projects / openwrt / staging / dedeckeh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ar71xx: Use dynamic partitions for TP-Link CPE210 v2
[openwrt/staging/dedeckeh.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <limits.h>
50
51 #include "md5.h"
52
53
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
55
56
57 #define MAX_PARTITIONS 32
58
59 /** An image partition table entry */
60 struct image_partition_entry {
61 const char *name;
62 size_t size;
63 uint8_t *data;
64 };
65
66 /** A flash partition table entry */
67 struct flash_partition_entry {
68 char *name;
69 uint32_t base;
70 uint32_t size;
71 };
72
73 /** Firmware layout description */
74 struct device_info {
75 const char *id;
76 const char *vendor;
77 const char *support_list;
78 char support_trail;
79 const char *soft_ver;
80 struct flash_partition_entry partitions[MAX_PARTITIONS+1];
81 const char *first_sysupgrade_partition;
82 const char *last_sysupgrade_partition;
83 };
84
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__)) soft_version {
87 uint32_t magic;
88 uint32_t zero;
89 uint8_t pad1;
90 uint8_t version_major;
91 uint8_t version_minor;
92 uint8_t version_patch;
93 uint8_t year_hi;
94 uint8_t year_lo;
95 uint8_t month;
96 uint8_t day;
97 uint32_t rev;
98 uint8_t pad2;
99 };
100
101
102 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
103
104
105 /**
106 Salt for the MD5 hash
107
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
110 */
111 static const uint8_t md5_salt[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
116 };
117
118
119 /** Firmware layout table */
120 static struct device_info boards[] = {
121 /** Firmware layout for the CPE210/220 */
122 {
123 .id = "CPE210",
124 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
125 .support_list =
126 "SupportList:\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail = '\xff',
135 .soft_ver = NULL,
136
137 .partitions = {
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
151 {NULL, 0, 0}
152 },
153
154 .first_sysupgrade_partition = "os-image",
155 .last_sysupgrade_partition = "support-list",
156 },
157
158 /** Firmware layout for the CPE210 V2 */
159 {
160 .id = "CPE210V2",
161 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
162 .support_list =
163 "SupportList:\r\n"
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail = '\xff',
175 .soft_ver = NULL,
176
177 .partitions = {
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"firmware", 0x40000, 0x770000},
186 {"soft-version", 0x7b0000, 0x00100},
187 {"support-list", 0x7b1000, 0x01000},
188 {"user-config", 0x7c0000, 0x10000},
189 {"default-config", 0x7d0000, 0x10000},
190 {"log", 0x7e0000, 0x10000},
191 {"radio", 0x7f0000, 0x10000},
192 {NULL, 0, 0}
193 },
194
195 .first_sysupgrade_partition = "os-image",
196 .last_sysupgrade_partition = "support-list",
197 },
198
199 /** Firmware layout for the CPE510/520 */
200 {
201 .id = "CPE510",
202 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
203 .support_list =
204 "SupportList:\r\n"
205 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
206 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
207 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
208 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
209 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
210 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
211 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
212 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
213 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
214 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
215 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
216 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
217 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
218 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
219 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
220 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
221 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
222 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
223 .support_trail = '\xff',
224 .soft_ver = NULL,
225
226 .partitions = {
227 {"fs-uboot", 0x00000, 0x20000},
228 {"partition-table", 0x20000, 0x02000},
229 {"default-mac", 0x30000, 0x00020},
230 {"product-info", 0x31100, 0x00100},
231 {"signature", 0x32000, 0x00400},
232 {"os-image", 0x40000, 0x1c0000},
233 {"file-system", 0x200000, 0x5b0000},
234 {"soft-version", 0x7b0000, 0x00100},
235 {"support-list", 0x7b1000, 0x00400},
236 {"user-config", 0x7c0000, 0x10000},
237 {"default-config", 0x7d0000, 0x10000},
238 {"log", 0x7e0000, 0x10000},
239 {"radio", 0x7f0000, 0x10000},
240 {NULL, 0, 0}
241 },
242
243 .first_sysupgrade_partition = "os-image",
244 .last_sysupgrade_partition = "support-list",
245 },
246
247 {
248 .id = "WBS210",
249 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
250 .support_list =
251 "SupportList:\r\n"
252 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
253 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
254 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
255 .support_trail = '\xff',
256 .soft_ver = NULL,
257
258 .partitions = {
259 {"fs-uboot", 0x00000, 0x20000},
260 {"partition-table", 0x20000, 0x02000},
261 {"default-mac", 0x30000, 0x00020},
262 {"product-info", 0x31100, 0x00100},
263 {"signature", 0x32000, 0x00400},
264 {"os-image", 0x40000, 0x1c0000},
265 {"file-system", 0x200000, 0x5b0000},
266 {"soft-version", 0x7b0000, 0x00100},
267 {"support-list", 0x7b1000, 0x00400},
268 {"user-config", 0x7c0000, 0x10000},
269 {"default-config", 0x7d0000, 0x10000},
270 {"log", 0x7e0000, 0x10000},
271 {"radio", 0x7f0000, 0x10000},
272 {NULL, 0, 0}
273 },
274
275 .first_sysupgrade_partition = "os-image",
276 .last_sysupgrade_partition = "support-list",
277 },
278
279 {
280 .id = "WBS510",
281 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
282 .support_list =
283 "SupportList:\r\n"
284 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
285 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
286 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
287 .support_trail = '\xff',
288 .soft_ver = NULL,
289
290 .partitions = {
291 {"fs-uboot", 0x00000, 0x20000},
292 {"partition-table", 0x20000, 0x02000},
293 {"default-mac", 0x30000, 0x00020},
294 {"product-info", 0x31100, 0x00100},
295 {"signature", 0x32000, 0x00400},
296 {"os-image", 0x40000, 0x1c0000},
297 {"file-system", 0x200000, 0x5b0000},
298 {"soft-version", 0x7b0000, 0x00100},
299 {"support-list", 0x7b1000, 0x00400},
300 {"user-config", 0x7c0000, 0x10000},
301 {"default-config", 0x7d0000, 0x10000},
302 {"log", 0x7e0000, 0x10000},
303 {"radio", 0x7f0000, 0x10000},
304 {NULL, 0, 0}
305 },
306
307 .first_sysupgrade_partition = "os-image",
308 .last_sysupgrade_partition = "support-list",
309 },
310
311 /** Firmware layout for the C2600 */
312 {
313 .id = "C2600",
314 .vendor = "",
315 .support_list =
316 "SupportList:\r\n"
317 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
318 .support_trail = '\x00',
319 .soft_ver = NULL,
320
321 /**
322 We use a bigger os-image partition than the stock images (and thus
323 smaller file-system), as our kernel doesn't fit in the stock firmware's
324 2 MB os-image since kernel 4.14.
325 */
326 .partitions = {
327 {"SBL1", 0x00000, 0x20000},
328 {"MIBIB", 0x20000, 0x20000},
329 {"SBL2", 0x40000, 0x20000},
330 {"SBL3", 0x60000, 0x30000},
331 {"DDRCONFIG", 0x90000, 0x10000},
332 {"SSD", 0xa0000, 0x10000},
333 {"TZ", 0xb0000, 0x30000},
334 {"RPM", 0xe0000, 0x20000},
335 {"fs-uboot", 0x100000, 0x70000},
336 {"uboot-env", 0x170000, 0x40000},
337 {"radio", 0x1b0000, 0x40000},
338 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
339 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
340 {"default-mac", 0x1ef0000, 0x00200},
341 {"pin", 0x1ef0200, 0x00200},
342 {"product-info", 0x1ef0400, 0x0fc00},
343 {"partition-table", 0x1f00000, 0x10000},
344 {"soft-version", 0x1f10000, 0x10000},
345 {"support-list", 0x1f20000, 0x10000},
346 {"profile", 0x1f30000, 0x10000},
347 {"default-config", 0x1f40000, 0x10000},
348 {"user-config", 0x1f50000, 0x40000},
349 {"qos-db", 0x1f90000, 0x40000},
350 {"usb-config", 0x1fd0000, 0x10000},
351 {"log", 0x1fe0000, 0x20000},
352 {NULL, 0, 0}
353 },
354
355 .first_sysupgrade_partition = "os-image",
356 .last_sysupgrade_partition = "file-system"
357 },
358
359 /** Firmware layout for the A7-V5 */
360 {
361 .id = "ARCHER-A7-V5",
362 .support_list =
363 "SupportList:\n"
364 "{product_name:Archer A7,product_ver:5.0.0,special_id:45550000}\n"
365 "{product_name:Archer A7,product_ver:5.0.0,special_id:55530000}\n"
366 "{product_name:Archer A7,product_ver:5.0.0,special_id:43410000}\n"
367 "{product_name:Archer A7,product_ver:5.0.0,special_id:4A500000}\n"
368 "{product_name:Archer A7,product_ver:5.0.0,special_id:54570000}\n",
369 .support_trail = '\x00',
370 .soft_ver = "soft_ver:1.0.0\n",
371
372 /* We're using a dynamic kernel/rootfs split here */
373 .partitions = {
374 {"factory-boot", 0x00000, 0x20000},
375 {"fs-uboot", 0x20000, 0x20000},
376 {"firmware", 0x40000, 0xec0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
377 /* Stock: name file-system base 0x160000 size 0xda0000 */
378 {"default-mac", 0xf40000, 0x00200},
379 {"pin", 0xf40200, 0x00200},
380 {"device-id", 0xf40400, 0x00100},
381 {"product-info", 0xf40500, 0x0fb00},
382 {"soft-version", 0xf50000, 0x00100},
383 {"extra-para", 0xf51000, 0x01000},
384 {"support-list", 0xf52000, 0x0a000},
385 {"profile", 0xf5c000, 0x04000},
386 {"default-config", 0xf60000, 0x10000},
387 {"user-config", 0xf70000, 0x40000},
388 {"certificate", 0xfb0000, 0x10000},
389 {"partition-table", 0xfc0000, 0x10000},
390 {"log", 0xfd0000, 0x20000},
391 {"radio", 0xff0000, 0x10000},
392 {NULL, 0, 0}
393 },
394
395 .first_sysupgrade_partition = "os-image",
396 .last_sysupgrade_partition = "file-system",
397 },
398
399 /** Firmware layout for the C2v3 */
400 {
401 .id = "ARCHER-C2-V3",
402 .support_list =
403 "SupportList:\n"
404 "{product_name:ArcherC2,product_ver:3.0.0,special_id:00000000}\n"
405 "{product_name:ArcherC2,product_ver:3.0.0,special_id:55530000}\n"
406 "{product_name:ArcherC2,product_ver:3.0.0,special_id:45550000}\n",
407 .support_trail = '\x00',
408 .soft_ver = "soft_ver:3.0.1\n",
409
410 /** We're using a dynamic kernel/rootfs split here */
411
412 .partitions = {
413 {"factory-boot", 0x00000, 0x20000},
414 {"fs-uboot", 0x20000, 0x10000},
415 {"firmware", 0x30000, 0x7a0000},
416 {"user-config", 0x7d0000, 0x04000},
417 {"default-mac", 0x7e0000, 0x00100},
418 {"device-id", 0x7e0100, 0x00100},
419 {"extra-para", 0x7e0200, 0x00100},
420 {"pin", 0x7e0300, 0x00100},
421 {"support-list", 0x7e0400, 0x00400},
422 {"soft-version", 0x7e0800, 0x00400},
423 {"product-info", 0x7e0c00, 0x01400},
424 {"partition-table", 0x7e2000, 0x01000},
425 {"profile", 0x7e3000, 0x01000},
426 {"default-config", 0x7e4000, 0x04000},
427 {"merge-config", 0x7ec000, 0x02000},
428 {"qos-db", 0x7ee000, 0x02000},
429 {"radio", 0x7f0000, 0x10000},
430 {NULL, 0, 0}
431 },
432
433 .first_sysupgrade_partition = "os-image",
434 .last_sysupgrade_partition = "file-system",
435 },
436
437 /** Firmware layout for the C25v1 */
438 {
439 .id = "ARCHER-C25-V1",
440 .support_list =
441 "SupportList:\n"
442 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
443 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
444 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
445 .support_trail = '\x00',
446 .soft_ver = "soft_ver:1.0.0\n",
447
448 /* We're using a dynamic kernel/rootfs split here */
449 .partitions = {
450 {"factory-boot", 0x00000, 0x20000},
451 {"fs-uboot", 0x20000, 0x10000},
452 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
453 /* Stock: name file-system base 0x130000 size 0x6a0000 */
454 {"user-config", 0x7d0000, 0x04000},
455 {"default-mac", 0x7e0000, 0x00100},
456 {"device-id", 0x7e0100, 0x00100},
457 {"extra-para", 0x7e0200, 0x00100},
458 {"pin", 0x7e0300, 0x00100},
459 {"support-list", 0x7e0400, 0x00400},
460 {"soft-version", 0x7e0800, 0x00400},
461 {"product-info", 0x7e0c00, 0x01400},
462 {"partition-table", 0x7e2000, 0x01000},
463 {"profile", 0x7e3000, 0x01000},
464 {"default-config", 0x7e4000, 0x04000},
465 {"merge-config", 0x7ec000, 0x02000},
466 {"qos-db", 0x7ee000, 0x02000},
467 {"radio", 0x7f0000, 0x10000},
468 {NULL, 0, 0}
469 },
470
471 .first_sysupgrade_partition = "os-image",
472 .last_sysupgrade_partition = "file-system",
473 },
474
475 /** Firmware layout for the C58v1 */
476 {
477 .id = "ARCHER-C58-V1",
478 .vendor = "",
479 .support_list =
480 "SupportList:\r\n"
481 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
482 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
483 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
484 .support_trail = '\x00',
485 .soft_ver = "soft_ver:1.0.0\n",
486
487 .partitions = {
488 {"fs-uboot", 0x00000, 0x10000},
489 {"default-mac", 0x10000, 0x00200},
490 {"pin", 0x10200, 0x00200},
491 {"product-info", 0x10400, 0x00100},
492 {"partition-table", 0x10500, 0x00800},
493 {"soft-version", 0x11300, 0x00200},
494 {"support-list", 0x11500, 0x00100},
495 {"device-id", 0x11600, 0x00100},
496 {"profile", 0x11700, 0x03900},
497 {"default-config", 0x15000, 0x04000},
498 {"user-config", 0x19000, 0x04000},
499 {"firmware", 0x20000, 0x7c8000},
500 {"certyficate", 0x7e8000, 0x08000},
501 {"radio", 0x7f0000, 0x10000},
502 {NULL, 0, 0}
503 },
504
505 .first_sysupgrade_partition = "os-image",
506 .last_sysupgrade_partition = "file-system",
507 },
508
509 /** Firmware layout for the C59v1 */
510 {
511 .id = "ARCHER-C59-V1",
512 .vendor = "",
513 .support_list =
514 "SupportList:\r\n"
515 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
516 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
517 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
518 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
519 .support_trail = '\x00',
520 .soft_ver = "soft_ver:1.0.0\n",
521
522 /* We're using a dynamic kernel/rootfs split here */
523 .partitions = {
524 {"fs-uboot", 0x00000, 0x10000},
525 {"default-mac", 0x10000, 0x00200},
526 {"pin", 0x10200, 0x00200},
527 {"device-id", 0x10400, 0x00100},
528 {"product-info", 0x10500, 0x0fb00},
529 {"firmware", 0x20000, 0xe30000},
530 {"partition-table", 0xe50000, 0x10000},
531 {"soft-version", 0xe60000, 0x10000},
532 {"support-list", 0xe70000, 0x10000},
533 {"profile", 0xe80000, 0x10000},
534 {"default-config", 0xe90000, 0x10000},
535 {"user-config", 0xea0000, 0x40000},
536 {"usb-config", 0xee0000, 0x10000},
537 {"certificate", 0xef0000, 0x10000},
538 {"qos-db", 0xf00000, 0x40000},
539 {"log", 0xfe0000, 0x10000},
540 {"radio", 0xff0000, 0x10000},
541 {NULL, 0, 0}
542 },
543
544 .first_sysupgrade_partition = "os-image",
545 .last_sysupgrade_partition = "file-system",
546 },
547
548 /** Firmware layout for the C59v2 */
549 {
550 .id = "ARCHER-C59-V2",
551 .vendor = "",
552 .support_list =
553 "SupportList:\r\n"
554 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
555 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
556 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
557 .support_trail = '\x00',
558 .soft_ver = "soft_ver:2.0.0 Build 20161206 rel.7303\n",
559
560 /** We're using a dynamic kernel/rootfs split here */
561 .partitions = {
562 {"factory-boot", 0x00000, 0x20000},
563 {"fs-uboot", 0x20000, 0x10000},
564 {"default-mac", 0x30000, 0x00200},
565 {"pin", 0x30200, 0x00200},
566 {"device-id", 0x30400, 0x00100},
567 {"product-info", 0x30500, 0x0fb00},
568 {"firmware", 0x40000, 0xe10000},
569 {"partition-table", 0xe50000, 0x10000},
570 {"soft-version", 0xe60000, 0x10000},
571 {"support-list", 0xe70000, 0x10000},
572 {"profile", 0xe80000, 0x10000},
573 {"default-config", 0xe90000, 0x10000},
574 {"user-config", 0xea0000, 0x40000},
575 {"usb-config", 0xee0000, 0x10000},
576 {"certificate", 0xef0000, 0x10000},
577 {"extra-para", 0xf00000, 0x10000},
578 {"qos-db", 0xf10000, 0x30000},
579 {"log", 0xfe0000, 0x10000},
580 {"radio", 0xff0000, 0x10000},
581 {NULL, 0, 0}
582 },
583
584 .first_sysupgrade_partition = "os-image",
585 .last_sysupgrade_partition = "file-system",
586 },
587
588 /** Firmware layout for the C6v2 */
589 {
590 .id = "ARCHER-C6-V2",
591 .vendor = "",
592 .support_list =
593 "SupportList:\r\n"
594 "{product_name:Archer C6,product_ver:2.0.0,special_id:45550000}\r\n"
595 "{product_name:Archer C6,product_ver:2.0.0,special_id:52550000}\r\n"
596 "{product_name:Archer C6,product_ver:2.0.0,special_id:4A500000}\r\n",
597 .support_trail = '\x00',
598 .soft_ver = "soft_ver:1.0.0\n",
599
600 .partitions = {
601 {"fs-uboot", 0x00000, 0x20000},
602 {"default-mac", 0x20000, 0x00200},
603 {"pin", 0x20200, 0x00100},
604 {"product-info", 0x20300, 0x00200},
605 {"device-id", 0x20500, 0x0fb00},
606 {"firmware", 0x30000, 0x7a9400},
607 {"soft-version", 0x7d9400, 0x00100},
608 {"extra-para", 0x7d9500, 0x00100},
609 {"support-list", 0x7d9600, 0x00200},
610 {"profile", 0x7d9800, 0x03000},
611 {"default-config", 0x7dc800, 0x03000},
612 {"partition-table", 0x7df800, 0x00800},
613 {"user-config", 0x7e0000, 0x0c000},
614 {"certificate", 0x7ec000, 0x04000},
615 {"radio", 0x7f0000, 0x10000},
616 {NULL, 0, 0}
617 },
618
619 .first_sysupgrade_partition = "os-image",
620 .last_sysupgrade_partition = "file-system",
621 },
622
623
624 /** Firmware layout for the C60v1 */
625 {
626 .id = "ARCHER-C60-V1",
627 .vendor = "",
628 .support_list =
629 "SupportList:\r\n"
630 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
631 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
632 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
633 .support_trail = '\x00',
634 .soft_ver = "soft_ver:1.0.0\n",
635
636 .partitions = {
637 {"fs-uboot", 0x00000, 0x10000},
638 {"default-mac", 0x10000, 0x00200},
639 {"pin", 0x10200, 0x00200},
640 {"product-info", 0x10400, 0x00100},
641 {"partition-table", 0x10500, 0x00800},
642 {"soft-version", 0x11300, 0x00200},
643 {"support-list", 0x11500, 0x00100},
644 {"device-id", 0x11600, 0x00100},
645 {"profile", 0x11700, 0x03900},
646 {"default-config", 0x15000, 0x04000},
647 {"user-config", 0x19000, 0x04000},
648 {"firmware", 0x20000, 0x7c8000},
649 {"certyficate", 0x7e8000, 0x08000},
650 {"radio", 0x7f0000, 0x10000},
651 {NULL, 0, 0}
652 },
653
654 .first_sysupgrade_partition = "os-image",
655 .last_sysupgrade_partition = "file-system",
656 },
657
658 /** Firmware layout for the C60v2 */
659 {
660 .id = "ARCHER-C60-V2",
661 .vendor = "",
662 .support_list =
663 "SupportList:\r\n"
664 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
665 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
666 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
667 .support_trail = '\x00',
668 .soft_ver = "soft_ver:2.0.0\n",
669
670 .partitions = {
671 {"factory-boot", 0x00000, 0x1fb00},
672 {"default-mac", 0x1fb00, 0x00200},
673 {"pin", 0x1fd00, 0x00100},
674 {"product-info", 0x1fe00, 0x00100},
675 {"device-id", 0x1ff00, 0x00100},
676 {"fs-uboot", 0x20000, 0x10000},
677 {"firmware", 0x30000, 0x7a0000},
678 {"soft-version", 0x7d9500, 0x00100},
679 {"support-list", 0x7d9600, 0x00100},
680 {"extra-para", 0x7d9700, 0x00100},
681 {"profile", 0x7d9800, 0x03000},
682 {"default-config", 0x7dc800, 0x03000},
683 {"partition-table", 0x7df800, 0x00800},
684 {"user-config", 0x7e0000, 0x0c000},
685 {"certificate", 0x7ec000, 0x04000},
686 {"radio", 0x7f0000, 0x10000},
687 {NULL, 0, 0}
688 },
689
690 .first_sysupgrade_partition = "os-image",
691 .last_sysupgrade_partition = "file-system",
692 },
693
694 /** Firmware layout for the C5 */
695 {
696 .id = "ARCHER-C5-V2",
697 .vendor = "",
698 .support_list =
699 "SupportList:\r\n"
700 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
701 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
702 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
703 .support_trail = '\x00',
704 .soft_ver = NULL,
705
706 .partitions = {
707 {"fs-uboot", 0x00000, 0x40000},
708 {"os-image", 0x40000, 0x200000},
709 {"file-system", 0x240000, 0xc00000},
710 {"default-mac", 0xe40000, 0x00200},
711 {"pin", 0xe40200, 0x00200},
712 {"product-info", 0xe40400, 0x00200},
713 {"partition-table", 0xe50000, 0x10000},
714 {"soft-version", 0xe60000, 0x00200},
715 {"support-list", 0xe61000, 0x0f000},
716 {"profile", 0xe70000, 0x10000},
717 {"default-config", 0xe80000, 0x10000},
718 {"user-config", 0xe90000, 0x50000},
719 {"log", 0xee0000, 0x100000},
720 {"radio_bk", 0xfe0000, 0x10000},
721 {"radio", 0xff0000, 0x10000},
722 {NULL, 0, 0}
723 },
724
725 .first_sysupgrade_partition = "os-image",
726 .last_sysupgrade_partition = "file-system"
727 },
728
729 /** Firmware layout for the C7 */
730 {
731 .id = "ARCHER-C7-V4",
732 .support_list =
733 "SupportList:\n"
734 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
735 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
736 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
737 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
738 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
739 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
740 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
741 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
742 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
743 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
744 .support_trail = '\x00',
745 .soft_ver = "soft_ver:1.0.0\n",
746
747 /* We're using a dynamic kernel/rootfs split here */
748 .partitions = {
749 {"factory-boot", 0x00000, 0x20000},
750 {"fs-uboot", 0x20000, 0x20000},
751 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
752 /* Stock: name file-system base 0x160000 size 0xda0000 */
753 {"default-mac", 0xf00000, 0x00200},
754 {"pin", 0xf00200, 0x00200},
755 {"device-id", 0xf00400, 0x00100},
756 {"product-info", 0xf00500, 0x0fb00},
757 {"soft-version", 0xf10000, 0x00100},
758 {"extra-para", 0xf11000, 0x01000},
759 {"support-list", 0xf12000, 0x0a000},
760 {"profile", 0xf1c000, 0x04000},
761 {"default-config", 0xf20000, 0x10000},
762 {"user-config", 0xf30000, 0x40000},
763 {"qos-db", 0xf70000, 0x40000},
764 {"certificate", 0xfb0000, 0x10000},
765 {"partition-table", 0xfc0000, 0x10000},
766 {"log", 0xfd0000, 0x20000},
767 {"radio", 0xff0000, 0x10000},
768 {NULL, 0, 0}
769 },
770
771 .first_sysupgrade_partition = "os-image",
772 .last_sysupgrade_partition = "file-system",
773 },
774
775 /** Firmware layout for the C7 v5*/
776 {
777 .id = "ARCHER-C7-V5",
778 .support_list =
779 "SupportList:\n"
780 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
781 "{product_name:Archer C7,product_ver:5.0.0,special_id:45550000}\n"
782 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n"
783 "{product_name:Archer C7,product_ver:5.0.0,special_id:43410000}\n"
784 "{product_name:Archer C7,product_ver:5.0.0,special_id:4A500000}\n"
785 "{product_name:Archer C7,product_ver:5.0.0,special_id:54570000}\n"
786 "{product_name:Archer C7,product_ver:5.0.0,special_id:52550000}\n",
787
788 .support_trail = '\x00',
789 .soft_ver = "soft_ver:1.0.0\n",
790
791 /* We're using a dynamic kernel/rootfs split here */
792 .partitions = {
793 {"factory-boot", 0x00000, 0x20000},
794 {"fs-uboot", 0x20000, 0x20000},
795 {"partition-table", 0x40000, 0x10000},
796 {"radio", 0x50000, 0x10000},
797 {"default-mac", 0x60000, 0x00200},
798 {"pin", 0x60200, 0x00200},
799 {"device-id", 0x60400, 0x00100},
800 {"product-info", 0x60500, 0x0fb00},
801 {"soft-version", 0x70000, 0x01000},
802 {"extra-para", 0x71000, 0x01000},
803 {"support-list", 0x72000, 0x0a000},
804 {"profile", 0x7c000, 0x04000},
805 {"user-config", 0x80000, 0x40000},
806
807
808 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
809 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
810
811 {"log", 0xfc0000, 0x20000},
812 {"certificate", 0xfe0000, 0x10000},
813 {"default-config", 0xff0000, 0x10000},
814 {NULL, 0, 0}
815
816 },
817
818 .first_sysupgrade_partition = "os-image",
819 .last_sysupgrade_partition = "file-system",
820 },
821
822 /** Firmware layout for the C9 */
823 {
824 .id = "ARCHERC9",
825 .vendor = "",
826 .support_list =
827 "SupportList:\n"
828 "{product_name:ArcherC9,"
829 "product_ver:1.0.0,"
830 "special_id:00000000}\n",
831 .support_trail = '\x00',
832 .soft_ver = NULL,
833
834 .partitions = {
835 {"fs-uboot", 0x00000, 0x40000},
836 {"os-image", 0x40000, 0x200000},
837 {"file-system", 0x240000, 0xc00000},
838 {"default-mac", 0xe40000, 0x00200},
839 {"pin", 0xe40200, 0x00200},
840 {"product-info", 0xe40400, 0x00200},
841 {"partition-table", 0xe50000, 0x10000},
842 {"soft-version", 0xe60000, 0x00200},
843 {"support-list", 0xe61000, 0x0f000},
844 {"profile", 0xe70000, 0x10000},
845 {"default-config", 0xe80000, 0x10000},
846 {"user-config", 0xe90000, 0x50000},
847 {"log", 0xee0000, 0x100000},
848 {"radio_bk", 0xfe0000, 0x10000},
849 {"radio", 0xff0000, 0x10000},
850 {NULL, 0, 0}
851 },
852
853 .first_sysupgrade_partition = "os-image",
854 .last_sysupgrade_partition = "file-system"
855 },
856
857 /** Firmware layout for the EAP120 */
858 {
859 .id = "EAP120",
860 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
861 .support_list =
862 "SupportList:\r\n"
863 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
864 .support_trail = '\xff',
865 .soft_ver = NULL,
866
867 .partitions = {
868 {"fs-uboot", 0x00000, 0x20000},
869 {"partition-table", 0x20000, 0x02000},
870 {"default-mac", 0x30000, 0x00020},
871 {"support-list", 0x31000, 0x00100},
872 {"product-info", 0x31100, 0x00100},
873 {"soft-version", 0x32000, 0x00100},
874 {"os-image", 0x40000, 0x180000},
875 {"file-system", 0x1c0000, 0x600000},
876 {"user-config", 0x7c0000, 0x10000},
877 {"backup-config", 0x7d0000, 0x10000},
878 {"log", 0x7e0000, 0x10000},
879 {"radio", 0x7f0000, 0x10000},
880 {NULL, 0, 0}
881 },
882
883 .first_sysupgrade_partition = "os-image",
884 .last_sysupgrade_partition = "file-system"
885 },
886
887 /** Firmware layout for the TL-WA850RE v2 */
888 {
889 .id = "TLWA850REV2",
890 .vendor = "",
891 .support_list =
892 "SupportList:\n"
893 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
894 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
895 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
896 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
897 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
898 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
899 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
900 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
901 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
902 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
903 .support_trail = '\x00',
904 .soft_ver = NULL,
905
906 /**
907 576KB were moved from file-system to os-image
908 in comparison to the stock image
909 */
910 .partitions = {
911 {"fs-uboot", 0x00000, 0x20000},
912 {"os-image", 0x20000, 0x150000},
913 {"file-system", 0x170000, 0x240000},
914 {"partition-table", 0x3b0000, 0x02000},
915 {"default-mac", 0x3c0000, 0x00020},
916 {"pin", 0x3c0100, 0x00020},
917 {"product-info", 0x3c1000, 0x01000},
918 {"soft-version", 0x3c2000, 0x00100},
919 {"support-list", 0x3c3000, 0x01000},
920 {"profile", 0x3c4000, 0x08000},
921 {"user-config", 0x3d0000, 0x10000},
922 {"default-config", 0x3e0000, 0x10000},
923 {"radio", 0x3f0000, 0x10000},
924 {NULL, 0, 0}
925 },
926
927 .first_sysupgrade_partition = "os-image",
928 .last_sysupgrade_partition = "file-system"
929 },
930
931 /** Firmware layout for the TL-WA855RE v1 */
932 {
933 .id = "TLWA855REV1",
934 .vendor = "",
935 .support_list =
936 "SupportList:\n"
937 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
938 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
939 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
940 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
941 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
942 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
943 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
944 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
945 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
946 .support_trail = '\x00',
947 .soft_ver = NULL,
948
949 .partitions = {
950 {"fs-uboot", 0x00000, 0x20000},
951 {"os-image", 0x20000, 0x150000},
952 {"file-system", 0x170000, 0x240000},
953 {"partition-table", 0x3b0000, 0x02000},
954 {"default-mac", 0x3c0000, 0x00020},
955 {"pin", 0x3c0100, 0x00020},
956 {"product-info", 0x3c1000, 0x01000},
957 {"soft-version", 0x3c2000, 0x00100},
958 {"support-list", 0x3c3000, 0x01000},
959 {"profile", 0x3c4000, 0x08000},
960 {"user-config", 0x3d0000, 0x10000},
961 {"default-config", 0x3e0000, 0x10000},
962 {"radio", 0x3f0000, 0x10000},
963 {NULL, 0, 0}
964 },
965
966 .first_sysupgrade_partition = "os-image",
967 .last_sysupgrade_partition = "file-system"
968 },
969
970 /** Firmware layout for the TL-WR1043 v5 */
971 {
972 .id = "TLWR1043NV5",
973 .vendor = "",
974 .support_list =
975 "SupportList:\n"
976 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
977 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
978 .support_trail = '\x00',
979 .soft_ver = "soft_ver:1.0.0\n",
980 .partitions = {
981 {"factory-boot", 0x00000, 0x20000},
982 {"fs-uboot", 0x20000, 0x20000},
983 {"firmware", 0x40000, 0xec0000},
984 {"default-mac", 0xf00000, 0x00200},
985 {"pin", 0xf00200, 0x00200},
986 {"device-id", 0xf00400, 0x00100},
987 {"product-info", 0xf00500, 0x0fb00},
988 {"soft-version", 0xf10000, 0x01000},
989 {"extra-para", 0xf11000, 0x01000},
990 {"support-list", 0xf12000, 0x0a000},
991 {"profile", 0xf1c000, 0x04000},
992 {"default-config", 0xf20000, 0x10000},
993 {"user-config", 0xf30000, 0x40000},
994 {"qos-db", 0xf70000, 0x40000},
995 {"certificate", 0xfb0000, 0x10000},
996 {"partition-table", 0xfc0000, 0x10000},
997 {"log", 0xfd0000, 0x20000},
998 {"radio", 0xff0000, 0x10000},
999 {NULL, 0, 0}
1000 },
1001 .first_sysupgrade_partition = "os-image",
1002 .last_sysupgrade_partition = "file-system"
1003 },
1004
1005 /** Firmware layout for the TL-WR1043 v4 */
1006 {
1007 .id = "TLWR1043NDV4",
1008 .vendor = "",
1009 .support_list =
1010 "SupportList:\n"
1011 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
1012 .support_trail = '\x00',
1013 .soft_ver = NULL,
1014
1015 /* We're using a dynamic kernel/rootfs split here */
1016 .partitions = {
1017 {"fs-uboot", 0x00000, 0x20000},
1018 {"firmware", 0x20000, 0xf30000},
1019 {"default-mac", 0xf50000, 0x00200},
1020 {"pin", 0xf50200, 0x00200},
1021 {"product-info", 0xf50400, 0x0fc00},
1022 {"soft-version", 0xf60000, 0x0b000},
1023 {"support-list", 0xf6b000, 0x04000},
1024 {"profile", 0xf70000, 0x04000},
1025 {"default-config", 0xf74000, 0x0b000},
1026 {"user-config", 0xf80000, 0x40000},
1027 {"partition-table", 0xfc0000, 0x10000},
1028 {"log", 0xfd0000, 0x20000},
1029 {"radio", 0xff0000, 0x10000},
1030 {NULL, 0, 0}
1031 },
1032
1033 .first_sysupgrade_partition = "os-image",
1034 .last_sysupgrade_partition = "file-system"
1035 },
1036
1037 /** Firmware layout for the TL-WR902AC v1 */
1038 {
1039 .id = "TL-WR902AC-V1",
1040 .vendor = "",
1041 .support_list =
1042 "SupportList:\n"
1043 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
1044 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
1045 .support_trail = '\x00',
1046 .soft_ver = NULL,
1047
1048 /**
1049 384KB were moved from file-system to os-image
1050 in comparison to the stock image
1051 */
1052 .partitions = {
1053 {"fs-uboot", 0x00000, 0x20000},
1054 {"firmware", 0x20000, 0x730000},
1055 {"default-mac", 0x750000, 0x00200},
1056 {"pin", 0x750200, 0x00200},
1057 {"product-info", 0x750400, 0x0fc00},
1058 {"soft-version", 0x760000, 0x0b000},
1059 {"support-list", 0x76b000, 0x04000},
1060 {"profile", 0x770000, 0x04000},
1061 {"default-config", 0x774000, 0x0b000},
1062 {"user-config", 0x780000, 0x40000},
1063 {"partition-table", 0x7c0000, 0x10000},
1064 {"log", 0x7d0000, 0x20000},
1065 {"radio", 0x7f0000, 0x10000},
1066 {NULL, 0, 0}
1067 },
1068
1069 .first_sysupgrade_partition = "os-image",
1070 .last_sysupgrade_partition = "file-system",
1071 },
1072
1073 /** Firmware layout for the TL-WR942N V1 */
1074 {
1075 .id = "TLWR942NV1",
1076 .vendor = "",
1077 .support_list =
1078 "SupportList:\r\n"
1079 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
1080 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
1081 .support_trail = '\x00',
1082 .soft_ver = NULL,
1083
1084 .partitions = {
1085 {"fs-uboot", 0x00000, 0x20000},
1086 {"firmware", 0x20000, 0xe20000},
1087 {"default-mac", 0xe40000, 0x00200},
1088 {"pin", 0xe40200, 0x00200},
1089 {"product-info", 0xe40400, 0x0fc00},
1090 {"partition-table", 0xe50000, 0x10000},
1091 {"soft-version", 0xe60000, 0x10000},
1092 {"support-list", 0xe70000, 0x10000},
1093 {"profile", 0xe80000, 0x10000},
1094 {"default-config", 0xe90000, 0x10000},
1095 {"user-config", 0xea0000, 0x40000},
1096 {"qos-db", 0xee0000, 0x40000},
1097 {"certificate", 0xf20000, 0x10000},
1098 {"usb-config", 0xfb0000, 0x10000},
1099 {"log", 0xfc0000, 0x20000},
1100 {"radio-bk", 0xfe0000, 0x10000},
1101 {"radio", 0xff0000, 0x10000},
1102 {NULL, 0, 0}
1103 },
1104
1105 .first_sysupgrade_partition = "os-image",
1106 .last_sysupgrade_partition = "file-system",
1107 },
1108
1109 /** Firmware layout for the RE350 v1 */
1110 {
1111 .id = "RE350-V1",
1112 .vendor = "",
1113 .support_list =
1114 "SupportList:\n"
1115 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1116 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1117 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1118 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1119 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1120 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1121 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1122 .support_trail = '\x00',
1123 .soft_ver = NULL,
1124
1125 /** We're using a dynamic kernel/rootfs split here */
1126 .partitions = {
1127 {"fs-uboot", 0x00000, 0x20000},
1128 {"firmware", 0x20000, 0x5e0000},
1129 {"partition-table", 0x600000, 0x02000},
1130 {"default-mac", 0x610000, 0x00020},
1131 {"pin", 0x610100, 0x00020},
1132 {"product-info", 0x611100, 0x01000},
1133 {"soft-version", 0x620000, 0x01000},
1134 {"support-list", 0x621000, 0x01000},
1135 {"profile", 0x622000, 0x08000},
1136 {"user-config", 0x630000, 0x10000},
1137 {"default-config", 0x640000, 0x10000},
1138 {"radio", 0x7f0000, 0x10000},
1139 {NULL, 0, 0}
1140 },
1141
1142 .first_sysupgrade_partition = "os-image",
1143 .last_sysupgrade_partition = "file-system"
1144 },
1145
1146 /** Firmware layout for the RE350K v1 */
1147 {
1148 .id = "RE350K-V1",
1149 .vendor = "",
1150 .support_list =
1151 "SupportList:\n"
1152 "{product_name:RE350K,product_ver:1.0.0,special_id:00000000,product_region:US}\n",
1153 .support_trail = '\x00',
1154 .soft_ver = NULL,
1155
1156 /** We're using a dynamic kernel/rootfs split here */
1157 .partitions = {
1158 {"fs-uboot", 0x00000, 0x20000},
1159 {"firmware", 0x20000, 0xd70000},
1160 {"partition-table", 0xd90000, 0x02000},
1161 {"default-mac", 0xda0000, 0x00020},
1162 {"pin", 0xda0100, 0x00020},
1163 {"product-info", 0xda1100, 0x01000},
1164 {"soft-version", 0xdb0000, 0x01000},
1165 {"support-list", 0xdb1000, 0x01000},
1166 {"profile", 0xdb2000, 0x08000},
1167 {"user-config", 0xdc0000, 0x10000},
1168 {"default-config", 0xdd0000, 0x10000},
1169 {"device-id", 0xde0000, 0x00108},
1170 {"radio", 0xff0000, 0x10000},
1171 {NULL, 0, 0}
1172 },
1173
1174 .first_sysupgrade_partition = "os-image",
1175 .last_sysupgrade_partition = "file-system"
1176 },
1177
1178 /** Firmware layout for the RE355 */
1179 {
1180 .id = "RE355",
1181 .vendor = "",
1182 .support_list =
1183 "SupportList:\r\n"
1184 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1185 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1186 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1187 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1188 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1189 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1190 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1191 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1192 .support_trail = '\x00',
1193 .soft_ver = NULL,
1194
1195 /* We're using a dynamic kernel/rootfs split here */
1196 .partitions = {
1197 {"fs-uboot", 0x00000, 0x20000},
1198 {"firmware", 0x20000, 0x5e0000},
1199 {"partition-table", 0x600000, 0x02000},
1200 {"default-mac", 0x610000, 0x00020},
1201 {"pin", 0x610100, 0x00020},
1202 {"product-info", 0x611100, 0x01000},
1203 {"soft-version", 0x620000, 0x01000},
1204 {"support-list", 0x621000, 0x01000},
1205 {"profile", 0x622000, 0x08000},
1206 {"user-config", 0x630000, 0x10000},
1207 {"default-config", 0x640000, 0x10000},
1208 {"radio", 0x7f0000, 0x10000},
1209 {NULL, 0, 0}
1210 },
1211
1212 .first_sysupgrade_partition = "os-image",
1213 .last_sysupgrade_partition = "file-system"
1214 },
1215
1216 /** Firmware layout for the RE450 */
1217 {
1218 .id = "RE450",
1219 .vendor = "",
1220 .support_list =
1221 "SupportList:\r\n"
1222 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1223 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1224 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1225 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1226 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1227 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1228 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1229 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1230 .support_trail = '\x00',
1231 .soft_ver = NULL,
1232
1233 /** We're using a dynamic kernel/rootfs split here */
1234 .partitions = {
1235 {"fs-uboot", 0x00000, 0x20000},
1236 {"firmware", 0x20000, 0x5e0000},
1237 {"partition-table", 0x600000, 0x02000},
1238 {"default-mac", 0x610000, 0x00020},
1239 {"pin", 0x610100, 0x00020},
1240 {"product-info", 0x611100, 0x01000},
1241 {"soft-version", 0x620000, 0x01000},
1242 {"support-list", 0x621000, 0x01000},
1243 {"profile", 0x622000, 0x08000},
1244 {"user-config", 0x630000, 0x10000},
1245 {"default-config", 0x640000, 0x10000},
1246 {"radio", 0x7f0000, 0x10000},
1247 {NULL, 0, 0}
1248 },
1249
1250 .first_sysupgrade_partition = "os-image",
1251 .last_sysupgrade_partition = "file-system"
1252 },
1253
1254 /** Firmware layout for the RE450 v2 */
1255 {
1256 .id = "RE450-V2",
1257 .vendor = "",
1258 .support_list =
1259 "SupportList:\r\n"
1260 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1261 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1262 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1263 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1264 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1265 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1266 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1267 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1268 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1269 .support_trail = '\x00',
1270 .soft_ver = NULL,
1271
1272 /* We're using a dynamic kernel/rootfs split here */
1273 .partitions = {
1274 {"fs-uboot", 0x00000, 0x20000},
1275 {"firmware", 0x20000, 0x5e0000},
1276 {"partition-table", 0x600000, 0x02000},
1277 {"default-mac", 0x610000, 0x00020},
1278 {"pin", 0x610100, 0x00020},
1279 {"product-info", 0x611100, 0x01000},
1280 {"soft-version", 0x620000, 0x01000},
1281 {"support-list", 0x621000, 0x01000},
1282 {"profile", 0x622000, 0x08000},
1283 {"user-config", 0x630000, 0x10000},
1284 {"default-config", 0x640000, 0x10000},
1285 {"radio", 0x7f0000, 0x10000},
1286
1287 {NULL, 0, 0}
1288 },
1289
1290 .first_sysupgrade_partition = "os-image",
1291 .last_sysupgrade_partition = "file-system"
1292 },
1293
1294 {}
1295 };
1296
1297 #define error(_ret, _errno, _str, ...) \
1298 do { \
1299 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1300 strerror(_errno)); \
1301 if (_ret) \
1302 exit(_ret); \
1303 } while (0)
1304
1305
1306 /** Stores a uint32 as big endian */
1307 static inline void put32(uint8_t *buf, uint32_t val) {
1308 buf[0] = val >> 24;
1309 buf[1] = val >> 16;
1310 buf[2] = val >> 8;
1311 buf[3] = val;
1312 }
1313
1314 /** Allocates a new image partition */
1315 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
1316 struct image_partition_entry entry = {name, len, malloc(len)};
1317 if (!entry.data)
1318 error(1, errno, "malloc");
1319
1320 return entry;
1321 }
1322
1323 /** Frees an image partition */
1324 static void free_image_partition(struct image_partition_entry entry) {
1325 free(entry.data);
1326 }
1327
1328 static time_t source_date_epoch = -1;
1329 static void set_source_date_epoch() {
1330 char *env = getenv("SOURCE_DATE_EPOCH");
1331 char *endptr = env;
1332 errno = 0;
1333 if (env && *env) {
1334 source_date_epoch = strtoull(env, &endptr, 10);
1335 if (errno || (endptr && *endptr != '\0')) {
1336 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1337 exit(1);
1338 }
1339 }
1340 }
1341
1342 /** Generates the partition-table partition */
1343 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1344 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1345
1346 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1347
1348 *(s++) = 0x00;
1349 *(s++) = 0x04;
1350 *(s++) = 0x00;
1351 *(s++) = 0x00;
1352
1353 size_t i;
1354 for (i = 0; p[i].name; i++) {
1355 size_t len = end-s;
1356 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1357
1358 if (w > len-1)
1359 error(1, 0, "flash partition table overflow?");
1360
1361 s += w;
1362 }
1363
1364 s++;
1365
1366 memset(s, 0xff, end-s);
1367
1368 return entry;
1369 }
1370
1371
1372 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1373 static inline uint8_t bcd(uint8_t v) {
1374 return 0x10 * (v/10) + v%10;
1375 }
1376
1377
1378 /** Generates the soft-version partition */
1379 static struct image_partition_entry make_soft_version(uint32_t rev) {
1380 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1381 struct soft_version *s = (struct soft_version *)entry.data;
1382
1383 time_t t;
1384
1385 if (source_date_epoch != -1)
1386 t = source_date_epoch;
1387 else if (time(&t) == (time_t)(-1))
1388 error(1, errno, "time");
1389
1390 struct tm *tm = localtime(&t);
1391
1392 s->magic = htonl(0x0000000c);
1393 s->zero = 0;
1394 s->pad1 = 0xff;
1395
1396 s->version_major = 0;
1397 s->version_minor = 0;
1398 s->version_patch = 0;
1399
1400 s->year_hi = bcd((1900+tm->tm_year)/100);
1401 s->year_lo = bcd(tm->tm_year%100);
1402 s->month = bcd(tm->tm_mon+1);
1403 s->day = bcd(tm->tm_mday);
1404 s->rev = htonl(rev);
1405
1406 s->pad2 = 0xff;
1407
1408 return entry;
1409 }
1410
1411 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1412 /** String length _including_ the terminating zero byte */
1413 uint32_t ver_len = strlen(soft_ver) + 1;
1414 /** Partition contains 64 bit header, the version string, and one additional null byte */
1415 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1416 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1417
1418 uint32_t *len = (uint32_t *)entry.data;
1419 len[0] = htonl(ver_len);
1420 len[1] = 0;
1421 memcpy(&len[2], soft_ver, ver_len);
1422
1423 entry.data[partition_len - 1] = 0;
1424
1425 return entry;
1426 }
1427
1428 /** Generates the support-list partition */
1429 static struct image_partition_entry make_support_list(struct device_info *info) {
1430 size_t len = strlen(info->support_list);
1431 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1432
1433 put32(entry.data, len);
1434 memset(entry.data+4, 0, 4);
1435 memcpy(entry.data+8, info->support_list, len);
1436 entry.data[len+8] = info->support_trail;
1437
1438 return entry;
1439 }
1440
1441 /** Creates a new image partition with an arbitrary name from a file */
1442 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof, struct flash_partition_entry *file_system_partition) {
1443 struct stat statbuf;
1444
1445 if (stat(filename, &statbuf) < 0)
1446 error(1, errno, "unable to stat file `%s'", filename);
1447
1448 size_t len = statbuf.st_size;
1449
1450 if (add_jffs2_eof)
1451 if (file_system_partition)
1452 len = ALIGN(len + file_system_partition->base, 0x10000) + sizeof(jffs2_eof_mark) - file_system_partition->base;
1453 else
1454 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1455
1456 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1457
1458 FILE *file = fopen(filename, "rb");
1459 if (!file)
1460 error(1, errno, "unable to open file `%s'", filename);
1461
1462 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1463 error(1, errno, "unable to read file `%s'", filename);
1464
1465 if (add_jffs2_eof) {
1466 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1467
1468 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1469 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1470 }
1471
1472 fclose(file);
1473
1474 return entry;
1475 }
1476
1477 /** Creates a new image partition from arbitrary data */
1478 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1479
1480 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1481
1482 memcpy(entry.data, datain, len);
1483
1484 return entry;
1485 }
1486
1487 /**
1488 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1489
1490 Example image partition table:
1491
1492 fwup-ptn partition-table base 0x00800 size 0x00800
1493 fwup-ptn os-image base 0x01000 size 0x113b45
1494 fwup-ptn file-system base 0x114b45 size 0x1d0004
1495 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1496
1497 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1498 the end of the partition table is marked with a zero byte.
1499
1500 The firmware image must contain at least the partition-table and support-list partitions
1501 to be accepted. There aren't any alignment constraints for the image partitions.
1502
1503 The partition-table partition contains the actual flash layout; partitions
1504 from the image partition table are mapped to the corresponding flash partitions during
1505 the firmware upgrade. The support-list partition contains a list of devices supported by
1506 the firmware image.
1507
1508 The base offsets in the firmware partition table are relative to the end
1509 of the vendor information block, so the partition-table partition will
1510 actually start at offset 0x1814 of the image.
1511
1512 I think partition-table must be the first partition in the firmware image.
1513 */
1514 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1515 size_t i, j;
1516 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1517
1518 size_t base = 0x800;
1519 for (i = 0; parts[i].name; i++) {
1520 for (j = 0; flash_parts[j].name; j++) {
1521 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1522 if (parts[i].size > flash_parts[j].size)
1523 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1524 break;
1525 }
1526 }
1527
1528 assert(flash_parts[j].name);
1529
1530 memcpy(buffer + base, parts[i].data, parts[i].size);
1531
1532 size_t len = end-image_pt;
1533 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1534
1535 if (w > len-1)
1536 error(1, 0, "image partition table overflow?");
1537
1538 image_pt += w;
1539
1540 base += parts[i].size;
1541 }
1542 }
1543
1544 /** Generates and writes the image MD5 checksum */
1545 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1546 MD5_CTX ctx;
1547
1548 MD5_Init(&ctx);
1549 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1550 MD5_Update(&ctx, buffer, len);
1551 MD5_Final(md5, &ctx);
1552 }
1553
1554
1555 /**
1556 Generates the firmware image in factory format
1557
1558 Image format:
1559
1560 Bytes (hex) Usage
1561 ----------- -----
1562 0000-0003 Image size (4 bytes, big endian)
1563 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1564 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1565 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1566 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1567 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1568 1814-xxxx Firmware partitions
1569 */
1570 static void * generate_factory_image(struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1571 *len = 0x1814;
1572
1573 size_t i;
1574 for (i = 0; parts[i].name; i++)
1575 *len += parts[i].size;
1576
1577 uint8_t *image = malloc(*len);
1578 if (!image)
1579 error(1, errno, "malloc");
1580
1581 memset(image, 0xff, *len);
1582 put32(image, *len);
1583
1584 if (info->vendor) {
1585 size_t vendor_len = strlen(info->vendor);
1586 put32(image+0x14, vendor_len);
1587 memcpy(image+0x18, info->vendor, vendor_len);
1588 }
1589
1590 put_partitions(image + 0x1014, info->partitions, parts);
1591 put_md5(image+0x04, image+0x14, *len-0x14);
1592
1593 return image;
1594 }
1595
1596 /**
1597 Generates the firmware image in sysupgrade format
1598
1599 This makes some assumptions about the provided flash and image partition tables and
1600 should be generalized when TP-LINK starts building its safeloader into hardware with
1601 different flash layouts.
1602 */
1603 static void * generate_sysupgrade_image(struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1604 size_t i, j;
1605 size_t flash_first_partition_index = 0;
1606 size_t flash_last_partition_index = 0;
1607 const struct flash_partition_entry *flash_first_partition = NULL;
1608 const struct flash_partition_entry *flash_last_partition = NULL;
1609 const struct image_partition_entry *image_last_partition = NULL;
1610
1611 /** Find first and last partitions */
1612 for (i = 0; info->partitions[i].name; i++) {
1613 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1614 flash_first_partition = &info->partitions[i];
1615 flash_first_partition_index = i;
1616 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1617 flash_last_partition = &info->partitions[i];
1618 flash_last_partition_index = i;
1619 }
1620 }
1621
1622 assert(flash_first_partition && flash_last_partition);
1623 assert(flash_first_partition_index < flash_last_partition_index);
1624
1625 /** Find last partition from image to calculate needed size */
1626 for (i = 0; image_parts[i].name; i++) {
1627 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1628 image_last_partition = &image_parts[i];
1629 break;
1630 }
1631 }
1632
1633 assert(image_last_partition);
1634
1635 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1636
1637 uint8_t *image = malloc(*len);
1638 if (!image)
1639 error(1, errno, "malloc");
1640
1641 memset(image, 0xff, *len);
1642
1643 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1644 for (j = 0; image_parts[j].name; j++) {
1645 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1646 if (image_parts[j].size > info->partitions[i].size)
1647 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1648 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1649 break;
1650 }
1651
1652 assert(image_parts[j].name);
1653 }
1654 }
1655
1656 return image;
1657 }
1658
1659 /** Generates an image according to a given layout and writes it to a file */
1660 static void build_image(const char *output,
1661 const char *kernel_image,
1662 const char *rootfs_image,
1663 uint32_t rev,
1664 bool add_jffs2_eof,
1665 bool sysupgrade,
1666 struct device_info *info) {
1667
1668 size_t i;
1669
1670 struct image_partition_entry parts[7] = {};
1671
1672 struct flash_partition_entry *firmware_partition = NULL;
1673 struct flash_partition_entry *os_image_partition = NULL;
1674 struct flash_partition_entry *file_system_partition = NULL;
1675 size_t firmware_partition_index = 0;
1676
1677 for (i = 0; info->partitions[i].name; i++) {
1678 if (!strcmp(info->partitions[i].name, "firmware"))
1679 {
1680 firmware_partition = &info->partitions[i];
1681 firmware_partition_index = i;
1682 }
1683 }
1684
1685 if (firmware_partition)
1686 {
1687 os_image_partition = &info->partitions[firmware_partition_index];
1688 file_system_partition = &info->partitions[firmware_partition_index + 1];
1689
1690 struct stat kernel;
1691 if (stat(kernel_image, &kernel) < 0)
1692 error(1, errno, "unable to stat file `%s'", kernel_image);
1693
1694 if (kernel.st_size > firmware_partition->size)
1695 error(1, 0, "kernel overflowed firmware partition\n");
1696
1697 for (i = MAX_PARTITIONS-1; i >= firmware_partition_index + 1; i--)
1698 info->partitions[i+1] = info->partitions[i];
1699
1700 file_system_partition->name = "file-system";
1701 file_system_partition->base = firmware_partition->base + kernel.st_size;
1702
1703 /* Align partition start to erase blocks for factory images only */
1704 if (!sysupgrade)
1705 file_system_partition->base = ALIGN(firmware_partition->base + kernel.st_size, 0x10000);
1706
1707 file_system_partition->size = firmware_partition->size - file_system_partition->base;
1708
1709 os_image_partition->name = "os-image";
1710 os_image_partition->size = kernel.st_size;
1711 }
1712
1713 parts[0] = make_partition_table(info->partitions);
1714 if (info->soft_ver)
1715 parts[1] = make_soft_version_from_string(info->soft_ver);
1716 else
1717 parts[1] = make_soft_version(rev);
1718
1719 parts[2] = make_support_list(info);
1720 parts[3] = read_file("os-image", kernel_image, false, NULL);
1721 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof, file_system_partition);
1722
1723 /* Some devices need the extra-para partition to accept the firmware */
1724 if (strcasecmp(info->id, "ARCHER-C2-V3") == 0 ||
1725 strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1726 strcasecmp(info->id, "ARCHER-C59-V2") == 0 ||
1727 strcasecmp(info->id, "ARCHER-C60-V2") == 0 ||
1728 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1729 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1730 parts[5] = put_data("extra-para", mdat, 11);
1731 } else if (strcasecmp(info->id, "ARCHER-A7-V5") == 0 || strcasecmp(info->id, "ARCHER-C7-V4") == 0 || strcasecmp(info->id, "ARCHER-C7-V5") == 0) {
1732 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1733 parts[5] = put_data("extra-para", mdat, 11);
1734 } else if (strcasecmp(info->id, "ARCHER-C6-V2") == 0) {
1735 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00};
1736 parts[5] = put_data("extra-para", mdat, 11);
1737 }
1738
1739 size_t len;
1740 void *image;
1741 if (sysupgrade)
1742 image = generate_sysupgrade_image(info, parts, &len);
1743 else
1744 image = generate_factory_image(info, parts, &len);
1745
1746 FILE *file = fopen(output, "wb");
1747 if (!file)
1748 error(1, errno, "unable to open output file");
1749
1750 if (fwrite(image, len, 1, file) != 1)
1751 error(1, 0, "unable to write output file");
1752
1753 fclose(file);
1754
1755 free(image);
1756
1757 for (i = 0; parts[i].name; i++)
1758 free_image_partition(parts[i]);
1759 }
1760
1761 /** Usage output */
1762 static void usage(const char *argv0) {
1763 fprintf(stderr,
1764 "Usage: %s [OPTIONS...]\n"
1765 "\n"
1766 "Options:\n"
1767 " -h show this help\n"
1768 "\n"
1769 "Create a new image:\n"
1770 " -B <board> create image for the board specified with <board>\n"
1771 " -k <file> read kernel image from the file <file>\n"
1772 " -r <file> read rootfs image from the file <file>\n"
1773 " -o <file> write output to the file <file>\n"
1774 " -V <rev> sets the revision number to <rev>\n"
1775 " -j add jffs2 end-of-filesystem markers\n"
1776 " -S create sysupgrade instead of factory image\n"
1777 "Extract an old image:\n"
1778 " -x <file> extract all oem firmware partition\n"
1779 " -d <dir> destination to extract the firmware partition\n"
1780 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1781 argv0
1782 );
1783 };
1784
1785
1786 static struct device_info *find_board(const char *id)
1787 {
1788 struct device_info *board = NULL;
1789
1790 for (board = boards; board->id != NULL; board++)
1791 if (strcasecmp(id, board->id) == 0)
1792 return board;
1793
1794 return NULL;
1795 }
1796
1797 static int add_flash_partition(
1798 struct flash_partition_entry *part_list,
1799 size_t max_entries,
1800 const char *name,
1801 unsigned long base,
1802 unsigned long size)
1803 {
1804 int ptr;
1805 /* check if the list has a free entry */
1806 for (ptr = 0; ptr < max_entries; ptr++, part_list++) {
1807 if (part_list->name == NULL &&
1808 part_list->base == 0 &&
1809 part_list->size == 0)
1810 break;
1811 }
1812
1813 if (ptr == max_entries) {
1814 error(1, 0, "No free flash part entry available.");
1815 }
1816
1817 part_list->name = calloc(1, strlen(name) + 1);
1818 if (!part_list->name) {
1819 error(1, 0, "Unable to allocate memory");
1820 }
1821
1822 memcpy((char *)part_list->name, name, strlen(name));
1823 part_list->base = base;
1824 part_list->size = size;
1825
1826 return 0;
1827 }
1828
1829 /** read the partition table into struct flash_partition_entry */
1830 static int read_partition_table(
1831 FILE *file, long offset,
1832 struct flash_partition_entry *entries, size_t max_entries,
1833 int type)
1834 {
1835 char buf[2048];
1836 char *ptr, *end;
1837 const char *parthdr = NULL;
1838 const char *fwuphdr = "fwup-ptn";
1839 const char *flashhdr = "partition";
1840
1841 /* TODO: search for the partition table */
1842
1843 switch(type) {
1844 case 0:
1845 parthdr = fwuphdr;
1846 break;
1847 case 1:
1848 parthdr = flashhdr;
1849 break;
1850 default:
1851 error(1, 0, "Invalid partition table");
1852 }
1853
1854 if (fseek(file, offset, SEEK_SET) < 0)
1855 error(1, errno, "Can not seek in the firmware");
1856
1857 if (fread(buf, 1, 2048, file) < 0)
1858 error(1, errno, "Can not read fwup-ptn from the firmware");
1859
1860 buf[2047] = '\0';
1861
1862 /* look for the partition header */
1863 if (memcmp(buf, parthdr, strlen(parthdr)) != 0) {
1864 fprintf(stderr, "DEBUG: can not find fwuphdr\n");
1865 return 1;
1866 }
1867
1868 ptr = buf;
1869 end = buf + sizeof(buf);
1870 while ((ptr + strlen(parthdr)) < end &&
1871 memcmp(ptr, parthdr, strlen(parthdr)) == 0) {
1872 char *end_part;
1873 char *end_element;
1874
1875 char name[32] = { 0 };
1876 int name_len = 0;
1877 unsigned long base = 0;
1878 unsigned long size = 0;
1879
1880 end_part = memchr(ptr, '\n', (end - ptr));
1881 if (end_part == NULL) {
1882 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1883 break;
1884 }
1885
1886 for (int i = 0; i <= 4; i++) {
1887 if (end_part <= ptr)
1888 break;
1889
1890 end_element = memchr(ptr, 0x20, (end_part - ptr));
1891 if (end_element == NULL) {
1892 error(1, errno, "Ignoring the rest of the partition entries.");
1893 break;
1894 }
1895
1896 switch (i) {
1897 /* partition header */
1898 case 0:
1899 ptr = end_element + 1;
1900 continue;
1901 /* name */
1902 case 1:
1903 name_len = (end_element - ptr) > 31 ? 31 : (end_element - ptr);
1904 strncpy(name, ptr, name_len);
1905 name[name_len] = '\0';
1906 ptr = end_element + 1;
1907 continue;
1908
1909 /* string "base" */
1910 case 2:
1911 ptr = end_element + 1;
1912 continue;
1913
1914 /* actual base */
1915 case 3:
1916 base = strtoul(ptr, NULL, 16);
1917 ptr = end_element + 1;
1918 continue;
1919
1920 /* string "size" */
1921 case 4:
1922 ptr = end_element + 1;
1923 /* actual size. The last element doesn't have a sepeartor */
1924 size = strtoul(ptr, NULL, 16);
1925 /* the part ends with 0x09, 0x0d, 0x0a */
1926 ptr = end_part + 1;
1927 add_flash_partition(entries, max_entries, name, base, size);
1928 continue;
1929 }
1930 }
1931 }
1932
1933 return 0;
1934 }
1935
1936 static void write_partition(
1937 FILE *input_file,
1938 size_t firmware_offset,
1939 struct flash_partition_entry *entry,
1940 FILE *output_file)
1941 {
1942 char buf[4096];
1943 size_t offset;
1944
1945 fseek(input_file, entry->base + firmware_offset, SEEK_SET);
1946
1947 for (offset = 0; sizeof(buf) + offset <= entry->size; offset += sizeof(buf)) {
1948 if (fread(buf, sizeof(buf), 1, input_file) < 0)
1949 error(1, errno, "Can not read partition from input_file");
1950
1951 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1952 error(1, errno, "Can not write partition to output_file");
1953 }
1954 /* write last chunk smaller than buffer */
1955 if (offset < entry->size) {
1956 offset = entry->size - offset;
1957 if (fread(buf, offset, 1, input_file) < 0)
1958 error(1, errno, "Can not read partition from input_file");
1959 if (fwrite(buf, offset, 1, output_file) < 0)
1960 error(1, errno, "Can not write partition to output_file");
1961 }
1962 }
1963
1964 static int extract_firmware_partition(FILE *input_file, size_t firmware_offset, struct flash_partition_entry *entry, const char *output_directory)
1965 {
1966 FILE *output_file;
1967 char output[PATH_MAX];
1968
1969 snprintf(output, PATH_MAX, "%s/%s", output_directory, entry->name);
1970 output_file = fopen(output, "wb+");
1971 if (output_file == NULL) {
1972 error(1, errno, "Can not open output file %s", output);
1973 }
1974
1975 write_partition(input_file, firmware_offset, entry, output_file);
1976
1977 fclose(output_file);
1978
1979 return 0;
1980 }
1981
1982 /** extract all partitions from the firmware file */
1983 static int extract_firmware(const char *input, const char *output_directory)
1984 {
1985 struct flash_partition_entry entries[16] = { 0 };
1986 size_t max_entries = 16;
1987 size_t firmware_offset = 0x1014;
1988 FILE *input_file;
1989
1990 struct stat statbuf;
1991
1992 /* check input file */
1993 if (stat(input, &statbuf)) {
1994 error(1, errno, "Can not read input firmware %s", input);
1995 }
1996
1997 /* check if output directory exists */
1998 if (stat(output_directory, &statbuf)) {
1999 error(1, errno, "Failed to stat output directory %s", output_directory);
2000 }
2001
2002 if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
2003 error(1, errno, "Given output directory is not a directory %s", output_directory);
2004 }
2005
2006 input_file = fopen(input, "rb");
2007
2008 if (read_partition_table(input_file, firmware_offset, entries, 16, 0) != 0) {
2009 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2010 }
2011
2012 for (int i = 0; i < max_entries; i++) {
2013 if (entries[i].name == NULL &&
2014 entries[i].base == 0 &&
2015 entries[i].size == 0)
2016 continue;
2017
2018 extract_firmware_partition(input_file, firmware_offset, &entries[i], output_directory);
2019 }
2020
2021 return 0;
2022 }
2023
2024 static struct flash_partition_entry *find_partition(
2025 struct flash_partition_entry *entries, size_t max_entries,
2026 const char *name, const char *error_msg)
2027 {
2028 for (int i = 0; i < max_entries; i++, entries++) {
2029 if (strcmp(entries->name, name) == 0)
2030 return entries;
2031 }
2032
2033 error(1, 0, "%s", error_msg);
2034 return NULL;
2035 }
2036
2037 static void write_ff(FILE *output_file, size_t size)
2038 {
2039 char buf[4096];
2040 int offset;
2041
2042 memset(buf, 0xff, sizeof(buf));
2043
2044 for (offset = 0; offset + sizeof(buf) < size ; offset += sizeof(buf)) {
2045 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
2046 error(1, errno, "Can not write 0xff to output_file");
2047 }
2048
2049 /* write last chunk smaller than buffer */
2050 if (offset < size) {
2051 offset = size - offset;
2052 if (fwrite(buf, offset, 1, output_file) < 0)
2053 error(1, errno, "Can not write partition to output_file");
2054 }
2055 }
2056
2057 static void convert_firmware(const char *input, const char *output)
2058 {
2059 struct flash_partition_entry fwup[MAX_PARTITIONS] = { 0 };
2060 struct flash_partition_entry flash[MAX_PARTITIONS] = { 0 };
2061 struct flash_partition_entry *fwup_os_image = NULL, *fwup_file_system = NULL;
2062 struct flash_partition_entry *flash_os_image = NULL, *flash_file_system = NULL;
2063 struct flash_partition_entry *fwup_partition_table = NULL;
2064 size_t firmware_offset = 0x1014;
2065 FILE *input_file, *output_file;
2066
2067 struct stat statbuf;
2068
2069 /* check input file */
2070 if (stat(input, &statbuf)) {
2071 error(1, errno, "Can not read input firmware %s", input);
2072 }
2073
2074 input_file = fopen(input, "rb");
2075 if (!input_file)
2076 error(1, 0, "Can not open input firmware %s", input);
2077
2078 output_file = fopen(output, "wb");
2079 if (!output_file)
2080 error(1, 0, "Can not open output firmware %s", output);
2081
2082 if (read_partition_table(input_file, firmware_offset, fwup, MAX_PARTITIONS, 0) != 0) {
2083 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2084 }
2085
2086 fwup_os_image = find_partition(fwup, MAX_PARTITIONS,
2087 "os-image", "Error can not find os-image partition (fwup)");
2088 fwup_file_system = find_partition(fwup, MAX_PARTITIONS,
2089 "file-system", "Error can not find file-system partition (fwup)");
2090 fwup_partition_table = find_partition(fwup, MAX_PARTITIONS,
2091 "partition-table", "Error can not find partition-table partition");
2092
2093 /* the flash partition table has a 0x00000004 magic haeder */
2094 if (read_partition_table(input_file, firmware_offset + fwup_partition_table->base + 4, flash, MAX_PARTITIONS, 1) != 0)
2095 error(1, 0, "Error can not read the partition table (flash)");
2096
2097 flash_os_image = find_partition(flash, MAX_PARTITIONS,
2098 "os-image", "Error can not find os-image partition (flash)");
2099 flash_file_system = find_partition(flash, MAX_PARTITIONS,
2100 "file-system", "Error can not find file-system partition (flash)");
2101
2102 /* write os_image to 0x0 */
2103 write_partition(input_file, firmware_offset, fwup_os_image, output_file);
2104 write_ff(output_file, flash_os_image->size - fwup_os_image->size);
2105
2106 /* write file-system behind os_image */
2107 fseek(output_file, flash_file_system->base - flash_os_image->base, SEEK_SET);
2108 write_partition(input_file, firmware_offset, fwup_file_system, output_file);
2109 write_ff(output_file, flash_file_system->size - fwup_file_system->size);
2110
2111 fclose(output_file);
2112 fclose(input_file);
2113 }
2114
2115 int main(int argc, char *argv[]) {
2116 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
2117 const char *extract_image = NULL, *output_directory = NULL, *convert_image = NULL;
2118 bool add_jffs2_eof = false, sysupgrade = false;
2119 unsigned rev = 0;
2120 struct device_info *info;
2121 set_source_date_epoch();
2122
2123 while (true) {
2124 int c;
2125
2126 c = getopt(argc, argv, "B:k:r:o:V:jSh:x:d:z:");
2127 if (c == -1)
2128 break;
2129
2130 switch (c) {
2131 case 'B':
2132 board = optarg;
2133 break;
2134
2135 case 'k':
2136 kernel_image = optarg;
2137 break;
2138
2139 case 'r':
2140 rootfs_image = optarg;
2141 break;
2142
2143 case 'o':
2144 output = optarg;
2145 break;
2146
2147 case 'V':
2148 sscanf(optarg, "r%u", &rev);
2149 break;
2150
2151 case 'j':
2152 add_jffs2_eof = true;
2153 break;
2154
2155 case 'S':
2156 sysupgrade = true;
2157 break;
2158
2159 case 'h':
2160 usage(argv[0]);
2161 return 0;
2162
2163 case 'd':
2164 output_directory = optarg;
2165 break;
2166
2167 case 'x':
2168 extract_image = optarg;
2169 break;
2170
2171 case 'z':
2172 convert_image = optarg;
2173 break;
2174
2175 default:
2176 usage(argv[0]);
2177 return 1;
2178 }
2179 }
2180
2181 if (extract_image || output_directory) {
2182 if (!extract_image)
2183 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2184 if (!output_directory)
2185 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2186 extract_firmware(extract_image, output_directory);
2187 } else if (convert_image) {
2188 if (!output)
2189 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2190 convert_firmware(convert_image, output);
2191 } else {
2192 if (!board)
2193 error(1, 0, "no board has been specified");
2194 if (!kernel_image)
2195 error(1, 0, "no kernel image has been specified");
2196 if (!rootfs_image)
2197 error(1, 0, "no rootfs image has been specified");
2198 if (!output)
2199 error(1, 0, "no output filename has been specified");
2200
2201 info = find_board(board);
2202
2203 if (info == NULL)
2204 error(1, 0, "unsupported board %s", board);
2205
2206 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
2207 }
2208
2209 return 0;
2210 }
Staging tree of dedeckeh