From 2c769dc136ae68d4f0a5e8672ce34cf750727faa Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Mon, 4 Sep 2023 03:24:46 +0100 Subject: move me7_update_parser.py to util/ Signed-off-by: Leah Rowe --- config/blobs/me7_update_parser.py | 616 -------------------------------------- 1 file changed, 616 deletions(-) delete mode 100755 config/blobs/me7_update_parser.py (limited to 'config') diff --git a/config/blobs/me7_update_parser.py b/config/blobs/me7_update_parser.py deleted file mode 100755 index e3e91413..00000000 --- a/config/blobs/me7_update_parser.py +++ /dev/null @@ -1,616 +0,0 @@ -#!/usr/bin/env python3 - -"""ME7 Update binary parser.""" - -# Copyright (C) 2020 Tom Hiller -# Copyright (C) 2016-2018 Nicola Corna -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# - -# Based on the amazing me_cleaner, https://github.com/corna/me_cleaner, parses -# the required signed partition from an ME update file to generate a valid -# flashable ME binary. -# -# This was written for Heads ROM, https://github.com/osresearch/heads -# to allow continuous integration reproducible builds for Lenovo xx20 models -# (X220, T420, T520, etc). -# -# A full model list can be found: -# https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/83rf46ww.txt - - -from struct import pack, unpack -from typing import List -import argparse -import sys -import hashlib -import binascii -import os.path - -############################################################################# - -FTPR_END = 0x76000 -MINIFIED_FTPR_OFFSET = 0x400 # offset start of Factory Partition (FTPR) -ORIG_FTPR_OFFSET = 0xCC000 -PARTITION_HEADER_OFFSET = 0x30 # size of partition header - -DEFAULT_OUTPUT_FILE_NAME = "flashregion_2_intel_me.bin" - -############################################################################# - - -class EntryFlags: - """EntryFlag bitmap values.""" - - ExclBlockUse = 8192 - WOPDisable = 4096 - Logical = 2048 - Execute = 1024 - Write = 512 - Read = 256 - DirectAccess = 128 - Type = 64 - - -def generateHeader() -> bytes: - """Generate Header.""" - ROM_BYPASS_INSTR_0 = binascii.unhexlify("2020800F") - ROM_BYPASS_INSTR_1 = binascii.unhexlify("40000010") - ROM_BYPASS_INSTR_2 = pack(" bytes: - """Partition table entry.""" - ENTRY_NAME = binascii.unhexlify("46545052") - ENTRY_OWNER = binascii.unhexlify("FFFFFFFF") # "None" - ENTRY_OFFSET = binascii.unhexlify("00040000") - ENTRY_LENGTH = binascii.unhexlify("00600700") - ENTRY_START_TOKENS = pack(" bytes: - """Copy data of a given size from FTPR starting from offset.""" - offset_end = offset + size - return self.ftpr[offset:offset_end] - - def unpack_next_int(self, offset: int) -> int: - """Sugar syntax for unpacking a little-endian UINT at offset.""" - return self.unpack_val(self.slice(offset, 4)) - - def unpack_val(self, data: bytes) -> int: - """Sugar syntax for unpacking a little-endian unsigned integer.""" - return unpack(" str: - """Decode bytes into ASCII.""" - return data.rstrip(b"\x00").decode("ascii") - - def clear_ftpr_data(self, start: int, end: int) -> None: - """Replace values in range with 0xFF.""" - empty_data = bytes() - - for i in range(0, end - start): - empty_data += b"\xff" - self.write_ftpr_data(start, empty_data) - - def write_ftpr_data(self, start: int, data: bytes) -> None: - """Replace data in FTPR starting at a given offset.""" - end = len(data) + start - - new_partition = self.ftpr[:start] - new_partition += data - - if end != FTPR_END: - new_partition += self.ftpr[end:] - - self.ftpr = new_partition - - ###################################################################### - # FTPR cleanig/checking functions - ###################################################################### - def get_chunks_offsets(self, llut: bytes): - """Calculate Chunk offsets from LLUT.""" - chunk_count = self.unpack_val(llut[0x04:0x08]) - huffman_stream_end = sum(unpack(" int: - """Relocate partition.""" - new_offset = MINIFIED_FTPR_OFFSET - name = self.bytes_to_ascii(self.slice(PARTITION_HEADER_OFFSET, 4)) - - old_offset, partition_size = unpack( - "> 4) & 7 == 0x01: - llut_start = self.unpack_val(mod_header[0x38:0x3C]) - llut_start += old_offset - break - - if self.mod_headers and llut_start != 0: - # Bytes 0x9:0xb of the LLUT (bytes 0x1:0x3 of the AddrBase) are - # added to the SpiBase (bytes 0xc:0x10 of the LLUT) to compute the - # final start of the LLUT. Since AddrBase is not modifiable, we can - # act only on SpiBase and here we compute the minimum allowed - # new_offset. - llut_start_corr = unpack(" int: - """Remove modules.""" - unremovable_huff_chunks = [] - chunks_offsets = [] - base = 0 - chunk_size = 0 - end_addr = 0 - - for mod_header in self.mod_headers: - name = self.bytes_to_ascii(mod_header[0x04:0x14]) - offset = self.unpack_val(mod_header[0x38:0x3C]) - size = self.unpack_val(mod_header[0x40:0x44]) - flags = self.unpack_val(mod_header[0x50:0x54]) - comp_type = (flags >> 4) & 7 - comp_type_name = self.COMPRESSION_TYPE_NAME[comp_type] - - print(" {:<16} ({:<7}, ".format(name, comp_type_name), end="") - - # If compresion type uncompressed or LZMA - if comp_type == 0x00 or comp_type == 0x02: - offset_end = offset + size - range_msg = "0x{:06x} - 0x{:06x} ): " - print(range_msg.format(offset, offset_end), end="") - - if name in self.UNREMOVABLE_MODULES: - end_addr = max(end_addr, offset + size) - print("NOT removed, essential") - else: - offset_end = min(offset + size, FTPR_END) - self.clear_ftpr_data(offset, offset_end) - print("removed") - - # Else if compression type huffman - elif comp_type == 0x01: - if not chunks_offsets: - # Check if Local Look Up Table (LLUT) is present - if self.slice(offset, 4) == b"LLUT": - llut = self.slice(offset, 0x40) - - chunk_count = self.unpack_val(llut[0x4:0x8]) - base = self.unpack_val(llut[0x8:0xC]) + 0x10000000 - chunk_size = self.unpack_val(llut[0x30:0x34]) - - llut = self.slice(offset, (chunk_count * 4) + 0x40) - - # calculate offsets of chunks from LLUT - chunks_offsets = self.get_chunks_offsets(llut) - else: - no_llut_msg = "Huffman modules found," - no_llut_msg += "but LLUT is not present." - sys.exit(no_llut_msg) - - module_base = self.unpack_val(mod_header[0x34:0x38]) - module_size = self.unpack_val(mod_header[0x3C:0x40]) - first_chunk_num = (module_base - base) // chunk_size - last_chunk_num = first_chunk_num + module_size // chunk_size - huff_size = 0 - - chunk_length = last_chunk_num + 1 - for chunk in chunks_offsets[first_chunk_num:chunk_length]: - huff_size += chunk[1] - chunk[0] - - size_in_kiB = "~" + str(int(round(huff_size / 1024))) + " KiB" - print( - "fragmented data, {:<9}): ".format(size_in_kiB), - end="", - ) - - # Check if module is in the unremovable list - if name in self.UNREMOVABLE_MODULES: - print("NOT removed, essential") - - # add to list of unremovable chunks - for x in chunks_offsets[first_chunk_num:chunk_length]: - if x[0] != 0: - unremovable_huff_chunks.append(x) - else: - print("removed") - - # Else unknown compression type - else: - unkwn_comp_msg = " 0x{:06x} - 0x{:06x}): " - unkwn_comp_msg += "unknown compression, skipping" - print(unkwn_comp_msg.format(offset, offset + size), end="") - - if chunks_offsets: - removable_huff_chunks = [] - - for chunk in chunks_offsets: - # if chunk is not in a unremovable chunk, it must be removable - if all( - not ( - unremovable_chk[0] <= chunk[0] < unremovable_chk[1] - or unremovable_chk[0] < chunk[1] <= unremovable_chk[1] - ) - for unremovable_chk in unremovable_huff_chunks - ): - removable_huff_chunks.append(chunk) - - for removable_chunk in removable_huff_chunks: - if removable_chunk[1] > removable_chunk[0]: - chunk_start = removable_chunk[0] - ORIG_FTPR_OFFSET - chunk_end = removable_chunk[1] - ORIG_FTPR_OFFSET - self.clear_ftpr_data(chunk_start, chunk_end) - - end_addr = max( - end_addr, max(unremovable_huff_chunks, key=lambda x: x[1])[1] - ) - end_addr -= ORIG_FTPR_OFFSET - - return end_addr - - def find_mod_header_size(self) -> None: - """Find module header size.""" - self.mod_header_size = 0 - data = self.slice(0x290, 0x84) - - # check header size - if data[0x0:0x4] == b"$MME": - if data[0x60:0x64] == b"$MME" or self.num_modules == 1: - self.mod_header_size = 0x60 - elif data[0x80:0x84] == b"$MME": - self.mod_header_size = 0x80 - - def find_mod_headers(self) -> None: - """Find module headers.""" - data = self.slice(0x290, self.mod_header_size * self.num_modules) - - for i in range(0, self.num_modules): - header_start = i * self.mod_header_size - header_end = (i + 1) * self.mod_header_size - self.mod_headers.append(data[header_start:header_end]) - - def resize_partition(self, end_addr: int) -> None: - """Resize partition.""" - spared_blocks = 4 - if end_addr > 0: - end_addr = (end_addr // 0x1000 + 1) * 0x1000 - end_addr += spared_blocks * 0x1000 - - # partition header not added yet - # remove trailing data the same size as the header. - end_addr -= MINIFIED_FTPR_OFFSET - - me_size_msg = "The ME minimum size should be {0} " - me_size_msg += "bytes ({0:#x} bytes)" - print(me_size_msg.format(end_addr)) - print("Truncating file at {:#x}...".format(end_addr)) - self.ftpr = self.ftpr[:end_addr] - - def check_and_clean_ftpr(self) -> None: - """Check and clean FTPR (factory partition).""" - self.num_modules = self.unpack_next_int(0x20) - self.find_mod_header_size() - - if self.mod_header_size != 0: - self.find_mod_headers() - - # ensure all of the headers begin with b'$MME' - if all(hdr.startswith(b"$MME") for hdr in self.mod_headers): - end_addr = self.remove_modules() - new_offset = self.relocate_partition() - end_addr += new_offset - - self.resize_partition(end_addr) - - # flip bit - # XXX: I have no idea why this works and passes RSA signiture - self.write_ftpr_data(0x39, b"\x00") - else: - sys.exit( - "Found less modules than expected in the FTPR " - "partition; skipping modules removal and exiting." - ) - else: - sys.exit( - "Can't find the module header size; skipping modules" - "removal and exiting." - ) - - -########################################################################## - - -def check_partition_signature(f, offset) -> bool: - """check_partition_signature copied/shamelessly stolen from me_cleaner.""" - f.seek(offset) - header = f.read(0x80) - modulus = int(binascii.hexlify(f.read(0x100)[::-1]), 16) - public_exponent = unpack(" None: - """Generate ME blob.""" - print("Starting ME 7.x Update parser.") - - orig_f = open(input_file, "rb") - cleaned_ftpr = clean_ftpr(orig_f.read(FTPR_END)) - orig_f.close() - - fo = open(output_file, "wb") - fo.write(generateHeader()) - fo.write(generateFtpPartition()) - fo.write(cleaned_ftpr.ftpr) - fo.close() - - -def verify_output(output_file: str) -> None: - """Verify Generated ME file.""" - file_verifiy = open(output_file, "rb") - - if check_partition_signature(file_verifiy, MINIFIED_FTPR_OFFSET): - print(output_file + " is VALID") - file_verifiy.close() - else: - print(output_file + " is INVALID!!") - file_verifiy.close() - sys.exit("The FTPR partition signature is not valid.") - - -if __name__ == "__main__": - parser = argparse.ArgumentParser( - description="Tool to remove as much code " - "as possible from Intel ME/TXE 7.x firmware " - "update and create paratition for a flashable ME parition." - ) - - -parser.add_argument("file", help="ME/TXE image or full dump") -parser.add_argument( - "-O", - "--output", - metavar="output_file", - help="save " - "save file name other than the default '" + DEFAULT_OUTPUT_FILE_NAME + "'", -) - -args = parser.parse_args() - -output_file_name = DEFAULT_OUTPUT_FILE_NAME if not args.output else args.output - -# Check if output file exists, ask to overwrite or exit -if os.path.isfile(output_file_name): - input_msg = output_file_name - input_msg += " exists. Do you want to overwrite? [y/N]: " - if not str(input(input_msg)).lower().startswith("y"): - sys.exit("Not overwriting file. Exiting.") - -generate_me_blob(args.file, output_file_name) -verify_output(output_file_name) -- cgit v1.2.1