API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 12th, 2011
239
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.88 KB | None | 0 0
raw download clone embed print report
  1. # modified by stoker25 for the reset glitch loader
  2. # modified by GliGli and Tiros for the reset glitch hack
  3.  
  4. # you might need to fill in this
  5. secret_1BL = "\xDD\x88\xAD\x0C\x9E\xD6\x69\xE7\xB5\x67\x94\xFB\x68\x56\x3E\xFA"
  6.  
  7. # >>>VERY<<< important, FILL THIS IN! \x before each 2 bytes
  8. cpukey = "\x5A\xB7\xC0\xBB\x13\x42\xEE\x98\xA8\x31\x93\x9F\x9B\xDC\x2A\x83"
  9.  
  10. # modified by stoker25 for the reset glitch loader
  11. # modified by GliGli and Tiros for the reset glitch hack
  12.  
  13. # so we can do updates properly
  14. SCRIPT_VERSION = 0x03
  15. RGL_BUILD = 0x05
  16.  
  17. OrigHeader = None
  18. Keyvault = None
  19. SMC = None
  20. CB_A = None
  21. CB_A_crypted = None
  22. CB_B = None
  23. CB_B_crypted = None
  24. CD = None
  25. CD_plain = None
  26. CE = None
  27. CE_plain = None
  28. CF = None
  29. CF1 = None
  30. CG = None
  31. CG1 = None
  32. RGLP = None
  33.  
  34. # Import Psyco if available
  35. try:
  36. import psyco
  37. psyco.full()
  38. except ImportError:
  39. pass
  40.  
  41. # first, unpack base input image. We are ignoring any updates here
  42. import hmac, sha, struct, sys, binascii
  43. try:
  44. import Crypto.Cipher.ARC4 as RC4
  45. except ImportError:
  46. print "Error importing Crypto.Cipher.ARC4 - please install python-crypto!"
  47. print "You can get it from http://www.dlitz.net/software/pycrypto/"
  48. sys.exit(-1)
  49.  
  50. def unpack_base_image(image):
  51. global OrigHeader, SMC, CB_A, CB_B, CD, CE, CF, CF1, CG, CG1, Keyvault
  52. OrigHeader = image[:0x200]
  53. if image[0x205] == "\xFF" or image[0x415] == "\xFF" or image[0x200] == "\xFF":
  54. print "EDC'ed - will unedc."
  55. res = ""
  56. for s in range(0, len(image), 528):
  57. res += image[s:s+512]
  58. image = res
  59.  
  60. unpackstring = "!HHLLL64s5LLLLLLLL"
  61. (id1, build, flags, bloffset, size0, copyright, z0, z1, z2, z3, r7, size1, r3, r4, z5, z6, smc_len, smc_start) = struct.unpack(unpackstring, image[:struct.calcsize(unpackstring)])
  62. #assert not (z0 or z1 or z2 or z3 or z5 or z6), "zeros are not zero."
  63.  
  64. block_offset = bloffset
  65.  
  66. SMC = image[smc_start:smc_start+smc_len]
  67. Keyvault = image[0x4000:0x8000]
  68.  
  69.  
  70.  
  71. assert smc_len == 0x3000, "never saw an SMC != 0x3000 bytes"
  72. semi = 0
  73. for block in range(30):
  74. (block_id, block_build, block_flags, block_entry_point, block_size) = struct.unpack("!2sHLLL", image[block_offset:block_offset+16])
  75. block_size += 0xF
  76. block_size &= ~0xF
  77. id = ord(block_id[1]) & 0xF
  78.  
  79. print "Found %dBL (build %d) at %08x" % (id, block_build, block_offset)
  80. data = image[block_offset:block_offset+block_size]
  81.  
  82. if id == 2:
  83. if semi == 0:
  84. CB_A = data
  85. semi = 1
  86. elif semi ==1:
  87. CB_B = data
  88. semi = 0
  89.  
  90. elif id == 4:
  91. CD = data
  92. elif id == 5:
  93. CE = data
  94.  
  95. block_offset += block_size
  96.  
  97. if id == 5:
  98. break
  99.  
  100. assert CB_A and CD and CE
  101. base_size = 0x8000 + len(CB_A) + len(CD) + len(CE)
  102. if CB_B:
  103. base_size += len(CB_B)
  104.  
  105. base_size += 16383
  106. base_size &=~ 16383
  107. patch_size = 0x10000
  108.  
  109. if image[0x71] == "\x02":
  110. patch_size = 0x20000
  111. base_size += 0x10000
  112.  
  113. patch_offset = base_size
  114.  
  115. CF = image[patch_offset:patch_offset + 0x4450]
  116. CF1 = image[patch_offset + patch_size:patch_offset + 0x4450 + patch_size]
  117. CG = image[patch_offset + 0x4450:patch_offset + patch_size]
  118. CG1 = image[patch_offset + 0x4450 + patch_size:patch_offset + (patch_size * 2)]
  119. #build = 0
  120. #if not CF[:2] == "\x43\x46" or not CG[:2] == "\x43\x47":
  121. # CF = None
  122. # CG = None
  123. #else:
  124. # build = build(CF)
  125. # print "Found 5BL-0 (build %d) at %08x" % (build, patch_offset)
  126.  
  127. #if not CF1[:2] == "\x43\x46" or not CG1[:2] == "\x43\x47":
  128. # CF1 = None
  129. # CG1 = None
  130. #else:
  131. # build = build(CF1)
  132. # print "Found 5BL-1 (build %d) at %08x" % (build, patch_offset + patch_size)
  133.  
  134.  
  135. def unpack_update(image):
  136. global CF, CG
  137.  
  138. block_offset = 0
  139. for block in range(30):
  140. (block_id, block_build, block_flags, block_entry_point, block_size) = struct.unpack("!2sHLLL", image[block_offset:block_offset+16])
  141. block_size += 0xF
  142. block_size &= ~0xF
  143. id = ord(block_id[1]) & 0xF
  144.  
  145. print "Found %dBL (build %d) at %08x" % (id, block_build, block_offset)
  146. data = image[block_offset:block_offset+block_size]
  147.  
  148. if id == 6:
  149. CF = data
  150. elif id == 7:
  151. CG = data
  152.  
  153. block_offset += block_size
  154.  
  155. if id == 7:
  156. break
  157.  
  158. def build(data):
  159. return struct.unpack(">H", data[2:4])[0]
  160.  
  161.  
  162. def decrypt_CB(CB):
  163. secret = secret_1BL
  164. key = hmac.new(secret, CB[0x10:0x20], sha).digest()[0:0x10]
  165. CB = CB[0:0x10] + key + RC4.new(key).decrypt(CB[0x20:])
  166. open("output/Cb_dec_key.bin", "wb").write(key)
  167.  
  168. return CB
  169.  
  170. def decrypt_CB_Cpu(CB):
  171. assert cpukey
  172. secret = secret_1BL
  173. h = hmac.new(secret,None, sha);
  174. h.update(CB[0x10:0x20]);
  175. h.update(cpukey);
  176. key = h.digest()[0:0x10]
  177. CB = CB[0:0x10] +key+ RC4.new(key).decrypt(CB[0x20:])
  178. return CB
  179.  
  180. def decrypt_CB_B(CB_B, CB_A):
  181. assert cpukey or build(CB_B) < 1920
  182. secret = CB_A[0x10:0x20]
  183.  
  184. if build(CB_B) >= 1920:
  185. key = hmac.new(secret, CB_B[0x10:0x20] + cpukey, sha).digest()[0:0x10]
  186. CB_B = CB_B[0:0x10] + key + RC4.new(key).decrypt(CB_B[0x20:])
  187. return CB_B
  188.  
  189. def decrypt_CD(CD, CB):
  190. # enable this code if you want to extract CD from a flash image and you know the cup key.
  191. # disable this when this is a zero-paired image.
  192. assert cpukey or build(CD) < 1920 or build(CD) >= 9450
  193. secret = CB[0x10:0x20]
  194. key = hmac.new(secret, CD[0x10:0x20], sha).digest()[0:0x10]
  195. if build(CD) >= 1920:
  196. if build(CD) < 9450:
  197. key = hmac.new(cpukey, key, sha).digest()[0:0x10]
  198.  
  199. CD = CD[0:0x10] + key + RC4.new(key).decrypt(CD[0x20:])
  200. return CD
  201.  
  202. def decrypt_CE(CE, CD):
  203. secret = CD[0x10:0x20]
  204. key = hmac.new(secret, CE[0x10:0x20], sha).digest()[0:0x10]
  205. CE = CE[0:0x20] + RC4.new(key).decrypt(CE[0x20:])
  206. return CE
  207.  
  208. def decrypt_CF(CF):
  209. secret = secret_1BL
  210. key = hmac.new(secret, CF[0x20:0x30], sha).digest()[0:0x10]
  211. CF = CF[0:0x20] + key + RC4.new(key).decrypt(CF[0x30:])
  212. return CF
  213.  
  214. def decrypt_CG(CG, CF):
  215. secret = CF[0x330:0x330+0x10]
  216. key = hmac.new(secret, CG[0x10:0x20], sha).digest()[0:0x10]
  217. CG = CG[:0x10] + key + RC4.new(key).decrypt(CG[0x20:])
  218. return CG
  219.  
  220. def decrypt_SMC(SMC):
  221. key = [0x42, 0x75, 0x4e, 0x79]
  222. res = ""
  223. for i in range(len(SMC)):
  224. j = ord(SMC[i])
  225. mod = j * 0xFB
  226. res += chr(j ^ (key[i&3] & 0xFF))
  227. key[(i+1)&3] += mod
  228. key[(i+2)&3] += mod >> 8
  229. return res
  230.  
  231. def decrypt_CB(CB):
  232. secret = secret_1BL
  233. key = hmac.new(secret, CB[0x10:0x20], sha).digest()[0:0x10]
  234. CB = CB[0:0x10] + key + RC4.new(key).decrypt(CB[0x20:])
  235. open("output/Cb_dec_key.bin", "wb").write(key)
  236.  
  237. return CB
  238.  
  239. def encrypt_CB(CB):
  240. secret = secret_1BL
  241. key = hmac.new(secret, CB[0x10:0x20], sha).digest()[0:0x10]
  242. CB = CB[0:0x20] + RC4.new(key).encrypt(CB[0x20:])
  243.  
  244. return CB, CB[0x10:0x20], key
  245.  
  246. def decrypt_CB_B(CB_B, CB_A):
  247. assert cpukey or build(CB_B) < 1920
  248. secret = CB_A[0x10:0x20]
  249. key = hmac.new(secret, CB_B[0x10:0x20] + cpukey, sha).digest()[0:0x10]
  250. CB_B = CB_B[0:0x10] + key + RC4.new(key).decrypt(CB_B[0x20:])
  251. return CB_B
  252.  
  253. def encrypt_CB_Cpu(CB_B, CB_A_key):
  254. assert cpukey
  255. secret = CB_A_key
  256. open("output/Cb_enc_secret.bin", "wb").write(secret)
  257. h = hmac.new(secret,None, sha);
  258. h.update(CB_B[0x10:0x20]);
  259. h.update(cpukey);
  260. key = h.digest()[0:0x10]
  261. CB_B = CB_B[0:0x20] + RC4.new(key).encrypt(CB_B[0x20:])
  262. return CB_B, key
  263.  
  264. def encrypt_CB_B(CB_B, CB_A_key):
  265. secret = CB_A_key
  266. open("output/Cb_enc_secret.bin", "wb").write(secret)
  267. key = hmac.new(secret, CB_B[0x10:0x20] + cpukey, sha).digest()[0:0x10]
  268. CB_B = CB_B[0:0x20] + RC4.new(key).encrypt(CB_B[0x20:])
  269. return CB_B, key
  270.  
  271. def encrypt_CD(CD, CB_key):
  272. secret = CB_key
  273. key = hmac.new(secret, CD[0x10:0x20], sha).digest()[0:0x10]
  274. CD = CD[0:0x20] + RC4.new(key).encrypt(CD[0x20:])
  275. return CD, key
  276.  
  277. def encrypt_CE(CE, CD_key):
  278. secret = CD_key
  279. key = hmac.new(secret, CE[0x10:0x20], sha).digest()[0:0x10]
  280. CE = CE[0:0x20] + RC4.new(key).encrypt(CE[0x20:])
  281. return CE
  282.  
  283. def encrypt_CF(CF):
  284. secret = secret_1BL
  285. key = hmac.new(secret, CF[0x20:0x30], sha).digest()[0:0x10]
  286. CF_key = CF[0x330:0x330+0x10]
  287. CF = CF[0:0x30] + RC4.new(key).encrypt(CF[0x30:])
  288. return CF, CF_key
  289.  
  290. def encrypt_CG(CG, CF_key):
  291. secret = CF_key
  292. key = hmac.new(secret, CG[0x10:0x20], sha).digest()[0:0x10]
  293. CG = CG[0:0x20]+ RC4.new(key).encrypt(CG[0x20:])
  294. return CG
  295.  
  296. def encrypt_SMC(SMC):
  297. key = [0x42, 0x75, 0x4e, 0x79]
  298. res = ""
  299. for i in range(len(SMC)):
  300. j = ord(SMC[i]) ^ (key[i&3] & 0xFF)
  301. mod = j * 0xFB
  302. res += chr(j)
  303. key[(i+1)&3] += mod
  304. key[(i+2)&3] += mod >> 8
  305. return res
  306.  
  307. # CB_patches is an array of patchsets, a patchset is a version number followed by an array of patches, a patch is 3 ints: [offset,plaintext,patch]
  308.  
  309. CB_patches = [[9188,[[0x5678,0x60,0x00,0x00,0x00]]]]
  310.  
  311. def int_to_str(i):
  312. return [chr((i>>24) & 0xff),chr((i>>16) & 0xff),chr((i>>8) & 0xff),chr(i & 0xff)]
  313.  
  314. def patch_CB_old(CB):
  315. found = False
  316.  
  317. for versions in CB_patches:
  318. if build(CB) == versions[0]:
  319. print "patchset for %d found, %d patch(es)" % (versions[0],len(versions[1]))
  320. found = True
  321. for patches in versions[1]:
  322. plain = int_to_str(patches[1])
  323. patch = int_to_str(patches[2])
  324.  
  325. patched = ""
  326.  
  327. for i in range(4):
  328. CB = CB[:patches[0]+i] + chr(patches[i+1]) + CB[patches[0]+i+1:]
  329. #patched = patched + chr(ord(patch[i]))
  330. #keystream = ord(plain[i]) ^ ord(CB[i+patches[0]])
  331. #patched = patched + patch[i] #chr(keystream ^ ord(patch[i]))
  332.  
  333. #CB = CB[:patches[0]] + patched + CB[patches[0]+4:]
  334.  
  335. assert found,"can't patch that CB"
  336.  
  337. return CB
  338.  
  339. def patch_CB_B(CB):
  340. found = False
  341.  
  342. for versions in CB_patches:
  343. if build(CB) == versions[0]:
  344. print "patchset for %d found, %d patch(es)" % (versions[0],len(versions[1]))
  345. found = True
  346. for patches in versions[1]:
  347. for i in range(len(patches)-1):
  348. CB = CB[:patches[0]+i] + chr(patches[i+1]) + CB[patches[0]+i+1:]
  349.  
  350. if not found:
  351. print" ! Warning: can't patch that CB, here are the current supported versions:"
  352. for versions in CB_patches:
  353. print " - %s" % versions[0]
  354.  
  355. return CB
  356.  
  357.  
  358. # SMC_patches is an array of patchsets, a patchset is a crc32 of the image minus first 4 bytes, human readable version info and an array of patches, a patch is: [offset,byte0,byte1,...]
  359.  
  360. SMC_patches = [[0xf9c96639,"Trinity, version 3.1",[[0x13b3,0x00,0x00]]],
  361. [0x5b3aed00,"Jasper, version 2.3",[[0x12ba,0x00,0x00]]],
  362. [0x9ad5b7ee,"Zephyr, version 1.10",[[0x1257,0x00,0x00]]],
  363. [0x7e5bc217,"Zephyr, version 1.13",[[0x12a3,0x00,0x00]]],
  364. [0x1d0c613e,"Falcon, version 1.6",[[0x12a3,0x00,0x00]]]]
  365.  
  366. def patch_SMC(SMC):
  367. found = False
  368.  
  369. smc_crc = binascii.crc32(SMC[4:]) & 0xffffffff
  370.  
  371. print "CRC32: %x" % (smc_crc)
  372.  
  373. for versions in SMC_patches:
  374. if smc_crc == versions[0]:
  375. print "patchset \"%s\" matches, %d patch(es)" % (versions[1],len(versions[2]))
  376. found = True
  377. for patches in versions[2]:
  378. for i in range(len(patches)-1):
  379. SMC = SMC[:patches[0]+i] + chr(patches[i+1]) + SMC[patches[0]+i+1:]
  380.  
  381. if not found:
  382. print" ! Warning: can't patch that SMC, here are the current supported versions:"
  383. for versions in SMC_patches:
  384. print " - %s" % versions[1]
  385.  
  386. return SMC
  387.  
  388.  
  389. def allzero(string):
  390. for x in string:
  391. if ord(x):
  392. return False
  393. return True
  394.  
  395. def allFF(string):
  396. for x in string:
  397. if ord(x) != 0xFF:
  398. return False
  399. return True
  400.  
  401. def calcedc(data):
  402. assert len(data) == 0x210
  403. val = 0
  404. for i in range(0x1066):
  405. if not i & 31:
  406. v = ~struct.unpack("<L", data[i/8:i/8+4])[0]
  407. val ^= v & 1
  408. v >>= 1
  409. if val & 1:
  410. val ^= 0x6954559
  411. val >>= 1
  412.  
  413. val = ~val
  414. return data[:-4] + struct.pack("<L", (val << 6) & 0xFFFFFFFF)
  415.  
  416. def addedc(data, block = 0, off_8 = "\x00" * 4):
  417. res = ""
  418. while len(data):
  419. d = (data[:0x200] + "\x00" * 0x200)[:0x200]
  420. data = data[0x200:]
  421.  
  422. d += struct.pack("<L4B4s4s", block / 32, 0, 0xFF, 0, 0, off_8, "\0\0\0\0")
  423. d = calcedc(d)
  424. block += 1
  425. res += d
  426. return res
  427.  
  428. import sys
  429.  
  430. for i in sys.argv[1:]:
  431. image = open(i, "rb").read()[:1*1024*1024]
  432. if image[:2] == "\xFF\x4F":
  433. print " * found flash image, unpacking..."
  434. unpack_base_image(image)
  435. CB_A_crypted = CB_A
  436. CB_B_crypted = CB_B
  437. SMC = decrypt_SMC(SMC)
  438. elif image[:2] == "CB":
  439. print " * found (hopefully) decrypted CB"
  440. CB_A_crypted = None
  441. CB_A = image
  442. elif image[:4] == "RGLP" or image[:4] == "RLPF":
  443. print " * found RGLoader patch file"
  444. RGLP = image[4:]
  445. elif image[:2] == "CD" and allzero(image[0x20:0x230]):
  446. print " * found decrypted CD"
  447. CD_plain = image
  448. elif len(image) == 0x3000 and image.find("<Copyright 2001-") >= 0:
  449. print " * found decrypted SMC"
  450. SMC = image
  451. elif len(image) == 0x3000:
  452. print " * found encrypted SMC (i hope so)"
  453. SMC = decrypt_SMC(image)
  454. else:
  455. raise " * unknown image found in file %s!" % i
  456.  
  457. print " * we found the following parts:"
  458. print "SMC: %d.%d" %(ord(SMC[0x101]),ord(SMC[0x102]))
  459. print "CB_A:", CB_A and build(CB_A) or "missing"
  460. print "CB_B:", CB_B and build(CB_B) or "missing"
  461. print "CD (image):", CD and build(CD) or "missing"
  462. print "CD (decrypted):", CD_plain and build(CD_plain) or "missing"
  463. print "CE (image): ", CE and build(CE) or "missing"
  464. print "CF0: ", CF and build(CF) or "missing"
  465. print "CF1: ", CF1 and build(CF1) or "missing"
  466.  
  467. print " * checking for proper 1BL key...",
  468. sum = 0
  469. for v in secret_1BL:
  470. sum = sum + ord(v)
  471. assert sum == 0x983, "you need to fill in secret_1BL properly!"
  472. print "ok"
  473.  
  474. print " * decrypting..."
  475. CB_A = decrypt_CB(CB_A_crypted)
  476. if not CB_B:
  477. CD = decrypt_CD(CD, CB_A)
  478. CE = decrypt_CE(CE, CD)
  479. else:
  480. CB_B = decrypt_CB_B(CB_B, CB_A)
  481. if not allzero(CD[0x40:0x140]):
  482. CD = decrypt_CD(CD, CB_B)
  483. CE = decrypt_CE(CE, CD)
  484.  
  485. CF = decrypt_CF(CF)
  486. CF1 = decrypt_CF(CF1)
  487.  
  488. open("output/SMC_orig.bin", "wb").write(SMC)
  489. open("output/CB_A_orig.bin", "wb").write(CB_A)
  490.  
  491. if CB_B:
  492. open("output/CB_B_orig.bin", "wb").write(CB_B)
  493.  
  494. open("output/CD_orig.bin", "wb").write(CD)
  495. open("output/CE_orig.bin", "wb").write(CE)
  496. open("output/CF_orig.bin", "wb").write(CF)
  497. open("output/CF1_dec.bin", "wb").write(CF1)
  498.  
  499. print " * checking if all files decrypted properly...",
  500. assert allzero(SMC[-4:])
  501. assert allzero(CB_A[0x263:0x273])
  502. assert allzero(CD[0x40:0x140])
  503. assert allzero(CE[0x20:0x28])
  504. print "ok"
  505.  
  506. print " * checking required versions...",
  507. assert CD_plain, "you need a decrypted CD"
  508. print "ok"
  509.  
  510. zephyr_builds = [4578]
  511. falcon_builds = [5771]
  512. jasper_builds = [6750]
  513. trinity_builds = [9188]
  514.  
  515. print " * this image will be valid *only* for:",
  516. if build(CB_A) in zephyr_builds: print "zephyr",
  517. if build(CB_A) in falcon_builds: print "falcon",
  518. if build(CB_A) in jasper_builds: print "jasper",
  519. if build(CB_A) in trinity_builds: print "trinity (slim)",
  520. print
  521.  
  522. Final = ""
  523. print " * patching SMC..."
  524. SMC = patch_SMC(SMC)
  525.  
  526. CD = CD_plain
  527.  
  528. if CB_B:
  529. print " * patching CB_B..."
  530.  
  531. CB_B = patch_CB_B(CB_B)
  532.  
  533. print " * zero-pairing..."
  534.  
  535. if CB_B:
  536. CB_B = CB_B[0:0x20] + "\0" * 0x20 + CB_B[0x40:]
  537. else:
  538. CB_A = CB_A[0:0x20] + "\0" * 0x20 + CB_A[0x40:]
  539.  
  540. CF = CF[0:0x21c] + "\0" * 4 + CF[0x220:]
  541. CF1 = CF1[0:0x21c] + "\0" * 4 + CF1[0x220:]
  542. c = "zeropair image"
  543.  
  544. open("output/CB_A_patched.bin", "wb").write(CB_A)
  545.  
  546. if CB_B:
  547. open("output/CB_B_patched.bin", "wb").write(CB_B)
  548.  
  549. open("output/SMC_patched.bin", "wb").write(SMC)
  550.  
  551. print " * constructing new image..."
  552.  
  553. base_size = 0x8000 + len(CB_A) + len(CD) + len(CE)
  554. if CB_B:
  555. base_size += len(CB_B)
  556. base_size += 16383
  557. base_size &=~ 16383
  558. patch_size = 0x10000
  559.  
  560. if OrigHeader[0x71] == "\x02":
  561. patch_size = 0x20000
  562. base_size += 0x10000
  563.  
  564. patch_offset = base_size
  565.  
  566. print " * base size: %x" % base_size
  567.  
  568. random = "\0" * 16
  569.  
  570. SMC = encrypt_SMC(SMC)
  571.  
  572. if not CB_B:
  573. CB_A, CB_A_key, CB_A_key2 = encrypt_CB(CB_A)
  574. CD, CD_key = encrypt_CD(CD, CB_A_key2)
  575. CE = encrypt_CE(CE, CD_key)
  576. else:
  577. CB_A, CB_A_key, CB_A_key2 = encrypt_CB(CB_A)
  578. CB_B, CB_B_key = encrypt_CB_B(CB_B, CB_A_key2)
  579. CD, CD_key = encrypt_CD(CD, CB_B_key)
  580. CE = encrypt_CE(CE, CD_key)
  581.  
  582. CF, CF_key = encrypt_CF(CF)
  583. CF1, CF1_key = encrypt_CF(CF1)
  584.  
  585. if CB_B:
  586. open("output/CB_B_enc.bin", "wb").write(CB_B)
  587.  
  588. print " * Flash Layout:"
  589.  
  590. def add_to_flash(d, w, offset = 0):
  591. global Final
  592. print "0x%08x..0x%08x (0x%08x bytes) %s" % (offset + len(Final), offset + len(Final) + len(d) - 1, len(d), w)
  593. Final += d
  594.  
  595. def pad_to(loc):
  596. global Final
  597. pad = "\0" * (loc - len(Final))
  598. add_to_flash(pad, "Padding")
  599.  
  600. add_to_flash(OrigHeader[:0x200], "Header")
  601.  
  602. if RGLP:
  603. add_to_flash(RGLP, "RGLoader Patch")
  604.  
  605. pad_to(0x1000)
  606. add_to_flash(SMC, "SMC")
  607. add_to_flash(Keyvault, "Keyvault")
  608.  
  609. if CB_B:
  610. add_to_flash(CB_A, "CB_A %d" % build(CB_A))
  611. add_to_flash(CB_B, "CB_B %d" % build(CB_B))
  612. else:
  613. add_to_flash(CB_A, "CB_A %d" % build(CB_A))
  614.  
  615. add_to_flash(CD, "CD %d" % build(CD))
  616. add_to_flash(CE, "CE %d" % build(CE))
  617. pad_to(patch_offset)
  618. add_to_flash(CF, "CF %d" % build(CF))
  619. add_to_flash(CG, "CG %d" % build(CG))
  620. add_to_flash(CF1, "CF1 %d" % build(CF1))
  621. add_to_flash(CG1, "CG1 %d" % build(CG1))
  622. print " * Encoding EDC..."
  623.  
  624. Final = addedc(Final)
  625.  
  626. open("output/image_00000000.edc", "wb").write(Final)
  627.  
  628. print "------------- Written into output/image_00000000.edc"
  629.  
  630.  
  631.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!