
if ($cmd eq 'from_fl2') {
|
|
if (!$object->can('extract')) {
|
|
die("FL2 container type cannot extract");
|
|
}
|
|
return $object->extract($imgfile);
|
|
}
|
|
|
|
if ($cmd eq 'to_fl2') {
|
|
if (!$object->can('insert')) {
|
|
die("FL2 container type cannot insert");
|
|
}
|
|
return $object->insert($imgfile);
|
|
}
|
|
}
|
|
unless(caller) {
|
|
main();
|
|
}
|