search

PSPReverse / PSPTool

Display, extract, and manipulate PSP firmware inside UEFI images
GNU General Public License v3.0
612 stars 62 forks source link

Gigabyte WRX80 32MB image crashes psptool #40

Open Ragebone opened 2 years ago

Ragebone commented 2 years ago

Hello, i noticed that this WRX80 image crashes psptool on my machine. I'm running the AUR build and i'm not sure on what branch and commit it is build.

The Image i tried is the F2 version and the Traceback is as follows. 

$ psptool WRX80SU8-F2.BIN 
Traceback (most recent call last):
  File "/usr/bin/psptool", line 33, in <module>
    sys.exit(load_entry_point('psptool==2.2', 'console_scripts', 'psptool')())
  File "/usr/lib/python3.9/site-packages/psptool/__main__.py", line 80, in main
    psp = PSPTool.from_file(args.file, verbose=args.verbose)
  File "/usr/lib/python3.9/site-packages/psptool/psptool.py", line 31, in from_file
    pt = PSPTool(rom_bytes, verbose=verbose)
  File "/usr/lib/python3.9/site-packages/psptool/psptool.py", line 39, in __init__
    self.blob = Blob(rom_bytes, len(rom_bytes), self)
  File "/usr/lib/python3.9/site-packages/psptool/blob.py", line 48, in __init__
    self._find_entry_table()
  File "/usr/lib/python3.9/site-packages/psptool/blob.py", line 87, in _find_entry_table
    if self.dual_rom:
AttributeError: 'Blob' object has no attribute 'dual_rom'

From the words dual_rom at the end, i assume that That might be the issue because this image appears to not be two images, but one very large 32MB one.

Additionally, the $PL2 is located somewhere where masking its address with 0x00FFFFFF leads into bogus land.

I have not tried any other WRX80 images but i assume that a similar thing will happen.

cwerling commented 2 years ago

Hi Ragebone, sorry for not coming back earlier. I revamped a lot of ROM parsing logic in the latest PSPTool 2.4 and it kind of parses now:

+-----+------+-----------+---------+---------------+
| ROM | Addr |    Size   |   FET   |     AGESA     |
+-----+------+-----------+---------+---------------+
|  0  | 0x0  | 0x1000000 | 0x20000 | AGESA_UNKNOWN |
+-----+------+-----------+---------+---------------+
+--+-----------+---------+------+-------+---------------------+
|  | Directory |   Addr  | Type | Magic | Secondary Directory |
+--+-----------+---------+------+-------+---------------------+
|  |     0     | 0xf9000 | BIOS |  $BHD |       0x159000      |
+--+-----------+---------+------+-------+---------------------+
+--+---+-------+----------+--------+-------------------------------+----------+----------+-----------------------+
|  |   | Entry |  Address |   Size |                          Type | Magic/ID |  Version |                  Info |
+--+---+-------+----------+--------+-------------------------------+----------+----------+-----------------------+
|  |   |     0 |  0xfa000 |  0x100 |                     0x1000068 |        J |  0.0.0.0 | no_key, legacy_header |
|  |   |     1 |      0x0 |    0x0 |                   FW_GEC~0x61 |          |          |                       |
|  |   |     2 |  0xfc000 | 0x4990 |                     0x1100064 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     3 | 0x100a00 |  0x460 |                     0x1100065 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     4 | 0x100f00 | 0x4c50 |                     0x1200064 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     5 | 0x105c00 |  0x480 |                     0x1200065 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     6 | 0x106100 | 0x4be0 |                     0x1400064 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     7 | 0x10ad00 |  0x440 |                     0x1400065 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     8 | 0x10b200 | 0x4e70 |                     0x1500064 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     9 | 0x110100 |  0x450 |                     0x1500065 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |    10 | 0x159000 |  0x400 | !BL2_SECONDARY_DIRECTORY~0x70 |          |          |                       |
+--+---+-------+----------+--------+-------------------------------+----------+----------+-----------------------+

+--+-----------+----------+-----------+-------+---------------------+
|  | Directory |   Addr   |    Type   | Magic | Secondary Directory |
+--+-----------+----------+-----------+-------+---------------------+
|  |     1     | 0x159000 | secondary |  $BL2 |          --         |
+--+-----------+----------+-----------+-------+---------------------+
+--+---+-------+----------+---------+-----------------+----------+----------+-----------------------+
|  |   | Entry |  Address |    Size |            Type | Magic/ID |  Version |                  Info |
+--+---+-------+----------+---------+-----------------+----------+----------+-----------------------+
|  |   |     0 | 0x15a000 |   0x100 |       0x1000068 |        J |  0.0.0.0 | no_key, legacy_header |
|  |   |     1 | 0x15c000 |   0x100 |       0x1800068 |        h |  0.0.0.0 | no_key, legacy_header |
|  |   |     2 | 0x15d000 |   0x100 |       0x1900068 |          |  0.0.0.0 | no_key, legacy_header |
|  |   |     3 | 0x15e000 |   0x100 |       0x1000060 |        h |  0.0.0.0 | no_key, legacy_header |
|  |   |     4 | 0x161000 |   0x100 |       0x1100060 |          |  0.0.0.0 | no_key, legacy_header |
|  |   |     5 |      0x0 |     0x0 |     FW_GEC~0x61 |          |          |                       |
|  |   |     6 | 0x119000 | 0x40000 | FW_INVALID~0x63 |          |          |                       |
|  |   |     7 | 0x162000 |  0x4990 |       0x1100064 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     8 | 0x166a00 |   0x460 |       0x1100065 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |     9 | 0x166f00 |  0x4c50 |       0x1200064 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |    10 | 0x16bc00 |   0x480 |       0x1200065 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |    11 | 0x16c100 |  0x4be0 |       0x1400064 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |    12 | 0x170d00 |   0x440 |       0x1400065 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |    13 | 0x171200 |  0x4e70 |       0x1500064 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |    14 | 0x176100 |   0x450 |       0x1500065 |     0x05 | 0.0.10.1 |    compressed, no_key |
|  |   |    15 | 0x176600 |   0xc80 |            0x66 |          |          |                       |
|  |   |    16 | 0x177300 |   0xc80 |        0x100066 |          |          |                       |
+--+---+-------+----------+---------+-----------------+----------+----------+-----------------------+

+-----+----------+-----------+-----------+---------------+
| ROM |   Addr   |    Size   |    FET    |     AGESA     |
+-----+----------+-----------+-----------+---------------+
|  1  | 0xfe0000 | 0x1000000 | 0x1000000 | AGESA_UNKNOWN |
+-----+----------+-----------+-----------+---------------+
+-----+----------+-----------+-----------+---------------+
| ROM |   Addr   |    Size   |    FET    |     AGESA     |
+-----+----------+-----------+-----------+---------------+
|  2  | 0x1e0000 | 0x1000000 | 0x1180000 | AGESA_UNKNOWN |
+-----+----------+-----------+-----------+---------------+
cwerling commented 2 years ago

I will check why ROM1 and ROM2 are empty soonish.

Ragebone commented 1 year ago

As far as i understand it myself, WRX80 32MB images are actually one single image not two stacked ones. If it were a stacked image, there should a FET at probably the same offset + image offset, which it clearly isn't.