mkhilinkfw.c 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323
  1. /*
  2. * Copyright (C) 2013 Jeff Kent <jeff@jkent.net>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License version 2 as
  6. * published by the Free Software Foundation.
  7. *
  8. * This program is distributed in the hope that it will be useful,
  9. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. * GNU General Public License for more details.
  12. *
  13. * You should have received a copy of the GNU General Public License
  14. * along with this program; if not, write to the Free Software
  15. * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  16. *
  17. * This tool encrypts and decrypts uImage formatted firmware for Hilink
  18. * HLK-RM04 wireless modules. It will also truncate a dump of mtd6 and make
  19. * it an image suitable for flashing via the stock firmware upgrade page.
  20. *
  21. * Build instructions:
  22. * gcc -lcrypto hlkcrypt.c -o hlkcrypt
  23. */
  24. #include <arpa/inet.h>
  25. #include <errno.h>
  26. #include <fcntl.h>
  27. #include <getopt.h>
  28. #include <openssl/des.h>
  29. #include <stdint.h>
  30. #include <stdio.h>
  31. #include <stdlib.h>
  32. #include <string.h>
  33. #include <sys/mman.h>
  34. #include <sys/types.h>
  35. #include <sys/stat.h>
  36. #include <unistd.h>
  37. #define DES_KEY "H@L9K*(3"
  38. #ifndef min
  39. #define min(a,b) \
  40. ({ __typeof__ (a) _a = (a); \
  41. __typeof__ (b) _b = (b); \
  42. _a < _b ? _a : _b; })
  43. #endif
  44. #define IH_MAGIC 0x27051956
  45. #define IH_NMLEN 32
  46. typedef struct image_header {
  47. uint32_t ih_magic; /* Image Header Magic Number */
  48. uint32_t ih_hcrc; /* Image Header CRC Checksum */
  49. uint32_t ih_time; /* Image Creation Timestamp */
  50. uint32_t ih_size; /* Image Data Size */
  51. uint32_t ih_load; /* Data Load Address */
  52. uint32_t ih_ep; /* Entry Point Address */
  53. uint32_t ih_dcrc; /* Image Data CRC Checksum */
  54. uint8_t ih_os; /* Operating System */
  55. uint8_t ih_arch; /* CPU architecture */
  56. uint8_t ih_type; /* Image Type */
  57. uint8_t ih_comp; /* Compression Type */
  58. uint8_t ih_name[IH_NMLEN]; /* Image Name */
  59. } image_header_t;
  60. static int temp_fd = -1;
  61. static DES_key_schedule schedule;
  62. static void show_usage(const char *arg0);
  63. static void exit_cleanup(void);
  64. static void copy_file(int src, int dst);
  65. static void do_encrypt(void *p, off_t len);
  66. static void do_decrypt(void *p, off_t len);
  67. int main(int argc, char **argv)
  68. {
  69. int encrypt_opt = 0;
  70. int decrypt_opt = 0;
  71. int input_opt = 0;
  72. int output_opt = 0;
  73. char *input_filename = NULL;
  74. char *output_filename = NULL;
  75. int input_fd;
  76. int output_fd;
  77. off_t file_len;
  78. char *p;
  79. char buf[sizeof(image_header_t) + 3];
  80. image_header_t *header;
  81. while (1) {
  82. static struct option long_options[] = {
  83. {"encrypt", no_argument, 0, 'e'},
  84. {"decrypt", no_argument, 0, 'd'},
  85. {"input", required_argument, 0, 'i'},
  86. {"output", required_argument, 0, 'o'},
  87. {0, 0, 0, 0 }
  88. };
  89. int option_index = 0;
  90. int c = getopt_long(argc, argv, "dei:o:",
  91. long_options, &option_index);
  92. if (c == -1)
  93. break;
  94. switch (c) {
  95. case 'd':
  96. decrypt_opt++;
  97. if (decrypt_opt > 1) {
  98. fprintf(stderr, "%s: decrypt may only be specified once\n",
  99. argv[0]);
  100. show_usage(argv[0]);
  101. }
  102. break;
  103. case 'e':
  104. encrypt_opt++;
  105. if (encrypt_opt > 1) {
  106. fprintf(stderr, "%s: encrypt may only be specified once\n",
  107. argv[0]);
  108. show_usage(argv[0]);
  109. }
  110. break;
  111. case 'i':
  112. input_opt++;
  113. if (input_opt > 1) {
  114. fprintf(stderr, "%s: only one input file may be specified\n",
  115. argv[0]);
  116. show_usage(argv[0]);
  117. }
  118. if (strcmp("-", optarg) != 0) {
  119. input_filename = optarg;
  120. }
  121. break;
  122. case 'o':
  123. output_opt++;
  124. if (output_opt > 1) {
  125. fprintf(stderr, "%s: only one output file may be specified\n",
  126. argv[0]);
  127. show_usage(argv[0]);
  128. }
  129. if (strcmp("-", optarg) != 0) {
  130. output_filename = optarg;
  131. }
  132. break;
  133. case '?':
  134. exit(-1);
  135. default:
  136. abort();
  137. }
  138. }
  139. if (decrypt_opt && encrypt_opt) {
  140. fprintf(stderr, "%s: decrypt and encrypt may not be used together\n",
  141. argv[0]);
  142. show_usage(argv[0]);
  143. }
  144. if (!decrypt_opt && !encrypt_opt) {
  145. fprintf(stderr, "%s: neither decrypt or encrypt were specified\n",
  146. argv[0]);
  147. show_usage(argv[0]);
  148. }
  149. temp_fd = fileno(tmpfile());
  150. if (temp_fd < 0) {
  151. fprintf(stderr, "Can't create temporary file\n");
  152. exit(EXIT_FAILURE);
  153. }
  154. atexit(exit_cleanup);
  155. DES_set_key_unchecked((const_DES_cblock *)DES_KEY, &schedule);
  156. if (input_filename) {
  157. input_fd = open(input_filename, O_RDONLY);
  158. if (input_fd < 0) {
  159. fprintf(stderr, "Can't open %s for reading: %s\n", input_filename,
  160. strerror(errno));
  161. exit(EXIT_FAILURE);
  162. }
  163. copy_file(input_fd, temp_fd);
  164. close(input_fd);
  165. }
  166. else {
  167. copy_file(STDIN_FILENO, temp_fd);
  168. }
  169. file_len = lseek(temp_fd, 0, SEEK_CUR);
  170. if (file_len < 64) {
  171. fprintf(stderr, "Not enough data\n");
  172. exit(EXIT_FAILURE);
  173. }
  174. p = mmap(0, file_len, PROT_READ|PROT_WRITE, MAP_SHARED, temp_fd, 0);
  175. if (p == MAP_FAILED) {
  176. fprintf(stderr, "mmap failed: %s\n", strerror(errno));
  177. exit(EXIT_FAILURE);
  178. }
  179. if (encrypt_opt) {
  180. header = (image_header_t *)p;
  181. off_t len = min(file_len,
  182. ntohl(header->ih_size) + sizeof(image_header_t));
  183. if (ntohl(header->ih_magic) != IH_MAGIC) {
  184. fprintf(stderr, "Header magic incorrect: "
  185. "expected 0x%08X, got 0x%08X\n",
  186. IH_MAGIC, ntohl(header->ih_magic));
  187. munmap(p, file_len);
  188. exit(EXIT_FAILURE);
  189. }
  190. do_encrypt(p, len);
  191. munmap(p, file_len);
  192. if (len != file_len) {
  193. if (ftruncate(temp_fd, len) < 0) {
  194. fprintf(stderr, "ftruncate failed: %s\n", strerror(errno));
  195. exit(EXIT_FAILURE);
  196. }
  197. }
  198. }
  199. if (decrypt_opt) {
  200. off_t header_len = min(file_len, sizeof(image_header_t) + 3);
  201. memcpy(buf, p, header_len);
  202. do_decrypt(buf, header_len);
  203. header = (image_header_t *)buf;
  204. if (ntohl(header->ih_magic) != IH_MAGIC) {
  205. fprintf(stderr, "Header magic incorrect: "
  206. "expected 0x%08X, got 0x%08X\n",
  207. IH_MAGIC, ntohl(header->ih_magic));
  208. exit(EXIT_FAILURE);
  209. }
  210. do_decrypt(p, file_len);
  211. munmap(p, file_len);
  212. }
  213. lseek(temp_fd, 0, SEEK_SET);
  214. if (output_filename) {
  215. output_fd = creat(output_filename, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
  216. if (output_fd < 0) {
  217. fprintf(stderr, "Can't open %s for writing: %s\n",
  218. output_filename, strerror(errno));
  219. exit(EXIT_FAILURE);
  220. }
  221. copy_file(temp_fd, output_fd);
  222. close(output_fd);
  223. }
  224. else {
  225. copy_file(temp_fd, STDOUT_FILENO);
  226. }
  227. exit(EXIT_SUCCESS);
  228. return 0;
  229. }
  230. static void show_usage(const char *arg0)
  231. {
  232. fprintf(stderr, "usage: %s -d|-e [-i FILE] [-o FILE]\n\n", arg0);
  233. fprintf(stderr, "%-15s %s\n", "-d, --decrypt", "decrypt data");
  234. fprintf(stderr, "%-15s %s\n", "-e, --encrypt", "encrypt data");
  235. fprintf(stderr, "%-15s %s\n", "-i, --input", "intput file (defaults to stdin)");
  236. fprintf(stderr, "%-15s %s\n", "-o, --output", "output file (defaults to stdout)");
  237. exit(-1);
  238. }
  239. static void exit_cleanup(void)
  240. {
  241. if (temp_fd >= 0) {
  242. close(temp_fd);
  243. }
  244. }
  245. static void copy_file(int src, int dst)
  246. {
  247. char buf[4096];
  248. ssize_t size;
  249. while ((size = read(src, buf, 4096)) > 0) {
  250. write(dst, buf, size);
  251. }
  252. }
  253. static void do_encrypt(void *p, off_t len)
  254. {
  255. DES_cblock *pblock;
  256. int num_blocks;
  257. num_blocks = len / 8;
  258. pblock = (DES_cblock *) p;
  259. while (num_blocks--) {
  260. DES_ecb_encrypt(pblock, pblock, &schedule, DES_ENCRYPT);
  261. pblock++;
  262. }
  263. num_blocks = (len - 3) / 8;
  264. pblock = (DES_cblock *) (p + 3);
  265. while (num_blocks--) {
  266. DES_ecb_encrypt(pblock, pblock, &schedule, DES_ENCRYPT);
  267. pblock++;
  268. }
  269. }
  270. static void do_decrypt(void *p, off_t len)
  271. {
  272. DES_cblock *pblock;
  273. int num_blocks;
  274. num_blocks = (len - 3) / 8;
  275. pblock = (DES_cblock *) (p + 3);
  276. while (num_blocks--) {
  277. DES_ecb_encrypt(pblock, pblock, &schedule, DES_DECRYPT);
  278. pblock++;
  279. }
  280. num_blocks = len / 8;
  281. pblock = (DES_cblock *) p;
  282. while (num_blocks--) {
  283. DES_ecb_encrypt(pblock, pblock, &schedule, DES_DECRYPT);
  284. pblock++;
  285. }
  286. }