API tools faq
paste
Guest User

Untitled

a guest
Oct 3rd, 2011
1,944
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.77 KB | None | 0 0
raw download clone embed print report
  1. # modified by stoker25 for the reset glitch loader
  2. # modified by GliGli and Tiros for the reset glitch hack
  3.  
  4. secret_1BL = "\xDD\x88\xAD\x0C\x9E\xD6\x69\xE7\xB5\x67\x94\xFB\x68\x56\x3E\xFA"
  5.  
  6. # >>>VERY<<< important, FILL THIS IN! \x before each 2 bytes
  7. cpukey = "\x13\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33\x37"
  8.  
  9. # don't change anything from here.
  10.  
  11. # so we can do updates properly
  12. SCRIPT_VERSION = 0x03
  13. RGL_BUILD = 0x05
  14.  
  15. OrigHeader = None
  16. Keyvault = None
  17. SMC = None
  18. CB_A = None
  19. CB_A_crypted = None
  20. CB_B = None
  21. CB_B_crypted = None
  22. CD = None
  23. CD_plain = None
  24. CE = None
  25. CE_plain = None
  26. CF = None
  27. CF1 = None
  28. CG = None
  29. CG1 = None
  30. RGLP = None
  31.  
  32. # Import Psyco if available
  33. try:
  34. import psyco
  35. psyco.full()
  36. except ImportError:
  37. pass
  38.  
  39. # first, unpack base input image. We are ignoring any updates here
  40. import hmac, sha, struct, sys, binascii
  41. try:
  42. import Crypto.Cipher.ARC4 as RC4
  43. except ImportError:
  44. print "Error importing Crypto.Cipher.ARC4 - please install python-crypto!"
  45. print "You can get it from http://www.dlitz.net/software/pycrypto/"
  46. sys.exit(-1)
  47.  
  48. def unpack_base_image(image):
  49. global OrigHeader, SMC, CB_A, CB_B, CD, CE, CF, CF1, CG, CG1, Keyvault
  50. OrigHeader = image[:0x200]
  51. if image[0x205] == "\xFF" or image[0x415] == "\xFF" or image[0x200] == "\xFF":
  52. print "EDC'ed - will unedc."
  53. res = ""
  54. for s in range(0, len(image), 528):
  55. res += image[s:s+512]
  56. image = res
  57.  
  58. unpackstring = "!HHLLL64s5LLLLLLLL"
  59. (id1, build, flags, bloffset, size0, copyright, z0, z1, z2, z3, r7, size1, r3, r4, z5, z6, smc_len, smc_start) = struct.unpack(unpackstring, image[:struct.calcsize(unpackstring)])
  60. #assert not (z0 or z1 or z2 or z3 or z5 or z6), "zeros are not zero."
  61.  
  62. block_offset = bloffset
  63.  
  64. SMC = image[smc_start:smc_start+smc_len]
  65. Keyvault = image[0x4000:0x8000]
  66.  
  67.  
  68.  
  69. assert smc_len == 0x3000, "never saw an SMC != 0x3000 bytes"
  70. semi = 0
  71. for block in range(30):
  72. (block_id, block_build, block_flags, block_entry_point, block_size) = struct.unpack("!2sHLLL", image[block_offset:block_offset+16])
  73. block_size += 0xF
  74. block_size &= ~0xF
  75. id = ord(block_id[1]) & 0xF
  76.  
  77. print "Found %dBL (build %d) at %08x" % (id, block_build, block_offset)
  78. data = image[block_offset:block_offset+block_size]
  79.  
  80. if id == 2:
  81. if semi == 0:
  82. CB_A = data
  83. semi = 1
  84. elif semi ==1:
  85. CB_B = data
  86. semi = 0
  87.  
  88. elif id == 4:
  89. CD = data
  90. elif id == 5:
  91. CE = data
  92.  
  93. block_offset += block_size
  94.  
  95. if id == 5:
  96. break
  97.  
  98. assert CB_A and CD and CE
  99. base_size = 0x8000 + len(CB_A) + len(CD) + len(CE)
  100. if CB_B:
  101. base_size += len(CB_B)
  102.  
  103. base_size += 16383
  104. base_size &=~ 16383
  105. patch_size = 0x10000
  106.  
  107. if image[0x71] == "\x02":
  108. patch_size = 0x20000
  109. base_size += 0x10000
  110.  
  111. patch_offset = base_size
  112.  
  113. CF = image[patch_offset:patch_offset + 0x4450]
  114. CF1 = image[patch_offset + patch_size:patch_offset + 0x4450 + patch_size]
  115. CG = image[patch_offset + 0x4450:patch_offset + patch_size]
  116. CG1 = image[patch_offset + 0x4450 + patch_size:patch_offset + (patch_size * 2)]
  117. #build = 0
  118. #if not CF[:2] == "\x43\x46" or not CG[:2] == "\x43\x47":
  119. # CF = None
  120. # CG = None
  121. #else:
  122. # build = build(CF)
  123. # print "Found 5BL-0 (build %d) at %08x" % (build, patch_offset)
  124.  
  125. #if not CF1[:2] == "\x43\x46" or not CG1[:2] == "\x43\x47":
  126. # CF1 = None
  127. # CG1 = None
  128. #else:
  129. # build = build(CF1)
  130. # print "Found 5BL-1 (build %d) at %08x" % (build, patch_offset + patch_size)
  131.  
  132.  
  133. def unpack_update(image):
  134. global CF, CG
  135.  
  136. block_offset = 0
  137. for block in range(30):
  138. (block_id, block_build, block_flags, block_entry_point, block_size) = struct.unpack("!2sHLLL", image[block_offset:block_offset+16])
  139. block_size += 0xF
  140. block_size &= ~0xF
  141. id = ord(block_id[1]) & 0xF
  142.  
  143. print "Found %dBL (build %d) at %08x" % (id, block_build, block_offset)
  144. data = image[block_offset:block_offset+block_size]
  145.  
  146. if id == 6:
  147. CF = data
  148. elif id == 7:
  149. CG = data
  150.  
  151. block_offset += block_size
  152.  
  153. if id == 7:
  154. break
  155.  
  156. def build(data):
  157. return struct.unpack(">H", data[2:4])[0]
  158.  
  159.  
  160. def decrypt_CB(CB):
  161. secret = secret_1BL
  162. key = hmac.new(secret, CB[0x10:0x20], sha).digest()[0:0x10]
  163. CB = CB[0:0x10] + key + RC4.new(key).decrypt(CB[0x20:])
  164. open("output/Cb_dec_key.bin", "wb").write(key)
  165.  
  166. return CB
  167.  
  168. def decrypt_CB_Cpu(CB):
  169. assert cpukey
  170. secret = secret_1BL
  171. h = hmac.new(secret,None, sha);
  172. h.update(CB[0x10:0x20]);
  173. h.update(cpukey);
  174. key = h.digest()[0:0x10]
  175. CB = CB[0:0x10] +key+ RC4.new(key).decrypt(CB[0x20:])
  176. return CB
  177.  
  178. def decrypt_CB_B(CB_B, CB_A):
  179. assert cpukey or build(CB_B) < 1920
  180. secret = CB_A[0x10:0x20]
  181.  
  182. if build(CB_B) >= 1920:
  183. key = hmac.new(secret, CB_B[0x10:0x20] + cpukey, sha).digest()[0:0x10]
  184. CB_B = CB_B[0:0x10] + key + RC4.new(key).decrypt(CB_B[0x20:])
  185. return CB_B
  186.  
  187. def decrypt_CD(CD, CB):
  188. # enable this code if you want to extract CD from a flash image and you know the cup key.
  189. # disable this when this is a zero-paired image.
  190. assert cpukey or build(CD) < 1920 or build(CD) >= 9450
  191. secret = CB[0x10:0x20]
  192. key = hmac.new(secret, CD[0x10:0x20], sha).digest()[0:0x10]
  193. if build(CD) >= 1920:
  194. if build(CD) < 9450:
  195. key = hmac.new(cpukey, key, sha).digest()[0:0x10]
  196.  
  197. CD = CD[0:0x10] + key + RC4.new(key).decrypt(CD[0x20:])
  198. return CD
  199.  
  200. def decrypt_CE(CE, CD):
  201. secret = CD[0x10:0x20]
  202. key = hmac.new(secret, CE[0x10:0x20], sha).digest()[0:0x10]
  203. CE = CE[0:0x20] + RC4.new(key).decrypt(CE[0x20:])
  204. return CE
  205.  
  206. def decrypt_CF(CF):
  207. secret = secret_1BL
  208. key = hmac.new(secret, CF[0x20:0x30], sha).digest()[0:0x10]
  209. CF = CF[0:0x20] + key + RC4.new(key).decrypt(CF[0x30:])
  210. return CF
  211.  
  212. def decrypt_CG(CG, CF):
  213. secret = CF[0x330:0x330+0x10]
  214. key = hmac.new(secret, CG[0x10:0x20], sha).digest()[0:0x10]
  215. CG = CG[:0x10] + key + RC4.new(key).decrypt(CG[0x20:])
  216. return CG
  217.  
  218. def decrypt_SMC(SMC):
  219. key = [0x42, 0x75, 0x4e, 0x79]
  220. res = ""
  221. for i in range(len(SMC)):
  222. j = ord(SMC[i])
  223. mod = j * 0xFB
  224. res += chr(j ^ (key[i&3] & 0xFF))
  225. key[(i+1)&3] += mod
  226. key[(i+2)&3] += mod >> 8
  227. return res
  228.  
  229. def decrypt_CB(CB):
  230. secret = secret_1BL
  231. key = hmac.new(secret, CB[0x10:0x20], sha).digest()[0:0x10]
  232. CB = CB[0:0x10] + key + RC4.new(key).decrypt(CB[0x20:])
  233. open("output/Cb_dec_key.bin", "wb").write(key)
  234.  
  235. return CB
  236.  
  237. def encrypt_CB(CB):
  238. secret = secret_1BL
  239. key = hmac.new(secret, CB[0x10:0x20], sha).digest()[0:0x10]
  240. CB = CB[0:0x20] + RC4.new(key).encrypt(CB[0x20:])
  241.  
  242. return CB, CB[0x10:0x20], key
  243.  
  244. def decrypt_CB_B(CB_B, CB_A):
  245. assert cpukey or build(CB_B) < 1920
  246. secret = CB_A[0x10:0x20]
  247. key = hmac.new(secret, CB_B[0x10:0x20] + cpukey, sha).digest()[0:0x10]
  248. CB_B = CB_B[0:0x10] + key + RC4.new(key).decrypt(CB_B[0x20:])
  249. return CB_B
  250.  
  251. def encrypt_CB_Cpu(CB_B, CB_A_key):
  252. assert cpukey
  253. secret = CB_A_key
  254. open("output/Cb_enc_secret.bin", "wb").write(secret)
  255. h = hmac.new(secret,None, sha);
  256. h.update(CB_B[0x10:0x20]);
  257. h.update(cpukey);
  258. key = h.digest()[0:0x10]
  259. CB_B = CB_B[0:0x20] + RC4.new(key).encrypt(CB_B[0x20:])
  260. return CB_B, key
  261.  
  262. def encrypt_CB_B(CB_B, CB_A_key):
  263. secret = CB_A_key
  264. open("output/Cb_enc_secret.bin", "wb").write(secret)
  265. key = hmac.new(secret, CB_B[0x10:0x20] + cpukey, sha).digest()[0:0x10]
  266. CB_B = CB_B[0:0x20] + RC4.new(key).encrypt(CB_B[0x20:])
  267. return CB_B, key
  268.  
  269. def encrypt_CD(CD, CB_key):
  270. secret = CB_key
  271. key = hmac.new(secret, CD[0x10:0x20], sha).digest()[0:0x10]
  272. CD = CD[0:0x20] + RC4.new(key).encrypt(CD[0x20:])
  273. return CD, key
  274.  
  275. def encrypt_CE(CE, CD_key):
  276. secret = CD_key
  277. key = hmac.new(secret, CE[0x10:0x20], sha).digest()[0:0x10]
  278. CE = CE[0:0x20] + RC4.new(key).encrypt(CE[0x20:])
  279. return CE
  280.  
  281. def encrypt_CF(CF):
  282. secret = secret_1BL
  283. key = hmac.new(secret, CF[0x20:0x30], sha).digest()[0:0x10]
  284. CF_key = CF[0x330:0x330+0x10]
  285. CF = CF[0:0x30] + RC4.new(key).encrypt(CF[0x30:])
  286. return CF, CF_key
  287.  
  288. def encrypt_CG(CG, CF_key):
  289. secret = CF_key
  290. key = hmac.new(secret, CG[0x10:0x20], sha).digest()[0:0x10]
  291. CG = CG[0:0x20]+ RC4.new(key).encrypt(CG[0x20:])
  292. return CG
  293.  
  294. def encrypt_SMC(SMC):
  295. key = [0x42, 0x75, 0x4e, 0x79]
  296. res = ""
  297. for i in range(len(SMC)):
  298. j = ord(SMC[i]) ^ (key[i&3] & 0xFF)
  299. mod = j * 0xFB
  300. res += chr(j)
  301. key[(i+1)&3] += mod
  302. key[(i+2)&3] += mod >> 8
  303. return res
  304.  
  305. # CB_patches is an array of patchsets, a patchset is a version number followed by an array of patches, a patch is 3 ints: [offset,plaintext,patch]
  306.  
  307. CB_patches = [[9188,[[0x5678,0x60,0x00,0x00,0x00]]]]
  308.  
  309. def int_to_str(i):
  310. return [chr((i>>24) & 0xff),chr((i>>16) & 0xff),chr((i>>8) & 0xff),chr(i & 0xff)]
  311.  
  312. def patch_CB_old(CB):
  313. found = False
  314.  
  315. for versions in CB_patches:
  316. if build(CB) == versions[0]:
  317. print "patchset for %d found, %d patch(es)" % (versions[0],len(versions[1]))
  318. found = True
  319. for patches in versions[1]:
  320. plain = int_to_str(patches[1])
  321. patch = int_to_str(patches[2])
  322.  
  323. patched = ""
  324.  
  325. for i in range(4):
  326. CB = CB[:patches[0]+i] + chr(patches[i+1]) + CB[patches[0]+i+1:]
  327. #patched = patched + chr(ord(patch[i]))
  328. #keystream = ord(plain[i]) ^ ord(CB[i+patches[0]])
  329. #patched = patched + patch[i] #chr(keystream ^ ord(patch[i]))
  330.  
  331. #CB = CB[:patches[0]] + patched + CB[patches[0]+4:]
  332.  
  333. assert found,"can't patch that CB"
  334.  
  335. return CB
  336.  
  337. def patch_CB_B(CB):
  338. found = False
  339.  
  340. for versions in CB_patches:
  341. if build(CB) == versions[0]:
  342. print "patchset for %d found, %d patch(es)" % (versions[0],len(versions[1]))
  343. found = True
  344. for patches in versions[1]:
  345. for i in range(len(patches)-1):
  346. CB = CB[:patches[0]+i] + chr(patches[i+1]) + CB[patches[0]+i+1:]
  347.  
  348. if not found:
  349. print" ! Warning: can't patch that CB, here are the current supported versions:"
  350. for versions in CB_patches:
  351. print " - %s" % versions[0]
  352.  
  353. return CB
  354.  
  355.  
  356. # SMC_patches is an array of patchsets, a patchset is a crc32 of the image minus first 4 bytes, human readable version info and an array of patches, a patch is: [offset,byte0,byte1,...]
  357.  
  358. SMC_patches = [[0xf9c96639,"Trinity, version 3.1",[[0x13b3,0x00,0x00]]],
  359. [0x5b3aed00,"Jasper, version 2.3",[[0x12ba,0x00,0x00]]],
  360. [0x9ad5b7ee,"Zephyr, version 1.10",[[0x1257,0x00,0x00]]],
  361. [0x7e5bc217,"Zephyr, version 1.13",[[0x12a3,0x00,0x00]]],
  362. [0x1d0c613e,"Falcon, version 1.6",[[0x12a3,0x00,0x00]]]]
  363.  
  364. def patch_SMC(SMC):
  365. found = False
  366.  
  367. smc_crc = binascii.crc32(SMC[4:]) & 0xffffffff
  368.  
  369. print "CRC32: %x" % (smc_crc)
  370.  
  371. for versions in SMC_patches:
  372. if smc_crc == versions[0]:
  373. print "patchset \"%s\" matches, %d patch(es)" % (versions[1],len(versions[2]))
  374. found = True
  375. for patches in versions[2]:
  376. for i in range(len(patches)-1):
  377. SMC = SMC[:patches[0]+i] + chr(patches[i+1]) + SMC[patches[0]+i+1:]
  378.  
  379. if not found:
  380. print" ! Warning: can't patch that SMC, here are the current supported versions:"
  381. for versions in SMC_patches:
  382. print " - %s" % versions[1]
  383.  
  384. return SMC
  385.  
  386.  
  387. def allzero(string):
  388. for x in string:
  389. if ord(x):
  390. return False
  391. return True
  392.  
  393. def allFF(string):
  394. for x in string:
  395. if ord(x) != 0xFF:
  396. return False
  397. return True
  398.  
  399. def calcedc(data):
  400. assert len(data) == 0x210
  401. val = 0
  402. for i in range(0x1066):
  403. if not i & 31:
  404. v = ~struct.unpack("<L", data[i/8:i/8+4])[0]
  405. val ^= v & 1
  406. v >>= 1
  407. if val & 1:
  408. val ^= 0x6954559
  409. val >>= 1
  410.  
  411. val = ~val
  412. return data[:-4] + struct.pack("<L", (val << 6) & 0xFFFFFFFF)
  413.  
  414. def addedc(data, block = 0, off_8 = "\x00" * 4):
  415. res = ""
  416. while len(data):
  417. d = (data[:0x200] + "\x00" * 0x200)[:0x200]
  418. data = data[0x200:]
  419.  
  420. d += struct.pack("<L4B4s4s", block / 32, 0, 0xFF, 0, 0, off_8, "\0\0\0\0")
  421. d = calcedc(d)
  422. block += 1
  423. res += d
  424. return res
  425.  
  426. import sys
  427.  
  428. for i in sys.argv[1:]:
  429. image = open(i, "rb").read()[:1*1024*1024]
  430. if image[:2] == "\xFF\x4F":
  431. print " * found flash image, unpacking..."
  432. unpack_base_image(image)
  433. CB_A_crypted = CB_A
  434. CB_B_crypted = CB_B
  435. SMC = decrypt_SMC(SMC)
  436. elif image[:2] == "CB":
  437. print " * found (hopefully) decrypted CB"
  438. CB_A_crypted = None
  439. CB_A = image
  440. elif image[:4] == "RGLP" or image[:4] == "RLPF":
  441. print " * found RGLoader patch file"
  442. RGLP = image[4:]
  443. elif image[:2] == "CD" and allzero(image[0x20:0x230]):
  444. print " * found decrypted CD"
  445. CD_plain = image
  446. elif len(image) == 0x3000 and image.find("<Copyright 2001-") >= 0:
  447. print " * found decrypted SMC"
  448. SMC = image
  449. elif len(image) == 0x3000:
  450. print " * found encrypted SMC (i hope so)"
  451. SMC = decrypt_SMC(image)
  452. else:
  453. raise " * unknown image found in file %s!" % i
  454.  
  455. print " * we found the following parts:"
  456. print "SMC: %d.%d" %(ord(SMC[0x101]),ord(SMC[0x102]))
  457. print "CB_A:", CB_A and build(CB_A) or "missing"
  458. print "CB_B:", CB_B and build(CB_B) or "missing"
  459. print "CD (image):", CD and build(CD) or "missing"
  460. print "CD (decrypted):", CD_plain and build(CD_plain) or "missing"
  461. print "CE (image): ", CE and build(CE) or "missing"
  462. print "CF0: ", CF and build(CF) or "missing"
  463. print "CF1: ", CF1 and build(CF1) or "missing"
  464.  
  465. print " * checking for proper 1BL key...",
  466. sum = 0
  467. for v in secret_1BL:
  468. sum = sum + ord(v)
  469. assert sum == 0x983, "you need to fill in secret_1BL properly!"
  470. print "ok"
  471.  
  472. print " * decrypting..."
  473. CB_A = decrypt_CB(CB_A_crypted)
  474. if not CB_B:
  475. CD = decrypt_CD(CD, CB_A)
  476. CE = decrypt_CE(CE, CD)
  477. else:
  478. CB_B = decrypt_CB_B(CB_B, CB_A)
  479. if not allzero(CD[0x40:0x140]):
  480. CD = decrypt_CD(CD, CB_B)
  481. CE = decrypt_CE(CE, CD)
  482.  
  483. CF = decrypt_CF(CF)
  484. CF1 = decrypt_CF(CF1)
  485.  
  486. open("output/SMC_orig.bin", "wb").write(SMC)
  487. open("output/CB_A_orig.bin", "wb").write(CB_A)
  488.  
  489. if CB_B:
  490. open("output/CB_B_orig.bin", "wb").write(CB_B)
  491.  
  492. open("output/CD_orig.bin", "wb").write(CD)
  493. open("output/CE_orig.bin", "wb").write(CE)
  494. open("output/CF_orig.bin", "wb").write(CF)
  495. open("output/CF1_dec.bin", "wb").write(CF1)
  496.  
  497. print " * checking if all files decrypted properly...",
  498. assert allzero(SMC[-4:])
  499. assert allzero(CB_A[0x263:0x273])
  500. assert allzero(CD[0x40:0x140])
  501. assert allzero(CE[0x20:0x28])
  502. print "ok"
  503.  
  504. print " * checking required versions...",
  505. assert CD_plain, "you need a decrypted CD"
  506. print "ok"
  507.  
  508. zephyr_builds = [4578]
  509. falcon_builds = [5771]
  510. jasper_builds = [6750]
  511. trinity_builds = [9188]
  512.  
  513. print " * this image will be valid *only* for:",
  514. if build(CB_A) in zephyr_builds: print "zephyr",
  515. if build(CB_A) in falcon_builds: print "falcon",
  516. if build(CB_A) in jasper_builds: print "jasper",
  517. if build(CB_A) in trinity_builds: print "trinity (slim)",
  518. print
  519.  
  520. Final = ""
  521. print " * patching SMC..."
  522. SMC = patch_SMC(SMC)
  523.  
  524. CD = CD_plain
  525.  
  526. if CB_B:
  527. print " * patching CB_B..."
  528.  
  529. CB_B = patch_CB_B(CB_B)
  530.  
  531. print " * zero-pairing..."
  532.  
  533. if CB_B:
  534. CB_B = CB_B[0:0x20] + "\0" * 0x20 + CB_B[0x40:]
  535. else:
  536. CB_A = CB_A[0:0x20] + "\0" * 0x20 + CB_A[0x40:]
  537.  
  538. CF = CF[0:0x21c] + "\0" * 4 + CF[0x220:]
  539. CF1 = CF1[0:0x21c] + "\0" * 4 + CF1[0x220:]
  540. c = "zeropair image"
  541.  
  542. open("output/CB_A_patched.bin", "wb").write(CB_A)
  543.  
  544. if CB_B:
  545. open("output/CB_B_patched.bin", "wb").write(CB_B)
  546.  
  547. open("output/SMC_patched.bin", "wb").write(SMC)
  548.  
  549. print " * constructing new image..."
  550.  
  551. base_size = 0x8000 + len(CB_A) + len(CD) + len(CE)
  552. if CB_B:
  553. base_size += len(CB_B)
  554. base_size += 16383
  555. base_size &=~ 16383
  556. patch_size = 0x10000
  557.  
  558. if OrigHeader[0x71] == "\x02":
  559. patch_size = 0x20000
  560. base_size += 0x10000
  561.  
  562. patch_offset = base_size
  563.  
  564. print " * base size: %x" % base_size
  565.  
  566. random = "\0" * 16
  567.  
  568. SMC = encrypt_SMC(SMC)
  569.  
  570. if not CB_B:
  571. CB_A, CB_A_key, CB_A_key2 = encrypt_CB(CB_A)
  572. CD, CD_key = encrypt_CD(CD, CB_A_key2)
  573. CE = encrypt_CE(CE, CD_key)
  574. else:
  575. CB_A, CB_A_key, CB_A_key2 = encrypt_CB(CB_A)
  576. CB_B, CB_B_key = encrypt_CB_B(CB_B, CB_A_key2)
  577. CD, CD_key = encrypt_CD(CD, CB_B_key)
  578. CE = encrypt_CE(CE, CD_key)
  579.  
  580. CF, CF_key = encrypt_CF(CF)
  581. CF1, CF1_key = encrypt_CF(CF1)
  582.  
  583. if CB_B:
  584. open("output/CB_B_enc.bin", "wb").write(CB_B)
  585.  
  586. print " * Flash Layout:"
  587.  
  588. def add_to_flash(d, w, offset = 0):
  589. global Final
  590. print "0x%08x..0x%08x (0x%08x bytes) %s" % (offset + len(Final), offset + len(Final) + len(d) - 1, len(d), w)
  591. Final += d
  592.  
  593. def pad_to(loc):
  594. global Final
  595. pad = "\0" * (loc - len(Final))
  596. add_to_flash(pad, "Padding")
  597.  
  598. add_to_flash(OrigHeader[:0x200], "Header")
  599.  
  600. if RGLP:
  601. add_to_flash(RGLP, "RGLoader Patch")
  602.  
  603. pad_to(0x1000)
  604. add_to_flash(SMC, "SMC")
  605. add_to_flash(Keyvault, "Keyvault")
  606.  
  607. if CB_B:
  608. add_to_flash(CB_A, "CB_A %d" % build(CB_A))
  609. add_to_flash(CB_B, "CB_B %d" % build(CB_B))
  610. else:
  611. add_to_flash(CB_A, "CB_A %d" % build(CB_A))
  612.  
  613. add_to_flash(CD, "CD %d" % build(CD))
  614. add_to_flash(CE, "CE %d" % build(CE))
  615. pad_to(patch_offset)
  616. add_to_flash(CF, "CF %d" % build(CF))
  617. add_to_flash(CG, "CG %d" % build(CG))
  618. add_to_flash(CF1, "CF1 %d" % build(CF1))
  619. add_to_flash(CG1, "CG1 %d" % build(CG1))
  620. print " * Encoding EDC..."
  621.  
  622. Final = addedc(Final)
  623.  
  624. open("output/image_00000000.edc", "wb").write(Final)
  625.  
  626. print "------------- Written into output/image_00000000.edc"
  627.  
  628.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!