Some additional info about the file format:
Block 0x0106:
- Some firmware (like for the E-P1, model sig 0x0680) has a 0x0106 block. This block has a single header (len, addr); but the actual data is not known.
Image blocks:
- Blocks with images (0x0102 and 0x0104) do not just contain jpgs, they may also contain bmps, windows icons (including new vista 256x256 RGBA PNG icon) and possibly other image data (a single block can contain heterogeneous image types). While file types do not seem to be specified anywhere, they can be deduced easily from the data itself.
- Image blocks can contain 'empty headers' (len=0, addr=0) in between non-empty headers; perhaps image resources are accessed by header index. The section of headers seems to end when a section of 0xFF padding bytes is reached.
Block 0x0000:
- Some firmwares contain a 0x0000 block, this block is not encrypted and seems to be boot loader code. Checksum is compute as for the other blocks, just skipping the decryption step.
Font and string blocks:
- Fonts and strings blocks seem to have multiple resources like images blocks, except that there are no 0xFF bytes between the headers and data.
- Some blocks seem to contain strings for different languages (first byte is language id, then 3 bytes zero, then 3 char language string + zero termination byte).
- There's some data (fonts?), then the strings in 2 byte (UTF-16?) format (at least for model 0x0680). Strings have some control characters for line breaks and begin/end of strings, etc., but they seem very irregular.
