pattern: Added DJI Firmware Pattern (#392)

0x0000z3r0 · web-flow · commit bcaeef31d76a · 2025-05-10T13:35:14.000+02:00
* added IM*H pattern

* improved README
diff --git a/README.md b/README.md
@@ -87,6 +87,7 @@ Everything will immediately show up in ImHex's Content Store and gets bundled wi
 | HSDT || [`patterns/hsdt.hexpat`](patterns/hsdt.hexpat) | HiSilicon device-tree table images |
 | ICO | | [`patterns/ico.hexpat`](patterns/ico.hexpat) | Icon (.ico) or Cursor (.cur) files |
 | ID3 | `audio/mpeg` | [`patterns/id3.hexpat`](patterns/id3.hexpat) | ID3 tags in MP3 files |
+| IM*H || [`patterns/imah.hexpat`](patterns/imah.hexpat) | DJI Signed Firmware (IM*H) |
 | Intel HEX  | | [`patterns/intel_hex.hexpat`](patterns/intel_hex.hexpat) | [Intel hexadecimal object file format definition]("https://en.wikipedia.org/wiki/Intel_HEX") |
 | IP | | [`patterns/ip.hexpat`](patterns/ip.hexpat) | Ethernet II Frames (IP Packets) |
 | IPS | | [`patterns/ips.hexpat`](patterns/ips.hexpat) | IPS (International Patching System) files |
diff --git a/patterns/imah.hexpat b/patterns/imah.hexpat
@@ -0,0 +1,52 @@
+#pragma author Hrant (0xZ3R0)
+#pragma description DJI Encrypted/Signed Firmware (IM*H)
+#pragma endian little
+
+// refs:
+// - "Challenges in Dynamic Analysis of Drone Firmware and Its Solutions" (DOI: 10.1109/ACCESS.2024.3425604)
+// - "Drone Security and the Mysterious Case of DJI’s DroneID" (DOI: 10.14722/ndss.2023.24217)
+// - https://github.com/o-gs/dji-firmware-tools
+
+struct imah_chunk_header {
+    s8  id[4];
+    u32 offset;
+    u32 size;
+    u32 attrib;
+    u64 address;
+    u8  reserved[8];
+};
+
+struct imah_header {
+    s8  magic[4];
+    u32 header_version;
+    u32 size;
+    u8  reserved[4];
+    u32 header_size;
+    u32 signature_size;
+    u32 payload_size;
+    u32 target_size;
+    u8  os;
+    u8  arch;
+    u8  compression;
+    u8  anti_version;
+    u32 auth_alg;
+    u8  auth_key[4];
+    u8  enc_key[4];
+    u8  scram_key[16];
+    s8  name[32];
+    u8  type[4];
+    u32 version;
+    u32 date;
+    u32 encr_cksum;
+    u8  reserved2[16];
+    s8  userdata[16];
+    u8  entry[8];
+    u32 plain_cksum;
+    u32 chunk_num;
+    u8  payload_digest[32];
+};
+
+imah_header header @ 0x00;
+imah_chunk_header chunks[header.chunk_num] @ addressof (header) + sizeof (header);
+u8 signature[header.signature_size] @ addressof (chunks) + sizeof (chunks);
+u8 payload_start @ addressof (signature) + sizeof (signature);
diff --git a/tests/patterns/test_data/imah.hexpat.fw.sig b/tests/patterns/test_data/imah.hexpat.fw.sig
