2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
45 #include <arpa/inet.h>
47 #include <sys/types.h>
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
57 #define MAX_PARTITIONS 32
59 /** An image partition table entry */
60 struct image_partition_entry
{
66 /** A flash partition table entry */
67 struct flash_partition_entry
{
73 /** Firmware layout description */
77 const char *support_list
;
80 struct flash_partition_entry partitions
[MAX_PARTITIONS
+1];
81 const char *first_sysupgrade_partition
;
82 const char *last_sysupgrade_partition
;
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__
)) soft_version
{
90 uint8_t version_major
;
91 uint8_t version_minor
;
92 uint8_t version_patch
;
102 static const uint8_t jffs2_eof_mark
[4] = {0xde, 0xad, 0xc0, 0xde};
106 Salt for the MD5 hash
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
111 static const uint8_t md5_salt
[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
119 /** Firmware layout table */
120 static struct device_info boards
[] = {
121 /** Firmware layout for the CPE210/220 */
124 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail
= '\xff',
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
154 .first_sysupgrade_partition
= "os-image",
155 .last_sysupgrade_partition
= "support-list",
158 /** Firmware layout for the CPE210 V2 */
161 .vendor
= "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail
= '\xff',
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"firmware", 0x40000, 0x770000},
186 {"soft-version", 0x7b0000, 0x00100},
187 {"support-list", 0x7b1000, 0x01000},
188 {"user-config", 0x7c0000, 0x10000},
189 {"default-config", 0x7d0000, 0x10000},
190 {"log", 0x7e0000, 0x10000},
191 {"radio", 0x7f0000, 0x10000},
195 .first_sysupgrade_partition
= "os-image",
196 .last_sysupgrade_partition
= "support-list",
199 /** Firmware layout for the CPE210 V3 */
202 .vendor
= "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n",
205 "CPE210(TP-LINK|EU|N300-2|45550000):3.0\r\n"
206 "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n"
207 "CPE210(TP-LINK|UN|N300-2):3.0\r\n"
208 "CPE210(TP-LINK|EU|N300-2):3.0\r\n",
209 .support_trail
= '\xff',
213 {"fs-uboot", 0x00000, 0x20000},
214 {"partition-table", 0x20000, 0x01000},
215 {"default-mac", 0x30000, 0x00020},
216 {"product-info", 0x31100, 0x00100},
217 {"device-info", 0x31400, 0x00400},
218 {"signature", 0x32000, 0x00400},
219 {"device-id", 0x33000, 0x00100},
220 {"firmware", 0x40000, 0x770000},
221 {"soft-version", 0x7b0000, 0x00100},
222 {"support-list", 0x7b1000, 0x01000},
223 {"user-config", 0x7c0000, 0x10000},
224 {"default-config", 0x7d0000, 0x10000},
225 {"log", 0x7e0000, 0x10000},
226 {"radio", 0x7f0000, 0x10000},
230 .first_sysupgrade_partition
= "os-image",
231 .last_sysupgrade_partition
= "support-list",
234 /** Firmware layout for the CPE510/520 */
237 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
240 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
241 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
242 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
243 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
244 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
245 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
246 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
247 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
248 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
249 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
250 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
251 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
252 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
253 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
254 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
255 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
256 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
257 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
258 .support_trail
= '\xff',
262 {"fs-uboot", 0x00000, 0x20000},
263 {"partition-table", 0x20000, 0x02000},
264 {"default-mac", 0x30000, 0x00020},
265 {"product-info", 0x31100, 0x00100},
266 {"signature", 0x32000, 0x00400},
267 {"os-image", 0x40000, 0x1c0000},
268 {"file-system", 0x200000, 0x5b0000},
269 {"soft-version", 0x7b0000, 0x00100},
270 {"support-list", 0x7b1000, 0x00400},
271 {"user-config", 0x7c0000, 0x10000},
272 {"default-config", 0x7d0000, 0x10000},
273 {"log", 0x7e0000, 0x10000},
274 {"radio", 0x7f0000, 0x10000},
278 .first_sysupgrade_partition
= "os-image",
279 .last_sysupgrade_partition
= "support-list",
282 /** Firmware layout for the CPE510 V2 */
285 .vendor
= "CPE510(TP-LINK|UN|N300-5):2.0\r\n",
288 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
289 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
290 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
291 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
292 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
293 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
294 "CPE510(TP-LINK|US|N300-5|00000000):2.0\r\n"
295 "CPE510(TP-LINK|US|N300-5|45550000):2.0\r\n"
296 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
297 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
298 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
299 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
300 .support_trail
= '\xff',
304 {"fs-uboot", 0x00000, 0x20000},
305 {"partition-table", 0x20000, 0x02000},
306 {"default-mac", 0x30000, 0x00020},
307 {"product-info", 0x31100, 0x00100},
308 {"signature", 0x32000, 0x00400},
309 {"os-image", 0x40000, 0x200000},
310 {"file-system", 0x240000, 0x570000},
311 {"soft-version", 0x7b0000, 0x00100},
312 {"support-list", 0x7b1000, 0x00400},
313 {"user-config", 0x7c0000, 0x10000},
314 {"default-config", 0x7d0000, 0x10000},
315 {"log", 0x7e0000, 0x10000},
316 {"radio", 0x7f0000, 0x10000},
320 .first_sysupgrade_partition
= "os-image",
321 .last_sysupgrade_partition
= "support-list",
324 /** Firmware layout for the CPE510 V3 */
327 .vendor
= "CPE510(TP-LINK|UN|N300-5):3.0\r\n",
330 "CPE510(TP-LINK|EU|N300-5|00000000):3.0\r\n"
331 "CPE510(TP-LINK|EU|N300-5|45550000):3.0\r\n"
332 "CPE510(TP-LINK|EU|N300-5|55530000):3.0\r\n"
333 "CPE510(TP-LINK|UN|N300-5|00000000):3.0\r\n"
334 "CPE510(TP-LINK|UN|N300-5|45550000):3.0\r\n"
335 "CPE510(TP-LINK|UN|N300-5|55530000):3.0\r\n"
336 "CPE510(TP-LINK|US|N300-5|00000000):3.0\r\n"
337 "CPE510(TP-LINK|US|N300-5|45550000):3.0\r\n"
338 "CPE510(TP-LINK|US|N300-5|55530000):3.0\r\n"
339 "CPE510(TP-LINK|UN|N300-5):3.0\r\n"
340 "CPE510(TP-LINK|EU|N300-5):3.0\r\n"
341 "CPE510(TP-LINK|US|N300-5):3.0\r\n",
342 .support_trail
= '\xff',
346 {"fs-uboot", 0x00000, 0x20000},
347 {"partition-table", 0x20000, 0x02000},
348 {"default-mac", 0x30000, 0x00020},
349 {"product-info", 0x31100, 0x00100},
350 {"signature", 0x32000, 0x00400},
351 {"os-image", 0x40000, 0x200000},
352 {"file-system", 0x240000, 0x570000},
353 {"soft-version", 0x7b0000, 0x00100},
354 {"support-list", 0x7b1000, 0x00400},
355 {"user-config", 0x7c0000, 0x10000},
356 {"default-config", 0x7d0000, 0x10000},
357 {"log", 0x7e0000, 0x10000},
358 {"radio", 0x7f0000, 0x10000},
362 .first_sysupgrade_partition
= "os-image",
363 .last_sysupgrade_partition
= "support-list",
366 /** Firmware layout for the CPE610V1 */
369 .vendor
= "CPE610(TP-LINK|UN|N300-5|00000000):1.0\r\n",
372 "CPE610(TP-LINK|EU|N300-5|00000000):1.0\r\n"
373 "CPE610(TP-LINK|EU|N300-5|45550000):1.0\r\n"
374 "CPE610(TP-LINK|EU|N300-5|55530000):1.0\r\n"
375 "CPE610(TP-LINK|UN|N300-5|00000000):1.0\r\n"
376 "CPE610(TP-LINK|UN|N300-5|45550000):1.0\r\n"
377 "CPE610(TP-LINK|UN|N300-5|55530000):1.0\r\n"
378 "CPE610(TP-LINK|US|N300-5|55530000):1.0\r\n"
379 "CPE610(TP-LINK|UN|N300-5):1.0\r\n"
380 "CPE610(TP-LINK|EU|N300-5):1.0\r\n"
381 "CPE610(TP-LINK|US|N300-5):1.0\r\n",
382 .support_trail
= '\xff',
386 {"fs-uboot", 0x00000, 0x20000},
387 {"partition-table", 0x20000, 0x02000},
388 {"default-mac", 0x30000, 0x00020},
389 {"product-info", 0x31100, 0x00100},
390 {"signature", 0x32000, 0x00400},
391 {"os-image", 0x40000, 0x200000},
392 {"file-system", 0x240000, 0x570000},
393 {"soft-version", 0x7b0000, 0x00100},
394 {"support-list", 0x7b1000, 0x00400},
395 {"user-config", 0x7c0000, 0x10000},
396 {"default-config", 0x7d0000, 0x10000},
397 {"log", 0x7e0000, 0x10000},
398 {"radio", 0x7f0000, 0x10000},
402 .first_sysupgrade_partition
= "os-image",
403 .last_sysupgrade_partition
= "support-list",
408 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
411 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
412 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
413 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
414 .support_trail
= '\xff',
418 {"fs-uboot", 0x00000, 0x20000},
419 {"partition-table", 0x20000, 0x02000},
420 {"default-mac", 0x30000, 0x00020},
421 {"product-info", 0x31100, 0x00100},
422 {"signature", 0x32000, 0x00400},
423 {"os-image", 0x40000, 0x1c0000},
424 {"file-system", 0x200000, 0x5b0000},
425 {"soft-version", 0x7b0000, 0x00100},
426 {"support-list", 0x7b1000, 0x00400},
427 {"user-config", 0x7c0000, 0x10000},
428 {"default-config", 0x7d0000, 0x10000},
429 {"log", 0x7e0000, 0x10000},
430 {"radio", 0x7f0000, 0x10000},
434 .first_sysupgrade_partition
= "os-image",
435 .last_sysupgrade_partition
= "support-list",
440 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
443 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
444 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
445 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
446 .support_trail
= '\xff',
450 {"fs-uboot", 0x00000, 0x20000},
451 {"partition-table", 0x20000, 0x02000},
452 {"default-mac", 0x30000, 0x00020},
453 {"product-info", 0x31100, 0x00100},
454 {"signature", 0x32000, 0x00400},
455 {"os-image", 0x40000, 0x1c0000},
456 {"file-system", 0x200000, 0x5b0000},
457 {"soft-version", 0x7b0000, 0x00100},
458 {"support-list", 0x7b1000, 0x00400},
459 {"user-config", 0x7c0000, 0x10000},
460 {"default-config", 0x7d0000, 0x10000},
461 {"log", 0x7e0000, 0x10000},
462 {"radio", 0x7f0000, 0x10000},
466 .first_sysupgrade_partition
= "os-image",
467 .last_sysupgrade_partition
= "support-list",
470 /** Firmware layout for the C2600 */
476 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
477 .support_trail
= '\x00',
481 We use a bigger os-image partition than the stock images (and thus
482 smaller file-system), as our kernel doesn't fit in the stock firmware's
483 2 MB os-image since kernel 4.14.
486 {"SBL1", 0x00000, 0x20000},
487 {"MIBIB", 0x20000, 0x20000},
488 {"SBL2", 0x40000, 0x20000},
489 {"SBL3", 0x60000, 0x30000},
490 {"DDRCONFIG", 0x90000, 0x10000},
491 {"SSD", 0xa0000, 0x10000},
492 {"TZ", 0xb0000, 0x30000},
493 {"RPM", 0xe0000, 0x20000},
494 {"fs-uboot", 0x100000, 0x70000},
495 {"uboot-env", 0x170000, 0x40000},
496 {"radio", 0x1b0000, 0x40000},
497 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
498 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
499 {"default-mac", 0x1ef0000, 0x00200},
500 {"pin", 0x1ef0200, 0x00200},
501 {"product-info", 0x1ef0400, 0x0fc00},
502 {"partition-table", 0x1f00000, 0x10000},
503 {"soft-version", 0x1f10000, 0x10000},
504 {"support-list", 0x1f20000, 0x10000},
505 {"profile", 0x1f30000, 0x10000},
506 {"default-config", 0x1f40000, 0x10000},
507 {"user-config", 0x1f50000, 0x40000},
508 {"qos-db", 0x1f90000, 0x40000},
509 {"usb-config", 0x1fd0000, 0x10000},
510 {"log", 0x1fe0000, 0x20000},
514 .first_sysupgrade_partition
= "os-image",
515 .last_sysupgrade_partition
= "file-system"
518 /** Firmware layout for the A7-V5 */
520 .id
= "ARCHER-A7-V5",
523 "{product_name:Archer A7,product_ver:5.0.0,special_id:45550000}\n"
524 "{product_name:Archer A7,product_ver:5.0.0,special_id:55530000}\n"
525 "{product_name:Archer A7,product_ver:5.0.0,special_id:43410000}\n"
526 "{product_name:Archer A7,product_ver:5.0.0,special_id:4A500000}\n"
527 "{product_name:Archer A7,product_ver:5.0.0,special_id:54570000}\n",
528 .support_trail
= '\x00',
529 .soft_ver
= "soft_ver:1.0.0\n",
531 /* We're using a dynamic kernel/rootfs split here */
533 {"factory-boot", 0x00000, 0x20000},
534 {"fs-uboot", 0x20000, 0x20000},
535 {"firmware", 0x40000, 0xec0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
536 /* Stock: name file-system base 0x160000 size 0xda0000 */
537 {"default-mac", 0xf40000, 0x00200},
538 {"pin", 0xf40200, 0x00200},
539 {"device-id", 0xf40400, 0x00100},
540 {"product-info", 0xf40500, 0x0fb00},
541 {"soft-version", 0xf50000, 0x00100},
542 {"extra-para", 0xf51000, 0x01000},
543 {"support-list", 0xf52000, 0x0a000},
544 {"profile", 0xf5c000, 0x04000},
545 {"default-config", 0xf60000, 0x10000},
546 {"user-config", 0xf70000, 0x40000},
547 {"certificate", 0xfb0000, 0x10000},
548 {"partition-table", 0xfc0000, 0x10000},
549 {"log", 0xfd0000, 0x20000},
550 {"radio", 0xff0000, 0x10000},
554 .first_sysupgrade_partition
= "os-image",
555 .last_sysupgrade_partition
= "file-system",
558 /** Firmware layout for the C2v3 */
560 .id
= "ARCHER-C2-V3",
563 "{product_name:ArcherC2,product_ver:3.0.0,special_id:00000000}\n"
564 "{product_name:ArcherC2,product_ver:3.0.0,special_id:55530000}\n"
565 "{product_name:ArcherC2,product_ver:3.0.0,special_id:45550000}\n",
566 .support_trail
= '\x00',
567 .soft_ver
= "soft_ver:3.0.1\n",
569 /** We're using a dynamic kernel/rootfs split here */
572 {"factory-boot", 0x00000, 0x20000},
573 {"fs-uboot", 0x20000, 0x10000},
574 {"firmware", 0x30000, 0x7a0000},
575 {"user-config", 0x7d0000, 0x04000},
576 {"default-mac", 0x7e0000, 0x00100},
577 {"device-id", 0x7e0100, 0x00100},
578 {"extra-para", 0x7e0200, 0x00100},
579 {"pin", 0x7e0300, 0x00100},
580 {"support-list", 0x7e0400, 0x00400},
581 {"soft-version", 0x7e0800, 0x00400},
582 {"product-info", 0x7e0c00, 0x01400},
583 {"partition-table", 0x7e2000, 0x01000},
584 {"profile", 0x7e3000, 0x01000},
585 {"default-config", 0x7e4000, 0x04000},
586 {"merge-config", 0x7ec000, 0x02000},
587 {"qos-db", 0x7ee000, 0x02000},
588 {"radio", 0x7f0000, 0x10000},
592 .first_sysupgrade_partition
= "os-image",
593 .last_sysupgrade_partition
= "file-system",
596 /** Firmware layout for the C25v1 */
598 .id
= "ARCHER-C25-V1",
601 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
602 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
603 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
604 .support_trail
= '\x00',
605 .soft_ver
= "soft_ver:1.0.0\n",
607 /* We're using a dynamic kernel/rootfs split here */
609 {"factory-boot", 0x00000, 0x20000},
610 {"fs-uboot", 0x20000, 0x10000},
611 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
612 /* Stock: name file-system base 0x130000 size 0x6a0000 */
613 {"user-config", 0x7d0000, 0x04000},
614 {"default-mac", 0x7e0000, 0x00100},
615 {"device-id", 0x7e0100, 0x00100},
616 {"extra-para", 0x7e0200, 0x00100},
617 {"pin", 0x7e0300, 0x00100},
618 {"support-list", 0x7e0400, 0x00400},
619 {"soft-version", 0x7e0800, 0x00400},
620 {"product-info", 0x7e0c00, 0x01400},
621 {"partition-table", 0x7e2000, 0x01000},
622 {"profile", 0x7e3000, 0x01000},
623 {"default-config", 0x7e4000, 0x04000},
624 {"merge-config", 0x7ec000, 0x02000},
625 {"qos-db", 0x7ee000, 0x02000},
626 {"radio", 0x7f0000, 0x10000},
630 .first_sysupgrade_partition
= "os-image",
631 .last_sysupgrade_partition
= "file-system",
634 /** Firmware layout for the C58v1 */
636 .id
= "ARCHER-C58-V1",
640 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
641 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
642 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
643 .support_trail
= '\x00',
644 .soft_ver
= "soft_ver:1.0.0\n",
647 {"fs-uboot", 0x00000, 0x10000},
648 {"default-mac", 0x10000, 0x00200},
649 {"pin", 0x10200, 0x00200},
650 {"product-info", 0x10400, 0x00100},
651 {"partition-table", 0x10500, 0x00800},
652 {"soft-version", 0x11300, 0x00200},
653 {"support-list", 0x11500, 0x00100},
654 {"device-id", 0x11600, 0x00100},
655 {"profile", 0x11700, 0x03900},
656 {"default-config", 0x15000, 0x04000},
657 {"user-config", 0x19000, 0x04000},
658 {"firmware", 0x20000, 0x7c8000},
659 {"certyficate", 0x7e8000, 0x08000},
660 {"radio", 0x7f0000, 0x10000},
664 .first_sysupgrade_partition
= "os-image",
665 .last_sysupgrade_partition
= "file-system",
668 /** Firmware layout for the C59v1 */
670 .id
= "ARCHER-C59-V1",
674 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
675 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
676 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
677 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
678 .support_trail
= '\x00',
679 .soft_ver
= "soft_ver:1.0.0\n",
681 /* We're using a dynamic kernel/rootfs split here */
683 {"fs-uboot", 0x00000, 0x10000},
684 {"default-mac", 0x10000, 0x00200},
685 {"pin", 0x10200, 0x00200},
686 {"device-id", 0x10400, 0x00100},
687 {"product-info", 0x10500, 0x0fb00},
688 {"firmware", 0x20000, 0xe30000},
689 {"partition-table", 0xe50000, 0x10000},
690 {"soft-version", 0xe60000, 0x10000},
691 {"support-list", 0xe70000, 0x10000},
692 {"profile", 0xe80000, 0x10000},
693 {"default-config", 0xe90000, 0x10000},
694 {"user-config", 0xea0000, 0x40000},
695 {"usb-config", 0xee0000, 0x10000},
696 {"certificate", 0xef0000, 0x10000},
697 {"qos-db", 0xf00000, 0x40000},
698 {"log", 0xfe0000, 0x10000},
699 {"radio", 0xff0000, 0x10000},
703 .first_sysupgrade_partition
= "os-image",
704 .last_sysupgrade_partition
= "file-system",
707 /** Firmware layout for the C59v2 */
709 .id
= "ARCHER-C59-V2",
713 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
714 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
715 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
716 .support_trail
= '\x00',
717 .soft_ver
= "soft_ver:2.0.0 Build 20161206 rel.7303\n",
719 /** We're using a dynamic kernel/rootfs split here */
721 {"factory-boot", 0x00000, 0x20000},
722 {"fs-uboot", 0x20000, 0x10000},
723 {"default-mac", 0x30000, 0x00200},
724 {"pin", 0x30200, 0x00200},
725 {"device-id", 0x30400, 0x00100},
726 {"product-info", 0x30500, 0x0fb00},
727 {"firmware", 0x40000, 0xe10000},
728 {"partition-table", 0xe50000, 0x10000},
729 {"soft-version", 0xe60000, 0x10000},
730 {"support-list", 0xe70000, 0x10000},
731 {"profile", 0xe80000, 0x10000},
732 {"default-config", 0xe90000, 0x10000},
733 {"user-config", 0xea0000, 0x40000},
734 {"usb-config", 0xee0000, 0x10000},
735 {"certificate", 0xef0000, 0x10000},
736 {"extra-para", 0xf00000, 0x10000},
737 {"qos-db", 0xf10000, 0x30000},
738 {"log", 0xfe0000, 0x10000},
739 {"radio", 0xff0000, 0x10000},
743 .first_sysupgrade_partition
= "os-image",
744 .last_sysupgrade_partition
= "file-system",
747 /** Firmware layout for the C6v2 */
749 .id
= "ARCHER-C6-V2",
753 "{product_name:Archer C6,product_ver:2.0.0,special_id:45550000}\r\n"
754 "{product_name:Archer C6,product_ver:2.0.0,special_id:52550000}\r\n"
755 "{product_name:Archer C6,product_ver:2.0.0,special_id:4A500000}\r\n",
756 .support_trail
= '\x00',
757 .soft_ver
= "soft_ver:1.0.0\n",
760 {"fs-uboot", 0x00000, 0x20000},
761 {"default-mac", 0x20000, 0x00200},
762 {"pin", 0x20200, 0x00100},
763 {"product-info", 0x20300, 0x00200},
764 {"device-id", 0x20500, 0x0fb00},
765 {"firmware", 0x30000, 0x7a9400},
766 {"soft-version", 0x7d9400, 0x00100},
767 {"extra-para", 0x7d9500, 0x00100},
768 {"support-list", 0x7d9600, 0x00200},
769 {"profile", 0x7d9800, 0x03000},
770 {"default-config", 0x7dc800, 0x03000},
771 {"partition-table", 0x7df800, 0x00800},
772 {"user-config", 0x7e0000, 0x0c000},
773 {"certificate", 0x7ec000, 0x04000},
774 {"radio", 0x7f0000, 0x10000},
778 .first_sysupgrade_partition
= "os-image",
779 .last_sysupgrade_partition
= "file-system",
783 /** Firmware layout for the C60v1 */
785 .id
= "ARCHER-C60-V1",
789 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
790 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
791 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
792 .support_trail
= '\x00',
793 .soft_ver
= "soft_ver:1.0.0\n",
796 {"fs-uboot", 0x00000, 0x10000},
797 {"default-mac", 0x10000, 0x00200},
798 {"pin", 0x10200, 0x00200},
799 {"product-info", 0x10400, 0x00100},
800 {"partition-table", 0x10500, 0x00800},
801 {"soft-version", 0x11300, 0x00200},
802 {"support-list", 0x11500, 0x00100},
803 {"device-id", 0x11600, 0x00100},
804 {"profile", 0x11700, 0x03900},
805 {"default-config", 0x15000, 0x04000},
806 {"user-config", 0x19000, 0x04000},
807 {"firmware", 0x20000, 0x7c8000},
808 {"certyficate", 0x7e8000, 0x08000},
809 {"radio", 0x7f0000, 0x10000},
813 .first_sysupgrade_partition
= "os-image",
814 .last_sysupgrade_partition
= "file-system",
817 /** Firmware layout for the C60v2 */
819 .id
= "ARCHER-C60-V2",
823 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
824 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
825 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
826 .support_trail
= '\x00',
827 .soft_ver
= "soft_ver:2.0.0\n",
830 {"factory-boot", 0x00000, 0x1fb00},
831 {"default-mac", 0x1fb00, 0x00200},
832 {"pin", 0x1fd00, 0x00100},
833 {"product-info", 0x1fe00, 0x00100},
834 {"device-id", 0x1ff00, 0x00100},
835 {"fs-uboot", 0x20000, 0x10000},
836 {"firmware", 0x30000, 0x7a0000},
837 {"soft-version", 0x7d9500, 0x00100},
838 {"support-list", 0x7d9600, 0x00100},
839 {"extra-para", 0x7d9700, 0x00100},
840 {"profile", 0x7d9800, 0x03000},
841 {"default-config", 0x7dc800, 0x03000},
842 {"partition-table", 0x7df800, 0x00800},
843 {"user-config", 0x7e0000, 0x0c000},
844 {"certificate", 0x7ec000, 0x04000},
845 {"radio", 0x7f0000, 0x10000},
849 .first_sysupgrade_partition
= "os-image",
850 .last_sysupgrade_partition
= "file-system",
853 /** Firmware layout for the C5 */
855 .id
= "ARCHER-C5-V2",
859 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
860 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
861 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
862 .support_trail
= '\x00',
866 {"fs-uboot", 0x00000, 0x40000},
867 {"os-image", 0x40000, 0x200000},
868 {"file-system", 0x240000, 0xc00000},
869 {"default-mac", 0xe40000, 0x00200},
870 {"pin", 0xe40200, 0x00200},
871 {"product-info", 0xe40400, 0x00200},
872 {"partition-table", 0xe50000, 0x10000},
873 {"soft-version", 0xe60000, 0x00200},
874 {"support-list", 0xe61000, 0x0f000},
875 {"profile", 0xe70000, 0x10000},
876 {"default-config", 0xe80000, 0x10000},
877 {"user-config", 0xe90000, 0x50000},
878 {"log", 0xee0000, 0x100000},
879 {"radio_bk", 0xfe0000, 0x10000},
880 {"radio", 0xff0000, 0x10000},
884 .first_sysupgrade_partition
= "os-image",
885 .last_sysupgrade_partition
= "file-system"
888 /** Firmware layout for the C7 */
890 .id
= "ARCHER-C7-V4",
893 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
894 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
895 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
896 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
897 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
898 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
899 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
900 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
901 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
902 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
903 .support_trail
= '\x00',
904 .soft_ver
= "soft_ver:1.0.0\n",
906 /* We're using a dynamic kernel/rootfs split here */
908 {"factory-boot", 0x00000, 0x20000},
909 {"fs-uboot", 0x20000, 0x20000},
910 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
911 /* Stock: name file-system base 0x160000 size 0xda0000 */
912 {"default-mac", 0xf00000, 0x00200},
913 {"pin", 0xf00200, 0x00200},
914 {"device-id", 0xf00400, 0x00100},
915 {"product-info", 0xf00500, 0x0fb00},
916 {"soft-version", 0xf10000, 0x00100},
917 {"extra-para", 0xf11000, 0x01000},
918 {"support-list", 0xf12000, 0x0a000},
919 {"profile", 0xf1c000, 0x04000},
920 {"default-config", 0xf20000, 0x10000},
921 {"user-config", 0xf30000, 0x40000},
922 {"qos-db", 0xf70000, 0x40000},
923 {"certificate", 0xfb0000, 0x10000},
924 {"partition-table", 0xfc0000, 0x10000},
925 {"log", 0xfd0000, 0x20000},
926 {"radio", 0xff0000, 0x10000},
930 .first_sysupgrade_partition
= "os-image",
931 .last_sysupgrade_partition
= "file-system",
934 /** Firmware layout for the C7 v5*/
936 .id
= "ARCHER-C7-V5",
939 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
940 "{product_name:Archer C7,product_ver:5.0.0,special_id:45550000}\n"
941 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n"
942 "{product_name:Archer C7,product_ver:5.0.0,special_id:43410000}\n"
943 "{product_name:Archer C7,product_ver:5.0.0,special_id:4A500000}\n"
944 "{product_name:Archer C7,product_ver:5.0.0,special_id:54570000}\n"
945 "{product_name:Archer C7,product_ver:5.0.0,special_id:52550000}\n"
946 "{product_name:Archer C7,product_ver:5.0.0,special_id:4B520000}\n",
948 .support_trail
= '\x00',
949 .soft_ver
= "soft_ver:1.0.0\n",
951 /* We're using a dynamic kernel/rootfs split here */
953 {"factory-boot", 0x00000, 0x20000},
954 {"fs-uboot", 0x20000, 0x20000},
955 {"partition-table", 0x40000, 0x10000},
956 {"radio", 0x50000, 0x10000},
957 {"default-mac", 0x60000, 0x00200},
958 {"pin", 0x60200, 0x00200},
959 {"device-id", 0x60400, 0x00100},
960 {"product-info", 0x60500, 0x0fb00},
961 {"soft-version", 0x70000, 0x01000},
962 {"extra-para", 0x71000, 0x01000},
963 {"support-list", 0x72000, 0x0a000},
964 {"profile", 0x7c000, 0x04000},
965 {"user-config", 0x80000, 0x40000},
968 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
969 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
971 {"log", 0xfc0000, 0x20000},
972 {"certificate", 0xfe0000, 0x10000},
973 {"default-config", 0xff0000, 0x10000},
978 .first_sysupgrade_partition
= "os-image",
979 .last_sysupgrade_partition
= "file-system",
982 /** Firmware layout for the C9 */
988 "{product_name:ArcherC9,"
990 "special_id:00000000}\n",
991 .support_trail
= '\x00',
995 {"fs-uboot", 0x00000, 0x40000},
996 {"os-image", 0x40000, 0x200000},
997 {"file-system", 0x240000, 0xc00000},
998 {"default-mac", 0xe40000, 0x00200},
999 {"pin", 0xe40200, 0x00200},
1000 {"product-info", 0xe40400, 0x00200},
1001 {"partition-table", 0xe50000, 0x10000},
1002 {"soft-version", 0xe60000, 0x00200},
1003 {"support-list", 0xe61000, 0x0f000},
1004 {"profile", 0xe70000, 0x10000},
1005 {"default-config", 0xe80000, 0x10000},
1006 {"user-config", 0xe90000, 0x50000},
1007 {"log", 0xee0000, 0x100000},
1008 {"radio_bk", 0xfe0000, 0x10000},
1009 {"radio", 0xff0000, 0x10000},
1013 .first_sysupgrade_partition
= "os-image",
1014 .last_sysupgrade_partition
= "file-system"
1017 /** Firmware layout for the EAP120 */
1020 .vendor
= "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
1023 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
1024 .support_trail
= '\xff',
1028 {"fs-uboot", 0x00000, 0x20000},
1029 {"partition-table", 0x20000, 0x02000},
1030 {"default-mac", 0x30000, 0x00020},
1031 {"support-list", 0x31000, 0x00100},
1032 {"product-info", 0x31100, 0x00100},
1033 {"soft-version", 0x32000, 0x00100},
1034 {"os-image", 0x40000, 0x180000},
1035 {"file-system", 0x1c0000, 0x600000},
1036 {"user-config", 0x7c0000, 0x10000},
1037 {"backup-config", 0x7d0000, 0x10000},
1038 {"log", 0x7e0000, 0x10000},
1039 {"radio", 0x7f0000, 0x10000},
1043 .first_sysupgrade_partition
= "os-image",
1044 .last_sysupgrade_partition
= "file-system"
1047 /** Firmware layout for the TL-WA850RE v2 */
1049 .id
= "TLWA850REV2",
1053 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
1054 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
1055 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
1056 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
1057 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
1058 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
1059 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
1060 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
1061 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
1062 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
1063 .support_trail
= '\x00',
1067 576KB were moved from file-system to os-image
1068 in comparison to the stock image
1071 {"fs-uboot", 0x00000, 0x20000},
1072 {"os-image", 0x20000, 0x150000},
1073 {"file-system", 0x170000, 0x240000},
1074 {"partition-table", 0x3b0000, 0x02000},
1075 {"default-mac", 0x3c0000, 0x00020},
1076 {"pin", 0x3c0100, 0x00020},
1077 {"product-info", 0x3c1000, 0x01000},
1078 {"soft-version", 0x3c2000, 0x00100},
1079 {"support-list", 0x3c3000, 0x01000},
1080 {"profile", 0x3c4000, 0x08000},
1081 {"user-config", 0x3d0000, 0x10000},
1082 {"default-config", 0x3e0000, 0x10000},
1083 {"radio", 0x3f0000, 0x10000},
1087 .first_sysupgrade_partition
= "os-image",
1088 .last_sysupgrade_partition
= "file-system"
1091 /** Firmware layout for the TL-WA855RE v1 */
1093 .id
= "TLWA855REV1",
1097 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
1098 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
1099 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
1100 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
1101 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
1102 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
1103 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
1104 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
1105 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
1106 .support_trail
= '\x00',
1110 {"fs-uboot", 0x00000, 0x20000},
1111 {"os-image", 0x20000, 0x150000},
1112 {"file-system", 0x170000, 0x240000},
1113 {"partition-table", 0x3b0000, 0x02000},
1114 {"default-mac", 0x3c0000, 0x00020},
1115 {"pin", 0x3c0100, 0x00020},
1116 {"product-info", 0x3c1000, 0x01000},
1117 {"soft-version", 0x3c2000, 0x00100},
1118 {"support-list", 0x3c3000, 0x01000},
1119 {"profile", 0x3c4000, 0x08000},
1120 {"user-config", 0x3d0000, 0x10000},
1121 {"default-config", 0x3e0000, 0x10000},
1122 {"radio", 0x3f0000, 0x10000},
1126 .first_sysupgrade_partition
= "os-image",
1127 .last_sysupgrade_partition
= "file-system"
1130 /** Firmware layout for the TL-WR1043 v5 */
1132 .id
= "TLWR1043NV5",
1136 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
1137 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
1138 .support_trail
= '\x00',
1139 .soft_ver
= "soft_ver:1.0.0\n",
1141 {"factory-boot", 0x00000, 0x20000},
1142 {"fs-uboot", 0x20000, 0x20000},
1143 {"firmware", 0x40000, 0xec0000},
1144 {"default-mac", 0xf00000, 0x00200},
1145 {"pin", 0xf00200, 0x00200},
1146 {"device-id", 0xf00400, 0x00100},
1147 {"product-info", 0xf00500, 0x0fb00},
1148 {"soft-version", 0xf10000, 0x01000},
1149 {"extra-para", 0xf11000, 0x01000},
1150 {"support-list", 0xf12000, 0x0a000},
1151 {"profile", 0xf1c000, 0x04000},
1152 {"default-config", 0xf20000, 0x10000},
1153 {"user-config", 0xf30000, 0x40000},
1154 {"qos-db", 0xf70000, 0x40000},
1155 {"certificate", 0xfb0000, 0x10000},
1156 {"partition-table", 0xfc0000, 0x10000},
1157 {"log", 0xfd0000, 0x20000},
1158 {"radio", 0xff0000, 0x10000},
1161 .first_sysupgrade_partition
= "os-image",
1162 .last_sysupgrade_partition
= "file-system"
1165 /** Firmware layout for the TL-WR1043 v4 */
1167 .id
= "TLWR1043NDV4",
1171 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
1172 .support_trail
= '\x00',
1175 /* We're using a dynamic kernel/rootfs split here */
1177 {"fs-uboot", 0x00000, 0x20000},
1178 {"firmware", 0x20000, 0xf30000},
1179 {"default-mac", 0xf50000, 0x00200},
1180 {"pin", 0xf50200, 0x00200},
1181 {"product-info", 0xf50400, 0x0fc00},
1182 {"soft-version", 0xf60000, 0x0b000},
1183 {"support-list", 0xf6b000, 0x04000},
1184 {"profile", 0xf70000, 0x04000},
1185 {"default-config", 0xf74000, 0x0b000},
1186 {"user-config", 0xf80000, 0x40000},
1187 {"partition-table", 0xfc0000, 0x10000},
1188 {"log", 0xfd0000, 0x20000},
1189 {"radio", 0xff0000, 0x10000},
1193 .first_sysupgrade_partition
= "os-image",
1194 .last_sysupgrade_partition
= "file-system"
1197 /** Firmware layout for the TL-WR902AC v1 */
1199 .id
= "TL-WR902AC-V1",
1203 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
1204 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
1205 .support_trail
= '\x00',
1209 384KB were moved from file-system to os-image
1210 in comparison to the stock image
1213 {"fs-uboot", 0x00000, 0x20000},
1214 {"firmware", 0x20000, 0x730000},
1215 {"default-mac", 0x750000, 0x00200},
1216 {"pin", 0x750200, 0x00200},
1217 {"product-info", 0x750400, 0x0fc00},
1218 {"soft-version", 0x760000, 0x0b000},
1219 {"support-list", 0x76b000, 0x04000},
1220 {"profile", 0x770000, 0x04000},
1221 {"default-config", 0x774000, 0x0b000},
1222 {"user-config", 0x780000, 0x40000},
1223 {"partition-table", 0x7c0000, 0x10000},
1224 {"log", 0x7d0000, 0x20000},
1225 {"radio", 0x7f0000, 0x10000},
1229 .first_sysupgrade_partition
= "os-image",
1230 .last_sysupgrade_partition
= "file-system",
1233 /** Firmware layout for the TL-WR942N V1 */
1239 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
1240 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
1241 .support_trail
= '\x00',
1245 {"fs-uboot", 0x00000, 0x20000},
1246 {"firmware", 0x20000, 0xe20000},
1247 {"default-mac", 0xe40000, 0x00200},
1248 {"pin", 0xe40200, 0x00200},
1249 {"product-info", 0xe40400, 0x0fc00},
1250 {"partition-table", 0xe50000, 0x10000},
1251 {"soft-version", 0xe60000, 0x10000},
1252 {"support-list", 0xe70000, 0x10000},
1253 {"profile", 0xe80000, 0x10000},
1254 {"default-config", 0xe90000, 0x10000},
1255 {"user-config", 0xea0000, 0x40000},
1256 {"qos-db", 0xee0000, 0x40000},
1257 {"certificate", 0xf20000, 0x10000},
1258 {"usb-config", 0xfb0000, 0x10000},
1259 {"log", 0xfc0000, 0x20000},
1260 {"radio-bk", 0xfe0000, 0x10000},
1261 {"radio", 0xff0000, 0x10000},
1265 .first_sysupgrade_partition
= "os-image",
1266 .last_sysupgrade_partition
= "file-system",
1269 /** Firmware layout for the RE350 v1 */
1275 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1276 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1277 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1278 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1279 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1280 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1281 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1282 .support_trail
= '\x00',
1285 /** We're using a dynamic kernel/rootfs split here */
1287 {"fs-uboot", 0x00000, 0x20000},
1288 {"firmware", 0x20000, 0x5e0000},
1289 {"partition-table", 0x600000, 0x02000},
1290 {"default-mac", 0x610000, 0x00020},
1291 {"pin", 0x610100, 0x00020},
1292 {"product-info", 0x611100, 0x01000},
1293 {"soft-version", 0x620000, 0x01000},
1294 {"support-list", 0x621000, 0x01000},
1295 {"profile", 0x622000, 0x08000},
1296 {"user-config", 0x630000, 0x10000},
1297 {"default-config", 0x640000, 0x10000},
1298 {"radio", 0x7f0000, 0x10000},
1302 .first_sysupgrade_partition
= "os-image",
1303 .last_sysupgrade_partition
= "file-system"
1306 /** Firmware layout for the RE350K v1 */
1312 "{product_name:RE350K,product_ver:1.0.0,special_id:00000000,product_region:US}\n",
1313 .support_trail
= '\x00',
1316 /** We're using a dynamic kernel/rootfs split here */
1318 {"fs-uboot", 0x00000, 0x20000},
1319 {"firmware", 0x20000, 0xd70000},
1320 {"partition-table", 0xd90000, 0x02000},
1321 {"default-mac", 0xda0000, 0x00020},
1322 {"pin", 0xda0100, 0x00020},
1323 {"product-info", 0xda1100, 0x01000},
1324 {"soft-version", 0xdb0000, 0x01000},
1325 {"support-list", 0xdb1000, 0x01000},
1326 {"profile", 0xdb2000, 0x08000},
1327 {"user-config", 0xdc0000, 0x10000},
1328 {"default-config", 0xdd0000, 0x10000},
1329 {"device-id", 0xde0000, 0x00108},
1330 {"radio", 0xff0000, 0x10000},
1334 .first_sysupgrade_partition
= "os-image",
1335 .last_sysupgrade_partition
= "file-system"
1338 /** Firmware layout for the RE355 */
1344 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1345 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1346 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1347 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1348 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1349 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1350 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1351 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1352 .support_trail
= '\x00',
1355 /* We're using a dynamic kernel/rootfs split here */
1357 {"fs-uboot", 0x00000, 0x20000},
1358 {"firmware", 0x20000, 0x5e0000},
1359 {"partition-table", 0x600000, 0x02000},
1360 {"default-mac", 0x610000, 0x00020},
1361 {"pin", 0x610100, 0x00020},
1362 {"product-info", 0x611100, 0x01000},
1363 {"soft-version", 0x620000, 0x01000},
1364 {"support-list", 0x621000, 0x01000},
1365 {"profile", 0x622000, 0x08000},
1366 {"user-config", 0x630000, 0x10000},
1367 {"default-config", 0x640000, 0x10000},
1368 {"radio", 0x7f0000, 0x10000},
1372 .first_sysupgrade_partition
= "os-image",
1373 .last_sysupgrade_partition
= "file-system"
1376 /** Firmware layout for the RE450 */
1382 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1383 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1384 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1385 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1386 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1387 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1388 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1389 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1390 .support_trail
= '\x00',
1393 /** We're using a dynamic kernel/rootfs split here */
1395 {"fs-uboot", 0x00000, 0x20000},
1396 {"firmware", 0x20000, 0x5e0000},
1397 {"partition-table", 0x600000, 0x02000},
1398 {"default-mac", 0x610000, 0x00020},
1399 {"pin", 0x610100, 0x00020},
1400 {"product-info", 0x611100, 0x01000},
1401 {"soft-version", 0x620000, 0x01000},
1402 {"support-list", 0x621000, 0x01000},
1403 {"profile", 0x622000, 0x08000},
1404 {"user-config", 0x630000, 0x10000},
1405 {"default-config", 0x640000, 0x10000},
1406 {"radio", 0x7f0000, 0x10000},
1410 .first_sysupgrade_partition
= "os-image",
1411 .last_sysupgrade_partition
= "file-system"
1414 /** Firmware layout for the RE450 v2 */
1420 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1421 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1422 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1423 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1424 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1425 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1426 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1427 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1428 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1429 .support_trail
= '\x00',
1432 /* We're using a dynamic kernel/rootfs split here */
1434 {"fs-uboot", 0x00000, 0x20000},
1435 {"firmware", 0x20000, 0x5e0000},
1436 {"partition-table", 0x600000, 0x02000},
1437 {"default-mac", 0x610000, 0x00020},
1438 {"pin", 0x610100, 0x00020},
1439 {"product-info", 0x611100, 0x01000},
1440 {"soft-version", 0x620000, 0x01000},
1441 {"support-list", 0x621000, 0x01000},
1442 {"profile", 0x622000, 0x08000},
1443 {"user-config", 0x630000, 0x10000},
1444 {"default-config", 0x640000, 0x10000},
1445 {"radio", 0x7f0000, 0x10000},
1450 .first_sysupgrade_partition
= "os-image",
1451 .last_sysupgrade_partition
= "file-system"
1454 /** Firmware layout for the RE650 */
1460 "{product_name:RE650,product_ver:1.0.0,special_id:00000000}\r\n"
1461 "{product_name:RE650,product_ver:1.0.0,special_id:55530000}\r\n"
1462 "{product_name:RE650,product_ver:1.0.0,special_id:45550000}\r\n"
1463 "{product_name:RE650,product_ver:1.0.0,special_id:4A500000}\r\n"
1464 "{product_name:RE650,product_ver:1.0.0,special_id:43410000}\r\n"
1465 "{product_name:RE650,product_ver:1.0.0,special_id:41550000}\r\n"
1466 "{product_name:RE650,product_ver:1.0.0,special_id:41530000}\r\n",
1467 .support_trail
= '\x00',
1470 /* We're using a dynamic kernel/rootfs split here */
1472 {"fs-uboot", 0x00000, 0x20000},
1473 {"firmware", 0x20000, 0xde0000},
1474 {"partition-table", 0xe00000, 0x02000},
1475 {"default-mac", 0xe10000, 0x00020},
1476 {"pin", 0xe10100, 0x00020},
1477 {"product-info", 0xe11100, 0x01000},
1478 {"soft-version", 0xe20000, 0x01000},
1479 {"support-list", 0xe21000, 0x01000},
1480 {"profile", 0xe22000, 0x08000},
1481 {"user-config", 0xe30000, 0x10000},
1482 {"default-config", 0xe40000, 0x10000},
1483 {"radio", 0xff0000, 0x10000},
1487 .first_sysupgrade_partition
= "os-image",
1488 .last_sysupgrade_partition
= "file-system"
1494 #define error(_ret, _errno, _str, ...) \
1496 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1497 strerror(_errno)); \
1503 /** Stores a uint32 as big endian */
1504 static inline void put32(uint8_t *buf
, uint32_t val
) {
1511 /** Allocates a new image partition */
1512 static struct image_partition_entry
alloc_image_partition(const char *name
, size_t len
) {
1513 struct image_partition_entry entry
= {name
, len
, malloc(len
)};
1515 error(1, errno
, "malloc");
1520 /** Frees an image partition */
1521 static void free_image_partition(struct image_partition_entry entry
) {
1525 static time_t source_date_epoch
= -1;
1526 static void set_source_date_epoch() {
1527 char *env
= getenv("SOURCE_DATE_EPOCH");
1531 source_date_epoch
= strtoull(env
, &endptr
, 10);
1532 if (errno
|| (endptr
&& *endptr
!= '\0')) {
1533 fprintf(stderr
, "Invalid SOURCE_DATE_EPOCH");
1539 /** Generates the partition-table partition */
1540 static struct image_partition_entry
make_partition_table(const struct flash_partition_entry
*p
) {
1541 struct image_partition_entry entry
= alloc_image_partition("partition-table", 0x800);
1543 char *s
= (char *)entry
.data
, *end
= (char *)(s
+entry
.size
);
1551 for (i
= 0; p
[i
].name
; i
++) {
1553 size_t w
= snprintf(s
, len
, "partition %s base 0x%05x size 0x%05x\n", p
[i
].name
, p
[i
].base
, p
[i
].size
);
1556 error(1, 0, "flash partition table overflow?");
1563 memset(s
, 0xff, end
-s
);
1569 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1570 static inline uint8_t bcd(uint8_t v
) {
1571 return 0x10 * (v
/10) + v
%10;
1575 /** Generates the soft-version partition */
1576 static struct image_partition_entry
make_soft_version(uint32_t rev
) {
1577 struct image_partition_entry entry
= alloc_image_partition("soft-version", sizeof(struct soft_version
));
1578 struct soft_version
*s
= (struct soft_version
*)entry
.data
;
1582 if (source_date_epoch
!= -1)
1583 t
= source_date_epoch
;
1584 else if (time(&t
) == (time_t)(-1))
1585 error(1, errno
, "time");
1587 struct tm
*tm
= localtime(&t
);
1589 s
->magic
= htonl(0x0000000c);
1593 s
->version_major
= 0;
1594 s
->version_minor
= 0;
1595 s
->version_patch
= 0;
1597 s
->year_hi
= bcd((1900+tm
->tm_year
)/100);
1598 s
->year_lo
= bcd(tm
->tm_year
%100);
1599 s
->month
= bcd(tm
->tm_mon
+1);
1600 s
->day
= bcd(tm
->tm_mday
);
1601 s
->rev
= htonl(rev
);
1608 static struct image_partition_entry
make_soft_version_from_string(const char *soft_ver
) {
1609 /** String length _including_ the terminating zero byte */
1610 uint32_t ver_len
= strlen(soft_ver
) + 1;
1611 /** Partition contains 64 bit header, the version string, and one additional null byte */
1612 size_t partition_len
= 2*sizeof(uint32_t) + ver_len
+ 1;
1613 struct image_partition_entry entry
= alloc_image_partition("soft-version", partition_len
);
1615 uint32_t *len
= (uint32_t *)entry
.data
;
1616 len
[0] = htonl(ver_len
);
1618 memcpy(&len
[2], soft_ver
, ver_len
);
1620 entry
.data
[partition_len
- 1] = 0;
1625 /** Generates the support-list partition */
1626 static struct image_partition_entry
make_support_list(struct device_info
*info
) {
1627 size_t len
= strlen(info
->support_list
);
1628 struct image_partition_entry entry
= alloc_image_partition("support-list", len
+ 9);
1630 put32(entry
.data
, len
);
1631 memset(entry
.data
+4, 0, 4);
1632 memcpy(entry
.data
+8, info
->support_list
, len
);
1633 entry
.data
[len
+8] = info
->support_trail
;
1638 /** Creates a new image partition with an arbitrary name from a file */
1639 static struct image_partition_entry
read_file(const char *part_name
, const char *filename
, bool add_jffs2_eof
, struct flash_partition_entry
*file_system_partition
) {
1640 struct stat statbuf
;
1642 if (stat(filename
, &statbuf
) < 0)
1643 error(1, errno
, "unable to stat file `%s'", filename
);
1645 size_t len
= statbuf
.st_size
;
1648 if (file_system_partition
)
1649 len
= ALIGN(len
+ file_system_partition
->base
, 0x10000) + sizeof(jffs2_eof_mark
) - file_system_partition
->base
;
1651 len
= ALIGN(len
, 0x10000) + sizeof(jffs2_eof_mark
);
1653 struct image_partition_entry entry
= alloc_image_partition(part_name
, len
);
1655 FILE *file
= fopen(filename
, "rb");
1657 error(1, errno
, "unable to open file `%s'", filename
);
1659 if (fread(entry
.data
, statbuf
.st_size
, 1, file
) != 1)
1660 error(1, errno
, "unable to read file `%s'", filename
);
1662 if (add_jffs2_eof
) {
1663 uint8_t *eof
= entry
.data
+ statbuf
.st_size
, *end
= entry
.data
+entry
.size
;
1665 memset(eof
, 0xff, end
- eof
- sizeof(jffs2_eof_mark
));
1666 memcpy(end
- sizeof(jffs2_eof_mark
), jffs2_eof_mark
, sizeof(jffs2_eof_mark
));
1674 /** Creates a new image partition from arbitrary data */
1675 static struct image_partition_entry
put_data(const char *part_name
, const char *datain
, size_t len
) {
1677 struct image_partition_entry entry
= alloc_image_partition(part_name
, len
);
1679 memcpy(entry
.data
, datain
, len
);
1685 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1687 Example image partition table:
1689 fwup-ptn partition-table base 0x00800 size 0x00800
1690 fwup-ptn os-image base 0x01000 size 0x113b45
1691 fwup-ptn file-system base 0x114b45 size 0x1d0004
1692 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1694 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1695 the end of the partition table is marked with a zero byte.
1697 The firmware image must contain at least the partition-table and support-list partitions
1698 to be accepted. There aren't any alignment constraints for the image partitions.
1700 The partition-table partition contains the actual flash layout; partitions
1701 from the image partition table are mapped to the corresponding flash partitions during
1702 the firmware upgrade. The support-list partition contains a list of devices supported by
1705 The base offsets in the firmware partition table are relative to the end
1706 of the vendor information block, so the partition-table partition will
1707 actually start at offset 0x1814 of the image.
1709 I think partition-table must be the first partition in the firmware image.
1711 static void put_partitions(uint8_t *buffer
, const struct flash_partition_entry
*flash_parts
, const struct image_partition_entry
*parts
) {
1713 char *image_pt
= (char *)buffer
, *end
= image_pt
+ 0x800;
1715 size_t base
= 0x800;
1716 for (i
= 0; parts
[i
].name
; i
++) {
1717 for (j
= 0; flash_parts
[j
].name
; j
++) {
1718 if (!strcmp(flash_parts
[j
].name
, parts
[i
].name
)) {
1719 if (parts
[i
].size
> flash_parts
[j
].size
)
1720 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts
[j
].name
, (unsigned)flash_parts
[j
].size
);
1725 assert(flash_parts
[j
].name
);
1727 memcpy(buffer
+ base
, parts
[i
].data
, parts
[i
].size
);
1729 size_t len
= end
-image_pt
;
1730 size_t w
= snprintf(image_pt
, len
, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts
[i
].name
, (unsigned)base
, (unsigned)parts
[i
].size
);
1733 error(1, 0, "image partition table overflow?");
1737 base
+= parts
[i
].size
;
1741 /** Generates and writes the image MD5 checksum */
1742 static void put_md5(uint8_t *md5
, uint8_t *buffer
, unsigned int len
) {
1746 MD5_Update(&ctx
, md5_salt
, (unsigned int)sizeof(md5_salt
));
1747 MD5_Update(&ctx
, buffer
, len
);
1748 MD5_Final(md5
, &ctx
);
1753 Generates the firmware image in factory format
1759 0000-0003 Image size (4 bytes, big endian)
1760 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1761 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1762 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1763 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1764 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1765 1814-xxxx Firmware partitions
1767 static void * generate_factory_image(struct device_info
*info
, const struct image_partition_entry
*parts
, size_t *len
) {
1771 for (i
= 0; parts
[i
].name
; i
++)
1772 *len
+= parts
[i
].size
;
1774 uint8_t *image
= malloc(*len
);
1776 error(1, errno
, "malloc");
1778 memset(image
, 0xff, *len
);
1782 size_t vendor_len
= strlen(info
->vendor
);
1783 put32(image
+0x14, vendor_len
);
1784 memcpy(image
+0x18, info
->vendor
, vendor_len
);
1787 put_partitions(image
+ 0x1014, info
->partitions
, parts
);
1788 put_md5(image
+0x04, image
+0x14, *len
-0x14);
1794 Generates the firmware image in sysupgrade format
1796 This makes some assumptions about the provided flash and image partition tables and
1797 should be generalized when TP-LINK starts building its safeloader into hardware with
1798 different flash layouts.
1800 static void * generate_sysupgrade_image(struct device_info
*info
, const struct image_partition_entry
*image_parts
, size_t *len
) {
1802 size_t flash_first_partition_index
= 0;
1803 size_t flash_last_partition_index
= 0;
1804 const struct flash_partition_entry
*flash_first_partition
= NULL
;
1805 const struct flash_partition_entry
*flash_last_partition
= NULL
;
1806 const struct image_partition_entry
*image_last_partition
= NULL
;
1808 /** Find first and last partitions */
1809 for (i
= 0; info
->partitions
[i
].name
; i
++) {
1810 if (!strcmp(info
->partitions
[i
].name
, info
->first_sysupgrade_partition
)) {
1811 flash_first_partition
= &info
->partitions
[i
];
1812 flash_first_partition_index
= i
;
1813 } else if (!strcmp(info
->partitions
[i
].name
, info
->last_sysupgrade_partition
)) {
1814 flash_last_partition
= &info
->partitions
[i
];
1815 flash_last_partition_index
= i
;
1819 assert(flash_first_partition
&& flash_last_partition
);
1820 assert(flash_first_partition_index
< flash_last_partition_index
);
1822 /** Find last partition from image to calculate needed size */
1823 for (i
= 0; image_parts
[i
].name
; i
++) {
1824 if (!strcmp(image_parts
[i
].name
, info
->last_sysupgrade_partition
)) {
1825 image_last_partition
= &image_parts
[i
];
1830 assert(image_last_partition
);
1832 *len
= flash_last_partition
->base
- flash_first_partition
->base
+ image_last_partition
->size
;
1834 uint8_t *image
= malloc(*len
);
1836 error(1, errno
, "malloc");
1838 memset(image
, 0xff, *len
);
1840 for (i
= flash_first_partition_index
; i
<= flash_last_partition_index
; i
++) {
1841 for (j
= 0; image_parts
[j
].name
; j
++) {
1842 if (!strcmp(info
->partitions
[i
].name
, image_parts
[j
].name
)) {
1843 if (image_parts
[j
].size
> info
->partitions
[i
].size
)
1844 error(1, 0, "%s partition too big (more than %u bytes)", info
->partitions
[i
].name
, (unsigned)info
->partitions
[i
].size
);
1845 memcpy(image
+ info
->partitions
[i
].base
- flash_first_partition
->base
, image_parts
[j
].data
, image_parts
[j
].size
);
1849 assert(image_parts
[j
].name
);
1856 /** Generates an image according to a given layout and writes it to a file */
1857 static void build_image(const char *output
,
1858 const char *kernel_image
,
1859 const char *rootfs_image
,
1863 struct device_info
*info
) {
1867 struct image_partition_entry parts
[7] = {};
1869 struct flash_partition_entry
*firmware_partition
= NULL
;
1870 struct flash_partition_entry
*os_image_partition
= NULL
;
1871 struct flash_partition_entry
*file_system_partition
= NULL
;
1872 size_t firmware_partition_index
= 0;
1874 for (i
= 0; info
->partitions
[i
].name
; i
++) {
1875 if (!strcmp(info
->partitions
[i
].name
, "firmware"))
1877 firmware_partition
= &info
->partitions
[i
];
1878 firmware_partition_index
= i
;
1882 if (firmware_partition
)
1884 os_image_partition
= &info
->partitions
[firmware_partition_index
];
1885 file_system_partition
= &info
->partitions
[firmware_partition_index
+ 1];
1888 if (stat(kernel_image
, &kernel
) < 0)
1889 error(1, errno
, "unable to stat file `%s'", kernel_image
);
1891 if (kernel
.st_size
> firmware_partition
->size
)
1892 error(1, 0, "kernel overflowed firmware partition\n");
1894 for (i
= MAX_PARTITIONS
-1; i
>= firmware_partition_index
+ 1; i
--)
1895 info
->partitions
[i
+1] = info
->partitions
[i
];
1897 file_system_partition
->name
= "file-system";
1898 file_system_partition
->base
= firmware_partition
->base
+ kernel
.st_size
;
1900 /* Align partition start to erase blocks for factory images only */
1902 file_system_partition
->base
= ALIGN(firmware_partition
->base
+ kernel
.st_size
, 0x10000);
1904 file_system_partition
->size
= firmware_partition
->size
- file_system_partition
->base
;
1906 os_image_partition
->name
= "os-image";
1907 os_image_partition
->size
= kernel
.st_size
;
1910 parts
[0] = make_partition_table(info
->partitions
);
1912 parts
[1] = make_soft_version_from_string(info
->soft_ver
);
1914 parts
[1] = make_soft_version(rev
);
1916 parts
[2] = make_support_list(info
);
1917 parts
[3] = read_file("os-image", kernel_image
, false, NULL
);
1918 parts
[4] = read_file("file-system", rootfs_image
, add_jffs2_eof
, file_system_partition
);
1920 /* Some devices need the extra-para partition to accept the firmware */
1921 if (strcasecmp(info
->id
, "ARCHER-C2-V3") == 0 ||
1922 strcasecmp(info
->id
, "ARCHER-C25-V1") == 0 ||
1923 strcasecmp(info
->id
, "ARCHER-C59-V2") == 0 ||
1924 strcasecmp(info
->id
, "ARCHER-C60-V2") == 0 ||
1925 strcasecmp(info
->id
, "TLWR1043NV5") == 0) {
1926 const char mdat
[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1927 parts
[5] = put_data("extra-para", mdat
, 11);
1928 } else if (strcasecmp(info
->id
, "ARCHER-A7-V5") == 0 || strcasecmp(info
->id
, "ARCHER-C7-V4") == 0 || strcasecmp(info
->id
, "ARCHER-C7-V5") == 0) {
1929 const char mdat
[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1930 parts
[5] = put_data("extra-para", mdat
, 11);
1931 } else if (strcasecmp(info
->id
, "ARCHER-C6-V2") == 0) {
1932 const char mdat
[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00};
1933 parts
[5] = put_data("extra-para", mdat
, 11);
1939 image
= generate_sysupgrade_image(info
, parts
, &len
);
1941 image
= generate_factory_image(info
, parts
, &len
);
1943 FILE *file
= fopen(output
, "wb");
1945 error(1, errno
, "unable to open output file");
1947 if (fwrite(image
, len
, 1, file
) != 1)
1948 error(1, 0, "unable to write output file");
1954 for (i
= 0; parts
[i
].name
; i
++)
1955 free_image_partition(parts
[i
]);
1959 static void usage(const char *argv0
) {
1961 "Usage: %s [OPTIONS...]\n"
1964 " -h show this help\n"
1966 "Create a new image:\n"
1967 " -B <board> create image for the board specified with <board>\n"
1968 " -k <file> read kernel image from the file <file>\n"
1969 " -r <file> read rootfs image from the file <file>\n"
1970 " -o <file> write output to the file <file>\n"
1971 " -V <rev> sets the revision number to <rev>\n"
1972 " -j add jffs2 end-of-filesystem markers\n"
1973 " -S create sysupgrade instead of factory image\n"
1974 "Extract an old image:\n"
1975 " -x <file> extract all oem firmware partition\n"
1976 " -d <dir> destination to extract the firmware partition\n"
1977 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1983 static struct device_info
*find_board(const char *id
)
1985 struct device_info
*board
= NULL
;
1987 for (board
= boards
; board
->id
!= NULL
; board
++)
1988 if (strcasecmp(id
, board
->id
) == 0)
1994 static int add_flash_partition(
1995 struct flash_partition_entry
*part_list
,
2002 /* check if the list has a free entry */
2003 for (ptr
= 0; ptr
< max_entries
; ptr
++, part_list
++) {
2004 if (part_list
->name
== NULL
&&
2005 part_list
->base
== 0 &&
2006 part_list
->size
== 0)
2010 if (ptr
== max_entries
) {
2011 error(1, 0, "No free flash part entry available.");
2014 part_list
->name
= calloc(1, strlen(name
) + 1);
2015 if (!part_list
->name
) {
2016 error(1, 0, "Unable to allocate memory");
2019 memcpy((char *)part_list
->name
, name
, strlen(name
));
2020 part_list
->base
= base
;
2021 part_list
->size
= size
;
2026 /** read the partition table into struct flash_partition_entry */
2027 static int read_partition_table(
2028 FILE *file
, long offset
,
2029 struct flash_partition_entry
*entries
, size_t max_entries
,
2034 const char *parthdr
= NULL
;
2035 const char *fwuphdr
= "fwup-ptn";
2036 const char *flashhdr
= "partition";
2038 /* TODO: search for the partition table */
2048 error(1, 0, "Invalid partition table");
2051 if (fseek(file
, offset
, SEEK_SET
) < 0)
2052 error(1, errno
, "Can not seek in the firmware");
2054 if (fread(buf
, 1, 2048, file
) < 0)
2055 error(1, errno
, "Can not read fwup-ptn from the firmware");
2059 /* look for the partition header */
2060 if (memcmp(buf
, parthdr
, strlen(parthdr
)) != 0) {
2061 fprintf(stderr
, "DEBUG: can not find fwuphdr\n");
2066 end
= buf
+ sizeof(buf
);
2067 while ((ptr
+ strlen(parthdr
)) < end
&&
2068 memcmp(ptr
, parthdr
, strlen(parthdr
)) == 0) {
2072 char name
[32] = { 0 };
2074 unsigned long base
= 0;
2075 unsigned long size
= 0;
2077 end_part
= memchr(ptr
, '\n', (end
- ptr
));
2078 if (end_part
== NULL
) {
2079 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
2083 for (int i
= 0; i
<= 4; i
++) {
2084 if (end_part
<= ptr
)
2087 end_element
= memchr(ptr
, 0x20, (end_part
- ptr
));
2088 if (end_element
== NULL
) {
2089 error(1, errno
, "Ignoring the rest of the partition entries.");
2094 /* partition header */
2096 ptr
= end_element
+ 1;
2100 name_len
= (end_element
- ptr
) > 31 ? 31 : (end_element
- ptr
);
2101 strncpy(name
, ptr
, name_len
);
2102 name
[name_len
] = '\0';
2103 ptr
= end_element
+ 1;
2108 ptr
= end_element
+ 1;
2113 base
= strtoul(ptr
, NULL
, 16);
2114 ptr
= end_element
+ 1;
2119 ptr
= end_element
+ 1;
2120 /* actual size. The last element doesn't have a sepeartor */
2121 size
= strtoul(ptr
, NULL
, 16);
2122 /* the part ends with 0x09, 0x0d, 0x0a */
2124 add_flash_partition(entries
, max_entries
, name
, base
, size
);
2133 static void write_partition(
2135 size_t firmware_offset
,
2136 struct flash_partition_entry
*entry
,
2142 fseek(input_file
, entry
->base
+ firmware_offset
, SEEK_SET
);
2144 for (offset
= 0; sizeof(buf
) + offset
<= entry
->size
; offset
+= sizeof(buf
)) {
2145 if (fread(buf
, sizeof(buf
), 1, input_file
) < 0)
2146 error(1, errno
, "Can not read partition from input_file");
2148 if (fwrite(buf
, sizeof(buf
), 1, output_file
) < 0)
2149 error(1, errno
, "Can not write partition to output_file");
2151 /* write last chunk smaller than buffer */
2152 if (offset
< entry
->size
) {
2153 offset
= entry
->size
- offset
;
2154 if (fread(buf
, offset
, 1, input_file
) < 0)
2155 error(1, errno
, "Can not read partition from input_file");
2156 if (fwrite(buf
, offset
, 1, output_file
) < 0)
2157 error(1, errno
, "Can not write partition to output_file");
2161 static int extract_firmware_partition(FILE *input_file
, size_t firmware_offset
, struct flash_partition_entry
*entry
, const char *output_directory
)
2164 char output
[PATH_MAX
];
2166 snprintf(output
, PATH_MAX
, "%s/%s", output_directory
, entry
->name
);
2167 output_file
= fopen(output
, "wb+");
2168 if (output_file
== NULL
) {
2169 error(1, errno
, "Can not open output file %s", output
);
2172 write_partition(input_file
, firmware_offset
, entry
, output_file
);
2174 fclose(output_file
);
2179 /** extract all partitions from the firmware file */
2180 static int extract_firmware(const char *input
, const char *output_directory
)
2182 struct flash_partition_entry entries
[16] = { 0 };
2183 size_t max_entries
= 16;
2184 size_t firmware_offset
= 0x1014;
2187 struct stat statbuf
;
2189 /* check input file */
2190 if (stat(input
, &statbuf
)) {
2191 error(1, errno
, "Can not read input firmware %s", input
);
2194 /* check if output directory exists */
2195 if (stat(output_directory
, &statbuf
)) {
2196 error(1, errno
, "Failed to stat output directory %s", output_directory
);
2199 if ((statbuf
.st_mode
& S_IFMT
) != S_IFDIR
) {
2200 error(1, errno
, "Given output directory is not a directory %s", output_directory
);
2203 input_file
= fopen(input
, "rb");
2205 if (read_partition_table(input_file
, firmware_offset
, entries
, 16, 0) != 0) {
2206 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2209 for (int i
= 0; i
< max_entries
; i
++) {
2210 if (entries
[i
].name
== NULL
&&
2211 entries
[i
].base
== 0 &&
2212 entries
[i
].size
== 0)
2215 extract_firmware_partition(input_file
, firmware_offset
, &entries
[i
], output_directory
);
2221 static struct flash_partition_entry
*find_partition(
2222 struct flash_partition_entry
*entries
, size_t max_entries
,
2223 const char *name
, const char *error_msg
)
2225 for (int i
= 0; i
< max_entries
; i
++, entries
++) {
2226 if (strcmp(entries
->name
, name
) == 0)
2230 error(1, 0, "%s", error_msg
);
2234 static void write_ff(FILE *output_file
, size_t size
)
2239 memset(buf
, 0xff, sizeof(buf
));
2241 for (offset
= 0; offset
+ sizeof(buf
) < size
; offset
+= sizeof(buf
)) {
2242 if (fwrite(buf
, sizeof(buf
), 1, output_file
) < 0)
2243 error(1, errno
, "Can not write 0xff to output_file");
2246 /* write last chunk smaller than buffer */
2247 if (offset
< size
) {
2248 offset
= size
- offset
;
2249 if (fwrite(buf
, offset
, 1, output_file
) < 0)
2250 error(1, errno
, "Can not write partition to output_file");
2254 static void convert_firmware(const char *input
, const char *output
)
2256 struct flash_partition_entry fwup
[MAX_PARTITIONS
] = { 0 };
2257 struct flash_partition_entry flash
[MAX_PARTITIONS
] = { 0 };
2258 struct flash_partition_entry
*fwup_os_image
= NULL
, *fwup_file_system
= NULL
;
2259 struct flash_partition_entry
*flash_os_image
= NULL
, *flash_file_system
= NULL
;
2260 struct flash_partition_entry
*fwup_partition_table
= NULL
;
2261 size_t firmware_offset
= 0x1014;
2262 FILE *input_file
, *output_file
;
2264 struct stat statbuf
;
2266 /* check input file */
2267 if (stat(input
, &statbuf
)) {
2268 error(1, errno
, "Can not read input firmware %s", input
);
2271 input_file
= fopen(input
, "rb");
2273 error(1, 0, "Can not open input firmware %s", input
);
2275 output_file
= fopen(output
, "wb");
2277 error(1, 0, "Can not open output firmware %s", output
);
2279 if (read_partition_table(input_file
, firmware_offset
, fwup
, MAX_PARTITIONS
, 0) != 0) {
2280 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2283 fwup_os_image
= find_partition(fwup
, MAX_PARTITIONS
,
2284 "os-image", "Error can not find os-image partition (fwup)");
2285 fwup_file_system
= find_partition(fwup
, MAX_PARTITIONS
,
2286 "file-system", "Error can not find file-system partition (fwup)");
2287 fwup_partition_table
= find_partition(fwup
, MAX_PARTITIONS
,
2288 "partition-table", "Error can not find partition-table partition");
2290 /* the flash partition table has a 0x00000004 magic haeder */
2291 if (read_partition_table(input_file
, firmware_offset
+ fwup_partition_table
->base
+ 4, flash
, MAX_PARTITIONS
, 1) != 0)
2292 error(1, 0, "Error can not read the partition table (flash)");
2294 flash_os_image
= find_partition(flash
, MAX_PARTITIONS
,
2295 "os-image", "Error can not find os-image partition (flash)");
2296 flash_file_system
= find_partition(flash
, MAX_PARTITIONS
,
2297 "file-system", "Error can not find file-system partition (flash)");
2299 /* write os_image to 0x0 */
2300 write_partition(input_file
, firmware_offset
, fwup_os_image
, output_file
);
2301 write_ff(output_file
, flash_os_image
->size
- fwup_os_image
->size
);
2303 /* write file-system behind os_image */
2304 fseek(output_file
, flash_file_system
->base
- flash_os_image
->base
, SEEK_SET
);
2305 write_partition(input_file
, firmware_offset
, fwup_file_system
, output_file
);
2306 write_ff(output_file
, flash_file_system
->size
- fwup_file_system
->size
);
2308 fclose(output_file
);
2312 int main(int argc
, char *argv
[]) {
2313 const char *board
= NULL
, *kernel_image
= NULL
, *rootfs_image
= NULL
, *output
= NULL
;
2314 const char *extract_image
= NULL
, *output_directory
= NULL
, *convert_image
= NULL
;
2315 bool add_jffs2_eof
= false, sysupgrade
= false;
2317 struct device_info
*info
;
2318 set_source_date_epoch();
2323 c
= getopt(argc
, argv
, "B:k:r:o:V:jSh:x:d:z:");
2333 kernel_image
= optarg
;
2337 rootfs_image
= optarg
;
2345 sscanf(optarg
, "r%u", &rev
);
2349 add_jffs2_eof
= true;
2361 output_directory
= optarg
;
2365 extract_image
= optarg
;
2369 convert_image
= optarg
;
2378 if (extract_image
|| output_directory
) {
2380 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2381 if (!output_directory
)
2382 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2383 extract_firmware(extract_image
, output_directory
);
2384 } else if (convert_image
) {
2386 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2387 convert_firmware(convert_image
, output
);
2390 error(1, 0, "no board has been specified");
2392 error(1, 0, "no kernel image has been specified");
2394 error(1, 0, "no rootfs image has been specified");
2396 error(1, 0, "no output filename has been specified");
2398 info
= find_board(board
);
2401 error(1, 0, "unsupported board %s", board
);
2403 build_image(output
, kernel_image
, rootfs_image
, rev
, add_jffs2_eof
, sysupgrade
, info
);