search

antmicro / zynq-mkbootimage

An open source replacement of the Xilinx bootgen application.
BSD 2-Clause "Simplified" License
93 stars 47 forks source link

Trying to extract BOOT.bin #24

Open 49handyman opened 2 years ago

49handyman commented 2 years ago

your software compiles without errors.

Im trying to get working fsbl.elf out of it.

the Boot.bin I'm working with seems to extract with proper names but completely unrecognized files.

Could there me some modifications of this zynq arm boot. bin. 

=======================================================

[0x00000020] Width Detection Word... 0xaa995566
[0x00000024] Header Signature....... 0x584c4e58
[0x00000028] Key Source............. 0x00000000
[0x0000002c] Header Version......... 0x01010000
[0x00000030] Source Byte Offset..... 0x00001700
[0x00000034] FSBL Image Length...... 114704
[0x00000038] FSBL Load Address...... 0x00000000
[0x0000003c] FSBL Execution Address. 0x00000000
[0x00000040] Total FSBL Length...... 114704
[0x00000044] QSPI configuration Word 0x00000001
[0x00000048] Boot Header Checksum... 0xfc15c520

IMAGE HEADER TAB SECTION
=======================================================

[0x00000000] Version...................... 0x01020000
[0x00000004] Header Count................. 3
[0x00000008] Partition Header Offset...... 0x00000320
[0x0000000c] Partition Image Header Offset 0x00000240
[0x00000010] Header Authentication Offset. 0x00000000

IMAGE HEADERS SECTION
=======================================================

[0x00000000] Next Image Offset......... 0x00000250
[0x00000004] Partition Header Offset... 0x00000320
[0x00000008] Partition Count (always 0) 0
[0x0000000c] Name Length (usually 1)... 1
[0x00000010] Image Name................ Zynq7007_miner_without_rsa.elf

[0x00000000] Next Image Offset......... 0x00000260
[0x00000004] Partition Header Offset... 0x00000330
[0x00000008] Partition Count (always 0) 0
[0x0000000c] Name Length (usually 1)... 1
[0x00000010] Image Name................ Zynq7007_miner.bit

[0x00000000] Next Image Offset......... 0x00000000
[0x00000004] Partition Header Offset... 0x00000340
[0x00000008] Partition Count (always 0) 0
[0x0000000c] Name Length (usually 1)... 1
[0x00000010] Image Name................ u-boot.elf

PARTITION HEADERS SECTION
=======================================================

Zynq7007_miner_without_rsa.elf:
[0x00000000] Encrypted Data Length.. 28676
[0x00000004] Unencrypted Data Length 28676
[0x00000008] Total Length........... 28676
[0x0000000c] Load Address........... 0x00000000
[0x00000010] Execution Address...... 0x00000000
[0x00000014] Partition Data Offset.. 0x000005c0
[0x00000018] Attributes............. explained below
             Hex Value: 0x00000010
             Owner: fsbl
             RSA: not used
             Destination CPU: none
             Encryption: no
             Destination Device: ps
             A5x Execution State: 64-bit
             Exception Level: el-0
             Trust Zone: no
[0x0000001c] Section Count.......... 1
[0x00000020] Checksum Offset........ 0x00000000
[0x00000024] Image Header Offset.... 0x00000240
[0x00000028] Certificate Offset..... 0x00000000
[0x0000003c] Checksum............... 0xfffea7e2

Zynq7007_miner.bit:
[0x00000000] Encrypted Data Length.. 520936
[0x00000004] Unencrypted Data Length 520936
[0x00000008] Total Length........... 520936
[0x0000000c] Load Address........... 0x00000000
[0x00000010] Execution Address...... 0x00000000
[0x00000014] Partition Data Offset.. 0x000075d0
[0x00000018] Attributes............. explained below
             Hex Value: 0x00000020
             Owner: fsbl
             RSA: not used
             Destination CPU: none
             Encryption: no
             Destination Device: pl
             A5x Execution State: 64-bit
             Exception Level: el-0
             Trust Zone: no
[0x0000001c] Section Count.......... 1
[0x00000020] Checksum Offset........ 0x00000000
[0x00000024] Image Header Offset.... 0x00000250
[0x00000028] Certificate Offset..... 0x00000000
[0x0000003c] Checksum............... 0xffe7af06

u-boot.elf:
[0x00000000] Encrypted Data Length.. 134879
[0x00000004] Unencrypted Data Length 134879
[0x00000008] Total Length........... 134879
[0x0000000c] Load Address........... 0x04000000
[0x00000010] Execution Address...... 0x04000000
[0x00000014] Partition Data Offset.. 0x000868c0
[0x00000018] Attributes............. explained below
             Hex Value: 0x00000010
             Owner: fsbl
             RSA: not used
             Destination CPU: none
             Encryption: no
             Destination Device: ps
             A5x Execution State: 64-bit
             Exception Level: el-0
             Trust Zone: no
[0x0000001c] Section Count.......... 1
[0x00000020] Checksum Offset........ 0x00000000
[0x00000024] Image Header Offset.... 0x00000260
[0x00000028] Certificate Offset..... 0x00000000
[0x0000003c] Checksum............... 0xf7f16831

BOOT.zip

49handyman commented 2 years ago

I just used bootgen to dump hearders from it to compare.

  **** Build date : May 25 2022-02:54:01
    ** Copyright 1986-2021 Xilinx, Inc. All Rights Reserved.

--------------------------------------------------------------------------------
   BOOT HEADER
--------------------------------------------------------------------------------
        boot_vectors (0x00) : 0xeafffffeeafffffeeafffffeeafffffeeafffffeeafffffeeafffffeeafffffe
     width_detection (0x20) : 0xaa995566
            image_id (0x24) : 0x584c4e58
 encryption_keystore (0x28) : 0x00000000
      header_version (0x2c) : 0x01010000
   fsbl_sourceoffset (0x30) : 0x00001700
         fsbl_length (0x34) : 0x0001c010
   fsbl_load_address (0x38) : 0x00000000
   fsbl_exec_address (0x3C) : 0x00000000
   fsbl_total_length (0x40) : 0x0001c010
    qspi_config-word (0x44) : 0x00000001
            checksum (0x48) : 0xfc15c520
          iht_offset (0x98) : 0x000008c0
          pht_offset (0x9c) : 0x00000c80
--------------------------------------------------------------------------------
   IMAGE HEADER TABLE
--------------------------------------------------------------------------------
             version (0x00) : 0x01020000        total_images (0x04) : 0x00000003
          pht_offset (0x08) : 0x00000c80           ih_offset (0x0c) : 0x00000900
       hdr_ac_offset (0x10) : 0x00000000
--------------------------------------------------------------------------------
   IMAGE HEADER (Zynq7007_miner_without_rsa.elf)
--------------------------------------------------------------------------------
          next_ih(W) (0x00) : 0x00000250
         next_pht(W) (0x04) : 0x00000320
    total_partitions (0x08) : 0x00000000
    total_partitions (0x0c) : 0x00000001
                name (0x10) : Zynq7007_miner_without_rsa.elf
--------------------------------------------------------------------------------
   IMAGE HEADER (Zynq7007_miner.bit)
--------------------------------------------------------------------------------
          next_ih(W) (0x00) : 0x00000260
         next_pht(W) (0x04) : 0x00000330
    total_partitions (0x08) : 0x00000000
    total_partitions (0x0c) : 0x00000001
                name (0x10) : Zynq7007_miner.bit
--------------------------------------------------------------------------------
   IMAGE HEADER (u-boot.elf)
--------------------------------------------------------------------------------
          next_ih(W) (0x00) : 0x00000000
         next_pht(W) (0x04) : 0x00000340
    total_partitions (0x08) : 0x00000000
    total_partitions (0x0c) : 0x00000001
                name (0x10) : u-boot.elf
--------------------------------------------------------------------------------
   PARTITION HEADER TABLE (Zynq7007_miner_without_rsa.elf.0)
--------------------------------------------------------------------------------
    encrypted_length (0x00) : 0x00007004  unencrypted_length (0x04) : 0x00007004
        total_length (0x08) : 0x00007004           load_addr (0x0c) : 0x00000000
           exec_addr (0x10) : 0x00000000    partition_offset (0x14) : 0x000005c0
          attributes (0x18) : 0x00000010       section_count (0x1C) : 0x00000001
     checksum_offset (0x20) : 0x00000000          iht_offset (0x24) : 0x00000240
           ac_offset (0x28) : 0x00000000            checksum (0x3c) : 0xfffea7e2
 attribute list -
               trustzone [non-secure]            el [el-0]
              exec_state [aarch-32]     dest_device [none]
              encryption [no]                  core [none]
--------------------------------------------------------------------------------
   PARTITION HEADER TABLE (Zynq7007_miner.bit.0)
--------------------------------------------------------------------------------
    encrypted_length (0x00) : 0x0007f2e8  unencrypted_length (0x04) : 0x0007f2e8
        total_length (0x08) : 0x0007f2e8           load_addr (0x0c) : 0x00000000
           exec_addr (0x10) : 0x00000000    partition_offset (0x14) : 0x000075d0
          attributes (0x18) : 0x00000020       section_count (0x1C) : 0x00000001
     checksum_offset (0x20) : 0x00000000          iht_offset (0x24) : 0x00000250
           ac_offset (0x28) : 0x00000000            checksum (0x3c) : 0xffe7af06
 attribute list -
               trustzone [non-secure]            el [el-0]
              exec_state [el-0]         dest_device [none]
              encryption [no]                  core [none]
--------------------------------------------------------------------------------
   PARTITION HEADER TABLE (u-boot.elf.0)
--------------------------------------------------------------------------------
    encrypted_length (0x00) : 0x00020edf  unencrypted_length (0x04) : 0x00020edf
        total_length (0x08) : 0x00020edf           load_addr (0x0c) : 0x04000000
           exec_addr (0x10) : 0x04000000    partition_offset (0x14) : 0x000868c0
          attributes (0x18) : 0x00000010       section_count (0x1C) : 0x00000001
     checksum_offset (0x20) : 0x00000000          iht_offset (0x24) : 0x00000260
           ac_offset (0x28) : 0x00000000            checksum (0x3c) : 0xf7f16831
 attribute list -
               trustzone [non-secure]            el [el-0]
              exec_state [aarch-32]     dest_device [none]
              encryption [no]                  core [none]
tgorochowik commented 2 years ago

Unfortunately, unpacking does not recreate the original elfs, it only extracts raw data from the partitions that are already there in boot.bin.

I think that we should be able to generate elfs from scratch and just fill the sections with data from boot.bins - we do something very similar with bitstreams (it's possible to fake most of the sections and extract the actual bitstream data from boot.bin if you provide the requested part name) - however we don't have any bandwidth for this currently so I am afraid we won't be able to help - feel free to implement it and submit if you want to, that would be very appreciated.