Making Motorola playlists (.pla files), part 3
(See part 1 and part 2.)
Motorola SLVR7e L7e phone has FAT16 filesystem on its memory card. Using wikipedia article on FAT16 design we will locate .mp3 entries in the filesystem and try to correlate them with .pla file (the playlist).
FAT16 consists of boot sector (1 sector is 512 bytes), two File Allocation Tables (FATs), root directory, and data region. Boot sector specifies various parameters of the filesystem. The ones of our interest are:
- [number of] sectors per cluster,
- sectors per FAT,
- maximum number of root directory entries.
We will use this helper function to read values from the filesystem:
read_at() { case "$2" in 1) t='C';; 2) t='v';; *) echo 'Usage: read_at OFFSET SIZE' >&2; return 1;; esac dd if=/dev/sdb1 bs=1 skip=$1 count=$2 2>/dev/null | \ perl -wspe '$_ = unpack("'$t'") . "\n"' }
And these are the boot sector values we need:
$ read_at $((0xd)) 1 # sectors_per_cluster 32 $ read_at $((0x16)) 2 # sectors_per_FAT 239 $ read_at $((0x11)) 2 # max_root_entry 512
So far so good. Now let's skip over boot sector and FATs and go right to the root directory.
root_directory_offset = size_of_boot_sector + size_of_FATs =
= (1 + 2 * sectors_per_FAT) * 512 = (1 + 2*239) * 512 =
= 0x3be00
Here we are:
0003BE00 41 6D 00 6F 00 62 00 69 00 6C 00 0F 00 60 65 00 Am.o.b.i.l...`e. 0003BE10 00 00 FF FF FF FF FF FF FF FF 00 00 FF FF FF FF ................ 0003BE20 4D 4F 42 49 4C 45 20 20 20 20 20 10 00 00 00 00 MOBILE ..... 0003BE30 00 00 A8 38 00 00 62 79 2C 36 02 00 00 00 00 00 ...8..by,6...... 0003BE40 41 64 00 00 00 FF FF FF FF FF FF 0F 00 41 FF FF Ad...........A.. 0003BE50 FF FF FF FF FF FF FF FF FF FF 00 00 FF FF FF FF ................ 0003BE60 44 20 20 20 20 20 20 20 20 20 20 10 00 64 62 8F D ..db. 0003BE70 4F 3B 4F 3B 00 00 62 8F 4F 3B 22 00 00 00 00 00 O;O;..b.O;"..... 0003BE80 E5 6D 00 70 00 33 00 70 00 6C 00 0F 00 CB 61 00 .m.p.3.p.l....a. 0003BE90 79 00 65 00 72 00 2E 00 6D 00 00 00 64 00 62 00 y.e.r...m...d.b. 0003BEA0 E5 50 33 50 4C 41 7E 31 4D 44 42 20 00 00 00 00 .P3PLA~1MDB .... 0003BEB0 00 00 6F 39 00 00 0B 51 0B 39 07 06 FD 01 00 00 ..o9...Q.9...... 0003BEC0 E5 4C 00 4F 00 47 00 2E 00 67 00 0F 00 E7 7A 00 .L.O.G...g....z. 0003BED0 00 00 FF FF FF FF FF FF FF FF 00 00 FF FF FF FF ................ 0003BEE0 E5 4F 47 20 20 20 20 20 47 5A 20 20 00 64 57 95 .OG GZ .dW. 0003BEF0 3E 3B 3E 3B 00 00 57 95 3E 3B 61 02 15 2A 00 00 >;>;..W.>;a..*.. 0003BF00 E5 45 43 53 45 50 7E 31 54 41 52 20 00 64 FB 0A .ECSEP~1TAR .d.. 0003BF10 21 3B 21 3B 00 00 FB 0A 21 3B 87 20 00 38 3F 06 !;!;....!;. .8?. 0003BF20 E5 4C 00 4F 00 47 00 2E 00 67 00 0F 00 E7 7A 00 .L.O.G...g....z. 0003BF30 00 00 FF FF FF FF FF FF FF FF 00 00 FF FF FF FF ................ 0003BF40 E5 4F 47 20 20 20 20 20 47 5A 20 20 00 64 0E 0B .OG GZ .d.. 0003BF50 21 3B 21 3B 00 00 0E 0B 21 3B 84 39 F6 23 00 00 !;!;....!;.9.#.. 0003BF60 E5 7A 00 00 00 FF FF FF FF FF FF 0F 00 9D FF FF .z.............. 0003BF70 FF FF FF FF FF FF FF FF FF FF 00 00 FF FF FF FF ................ 0003BF80 E5 52 00 65 00 63 00 53 00 65 00 0F 00 9D 70 00 .R.e.c.S.e....p. 0003BF90 2E 00 68 00 74 00 6D 00 6C 00 00 00 2E 00 67 00 ..h.t.m.l.....g. 0003BFA0 E5 45 43 53 45 50 7E 31 47 5A 20 20 00 00 9A A2 .ECSEP~1GZ .... 0003BFB0 1F 3B 1F 3B 00 00 9A A2 1F 3B 99 20 B9 04 00 00 .;.;.....;. .... 0003BFC0 E5 45 43 59 43 4C 45 52 20 20 20 17 00 9C 5C 89 .ECYCLER ...\. 0003BFD0 44 3B 44 3B 00 00 5D 89 44 3B 42 55 00 00 00 00 D;D;..].D;BU.... 0003BFE0 E5 55 54 4F 52 55 4E 20 49 4E 46 07 18 00 00 74 .UTORUN INF....t 0003BFF0 38 2D 44 3B 00 00 00 74 38 2D 4E 55 AA E7 00 00 8-D;...t8-NU.... 0003C000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C0A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C0B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C0C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0003C0D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ TWEAK 3.01: /dev/sdb1 (LOOK) posn=0x3BE00 size=0x3B86FE00
You see the output of tweak hex editor. Very nice tool indeed. Due to its lazy nature it can open huge files instantly, supports cut-n-paste, searches for byte sequences, and has Emacs-like shortcuts. By the author of PuTTY.
Root directory is just ``a Directory Table that stores information about the files and directories located in the root directory. It is only used with FAT12 and FAT16''.[src] Rootdir's hex dump is hardly readable (yet) but we can mount and list it:
$ mount /mnt/winstick $ ls -AlgG /mnt/winstick total 32 drwxrwxrwx 3 16384 2009-10-15 20:59 d drwxrwxrwx 17 16384 2007-01-12 17:11 mobile
This `mobile' directory was created by phone when it formatted memory card, and `d' was made by me. Dentries
A directory table consists of directory entries or dentries as kernel source calls them. ``Each entry records the name, extension, attributes (archive, directory, hidden, read-only, system and volume), the date and time of creation, the address of the first cluster of the file/directory's data and finally the size of the file/directory. Aside from the Root Directory Table in FAT12 and FAT16 file systems, which occupies the special Root Directory Region location, all Directory Tables are stored in the Data Region.''[src]
Dentry for `mobile' directory has offset 0x3be20, and `d' is at 0x3be60. If you follow the addresses, you can see that DOS file names are uppercase, contrary to the output of ls command. Let's ignore this fact for a while.
At this point you may wonder how do all these dentries relate to our original intention to locate .mp3 files. The answer is - indirectly. :) Dentries are kind of road signs that one can follow to get from root to destination file. Each dentry has a "pointer" to its contents - number of first cluster, encoded in two bytes starting at 0x1a (dentry's offset).
Continued...