diff --git a/docs/bootloader.md b/docs/bootloader.md
index c23a8c09..4aa40df5 100644
--- a/docs/bootloader.md
+++ b/docs/bootloader.md
@@ -35,7 +35,7 @@ TREZOR Core (second stage) loader consists of 2 parts:
 
 ### Loader Header
 
-Total length of loader header is always 256 bytes.
+Total length of loader header is always 512 bytes.
 
 | offset | length | name | description |
 |-------:|-------:|------|-------------|
@@ -47,9 +47,9 @@ Total length of loader header is always 256 bytes.
 | 0x0011 | 1      | vminor | version (minor) |
 | 0x0012 | 1      | vpatch | version (patch) |
 | 0x0013 | 1      | vbuild | version (build) |
-| 0x0014 | 171    | reserved | not used yet (zeroed) |
-| 0x00BF | 1      | sigidx | SatoshiLabs signature indexes (bitmap) |
-| 0x00C0 | 64     | sig | SatoshiLabs signature |
+| 0x0014 | 427    | reserved | not used yet (zeroed) |
+| 0x01BF | 1      | sigidx | SatoshiLabs signature indexes (bitmap) |
+| 0x01C0 | 64     | sig | SatoshiLabs signature |
 
 ## Firmware Format
 
@@ -61,7 +61,7 @@ TREZOR Core firmware consists of 3 parts:
 
 ### Vendor Header
 
-Total length of vendor header is 84 + 32 * (number of pubkeys) + (length of vendor string) + (length of vendor image) bytes rounded up to the closest multiply of 256 bytes.
+Total length of vendor header is 84 + 32 * (number of pubkeys) + (length of vendor string) + (length of vendor image) bytes rounded up to the closest multiply of 512 bytes.
 
 | offset | length | name | description |
 |-------:|-------:|------|-------------|
@@ -84,7 +84,7 @@ Total length of vendor header is 84 + 32 * (number of pubkeys) + (length of vend
 
 ### Firmware Header
 
-Total length of firmware header is always 256 bytes.
+Total length of firmware header is always 512 bytes.
 
 | offset | length | name | description |
 |-------:|-------:|------|-------------|
@@ -96,9 +96,9 @@ Total length of firmware header is always 256 bytes.
 | 0x0011 | 1      | vminor | version (minor) |
 | 0x0012 | 1      | vpatch | version (patch) |
 | 0x0013 | 1      | vbuild | version (build) |
-| 0x0014 | 171    | reserved | not used yet (zeroed) |
-| 0x00BF | 1      | sigidx | vendor signature indexes (bitmap) |
-| 0x00C0 | 64     | sig | vendor signature |
+| 0x0014 | 427    | reserved | not used yet (zeroed) |
+| 0x01BF | 1      | sigidx | vendor signature indexes (bitmap) |
+| 0x01C0 | 64     | sig | vendor signature |
 
 ## Various ideas
 
diff --git a/tools/binctl b/tools/binctl
index 9921fdf1..398f6d9d 100755
--- a/tools/binctl
+++ b/tools/binctl
@@ -22,7 +22,7 @@ def get_sig(data):
 class LoaderImage:
 
     def __init__(self, data):
-        header = struct.unpack('<4sIIIBBBB171sB64s', data[:256])
+        header = struct.unpack('<4sIIIBBBB427sB64s', data[:512])
         self.magic, \
         self.hdrlen, \
         self.expiry, \
@@ -35,11 +35,11 @@ class LoaderImage:
         self.sigidx, \
         self.sig = header
         assert self.magic == b'TRZL'
-        assert self.hdrlen == 256
+        assert self.hdrlen == 512
         assert self.codelen + self.hdrlen >= 4 * 1024
         assert self.codelen + self.hdrlen <= 64 * 1024 + 7 * 128 * 1024
         assert (self.codelen + self.hdrlen) % 512 == 0
-        assert self.reserved == 171 * b'\x00'
+        assert self.reserved == 427 * b'\x00'
         self.code = data[self.hdrlen:]
         assert len(self.code) == self.codelen
 
@@ -54,7 +54,7 @@ class LoaderImage:
         print('  * sig     :', binascii.hexlify(self.sig).decode('ascii'))
 
     def serialize_header(self, sig=True):
-        header = struct.pack('<4sIIIBBBB171s', \
+        header = struct.pack('<4sIIIBBBB427s', \
             self.magic, self.hdrlen, self.expiry, self.codelen, \
             self.vmajor, self.vminor, self.vpatch, self.vbuild, \
             self.reserved)
@@ -155,7 +155,7 @@ class VendorHeader:
 class FirmwareImage:
 
     def __init__(self, data):
-        header = struct.unpack('<4sIIIBBBB171sB64s', data[:256])
+        header = struct.unpack('<4sIIIBBBB427sB64s', data[:512])
         self.magic, \
         self.hdrlen, \
         self.expiry, \
@@ -168,9 +168,9 @@ class FirmwareImage:
         self.sigidx, \
         self.sig = header
         assert self.magic == b'TRZF'
-        assert self.hdrlen == 256
+        assert self.hdrlen == 512
         assert self.codelen % 4 == 0
-        assert self.reserved == 171 * b'\x00'
+        assert self.reserved == 427 * b'\x00'
         self.code = data[self.hdrlen:]
         assert len(self.code) == self.codelen
 
@@ -185,7 +185,7 @@ class FirmwareImage:
         print('  * sig     :', binascii.hexlify(self.sig).decode('ascii'))
 
     def serialize_header(self, sig=True):
-        header = struct.pack('<4sIIIBBBB171s', \
+        header = struct.pack('<4sIIIBBBB427s', \
             self.magic, self.hdrlen, self.expiry, self.codelen, \
             self.vmajor, self.vminor, self.vpatch, self.vbuild, \
             self.reserved)
@@ -225,7 +225,7 @@ def binopen(filename):
 
 def main():
     if len(sys.argv) < 2:
-        print('Usage: firmwarectl file.bin [-s]')
+        print('Usage: binctl file.bin [-s]')
         return 1
     fn = sys.argv[1]
     sign = len(sys.argv) > 2 and sys.argv[2] == '-s'