diff --git a/native/jni/include/utils.h b/native/jni/include/utils.h index 7784e03cf..22e2166b0 100644 --- a/native/jni/include/utils.h +++ b/native/jni/include/utils.h @@ -93,6 +93,9 @@ void wait_till_exists(const char *target); // file.c +#define align(p, a) (((p) + (a) - 1) / (a) * (a)) +#define align_off(p, a) (align(p, a) - (p)) + extern char **excl_list; struct file_attr { @@ -125,8 +128,6 @@ void full_read(const char *filename, void **buf, size_t *size); void full_read_at(int dirfd, const char *filename, void **buf, size_t *size); void stream_full_read(int fd, void **buf, size_t *size); void write_zero(int fd, size_t size); -void mem_align(size_t *pos, size_t align); -void file_align(int fd, size_t align, int out); // img.c diff --git a/native/jni/magiskboot/bootimg.c b/native/jni/magiskboot/bootimg.c index b63ebe8da..305791b64 100644 --- a/native/jni/magiskboot/bootimg.c +++ b/native/jni/magiskboot/bootimg.c @@ -7,6 +7,8 @@ #include "magiskboot.h" #include "utils.h" #include "logging.h" +#include "mincrypt/sha.h" +#include "mincrypt/sha256.h" #define INSUF_BLOCK_RET 2 #define CHROMEOS_RET 3 @@ -68,6 +70,10 @@ static void print_hdr(const boot_img *boot) { fprintf(stderr, "NAME [%s]\n", header(boot, name)); fprintf(stderr, "CMDLINE [%s]\n", header(boot, cmdline)); + fprintf(stderr, "CHECKSUM ["); + for (int i = 0; i < ((boot->flags & SHA256_FLAG) ? SHA256_DIGEST_SIZE : SHA_DIGEST_SIZE); ++i) + fprintf(stderr, "%02x", header(boot, id)[i]); + fprintf(stderr, "]\n"); } static void clean_boot(boot_img *boot) { @@ -78,6 +84,7 @@ static void clean_boot(boot_img *boot) { memset(boot, 0, sizeof(*boot)); } +#define pos_align() pos = align(pos, header(boot, page_size)) int parse_img(const char *image, boot_img *boot) { memset(boot, 0, sizeof(*boot)); int is_blk = mmap_ro(image, &boot->map_addr, &boot->map_size); @@ -92,6 +99,11 @@ int parse_img(const char *image, boot_img *boot) { // The caller should know it's chromeos, as it needs additional signing boot->flags |= CHROMEOS_FLAG; continue; + case DHTB: + boot->flags |= DHTB_FLAG; + boot->flags |= SEANDROID_FLAG; + fprintf(stderr, "DHTB_HDR\n"); + continue; case ELF32: exit(ELF32_RET); case ELF64: @@ -109,26 +121,33 @@ int parse_img(const char *image, boot_img *boot) { } pos += header(boot, page_size); + for (int i = SHA_DIGEST_SIZE; i < SHA256_DIGEST_SIZE; ++i) { + if (header(boot, id)[i]) { + boot->flags |= SHA256_FLAG; + break; + } + } + print_hdr(boot); boot->kernel = head + pos; pos += header(boot, kernel_size); - mem_align(&pos, header(boot, page_size)); + pos_align(); boot->ramdisk = head + pos; pos += header(boot, ramdisk_size); - mem_align(&pos, header(boot, page_size)); + pos_align(); if (header(boot, second_size)) { boot->second = head + pos; pos += header(boot, second_size); - mem_align(&pos, header(boot, page_size)); + pos_align(); } if (header(boot, extra_size)) { boot->extra = head + pos; pos += header(boot, extra_size); - mem_align(&pos, header(boot, page_size)); + pos_align(); } if (pos < boot->map_size) { @@ -136,6 +155,13 @@ int parse_img(const char *image, boot_img *boot) { boot->tail_size = boot->map_size - pos; } + // Check tail info, currently only for LG Bump and Samsung SEANDROIDENFORCE + if (boot->tail_size >= 16 && memcmp(boot->tail, SEANDROID_MAGIC, 16) == 0) { + boot->flags |= SEANDROID_FLAG; + } else if (boot->tail_size >= 16 && memcmp(boot->tail, LG_BUMP_MAGIC, 16) == 0) { + boot->flags |= LG_BUMP_FLAG; + } + // Search for dtb in kernel for (uint32_t i = 0; i < header(boot, kernel_size); ++i) { if (memcmp(boot->kernel + i, DTB_MAGIC, 4) == 0) { @@ -232,11 +258,11 @@ int unpack(const char *image) { return ret; } +#define file_align() write_zero(fd, align_off(lseek(fd, 0, SEEK_CUR) - header_off, header(&boot, page_size))) void repack(const char* orig_image, const char* out_image) { boot_img boot; - - // There are possible two MTK headers - off_t mtk_kernel_off, mtk_ramdisk_off; + + off_t header_off, kernel_off, ramdisk_off, second_off, extra_off; // Parse original image parse_img(orig_image, &boot); @@ -246,12 +272,19 @@ void repack(const char* orig_image, const char* out_image) { // Create new image int fd = creat(out_image, 0644); + if (boot.flags & DHTB_FLAG) { + // Skip DHTB header + write_zero(fd, 512); + } + // Skip a page for header + header_off = lseek(fd, 0, SEEK_CUR); write_zero(fd, header(&boot, page_size)); + // kernel + kernel_off = lseek(fd, 0, SEEK_CUR); if (boot.flags & MTK_KERNEL) { - // Record position and skip MTK header - mtk_kernel_off = lseek(fd, 0, SEEK_CUR); + // Skip MTK header write_zero(fd, 512); } if (COMPRESSED(boot.k_fmt)) { @@ -263,15 +296,16 @@ void repack(const char* orig_image, const char* out_image) { } else { lheader(&boot, kernel_size, = restore(KERNEL_FILE, fd)); } - // Restore dtb + // dtb if (boot.dt_size && access(DTB_FILE, R_OK) == 0) { lheader(&boot, kernel_size, += restore(DTB_FILE, fd)); } - file_align(fd, header(&boot, page_size), 1); + file_align(); + // ramdisk + ramdisk_off = lseek(fd, 0, SEEK_CUR); if (boot.flags & MTK_RAMDISK) { - // Record position and skip MTK header - mtk_ramdisk_off = lseek(fd, 0, SEEK_CUR); + // Skip MTK header write_zero(fd, 512); } if (access(RAMDISK_FILE, R_OK) == 0) { @@ -296,48 +330,83 @@ void repack(const char* orig_image, const char* out_image) { LOGE("No ramdisk exists!\n"); lheader(&boot, ramdisk_size, = restore(name, fd)); } - file_align(fd, header(&boot, page_size), 1); + file_align(); - // Restore second + // second + second_off = lseek(fd, 0, SEEK_CUR); if (header(&boot, second_size) && access(SECOND_FILE, R_OK) == 0) { lheader(&boot, second_size, = restore(SECOND_FILE, fd)); - file_align(fd, header(&boot, page_size), 1); + file_align(); } - // Restore extra + // extra + extra_off = lseek(fd, 0, SEEK_CUR); if (header(&boot, extra_size) && access(EXTRA_FILE, R_OK) == 0) { lheader(&boot, extra_size, = restore(EXTRA_FILE, fd)); - file_align(fd, header(&boot, page_size), 1); + file_align(); } - // Check tail info, currently only for LG Bump and Samsung SEANDROIDENFORCE - if (boot.tail_size >= 16) { - if (memcmp(boot.tail, "SEANDROIDENFORCE", 16) == 0 || - memcmp(boot.tail, LG_BUMP_MAGIC, 16) == 0 ) { - restore_buf(fd, boot.tail, 16); - } + // Append tail info + if (boot.flags & SEANDROID_FLAG) { + restore_buf(fd, SEANDROID_MAGIC "\xFF\xFF\xFF\xFF", 20); + } + if (boot.flags & LG_BUMP_FLAG) { + restore_buf(fd, LG_BUMP_MAGIC, 16); } - // Write MTK headers back + close(fd); + + // Map output image as rw + munmap(boot.map_addr, boot.map_size); + mmap_rw(out_image, &boot.map_addr, &boot.map_size); + + // MTK headers if (boot.flags & MTK_KERNEL) { - lseek(fd, mtk_kernel_off, SEEK_SET); boot.k_hdr->size = header(&boot, kernel_size); lheader(&boot, kernel_size, += 512); - restore_buf(fd, boot.k_hdr, sizeof(mtk_hdr)); + memcpy(boot.map_addr + kernel_off, boot.k_hdr, sizeof(mtk_hdr)); } if (boot.flags & MTK_RAMDISK) { - lseek(fd, mtk_ramdisk_off, SEEK_SET); boot.r_hdr->size = header(&boot, ramdisk_size); lheader(&boot, ramdisk_size, += 512); - restore_buf(fd, boot.r_hdr, sizeof(mtk_hdr)); + memcpy(boot.map_addr + ramdisk_off, boot.r_hdr, sizeof(mtk_hdr)); } - // Main header - lseek(fd, 0, SEEK_SET); - restore_buf(fd, boot.hdr, (boot.flags & PXA_FLAG) ? sizeof(pxa_boot_img_hdr) : sizeof(boot_img_hdr)); + + // Update checksum + HASH_CTX ctx; + (boot.flags & SHA256_FLAG) ? SHA256_init(&ctx) : SHA_init(&ctx); + uint32_t size = header(&boot, kernel_size); + HASH_update(&ctx, boot.map_addr + kernel_off, size); + HASH_update(&ctx, &size, sizeof(size)); + size = header(&boot, ramdisk_size); + HASH_update(&ctx, boot.map_addr + ramdisk_off, size); + HASH_update(&ctx, &size, sizeof(size)); + size = header(&boot, second_size); + HASH_update(&ctx, boot.map_addr + second_off, size); + HASH_update(&ctx, &size, sizeof(size)); + size = header(&boot, extra_size); + if (size) { + HASH_update(&ctx, boot.map_addr + extra_off, size); + HASH_update(&ctx, &size, sizeof(size)); + } + memset(header(&boot, id), 0, 32); + memcpy(header(&boot, id), HASH_final(&ctx), + (boot.flags & SHA256_FLAG) ? SHA256_DIGEST_SIZE : SHA_DIGEST_SIZE); // Print new image info print_hdr(&boot); + // Main header + memcpy(boot.map_addr + header_off, boot.hdr, + (boot.flags & PXA_FLAG) ? sizeof(pxa_boot_img_hdr) : sizeof(boot_img_hdr)); + + // DHTB header + if (boot.flags & DHTB_FLAG) { + dhtb_hdr *hdr = boot.map_addr; + memcpy(hdr, DHTB_MAGIC, 8); + hdr->size = boot.map_size - 512; + SHA256_hash(boot.map_addr + 512, hdr->size, hdr->checksum); + } + clean_boot(&boot); - close(fd); } diff --git a/native/jni/magiskboot/bootimg.h b/native/jni/magiskboot/bootimg.h index 9d279204b..cf956a96a 100644 --- a/native/jni/magiskboot/bootimg.h +++ b/native/jni/magiskboot/bootimg.h @@ -28,10 +28,8 @@ typedef struct boot_img_hdr { uint32_t os_version; char name[16]; /* asciiz product name */ - char cmdline[512]; - - uint32_t id[8]; /* timestamp / checksum / sha1 / etc */ + char id[32]; /* timestamp / checksum / sha1 / etc */ /* Supplemental command line data; kept here to maintain * binary compatibility with older versions of mkbootimg */ @@ -56,10 +54,8 @@ typedef struct pxa_boot_img_hdr { uint32_t page_size; /* flash page size we assume */ char name[24]; /* asciiz product name */ - char cmdline[512]; - - uint32_t id[8]; /* timestamp / checksum / sha1 / etc */ + char id[32]; /* timestamp / checksum / sha1 / etc */ /* Supplemental command line data; kept here to maintain * binary compatibility with older versions of mkbootimg */ @@ -102,11 +98,21 @@ typedef struct mtk_hdr { char name[32]; /* The type of the header */ } __attribute__((packed)) mtk_hdr; +typedef struct dhtb_hdr { + char magic[8]; /* DHTB magic */ + char checksum[40]; /* Payload SHA256, whole image + SEANDROIDENFORCE + 0xFFFFFFFF */ + uint32_t size; /* Payload size, whole image + SEANDROIDENFORCE + 0xFFFFFFFF */ +} __attribute__((packed)) dhtb_hdr; + // Flags -#define MTK_KERNEL 0x01 -#define MTK_RAMDISK 0x02 -#define CHROMEOS_FLAG 0x04 -#define PXA_FLAG 0x08 +#define MTK_KERNEL 0x01 +#define MTK_RAMDISK 0x02 +#define CHROMEOS_FLAG 0x04 +#define PXA_FLAG 0x08 +#define DHTB_FLAG 0x10 +#define SEANDROID_FLAG 0x20 +#define LG_BUMP_FLAG 0x40 +#define SHA256_FLAG 0x80 typedef struct boot_img { // Memory map of the whole image @@ -114,9 +120,9 @@ typedef struct boot_img { size_t map_size; // Headers - void *hdr; /* Either boot_img_hdr or pxa_boot_img_hdr */ - mtk_hdr *k_hdr; /* MTK kernel header */ - mtk_hdr *r_hdr; /* MTK ramdisk header */ + void *hdr; /* Either boot_img_hdr or pxa_boot_img_hdr */ + mtk_hdr *k_hdr; /* MTK kernel header */ + mtk_hdr *r_hdr; /* MTK ramdisk header */ // Flags to indicate the state of current boot image uint8_t flags; diff --git a/native/jni/magiskboot/format.c b/native/jni/magiskboot/format.c index 9c32c3531..6b7276940 100644 --- a/native/jni/magiskboot/format.c +++ b/native/jni/magiskboot/format.c @@ -31,6 +31,8 @@ format_t check_fmt(const void *buf) { return MTK; } else if (memcmp(buf, DTB_MAGIC, 4) == 0) { return DTB; + } else if (memcmp(buf, DHTB_MAGIC, 8) == 0) { + return DHTB; } else { return UNKNOWN; } diff --git a/native/jni/magiskboot/format.h b/native/jni/magiskboot/format.h index ca30c34ee..8ab42995e 100644 --- a/native/jni/magiskboot/format.h +++ b/native/jni/magiskboot/format.h @@ -2,20 +2,21 @@ #define _FORMAT_H_ typedef enum { - UNKNOWN, - CHROMEOS, - AOSP, - ELF32, - ELF64, - GZIP, - LZOP, - XZ, - LZMA, - BZIP2, - LZ4, - LZ4_LEGACY, - MTK, - DTB + UNKNOWN, + CHROMEOS, + AOSP, + ELF32, + ELF64, + GZIP, + LZOP, + XZ, + LZMA, + BZIP2, + LZ4, + LZ4_LEGACY, + MTK, + DTB, + DHTB } format_t; #define COMPRESSED(fmt) (fmt >= GZIP && fmt <= LZ4_LEGACY) @@ -33,6 +34,8 @@ typedef enum { #define MTK_MAGIC "\x88\x16\x88\x58" #define DTB_MAGIC "\xd0\x0d\xfe\xed" #define LG_BUMP_MAGIC "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79" +#define DHTB_MAGIC "\x44\x48\x54\x42\x01\x00\x00\x00" +#define SEANDROID_MAGIC "SEANDROIDENFORCE" #define SUP_LIST ((char *[]) { "gzip", "xz", "lzma", "bzip2", "lz4", "lz4_legacy", NULL }) #define SUP_EXT_LIST ((char *[]) { "gz", "xz", "lzma", "bz2", "lz4", "lz4", NULL }) diff --git a/native/jni/utils/cpio.c b/native/jni/utils/cpio.c index 0ec3c088f..ca766664a 100644 --- a/native/jni/utils/cpio.c +++ b/native/jni/utils/cpio.c @@ -56,6 +56,7 @@ void cpio_vec_insert(struct vector *v, cpio_entry *n) { } // Parse cpio file to a vector of cpio_entry +#define parse_align() lseek(fd, align(lseek(fd, 0, SEEK_CUR), 4), SEEK_SET) void parse_cpio(struct vector *v, const char *filename) { int fd = open(filename, O_RDONLY); if (fd < 0) return; @@ -79,7 +80,7 @@ void parse_cpio(struct vector *v, const char *filename) { // f->check = x8u(header.check); f->filename = xmalloc(namesize); xxread(fd, f->filename, namesize); - file_align(fd, 4, 0); + parse_align(); if (strcmp(f->filename, ".") == 0 || strcmp(f->filename, "..") == 0) { cpio_free(f); continue; @@ -91,13 +92,14 @@ void parse_cpio(struct vector *v, const char *filename) { if (f->filesize) { f->data = xmalloc(f->filesize); xxread(fd, f->data, f->filesize); - file_align(fd, 4, 0); + parse_align(); } vec_push_back(v, f); } close(fd); } +#define dump_align() write_zero(fd, align_off(lseek(fd, 0, SEEK_CUR), 4)) void dump_cpio(struct vector *v, const char *filename) { fprintf(stderr, "Dump cpio: [%s]\n", filename); unsigned inode = 300000; @@ -124,17 +126,17 @@ void dump_cpio(struct vector *v, const char *filename) { ); xwrite(fd, header, 110); xwrite(fd, e->filename, strlen(e->filename) + 1); - file_align(fd, 4, 1); + dump_align(); if (e->filesize) { xwrite(fd, e->data, e->filesize); - file_align(fd, 4, 1); + dump_align(); } } // Write trailer sprintf(header, "070701%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x", inode++, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 11, 0); xwrite(fd, header, 110); xwrite(fd, "TRAILER!!!\0", 11); - file_align(fd, 4, 1); + dump_align(); close(fd); } diff --git a/native/jni/utils/file.c b/native/jni/utils/file.c index 3362c9a6c..021c142b5 100644 --- a/native/jni/utils/file.c +++ b/native/jni/utils/file.c @@ -424,24 +424,3 @@ void write_zero(int fd, size_t size) { ftruncate(fd, pos + size); lseek(fd, pos + size, SEEK_SET); } - -void mem_align(size_t *pos, size_t align) { - size_t mask = align - 1; - if (*pos & mask) { - *pos += align - (*pos & mask); - } -} - -void file_align(int fd, size_t align, int out) { - size_t pos = lseek(fd, 0, SEEK_CUR); - size_t mask = align - 1; - size_t off; - if (pos & mask) { - off = align - (pos & mask); - if (out) { - write_zero(fd, off); - } else { - lseek(fd, pos + off, SEEK_SET); - } - } -}