2 * mtd - simple memory technology device manipulation tool
4 * Copyright (C) 2005 Waldemar Brodkorb <wbx@dass-it.de>,
5 * Copyright (C) 2005-2009 Felix Fietkau <nbd@nbd.name>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License v2
9 * as published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 * The code is based on the linux-mtd examples.
33 #include <sys/ioctl.h>
34 #include <sys/syscall.h>
39 #include <sys/ioctl.h>
40 #include <sys/types.h>
41 #include <sys/param.h>
42 #include <sys/mount.h>
44 #include <sys/reboot.h>
45 #include <linux/reboot.h>
46 #include <mtd/mtd-user.h>
51 #include <libubox/md5.h>
54 #define JFFS2_DEFAULT_DIR "" /* directory name without /, empty means root dir */
56 #define TRX_MAGIC 0x48445230 /* "HDR0" */
57 #define SEAMA_MAGIC 0x5ea3a417
58 #define WRG_MAGIC 0x20040220
59 #define WRGG03_MAGIC 0x20080321
61 #if !defined(__BYTE_ORDER)
62 #error "Unknown byte order"
65 #if __BYTE_ORDER == __BIG_ENDIAN
66 #define cpu_to_be32(x) (x)
67 #define be32_to_cpu(x) (x)
68 #define le32_to_cpu(x) bswap_32(x)
69 #elif __BYTE_ORDER == __LITTLE_ENDIAN
70 #define cpu_to_be32(x) bswap_32(x)
71 #define be32_to_cpu(x) bswap_32(x)
72 #define le32_to_cpu(x) (x)
74 #error "Unsupported endianness"
77 enum mtd_image_format
{
78 MTD_IMAGE_FORMAT_UNKNOWN
,
80 MTD_IMAGE_FORMAT_SEAMA
,
82 MTD_IMAGE_FORMAT_WRGG03
,
85 static char *buf
= NULL
;
86 static char *imagefile
= NULL
;
87 static enum mtd_image_format imageformat
= MTD_IMAGE_FORMAT_UNKNOWN
;
88 static char *jffs2file
= NULL
, *jffs2dir
= JFFS2_DEFAULT_DIR
;
89 static char *tpl_uboot_args_part
;
90 static int buflen
= 0;
95 int jffs2_skip_bytes
=0;
98 int mtd_open(const char *mtd
, bool block
)
104 int flags
= O_RDWR
| O_SYNC
;
107 snprintf(name
, sizeof(name
), "\"%s\"", mtd
);
108 if ((fp
= fopen("/proc/mtd", "r"))) {
109 while (fgets(dev
, sizeof(dev
), fp
)) {
110 if (sscanf(dev
, "mtd%d:", &i
) && strstr(dev
, name
)) {
111 snprintf(dev
, sizeof(dev
), "/dev/mtd%s/%d", (block
? "block" : ""), i
);
112 if ((ret
=open(dev
, flags
))<0) {
113 snprintf(dev
, sizeof(dev
), "/dev/mtd%s%d", (block
? "block" : ""), i
);
114 ret
=open(dev
, flags
);
123 return open(mtd
, flags
);
126 int mtd_check_open(const char *mtd
)
128 struct mtd_info_user mtdInfo
;
131 fd
= mtd_open(mtd
, false);
133 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
137 if(ioctl(fd
, MEMGETINFO
, &mtdInfo
)) {
138 fprintf(stderr
, "Could not get MTD device info from %s\n", mtd
);
142 mtdsize
= mtdInfo
.size
;
143 erasesize
= mtdInfo
.erasesize
;
144 mtdtype
= mtdInfo
.type
;
149 int mtd_block_is_bad(int fd
, int offset
)
154 if (mtdtype
== MTD_NANDFLASH
)
156 r
= ioctl(fd
, MEMGETBADBLOCK
, &o
);
159 fprintf(stderr
, "Failed to get erase block status\n");
166 int mtd_erase_block(int fd
, int offset
)
168 struct erase_info_user mtdEraseInfo
;
170 mtdEraseInfo
.start
= offset
;
171 mtdEraseInfo
.length
= erasesize
;
172 ioctl(fd
, MEMUNLOCK
, &mtdEraseInfo
);
173 if (ioctl (fd
, MEMERASE
, &mtdEraseInfo
) < 0)
179 int mtd_write_buffer(int fd
, const char *buf
, int offset
, int length
)
181 lseek(fd
, offset
, SEEK_SET
);
182 write(fd
, buf
, length
);
187 image_check(int imagefd
, const char *mtd
)
193 while (buflen
< sizeof(magic
)) {
194 bufread
= read(imagefd
, buf
+ buflen
, sizeof(magic
) - buflen
);
201 if (buflen
< sizeof(magic
)) {
202 fprintf(stdout
, "Could not get image magic\n");
206 magic
= ((uint32_t *)buf
)[0];
208 if (be32_to_cpu(magic
) == TRX_MAGIC
)
209 imageformat
= MTD_IMAGE_FORMAT_TRX
;
210 else if (be32_to_cpu(magic
) == SEAMA_MAGIC
)
211 imageformat
= MTD_IMAGE_FORMAT_SEAMA
;
212 else if (le32_to_cpu(magic
) == WRG_MAGIC
)
213 imageformat
= MTD_IMAGE_FORMAT_WRG
;
214 else if (le32_to_cpu(magic
) == WRGG03_MAGIC
)
215 imageformat
= MTD_IMAGE_FORMAT_WRGG03
;
217 switch (imageformat
) {
218 case MTD_IMAGE_FORMAT_TRX
:
220 ret
= trx_check(imagefd
, mtd
, buf
, &buflen
);
222 case MTD_IMAGE_FORMAT_SEAMA
:
223 case MTD_IMAGE_FORMAT_WRG
:
224 case MTD_IMAGE_FORMAT_WRGG03
:
228 if (!strcmp(mtd
, "firmware"))
237 static int mtd_check(const char *mtd
)
243 if (strchr(mtd
, ':')) {
249 next
= strchr(mtd
, ':');
255 fd
= mtd_check_open(mtd
);
260 buf
= malloc(erasesize
);
273 mtd_unlock(const char *mtd
)
275 struct erase_info_user mtdLockInfo
;
280 if (strchr(mtd
, ':')) {
286 next
= strchr(mtd
, ':');
292 fd
= mtd_check_open(mtd
);
294 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
299 fprintf(stderr
, "Unlocking %s ...\n", mtd
);
301 mtdLockInfo
.start
= 0;
302 mtdLockInfo
.length
= mtdsize
;
303 ioctl(fd
, MEMUNLOCK
, &mtdLockInfo
);
315 mtd_erase(const char *mtd
)
318 struct erase_info_user mtdEraseInfo
;
321 fprintf(stderr
, "Erasing %s ...\n", mtd
);
323 fd
= mtd_check_open(mtd
);
325 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
329 mtdEraseInfo
.length
= erasesize
;
331 for (mtdEraseInfo
.start
= 0;
332 mtdEraseInfo
.start
< mtdsize
;
333 mtdEraseInfo
.start
+= erasesize
) {
334 if (mtd_block_is_bad(fd
, mtdEraseInfo
.start
)) {
336 fprintf(stderr
, "\nSkipping bad block at 0x%x ", mtdEraseInfo
.start
);
338 ioctl(fd
, MEMUNLOCK
, &mtdEraseInfo
);
339 if(ioctl(fd
, MEMERASE
, &mtdEraseInfo
))
340 fprintf(stderr
, "Failed to erase block on %s at 0x%x\n", mtd
, mtdEraseInfo
.start
);
350 mtd_dump(const char *mtd
, int part_offset
, int size
)
352 int ret
= 0, offset
= 0;
357 fprintf(stderr
, "Dumping %s ...\n", mtd
);
359 fd
= mtd_check_open(mtd
);
361 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
369 lseek(fd
, part_offset
, SEEK_SET
);
371 buf
= malloc(erasesize
);
376 int len
= (size
> erasesize
) ? (erasesize
) : (size
);
377 int rlen
= read(fd
, buf
, len
);
385 if (!rlen
|| rlen
!= len
)
387 if (mtd_block_is_bad(fd
, offset
)) {
388 fprintf(stderr
, "skipping bad block at 0x%08x\n", offset
);
402 mtd_verify(const char *mtd
, char *file
)
404 uint32_t f_md5
[4], m_md5
[4];
411 fprintf(stderr
, "Verifying %s against %s ...\n", mtd
, file
);
413 if (stat(file
, &s
) || md5sum(file
, f_md5
) < 0) {
414 fprintf(stderr
, "Failed to hash %s\n", file
);
418 fd
= mtd_check_open(mtd
);
420 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
427 int len
= (s
.st_size
> sizeof(buf
)) ? (sizeof(buf
)) : (s
.st_size
);
428 int rlen
= read(fd
, buf
, len
);
438 md5_hash(buf
, rlen
, &ctx
);
440 } while (s
.st_size
> 0);
442 md5_end(m_md5
, &ctx
);
444 fprintf(stderr
, "%08x%08x%08x%08x - %s\n", m_md5
[0], m_md5
[1], m_md5
[2], m_md5
[3], mtd
);
445 fprintf(stderr
, "%08x%08x%08x%08x - %s\n", f_md5
[0], f_md5
[1], f_md5
[2], f_md5
[3], file
);
447 ret
= memcmp(f_md5
, m_md5
, sizeof(m_md5
));
449 fprintf(stderr
, "Success\n");
451 fprintf(stderr
, "Failed\n");
459 indicate_writing(const char *mtd
)
462 fprintf(stderr
, "\nWriting from %s to %s ... ", imagefile
, mtd
);
465 fprintf(stderr
, " [ ]");
469 mtd_write(int imagefd
, const char *mtd
, char *fis_layout
, size_t part_offset
)
478 int jffs2_replaced
= 0;
479 int skip_bad_blocks
= 0;
482 static struct fis_part new_parts
[MAX_ARGS
];
483 static struct fis_part old_parts
[MAX_ARGS
];
484 struct fis_part
*cur_part
= NULL
;
485 int n_new
= 0, n_old
= 0;
488 const char *tmp
= mtd
;
492 memset(&old_parts
, 0, sizeof(old_parts
));
493 memset(&new_parts
, 0, sizeof(new_parts
));
495 cur_part
= new_parts
;
498 next
= strchr(tmp
, ':');
500 next
= (char *) tmp
+ strlen(tmp
);
502 memcpy(old_parts
[n_old
].name
, tmp
, next
- tmp
);
508 for (word
= strtok_r(fis_layout
, ",", &brkt
);
510 word
= strtok_r(NULL
, ",", &brkt
)) {
512 tmp
= strtok(word
, ":");
513 strncpy((char *) new_parts
[n_new
].name
, tmp
, sizeof(new_parts
[n_new
].name
) - 1);
515 tmp
= strtok(NULL
, ":");
519 new_parts
[n_new
].size
= strtoul(tmp
, NULL
, 0);
521 tmp
= strtok(NULL
, ":");
525 new_parts
[n_new
].loadaddr
= strtoul(tmp
, NULL
, 16);
529 ret
= fis_validate(old_parts
, n_old
, new_parts
, n_new
);
531 fprintf(stderr
, "Failed to validate the new FIS partition table\n");
539 if (strchr(mtd
, ':')) {
547 next
= strchr(mtd
, ':');
553 fd
= mtd_check_open(mtd
);
555 fprintf(stderr
, "Could not open mtd device: %s\n", mtd
);
558 if (part_offset
> 0) {
559 fprintf(stderr
, "Seeking on mtd device '%s' to: %zu\n", mtd
, part_offset
);
560 lseek(fd
, part_offset
, SEEK_SET
);
563 /* Write TP-Link recovery flag */
564 if (tpl_uboot_args_part
&& mtd_tpl_recoverflag_write
) {
566 fprintf(stderr
, "Writing recovery flag to %s\n", tpl_uboot_args_part
);
567 result
= mtd_tpl_recoverflag_write(tpl_uboot_args_part
, true);
569 fprintf(stderr
, "Could not write TP-Link recovery flag to %s: %i", mtd
, result
);
574 indicate_writing(mtd
);
578 /* buffer may contain data already (from trx check or last mtd partition write attempt) */
579 while (buflen
< erasesize
) {
580 r
= read(imagefd
, buf
+ buflen
, erasesize
- buflen
);
582 if ((errno
== EINTR
) || (errno
== EAGAIN
))
602 if (buflen
< erasesize
) {
603 /* Pad block to eraseblock size */
604 memset(&buf
[buflen
], 0xff, erasesize
- buflen
);
613 indicate_writing(mtd
);
618 if (jffs2file
&& w
>= jffs2_skip_bytes
) {
619 if (memcmp(buf
, JFFS2_EOF
, sizeof(JFFS2_EOF
) - 1) == 0) {
621 fprintf(stderr
, "\b\b\b ");
623 fprintf(stderr
, "\nAppending jffs2 data from %s to %s..\n.", jffs2file
, mtd
);
624 /* got an EOF marker - this is the place to add some jffs2 data */
625 skip
= mtd_replace_jffs2(mtd
, fd
, e
, jffs2file
);
628 /* don't add it again */
639 /* no EOF marker, make sure we figure out the last inode number
640 * before appending some data */
641 mtd_parse_jffs2data(buf
, jffs2dir
);
644 /* need to erase the next block before writing data to it */
647 while (w
+ buflen
> e
- skip_bad_blocks
) {
649 fprintf(stderr
, "\b\b\b[e]");
651 if (mtd_block_is_bad(fd
, e
)) {
653 fprintf(stderr
, "\nSkipping bad block at 0x%08zx ", e
);
655 skip_bad_blocks
+= erasesize
;
658 // Move the file pointer along over the bad block.
659 lseek(fd
, erasesize
, SEEK_CUR
);
663 if (mtd_erase_block(fd
, e
+ part_offset
) < 0) {
666 write(fd
, buf
+ offset
, e
- w
);
673 fprintf(stderr
, "\b\b\b \n");
676 fprintf(stderr
, "Failed to erase block\n");
681 /* erase the chunk */
687 fprintf(stderr
, "\b\b\b[w]");
689 if ((result
= write(fd
, buf
+ offset
, buflen
)) < buflen
) {
691 fprintf(stderr
, "Error writing image.\n");
694 fprintf(stderr
, "Insufficient space.\n");
701 if (cur_part
&& cur_part
->size
702 && cur_part
< &new_parts
[MAX_ARGS
- 1]
703 && cur_part
->length
+ buflen_raw
> cur_part
->size
)
706 cur_part
->length
+= buflen_raw
;
707 cur_part
->crc
= crc32(cur_part
->crc
, buf
, buflen_raw
);
715 if (jffs2_replaced
) {
716 switch (imageformat
) {
717 case MTD_IMAGE_FORMAT_TRX
:
721 case MTD_IMAGE_FORMAT_SEAMA
:
723 mtd_fixseama(mtd
, 0, 0);
725 case MTD_IMAGE_FORMAT_WRG
:
727 mtd_fixwrg(mtd
, 0, 0);
729 case MTD_IMAGE_FORMAT_WRGG03
:
731 mtd_fixwrgg(mtd
, 0, 0);
739 fprintf(stderr
, "\b\b\b\b ");
742 fprintf(stderr
, "\n");
746 if (fis_remap(old_parts
, n_old
, new_parts
, n_new
) < 0)
747 fprintf(stderr
, "Failed to update the FIS partition table\n");
753 /* Clear TP-Link recovery flag */
754 if (tpl_uboot_args_part
&& mtd_tpl_recoverflag_write
) {
756 fprintf(stderr
, "Removing recovery flag from %s\n", tpl_uboot_args_part
);
757 result
= mtd_tpl_recoverflag_write(tpl_uboot_args_part
, false);
759 fprintf(stderr
, "Could not clear TP-Link recovery flag to %s: %i", mtd
, result
);
767 static void usage(void)
769 fprintf(stderr
, "Usage: mtd [<options> ...] <command> [<arguments> ...] <device>[:<device>...]\n\n"
770 "The device is in the format of mtdX (eg: mtd4) or its label.\n"
771 "mtd recognizes these commands:\n"
772 " unlock unlock the device\n"
773 " refresh refresh mtd partition\n"
774 " erase erase all data on device\n"
775 " verify <imagefile>|- verify <imagefile> (use - for stdin) to device\n"
776 " write <imagefile>|- write <imagefile> (use - for stdin) to device\n"
777 " jffs2write <file> append <file> to the jffs2 partition on the device\n");
780 " resetbc <device> reset the uboot boot counter\n");
784 " fixtrx fix the checksum in a trx header on first boot\n");
788 " fixseama fix the checksum in a seama header on first boot\n");
792 " fixwrg fix the checksum in a wrg header on first boot\n");
796 " fixwrgg fix the checksum in a wrgg header on first boot\n");
799 "Following options are available:\n"
800 " -q quiet mode (once: no [w] on writing,\n"
801 " twice: no status messages)\n"
802 " -n write without first erasing the blocks\n"
803 " -r reboot after successful command\n"
804 " -f force write without trx checks\n"
805 " -e <device> erase <device> before executing the command\n"
806 " -d <name> directory for jffs2write, defaults to \"tmp\"\n"
807 " -j <name> integrate <file> into jffs2 data when writing an image\n"
808 " -s <number> skip the first n bytes when appending data to the jffs2 partiton, defaults to \"0\"\n"
809 " -p <number> write beginning at partition offset\n"
810 " -l <length> the length of data that we want to dump\n");
813 " -o offset offset of the image header in the partition(for fixtrx)\n");
815 if (mtd_fixtrx
|| mtd_fixseama
|| mtd_fixwrg
|| mtd_fixwrgg
) {
817 " -c datasize amount of data to be used for checksum calculation (for fixtrx / fixseama / fixwrg / fixwrgg)\n");
819 if (mtd_tpl_recoverflag_write
) {
821 " -t <partition> write TP-Link recovery-flag to <partition> (for write)\n");
825 " -F <part>[:<size>[:<entrypoint>]][,<part>...]\n"
826 " alter the fis partition table to create new partitions replacing\n"
827 " the partitions provided as argument to the write command\n"
828 " (only valid together with the write command)\n"
831 "Example: To write linux.trx to mtd4 labeled as linux and reboot afterwards\n"
832 " mtd -r write linux.trx linux\n\n");
836 static void do_reboot(void)
838 fprintf(stderr
, "Rebooting ...\n");
841 /* try regular reboot method first */
842 system("/sbin/reboot");
845 /* if we're still alive at this point, force the kernel to reboot */
846 syscall(SYS_reboot
,LINUX_REBOOT_MAGIC1
,LINUX_REBOOT_MAGIC2
,LINUX_REBOOT_CMD_RESTART
,NULL
);
849 int main (int argc
, char **argv
)
851 int ch
, i
, boot
, imagefd
= 0, force
, unlocked
;
852 char *erase
[MAX_ARGS
], *device
= NULL
;
853 char *fis_layout
= NULL
;
854 size_t offset
= 0, data_size
= 0, part_offset
= 0, dump_len
= 0;
876 while ((ch
= getopt(argc
, argv
,
880 "frnqe:d:s:j:p:o:c:t:l:")) != -1)
896 jffs2_skip_bytes
= strtoul(optarg
, 0, 0);
898 fprintf(stderr
, "-s: illegal numeric string\n");
907 while ((erase
[i
] != NULL
) && ((i
+ 1) < MAX_ARGS
))
918 part_offset
= strtoul(optarg
, 0, 0);
920 fprintf(stderr
, "-p: illegal numeric string\n");
926 dump_len
= strtoul(optarg
, 0, 0);
928 fprintf(stderr
, "-l: illegal numeric string\n");
934 offset
= strtoul(optarg
, 0, 0);
936 fprintf(stderr
, "-o: illegal numeric string\n");
942 data_size
= strtoul(optarg
, 0, 0);
944 fprintf(stderr
, "-c: illegal numeric string\n");
949 tpl_uboot_args_part
= optarg
;
966 if ((strcmp(argv
[0], "unlock") == 0) && (argc
== 2)) {
969 } else if ((strcmp(argv
[0], "erase") == 0) && (argc
== 2)) {
972 } else if (((strcmp(argv
[0], "resetbc") == 0) && (argc
== 2)) && mtd_resetbc
) {
975 } else if (((strcmp(argv
[0], "fixtrx") == 0) && (argc
== 2)) && mtd_fixtrx
) {
978 } else if (((strcmp(argv
[0], "fixseama") == 0) && (argc
== 2)) && mtd_fixseama
) {
981 } else if (((strcmp(argv
[0], "fixwrg") == 0) && (argc
== 2)) && mtd_fixwrg
) {
984 } else if (((strcmp(argv
[0], "fixwrgg") == 0) && (argc
== 2)) && mtd_fixwrgg
) {
987 } else if ((strcmp(argv
[0], "verify") == 0) && (argc
== 3)) {
991 } else if ((strcmp(argv
[0], "dump") == 0) && (argc
== 2)) {
994 } else if ((strcmp(argv
[0], "write") == 0) && (argc
== 3)) {
998 if (strcmp(argv
[1], "-") == 0) {
999 imagefile
= "<stdin>";
1002 imagefile
= argv
[1];
1003 if ((imagefd
= open(argv
[1], O_RDONLY
)) < 0) {
1004 fprintf(stderr
, "Couldn't open image file: %s!\n", imagefile
);
1009 if (!mtd_check(device
)) {
1010 fprintf(stderr
, "Can't open device for writing!\n");
1013 /* check trx file before erasing or writing anything */
1014 if (!image_check(imagefd
, device
) && !force
) {
1015 fprintf(stderr
, "Image check failed.\n");
1018 } else if ((strcmp(argv
[0], "jffs2write") == 0) && (argc
== 3)) {
1019 cmd
= CMD_JFFS2WRITE
;
1022 imagefile
= argv
[1];
1023 if (!mtd_check(device
)) {
1024 fprintf(stderr
, "Can't open device for writing!\n");
1035 while (erase
[i
] != NULL
) {
1036 mtd_unlock(erase
[i
]);
1037 mtd_erase(erase
[i
]);
1038 if (strcmp(erase
[i
], device
) == 0)
1049 mtd_verify(device
, imagefile
);
1052 mtd_dump(device
, offset
, dump_len
);
1062 mtd_write(imagefd
, device
, fis_layout
, part_offset
);
1064 case CMD_JFFS2WRITE
:
1067 mtd_write_jffs2(device
, imagefile
, jffs2dir
);
1071 mtd_fixtrx(device
, offset
, data_size
);
1076 mtd_resetbc(device
);
1081 mtd_fixseama(device
, 0, data_size
);
1085 mtd_fixwrg(device
, 0, data_size
);
1089 mtd_fixwrgg(device
, 0, data_size
);