Skip to content

Commit

Permalink
Style fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@corna
corna committed Dec 16, 2016
1 parent b112641 commit ffe60d8
Showing 1 changed file with 56 additions and 51 deletions.
107 changes: 56 additions & 51 deletions me_cleaner.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,22 +35,22 @@ def remove_module(f, mod_header, ftpr_offset, lzma_start_rel, lzma_end_rel):
flags = unpack("<I", mod_header[0x50:0x54])[0]
comp_type = (flags >> 4) & 7

print(" {:<16}: ".format(name), end="")

if comp_type == 0x00 or comp_type == 0x02:
if start >= lzma_start_rel and start + size <= lzma_end_rel:
# Already removed
print(" {:<16}: removed (0x{:0X} - 0x{:0X})"
.format(name, ftpr_offset + start,
ftpr_offset + start + size))
print("removed ({:#x} - {:#x})".format(ftpr_offset + start,
ftpr_offset + start + size))
else:
print(" {:<16}: is outside the LZMA region (module 0x{:0X} - "
"0x{:0X}, LZMA 0x{:0X} - 0x{:0X}), skipping"
.format(name, start, start+size, lzma_start_rel,
print("outside the LZMA region (module {:#x} - {:#x}, "
"LZMA {:#x} - {:#x}), skipping"
.format(start, start+size, lzma_start_rel,
lzma_end_rel))
elif comp_type == 0x01:
print(" {:<16}: removal of Huffman modules is not supported yet, "
"skipping".format(name))
print("removal of Huffman modules is not supported yet, skipping")
else:
print(" {:<16}: unknown compression, skipping".format(name))
print("unknown compression, skipping")

if len(sys.argv) != 2 or sys.argv[1] == "-h" or sys.argv[1] == "--help":
print("Usage: \n"
Expand Down Expand Up @@ -85,24 +85,27 @@ def remove_module(f, mod_header, ftpr_offset, lzma_start_rel, lzma_end_rel):

if me_start >= me_end:
sys.exit("The ME region in this image has been disabled")

f.seek(me_start + 0x10)
if f.read(4) != b"$FPT":
sys.exit("The ME region is corrupted or missing")

print("The ME region goes from {:#x} to {:#x}"
.format(me_start, me_end))
else:
sys.exit("This image does not contains an ME firmware (NR = {})"
.format(nr))
else:
sys.exit("Unknown image")

print("Found FPT header at 0x{:0X}".format(me_start + 0x10))
print("Found FPT header at {:#x}".format(me_start + 0x10))

f.seek(me_start + 0x14)
entries = unpack("<I", f.read(4))[0]
print("Found {} partition(s)".format(entries))

f.seek(me_start + 0x14, 0)
header_len = unpack("<B", f.read(1))[0]
header_len = unpack("B", f.read(1))[0]
f.seek(me_start + 0x28, 0)
version = unpack("<HHHH", f.read(8))

Expand Down Expand Up @@ -130,9 +133,8 @@ def remove_module(f, mod_header, ftpr_offset, lzma_start_rel, lzma_end_rel):

ftpr_offset, ftpr_lenght = unpack("<II", ftpr_header[0x08:0x10])
ftpr_offset += me_start
print("Found FTPR header: FTPR partition spans from "
"0x{:02x} to 0x{:02x}".format(ftpr_offset,
ftpr_offset + ftpr_lenght))
print("Found FTPR header: FTPR partition spans from {:#x} to {:#x}"
.format(ftpr_offset, ftpr_offset + ftpr_lenght))
print("Removing extra partitions...")

fill_range(f, me_start + 0x30, ftpr_offset, b"\xff")
Expand All @@ -158,50 +160,53 @@ def remove_module(f, mod_header, ftpr_offset, lzma_start_rel, lzma_end_rel):
f.seek(ftpr_offset + 0x1c, 0)
tag = f.read(4)

if tag != b"$MN2":
if tag == b"$MN2":
f.seek(ftpr_offset + 0x20, 0)
num_modules = unpack("<I", f.read(4))[0]
f.seek(ftpr_offset + 0x290, 0)
mod_hs = [f.read(0x60) for i in range(0, num_modules)]

if any(mod_h.startswith(b"$MME") for mod_h in mod_hs):

f.seek(ftpr_offset + 0x18, 0)
size = unpack("<I", f.read(4))[0]
llut_start = ftpr_offset + (size * 4 + 0x3f) & ~0x3f

f.seek(llut_start + 0x10, 0)
huff_start, huff_size = unpack("<II", f.read(8))
huff_start += me_start
lzma_start = huff_start + huff_size

print("Wiping LZMA section ({:#x} - {:#x})"
.format(lzma_start, ftpr_offset + ftpr_lenght))
fill_range(f, lzma_start, ftpr_offset + ftpr_lenght,
b"\xff")

f.seek(llut_start, 0)
if f.read(4) == b"LLUT":
for mod_header in mod_hs:
remove_module(f, mod_header, ftpr_offset,
lzma_start - ftpr_offset, ftpr_lenght)
else:
print("Can't find the LLUT region in the FTPR "
"partition")
else:
print("Can't find the $MN2 modules in the FTPR partition")
else:
print("Wrong FTPR partition tag ({})".format(tag))

f.seek(ftpr_offset + 0x20, 0)
num_modules = unpack("<I", f.read(4))[0]
f.seek(ftpr_offset + 0x290, 0)
mod_hs = [f.read(0x60) for i in range(0, num_modules)]

if not any(mod_h.startswith(b"$MME") for mod_h in mod_hs):
sys.exit("Can't find the $MN2 modules in the FTPR "
"partition")

f.seek(ftpr_offset + 0x18, 0)
size = unpack("<I", f.read(4))[0]
llut_start = ftpr_offset + (size * 4 + 0x3f) & ~0x3f

f.seek(llut_start + 0x10, 0)
huff_start, huff_size = unpack("<II", f.read(8))
huff_start += me_start
lzma_start = huff_start + huff_size

print("Wiping LZMA section (0x{:0X} - 0x{:0X})"
.format(lzma_start, ftpr_offset + ftpr_lenght))
fill_range(f, lzma_start, ftpr_offset + ftpr_lenght, b"\xff")

f.seek(llut_start, 0)
if f.read(4) != b"LLUT":
sys.exit("Can't find the LLUT region in the FTPR partition")

for mod_header in mod_hs:
remove_module(f, mod_header, ftpr_offset,
lzma_start - ftpr_offset, ftpr_lenght)
else:
print("Modules removal in ME v11 or greater is not yet supported")

print("Correcting checksum...")
f.seek(me_start, 0)
header = f.read(0x30)
checksum = (0x100 - (sum(header) - header[0x1b]) & 0xff) & 0xff

print("Correcting checksum ({:#x})...".format(checksum))
# The checksum is just the two's complement of the sum of the first
# 0x30 bytes (except for 0x1b, the checksum itself). In other words,
# the sum of the first 0x30 bytes must be always 0x00.
f.seek(me_start, 0)
checksum_bytes = f.read(0x30)
f.seek(me_start + 0x1b, 0)
f.write(pack("B", (0x100 - (sum(checksum_bytes) - checksum_bytes[0x1b])
& 0xff) & 0xff))
f.write(pack("B", checksum))

print("Done! Good luck!")

0 comments on commit ffe60d8

Please # to comment.