2 * firmware cutter for broadcom 43xx wireless driver files
4 * Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>,
5 * 2005-2007 Michael Buesch <mb@bu3sch.de>
6 * 2005 Alex Beregszaszi
7 * 2007 Johannes Berg <johannes@sipsolutions.net>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer in the documentation and/or other materials provided
18 * with the distribution.
20 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
21 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
26 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
28 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
29 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
30 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/types.h>
42 #include <sys/endian.h>
49 #include "fwcutter_list.h"
52 #define V3_FW_DIRNAME "v3"
53 #define V4_FW_DIRNAME "v4"
55 #define V3_FW_DIRNAME "b43legacy"
56 #define V4_FW_DIRNAME "b43"
59 static struct cmdline_args cmdargs;
62 /* Convert a CPU-endian 16bit integer to Big-Endian */
63 static be16_t to_be16(uint16_t v)
67 ret[0] = (v & 0xFF00) >> 8;
68 ret[1] = (v & 0x00FF);
70 return *((be16_t *)ret);
74 /* Convert a Big-Endian 16bit integer to CPU-endian */
75 static uint16_t from_be16(be16_t v)
79 ret |= (uint16_t)(((uint8_t *)&v)[0]) << 8;
80 ret |= (uint16_t)(((uint8_t *)&v)[1]);
86 /* Convert a CPU-endian 32bit integer to Big-Endian */
87 static be32_t to_be32(uint32_t v)
91 ret[0] = (v & 0xFF000000) >> 24;
92 ret[1] = (v & 0x00FF0000) >> 16;
93 ret[2] = (v & 0x0000FF00) >> 8;
94 ret[3] = (v & 0x000000FF);
96 return *((be32_t *)ret);
99 /* Convert a Big-Endian 32bit integer to CPU-endian */
100 static uint32_t from_be32(be32_t v)
104 ret |= (uint32_t)(((uint8_t *)&v)[0]) << 24;
105 ret |= (uint32_t)(((uint8_t *)&v)[1]) << 16;
106 ret |= (uint32_t)(((uint8_t *)&v)[2]) << 8;
107 ret |= (uint32_t)(((uint8_t *)&v)[3]);
112 /* tiny disassembler */
113 static void print_ucode_version(struct insn *insn)
118 * The instruction we're looking for is a store to memory
119 * offset insn->op3 of the constant formed like `val' below.
120 * 0x2de00 is the opcode for type 1, 0x378 is the opcode
123 if (insn->opcode != 0x378 && insn->opcode != 0x2de00)
126 val = ((0xFF & insn->op1) << 8) | (0xFF & insn->op2);
129 * Memory offsets are word-offsets, for the meaning
130 * see http://bcm-v4.sipsolutions.net/802.11/ObjectMemory
134 printf(" ucode version: %d\n", val);
137 printf(" ucode revision: %d\n", val);
140 printf(" ucode date: %.4d-%.2d-%.2d\n",
141 2000 + (val >> 12), (val >> 8) & 0xF, val & 0xFF);
144 printf(" ucode time: %.2d:%.2d:%.2d\n",
145 val >> 11, (val >> 5) & 0x3f, val & 0x1f);
150 static void disasm_ucode_1(uint64_t in, struct insn *out)
152 /* xxyyyzzz00oooooX -> ooooo Xxx yyy zzz
153 * if we swap the upper and lower 32-bits first it becomes easier:
154 * 00oooooxxxyyyzzz -> ooooo xxx yyy zzz
156 in = (in >> 32) | (in << 32);
158 out->op3 = in & 0xFFF;
159 out->op2 = (in >> 12) & 0xFFF;
160 out->op1 = (in >> 24) & 0xFFF;
161 out->opcode = (in >> 36) & 0xFFFFF;
162 /* the rest of the in word should be zero */
165 static void disasm_ucode_2(uint64_t in, struct insn *out)
167 /* xxyyyzzz0000oooX -> ooo Xxx yyy zzz
168 * if we swap the upper and lower 32-bits first it becomes easier:
169 * 0000oooxxxyyyzzz -> ooo xxx yyy zzz
171 in = (in >> 32) | (in << 32);
173 out->op3 = in & 0xFFF;
174 out->op2 = (in >> 12) & 0xFFF;
175 out->op1 = (in >> 24) & 0xFFF;
176 out->opcode = (in >> 36) & 0xFFF;
177 /* the rest of the in word should be zero */
180 static void disasm_ucode_3(uint64_t in, struct insn *out)
183 * like 2, but each operand has one bit more; appears
184 * to use the same instruction set slightly extended
186 in = (in >> 32) | (in << 32);
188 out->op3 = in & 0x1FFF;
189 out->op2 = (in >> 13) & 0x1FFF;
190 out->op1 = (in >> 26) & 0x1FFF;
191 out->opcode = (in >> 39) & 0xFFF;
192 /* the rest of the in word should be zero */
195 static void analyse_ucode(int ucode_rev, uint8_t *data, uint32_t len)
197 uint64_t *insns = (uint64_t*)data;
201 for (i=0; i<len/sizeof(*insns); i++) {
204 disasm_ucode_1(insns[i], &insn);
205 print_ucode_version(&insn);
208 disasm_ucode_2(insns[i], &insn);
209 print_ucode_version(&insn);
212 disasm_ucode_3(insns[i], &insn);
213 print_ucode_version(&insn);
219 static void swap_endianness_ucode(uint8_t *buf, uint32_t len)
221 uint32_t *buf32 = (uint32_t*)buf;
224 for (i=0; i<len/4; i++)
225 buf32[i] = bswap_32(buf32[i]);
228 #define swap_endianness_pcm swap_endianness_ucode
230 static void swap_endianness_iv(struct iv *iv)
232 iv->reg = bswap_16(iv->reg);
233 iv->size = bswap_16(iv->size);
234 iv->val = bswap_32(iv->val);
237 static void build_ivs(struct b43_iv **_out, size_t *_out_size,
238 struct iv *in, size_t in_size,
239 struct fw_header *hdr,
247 if (sizeof(struct b43_iv) != 6) {
248 printf("sizeof(struct b43_iv) != 6\n");
252 out = malloc(in_size);
254 perror("failed to allocate buffer");
258 for (i = 0; i < in_size / sizeof(*iv); i++, in++) {
259 if (flags & FW_FLAG_LE)
260 swap_endianness_iv(in);
261 /* input-IV is BigEndian */
262 if (in->reg & to_be16(~FW_IV_OFFSET_MASK)) {
263 printf("Input file IV offset > 0x%X\n", FW_IV_OFFSET_MASK);
266 out->offset_size = in->reg;
267 if (in->size == to_be16(4)) {
268 out->offset_size |= to_be16(FW_IV_32BIT);
269 out->data.d32 = in->val;
271 out_size += sizeof(be16_t) + sizeof(be32_t);
272 out = (struct b43_iv *)((uint8_t *)out + sizeof(be16_t) + sizeof(be32_t));
273 } else if (in->size == to_be16(2)) {
274 if (in->val & to_be32(~0xFFFF)) {
275 printf("Input file 16bit IV value overflow\n");
278 out->data.d16 = to_be16(from_be32(in->val));
280 out_size += sizeof(be16_t) + sizeof(be16_t);
281 out = (struct b43_iv *)((uint8_t *)out + sizeof(be16_t) + sizeof(be16_t));
283 printf("Input file IV size != 2|4\n");
287 hdr->size = to_be32(i);
288 *_out_size = out_size;
291 static void write_file(const char *name, uint8_t *buf, uint32_t len,
292 const struct fw_header *hdr, uint32_t flags)
299 if (flags & FW_FLAG_V4)
304 r = snprintf(nbuf, sizeof(nbuf),
305 "%s/%s", cmdargs.target_dir, dir);
306 if (r >= sizeof(nbuf)) {
307 fprintf(stderr, "name too long");
311 r = mkdir(nbuf, 0770);
312 if (r && errno != EEXIST) {
313 perror("failed to create output directory");
317 r = snprintf(nbuf, sizeof(nbuf),
318 "%s/%s/%s.fw", cmdargs.target_dir, dir, name);
319 if (r >= sizeof(nbuf)) {
320 fprintf(stderr, "name too long");
323 f = fopen(nbuf, "w");
325 perror("failed to open file");
328 if (fwrite(hdr, sizeof(*hdr), 1, f) != 1) {
329 perror("failed to write file");
332 if (fwrite(buf, 1, len, f) != len) {
333 perror("failed to write file");
339 static void extract_or_identify(FILE *f, const struct extract *extract,
345 struct fw_header hdr;
347 memset(&hdr, 0, sizeof(hdr));
348 hdr.ver = FW_HDR_VER;
350 if (fseek(f, extract->offset, SEEK_SET)) {
351 perror("failed to seek on file");
355 buf = malloc(extract->length);
357 perror("failed to allocate buffer");
360 if (fread(buf, 1, extract->length, f) != extract->length) {
361 perror("failed to read complete data");
365 switch (extract->type) {
372 data_length = extract->length;
373 if (flags & FW_FLAG_LE)
374 swap_endianness_ucode(buf, data_length);
375 analyse_ucode(ucode_rev, buf, data_length);
376 hdr.type = FW_TYPE_UCODE;
377 hdr.size = to_be32(data_length);
380 data_length = extract->length;
381 if (flags & FW_FLAG_LE)
382 swap_endianness_pcm(buf, data_length);
383 hdr.type = FW_TYPE_PCM;
384 hdr.size = to_be32(data_length);
389 hdr.type = FW_TYPE_IV;
390 build_ivs(&ivs, &data_length,
391 (struct iv *)buf, extract->length,
394 buf = (uint8_t *)ivs;
401 if (!cmdargs.identify_only)
402 write_file(extract->name, buf, data_length, &hdr, flags);
407 static void print_banner(void)
409 printf("b43-fwcutter version " FWCUTTER_VERSION "\n");
412 static void print_file(const struct file *file)
417 if (file->flags & FW_FLAG_V4)
418 printf(V4_FW_DIRNAME "\t\t");
420 printf(V3_FW_DIRNAME "\t");
422 if (strlen(file->name) > 20) {
423 strncpy(shortname, file->name, 20);
424 shortname[20] = '\0';
425 snprintf(filename, sizeof(filename), "%s..", shortname);
427 strcpy (filename, file->name);
429 printf("%s\t", filename);
430 if (strlen(filename) < 8) printf("\t");
431 if (strlen(filename) < 16) printf("\t");
433 printf("%s\t", file->ucode_version);
434 if (strlen(file->ucode_version) < 8) printf("\t");
436 printf("%s\n", file->md5);
439 static void print_supported_files(void)
444 printf("\nExtracting firmware is possible "
445 "from these binary driver files:\n\n");
449 "<MD5 checksum>\n\n");
450 /* print for legacy driver first */
451 for (i = 0; i < FILES; i++)
452 if (!(files[i].flags & FW_FLAG_V4))
453 print_file(&files[i]);
454 for (i = 0; i < FILES; i++)
455 if (files[i].flags & FW_FLAG_V4)
456 print_file(&files[i]);
460 static const struct file *find_file(FILE *fd)
462 unsigned char buffer[16384], signature[16];
463 struct MD5Context md5c;
468 while ((i = (int) fread(buffer, 1, sizeof(buffer), fd)) > 0)
469 MD5Update(&md5c, buffer, (unsigned) i);
470 MD5Final(signature, &md5c);
472 snprintf(md5sig, sizeof(md5sig),
473 "%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x"
474 "%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x",
475 signature[0], signature[1], signature[2], signature[3],
476 signature[4], signature[5], signature[6], signature[7],
477 signature[8], signature[9], signature[10], signature[11],
478 signature[12], signature[13], signature[14], signature[15]);
480 for (i = 0; i < FILES; ++i) {
481 if (strcasecmp(md5sig, files[i].md5) == 0) {
482 printf("This file is recognised as:\n");
483 printf(" filename : %s\n", files[i].name);
484 printf(" version : %s\n", files[i].ucode_version);
485 printf(" MD5 : %s\n", files[i].md5);
489 printf("Sorry, the input file is either wrong or "
490 "not supported by b43-fwcutter.\n");
491 printf("This file has an unknown MD5sum %s.\n", md5sig);
496 static void print_usage(int argc, char *argv[])
499 printf("\nUsage: %s [OPTION] [driver.sys]\n", argv[0]);
501 "List supported driver versions\n");
502 printf(" -i|--identify "
503 "Only identify the driver file (don't extract)\n");
504 printf(" -w|--target-dir DIR "
505 "Extract and write firmware to DIR\n");
506 printf(" -v|--version "
507 "Print b43-fwcutter version\n");
509 "Print this help\n");
510 printf("\nExample: %s bcmwl5.sys\n"
511 " to extract the firmware blobs from bcmwl5.sys\n",
515 static int do_cmp_arg(char **argv, int *pos,
516 const char *template,
522 size_t arg_len, template_len;
525 next_arg = argv[*pos + 1];
526 arg_len = strlen(arg);
527 template_len = strlen(template);
530 /* Maybe we have a merged parameter here.
531 * A merged parameter is "-pfoobar" for example.
533 if (allow_merged && arg_len > template_len) {
534 if (memcmp(arg, template, template_len) == 0) {
535 *param = arg + template_len;
539 } else if (arg_len != template_len)
543 if (strcmp(arg, template) == 0) {
545 /* Skip the parameter on the next iteration. */
548 printf("%s needs a parameter\n", arg);
558 /* Simple and lean command line argument parsing. */
559 static int cmp_arg(char **argv, int *pos,
560 const char *long_template,
561 const char *short_template,
567 err = do_cmp_arg(argv, pos, long_template, 0, param);
568 if (err == ARG_MATCH || err == ARG_ERROR)
573 err = do_cmp_arg(argv, pos, short_template, 1, param);
577 static int parse_args(int argc, char *argv[])
584 for (i = 1; i < argc; i++) {
585 res = cmp_arg(argv, &i, "--list", "-l", 0);
586 if (res == ARG_MATCH) {
587 print_supported_files();
589 } else if (res == ARG_ERROR)
592 res = cmp_arg(argv, &i, "--version", "-v", 0);
593 if (res == ARG_MATCH) {
596 } else if (res == ARG_ERROR)
599 res = cmp_arg(argv, &i, "--help", "-h", 0);
600 if (res == ARG_MATCH)
602 else if (res == ARG_ERROR)
605 res = cmp_arg(argv, &i, "--identify", "-i", 0);
606 if (res == ARG_MATCH) {
607 cmdargs.identify_only = 1;
609 } else if (res == ARG_ERROR)
612 res = cmp_arg(argv, &i, "--target-dir", "-w", ¶m);
613 if (res == ARG_MATCH) {
614 cmdargs.target_dir = param;
616 } else if (res == ARG_ERROR)
619 cmdargs.infile = argv[i];
628 print_usage(argc, argv);
633 int main(int argc, char *argv[])
636 const struct file *file;
637 const struct extract *extract;
641 cmdargs.target_dir = ".";
642 err = parse_args(argc, argv);
648 fd = fopen(cmdargs.infile, "rb");
650 fprintf(stderr, "Cannot open input file %s\n", cmdargs.infile);
655 file = find_file(fd);
659 if (file->flags & FW_FLAG_V4)
664 extract = file->extract;
665 while (extract->name) {
666 printf("%s %s/%s.fw\n",
667 cmdargs.identify_only ? "Contains" : "Extracting",
669 extract_or_identify(fd, extract, file->flags);
projects / b43-tools.git / blob