Hey! I finally got around to rewriting this and making it more useful. Hopefully this will inspire and assist with some useful hacks and research. From the readme:
drxtool enables extraction, modification, and rebuilding of drc (gamepad) and drh (host) firmware binaries, including actual firmware (e.g. drc_fw.bin, drh_fw.bin) as well as language data (lang_00.bin, etc.) this subsequently allows for firmware RE and patching, switching out graphics, enabling debug modes, etc.
drop a binary onto drxtool to extract it to [filename]_extracted. it will be split into its components, including separate sections for firmwares. language files are a big blob since their layout is determined per-firmware-version.
drop an extracted folder onto drxtool to rebuild it to [foldername].bin.
in both cases, drxtool can be invoked from command line/terminal for additional debug output.
this has been tested and is working on all DRC, DRH, and language data dating back to the very first external beta builds for near-final gamepad hardware (v16, though v15 likely ran on this hardware as well). earlier hardware uses a different update format (the hw has all likely been destroyed by now.)
to flash binaries with ios-level hax, try bumping up the first big-endian u32 in blob_header.bin by 1, as well as bumping up the version in app.xml. updating VER_.bin isn't necessary as the gamepad and drh don't care what version they're on, only IOS.
other update methods include potentially using libdrc to push an update directly to the gamepad (strip the first 0x10 as this is a big-endian header used by IOS) or by writing the payload directly to the serial eeprom (strip the first 0x10+0x1000+0x4000), which is useful for unbricking.
good luck, and try not to brick!
changelog:
2.0 - 12/14/2016:
- initial public release
1.0 - 08/10/2016:
- it lives!
downloads (v2.0):
MEDIAFIRE
MEGA
drxtool enables extraction, modification, and rebuilding of drc (gamepad) and drh (host) firmware binaries, including actual firmware (e.g. drc_fw.bin, drh_fw.bin) as well as language data (lang_00.bin, etc.) this subsequently allows for firmware RE and patching, switching out graphics, enabling debug modes, etc.
drop a binary onto drxtool to extract it to [filename]_extracted. it will be split into its components, including separate sections for firmwares. language files are a big blob since their layout is determined per-firmware-version.
drop an extracted folder onto drxtool to rebuild it to [foldername].bin.
in both cases, drxtool can be invoked from command line/terminal for additional debug output.
this has been tested and is working on all DRC, DRH, and language data dating back to the very first external beta builds for near-final gamepad hardware (v16, though v15 likely ran on this hardware as well). earlier hardware uses a different update format (the hw has all likely been destroyed by now.)
to flash binaries with ios-level hax, try bumping up the first big-endian u32 in blob_header.bin by 1, as well as bumping up the version in app.xml. updating VER_.bin isn't necessary as the gamepad and drh don't care what version they're on, only IOS.
other update methods include potentially using libdrc to push an update directly to the gamepad (strip the first 0x10 as this is a big-endian header used by IOS) or by writing the payload directly to the serial eeprom (strip the first 0x10+0x1000+0x4000), which is useful for unbricking.
good luck, and try not to brick!
changelog:
2.0 - 12/14/2016:
- initial public release
1.0 - 08/10/2016:
- it lives!
downloads (v2.0):
MEDIAFIRE
MEGA
Last edited by WulfyStylez,
, Reason: minor clarification
