finder.c

Find xrpc parts from firmware.

#define _CRT_SECURE_NO_WARNINGS

#include <stdio.h>
//#include <tchar.h>
#include <string.h>
#include <malloc.h>

#define XRPC_HIDESIZE (256*1024)
#define XRPC_MAXSIZE (10*1024*1024)

#define XRPC_CALLERID_IGNORED 0
#define	XRPC_CALLERID_SIGMA_SER 0xffffffff

#define	XRPC_ID_GETSERIAL      0 // return chip serial number to param0..3
//whats 1 ? -> dvi.bin
#define	XRPC_ID_GETRANDOM      2 // return 32bit of true random to param0
#define XRPC_ID_BONDINGCOMMENT 3 // return the bonding comment to param0..1
#define XRPC_ID_SHA1XOS        4 // outputs SHA-1 of burnt signablearea-xosMxy.bin to param0..4
#define XRPC_ID_XLOAD          5
#define	XRPC_ID_XOSSELFUPDATE  9
#define XRPC_ID_IH_LOAD       13 //interrupthandler 
#define XRPC_ID_DRAM          15 /* --- deprecated in xosMa0 */
#define XRPC_ID_XUNLOAD       17
#define XRPC_ID_CACHEDUMP     18 // not implemented in release build
#define XRPC_ID_REBOOT        19
#define XRPC_ID_XBIND         20 // bind/unbind certificate to xload.
#define XRPC_ID_XSTART        21 // start xtask
#define XRPC_ID_XKILL         22 // signal or stop xtask
#define XRPC_ID_GETPROTECTION 23 // Get protection registers
#define XRPC_ID_GETBINDING    24 // Get binding hash
#define XRPC_ID_GETOWNER      25 // Get sector ownership hash
#define XRPC_ID_SETENHANCEDMODE 26 // enhanced mode 
#define XRPC_ID_VERSION       27 // Get XOS build version string (!= sha1)

struct xrpc_block_header{
	unsigned int callerid; // deprecated field, put XRPC_CALLERID_IGNORED
	unsigned int xrpcid;
	// parameters (input and output)
	unsigned int param0;
	unsigned int param1;
	unsigned int param2;
	unsigned int param3;
	unsigned int param4;
	unsigned int headerandblocksize;
};


int main(int argc, char* argv[])
{
	
	//search for XRPC_CALLERID_IGNORED+XRPC_ID_XLOAD
	const char header[] = "\x00\x00\x00\x00\x05\x00\x00\x00";//better : int32 anything, int32 0< XRPC_ID < 28
	unsigned int len=9;
	unsigned long ulFileSize=0;

	if(!argv[1])
		return 0;
	FILE* datei = fopen(argv[1], "rb");

	if (!datei)return 0;	

	fseek(datei,0,SEEK_END);
	ulFileSize=ftell(datei);
	fseek(datei,0,SEEK_SET);

	if (!ulFileSize)return 0;;
	if (len>ulFileSize)return 0;;

	char* lpBuffer=(char*)malloc(ulFileSize);
	fread(lpBuffer,1,ulFileSize,datei);

	if (!lpBuffer) return 0;;

	unsigned long ulCurrentPosition=0;
	while (ulCurrentPosition<ulFileSize-(len-1))
	{

		if (!memcmp(lpBuffer+ulCurrentPosition,header,len-1))
		{
			xrpc_block_header* hdr = (xrpc_block_header*)(lpBuffer+ulCurrentPosition);
			//not too big, small, or at 0x104 (PE Header, )
			if( ((ulCurrentPosition+hdr->headerandblocksize) > ulFileSize) || (hdr->headerandblocksize == 0) || (hdr->headerandblocksize > XRPC_MAXSIZE) || (ulCurrentPosition==0x104)) {
				ulCurrentPosition++;
				continue;
			}
			printf("file: %s pos: 0x%x (%d), size: 0x%x (%d)\n", argv[1], ulCurrentPosition, ulCurrentPosition, hdr->headerandblocksize, hdr->headerandblocksize);
			ulCurrentPosition += hdr->headerandblocksize-1;
			//break;
		}
		ulCurrentPosition++;

	}

	fclose(datei);
	free(lpBuffer);
	return 0;
}