-
Notifications
You must be signed in to change notification settings - Fork 245
/
dfu_suffix.py
88 lines (66 loc) · 2.17 KB
/
dfu_suffix.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
#
# Copyright 2011 Dominic Spill
# Copyright 2010 TheSeven
#
# This file was forked form Project Ubertooth.
#
from struct import pack, unpack
crc_table = []
# From freemyipod.org
for i in range(256):
t = i
for j in range(8):
if t & 1:
t = (t >> 1) ^ 0xedb88320
else:
t >>= 1
crc_table.append(t)
def crc32(data):
crc = 0xffffffff
for byte in data:
crc = (crc >> 8) ^ crc_table[(crc ^ ord(byte)) & 0xff]
return crc
def check_suffix(firmware):
"""Check the dfu suffix"""
print('Checking firmware signature')
data = firmware[:-4]
length = ord(firmware[-5])
suffix = firmware[-length:]
# Will always have these fields
dwCRC = unpack('<L', suffix[12:])[0]
bLength = unpack('<B', suffix[11])[0]
ucDfuSig = unpack('<3s', suffix[8:11])[0]
bcdDFU = unpack('<H', suffix[6:8])[0]
# bcdDFU, ucDfuSig, bLength, dwCRC = unpack('<H3sBL', suffix[6:])
if bLength != 16:
raise Exception("Unknown DFU suffix length: %s" % type(bLength))
# We only know about dfu version 1.0/1.1
# This needs to be smarter to support other versions if/when they exist
if bcdDFU != 0x0100:
raise Exception("Unknown DFU version: %d" % bcdDFU)
# Suffix bytes are reversed
if ucDfuSig != 'UFD':
raise Exception("DFU Signature mismatch: not a DFU file")
crc = crc32(data)
if crc != dwCRC:
raise Exception("CRC mismatch: calculated: 0x%x, found: 0x%x" % (crc, dwCRC))
# Extract additional fields now that we know the suffix contains them
idVendor = unpack('<H', suffix[4:6])[0]
idProduct = unpack('<H', suffix[2:4])[0]
# Version information that we can't verify
bcdDevice = unpack('<H', suffix[0:2])[0]
return length, idVendor, idProduct
def add_suffix(firmware, vendor, product):
bcdDevice = 0
idProduct = product
idVendor = vendor
bcdDFU = 0x0100
ucDfuSig = 'UFD'
bLength = 16
suffix = pack('<4H3sB', bcdDevice, idProduct, idVendor, bcdDFU, ucDfuSig, bLength)
firmware += suffix
crc = crc32(firmware)
firmware += pack('<I', crc)
return firmware