Firmware format
The firmware file is made up of the following components:
| Component | Size description | Example | Description |
|---|---|---|---|
| Firmware header | Defined at offset 0x0050 |
0x00000080 (128 bytes) |
|
| Module headers | Module header size (defined at offset 0x0054), multiplied by number of modules (defined at offset 0x007C) |
0x00000040 (64 bytes) * 0x0000004F (79 modules) = 0x000013C0 (5056 bytes) |
|
| Data | TBC |
Firmware header
The firmware header is located at the very beginning of the file. Its length is defined by the 32 bit unsigned integer (big endian) located at offset 0x0050. For example: 0x00000080 (128 bytes).
The format for the firmware header is described below:
| Size (byte) | Type | Description | Example |
|---|---|---|---|
| 16 | Byte array | Identifier | SkOsMo5 fIrMwArE |
| 32 | Byte array | Signature | Not used |
| 16 | Byte array | MD5 of firmware header + module headers | 90 2D F5 21 17 F8 1F E7 8B 4D 68 27 CC B1 87 A4 |
| 16 | Byte array | A random sequence | 8C 6C D4 ED 19 B2 74 E9 3E 49 AD EB F6 55 01 A3 |
| 4 | Unsigned BE Int | Length of the entire firmware header | 0x00000080 (128 bytes) |
| 4 | Unsigned BE Int | Length of each module header | 0x00000040 (64 bytes) |
| 4 | Unsigned BE Int | Length of entire file | 0x0043153D (4396349 bytes) |
| 32 | Byte array | Firmware version number | 7.6.2f |
| 4 | Unsigned BE Int | Number of modules present in the firmware | 0x0000004F (79 modules) |
Module header table
There are multiple modules in the firmware file. The number of modules is defined at offset 0x007C in the firmware header. For example: 0x0000004F (79 modules).
Each module has a module header, located in a module header table. These are of a length defined at offset 0x0054 in the firmware header. For example: 0x00000040 (64 bytes). Each module header is concatenated in order, directly after the firmware header (in this case, from offset 0x0080).
The format for each module header is described below. The screenshot contains three of the 79 module headers present in this particular firmware (7.6.2f).
| Size (byte) | Type | Description | Examples |
|---|---|---|---|
| 2 | Unsigned BE Short | Sequence number | 0x00 (0) 0x01 (1) 0x03 (3) This was observed to increase from 0 to 127, skipping the following values:
|
| 2 | Unsigned BE Short | Compressed flag? | 0x00 |
| 4 | Unsigned BE Int | Length of module data | 0x0000778B (30,603 bytes)0x000067F0 (26,608 bytes)0x0000FE8D (65,165 bytes)... |
| 4 | Unsigned BE Int | Offset to module data from start of file | 0x00001440 (5,184 bytes)0x00008BCB (35,787 bytes)0x0000F3BB (62,395 bytes)... |
| 16 | Byte array | MD5 digest of the uncompressed module | 16 16 E6 D2 1E A2 87 C2 7A A1 DB 0B 37 8F DD FB5B 2B 75 F3 8D 75 10 BF 5C 36 C0 84 A4 BC 22 2487 A9 B1 9C 7D 05 12 01 5C 26 C4 AE 70 C8 1C 85... |
| 4 | Byte array | Unknown | |
| 32 | Padding | Zero padding |