Home Explore Help
Register Sign In
RISCI_ATOM
/
me_cleaner
mirror of https://github.com/corna/me_cleaner
1
0
Fork 0
Files Issues 0 Wiki
Tree: 48deb6cb3b
Branches Tags
me_cleaner
/
me_cleaner.py

me_cleaner.py 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. #!/usr/bin/python3
    2. 

  2. 

  3. # Copyright (C) 2016 Nicola Corna <nicola@corna.info>
    4. 

  4. #
    5. 

  5. # me_cleaner is free software: you can redistribute it and/or modify
    6. 

  6. # it under the terms of the GNU General Public License as published by
    7. 

  7. # the Free Software Foundation, either version 3 of the License, or
    8. 

  8. # (at your option) any later version.
    9. 

  9. #
    10. 

  10. # me_cleaner is distributed in the hope that it will be useful,
    11. 

  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13. # GNU General Public License for more details.
    14. 

  14. #
    15. 

  15. # You should have received a copy of the GNU General Public License
    16. 

  16. # along with me_cleaner.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17. #
    18. 

  18. 

  19. import sys
    20. 

  20. import itertools
    21. 

  21. from struct import *
    22. 

  22. 

  23. 

  24. def fill_range(f, start, end, fill):
    25. 

  25.     block = fill * 4096
    26. 

  26.     f.seek(start, 0)
    27. 

  27.     f.writelines(itertools.repeat(block, (end - start) // 4096))
    28. 

  28.     f.write(fill[:(end - start) % 4096])
    29. 

  29. 

  30. def remove_module(f, mod_header, ftpr_offset, lzma_start, lzma_end):
    31. 

  31.     name = mod_header[0x04:0x14].decode("ascii")
    32. 

  32.     start = unpack("<I", mod_header[0x38:0x3C])[0]
    33. 

  33.     size = unpack("<I", mod_header[0x40:0x44])[0]
    34. 

  34.     flags = unpack("<I", mod_header[0x50:0x54])[0]
    35. 

  35.     comp_type = (flags >> 4) & 7
    36. 

  36. 

  37.     if comp_type == 0x00 or comp_type == 0x02:
    38. 

  38.         if start >= lzma_start and start + size <= lzma_end:
    39. 

  39.             fill_range(f, ftpr_offset + start, ftpr_offset + start + size,
    40. 

  40.                        b"\xFF")
    41. 

  41.             print(" {:<16}: removed (0x{:0X} - 0x{:0X})"
    42. 

  42.                   .format(name, ftpr_offset + start,
    43. 

  43.                           ftpr_offset + start + size))
    44. 

  44.         else:
    45. 

  45.             print(" {:<16}: is outside the LZMA region (module 0x{:0X} - "
    46. 

  46.                   "0x{:0X}, LZMA 0x{:0X} - 0x{:0X}), skipping"
    47. 

  47.                   .format(name, start, start+size, lzma_start, lzma_end))
    48. 

  48.     elif comp_type == 0x01:
    49. 

  49.         print(" {:<16}: removal of Huffman modules is not supported yet, "
    50. 

  50.               "skipping".format(name))
    51. 

  51.     else:
    52. 

  52.         print(" {:<16}: unknown compression, skipping".format(name))
    53. 

  53. 

  54. if len(sys.argv) != 2 or sys.argv[1] == "-h" or sys.argv[1] == "--help":
    55. 

  55.     print("Usage: me_cleaner.py me_image.bin")
    56. 

  56. else:
    57. 

  57.     with open(sys.argv[1], "r+b") as f:
    58. 

  58.         f.seek(0x10, 0)
    59. 

  59.         fpt_header = f.read(4)
    60. 

  60. 

  61.         if fpt_header == b"$FPT":
    62. 

  62.             print("Found FPT header at 0x10")
    63. 

  63. 

  64.             entries = unpack("<I", f.read(4))[0]
    65. 

  65.             print("Found {} partition(s)".format(entries))
    66. 

  66. 

  67.             f.seek(0x02, 1)
    68. 

  68.             header_len = unpack("<B", f.read(1))[0]
    69. 

  69.             f.seek(0x30, 0)
    70. 

  70.             partitions = f.read(entries * 0x20)
    71. 

  71. 

  72.             ftpr_header = b""
    73. 

  73.             ftpr_offset = 0
    74. 

  74.             ftpr_lenght = 0
    75. 

  75. 

  76.             for i in range(entries):
    77. 

  77.                 if partitions[i * 0x20:(i * 0x20) + 4] == b"FTPR":
    78. 

  78.                     ftpr_header = partitions[i * 0x20:(i + 1) * 0x20]
    79. 

  79.                     break
    80. 

  80. 

  81.             if ftpr_header != b"":
    82. 

  82.                 ftpr_offset, ftpr_lenght = unpack("<II", ftpr_header[0x08:0x10])
    83. 

  83.                 print("Found FTPR header: FTPR partition spans from "
    84. 

  84.                       "0x{:02x} to 0x{:02x}".format(ftpr_offset,
    85. 

  85.                                                     ftpr_offset + ftpr_lenght))
    86. 

  86.                 print("Removing extra partitions...")
    87. 

  87. 

  88.                 fill_range(f, 0x30, ftpr_offset, b"\xFF")
    89. 

  89.                 f.seek(0, 2)
    90. 

  90.                 fill_range(f, ftpr_offset + ftpr_lenght, f.tell(), b"\xFF")
    91. 

  91. 

  92.                 print("Removing extra partition entries in FPT...")
    93. 

  93.                 f.seek(0x30, 0)
    94. 

  94.                 f.write(ftpr_header)
    95. 

  95.                 f.seek(0x14, 0)
    96. 

  96.                 f.write(pack("<I", 1))
    97. 

  97. 

  98.                 print("Removing EFFS presence flag...")
    99. 

  99.                 f.seek(0x24, 0)
    100. 

  100.                 flags = unpack("<I", f.read(4))[0]
    101. 

  101.                 flags &= ~(0x00000001)
    102. 

  102.                 f.seek(0x24, 0)
    103. 

  103.                 f.write(pack("<I", flags))
    104. 

  104. 

  105.                 print("Reading FTPR modules list...")
    106. 

  106.                 f.seek(ftpr_offset + 0x1c, 0)
    107. 

  107.                 if f.read(4) == b"$MN2":
    108. 

  108.                     f.seek(ftpr_offset + 0x20, 0)
    109. 

  109.                     num_modules = unpack("<I", f.read(4))[0]
    110. 

  110.                     f.seek(ftpr_offset + 0x290, 0)
    111. 

  111.                     mod_headers = [f.read(0x60) for i in range(0, num_modules)]
    112. 

  112.                     
    113. 

  113.                     if any(mod_h.startswith(b"$MME") for mod_h in mod_headers):
    114. 

  114.                         f.seek(ftpr_offset + 0x18, 0)
    115. 

  115.                         size = unpack("<I", f.read(4))[0]
    116. 

  116.                         llut_start = ftpr_offset + (size * 4 + 0x3f) & ~0x3f
    117. 

  117. 

  118.                         f.seek(llut_start + 0x10, 0)
    119. 

  119.                         huff_start, huff_size = unpack("<II", f.read(8))
    120. 

  120.                         lzma_start = huff_start + huff_size - ftpr_offset
    121. 

  121. 

  122.                         f.seek(llut_start, 0)
    123. 

  123.                         if f.read(4) == b"LLUT":
    124. 

  124.                             for mod_header in mod_headers:
    125. 

  125.                                 remove_module(f, mod_header, ftpr_offset,
    126. 

  126.                                               lzma_start, ftpr_lenght)
    127. 

  127. 

  128.                         else:
    129. 

  129.                             print("Can't find the LLUT region in the FTPR "
    130. 

  130.                                   "partition")
    131. 

  131.                     else:
    132. 

  132.                         print("Can't find the $MN2 modules in the FTPR "
    133. 

  133.                               "partition")
    134. 

  134.                 else:
    135. 

  135.                     print("Wrong FTPR partition tag ({})")
    136. 

  136. 

  137.                 print("Correcting checksum...")
    138. 

  138.                 # The checksum is just the two's complement of the sum of the
    139. 

  139.                 # first 0x30 bytes (except for 0x1b, the checksum itself). In
    140. 

  140.                 # other words, the sum of the first 0x30 bytes must be always
    141. 

  141.                 # 0x00.
    142. 

  142.                 f.seek(0x00, 0)
    143. 

  143.                 checksum_bytes = f.read(0x30)
    144. 

  144.                 f.seek(0x1b, 0)
    145. 

  145.                 f.write(pack("B", (0x100 -
    146. 

  146.                              (sum(checksum_bytes) - checksum_bytes[0x1b]) &
    147. 

  147.                              0xff) & 0xff))
    148. 

  148. 

  149.                 print("Done! Good luck!")
    150. 

  150. 

  151.             else:
    152. 

  152.                 print("FTPR header not found, this image doesn't seem to be "
    153. 

  153.                       "valid")
    154. 

  154. 

  155.         else:
    156. 

  156.             print("{} is not a valid Intel ME image (FPT not found)"
    157. 

  157.                   .format(sys.argv[1]))
    158. 

  158.