From bcaeef31d76a770b0187c6766790d3a1a347a5f4 Mon Sep 17 00:00:00 2001
From: 0xZ3R0 <95277210+0x0000z3r0@users.noreply.github.com>
Date: Sat, 10 May 2025 07:35:14 -0400
Subject: [PATCH] pattern: Added DJI Firmware Pattern (#392)

* added IM*H pattern

* improved README
---
 README.md                                   |   1 +
 patterns/imah.hexpat                        |  52 ++++++++++++++++++++
 tests/patterns/test_data/imah.hexpat.fw.sig | Bin 0 -> 512 bytes
 3 files changed, 53 insertions(+)
 create mode 100644 patterns/imah.hexpat
 create mode 100644 tests/patterns/test_data/imah.hexpat.fw.sig

diff --git a/README.md b/README.md
index a284b3d..2447330 100644
--- a/README.md
+++ b/README.md
@@ -87,6 +87,7 @@ Everything will immediately show up in ImHex's Content Store and gets bundled wi
 | HSDT || [`patterns/hsdt.hexpat`](patterns/hsdt.hexpat) | HiSilicon device-tree table images |
 | ICO | | [`patterns/ico.hexpat`](patterns/ico.hexpat) | Icon (.ico) or Cursor (.cur) files |
 | ID3 | `audio/mpeg` | [`patterns/id3.hexpat`](patterns/id3.hexpat) | ID3 tags in MP3 files |
+| IM*H || [`patterns/imah.hexpat`](patterns/imah.hexpat) | DJI Signed Firmware (IM*H) |
 | Intel HEX  | | [`patterns/intel_hex.hexpat`](patterns/intel_hex.hexpat) | [Intel hexadecimal object file format definition]("https://en.wikipedia.org/wiki/Intel_HEX") |
 | IP | | [`patterns/ip.hexpat`](patterns/ip.hexpat) | Ethernet II Frames (IP Packets) |
 | IPS | | [`patterns/ips.hexpat`](patterns/ips.hexpat) | IPS (International Patching System) files |
diff --git a/patterns/imah.hexpat b/patterns/imah.hexpat
new file mode 100644
index 0000000..4e4974a
--- /dev/null
+++ b/patterns/imah.hexpat
@@ -0,0 +1,52 @@
+#pragma author Hrant (0xZ3R0)
+#pragma description DJI Encrypted/Signed Firmware (IM*H)
+#pragma endian little
+
+// refs:
+// - "Challenges in Dynamic Analysis of Drone Firmware and Its Solutions" (DOI: 10.1109/ACCESS.2024.3425604)
+// - "Drone Security and the Mysterious Case of DJI’s DroneID" (DOI: 10.14722/ndss.2023.24217)
+// - https://github.com/o-gs/dji-firmware-tools
+
+struct imah_chunk_header {
+    s8  id[4];
+    u32 offset;
+    u32 size;
+    u32 attrib;
+    u64 address;
+    u8  reserved[8];
+};
+
+struct imah_header {
+    s8  magic[4];
+    u32 header_version;
+    u32 size;
+    u8  reserved[4];
+    u32 header_size;
+    u32 signature_size;
+    u32 payload_size;
+    u32 target_size;
+    u8  os;
+    u8  arch;
+    u8  compression;
+    u8  anti_version;
+    u32 auth_alg;
+    u8  auth_key[4];
+    u8  enc_key[4];
+    u8  scram_key[16];
+    s8  name[32];
+    u8  type[4];
+    u32 version;
+    u32 date;
+    u32 encr_cksum;
+    u8  reserved2[16];
+    s8  userdata[16];
+    u8  entry[8];
+    u32 plain_cksum;
+    u32 chunk_num;
+    u8  payload_digest[32];
+};
+
+imah_header header @ 0x00;
+imah_chunk_header chunks[header.chunk_num] @ addressof (header) + sizeof (header);
+u8 signature[header.signature_size] @ addressof (chunks) + sizeof (chunks);
+u8 payload_start @ addressof (signature) + sizeof (signature);
diff --git a/tests/patterns/test_data/imah.hexpat.fw.sig b/tests/patterns/test_data/imah.hexpat.fw.sig
new file mode 100644
index 0000000000000000000000000000000000000000..0af05c731434e3c1d605675f231e34ee1d14236d
GIT binary patch
literal 512
zcmebD)$(9uU|?`q@hJ^RF+2bfK!Jp1pVDArAo+kGNAG}8SMQ}gUWsm9C2}1nj2=Wy
z)A(p$WMB%?f)6n9GB7AGt0>@8gG~-(Z+TM`zs8iLO+r5t!?@p`J66kdsbhvuL8hdb
zvCzxj9kDR`U4ZTdsYeH~N{U|FUOlZmS!WS_ly@qZsrMb7KUJYSb}?-{!E-f9Q9tU+
zhUq3*8$T{tsvhh<_rfkW&G{*OkB<2Wu|L&HIe%Q*YNLr*?Y!k`)v}H8hqvTUmcO@f
zrBs#QuM0t|70>hCj||_<{V$`ozWaoL;s)NQjIBHd3-6j;x0PD+b#0@s&Keh==ca4e
zt6w}n{U&nr@e|+6FPPWM9?O4yaH~4=gUVVh=IA*+zap-(9`4y7RMeilS!vgu=v?(z
z8{SH<a@JlkEn`A)$J3pc6Zld>9!Kk>u5O#6D;RU*$D+uDX%1{FCMFoIIb5Y5b3c?N
yvT5DQSzn5lT|CjJsAZ+|?2^<chMn&cd;+|gS-2P&I6&c|XoVa)0t_q+#gzaHIi!jJ

literal 0
HcmV?d00001