2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
45 #include <arpa/inet.h>
47 #include <sys/types.h>
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
57 #define MAX_PARTITIONS 32
59 /** An image partition table entry */
60 struct image_partition_entry
{
66 /** A flash partition table entry */
67 struct flash_partition_entry
{
73 /** Firmware layout description */
77 const char *support_list
;
80 struct flash_partition_entry partitions
[MAX_PARTITIONS
+1];
81 const char *first_sysupgrade_partition
;
82 const char *last_sysupgrade_partition
;
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__
)) soft_version
{
90 uint8_t version_major
;
91 uint8_t version_minor
;
92 uint8_t version_patch
;
102 static const uint8_t jffs2_eof_mark
[4] = {0xde, 0xad, 0xc0, 0xde};
106 Salt for the MD5 hash
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
111 static const uint8_t md5_salt
[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
119 /** Firmware layout table */
120 static struct device_info boards
[] = {
121 /** Firmware layout for the CPE210/220 V1 */
124 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail
= '\xff',
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x200000},
144 {"file-system", 0x240000, 0x570000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
154 .first_sysupgrade_partition
= "os-image",
155 .last_sysupgrade_partition
= "support-list",
158 /** Firmware layout for the CPE210 V2 */
161 .vendor
= "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail
= '\xff',
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"firmware", 0x40000, 0x770000},
186 {"soft-version", 0x7b0000, 0x00100},
187 {"support-list", 0x7b1000, 0x01000},
188 {"user-config", 0x7c0000, 0x10000},
189 {"default-config", 0x7d0000, 0x10000},
190 {"log", 0x7e0000, 0x10000},
191 {"radio", 0x7f0000, 0x10000},
195 .first_sysupgrade_partition
= "os-image",
196 .last_sysupgrade_partition
= "support-list",
199 /** Firmware layout for the CPE210 V3 */
202 .vendor
= "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n",
205 "CPE210(TP-LINK|EU|N300-2|45550000):3.0\r\n"
206 "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n"
207 "CPE210(TP-LINK|UN|N300-2):3.0\r\n"
208 "CPE210(TP-LINK|EU|N300-2):3.0\r\n",
209 .support_trail
= '\xff',
213 {"fs-uboot", 0x00000, 0x20000},
214 {"partition-table", 0x20000, 0x01000},
215 {"default-mac", 0x30000, 0x00020},
216 {"product-info", 0x31100, 0x00100},
217 {"device-info", 0x31400, 0x00400},
218 {"signature", 0x32000, 0x00400},
219 {"device-id", 0x33000, 0x00100},
220 {"firmware", 0x40000, 0x770000},
221 {"soft-version", 0x7b0000, 0x00100},
222 {"support-list", 0x7b1000, 0x01000},
223 {"user-config", 0x7c0000, 0x10000},
224 {"default-config", 0x7d0000, 0x10000},
225 {"log", 0x7e0000, 0x10000},
226 {"radio", 0x7f0000, 0x10000},
230 .first_sysupgrade_partition
= "os-image",
231 .last_sysupgrade_partition
= "support-list",
234 /** Firmware layout for the CPE220 V2 */
237 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
240 "CPE220(TP-LINK|EU|N300-2|00000000):2.0\r\n"
241 "CPE220(TP-LINK|EU|N300-2|45550000):2.0\r\n"
242 "CPE220(TP-LINK|EU|N300-2|55530000):2.0\r\n"
243 "CPE220(TP-LINK|UN|N300-2|00000000):2.0\r\n"
244 "CPE220(TP-LINK|UN|N300-2|45550000):2.0\r\n"
245 "CPE220(TP-LINK|UN|N300-2|55530000):2.0\r\n"
246 "CPE220(TP-LINK|US|N300-2|55530000):2.0\r\n"
247 "CPE220(TP-LINK|UN|N300-2):2.0\r\n"
248 "CPE220(TP-LINK|EU|N300-2):2.0\r\n"
249 "CPE220(TP-LINK|US|N300-2):2.0\r\n",
250 .support_trail
= '\xff',
254 {"fs-uboot", 0x00000, 0x20000},
255 {"partition-table", 0x20000, 0x02000},
256 {"default-mac", 0x30000, 0x00020},
257 {"product-info", 0x31100, 0x00100},
258 {"signature", 0x32000, 0x00400},
259 {"os-image", 0x40000, 0x200000},
260 {"file-system", 0x240000, 0x570000},
261 {"soft-version", 0x7b0000, 0x00100},
262 {"support-list", 0x7b1000, 0x00400},
263 {"user-config", 0x7c0000, 0x10000},
264 {"default-config", 0x7d0000, 0x10000},
265 {"log", 0x7e0000, 0x10000},
266 {"radio", 0x7f0000, 0x10000},
270 .first_sysupgrade_partition
= "os-image",
271 .last_sysupgrade_partition
= "support-list",
274 /** Firmware layout for the CPE510/520 */
277 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
280 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
281 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
282 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
283 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
284 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
285 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
286 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
287 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
288 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
289 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
290 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
291 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
292 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
293 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
294 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
295 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
296 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
297 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
298 .support_trail
= '\xff',
302 {"fs-uboot", 0x00000, 0x20000},
303 {"partition-table", 0x20000, 0x02000},
304 {"default-mac", 0x30000, 0x00020},
305 {"product-info", 0x31100, 0x00100},
306 {"signature", 0x32000, 0x00400},
307 {"os-image", 0x40000, 0x200000},
308 {"file-system", 0x240000, 0x570000},
309 {"soft-version", 0x7b0000, 0x00100},
310 {"support-list", 0x7b1000, 0x00400},
311 {"user-config", 0x7c0000, 0x10000},
312 {"default-config", 0x7d0000, 0x10000},
313 {"log", 0x7e0000, 0x10000},
314 {"radio", 0x7f0000, 0x10000},
318 .first_sysupgrade_partition
= "os-image",
319 .last_sysupgrade_partition
= "support-list",
322 /** Firmware layout for the CPE510 V2 */
325 .vendor
= "CPE510(TP-LINK|UN|N300-5):2.0\r\n",
328 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
329 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
330 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
331 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
332 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
333 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
334 "CPE510(TP-LINK|US|N300-5|00000000):2.0\r\n"
335 "CPE510(TP-LINK|US|N300-5|45550000):2.0\r\n"
336 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
337 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
338 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
339 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
340 .support_trail
= '\xff',
344 {"fs-uboot", 0x00000, 0x20000},
345 {"partition-table", 0x20000, 0x02000},
346 {"default-mac", 0x30000, 0x00020},
347 {"product-info", 0x31100, 0x00100},
348 {"signature", 0x32000, 0x00400},
349 {"os-image", 0x40000, 0x200000},
350 {"file-system", 0x240000, 0x570000},
351 {"soft-version", 0x7b0000, 0x00100},
352 {"support-list", 0x7b1000, 0x00400},
353 {"user-config", 0x7c0000, 0x10000},
354 {"default-config", 0x7d0000, 0x10000},
355 {"log", 0x7e0000, 0x10000},
356 {"radio", 0x7f0000, 0x10000},
360 .first_sysupgrade_partition
= "os-image",
361 .last_sysupgrade_partition
= "support-list",
364 /** Firmware layout for the CPE510 V3 */
367 .vendor
= "CPE510(TP-LINK|UN|N300-5):3.0\r\n",
370 "CPE510(TP-LINK|EU|N300-5|00000000):3.0\r\n"
371 "CPE510(TP-LINK|EU|N300-5|45550000):3.0\r\n"
372 "CPE510(TP-LINK|EU|N300-5|55530000):3.0\r\n"
373 "CPE510(TP-LINK|UN|N300-5|00000000):3.0\r\n"
374 "CPE510(TP-LINK|UN|N300-5|45550000):3.0\r\n"
375 "CPE510(TP-LINK|UN|N300-5|55530000):3.0\r\n"
376 "CPE510(TP-LINK|US|N300-5|00000000):3.0\r\n"
377 "CPE510(TP-LINK|US|N300-5|45550000):3.0\r\n"
378 "CPE510(TP-LINK|US|N300-5|55530000):3.0\r\n"
379 "CPE510(TP-LINK|UN|N300-5):3.0\r\n"
380 "CPE510(TP-LINK|EU|N300-5):3.0\r\n"
381 "CPE510(TP-LINK|US|N300-5):3.0\r\n",
382 .support_trail
= '\xff',
386 {"fs-uboot", 0x00000, 0x20000},
387 {"partition-table", 0x20000, 0x02000},
388 {"default-mac", 0x30000, 0x00020},
389 {"product-info", 0x31100, 0x00100},
390 {"signature", 0x32000, 0x00400},
391 {"os-image", 0x40000, 0x200000},
392 {"file-system", 0x240000, 0x570000},
393 {"soft-version", 0x7b0000, 0x00100},
394 {"support-list", 0x7b1000, 0x00400},
395 {"user-config", 0x7c0000, 0x10000},
396 {"default-config", 0x7d0000, 0x10000},
397 {"log", 0x7e0000, 0x10000},
398 {"radio", 0x7f0000, 0x10000},
402 .first_sysupgrade_partition
= "os-image",
403 .last_sysupgrade_partition
= "support-list",
406 /** Firmware layout for the CPE610V1 */
409 .vendor
= "CPE610(TP-LINK|UN|N300-5|00000000):1.0\r\n",
412 "CPE610(TP-LINK|EU|N300-5|00000000):1.0\r\n"
413 "CPE610(TP-LINK|EU|N300-5|45550000):1.0\r\n"
414 "CPE610(TP-LINK|EU|N300-5|55530000):1.0\r\n"
415 "CPE610(TP-LINK|UN|N300-5|00000000):1.0\r\n"
416 "CPE610(TP-LINK|UN|N300-5|45550000):1.0\r\n"
417 "CPE610(TP-LINK|UN|N300-5|55530000):1.0\r\n"
418 "CPE610(TP-LINK|US|N300-5|55530000):1.0\r\n"
419 "CPE610(TP-LINK|UN|N300-5):1.0\r\n"
420 "CPE610(TP-LINK|EU|N300-5):1.0\r\n"
421 "CPE610(TP-LINK|US|N300-5):1.0\r\n",
422 .support_trail
= '\xff',
426 {"fs-uboot", 0x00000, 0x20000},
427 {"partition-table", 0x20000, 0x02000},
428 {"default-mac", 0x30000, 0x00020},
429 {"product-info", 0x31100, 0x00100},
430 {"signature", 0x32000, 0x00400},
431 {"os-image", 0x40000, 0x200000},
432 {"file-system", 0x240000, 0x570000},
433 {"soft-version", 0x7b0000, 0x00100},
434 {"support-list", 0x7b1000, 0x00400},
435 {"user-config", 0x7c0000, 0x10000},
436 {"default-config", 0x7d0000, 0x10000},
437 {"log", 0x7e0000, 0x10000},
438 {"radio", 0x7f0000, 0x10000},
442 .first_sysupgrade_partition
= "os-image",
443 .last_sysupgrade_partition
= "support-list",
448 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
451 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
452 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
453 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
454 .support_trail
= '\xff',
458 {"fs-uboot", 0x00000, 0x20000},
459 {"partition-table", 0x20000, 0x02000},
460 {"default-mac", 0x30000, 0x00020},
461 {"product-info", 0x31100, 0x00100},
462 {"signature", 0x32000, 0x00400},
463 {"os-image", 0x40000, 0x200000},
464 {"file-system", 0x240000, 0x570000},
465 {"soft-version", 0x7b0000, 0x00100},
466 {"support-list", 0x7b1000, 0x00400},
467 {"user-config", 0x7c0000, 0x10000},
468 {"default-config", 0x7d0000, 0x10000},
469 {"log", 0x7e0000, 0x10000},
470 {"radio", 0x7f0000, 0x10000},
474 .first_sysupgrade_partition
= "os-image",
475 .last_sysupgrade_partition
= "support-list",
480 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
483 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
484 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
485 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
486 .support_trail
= '\xff',
490 {"fs-uboot", 0x00000, 0x20000},
491 {"partition-table", 0x20000, 0x02000},
492 {"default-mac", 0x30000, 0x00020},
493 {"product-info", 0x31100, 0x00100},
494 {"signature", 0x32000, 0x00400},
495 {"os-image", 0x40000, 0x200000},
496 {"file-system", 0x240000, 0x570000},
497 {"soft-version", 0x7b0000, 0x00100},
498 {"support-list", 0x7b1000, 0x00400},
499 {"user-config", 0x7c0000, 0x10000},
500 {"default-config", 0x7d0000, 0x10000},
501 {"log", 0x7e0000, 0x10000},
502 {"radio", 0x7f0000, 0x10000},
506 .first_sysupgrade_partition
= "os-image",
507 .last_sysupgrade_partition
= "support-list",
510 /** Firmware layout for the C2600 */
516 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
517 .support_trail
= '\x00',
521 We use a bigger os-image partition than the stock images (and thus
522 smaller file-system), as our kernel doesn't fit in the stock firmware's
523 2 MB os-image since kernel 4.14.
526 {"SBL1", 0x00000, 0x20000},
527 {"MIBIB", 0x20000, 0x20000},
528 {"SBL2", 0x40000, 0x20000},
529 {"SBL3", 0x60000, 0x30000},
530 {"DDRCONFIG", 0x90000, 0x10000},
531 {"SSD", 0xa0000, 0x10000},
532 {"TZ", 0xb0000, 0x30000},
533 {"RPM", 0xe0000, 0x20000},
534 {"fs-uboot", 0x100000, 0x70000},
535 {"uboot-env", 0x170000, 0x40000},
536 {"radio", 0x1b0000, 0x40000},
537 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
538 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
539 {"default-mac", 0x1ef0000, 0x00200},
540 {"pin", 0x1ef0200, 0x00200},
541 {"product-info", 0x1ef0400, 0x0fc00},
542 {"partition-table", 0x1f00000, 0x10000},
543 {"soft-version", 0x1f10000, 0x10000},
544 {"support-list", 0x1f20000, 0x10000},
545 {"profile", 0x1f30000, 0x10000},
546 {"default-config", 0x1f40000, 0x10000},
547 {"user-config", 0x1f50000, 0x40000},
548 {"qos-db", 0x1f90000, 0x40000},
549 {"usb-config", 0x1fd0000, 0x10000},
550 {"log", 0x1fe0000, 0x20000},
554 .first_sysupgrade_partition
= "os-image",
555 .last_sysupgrade_partition
= "file-system"
558 /** Firmware layout for the A7-V5 */
560 .id
= "ARCHER-A7-V5",
563 "{product_name:Archer A7,product_ver:5.0.0,special_id:45550000}\n"
564 "{product_name:Archer A7,product_ver:5.0.0,special_id:55530000}\n"
565 "{product_name:Archer A7,product_ver:5.0.0,special_id:43410000}\n"
566 "{product_name:Archer A7,product_ver:5.0.0,special_id:4A500000}\n"
567 "{product_name:Archer A7,product_ver:5.0.0,special_id:54570000}\n",
568 .support_trail
= '\x00',
569 .soft_ver
= "soft_ver:1.0.0\n",
571 /* We're using a dynamic kernel/rootfs split here */
573 {"factory-boot", 0x00000, 0x20000},
574 {"fs-uboot", 0x20000, 0x20000},
575 {"firmware", 0x40000, 0xec0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
576 /* Stock: name file-system base 0x160000 size 0xda0000 */
577 {"default-mac", 0xf40000, 0x00200},
578 {"pin", 0xf40200, 0x00200},
579 {"device-id", 0xf40400, 0x00100},
580 {"product-info", 0xf40500, 0x0fb00},
581 {"soft-version", 0xf50000, 0x00100},
582 {"extra-para", 0xf51000, 0x01000},
583 {"support-list", 0xf52000, 0x0a000},
584 {"profile", 0xf5c000, 0x04000},
585 {"default-config", 0xf60000, 0x10000},
586 {"user-config", 0xf70000, 0x40000},
587 {"certificate", 0xfb0000, 0x10000},
588 {"partition-table", 0xfc0000, 0x10000},
589 {"log", 0xfd0000, 0x20000},
590 {"radio", 0xff0000, 0x10000},
594 .first_sysupgrade_partition
= "os-image",
595 .last_sysupgrade_partition
= "file-system",
598 /** Firmware layout for the C2v3 */
600 .id
= "ARCHER-C2-V3",
603 "{product_name:ArcherC2,product_ver:3.0.0,special_id:00000000}\n"
604 "{product_name:ArcherC2,product_ver:3.0.0,special_id:55530000}\n"
605 "{product_name:ArcherC2,product_ver:3.0.0,special_id:45550000}\n",
606 .support_trail
= '\x00',
607 .soft_ver
= "soft_ver:3.0.1\n",
609 /** We're using a dynamic kernel/rootfs split here */
612 {"factory-boot", 0x00000, 0x20000},
613 {"fs-uboot", 0x20000, 0x10000},
614 {"firmware", 0x30000, 0x7a0000},
615 {"user-config", 0x7d0000, 0x04000},
616 {"default-mac", 0x7e0000, 0x00100},
617 {"device-id", 0x7e0100, 0x00100},
618 {"extra-para", 0x7e0200, 0x00100},
619 {"pin", 0x7e0300, 0x00100},
620 {"support-list", 0x7e0400, 0x00400},
621 {"soft-version", 0x7e0800, 0x00400},
622 {"product-info", 0x7e0c00, 0x01400},
623 {"partition-table", 0x7e2000, 0x01000},
624 {"profile", 0x7e3000, 0x01000},
625 {"default-config", 0x7e4000, 0x04000},
626 {"merge-config", 0x7ec000, 0x02000},
627 {"qos-db", 0x7ee000, 0x02000},
628 {"radio", 0x7f0000, 0x10000},
632 .first_sysupgrade_partition
= "os-image",
633 .last_sysupgrade_partition
= "file-system",
636 /** Firmware layout for the C25v1 */
638 .id
= "ARCHER-C25-V1",
641 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
642 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
643 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
644 .support_trail
= '\x00',
645 .soft_ver
= "soft_ver:1.0.0\n",
647 /* We're using a dynamic kernel/rootfs split here */
649 {"factory-boot", 0x00000, 0x20000},
650 {"fs-uboot", 0x20000, 0x10000},
651 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
652 /* Stock: name file-system base 0x130000 size 0x6a0000 */
653 {"user-config", 0x7d0000, 0x04000},
654 {"default-mac", 0x7e0000, 0x00100},
655 {"device-id", 0x7e0100, 0x00100},
656 {"extra-para", 0x7e0200, 0x00100},
657 {"pin", 0x7e0300, 0x00100},
658 {"support-list", 0x7e0400, 0x00400},
659 {"soft-version", 0x7e0800, 0x00400},
660 {"product-info", 0x7e0c00, 0x01400},
661 {"partition-table", 0x7e2000, 0x01000},
662 {"profile", 0x7e3000, 0x01000},
663 {"default-config", 0x7e4000, 0x04000},
664 {"merge-config", 0x7ec000, 0x02000},
665 {"qos-db", 0x7ee000, 0x02000},
666 {"radio", 0x7f0000, 0x10000},
670 .first_sysupgrade_partition
= "os-image",
671 .last_sysupgrade_partition
= "file-system",
674 /** Firmware layout for the C58v1 */
676 .id
= "ARCHER-C58-V1",
680 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
681 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
682 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
683 .support_trail
= '\x00',
684 .soft_ver
= "soft_ver:1.0.0\n",
687 {"fs-uboot", 0x00000, 0x10000},
688 {"default-mac", 0x10000, 0x00200},
689 {"pin", 0x10200, 0x00200},
690 {"product-info", 0x10400, 0x00100},
691 {"partition-table", 0x10500, 0x00800},
692 {"soft-version", 0x11300, 0x00200},
693 {"support-list", 0x11500, 0x00100},
694 {"device-id", 0x11600, 0x00100},
695 {"profile", 0x11700, 0x03900},
696 {"default-config", 0x15000, 0x04000},
697 {"user-config", 0x19000, 0x04000},
698 {"firmware", 0x20000, 0x7c8000},
699 {"certyficate", 0x7e8000, 0x08000},
700 {"radio", 0x7f0000, 0x10000},
704 .first_sysupgrade_partition
= "os-image",
705 .last_sysupgrade_partition
= "file-system",
708 /** Firmware layout for the C59v1 */
710 .id
= "ARCHER-C59-V1",
714 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
715 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
716 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
717 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
718 .support_trail
= '\x00',
719 .soft_ver
= "soft_ver:1.0.0\n",
721 /* We're using a dynamic kernel/rootfs split here */
723 {"fs-uboot", 0x00000, 0x10000},
724 {"default-mac", 0x10000, 0x00200},
725 {"pin", 0x10200, 0x00200},
726 {"device-id", 0x10400, 0x00100},
727 {"product-info", 0x10500, 0x0fb00},
728 {"firmware", 0x20000, 0xe30000},
729 {"partition-table", 0xe50000, 0x10000},
730 {"soft-version", 0xe60000, 0x10000},
731 {"support-list", 0xe70000, 0x10000},
732 {"profile", 0xe80000, 0x10000},
733 {"default-config", 0xe90000, 0x10000},
734 {"user-config", 0xea0000, 0x40000},
735 {"usb-config", 0xee0000, 0x10000},
736 {"certificate", 0xef0000, 0x10000},
737 {"qos-db", 0xf00000, 0x40000},
738 {"log", 0xfe0000, 0x10000},
739 {"radio", 0xff0000, 0x10000},
743 .first_sysupgrade_partition
= "os-image",
744 .last_sysupgrade_partition
= "file-system",
747 /** Firmware layout for the C59v2 */
749 .id
= "ARCHER-C59-V2",
753 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
754 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
755 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
756 .support_trail
= '\x00',
757 .soft_ver
= "soft_ver:2.0.0 Build 20161206 rel.7303\n",
759 /** We're using a dynamic kernel/rootfs split here */
761 {"factory-boot", 0x00000, 0x20000},
762 {"fs-uboot", 0x20000, 0x10000},
763 {"default-mac", 0x30000, 0x00200},
764 {"pin", 0x30200, 0x00200},
765 {"device-id", 0x30400, 0x00100},
766 {"product-info", 0x30500, 0x0fb00},
767 {"firmware", 0x40000, 0xe10000},
768 {"partition-table", 0xe50000, 0x10000},
769 {"soft-version", 0xe60000, 0x10000},
770 {"support-list", 0xe70000, 0x10000},
771 {"profile", 0xe80000, 0x10000},
772 {"default-config", 0xe90000, 0x10000},
773 {"user-config", 0xea0000, 0x40000},
774 {"usb-config", 0xee0000, 0x10000},
775 {"certificate", 0xef0000, 0x10000},
776 {"extra-para", 0xf00000, 0x10000},
777 {"qos-db", 0xf10000, 0x30000},
778 {"log", 0xfe0000, 0x10000},
779 {"radio", 0xff0000, 0x10000},
783 .first_sysupgrade_partition
= "os-image",
784 .last_sysupgrade_partition
= "file-system",
787 /** Firmware layout for the C6v2 */
789 .id
= "ARCHER-C6-V2",
793 "{product_name:Archer C6,product_ver:2.0.0,special_id:45550000}\r\n"
794 "{product_name:Archer C6,product_ver:2.0.0,special_id:52550000}\r\n"
795 "{product_name:Archer C6,product_ver:2.0.0,special_id:4A500000}\r\n",
796 .support_trail
= '\x00',
797 .soft_ver
= "soft_ver:1.0.0\n",
800 {"fs-uboot", 0x00000, 0x20000},
801 {"default-mac", 0x20000, 0x00200},
802 {"pin", 0x20200, 0x00100},
803 {"product-info", 0x20300, 0x00200},
804 {"device-id", 0x20500, 0x0fb00},
805 {"firmware", 0x30000, 0x7a9400},
806 {"soft-version", 0x7d9400, 0x00100},
807 {"extra-para", 0x7d9500, 0x00100},
808 {"support-list", 0x7d9600, 0x00200},
809 {"profile", 0x7d9800, 0x03000},
810 {"default-config", 0x7dc800, 0x03000},
811 {"partition-table", 0x7df800, 0x00800},
812 {"user-config", 0x7e0000, 0x0c000},
813 {"certificate", 0x7ec000, 0x04000},
814 {"radio", 0x7f0000, 0x10000},
818 .first_sysupgrade_partition
= "os-image",
819 .last_sysupgrade_partition
= "file-system",
823 /** Firmware layout for the C60v1 */
825 .id
= "ARCHER-C60-V1",
829 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
830 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
831 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
832 .support_trail
= '\x00',
833 .soft_ver
= "soft_ver:1.0.0\n",
836 {"fs-uboot", 0x00000, 0x10000},
837 {"default-mac", 0x10000, 0x00200},
838 {"pin", 0x10200, 0x00200},
839 {"product-info", 0x10400, 0x00100},
840 {"partition-table", 0x10500, 0x00800},
841 {"soft-version", 0x11300, 0x00200},
842 {"support-list", 0x11500, 0x00100},
843 {"device-id", 0x11600, 0x00100},
844 {"profile", 0x11700, 0x03900},
845 {"default-config", 0x15000, 0x04000},
846 {"user-config", 0x19000, 0x04000},
847 {"firmware", 0x20000, 0x7c8000},
848 {"certyficate", 0x7e8000, 0x08000},
849 {"radio", 0x7f0000, 0x10000},
853 .first_sysupgrade_partition
= "os-image",
854 .last_sysupgrade_partition
= "file-system",
857 /** Firmware layout for the C60v2 */
859 .id
= "ARCHER-C60-V2",
863 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
864 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
865 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
866 .support_trail
= '\x00',
867 .soft_ver
= "soft_ver:2.0.0\n",
870 {"factory-boot", 0x00000, 0x1fb00},
871 {"default-mac", 0x1fb00, 0x00200},
872 {"pin", 0x1fd00, 0x00100},
873 {"product-info", 0x1fe00, 0x00100},
874 {"device-id", 0x1ff00, 0x00100},
875 {"fs-uboot", 0x20000, 0x10000},
876 {"firmware", 0x30000, 0x7a0000},
877 {"soft-version", 0x7d9500, 0x00100},
878 {"support-list", 0x7d9600, 0x00100},
879 {"extra-para", 0x7d9700, 0x00100},
880 {"profile", 0x7d9800, 0x03000},
881 {"default-config", 0x7dc800, 0x03000},
882 {"partition-table", 0x7df800, 0x00800},
883 {"user-config", 0x7e0000, 0x0c000},
884 {"certificate", 0x7ec000, 0x04000},
885 {"radio", 0x7f0000, 0x10000},
889 .first_sysupgrade_partition
= "os-image",
890 .last_sysupgrade_partition
= "file-system",
893 /** Firmware layout for the C5 */
895 .id
= "ARCHER-C5-V2",
899 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
900 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
901 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
902 .support_trail
= '\x00',
906 {"fs-uboot", 0x00000, 0x40000},
907 {"os-image", 0x40000, 0x200000},
908 {"file-system", 0x240000, 0xc00000},
909 {"default-mac", 0xe40000, 0x00200},
910 {"pin", 0xe40200, 0x00200},
911 {"product-info", 0xe40400, 0x00200},
912 {"partition-table", 0xe50000, 0x10000},
913 {"soft-version", 0xe60000, 0x00200},
914 {"support-list", 0xe61000, 0x0f000},
915 {"profile", 0xe70000, 0x10000},
916 {"default-config", 0xe80000, 0x10000},
917 {"user-config", 0xe90000, 0x50000},
918 {"log", 0xee0000, 0x100000},
919 {"radio_bk", 0xfe0000, 0x10000},
920 {"radio", 0xff0000, 0x10000},
924 .first_sysupgrade_partition
= "os-image",
925 .last_sysupgrade_partition
= "file-system"
928 /** Firmware layout for the C7 */
930 .id
= "ARCHER-C7-V4",
933 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
934 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
935 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
936 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
937 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
938 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
939 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
940 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
941 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
942 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
943 .support_trail
= '\x00',
944 .soft_ver
= "soft_ver:1.0.0\n",
946 /* We're using a dynamic kernel/rootfs split here */
948 {"factory-boot", 0x00000, 0x20000},
949 {"fs-uboot", 0x20000, 0x20000},
950 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
951 /* Stock: name file-system base 0x160000 size 0xda0000 */
952 {"default-mac", 0xf00000, 0x00200},
953 {"pin", 0xf00200, 0x00200},
954 {"device-id", 0xf00400, 0x00100},
955 {"product-info", 0xf00500, 0x0fb00},
956 {"soft-version", 0xf10000, 0x00100},
957 {"extra-para", 0xf11000, 0x01000},
958 {"support-list", 0xf12000, 0x0a000},
959 {"profile", 0xf1c000, 0x04000},
960 {"default-config", 0xf20000, 0x10000},
961 {"user-config", 0xf30000, 0x40000},
962 {"qos-db", 0xf70000, 0x40000},
963 {"certificate", 0xfb0000, 0x10000},
964 {"partition-table", 0xfc0000, 0x10000},
965 {"log", 0xfd0000, 0x20000},
966 {"radio", 0xff0000, 0x10000},
970 .first_sysupgrade_partition
= "os-image",
971 .last_sysupgrade_partition
= "file-system",
974 /** Firmware layout for the C7 v5*/
976 .id
= "ARCHER-C7-V5",
979 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
980 "{product_name:Archer C7,product_ver:5.0.0,special_id:45550000}\n"
981 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n"
982 "{product_name:Archer C7,product_ver:5.0.0,special_id:43410000}\n"
983 "{product_name:Archer C7,product_ver:5.0.0,special_id:4A500000}\n"
984 "{product_name:Archer C7,product_ver:5.0.0,special_id:54570000}\n"
985 "{product_name:Archer C7,product_ver:5.0.0,special_id:52550000}\n"
986 "{product_name:Archer C7,product_ver:5.0.0,special_id:4B520000}\n",
988 .support_trail
= '\x00',
989 .soft_ver
= "soft_ver:1.0.0\n",
991 /* We're using a dynamic kernel/rootfs split here */
993 {"factory-boot", 0x00000, 0x20000},
994 {"fs-uboot", 0x20000, 0x20000},
995 {"partition-table", 0x40000, 0x10000},
996 {"radio", 0x50000, 0x10000},
997 {"default-mac", 0x60000, 0x00200},
998 {"pin", 0x60200, 0x00200},
999 {"device-id", 0x60400, 0x00100},
1000 {"product-info", 0x60500, 0x0fb00},
1001 {"soft-version", 0x70000, 0x01000},
1002 {"extra-para", 0x71000, 0x01000},
1003 {"support-list", 0x72000, 0x0a000},
1004 {"profile", 0x7c000, 0x04000},
1005 {"user-config", 0x80000, 0x40000},
1008 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
1009 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
1011 {"log", 0xfc0000, 0x20000},
1012 {"certificate", 0xfe0000, 0x10000},
1013 {"default-config", 0xff0000, 0x10000},
1018 .first_sysupgrade_partition
= "os-image",
1019 .last_sysupgrade_partition
= "file-system",
1022 /** Firmware layout for the C9 */
1028 "{product_name:ArcherC9,"
1029 "product_ver:1.0.0,"
1030 "special_id:00000000}\n",
1031 .support_trail
= '\x00',
1035 {"fs-uboot", 0x00000, 0x40000},
1036 {"os-image", 0x40000, 0x200000},
1037 {"file-system", 0x240000, 0xc00000},
1038 {"default-mac", 0xe40000, 0x00200},
1039 {"pin", 0xe40200, 0x00200},
1040 {"product-info", 0xe40400, 0x00200},
1041 {"partition-table", 0xe50000, 0x10000},
1042 {"soft-version", 0xe60000, 0x00200},
1043 {"support-list", 0xe61000, 0x0f000},
1044 {"profile", 0xe70000, 0x10000},
1045 {"default-config", 0xe80000, 0x10000},
1046 {"user-config", 0xe90000, 0x50000},
1047 {"log", 0xee0000, 0x100000},
1048 {"radio_bk", 0xfe0000, 0x10000},
1049 {"radio", 0xff0000, 0x10000},
1053 .first_sysupgrade_partition
= "os-image",
1054 .last_sysupgrade_partition
= "file-system"
1057 /** Firmware layout for the EAP120 */
1060 .vendor
= "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
1063 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
1064 .support_trail
= '\xff',
1068 {"fs-uboot", 0x00000, 0x20000},
1069 {"partition-table", 0x20000, 0x02000},
1070 {"default-mac", 0x30000, 0x00020},
1071 {"support-list", 0x31000, 0x00100},
1072 {"product-info", 0x31100, 0x00100},
1073 {"soft-version", 0x32000, 0x00100},
1074 {"os-image", 0x40000, 0x180000},
1075 {"file-system", 0x1c0000, 0x600000},
1076 {"user-config", 0x7c0000, 0x10000},
1077 {"backup-config", 0x7d0000, 0x10000},
1078 {"log", 0x7e0000, 0x10000},
1079 {"radio", 0x7f0000, 0x10000},
1083 .first_sysupgrade_partition
= "os-image",
1084 .last_sysupgrade_partition
= "file-system"
1087 /** Firmware layout for the TL-WA850RE v2 */
1089 .id
= "TLWA850REV2",
1093 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
1094 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
1095 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
1096 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
1097 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
1098 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
1099 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
1100 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
1101 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
1102 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
1103 .support_trail
= '\x00',
1107 576KB were moved from file-system to os-image
1108 in comparison to the stock image
1111 {"fs-uboot", 0x00000, 0x20000},
1112 {"os-image", 0x20000, 0x150000},
1113 {"file-system", 0x170000, 0x240000},
1114 {"partition-table", 0x3b0000, 0x02000},
1115 {"default-mac", 0x3c0000, 0x00020},
1116 {"pin", 0x3c0100, 0x00020},
1117 {"product-info", 0x3c1000, 0x01000},
1118 {"soft-version", 0x3c2000, 0x00100},
1119 {"support-list", 0x3c3000, 0x01000},
1120 {"profile", 0x3c4000, 0x08000},
1121 {"user-config", 0x3d0000, 0x10000},
1122 {"default-config", 0x3e0000, 0x10000},
1123 {"radio", 0x3f0000, 0x10000},
1127 .first_sysupgrade_partition
= "os-image",
1128 .last_sysupgrade_partition
= "file-system"
1131 /** Firmware layout for the TL-WA855RE v1 */
1133 .id
= "TLWA855REV1",
1137 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
1138 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
1139 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
1140 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
1141 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
1142 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
1143 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
1144 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
1145 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
1146 .support_trail
= '\x00',
1150 {"fs-uboot", 0x00000, 0x20000},
1151 {"os-image", 0x20000, 0x150000},
1152 {"file-system", 0x170000, 0x240000},
1153 {"partition-table", 0x3b0000, 0x02000},
1154 {"default-mac", 0x3c0000, 0x00020},
1155 {"pin", 0x3c0100, 0x00020},
1156 {"product-info", 0x3c1000, 0x01000},
1157 {"soft-version", 0x3c2000, 0x00100},
1158 {"support-list", 0x3c3000, 0x01000},
1159 {"profile", 0x3c4000, 0x08000},
1160 {"user-config", 0x3d0000, 0x10000},
1161 {"default-config", 0x3e0000, 0x10000},
1162 {"radio", 0x3f0000, 0x10000},
1166 .first_sysupgrade_partition
= "os-image",
1167 .last_sysupgrade_partition
= "file-system"
1170 /** Firmware layout for the TL-WR1043 v5 */
1172 .id
= "TLWR1043NV5",
1176 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
1177 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
1178 .support_trail
= '\x00',
1179 .soft_ver
= "soft_ver:1.0.0\n",
1181 {"factory-boot", 0x00000, 0x20000},
1182 {"fs-uboot", 0x20000, 0x20000},
1183 {"firmware", 0x40000, 0xec0000},
1184 {"default-mac", 0xf00000, 0x00200},
1185 {"pin", 0xf00200, 0x00200},
1186 {"device-id", 0xf00400, 0x00100},
1187 {"product-info", 0xf00500, 0x0fb00},
1188 {"soft-version", 0xf10000, 0x01000},
1189 {"extra-para", 0xf11000, 0x01000},
1190 {"support-list", 0xf12000, 0x0a000},
1191 {"profile", 0xf1c000, 0x04000},
1192 {"default-config", 0xf20000, 0x10000},
1193 {"user-config", 0xf30000, 0x40000},
1194 {"qos-db", 0xf70000, 0x40000},
1195 {"certificate", 0xfb0000, 0x10000},
1196 {"partition-table", 0xfc0000, 0x10000},
1197 {"log", 0xfd0000, 0x20000},
1198 {"radio", 0xff0000, 0x10000},
1201 .first_sysupgrade_partition
= "os-image",
1202 .last_sysupgrade_partition
= "file-system"
1205 /** Firmware layout for the TL-WR1043 v4 */
1207 .id
= "TLWR1043NDV4",
1211 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
1212 .support_trail
= '\x00',
1215 /* We're using a dynamic kernel/rootfs split here */
1217 {"fs-uboot", 0x00000, 0x20000},
1218 {"firmware", 0x20000, 0xf30000},
1219 {"default-mac", 0xf50000, 0x00200},
1220 {"pin", 0xf50200, 0x00200},
1221 {"product-info", 0xf50400, 0x0fc00},
1222 {"soft-version", 0xf60000, 0x0b000},
1223 {"support-list", 0xf6b000, 0x04000},
1224 {"profile", 0xf70000, 0x04000},
1225 {"default-config", 0xf74000, 0x0b000},
1226 {"user-config", 0xf80000, 0x40000},
1227 {"partition-table", 0xfc0000, 0x10000},
1228 {"log", 0xfd0000, 0x20000},
1229 {"radio", 0xff0000, 0x10000},
1233 .first_sysupgrade_partition
= "os-image",
1234 .last_sysupgrade_partition
= "file-system"
1237 /** Firmware layout for the TL-WR902AC v1 */
1239 .id
= "TL-WR902AC-V1",
1243 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
1244 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
1245 .support_trail
= '\x00',
1249 384KB were moved from file-system to os-image
1250 in comparison to the stock image
1253 {"fs-uboot", 0x00000, 0x20000},
1254 {"firmware", 0x20000, 0x730000},
1255 {"default-mac", 0x750000, 0x00200},
1256 {"pin", 0x750200, 0x00200},
1257 {"product-info", 0x750400, 0x0fc00},
1258 {"soft-version", 0x760000, 0x0b000},
1259 {"support-list", 0x76b000, 0x04000},
1260 {"profile", 0x770000, 0x04000},
1261 {"default-config", 0x774000, 0x0b000},
1262 {"user-config", 0x780000, 0x40000},
1263 {"partition-table", 0x7c0000, 0x10000},
1264 {"log", 0x7d0000, 0x20000},
1265 {"radio", 0x7f0000, 0x10000},
1269 .first_sysupgrade_partition
= "os-image",
1270 .last_sysupgrade_partition
= "file-system",
1273 /** Firmware layout for the TL-WR942N V1 */
1279 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
1280 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
1281 .support_trail
= '\x00',
1285 {"fs-uboot", 0x00000, 0x20000},
1286 {"firmware", 0x20000, 0xe20000},
1287 {"default-mac", 0xe40000, 0x00200},
1288 {"pin", 0xe40200, 0x00200},
1289 {"product-info", 0xe40400, 0x0fc00},
1290 {"partition-table", 0xe50000, 0x10000},
1291 {"soft-version", 0xe60000, 0x10000},
1292 {"support-list", 0xe70000, 0x10000},
1293 {"profile", 0xe80000, 0x10000},
1294 {"default-config", 0xe90000, 0x10000},
1295 {"user-config", 0xea0000, 0x40000},
1296 {"qos-db", 0xee0000, 0x40000},
1297 {"certificate", 0xf20000, 0x10000},
1298 {"usb-config", 0xfb0000, 0x10000},
1299 {"log", 0xfc0000, 0x20000},
1300 {"radio-bk", 0xfe0000, 0x10000},
1301 {"radio", 0xff0000, 0x10000},
1305 .first_sysupgrade_partition
= "os-image",
1306 .last_sysupgrade_partition
= "file-system",
1309 /** Firmware layout for the RE350 v1 */
1315 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1316 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1317 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1318 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1319 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1320 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1321 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1322 .support_trail
= '\x00',
1325 /** We're using a dynamic kernel/rootfs split here */
1327 {"fs-uboot", 0x00000, 0x20000},
1328 {"firmware", 0x20000, 0x5e0000},
1329 {"partition-table", 0x600000, 0x02000},
1330 {"default-mac", 0x610000, 0x00020},
1331 {"pin", 0x610100, 0x00020},
1332 {"product-info", 0x611100, 0x01000},
1333 {"soft-version", 0x620000, 0x01000},
1334 {"support-list", 0x621000, 0x01000},
1335 {"profile", 0x622000, 0x08000},
1336 {"user-config", 0x630000, 0x10000},
1337 {"default-config", 0x640000, 0x10000},
1338 {"radio", 0x7f0000, 0x10000},
1342 .first_sysupgrade_partition
= "os-image",
1343 .last_sysupgrade_partition
= "file-system"
1346 /** Firmware layout for the RE350K v1 */
1352 "{product_name:RE350K,product_ver:1.0.0,special_id:00000000,product_region:US}\n",
1353 .support_trail
= '\x00',
1356 /** We're using a dynamic kernel/rootfs split here */
1358 {"fs-uboot", 0x00000, 0x20000},
1359 {"firmware", 0x20000, 0xd70000},
1360 {"partition-table", 0xd90000, 0x02000},
1361 {"default-mac", 0xda0000, 0x00020},
1362 {"pin", 0xda0100, 0x00020},
1363 {"product-info", 0xda1100, 0x01000},
1364 {"soft-version", 0xdb0000, 0x01000},
1365 {"support-list", 0xdb1000, 0x01000},
1366 {"profile", 0xdb2000, 0x08000},
1367 {"user-config", 0xdc0000, 0x10000},
1368 {"default-config", 0xdd0000, 0x10000},
1369 {"device-id", 0xde0000, 0x00108},
1370 {"radio", 0xff0000, 0x10000},
1374 .first_sysupgrade_partition
= "os-image",
1375 .last_sysupgrade_partition
= "file-system"
1378 /** Firmware layout for the RE355 */
1384 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1385 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1386 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1387 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1388 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1389 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1390 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1391 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1392 .support_trail
= '\x00',
1395 /* We're using a dynamic kernel/rootfs split here */
1397 {"fs-uboot", 0x00000, 0x20000},
1398 {"firmware", 0x20000, 0x5e0000},
1399 {"partition-table", 0x600000, 0x02000},
1400 {"default-mac", 0x610000, 0x00020},
1401 {"pin", 0x610100, 0x00020},
1402 {"product-info", 0x611100, 0x01000},
1403 {"soft-version", 0x620000, 0x01000},
1404 {"support-list", 0x621000, 0x01000},
1405 {"profile", 0x622000, 0x08000},
1406 {"user-config", 0x630000, 0x10000},
1407 {"default-config", 0x640000, 0x10000},
1408 {"radio", 0x7f0000, 0x10000},
1412 .first_sysupgrade_partition
= "os-image",
1413 .last_sysupgrade_partition
= "file-system"
1416 /** Firmware layout for the RE450 */
1422 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1423 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1424 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1425 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1426 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1427 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1428 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1429 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1430 .support_trail
= '\x00',
1433 /** We're using a dynamic kernel/rootfs split here */
1435 {"fs-uboot", 0x00000, 0x20000},
1436 {"firmware", 0x20000, 0x5e0000},
1437 {"partition-table", 0x600000, 0x02000},
1438 {"default-mac", 0x610000, 0x00020},
1439 {"pin", 0x610100, 0x00020},
1440 {"product-info", 0x611100, 0x01000},
1441 {"soft-version", 0x620000, 0x01000},
1442 {"support-list", 0x621000, 0x01000},
1443 {"profile", 0x622000, 0x08000},
1444 {"user-config", 0x630000, 0x10000},
1445 {"default-config", 0x640000, 0x10000},
1446 {"radio", 0x7f0000, 0x10000},
1450 .first_sysupgrade_partition
= "os-image",
1451 .last_sysupgrade_partition
= "file-system"
1454 /** Firmware layout for the RE450 v2 */
1460 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1461 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1462 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1463 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1464 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1465 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1466 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1467 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1468 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1469 .support_trail
= '\x00',
1472 /* We're using a dynamic kernel/rootfs split here */
1474 {"fs-uboot", 0x00000, 0x20000},
1475 {"firmware", 0x20000, 0x5e0000},
1476 {"partition-table", 0x600000, 0x02000},
1477 {"default-mac", 0x610000, 0x00020},
1478 {"pin", 0x610100, 0x00020},
1479 {"product-info", 0x611100, 0x01000},
1480 {"soft-version", 0x620000, 0x01000},
1481 {"support-list", 0x621000, 0x01000},
1482 {"profile", 0x622000, 0x08000},
1483 {"user-config", 0x630000, 0x10000},
1484 {"default-config", 0x640000, 0x10000},
1485 {"radio", 0x7f0000, 0x10000},
1490 .first_sysupgrade_partition
= "os-image",
1491 .last_sysupgrade_partition
= "file-system"
1494 /** Firmware layout for the RE650 */
1500 "{product_name:RE650,product_ver:1.0.0,special_id:00000000}\r\n"
1501 "{product_name:RE650,product_ver:1.0.0,special_id:55530000}\r\n"
1502 "{product_name:RE650,product_ver:1.0.0,special_id:45550000}\r\n"
1503 "{product_name:RE650,product_ver:1.0.0,special_id:4A500000}\r\n"
1504 "{product_name:RE650,product_ver:1.0.0,special_id:43410000}\r\n"
1505 "{product_name:RE650,product_ver:1.0.0,special_id:41550000}\r\n"
1506 "{product_name:RE650,product_ver:1.0.0,special_id:41530000}\r\n",
1507 .support_trail
= '\x00',
1510 /* We're using a dynamic kernel/rootfs split here */
1512 {"fs-uboot", 0x00000, 0x20000},
1513 {"firmware", 0x20000, 0xde0000},
1514 {"partition-table", 0xe00000, 0x02000},
1515 {"default-mac", 0xe10000, 0x00020},
1516 {"pin", 0xe10100, 0x00020},
1517 {"product-info", 0xe11100, 0x01000},
1518 {"soft-version", 0xe20000, 0x01000},
1519 {"support-list", 0xe21000, 0x01000},
1520 {"profile", 0xe22000, 0x08000},
1521 {"user-config", 0xe30000, 0x10000},
1522 {"default-config", 0xe40000, 0x10000},
1523 {"radio", 0xff0000, 0x10000},
1527 .first_sysupgrade_partition
= "os-image",
1528 .last_sysupgrade_partition
= "file-system"
1534 #define error(_ret, _errno, _str, ...) \
1536 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1537 strerror(_errno)); \
1543 /** Stores a uint32 as big endian */
1544 static inline void put32(uint8_t *buf
, uint32_t val
) {
1551 /** Allocates a new image partition */
1552 static struct image_partition_entry
alloc_image_partition(const char *name
, size_t len
) {
1553 struct image_partition_entry entry
= {name
, len
, malloc(len
)};
1555 error(1, errno
, "malloc");
1560 /** Frees an image partition */
1561 static void free_image_partition(struct image_partition_entry entry
) {
1565 static time_t source_date_epoch
= -1;
1566 static void set_source_date_epoch() {
1567 char *env
= getenv("SOURCE_DATE_EPOCH");
1571 source_date_epoch
= strtoull(env
, &endptr
, 10);
1572 if (errno
|| (endptr
&& *endptr
!= '\0')) {
1573 fprintf(stderr
, "Invalid SOURCE_DATE_EPOCH");
1579 /** Generates the partition-table partition */
1580 static struct image_partition_entry
make_partition_table(const struct flash_partition_entry
*p
) {
1581 struct image_partition_entry entry
= alloc_image_partition("partition-table", 0x800);
1583 char *s
= (char *)entry
.data
, *end
= (char *)(s
+entry
.size
);
1591 for (i
= 0; p
[i
].name
; i
++) {
1593 size_t w
= snprintf(s
, len
, "partition %s base 0x%05x size 0x%05x\n", p
[i
].name
, p
[i
].base
, p
[i
].size
);
1596 error(1, 0, "flash partition table overflow?");
1603 memset(s
, 0xff, end
-s
);
1609 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1610 static inline uint8_t bcd(uint8_t v
) {
1611 return 0x10 * (v
/10) + v
%10;
1615 /** Generates the soft-version partition */
1616 static struct image_partition_entry
make_soft_version(uint32_t rev
) {
1617 struct image_partition_entry entry
= alloc_image_partition("soft-version", sizeof(struct soft_version
));
1618 struct soft_version
*s
= (struct soft_version
*)entry
.data
;
1622 if (source_date_epoch
!= -1)
1623 t
= source_date_epoch
;
1624 else if (time(&t
) == (time_t)(-1))
1625 error(1, errno
, "time");
1627 struct tm
*tm
= localtime(&t
);
1629 s
->magic
= htonl(0x0000000c);
1633 s
->version_major
= 0;
1634 s
->version_minor
= 0;
1635 s
->version_patch
= 0;
1637 s
->year_hi
= bcd((1900+tm
->tm_year
)/100);
1638 s
->year_lo
= bcd(tm
->tm_year
%100);
1639 s
->month
= bcd(tm
->tm_mon
+1);
1640 s
->day
= bcd(tm
->tm_mday
);
1641 s
->rev
= htonl(rev
);
1648 static struct image_partition_entry
make_soft_version_from_string(const char *soft_ver
) {
1649 /** String length _including_ the terminating zero byte */
1650 uint32_t ver_len
= strlen(soft_ver
) + 1;
1651 /** Partition contains 64 bit header, the version string, and one additional null byte */
1652 size_t partition_len
= 2*sizeof(uint32_t) + ver_len
+ 1;
1653 struct image_partition_entry entry
= alloc_image_partition("soft-version", partition_len
);
1655 uint32_t *len
= (uint32_t *)entry
.data
;
1656 len
[0] = htonl(ver_len
);
1658 memcpy(&len
[2], soft_ver
, ver_len
);
1660 entry
.data
[partition_len
- 1] = 0;
1665 /** Generates the support-list partition */
1666 static struct image_partition_entry
make_support_list(struct device_info
*info
) {
1667 size_t len
= strlen(info
->support_list
);
1668 struct image_partition_entry entry
= alloc_image_partition("support-list", len
+ 9);
1670 put32(entry
.data
, len
);
1671 memset(entry
.data
+4, 0, 4);
1672 memcpy(entry
.data
+8, info
->support_list
, len
);
1673 entry
.data
[len
+8] = info
->support_trail
;
1678 /** Creates a new image partition with an arbitrary name from a file */
1679 static struct image_partition_entry
read_file(const char *part_name
, const char *filename
, bool add_jffs2_eof
, struct flash_partition_entry
*file_system_partition
) {
1680 struct stat statbuf
;
1682 if (stat(filename
, &statbuf
) < 0)
1683 error(1, errno
, "unable to stat file `%s'", filename
);
1685 size_t len
= statbuf
.st_size
;
1687 if (add_jffs2_eof
) {
1688 if (file_system_partition
)
1689 len
= ALIGN(len
+ file_system_partition
->base
, 0x10000) + sizeof(jffs2_eof_mark
) - file_system_partition
->base
;
1691 len
= ALIGN(len
, 0x10000) + sizeof(jffs2_eof_mark
);
1694 struct image_partition_entry entry
= alloc_image_partition(part_name
, len
);
1696 FILE *file
= fopen(filename
, "rb");
1698 error(1, errno
, "unable to open file `%s'", filename
);
1700 if (fread(entry
.data
, statbuf
.st_size
, 1, file
) != 1)
1701 error(1, errno
, "unable to read file `%s'", filename
);
1703 if (add_jffs2_eof
) {
1704 uint8_t *eof
= entry
.data
+ statbuf
.st_size
, *end
= entry
.data
+entry
.size
;
1706 memset(eof
, 0xff, end
- eof
- sizeof(jffs2_eof_mark
));
1707 memcpy(end
- sizeof(jffs2_eof_mark
), jffs2_eof_mark
, sizeof(jffs2_eof_mark
));
1715 /** Creates a new image partition from arbitrary data */
1716 static struct image_partition_entry
put_data(const char *part_name
, const char *datain
, size_t len
) {
1718 struct image_partition_entry entry
= alloc_image_partition(part_name
, len
);
1720 memcpy(entry
.data
, datain
, len
);
1726 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1728 Example image partition table:
1730 fwup-ptn partition-table base 0x00800 size 0x00800
1731 fwup-ptn os-image base 0x01000 size 0x113b45
1732 fwup-ptn file-system base 0x114b45 size 0x1d0004
1733 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1735 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1736 the end of the partition table is marked with a zero byte.
1738 The firmware image must contain at least the partition-table and support-list partitions
1739 to be accepted. There aren't any alignment constraints for the image partitions.
1741 The partition-table partition contains the actual flash layout; partitions
1742 from the image partition table are mapped to the corresponding flash partitions during
1743 the firmware upgrade. The support-list partition contains a list of devices supported by
1746 The base offsets in the firmware partition table are relative to the end
1747 of the vendor information block, so the partition-table partition will
1748 actually start at offset 0x1814 of the image.
1750 I think partition-table must be the first partition in the firmware image.
1752 static void put_partitions(uint8_t *buffer
, const struct flash_partition_entry
*flash_parts
, const struct image_partition_entry
*parts
) {
1754 char *image_pt
= (char *)buffer
, *end
= image_pt
+ 0x800;
1756 size_t base
= 0x800;
1757 for (i
= 0; parts
[i
].name
; i
++) {
1758 for (j
= 0; flash_parts
[j
].name
; j
++) {
1759 if (!strcmp(flash_parts
[j
].name
, parts
[i
].name
)) {
1760 if (parts
[i
].size
> flash_parts
[j
].size
)
1761 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts
[j
].name
, (unsigned)flash_parts
[j
].size
);
1766 assert(flash_parts
[j
].name
);
1768 memcpy(buffer
+ base
, parts
[i
].data
, parts
[i
].size
);
1770 size_t len
= end
-image_pt
;
1771 size_t w
= snprintf(image_pt
, len
, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts
[i
].name
, (unsigned)base
, (unsigned)parts
[i
].size
);
1774 error(1, 0, "image partition table overflow?");
1778 base
+= parts
[i
].size
;
1782 /** Generates and writes the image MD5 checksum */
1783 static void put_md5(uint8_t *md5
, uint8_t *buffer
, unsigned int len
) {
1787 MD5_Update(&ctx
, md5_salt
, (unsigned int)sizeof(md5_salt
));
1788 MD5_Update(&ctx
, buffer
, len
);
1789 MD5_Final(md5
, &ctx
);
1794 Generates the firmware image in factory format
1800 0000-0003 Image size (4 bytes, big endian)
1801 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1802 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1803 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1804 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1805 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1806 1814-xxxx Firmware partitions
1808 static void * generate_factory_image(struct device_info
*info
, const struct image_partition_entry
*parts
, size_t *len
) {
1812 for (i
= 0; parts
[i
].name
; i
++)
1813 *len
+= parts
[i
].size
;
1815 uint8_t *image
= malloc(*len
);
1817 error(1, errno
, "malloc");
1819 memset(image
, 0xff, *len
);
1823 size_t vendor_len
= strlen(info
->vendor
);
1824 put32(image
+0x14, vendor_len
);
1825 memcpy(image
+0x18, info
->vendor
, vendor_len
);
1828 put_partitions(image
+ 0x1014, info
->partitions
, parts
);
1829 put_md5(image
+0x04, image
+0x14, *len
-0x14);
1835 Generates the firmware image in sysupgrade format
1837 This makes some assumptions about the provided flash and image partition tables and
1838 should be generalized when TP-LINK starts building its safeloader into hardware with
1839 different flash layouts.
1841 static void * generate_sysupgrade_image(struct device_info
*info
, const struct image_partition_entry
*image_parts
, size_t *len
) {
1843 size_t flash_first_partition_index
= 0;
1844 size_t flash_last_partition_index
= 0;
1845 const struct flash_partition_entry
*flash_first_partition
= NULL
;
1846 const struct flash_partition_entry
*flash_last_partition
= NULL
;
1847 const struct image_partition_entry
*image_last_partition
= NULL
;
1849 /** Find first and last partitions */
1850 for (i
= 0; info
->partitions
[i
].name
; i
++) {
1851 if (!strcmp(info
->partitions
[i
].name
, info
->first_sysupgrade_partition
)) {
1852 flash_first_partition
= &info
->partitions
[i
];
1853 flash_first_partition_index
= i
;
1854 } else if (!strcmp(info
->partitions
[i
].name
, info
->last_sysupgrade_partition
)) {
1855 flash_last_partition
= &info
->partitions
[i
];
1856 flash_last_partition_index
= i
;
1860 assert(flash_first_partition
&& flash_last_partition
);
1861 assert(flash_first_partition_index
< flash_last_partition_index
);
1863 /** Find last partition from image to calculate needed size */
1864 for (i
= 0; image_parts
[i
].name
; i
++) {
1865 if (!strcmp(image_parts
[i
].name
, info
->last_sysupgrade_partition
)) {
1866 image_last_partition
= &image_parts
[i
];
1871 assert(image_last_partition
);
1873 *len
= flash_last_partition
->base
- flash_first_partition
->base
+ image_last_partition
->size
;
1875 uint8_t *image
= malloc(*len
);
1877 error(1, errno
, "malloc");
1879 memset(image
, 0xff, *len
);
1881 for (i
= flash_first_partition_index
; i
<= flash_last_partition_index
; i
++) {
1882 for (j
= 0; image_parts
[j
].name
; j
++) {
1883 if (!strcmp(info
->partitions
[i
].name
, image_parts
[j
].name
)) {
1884 if (image_parts
[j
].size
> info
->partitions
[i
].size
)
1885 error(1, 0, "%s partition too big (more than %u bytes)", info
->partitions
[i
].name
, (unsigned)info
->partitions
[i
].size
);
1886 memcpy(image
+ info
->partitions
[i
].base
- flash_first_partition
->base
, image_parts
[j
].data
, image_parts
[j
].size
);
1890 assert(image_parts
[j
].name
);
1897 /** Generates an image according to a given layout and writes it to a file */
1898 static void build_image(const char *output
,
1899 const char *kernel_image
,
1900 const char *rootfs_image
,
1904 struct device_info
*info
) {
1908 struct image_partition_entry parts
[7] = {};
1910 struct flash_partition_entry
*firmware_partition
= NULL
;
1911 struct flash_partition_entry
*os_image_partition
= NULL
;
1912 struct flash_partition_entry
*file_system_partition
= NULL
;
1913 size_t firmware_partition_index
= 0;
1915 for (i
= 0; info
->partitions
[i
].name
; i
++) {
1916 if (!strcmp(info
->partitions
[i
].name
, "firmware"))
1918 firmware_partition
= &info
->partitions
[i
];
1919 firmware_partition_index
= i
;
1923 if (firmware_partition
)
1925 os_image_partition
= &info
->partitions
[firmware_partition_index
];
1926 file_system_partition
= &info
->partitions
[firmware_partition_index
+ 1];
1929 if (stat(kernel_image
, &kernel
) < 0)
1930 error(1, errno
, "unable to stat file `%s'", kernel_image
);
1932 if (kernel
.st_size
> firmware_partition
->size
)
1933 error(1, 0, "kernel overflowed firmware partition\n");
1935 for (i
= MAX_PARTITIONS
-1; i
>= firmware_partition_index
+ 1; i
--)
1936 info
->partitions
[i
+1] = info
->partitions
[i
];
1938 file_system_partition
->name
= "file-system";
1939 file_system_partition
->base
= firmware_partition
->base
+ kernel
.st_size
;
1941 /* Align partition start to erase blocks for factory images only */
1943 file_system_partition
->base
= ALIGN(firmware_partition
->base
+ kernel
.st_size
, 0x10000);
1945 file_system_partition
->size
= firmware_partition
->size
- file_system_partition
->base
;
1947 os_image_partition
->name
= "os-image";
1948 os_image_partition
->size
= kernel
.st_size
;
1951 parts
[0] = make_partition_table(info
->partitions
);
1953 parts
[1] = make_soft_version_from_string(info
->soft_ver
);
1955 parts
[1] = make_soft_version(rev
);
1957 parts
[2] = make_support_list(info
);
1958 parts
[3] = read_file("os-image", kernel_image
, false, NULL
);
1959 parts
[4] = read_file("file-system", rootfs_image
, add_jffs2_eof
, file_system_partition
);
1961 /* Some devices need the extra-para partition to accept the firmware */
1962 if (strcasecmp(info
->id
, "ARCHER-C2-V3") == 0 ||
1963 strcasecmp(info
->id
, "ARCHER-C25-V1") == 0 ||
1964 strcasecmp(info
->id
, "ARCHER-C59-V2") == 0 ||
1965 strcasecmp(info
->id
, "ARCHER-C60-V2") == 0 ||
1966 strcasecmp(info
->id
, "TLWR1043NV5") == 0) {
1967 const char mdat
[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1968 parts
[5] = put_data("extra-para", mdat
, 11);
1969 } else if (strcasecmp(info
->id
, "ARCHER-A7-V5") == 0 || strcasecmp(info
->id
, "ARCHER-C7-V4") == 0 || strcasecmp(info
->id
, "ARCHER-C7-V5") == 0) {
1970 const char mdat
[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1971 parts
[5] = put_data("extra-para", mdat
, 11);
1972 } else if (strcasecmp(info
->id
, "ARCHER-C6-V2") == 0) {
1973 const char mdat
[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00};
1974 parts
[5] = put_data("extra-para", mdat
, 11);
1980 image
= generate_sysupgrade_image(info
, parts
, &len
);
1982 image
= generate_factory_image(info
, parts
, &len
);
1984 FILE *file
= fopen(output
, "wb");
1986 error(1, errno
, "unable to open output file");
1988 if (fwrite(image
, len
, 1, file
) != 1)
1989 error(1, 0, "unable to write output file");
1995 for (i
= 0; parts
[i
].name
; i
++)
1996 free_image_partition(parts
[i
]);
2000 static void usage(const char *argv0
) {
2002 "Usage: %s [OPTIONS...]\n"
2005 " -h show this help\n"
2007 "Create a new image:\n"
2008 " -B <board> create image for the board specified with <board>\n"
2009 " -k <file> read kernel image from the file <file>\n"
2010 " -r <file> read rootfs image from the file <file>\n"
2011 " -o <file> write output to the file <file>\n"
2012 " -V <rev> sets the revision number to <rev>\n"
2013 " -j add jffs2 end-of-filesystem markers\n"
2014 " -S create sysupgrade instead of factory image\n"
2015 "Extract an old image:\n"
2016 " -x <file> extract all oem firmware partition\n"
2017 " -d <dir> destination to extract the firmware partition\n"
2018 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
2024 static struct device_info
*find_board(const char *id
)
2026 struct device_info
*board
= NULL
;
2028 for (board
= boards
; board
->id
!= NULL
; board
++)
2029 if (strcasecmp(id
, board
->id
) == 0)
2035 static int add_flash_partition(
2036 struct flash_partition_entry
*part_list
,
2043 /* check if the list has a free entry */
2044 for (ptr
= 0; ptr
< max_entries
; ptr
++, part_list
++) {
2045 if (part_list
->name
== NULL
&&
2046 part_list
->base
== 0 &&
2047 part_list
->size
== 0)
2051 if (ptr
== max_entries
) {
2052 error(1, 0, "No free flash part entry available.");
2055 part_list
->name
= calloc(1, strlen(name
) + 1);
2056 if (!part_list
->name
) {
2057 error(1, 0, "Unable to allocate memory");
2060 memcpy((char *)part_list
->name
, name
, strlen(name
));
2061 part_list
->base
= base
;
2062 part_list
->size
= size
;
2067 /** read the partition table into struct flash_partition_entry */
2068 static int read_partition_table(
2069 FILE *file
, long offset
,
2070 struct flash_partition_entry
*entries
, size_t max_entries
,
2075 const char *parthdr
= NULL
;
2076 const char *fwuphdr
= "fwup-ptn";
2077 const char *flashhdr
= "partition";
2079 /* TODO: search for the partition table */
2089 error(1, 0, "Invalid partition table");
2092 if (fseek(file
, offset
, SEEK_SET
) < 0)
2093 error(1, errno
, "Can not seek in the firmware");
2095 if (fread(buf
, 2048, 1, file
) != 1)
2096 error(1, errno
, "Can not read fwup-ptn from the firmware");
2100 /* look for the partition header */
2101 if (memcmp(buf
, parthdr
, strlen(parthdr
)) != 0) {
2102 fprintf(stderr
, "DEBUG: can not find fwuphdr\n");
2107 end
= buf
+ sizeof(buf
);
2108 while ((ptr
+ strlen(parthdr
)) < end
&&
2109 memcmp(ptr
, parthdr
, strlen(parthdr
)) == 0) {
2113 char name
[32] = { 0 };
2115 unsigned long base
= 0;
2116 unsigned long size
= 0;
2118 end_part
= memchr(ptr
, '\n', (end
- ptr
));
2119 if (end_part
== NULL
) {
2120 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
2124 for (int i
= 0; i
<= 4; i
++) {
2125 if (end_part
<= ptr
)
2128 end_element
= memchr(ptr
, 0x20, (end_part
- ptr
));
2129 if (end_element
== NULL
) {
2130 error(1, errno
, "Ignoring the rest of the partition entries.");
2135 /* partition header */
2137 ptr
= end_element
+ 1;
2141 name_len
= (end_element
- ptr
) > 31 ? 31 : (end_element
- ptr
);
2142 strncpy(name
, ptr
, name_len
);
2143 name
[name_len
] = '\0';
2144 ptr
= end_element
+ 1;
2149 ptr
= end_element
+ 1;
2154 base
= strtoul(ptr
, NULL
, 16);
2155 ptr
= end_element
+ 1;
2160 ptr
= end_element
+ 1;
2161 /* actual size. The last element doesn't have a sepeartor */
2162 size
= strtoul(ptr
, NULL
, 16);
2163 /* the part ends with 0x09, 0x0d, 0x0a */
2165 add_flash_partition(entries
, max_entries
, name
, base
, size
);
2174 static void write_partition(
2176 size_t firmware_offset
,
2177 struct flash_partition_entry
*entry
,
2183 fseek(input_file
, entry
->base
+ firmware_offset
, SEEK_SET
);
2185 for (offset
= 0; sizeof(buf
) + offset
<= entry
->size
; offset
+= sizeof(buf
)) {
2186 if (fread(buf
, sizeof(buf
), 1, input_file
) != 1)
2187 error(1, errno
, "Can not read partition from input_file");
2189 if (fwrite(buf
, sizeof(buf
), 1, output_file
) != 1)
2190 error(1, errno
, "Can not write partition to output_file");
2192 /* write last chunk smaller than buffer */
2193 if (offset
< entry
->size
) {
2194 offset
= entry
->size
- offset
;
2195 if (fread(buf
, offset
, 1, input_file
) != 1)
2196 error(1, errno
, "Can not read partition from input_file");
2197 if (fwrite(buf
, offset
, 1, output_file
) != 1)
2198 error(1, errno
, "Can not write partition to output_file");
2202 static int extract_firmware_partition(FILE *input_file
, size_t firmware_offset
, struct flash_partition_entry
*entry
, const char *output_directory
)
2205 char output
[PATH_MAX
];
2207 snprintf(output
, PATH_MAX
, "%s/%s", output_directory
, entry
->name
);
2208 output_file
= fopen(output
, "wb+");
2209 if (output_file
== NULL
) {
2210 error(1, errno
, "Can not open output file %s", output
);
2213 write_partition(input_file
, firmware_offset
, entry
, output_file
);
2215 fclose(output_file
);
2220 /** extract all partitions from the firmware file */
2221 static int extract_firmware(const char *input
, const char *output_directory
)
2223 struct flash_partition_entry entries
[16] = { 0 };
2224 size_t max_entries
= 16;
2225 size_t firmware_offset
= 0x1014;
2228 struct stat statbuf
;
2230 /* check input file */
2231 if (stat(input
, &statbuf
)) {
2232 error(1, errno
, "Can not read input firmware %s", input
);
2235 /* check if output directory exists */
2236 if (stat(output_directory
, &statbuf
)) {
2237 error(1, errno
, "Failed to stat output directory %s", output_directory
);
2240 if ((statbuf
.st_mode
& S_IFMT
) != S_IFDIR
) {
2241 error(1, errno
, "Given output directory is not a directory %s", output_directory
);
2244 input_file
= fopen(input
, "rb");
2246 if (read_partition_table(input_file
, firmware_offset
, entries
, 16, 0) != 0) {
2247 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2250 for (size_t i
= 0; i
< max_entries
; i
++) {
2251 if (entries
[i
].name
== NULL
&&
2252 entries
[i
].base
== 0 &&
2253 entries
[i
].size
== 0)
2256 extract_firmware_partition(input_file
, firmware_offset
, &entries
[i
], output_directory
);
2262 static struct flash_partition_entry
*find_partition(
2263 struct flash_partition_entry
*entries
, size_t max_entries
,
2264 const char *name
, const char *error_msg
)
2266 for (size_t i
= 0; i
< max_entries
; i
++, entries
++) {
2267 if (strcmp(entries
->name
, name
) == 0)
2271 error(1, 0, "%s", error_msg
);
2275 static void write_ff(FILE *output_file
, size_t size
)
2280 memset(buf
, 0xff, sizeof(buf
));
2282 for (offset
= 0; offset
+ sizeof(buf
) < size
; offset
+= sizeof(buf
)) {
2283 if (fwrite(buf
, sizeof(buf
), 1, output_file
) != 1)
2284 error(1, errno
, "Can not write 0xff to output_file");
2287 /* write last chunk smaller than buffer */
2288 if (offset
< size
) {
2289 offset
= size
- offset
;
2290 if (fwrite(buf
, offset
, 1, output_file
) != 1)
2291 error(1, errno
, "Can not write partition to output_file");
2295 static void convert_firmware(const char *input
, const char *output
)
2297 struct flash_partition_entry fwup
[MAX_PARTITIONS
] = { 0 };
2298 struct flash_partition_entry flash
[MAX_PARTITIONS
] = { 0 };
2299 struct flash_partition_entry
*fwup_os_image
= NULL
, *fwup_file_system
= NULL
;
2300 struct flash_partition_entry
*flash_os_image
= NULL
, *flash_file_system
= NULL
;
2301 struct flash_partition_entry
*fwup_partition_table
= NULL
;
2302 size_t firmware_offset
= 0x1014;
2303 FILE *input_file
, *output_file
;
2305 struct stat statbuf
;
2307 /* check input file */
2308 if (stat(input
, &statbuf
)) {
2309 error(1, errno
, "Can not read input firmware %s", input
);
2312 input_file
= fopen(input
, "rb");
2314 error(1, 0, "Can not open input firmware %s", input
);
2316 output_file
= fopen(output
, "wb");
2318 error(1, 0, "Can not open output firmware %s", output
);
2320 if (read_partition_table(input_file
, firmware_offset
, fwup
, MAX_PARTITIONS
, 0) != 0) {
2321 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2324 fwup_os_image
= find_partition(fwup
, MAX_PARTITIONS
,
2325 "os-image", "Error can not find os-image partition (fwup)");
2326 fwup_file_system
= find_partition(fwup
, MAX_PARTITIONS
,
2327 "file-system", "Error can not find file-system partition (fwup)");
2328 fwup_partition_table
= find_partition(fwup
, MAX_PARTITIONS
,
2329 "partition-table", "Error can not find partition-table partition");
2331 /* the flash partition table has a 0x00000004 magic haeder */
2332 if (read_partition_table(input_file
, firmware_offset
+ fwup_partition_table
->base
+ 4, flash
, MAX_PARTITIONS
, 1) != 0)
2333 error(1, 0, "Error can not read the partition table (flash)");
2335 flash_os_image
= find_partition(flash
, MAX_PARTITIONS
,
2336 "os-image", "Error can not find os-image partition (flash)");
2337 flash_file_system
= find_partition(flash
, MAX_PARTITIONS
,
2338 "file-system", "Error can not find file-system partition (flash)");
2340 /* write os_image to 0x0 */
2341 write_partition(input_file
, firmware_offset
, fwup_os_image
, output_file
);
2342 write_ff(output_file
, flash_os_image
->size
- fwup_os_image
->size
);
2344 /* write file-system behind os_image */
2345 fseek(output_file
, flash_file_system
->base
- flash_os_image
->base
, SEEK_SET
);
2346 write_partition(input_file
, firmware_offset
, fwup_file_system
, output_file
);
2347 write_ff(output_file
, flash_file_system
->size
- fwup_file_system
->size
);
2349 fclose(output_file
);
2353 int main(int argc
, char *argv
[]) {
2354 const char *board
= NULL
, *kernel_image
= NULL
, *rootfs_image
= NULL
, *output
= NULL
;
2355 const char *extract_image
= NULL
, *output_directory
= NULL
, *convert_image
= NULL
;
2356 bool add_jffs2_eof
= false, sysupgrade
= false;
2358 struct device_info
*info
;
2359 set_source_date_epoch();
2364 c
= getopt(argc
, argv
, "B:k:r:o:V:jSh:x:d:z:");
2374 kernel_image
= optarg
;
2378 rootfs_image
= optarg
;
2386 sscanf(optarg
, "r%u", &rev
);
2390 add_jffs2_eof
= true;
2402 output_directory
= optarg
;
2406 extract_image
= optarg
;
2410 convert_image
= optarg
;
2419 if (extract_image
|| output_directory
) {
2421 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2422 if (!output_directory
)
2423 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2424 extract_firmware(extract_image
, output_directory
);
2425 } else if (convert_image
) {
2427 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2428 convert_firmware(convert_image
, output
);
2431 error(1, 0, "no board has been specified");
2433 error(1, 0, "no kernel image has been specified");
2435 error(1, 0, "no rootfs image has been specified");
2437 error(1, 0, "no output filename has been specified");
2439 info
= find_board(board
);
2442 error(1, 0, "unsupported board %s", board
);
2444 build_image(output
, kernel_image
, rootfs_image
, rev
, add_jffs2_eof
, sysupgrade
, info
);