Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Header structure contains unknown values #2

Open
abl opened this issue Feb 17, 2013 · 8 comments
Open

Header structure contains unknown values #2

abl opened this issue Feb 17, 2013 · 8 comments

Comments

@abl
Copy link

abl commented Feb 17, 2013

Since we still have some unknowns I went ahead and pulled all of the current header values in to a spreadsheet to get started:

https://docs.google.com/spreadsheet/ccc?key=0Atak9WHHS8K-dExsUzBobFdQU0xTYklzYlYxempFYnc

Please copy and edit - figure this is easier than working in the wiki.

So far I'm noticing that the 2nd offset in the header is always the same as the size (but that space is 32-bit, not 16-bit.) Unknown7 also appears to have some relationship to the watch - all of the "simple" faces that are just hour+minute have a value of 2. Getting access to the faces built in to the firmware (if they follow the same header) should help confirm/continue this work...but I don't have anything worth mentioning as a disassembler.

@EnJens
Copy link
Contributor

EnJens commented Feb 17, 2013

Good work! :)
I've had some success disassembling the tintin_fw.bin last night, so that should help some!

When you have time, you should join us in #pebble at freenode irc server (if you don't use irc, they have a webclient at www.freenode.net)

@abl
Copy link
Author

abl commented Feb 17, 2013

I've been more or less living off of my phone this week so I've only been
on irc once or twice. Excited to see your disassembly success, can't wait
until I have time to sit down and tear in (and check in the python bits
I've been working on.)

On Feb 17, 2013, at 4:29 AM, RaYmAn notifications@github.com wrote:

Good work! :)
I've had some success disassembling the tintin_fw.bin last night, so that
should help some!

When you have time, you should join us in #pebble at freenode irc server
(if you don't use irc, they have a webclient at www.freenode.net)


Reply to this email directly or view it on
GitHubhttps://github.com//issues/2#issuecomment-13685095.

@Hexxeh
Copy link

Hexxeh commented Feb 17, 2013

Filled in some more of the header:
https://docs.google.com/a/hexxeh.net/spreadsheet/ccc?key=0Au8zIiSq_0TpdDVoTkFFbm9oaFIyYzhoc0VhUEx4dEE&usp=sharing

On 17 February 2013 12:33, aleksandyr notifications@github.com wrote:

I've been more or less living off of my phone this week so I've only been
on irc once or twice. Excited to see your disassembly success, can't wait
until I have time to sit down and tear in (and check in the python bits
I've been working on.)

On Feb 17, 2013, at 4:29 AM, RaYmAn notifications@github.com wrote:

Good work! :)
I've had some success disassembling the tintin_fw.bin last night, so that
should help some!

When you have time, you should join us in #pebble at freenode irc server
(if you don't use irc, they have a webclient at www.freenode.net)


Reply to this email directly or view it on
GitHub<
https://github.com/PebbleDev/pebble-tools/issues/2#issuecomment-13685095>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/2#issuecomment-13685206.

@abl
Copy link
Author

abl commented Feb 21, 2013

I hope I'm just doing something silly but the CRC field of the application header doesn't appear to correspond to the CRC of the binary or any meaningful subset thereof. How should it be derived?

(I'm working on an unpack/repack for apps.)

@abl
Copy link
Author

abl commented Feb 22, 2013

Brute forced it. Hopefully more than just a coincidence...confirming results before I report.

@abl
Copy link
Author

abl commented Feb 22, 2013

Ok...the CRC is taken with respect from the end of the header (so byte 108) to 8 bytes less than the end of the binary.

The last two values of the binary vary but appear to be offsets inside the file and are always 4 apart.

Also, there's a secondary header or signature at the end of the app file - it refers to the internal CRC of the PBPack (not the one in the manifest, the one in the PBPack) and the CRC of the app's icon! This struct begins at 0xC18 in pebble-app.bin in the Brains watch. This might be why my attempts to replace the images failed!

@abl
Copy link
Author

abl commented Feb 25, 2013

Err, the ending header and the whole 8-bytes-less-than-end thing is a bit more fluid than I thought.

First number is the number of bytes in to the binary (so after the 108-byte header) and the second number is the number of bytes at the end of the file.

Big Time 12
2532 8
Big Time 24
2484 8
Brains Watch
3064 24
Just A Bit
2020 8
Segment Six
2268 28
Simplicity
2104 16
Tic Tock Toe
3244 16
Times Square
1916 12

The second number is, of course, 4x the number of relocs (last value in the header) - the reloc list is therefore not part of the CRC.

@southwolf
Copy link

I'm working on adding Chinese character to the font library.Basically it's the same way I did to the video game X3:Reunion in 2006. Stuck in CRC, Any one could tell me how to calculate CRC in the firmware's system_resources.pbpack ? I never make it right

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants