2 * firmware cutter for broadcom 43xx wireless driver files
4 * Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>,
5 * 2005-2007 Michael Buesch <mb@bu3sch.de>
6 * 2005 Alex Beregszaszi
7 * 2007 Johannes Berg <johannes@sipsolutions.net>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer in the documentation and/or other materials provided
18 * with the distribution.
20 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
21 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
26 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
28 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
29 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
30 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/types.h>
41 #if defined(__DragonFly__) || defined(__FreeBSD__)
42 #include <sys/endian.h>
49 #include "fwcutter_list.h"
51 #if defined(__DragonFly__) || defined(__FreeBSD__)
52 #define V3_FW_DIRNAME "v3"
53 #define V4_FW_DIRNAME "v4"
55 #define V3_FW_DIRNAME "b43legacy"
56 #define V4_FW_DIRNAME "b43"
59 static struct cmdline_args cmdargs;
62 /* check whether file will be listed/extracted from */
63 static int file_ok(const struct file *f)
65 return !(f->flags & FW_FLAG_UNSUPPORTED) || cmdargs.unsupported;
68 /* Convert a Big-Endian 16bit integer to CPU-endian */
69 static uint16_t from_be16(be16_t v)
73 ret |= (uint16_t)(((uint8_t *)&v)[0]) << 8;
74 ret |= (uint16_t)(((uint8_t *)&v)[1]);
79 /* Convert a CPU-endian 16bit integer to Big-Endian */
80 static be16_t to_be16(uint16_t v)
82 return (be16_t)from_be16((be16_t)v);
85 /* Convert a Big-Endian 32bit integer to CPU-endian */
86 static uint32_t from_be32(be32_t v)
90 ret |= (uint32_t)(((uint8_t *)&v)[0]) << 24;
91 ret |= (uint32_t)(((uint8_t *)&v)[1]) << 16;
92 ret |= (uint32_t)(((uint8_t *)&v)[2]) << 8;
93 ret |= (uint32_t)(((uint8_t *)&v)[3]);
98 /* Convert a CPU-endian 32bit integer to Big-Endian */
99 static be32_t to_be32(uint32_t v)
101 return (be32_t)from_be32((be32_t)v);
104 /* tiny disassembler */
105 static void print_ucode_version(struct insn *insn)
110 * The instruction we're looking for is a store to memory
111 * offset insn->op3 of the constant formed like `val' below.
112 * 0x2de00 is the opcode for type 1, 0x378 is the opcode
115 if (insn->opcode != 0x378 && insn->opcode != 0x2de00)
118 val = ((0xFF & insn->op1) << 8) | (0xFF & insn->op2);
121 * Memory offsets are word-offsets, for the meaning
122 * see http://bcm-v4.sipsolutions.net/802.11/ObjectMemory
126 printf(" ucode version: %d\n", val);
129 printf(" ucode revision: %d\n", val);
132 printf(" ucode date: %.4d-%.2d-%.2d\n",
133 2000 + (val >> 12), (val >> 8) & 0xF, val & 0xFF);
136 printf(" ucode time: %.2d:%.2d:%.2d\n",
137 val >> 11, (val >> 5) & 0x3f, val & 0x1f);
142 static void disasm_ucode_1(uint64_t in, struct insn *out)
144 /* xxyyyzzz00oooooX -> ooooo Xxx yyy zzz
145 * if we swap the upper and lower 32-bits first it becomes easier:
146 * 00oooooxxxyyyzzz -> ooooo xxx yyy zzz
148 in = (in >> 32) | (in << 32);
150 out->op3 = in & 0xFFF;
151 out->op2 = (in >> 12) & 0xFFF;
152 out->op1 = (in >> 24) & 0xFFF;
153 out->opcode = (in >> 36) & 0xFFFFF;
154 /* the rest of the in word should be zero */
157 static void disasm_ucode_2(uint64_t in, struct insn *out)
159 /* xxyyyzzz0000oooX -> ooo Xxx yyy zzz
160 * if we swap the upper and lower 32-bits first it becomes easier:
161 * 0000oooxxxyyyzzz -> ooo xxx yyy zzz
163 in = (in >> 32) | (in << 32);
165 out->op3 = in & 0xFFF;
166 out->op2 = (in >> 12) & 0xFFF;
167 out->op1 = (in >> 24) & 0xFFF;
168 out->opcode = (in >> 36) & 0xFFF;
169 /* the rest of the in word should be zero */
172 static void disasm_ucode_3(uint64_t in, struct insn *out)
175 * like 2, but each operand has one bit more; appears
176 * to use the same instruction set slightly extended
178 in = (in >> 32) | (in << 32);
180 out->op3 = in & 0x1FFF;
181 out->op2 = (in >> 13) & 0x1FFF;
182 out->op1 = (in >> 26) & 0x1FFF;
183 out->opcode = (in >> 39) & 0xFFF;
184 /* the rest of the in word should be zero */
187 static void analyse_ucode(int ucode_rev, uint8_t *data, uint32_t len)
189 uint64_t *insns = (uint64_t*)data;
193 for (i=0; i<len/sizeof(*insns); i++) {
196 disasm_ucode_1(insns[i], &insn);
197 print_ucode_version(&insn);
200 disasm_ucode_2(insns[i], &insn);
201 print_ucode_version(&insn);
204 disasm_ucode_3(insns[i], &insn);
205 print_ucode_version(&insn);
211 static void swap_endianness_ucode(uint8_t *buf, uint32_t len)
213 uint32_t *buf32 = (uint32_t*)buf;
216 for (i=0; i<len/4; i++)
217 buf32[i] = bswap_32(buf32[i]);
220 #define swap_endianness_pcm swap_endianness_ucode
222 static void swap_endianness_iv(struct iv *iv)
224 iv->reg = bswap_16(iv->reg);
225 iv->size = bswap_16(iv->size);
226 iv->val = bswap_32(iv->val);
229 static void build_ivs(struct b43_iv **_out, size_t *_out_size,
230 struct iv *in, size_t in_size,
231 struct fw_header *hdr,
239 if (sizeof(struct b43_iv) != 6) {
240 printf("sizeof(struct b43_iv) != 6\n");
244 out = malloc(in_size);
246 perror("failed to allocate buffer");
250 for (i = 0; i < in_size / sizeof(*iv); i++, in++) {
251 if (flags & FW_FLAG_LE)
252 swap_endianness_iv(in);
253 /* input-IV is BigEndian */
254 if (in->reg & to_be16(~FW_IV_OFFSET_MASK)) {
255 printf("Input file IV offset > 0x%X\n", FW_IV_OFFSET_MASK);
258 out->offset_size = in->reg;
259 if (in->size == to_be16(4)) {
260 out->offset_size |= to_be16(FW_IV_32BIT);
261 out->data.d32 = in->val;
263 out_size += sizeof(be16_t) + sizeof(be32_t);
264 out = (struct b43_iv *)((uint8_t *)out + sizeof(be16_t) + sizeof(be32_t));
265 } else if (in->size == to_be16(2)) {
266 if (in->val & to_be32(~0xFFFF)) {
267 printf("Input file 16bit IV value overflow\n");
270 out->data.d16 = to_be16(from_be32(in->val));
272 out_size += sizeof(be16_t) + sizeof(be16_t);
273 out = (struct b43_iv *)((uint8_t *)out + sizeof(be16_t) + sizeof(be16_t));
275 printf("Input file IV size != 2|4\n");
279 hdr->size = to_be32(i);
280 *_out_size = out_size;
283 static void write_file(const char *name, uint8_t *buf, uint32_t len,
284 const struct fw_header *hdr, uint32_t flags)
291 if (flags & FW_FLAG_V4)
296 r = snprintf(nbuf, sizeof(nbuf),
297 "%s/%s", cmdargs.target_dir, dir);
298 if (r >= sizeof(nbuf)) {
299 fprintf(stderr, "name too long");
303 r = mkdir(nbuf, 0770);
304 if (r && errno != EEXIST) {
305 perror("failed to create output directory");
309 r = snprintf(nbuf, sizeof(nbuf),
310 "%s/%s/%s.fw", cmdargs.target_dir, dir, name);
311 if (r >= sizeof(nbuf)) {
312 fprintf(stderr, "name too long");
315 f = fopen(nbuf, "w");
317 perror("failed to open file");
320 if (fwrite(hdr, sizeof(*hdr), 1, f) != 1) {
321 perror("failed to write file");
324 if (fwrite(buf, 1, len, f) != len) {
325 perror("failed to write file");
331 static void extract_or_identify(FILE *f, const struct extract *extract,
337 struct fw_header hdr;
339 memset(&hdr, 0, sizeof(hdr));
340 hdr.ver = FW_HDR_VER;
342 if (fseek(f, extract->offset, SEEK_SET)) {
343 perror("failed to seek on file");
347 buf = malloc(extract->length);
349 perror("failed to allocate buffer");
352 if (fread(buf, 1, extract->length, f) != extract->length) {
353 perror("failed to read complete data");
357 switch (extract->type) {
364 data_length = extract->length;
365 if (flags & FW_FLAG_LE)
366 swap_endianness_ucode(buf, data_length);
367 analyse_ucode(ucode_rev, buf, data_length);
368 hdr.type = FW_TYPE_UCODE;
369 hdr.size = to_be32(data_length);
372 data_length = extract->length;
373 if (flags & FW_FLAG_LE)
374 swap_endianness_pcm(buf, data_length);
375 hdr.type = FW_TYPE_PCM;
376 hdr.size = to_be32(data_length);
381 hdr.type = FW_TYPE_IV;
382 build_ivs(&ivs, &data_length,
383 (struct iv *)buf, extract->length,
386 buf = (uint8_t *)ivs;
393 if (cmdargs.mode == FWCM_EXTRACT)
394 write_file(extract->name, buf, data_length, &hdr, flags);
399 static void print_banner(void)
401 printf("b43-fwcutter version " FWCUTTER_VERSION "\n");
404 static void print_file(const struct file *file)
409 if (file->flags & FW_FLAG_V4)
410 printf(V4_FW_DIRNAME "\t\t");
412 printf(V3_FW_DIRNAME "\t");
414 if (strlen(file->name) > 20) {
415 strncpy(shortname, file->name, 20);
416 shortname[20] = '\0';
417 snprintf(filename, sizeof(filename), "%s..", shortname);
419 strcpy (filename, file->name);
421 printf("%s\t", filename);
422 if (strlen(filename) < 8) printf("\t");
423 if (strlen(filename) < 16) printf("\t");
425 printf("%s\t", file->ucode_version);
426 if (strlen(file->ucode_version) < 8) printf("\t");
428 printf("%s\t", file->id);
430 printf("%s\n", file->md5);
433 static void print_supported_files(void)
438 printf("\nExtracting firmware is possible "
439 "from these binary driver files.\n"
440 "The <ID> column shows the unique identifier string "
441 "for your firmware.\nYou must select the firmware with the "
442 "same ID as printed by the kernel driver on modprobe.\n"
443 "Note that only recent drivers print such a message on modprobe.\n"
444 "Please read http://linuxwireless.org/en/users/Drivers/b43#devicefirmware\n\n");
449 "<MD5 checksum>\n\n");
450 /* print for legacy driver first */
451 for (i = 0; i < ARRAY_SIZE(files); i++)
452 if (file_ok(&files[i]) && !(files[i].flags & FW_FLAG_V4))
453 print_file(&files[i]);
454 for (i = 0; i < ARRAY_SIZE(files); i++)
455 if (file_ok(&files[i]) && files[i].flags & FW_FLAG_V4)
456 print_file(&files[i]);
460 static const struct file *find_file(FILE *fd)
462 unsigned char buffer[16384], signature[16];
463 struct MD5Context md5c;
468 while ((i = (int) fread(buffer, 1, sizeof(buffer), fd)) > 0)
469 MD5Update(&md5c, buffer, (unsigned) i);
470 MD5Final(signature, &md5c);
472 snprintf(md5sig, sizeof(md5sig),
473 "%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x"
474 "%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x",
475 signature[0], signature[1], signature[2], signature[3],
476 signature[4], signature[5], signature[6], signature[7],
477 signature[8], signature[9], signature[10], signature[11],
478 signature[12], signature[13], signature[14], signature[15]);
480 for (i = 0; i < ARRAY_SIZE(files); i++) {
481 if (file_ok(&files[i]) &&
482 strcasecmp(md5sig, files[i].md5) == 0) {
483 printf("This file is recognised as:\n");
484 printf(" ID : %s\n", files[i].id);
485 printf(" filename : %s\n", files[i].name);
486 printf(" version : %s\n", files[i].ucode_version);
487 printf(" MD5 : %s\n", files[i].md5);
491 printf("Sorry, the input file is either wrong or "
492 "not supported by b43-fwcutter.\n");
493 printf("This file has an unknown MD5sum %s.\n", md5sig);
498 static void print_usage(int argc, char *argv[])
501 printf("\nA tool to extract firmware for a Broadcom 43xx device\n");
502 printf("from a proprietary Broadcom 43xx device driver file.\n");
503 printf("\nUsage: %s [OPTION] [proprietary-driver-file]\n", argv[0]);
504 printf(" --unsupported "
505 "Allow working on extractable but unsupported drivers\n");
507 "List supported driver versions\n");
508 printf(" -i|--identify "
509 "Only identify the driver file (don't extract)\n");
510 printf(" -w|--target-dir DIR "
511 "Extract and write firmware to DIR\n");
512 printf(" -v|--version "
513 "Print b43-fwcutter version\n");
515 "Print this help\n");
516 printf("\nExample: %s -w /lib/firmware wl_apsta.o\n"
517 " to extract the firmware blobs from wl_apsta.o and store\n"
518 " the resulting firmware in /lib/firmware\n",
522 static int do_cmp_arg(char **argv, int *pos,
523 const char *template,
529 size_t arg_len, template_len;
532 next_arg = argv[*pos + 1];
533 arg_len = strlen(arg);
534 template_len = strlen(template);
537 /* Maybe we have a merged parameter here.
538 * A merged parameter is "-pfoobar" for example.
540 if (allow_merged && arg_len > template_len) {
541 if (memcmp(arg, template, template_len) == 0) {
542 *param = arg + template_len;
546 } else if (arg_len != template_len)
550 if (strcmp(arg, template) == 0) {
552 /* Skip the parameter on the next iteration. */
555 printf("%s needs a parameter\n", arg);
565 /* Simple and lean command line argument parsing. */
566 static int cmp_arg(char **argv, int *pos,
567 const char *long_template,
568 const char *short_template,
574 err = do_cmp_arg(argv, pos, long_template, 0, param);
575 if (err == ARG_MATCH || err == ARG_ERROR)
580 err = do_cmp_arg(argv, pos, short_template, 1, param);
584 static int parse_args(int argc, char *argv[])
591 for (i = 1; i < argc; i++) {
592 res = cmp_arg(argv, &i, "--list", "-l", NULL);
593 if (res == ARG_MATCH) {
594 cmdargs.mode = FWCM_LIST;
596 } else if (res == ARG_ERROR)
599 res = cmp_arg(argv, &i, "--version", "-v", NULL);
600 if (res == ARG_MATCH) {
603 } else if (res == ARG_ERROR)
606 res = cmp_arg(argv, &i, "--help", "-h", NULL);
607 if (res == ARG_MATCH)
609 else if (res == ARG_ERROR)
612 res = cmp_arg(argv, &i, "--identify", "-i", NULL);
613 if (res == ARG_MATCH) {
614 cmdargs.mode = FWCM_IDENTIFY;
616 } else if (res == ARG_ERROR)
619 res = cmp_arg(argv, &i, "--unsupported", NULL, NULL);
620 if (res == ARG_MATCH) {
621 cmdargs.unsupported = 1;
623 } else if (res == ARG_ERROR)
626 res = cmp_arg(argv, &i, "--target-dir", "-w", ¶m);
627 if (res == ARG_MATCH) {
628 cmdargs.target_dir = param;
630 } else if (res == ARG_ERROR)
633 cmdargs.infile = argv[i];
637 if (!cmdargs.infile && cmdargs.mode != FWCM_LIST)
642 print_usage(argc, argv);
647 int main(int argc, char *argv[])
650 const struct file *file;
651 const struct extract *extract;
655 cmdargs.target_dir = ".";
656 err = parse_args(argc, argv);
662 if (cmdargs.mode == FWCM_LIST) {
663 print_supported_files();
667 fd = fopen(cmdargs.infile, "rb");
669 fprintf(stderr, "Cannot open input file %s\n", cmdargs.infile);
674 file = find_file(fd);
678 if (file->flags & FW_FLAG_V4)
683 extract = file->extract;
684 while (extract->name) {
685 printf("%s %s/%s.fw\n",
686 cmdargs.mode == FWCM_IDENTIFY ? "Contains" : "Extracting",
688 extract_or_identify(fd, extract, file->flags);
projects / b43-tools.git / blob