summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjørn Mork <bjorn@mork.no>2017-01-12 13:40:22 +0100
committerBjørn Mork <bjorn@mork.no>2017-01-12 13:40:22 +0100
commit524b452035efa7bd1dd2f1c981050c2d63568d65 (patch)
tree6cbc4ff28b6ea3b46993005e33ce2d3f04e29478
parent6298c4d614e53c62203de6252080243a47de0836 (diff)
makenvup.pl: minor fixes
Signed-off-by: Bjørn Mork <bjorn@mork.no>
-rwxr-xr-xscripts/makenvup.pl101
1 files changed, 92 insertions, 9 deletions
diff --git a/scripts/makenvup.pl b/scripts/makenvup.pl
index e241a64..f21a7b7 100755
--- a/scripts/makenvup.pl
+++ b/scripts/makenvup.pl
@@ -8,16 +8,35 @@ use warnings;
use Archive::Zip;
use Getopt::Long;
-# fixed prod
my $prod = "9X30";
+my $fname = "BJORN";
+my $imgver = "00.00.00.00"; # match any?
-# fixed version string - must this match the running image? YES: experiments says so
-my $imgver = "02.08.02.00";
-my $ver = "9999999_9904609_SWI${prod}C_${imgver}_00_Bjorn_001.001_000";
+my $ver = "INTERNAL_9901234_SWI${prod}C_${imgver}_00_${fname}_000.000_000";
## test with a legal value first!
-##my $usbcomp = 0x0000050d; # (diag,nmea,modem,rmnet0)
-my $usbcomp = 0x0000050f; # (diag,adb,nmea,modem,rmnet0,rmnet1)
+##my $usbcomp = 0x0000050d; # (diag,nmea,modem,rmnet0,rmnet1)
+##my $usbcomp = 0x0000050f; # (diag,adb,nmea,modem,rmnet0,rmnet1)
+my $usbcomp = 0x0000100f; # (diag,adb,nmea,modem,mbim)
+
+# Yeeha! after adding
+#
+# nemi:/home/bjorn# cat /root/.android/adb_usb.ini
+# # ANDROID 3RD PARTY USB VENDOR ID LIST -- DO NOT EDIT.
+# # USE 'android update adb' TO GENERATE.
+# # 1 USB VENDOR ID PER LINE.
+# 0x1199
+#
+# we got liftoff:
+#
+# nemi:~# adb devices
+# List of devices attached
+# LQ53740015020204 device
+#
+# nemi:~# adb shell
+# / # uname -a
+# Linux mdm9635-perf 3.10.0+ #1 PREEMPT Wed Jan 6 21:51:50 PST 2016 armv7l GNU/Linux
+
# supported values are:
#
@@ -41,6 +60,31 @@ my $usbcomp = 0x0000050f; # (diag,adb,nmea,modem,rmnet0,rmnet1)
# The default configuration is:
# at!usbcomp=1,1,10F'
+## more complete help text taken from memory dump:
+
+#AT!USBCOMP=<Config Index>,<Config Type>,<Interface bitmask>
+# <Config Index> - configuration index to which the composition applies, should be 1
+# <Config Type> - 1:Generic, 2:USBIF-MBIM, 3:RNDIS
+# config type 2/3 should only be used for specific Sierra PIDs: 68B1, 9068
+# customized VID/PID should use config type 1
+# <Interface bitmask> - DIAG - 0x00000001,
+# ADB - 0x00000002,
+# NMEA - 0x00000004,
+# MODEM - 0x00000008,
+# RMNET0 - 0x00000100,
+# RMNET1 - 0x00000400,
+# RMNET2 - 0x00000800,
+# MBIM - 0x00001000,
+# RNDIS - 0x00004000,
+# AUDIO - 0x00010000,
+# ECM - 0x00080000,
+# UBIST - 0x00200000
+# e.g.
+# 10D - diag, nmea, modem, rmnet0 interfaces enabled
+# 1009 - diag, modem, mbim interfaces enabled
+# The default configuration is:
+# at!usbcomp=1,1,10F
+
#bjorn@nemi:~/privat/prog/git/wwan/scripts$ ./parsecwe.pl ~/docs/hardware/sierra/em7455/firmware/SWI9X30C_02.08.02.00/OEM/1102662_9905046_EM7455_02.05.07.00_00_Lenovo-Laptop_#001.003_000.nvu
#FLEHDR: FULL: val=1, code=3, hdrsz=400, imgsz=11976
#CWEHDR: SPKG: crc=0x69d98b86, rev=3, val=NOPE, prod=9X30, imgsz=11976, imgcrc=0x3a9b2ec2, date=12/15/15, compat=0x00000000, xxx=0x00000001
@@ -71,7 +115,7 @@ sub crc32 {
sub mkfilehdr {
my $imgsz = shift;
- return pack("CCnNNa[244]",1, 2, 0, 400, $imgsz, "FULL"); # the meaning of 'code' is uncertain. OEM file has 3, others have 2.
+ return pack("CCnNNa[244]",1, 3, 0, 400, $imgsz, "FULL"); # the meaning of 'code' is uncertain. OEM file has 3, others have 2.
}
sub mkcwehdr {
@@ -108,8 +152,47 @@ sub mknvup {
my $image = &mknvup();
my $cwe = &mkcwehdr('NVUP', $ver, 0x00000001, 0x50617273, $image);
-## funker ikke $cwe = &mkcwehdr('FILE', '/swir/nvdelta/NVUP_bjorn.020', 0x01000000, 0x00000001, $cwe);
-$cwe = &mkcwehdr('FILE', '/nvup/NVUP_BJORN.020', 0x01000000, 0x00000001, $cwe);
+$cwe = &mkcwehdr('FILE', "/nvup/NVUP_${fname}.020", 0x01000000, 0x00000001, $cwe);
$cwe = &mkcwehdr('FILE', $ver, 0x00000000, 0x00000001, $cwe);
$cwe = &mkcwehdr('SPKG', $ver, 0x00000000, 0x00000001, $cwe);
print $cwe;
+
+
+
+
+__END__
+
+Interesting variables:
+
+
+
+ #7 45 bytes: b=3401, c=0001, <08> ATLOWPWD => 14:62:64:65:00:00:00:00:00:00:00:00:00:00:00:00
+ #8 36 bytes: b=3401, c=0001, <08> ANTITHEFT_MODE => 00
+ #9 30 bytes: b=3401, c=0001, <08> FCC_AUTH => 00
+ #10 36 bytes: b=3401, c=0001, <08> USB_VENDOR_ID => 3c:41
+ #11 42 bytes: b=3401, c=0001, <08> USB_APP_BOOT_PIDS => b6:81:b5:81
+ #12 98 bytes: b=3401, c=0001, <08> USB_PROD_NAME => 44:57:35:38:31:31:65:20:53:6e:61:70:64:72:61:67:6f:6e:e2:84:a2:20:58:37:20:4c:54:45:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
+ #13 46 bytes: b=3401, c=0001, <08> FWID_GUID => 6e:db:47:5a:e0:b4:4a:42:97:50:1e:c6:4f:05:fd:13
+ #14 37 bytes: b=3401, c=0001, <08> USB_COMP => 01:00:00:00:0d:10:20:00
+ #15 42 bytes: b=3401, c=0001, <08> CUST_USBSERIALENABLE => 01
+ #16 37 bytes: b=3401, c=0001, <08> CUST_FASTENUMEN => 00
+ #17 36 bytes: b=3401, c=0001, <08> CUST_GPSENABLE => 01
+ #18 35 bytes: b=3401, c=0001, <08> CUST_GPSLPMEN => 00
+ #19 33 bytes: b=3401, c=0001, <08> CUST_GPSSEL => 01
+ #20 35 bytes: b=3401, c=0001, <08> GPS_AUTOSTART => 02
+ #21 41 bytes: b=3401, c=0001, <08> GPS_MTLR_NOTIF_RESP => 01
+ #22 36 bytes: b=3401, c=0001, <08> GNSS_ANT_POWER => 00
+ #23 33 bytes: b=3401, c=0001, <08> CUST_SIMLPM => 01
+ #24 31 bytes: b=3401, c=0001, <08> W_DISABLE => 00
+ #25 37 bytes: b=3401, c=0001, <08> CUST_WAKEHOSTEN => 00
+
+
+
+
+Wonder about the "ATLOWPWD". It is the same value in all OEM files.
+Thinking about the well known "A710" password... Doesn't that map nicely to
+14:62:64:65? if we just subtract the values from a known offset?
+
+A710 => 41:37:31:30
+
+The sum is 55:95:95:95. Not quite it... There is something else to this.