Update firmware dumper

2025-06-18 14:25:38 -04:00 · 2018-08-14 18:12:21 +03:00 · 2018-08-14 18:12:21 +03:00 · 828a672da5
commit 828a672da5
parent 67487e2cd6
1 changed files with 602 additions and 630 deletions
--- a/FirmwareDumper/main.c
+++ b/FirmwareDumper/main.c
@ -99,34 +99,29 @@ void low_ISR(void);

 #pragma code REMAPPED_RESET_VECTOR = REMAPPED_RESET_VECTOR_ADDRESS

-void _reset(void)
-{
+void _reset(void) {
    _asm goto _startup _endasm
 }

 #pragma code REMAPPED_HIGH_INTERRUPT_VECTOR = REMAPPED_HIGH_INTERRUPT_VECTOR_ADDRESS

-void Remapped_High_ISR(void)
-{
+void Remapped_High_ISR(void) {
    _asm goto high_ISR _endasm
 }
 #pragma code REMAPPED_LOW_INTERRUPT_VECTOR = REMAPPED_LOW_INTERRUPT_VECTOR_ADDRESS

-void Remapped_Low_ISR(void)
-{
+void Remapped_Low_ISR(void) {
    _asm goto low_ISR _endasm
 }

 #pragma code HIGH_INTERRUPT_VECTOR = 0x08

-void High_ISR(void)
-{
+void High_ISR(void) {
    _asm goto REMAPPED_HIGH_INTERRUPT_VECTOR_ADDRESS _endasm
 }
 #pragma code LOW_INTERRUPT_VECTOR = 0x18

-void Low_ISR(void)
-{
+void Low_ISR(void) {
    _asm goto REMAPPED_LOW_INTERRUPT_VECTOR_ADDRESS _endasm
 }
 #pragma code
@ -227,8 +222,7 @@ unsigned char info[80];

 #pragma interruptlow high_ISR

-void high_ISR(void)
-{
+void high_ISR(void) {
 #if defined(USB_INTERRUPT)
    // Perform USB device tasks
    USBDeviceTasks();
@ -237,12 +231,10 @@ void high_ISR(void)

 #pragma interruptlow low_ISR

-void low_ISR(void)
-{
+void low_ISR(void) {
 }

-void DeviceReset(void)
-{
+void DeviceReset(void) {
    UCONbits.USBEN = 0;
    Delay10KTCYx(255);
    Delay10KTCYx(255);
@ -251,8 +243,7 @@ void DeviceReset(void)

 // crc16 CCITT

-unsigned short crc16(unsigned char *data, unsigned short len)
-{
+unsigned short crc16(unsigned char *data, unsigned short len) {
    unsigned short crc = 0;
    while (len--)
        crc = ((crc >> 8) ^ crc16Table[(crc ^ *data++) & 0xFF]);
@ -261,48 +252,38 @@ unsigned short crc16(unsigned char *data, unsigned short len)

 //decrypt info array

-void decrypt_serial(unsigned char version)
-{
-	int i, index = 0x0A;
-	unsigned char o1, o2;
+void decrypt_serial(unsigned char version) {
+    int i;
+    unsigned char index;
    const far rom unsigned char* xorTableptr = (version == VERSION_A ? &A_Table[0] : &CS_Table[0]);
-	//first step, xoring each element from table with a random value from xortable. Starting index is 0x0A. Index is incremented modulo 256
+    //Step 1, xoring each element from table with a random value from xortable. Starting index is 0x0A. Index is incremented modulo 256
+    index = 0x0A;
    for (i = 0; i < sizeof (info); i++) {
        info[i] ^= xorTableptr[index++];
-		index &= 0xFF;
    }
-	/*next step, right shift whole array by 3 bits. Because anding with 0x1F, the last byte from info table must be always <0x20 in the encryption step, greater values will be trimmed at decryption step;
-	 this is why the crc16 must be 0x1FFF max., the last byte from info table is MSB of crc16.
-	 */
-	for (i = 0; i < sizeof(info) - 1; i++) {
-		o1 = (info[sizeof(info) - i - 1] >> 3) & 0x1F;
-		o2 = info[sizeof(info) - i - 2] << 5;
-		info[sizeof(info) - i - 1] = o1 | o2;
+    //Step 2 right rotate the whole array by 3 bits.
+    index = info[sizeof (info) - 1] << 5;
+    for (i = sizeof (info) - 1; i > 0; i--) {
+        info[i] = info[i] >> 3 & 0x1F | info[i - 1] << 5;
    }
-	info[0] >>= 3;
-	info[0] &= 0x1F;
-	//Last step, descrambling data; we put each element in the right position. At the end we have the decrypted serial and devcode ;)
+    info[0] = info[0] >> 3 & 0x1F | index;
+    //Step 3, descrambling data; we put each element in the right position. At the end we have the decrypted serial and devcode ;)
    for (i = 0; i < sizeof (info) / 2; i += 4) {
-		o1 = info[i];
+        index = info[i];
        info[i] = info[sizeof (info) - i - 1];
-		info[sizeof(info) - i - 1] = o1;
+        info[sizeof (info) - i - 1] = index;
    }
 }

 //encrypt the info array, ready to be inserted in TL866 firmware.

-void encrypt_serial(unsigned char version)
-{
-	int i, index = 0x0A;
-	unsigned char o1, o2;
+void encrypt_serial(unsigned char version) {
+    int i;
+    unsigned char index;
    unsigned short crc;
    const far rom unsigned char* xorTableptr = (version == VERSION_A ? A_Table : CS_Table);

-	/*  compute the right crc16. The last two bytes in the info table is the crc16 in little-endian order
-     *  and must be max. 0x1FFF otherwise the decryption will be wrong.
-     */
-	do {
-        //Fill the info array[32-77] with random values until the crc16 match the criteria crc<0x2000
+    //Fill the info array[32-77] with random values.
    for (i = 32; i < 78; i++) {
        info[i] = (unsigned char) rand() % 0x100;
    }
@ -310,39 +291,37 @@ void encrypt_serial(unsigned char version)
    for (i = 5; i < 34; i++)
        info[34] += info[i];
    crc = crc16(info, sizeof (info) - 2);
-	} while (crc > 0x1FFF);
-	info[sizeof(info) - 1] = crc >> 8 & 0x1F; //yes, 0x1F
+    info[sizeof (info) - 1] = crc >> 8;
    info[sizeof (info) - 2] = crc & 0xFF;

    /*Data scrambling. We swap the first byte with the last, the fourth from the beginning with the fourth from the end and so on.
     So we have the following 10 swaps:(0-79),(4-75),(8-71),(12-67),(16-63),(20-59),(24-55),(28-51),(32-47),(36-43).
     */
    for (i = 0; i < sizeof (info) / 2; i += 4) {
-		o1 = info[i];
+        index = info[i];
        info[i] = info[sizeof (info) - i - 1];
-		info[sizeof(info) - i - 1] = o1;
+        info[sizeof (info) - i - 1] = index;
        //printf("(%d-%d),",i,s-i-1);
    }
-	//Next step, left shift whole array by 3 bits .
+    /*
+     * Step 2, Left rotate the whole array by 3 bits.
+     */
+   index = info[0] >> 5;
    for (i = 0; i < sizeof (info) - 1; i++) {
-		o1 = (info[i] << 3) & 0xF8;
-		o2 = info[i + 1] >> 5;
-		info[i] = o2 | o1;
+        info[i] = info[i] << 3 & 0xF8 | info[i + 1] >> 5;
    }
-	info[sizeof(info) - 1] <<= 3;
-	info[sizeof(info) - 1] &= 0xF8;
+    info[sizeof (info) - 1] = info[sizeof (info) - 1] << 3 & 0xF8 | index;

    //Last step, xoring each info table value with a random number from xortable. The start index in this table is 0x0A. Index is incremented modulo 256
+    index = 0x0A;
    for (i = 0; i < sizeof (info); i++) {
        info[i] ^= xorTableptr[index++];
-		index &= 0xFF;
    }
 }

 //Erase flash page

-void FlashErase(unsigned long address)
-{
+void FlashErase(unsigned long address) {
    TBLPTR = address;
    EECON1 = 0b00010100;
    INTCONbits.GIE = 0;
@ -355,8 +334,7 @@ void FlashErase(unsigned long address)

 //Write a 64 byte block of data

-void WriteBlock(unsigned long address, unsigned char* buffer)
-{
+void WriteBlock(unsigned long address, unsigned char* buffer) {
    unsigned char i;
    TBLPTR = address;
    EECON1 = 0b00000100;
@ -375,8 +353,8 @@ void WriteBlock(unsigned long address, unsigned char* buffer)


 //Write 1Kbyte buffer to flash
-void WriteBuffer(unsigned long address)
-{
+
+void WriteBuffer(unsigned long address) {

    unsigned char i;
    unsigned char *buffer_ptr = &buffer[0];
@ -388,8 +366,8 @@ void WriteBuffer(unsigned long address)
 }

 //Rewrite bootloader
-void WriteBootloader(unsigned char version)
-{
+
+void WriteBootloader(unsigned char version) {
    unsigned char i;
    unsigned long addr = 0;
    WriteConfig(version);
@ -406,8 +384,8 @@ void WriteBootloader(unsigned char version)
 }

 //Rewrite config area
-void WriteConfig(unsigned char version)
-{
+
+void WriteConfig(unsigned char version) {
    unsigned char t;
    unsigned long addr = 0x1FC00;
    const far rom unsigned char* xorTableptr = (version == VERSION_A ? &A_Table[0] : &CS_Table[0]);
@ -423,8 +401,8 @@ void WriteConfig(unsigned char version)
 }

 //Rewrite Info
-void WriteInfo(unsigned char *info_ptr)
-{
+
+void WriteInfo(unsigned char *info_ptr) {
    unsigned char t;
    unsigned long addr = 0x1FC00;
    memcpypgm2ram(&t, (const far rom void*) DEVICE_TYPE_LOCATION, 1);
@ -437,8 +415,7 @@ void WriteInfo(unsigned char *info_ptr)
 }

 /* Test routine */
-void load_shiftregister(unsigned char value)
-{
+void load_shiftregister(unsigned char value) {
    unsigned char i;
    for (i = 0; i <= 7; i++) {
        SR_DAT = (value & 0x80) ? 1 : 0;
@ -450,8 +427,7 @@ void load_shiftregister(unsigned char value)
    }
 }

-void config_io()
-{
+void config_io() {
    OSCTUNEbits.PLLEN = 1; //Enable the PLL and wait 2+ms until the PLL locks before enabling USB module
    Delay10KTCYx(20);
    WDTCONbits.ADSHR = 1; // Select alternate SFR location to access ANCONx registers
@ -509,16 +485,14 @@ void config_io()
    LED_PIN = 0;
 }

-void ReadProgMem(void)
-{
+void ReadProgMem(void) {
    memcpypgm2ram(&txdatapacket[0], (const far rom void*) rxdatapacket.pAdr, rxdatapacket.len);
 }


 // Process USB commands

-void ProcessIo(void)
-{
+void ProcessIo(void) {

    static unsigned char count = 0;
    if (USBSuspendControl == 1) {
@ -856,8 +830,7 @@ void ProcessIo(void)

 // USB callback function handler

-BOOL USER_USB_CALLBACK_EVENT_HANDLER(int event, void *pdata, WORD size)
-{
+BOOL USER_USB_CALLBACK_EVENT_HANDLER(int event, void *pdata, WORD size) {
    switch (event) {
        case EVENT_CONFIGURED:
            //Enable the application endpoints
@ -870,8 +843,7 @@ BOOL USER_USB_CALLBACK_EVENT_HANDLER(int event, void *pdata, WORD size)
    return TRUE;
 }

-void main()
-{
+void main() {
    USBOutHandle = 0;
    USBInHandle = 0;
    led_cnt = 1;