2 * mtd - simple memory technology device manipulation tool
4 * Copyright (C) 2005 Waldemar Brodkorb <wbx@dass-it.de>,
5 * Copyright (C) 2005-2009 Felix Fietkau <nbd@nbd.name>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License v2
9 * as published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 * The code is based on the linux-mtd examples.
33 #include <sys/ioctl.h>
34 #include <sys/syscall.h>
39 #include <sys/ioctl.h>
40 #include <sys/types.h>
41 #include <sys/param.h>
42 #include <sys/mount.h>
44 #include <sys/reboot.h>
45 #include <linux/reboot.h>
46 #include <mtd/mtd-user.h>
50 #include <libubox/md5.h>
53 #define JFFS2_DEFAULT_DIR "" /* directory name without /, empty means root dir */
55 #define TRX_MAGIC 0x48445230 /* "HDR0" */
56 #define SEAMA_MAGIC 0x5ea3a417
57 #define WRG_MAGIC 0x20040220
58 #define WRGG03_MAGIC 0x20080321
60 #if !defined(__BYTE_ORDER)
61 #error "Unknown byte order"
64 #if __BYTE_ORDER == __BIG_ENDIAN
65 #define cpu_to_be32(x) (x)
66 #define be32_to_cpu(x) (x)
67 #define le32_to_cpu(x) bswap_32(x)
68 #elif __BYTE_ORDER == __LITTLE_ENDIAN
69 #define cpu_to_be32(x) bswap_32(x)
70 #define be32_to_cpu(x) bswap_32(x)
71 #define le32_to_cpu(x) (x)
73 #error "Unsupported endianness"
76 enum mtd_image_format
{
77 MTD_IMAGE_FORMAT_UNKNOWN
,
79 MTD_IMAGE_FORMAT_SEAMA
,
81 MTD_IMAGE_FORMAT_WRGG03
,
84 static char *buf
= NULL
;
85 static char *imagefile
= NULL
;
86 static enum mtd_image_format imageformat
= MTD_IMAGE_FORMAT_UNKNOWN
;
87 static char *jffs2file
= NULL
, *jffs2dir
= JFFS2_DEFAULT_DIR
;
88 static char *tpl_uboot_args_part
;
89 static int buflen
= 0;
94 int jffs2_skip_bytes
=0;
97 int mtd_open(const char *mtd
, bool block
)
103 int flags
= O_RDWR
| O_SYNC
;
106 snprintf(name
, sizeof(name
), "\"%s\"", mtd
);
107 if ((fp
= fopen("/proc/mtd", "r"))) {
108 while (fgets(dev
, sizeof(dev
), fp
)) {
109 if (sscanf(dev
, "mtd%d:", &i
) && strstr(dev
, name
)) {
110 snprintf(dev
, sizeof(dev
), "/dev/mtd%s/%d", (block
? "block" : ""), i
);
111 if ((ret
=open(dev
, flags
))<0) {
112 snprintf(dev
, sizeof(dev
), "/dev/mtd%s%d", (block
? "block" : ""), i
);
113 ret
=open(dev
, flags
);
122 return open(mtd
, flags
);
125 int mtd_check_open(const char *mtd
)
127 struct mtd_info_user mtdInfo
;
130 fd
= mtd_open(mtd
, false);
132 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
136 if(ioctl(fd
, MEMGETINFO
, &mtdInfo
)) {
137 fprintf(stderr
, "Could not get MTD device info from %s\n", mtd
);
141 mtdsize
= mtdInfo
.size
;
142 erasesize
= mtdInfo
.erasesize
;
143 mtdtype
= mtdInfo
.type
;
148 int mtd_block_is_bad(int fd
, int offset
)
153 if (mtdtype
== MTD_NANDFLASH
)
155 r
= ioctl(fd
, MEMGETBADBLOCK
, &o
);
158 fprintf(stderr
, "Failed to get erase block status\n");
165 int mtd_erase_block(int fd
, int offset
)
167 struct erase_info_user mtdEraseInfo
;
169 mtdEraseInfo
.start
= offset
;
170 mtdEraseInfo
.length
= erasesize
;
171 ioctl(fd
, MEMUNLOCK
, &mtdEraseInfo
);
172 if (ioctl (fd
, MEMERASE
, &mtdEraseInfo
) < 0)
178 int mtd_write_buffer(int fd
, const char *buf
, int offset
, int length
)
180 lseek(fd
, offset
, SEEK_SET
);
181 write(fd
, buf
, length
);
186 image_check(int imagefd
, const char *mtd
)
192 while (buflen
< sizeof(magic
)) {
193 bufread
= read(imagefd
, buf
+ buflen
, sizeof(magic
) - buflen
);
200 if (buflen
< sizeof(magic
)) {
201 fprintf(stdout
, "Could not get image magic\n");
205 magic
= ((uint32_t *)buf
)[0];
207 if (be32_to_cpu(magic
) == TRX_MAGIC
)
208 imageformat
= MTD_IMAGE_FORMAT_TRX
;
209 else if (be32_to_cpu(magic
) == SEAMA_MAGIC
)
210 imageformat
= MTD_IMAGE_FORMAT_SEAMA
;
211 else if (le32_to_cpu(magic
) == WRG_MAGIC
)
212 imageformat
= MTD_IMAGE_FORMAT_WRG
;
213 else if (le32_to_cpu(magic
) == WRGG03_MAGIC
)
214 imageformat
= MTD_IMAGE_FORMAT_WRGG03
;
216 switch (imageformat
) {
217 case MTD_IMAGE_FORMAT_TRX
:
219 ret
= trx_check(imagefd
, mtd
, buf
, &buflen
);
221 case MTD_IMAGE_FORMAT_SEAMA
:
222 case MTD_IMAGE_FORMAT_WRG
:
223 case MTD_IMAGE_FORMAT_WRGG03
:
227 if (!strcmp(mtd
, "firmware"))
236 static int mtd_check(const char *mtd
)
242 if (strchr(mtd
, ':')) {
248 next
= strchr(mtd
, ':');
254 fd
= mtd_check_open(mtd
);
259 buf
= malloc(erasesize
);
272 mtd_unlock(const char *mtd
)
274 struct erase_info_user mtdLockInfo
;
279 if (strchr(mtd
, ':')) {
285 next
= strchr(mtd
, ':');
291 fd
= mtd_check_open(mtd
);
293 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
298 fprintf(stderr
, "Unlocking %s ...\n", mtd
);
300 mtdLockInfo
.start
= 0;
301 mtdLockInfo
.length
= mtdsize
;
302 ioctl(fd
, MEMUNLOCK
, &mtdLockInfo
);
314 mtd_erase(const char *mtd
)
317 struct erase_info_user mtdEraseInfo
;
320 fprintf(stderr
, "Erasing %s ...\n", mtd
);
322 fd
= mtd_check_open(mtd
);
324 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
328 mtdEraseInfo
.length
= erasesize
;
330 for (mtdEraseInfo
.start
= 0;
331 mtdEraseInfo
.start
< mtdsize
;
332 mtdEraseInfo
.start
+= erasesize
) {
333 if (mtd_block_is_bad(fd
, mtdEraseInfo
.start
)) {
335 fprintf(stderr
, "\nSkipping bad block at 0x%x ", mtdEraseInfo
.start
);
337 ioctl(fd
, MEMUNLOCK
, &mtdEraseInfo
);
338 if(ioctl(fd
, MEMERASE
, &mtdEraseInfo
))
339 fprintf(stderr
, "Failed to erase block on %s at 0x%x\n", mtd
, mtdEraseInfo
.start
);
349 mtd_dump(const char *mtd
, int part_offset
, int size
)
351 int ret
= 0, offset
= 0;
356 fprintf(stderr
, "Dumping %s ...\n", mtd
);
358 fd
= mtd_check_open(mtd
);
360 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
368 lseek(fd
, part_offset
, SEEK_SET
);
370 buf
= malloc(erasesize
);
375 int len
= (size
> erasesize
) ? (erasesize
) : (size
);
376 int rlen
= read(fd
, buf
, len
);
384 if (!rlen
|| rlen
!= len
)
386 if (mtd_block_is_bad(fd
, offset
)) {
387 fprintf(stderr
, "skipping bad block at 0x%08x\n", offset
);
401 mtd_verify(const char *mtd
, char *file
)
403 uint32_t f_md5
[4], m_md5
[4];
410 fprintf(stderr
, "Verifying %s against %s ...\n", mtd
, file
);
412 if (stat(file
, &s
) || md5sum(file
, f_md5
) < 0) {
413 fprintf(stderr
, "Failed to hash %s\n", file
);
417 fd
= mtd_check_open(mtd
);
419 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
426 int len
= (s
.st_size
> sizeof(buf
)) ? (sizeof(buf
)) : (s
.st_size
);
427 int rlen
= read(fd
, buf
, len
);
437 md5_hash(buf
, rlen
, &ctx
);
439 } while (s
.st_size
> 0);
441 md5_end(m_md5
, &ctx
);
443 fprintf(stderr
, "%08x%08x%08x%08x - %s\n", m_md5
[0], m_md5
[1], m_md5
[2], m_md5
[3], mtd
);
444 fprintf(stderr
, "%08x%08x%08x%08x - %s\n", f_md5
[0], f_md5
[1], f_md5
[2], f_md5
[3], file
);
446 ret
= memcmp(f_md5
, m_md5
, sizeof(m_md5
));
448 fprintf(stderr
, "Success\n");
450 fprintf(stderr
, "Failed\n");
458 indicate_writing(const char *mtd
)
461 fprintf(stderr
, "\nWriting from %s to %s ... ", imagefile
, mtd
);
464 fprintf(stderr
, " [ ]");
468 mtd_write(int imagefd
, const char *mtd
, char *fis_layout
, size_t part_offset
)
476 int jffs2_replaced
= 0;
477 int skip_bad_blocks
= 0;
480 static struct fis_part new_parts
[MAX_ARGS
];
481 static struct fis_part old_parts
[MAX_ARGS
];
482 int n_new
= 0, n_old
= 0;
485 const char *tmp
= mtd
;
489 memset(&old_parts
, 0, sizeof(old_parts
));
490 memset(&new_parts
, 0, sizeof(new_parts
));
493 next
= strchr(tmp
, ':');
495 next
= (char *) tmp
+ strlen(tmp
);
497 memcpy(old_parts
[n_old
].name
, tmp
, next
- tmp
);
503 for (word
= strtok_r(fis_layout
, ",", &brkt
);
505 word
= strtok_r(NULL
, ",", &brkt
)) {
507 tmp
= strtok(word
, ":");
508 strncpy((char *) new_parts
[n_new
].name
, tmp
, sizeof(new_parts
[n_new
].name
) - 1);
510 tmp
= strtok(NULL
, ":");
514 new_parts
[n_new
].size
= strtoul(tmp
, NULL
, 0);
516 tmp
= strtok(NULL
, ":");
520 new_parts
[n_new
].loadaddr
= strtoul(tmp
, NULL
, 16);
524 ret
= fis_validate(old_parts
, n_old
, new_parts
, n_new
);
526 fprintf(stderr
, "Failed to validate the new FIS partition table\n");
534 if (strchr(mtd
, ':')) {
542 next
= strchr(mtd
, ':');
548 fd
= mtd_check_open(mtd
);
550 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
553 if (part_offset
> 0) {
554 fprintf(stderr
, "Seeking on mtd device '%s' to: %zu\n", mtd
, part_offset
);
555 lseek(fd
, part_offset
, SEEK_SET
);
558 /* Write TP-Link recovery flag */
559 if (tpl_uboot_args_part
&& mtd_tpl_recoverflag_write
) {
561 fprintf(stderr
, "Writing recovery flag to %s\n", tpl_uboot_args_part
);
562 result
= mtd_tpl_recoverflag_write(tpl_uboot_args_part
, true);
564 fprintf(stderr
, "Could not write TP-Link recovery flag to %s: %i", mtd
, result
);
569 indicate_writing(mtd
);
573 /* buffer may contain data already (from trx check or last mtd partition write attempt) */
574 while (buflen
< erasesize
) {
575 r
= read(imagefd
, buf
+ buflen
, erasesize
- buflen
);
577 if ((errno
== EINTR
) || (errno
== EAGAIN
))
594 if (buflen
< erasesize
) {
595 /* Pad block to eraseblock size */
596 memset(&buf
[buflen
], 0xff, erasesize
- buflen
);
604 indicate_writing(mtd
);
609 if (jffs2file
&& w
>= jffs2_skip_bytes
) {
610 if (memcmp(buf
, JFFS2_EOF
, sizeof(JFFS2_EOF
) - 1) == 0) {
612 fprintf(stderr
, "\b\b\b ");
614 fprintf(stderr
, "\nAppending jffs2 data from %s to %s..\n.", jffs2file
, mtd
);
615 /* got an EOF marker - this is the place to add some jffs2 data */
616 skip
= mtd_replace_jffs2(mtd
, fd
, e
, jffs2file
);
619 /* don't add it again */
629 /* no EOF marker, make sure we figure out the last inode number
630 * before appending some data */
631 mtd_parse_jffs2data(buf
, jffs2dir
);
634 /* need to erase the next block before writing data to it */
637 while (w
+ buflen
> e
- skip_bad_blocks
) {
639 fprintf(stderr
, "\b\b\b[e]");
641 if (mtd_block_is_bad(fd
, e
)) {
643 fprintf(stderr
, "\nSkipping bad block at 0x%08zx ", e
);
645 skip_bad_blocks
+= erasesize
;
648 // Move the file pointer along over the bad block.
649 lseek(fd
, erasesize
, SEEK_CUR
);
653 if (mtd_erase_block(fd
, e
+ part_offset
) < 0) {
656 write(fd
, buf
+ offset
, e
- w
);
663 fprintf(stderr
, "\b\b\b \n");
666 fprintf(stderr
, "Failed to erase block\n");
671 /* erase the chunk */
677 fprintf(stderr
, "\b\b\b[w]");
679 if ((result
= write(fd
, buf
+ offset
, buflen
)) < buflen
) {
681 fprintf(stderr
, "Error writing image.\n");
684 fprintf(stderr
, "Insufficient space.\n");
694 if (jffs2_replaced
) {
695 switch (imageformat
) {
696 case MTD_IMAGE_FORMAT_TRX
:
700 case MTD_IMAGE_FORMAT_SEAMA
:
702 mtd_fixseama(mtd
, 0, 0);
704 case MTD_IMAGE_FORMAT_WRG
:
706 mtd_fixwrg(mtd
, 0, 0);
708 case MTD_IMAGE_FORMAT_WRGG03
:
710 mtd_fixwrgg(mtd
, 0, 0);
718 fprintf(stderr
, "\b\b\b\b ");
721 fprintf(stderr
, "\n");
725 if (fis_remap(old_parts
, n_old
, new_parts
, n_new
) < 0)
726 fprintf(stderr
, "Failed to update the FIS partition table\n");
732 /* Clear TP-Link recovery flag */
733 if (tpl_uboot_args_part
&& mtd_tpl_recoverflag_write
) {
735 fprintf(stderr
, "Removing recovery flag from %s\n", tpl_uboot_args_part
);
736 result
= mtd_tpl_recoverflag_write(tpl_uboot_args_part
, false);
738 fprintf(stderr
, "Could not clear TP-Link recovery flag to %s: %i", mtd
, result
);
746 static void usage(void)
748 fprintf(stderr
, "Usage: mtd [<options> ...] <command> [<arguments> ...] <device>[:<device>...]\n\n"
749 "The device is in the format of mtdX (eg: mtd4) or its label.\n"
750 "mtd recognizes these commands:\n"
751 " unlock unlock the device\n"
752 " refresh refresh mtd partition\n"
753 " erase erase all data on device\n"
754 " verify <imagefile>|- verify <imagefile> (use - for stdin) to device\n"
755 " write <imagefile>|- write <imagefile> (use - for stdin) to device\n"
756 " jffs2write <file> append <file> to the jffs2 partition on the device\n");
759 " resetbc <device> reset the uboot boot counter\n");
763 " fixtrx fix the checksum in a trx header on first boot\n");
767 " fixseama fix the checksum in a seama header on first boot\n");
771 " fixwrg fix the checksum in a wrg header on first boot\n");
775 " fixwrgg fix the checksum in a wrgg header on first boot\n");
778 "Following options are available:\n"
779 " -q quiet mode (once: no [w] on writing,\n"
780 " twice: no status messages)\n"
781 " -n write without first erasing the blocks\n"
782 " -r reboot after successful command\n"
783 " -f force write without trx checks\n"
784 " -e <device> erase <device> before executing the command\n"
785 " -d <name> directory for jffs2write, defaults to \"tmp\"\n"
786 " -j <name> integrate <file> into jffs2 data when writing an image\n"
787 " -s <number> skip the first n bytes when appending data to the jffs2 partiton, defaults to \"0\"\n"
788 " -p <number> write beginning at partition offset\n"
789 " -l <length> the length of data that we want to dump\n");
792 " -o offset offset of the image header in the partition(for fixtrx)\n");
794 if (mtd_fixtrx
|| mtd_fixseama
|| mtd_fixwrg
|| mtd_fixwrgg
) {
796 " -c datasize amount of data to be used for checksum calculation (for fixtrx / fixseama / fixwrg / fixwrgg)\n");
798 if (mtd_tpl_recoverflag_write
) {
800 " -t <partition> write TP-Link recovery-flag to <partition> (for write)\n");
804 " -F <part>[:<size>[:<entrypoint>]][,<part>...]\n"
805 " alter the fis partition table to create new partitions replacing\n"
806 " the partitions provided as argument to the write command\n"
807 " (only valid together with the write command)\n"
810 "Example: To write linux.trx to mtd4 labeled as linux and reboot afterwards\n"
811 " mtd -r write linux.trx linux\n\n");
815 static void do_reboot(void)
817 fprintf(stderr
, "Rebooting ...\n");
820 /* try regular reboot method first */
821 system("/sbin/reboot");
824 /* if we're still alive at this point, force the kernel to reboot */
825 syscall(SYS_reboot
,LINUX_REBOOT_MAGIC1
,LINUX_REBOOT_MAGIC2
,LINUX_REBOOT_CMD_RESTART
,NULL
);
828 int main (int argc
, char **argv
)
830 int ch
, i
, boot
, imagefd
= 0, force
, unlocked
;
831 char *erase
[MAX_ARGS
], *device
= NULL
;
832 char *fis_layout
= NULL
;
833 size_t offset
= 0, data_size
= 0, part_offset
= 0, dump_len
= 0;
855 while ((ch
= getopt(argc
, argv
,
859 "frnqe:d:s:j:p:o:c:t:l:")) != -1)
875 jffs2_skip_bytes
= strtoul(optarg
, 0, 0);
877 fprintf(stderr
, "-s: illegal numeric string\n");
886 while ((erase
[i
] != NULL
) && ((i
+ 1) < MAX_ARGS
))
897 part_offset
= strtoul(optarg
, 0, 0);
899 fprintf(stderr
, "-p: illegal numeric string\n");
905 dump_len
= strtoul(optarg
, 0, 0);
907 fprintf(stderr
, "-l: illegal numeric string\n");
913 offset
= strtoul(optarg
, 0, 0);
915 fprintf(stderr
, "-o: illegal numeric string\n");
921 data_size
= strtoul(optarg
, 0, 0);
923 fprintf(stderr
, "-c: illegal numeric string\n");
928 tpl_uboot_args_part
= optarg
;
945 if ((strcmp(argv
[0], "unlock") == 0) && (argc
== 2)) {
948 } else if ((strcmp(argv
[0], "erase") == 0) && (argc
== 2)) {
951 } else if (((strcmp(argv
[0], "resetbc") == 0) && (argc
== 2)) && mtd_resetbc
) {
954 } else if (((strcmp(argv
[0], "fixtrx") == 0) && (argc
== 2)) && mtd_fixtrx
) {
957 } else if (((strcmp(argv
[0], "fixseama") == 0) && (argc
== 2)) && mtd_fixseama
) {
960 } else if (((strcmp(argv
[0], "fixwrg") == 0) && (argc
== 2)) && mtd_fixwrg
) {
963 } else if (((strcmp(argv
[0], "fixwrgg") == 0) && (argc
== 2)) && mtd_fixwrgg
) {
966 } else if ((strcmp(argv
[0], "verify") == 0) && (argc
== 3)) {
970 } else if ((strcmp(argv
[0], "dump") == 0) && (argc
== 2)) {
973 } else if ((strcmp(argv
[0], "write") == 0) && (argc
== 3)) {
977 if (strcmp(argv
[1], "-") == 0) {
978 imagefile
= "<stdin>";
982 if ((imagefd
= open(argv
[1], O_RDONLY
)) < 0) {
983 fprintf(stderr
, "Couldn't open image file: %s!\n", imagefile
);
988 if (!mtd_check(device
)) {
989 fprintf(stderr
, "Can't open device for writing!\n");
992 /* check trx file before erasing or writing anything */
993 if (!image_check(imagefd
, device
) && !force
) {
994 fprintf(stderr
, "Image check failed.\n");
997 } else if ((strcmp(argv
[0], "jffs2write") == 0) && (argc
== 3)) {
998 cmd
= CMD_JFFS2WRITE
;
1001 imagefile
= argv
[1];
1002 if (!mtd_check(device
)) {
1003 fprintf(stderr
, "Can't open device for writing!\n");
1014 while (erase
[i
] != NULL
) {
1015 mtd_unlock(erase
[i
]);
1016 mtd_erase(erase
[i
]);
1017 if (strcmp(erase
[i
], device
) == 0)
1028 mtd_verify(device
, imagefile
);
1031 mtd_dump(device
, offset
, dump_len
);
1041 mtd_write(imagefd
, device
, fis_layout
, part_offset
);
1043 case CMD_JFFS2WRITE
:
1046 mtd_write_jffs2(device
, imagefile
, jffs2dir
);
1050 mtd_fixtrx(device
, offset
, data_size
);
1055 mtd_resetbc(device
);
1060 mtd_fixseama(device
, 0, data_size
);
1064 mtd_fixwrg(device
, 0, data_size
);
1068 mtd_fixwrgg(device
, 0, data_size
);