#include <assert.h>
#include <errno.h>
-#include <error.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdint.h>
#define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
+#define MAX_PARTITIONS 32
+
/** An image partition table entry */
struct image_partition_entry {
const char *name;
uint32_t size;
};
+/** Firmware layout description */
+struct device_info {
+ const char *id;
+ const char *vendor;
+ const char *support_list;
+ char support_trail;
+ const struct flash_partition_entry partitions[MAX_PARTITIONS+1];
+ const char *first_sysupgrade_partition;
+ const char *last_sysupgrade_partition;
+};
/** The content of the soft-version structure */
struct __attribute__((__packed__)) soft_version {
};
-/** Vendor information for CPE210/220/510/520 */
-static const unsigned char cpe510_vendor[] = "\x00\x00\x00\x1f""CPE510(TP-LINK|UN|N300-5):1.0\r\n";
-
-
-/**
- The flash partition table for CPE210/220/510/520;
- it is the same as the one used by the stock images.
-*/
-static const struct flash_partition_entry cpe510_partitions[] = {
- {"fs-uboot", 0x00000, 0x20000},
- {"partition-table", 0x20000, 0x02000},
- {"default-mac", 0x30000, 0x00020},
- {"product-info", 0x31100, 0x00100},
- {"signature", 0x32000, 0x00400},
- {"os-image", 0x40000, 0x170000},
- {"soft-version", 0x1b0000, 0x00100},
- {"support-list", 0x1b1000, 0x00400},
- {"file-system", 0x1c0000, 0x600000},
- {"user-config", 0x7c0000, 0x10000},
- {"default-config", 0x7d0000, 0x10000},
- {"log", 0x7e0000, 0x10000},
- {"radio", 0x7f0000, 0x10000},
- {NULL, 0, 0}
+/** Firmware layout table */
+static struct device_info boards[] = {
+ /** Firmware layout for the CPE210/220 */
+ {
+ .id = "CPE210",
+ .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
+ .support_list =
+ "SupportList:\r\n"
+ "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
+ "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
+ "CPE210(TP-LINK|US|N300-2):1.1\r\n"
+ "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
+ "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
+ "CPE220(TP-LINK|US|N300-2):1.1\r\n"
+ "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
+ .support_trail = '\xff',
+
+ .partitions = {
+ {"fs-uboot", 0x00000, 0x20000},
+ {"partition-table", 0x20000, 0x02000},
+ {"default-mac", 0x30000, 0x00020},
+ {"product-info", 0x31100, 0x00100},
+ {"signature", 0x32000, 0x00400},
+ {"os-image", 0x40000, 0x170000},
+ {"soft-version", 0x1b0000, 0x00100},
+ {"support-list", 0x1b1000, 0x00400},
+ {"file-system", 0x1c0000, 0x600000},
+ {"user-config", 0x7c0000, 0x10000},
+ {"default-config", 0x7d0000, 0x10000},
+ {"log", 0x7e0000, 0x10000},
+ {"radio", 0x7f0000, 0x10000},
+ {NULL, 0, 0}
+ },
+
+ .first_sysupgrade_partition = "os-image",
+ .last_sysupgrade_partition = "file-system",
+ },
+
+ /** Firmware layout for the CPE510/520 */
+ {
+ .id = "CPE510",
+ .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
+ .support_list =
+ "SupportList:\r\n"
+ "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
+ "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
+ "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
+ "CPE510(TP-LINK|US|N300-5):1.1\r\n"
+ "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
+ "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
+ "CPE520(TP-LINK|US|N300-5):1.1\r\n"
+ "CPE520(TP-LINK|EU|N300-5):1.1\r\n",
+ .support_trail = '\xff',
+
+ .partitions = {
+ {"fs-uboot", 0x00000, 0x20000},
+ {"partition-table", 0x20000, 0x02000},
+ {"default-mac", 0x30000, 0x00020},
+ {"product-info", 0x31100, 0x00100},
+ {"signature", 0x32000, 0x00400},
+ {"os-image", 0x40000, 0x170000},
+ {"soft-version", 0x1b0000, 0x00100},
+ {"support-list", 0x1b1000, 0x00400},
+ {"file-system", 0x1c0000, 0x600000},
+ {"user-config", 0x7c0000, 0x10000},
+ {"default-config", 0x7d0000, 0x10000},
+ {"log", 0x7e0000, 0x10000},
+ {"radio", 0x7f0000, 0x10000},
+ {NULL, 0, 0}
+ },
+
+ .first_sysupgrade_partition = "os-image",
+ .last_sysupgrade_partition = "file-system",
+ },
+
+ /** Firmware layout for the C2600 */
+ {
+ .id = "C2600",
+ .vendor = "",
+ .support_list =
+ "SupportList:\r\n"
+ "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
+ .support_trail = '\x00',
+
+ .partitions = {
+ {"SBL1", 0x00000, 0x20000},
+ {"MIBIB", 0x20000, 0x20000},
+ {"SBL2", 0x40000, 0x20000},
+ {"SBL3", 0x60000, 0x30000},
+ {"DDRCONFIG", 0x90000, 0x10000},
+ {"SSD", 0xa0000, 0x10000},
+ {"TZ", 0xb0000, 0x30000},
+ {"RPM", 0xe0000, 0x20000},
+ {"fs-uboot", 0x100000, 0x70000},
+ {"uboot-env", 0x170000, 0x40000},
+ {"radio", 0x1b0000, 0x40000},
+ {"os-image", 0x1f0000, 0x200000},
+ {"file-system", 0x3f0000, 0x1b00000},
+ {"default-mac", 0x1ef0000, 0x00200},
+ {"pin", 0x1ef0200, 0x00200},
+ {"product-info", 0x1ef0400, 0x0fc00},
+ {"partition-table", 0x1f00000, 0x10000},
+ {"soft-version", 0x1f10000, 0x10000},
+ {"support-list", 0x1f20000, 0x10000},
+ {"profile", 0x1f30000, 0x10000},
+ {"default-config", 0x1f40000, 0x10000},
+ {"user-config", 0x1f50000, 0x40000},
+ {"qos-db", 0x1f90000, 0x40000},
+ {"usb-config", 0x1fd0000, 0x10000},
+ {"log", 0x1fe0000, 0x20000},
+ {NULL, 0, 0}
+ },
+
+ .first_sysupgrade_partition = "os-image",
+ .last_sysupgrade_partition = "file-system"
+ },
+
+ /** Firmware layout for the C9 */
+ {
+ .id = "ARCHERC9",
+ .vendor = "",
+ .support_list =
+ "SupportList:\n"
+ "{product_name:ArcherC9,"
+ "product_ver:1.0.0,"
+ "special_id:00000000}\n",
+ .support_trail = '\x00',
+
+ .partitions = {
+ {"fs-uboot", 0x00000, 0x40000},
+ {"os-image", 0x40000, 0x200000},
+ {"file-system", 0x240000, 0xc00000},
+ {"default-mac", 0xe40000, 0x00200},
+ {"pin", 0xe40200, 0x00200},
+ {"product-info", 0xe40400, 0x00200},
+ {"partition-table", 0xe50000, 0x10000},
+ {"soft-version", 0xe60000, 0x00200},
+ {"support-list", 0xe61000, 0x0f000},
+ {"profile", 0xe70000, 0x10000},
+ {"default-config", 0xe80000, 0x10000},
+ {"user-config", 0xe90000, 0x50000},
+ {"log", 0xee0000, 0x100000},
+ {"radio_bk", 0xfe0000, 0x10000},
+ {"radio", 0xff0000, 0x10000},
+ {NULL, 0, 0}
+ },
+
+ .first_sysupgrade_partition = "os-image",
+ .last_sysupgrade_partition = "file-system"
+ },
+
+ /** Firmware layout for the EAP120 */
+ {
+ .id = "EAP120",
+ .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
+ .support_list =
+ "SupportList:\r\n"
+ "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
+ .support_trail = '\xff',
+
+ .partitions = {
+ {"fs-uboot", 0x00000, 0x20000},
+ {"partition-table", 0x20000, 0x02000},
+ {"default-mac", 0x30000, 0x00020},
+ {"support-list", 0x31000, 0x00100},
+ {"product-info", 0x31100, 0x00100},
+ {"soft-version", 0x32000, 0x00100},
+ {"os-image", 0x40000, 0x180000},
+ {"file-system", 0x1c0000, 0x600000},
+ {"user-config", 0x7c0000, 0x10000},
+ {"backup-config", 0x7d0000, 0x10000},
+ {"log", 0x7e0000, 0x10000},
+ {"radio", 0x7f0000, 0x10000},
+ {NULL, 0, 0}
+ },
+
+ .first_sysupgrade_partition = "os-image",
+ .last_sysupgrade_partition = "file-system"
+ },
+
+ /** Firmware layout for the TL-WR1043 v4 */
+ {
+ .id = "TLWR1043NDV4",
+ .vendor = "",
+ .support_list =
+ "SupportList:\n"
+ "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
+ .support_trail = '\x00',
+
+ /**
+ We use a bigger os-image partition than the stock images (and thus
+ smaller file-system), as our kernel doesn't fit in the stock firmware's
+ 1MB os-image.
+ */
+ .partitions = {
+ {"fs-uboot", 0x00000, 0x20000},
+ {"os-image", 0x20000, 0x180000},
+ {"file-system", 0x1a0000, 0xdb0000},
+ {"default-mac", 0xf50000, 0x00200},
+ {"pin", 0xf50200, 0x00200},
+ {"product-info", 0xf50400, 0x0fc00},
+ {"soft-version", 0xf60000, 0x0b000},
+ {"support-list", 0xf6b000, 0x04000},
+ {"profile", 0xf70000, 0x04000},
+ {"default-config", 0xf74000, 0x0b000},
+ {"user-config", 0xf80000, 0x40000},
+ {"partition-table", 0xfc0000, 0x10000},
+ {"log", 0xfd0000, 0x20000},
+ {"radio", 0xff0000, 0x10000},
+ {NULL, 0, 0}
+ },
+
+ .first_sysupgrade_partition = "os-image",
+ .last_sysupgrade_partition = "file-system"
+ },
+
+ {}
};
-/**
- The support list for CPE210/220/510/520
-
- The stock images also contain strings for two more devices: BS510 and BS210.
- At the moment, there exists no public information about these devices.
-*/
-static const unsigned char cpe510_support_list[] =
- "\x00\x00\x00\xc8\x00\x00\x00\x00"
- "SupportList:\r\n"
- "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
- "CPE520(TP-LINK|UN|N300-5):1.0\r\n"
- "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
- "CPE220(TP-LINK|UN|N300-2):1.0\r\n"
- "\r\n\xff";
-
+#define error(_ret, _errno, _str, ...) \
+ do { \
+ fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
+ strerror(_errno)); \
+ if (_ret) \
+ exit(_ret); \
+ } while (0)
+
+
+/** Stores a uint32 as big endian */
+static inline void put32(uint8_t *buf, uint32_t val) {
+ buf[0] = val >> 24;
+ buf[1] = val >> 16;
+ buf[2] = val >> 8;
+ buf[3] = val;
+}
/** Allocates a new image partition */
-struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
+static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
struct image_partition_entry entry = {name, len, malloc(len)};
if (!entry.data)
error(1, errno, "malloc");
}
/** Frees an image partition */
-void free_image_partition(struct image_partition_entry entry) {
+static void free_image_partition(struct image_partition_entry entry) {
free(entry.data);
}
/** Generates the partition-table partition */
-struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
+static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
char *s = (char *)entry.data, *end = (char *)(s+entry.size);
/** Generates the soft-version partition */
-struct image_partition_entry make_soft_version(uint32_t rev) {
+static struct image_partition_entry make_soft_version(uint32_t rev) {
struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
struct soft_version *s = (struct soft_version *)entry.data;
time_t t;
+
if (time(&t) == (time_t)(-1))
error(1, errno, "time");
}
/** Generates the support-list partition */
-struct image_partition_entry make_support_list(const unsigned char *support_list, size_t len) {
- struct image_partition_entry entry = alloc_image_partition("support-list", len);
- memcpy(entry.data, support_list, len);
+static struct image_partition_entry make_support_list(const struct device_info *info) {
+ size_t len = strlen(info->support_list);
+ struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
+
+ put32(entry.data, len);
+ memset(entry.data+4, 0, 4);
+ memcpy(entry.data+8, info->support_list, len);
+ entry.data[len+8] = info->support_trail;
+
return entry;
}
/** Creates a new image partition with an arbitrary name from a file */
-struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof) {
+static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof) {
struct stat statbuf;
if (stat(filename, &statbuf) < 0)
I think partition-table must be the first partition in the firmware image.
*/
-void put_partitions(uint8_t *buffer, const struct image_partition_entry *parts) {
- size_t i;
+static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
+ size_t i, j;
char *image_pt = (char *)buffer, *end = image_pt + 0x800;
size_t base = 0x800;
for (i = 0; parts[i].name; i++) {
+ for (j = 0; flash_parts[j].name; j++) {
+ if (!strcmp(flash_parts[j].name, parts[i].name)) {
+ if (parts[i].size > flash_parts[j].size)
+ error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
+ break;
+ }
+ }
+
+ assert(flash_parts[j].name);
+
memcpy(buffer + base, parts[i].data, parts[i].size);
size_t len = end-image_pt;
base += parts[i].size;
}
-
- image_pt++;
-
- memset(image_pt, 0xff, end-image_pt);
}
/** Generates and writes the image MD5 checksum */
-void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
+static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
MD5_CTX ctx;
MD5_Init(&ctx);
----------- -----
0000-0003 Image size (4 bytes, big endian)
0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
- 0014-1013 Vendor information (4096 bytes, padded with 0xff; there seem to be older
+ 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
+ 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
(VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1014-1813 Image partition table (2048 bytes, padded with 0xff)
1814-xxxx Firmware partitions
*/
-void * generate_factory_image(const unsigned char *vendor, size_t vendor_len, const struct image_partition_entry *parts, size_t *len) {
+static void * generate_factory_image(const struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
*len = 0x1814;
size_t i;
if (!image)
error(1, errno, "malloc");
- image[0] = *len >> 24;
- image[1] = *len >> 16;
- image[2] = *len >> 8;
- image[3] = *len;
+ memset(image, 0xff, *len);
+ put32(image, *len);
- memcpy(image+0x14, vendor, vendor_len);
- memset(image+0x14+vendor_len, 0xff, 4096-vendor_len);
+ if (info->vendor) {
+ size_t vendor_len = strlen(info->vendor);
+ put32(image+0x14, vendor_len);
+ memcpy(image+0x18, info->vendor, vendor_len);
+ }
- put_partitions(image + 0x1014, parts);
+ put_partitions(image + 0x1014, info->partitions, parts);
put_md5(image+0x04, image+0x14, *len-0x14);
return image;
should be generalized when TP-LINK starts building its safeloader into hardware with
different flash layouts.
*/
-void * generate_sysupgrade_image(const struct flash_partition_entry *flash_parts, const struct image_partition_entry *image_parts, size_t *len) {
- const struct flash_partition_entry *flash_os_image = &flash_parts[5];
- const struct flash_partition_entry *flash_soft_version = &flash_parts[6];
- const struct flash_partition_entry *flash_support_list = &flash_parts[7];
- const struct flash_partition_entry *flash_file_system = &flash_parts[8];
-
- const struct image_partition_entry *image_os_image = &image_parts[3];
- const struct image_partition_entry *image_soft_version = &image_parts[1];
- const struct image_partition_entry *image_support_list = &image_parts[2];
- const struct image_partition_entry *image_file_system = &image_parts[4];
-
- assert(strcmp(flash_os_image->name, "os-image") == 0);
- assert(strcmp(flash_soft_version->name, "soft-version") == 0);
- assert(strcmp(flash_support_list->name, "support-list") == 0);
- assert(strcmp(flash_file_system->name, "file-system") == 0);
-
- assert(strcmp(image_os_image->name, "os-image") == 0);
- assert(strcmp(image_soft_version->name, "soft-version") == 0);
- assert(strcmp(image_support_list->name, "support-list") == 0);
- assert(strcmp(image_file_system->name, "file-system") == 0);
-
- if (image_os_image->size > flash_os_image->size)
- error(1, 0, "kernel image too big (more than %u bytes)", (unsigned)flash_os_image->size);
- if (image_file_system->size > flash_file_system->size)
- error(1, 0, "rootfs image too big (more than %u bytes)", (unsigned)flash_file_system->size);
-
- *len = flash_file_system->base - flash_os_image->base + image_file_system->size;
+static void * generate_sysupgrade_image(const struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
+ size_t i, j;
+ size_t flash_first_partition_index = 0;
+ size_t flash_last_partition_index = 0;
+ const struct flash_partition_entry *flash_first_partition = NULL;
+ const struct flash_partition_entry *flash_last_partition = NULL;
+ const struct image_partition_entry *image_last_partition = NULL;
+
+ /** Find first and last partitions */
+ for (i = 0; info->partitions[i].name; i++) {
+ if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
+ flash_first_partition = &info->partitions[i];
+ flash_first_partition_index = i;
+ } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
+ flash_last_partition = &info->partitions[i];
+ flash_last_partition_index = i;
+ }
+ }
+
+ assert(flash_first_partition && flash_last_partition);
+ assert(flash_first_partition_index < flash_last_partition_index);
+
+ /** Find last partition from image to calculate needed size */
+ for (i = 0; image_parts[i].name; i++) {
+ if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
+ image_last_partition = &image_parts[i];
+ break;
+ }
+ }
+
+ assert(image_last_partition);
+
+ *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
uint8_t *image = malloc(*len);
if (!image)
memset(image, 0xff, *len);
- memcpy(image, image_os_image->data, image_os_image->size);
- memcpy(image + flash_soft_version->base - flash_os_image->base, image_soft_version->data, image_soft_version->size);
- memcpy(image + flash_support_list->base - flash_os_image->base, image_support_list->data, image_support_list->size);
- memcpy(image + flash_file_system->base - flash_os_image->base, image_file_system->data, image_file_system->size);
+ for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
+ for (j = 0; image_parts[j].name; j++) {
+ if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
+ if (image_parts[j].size > info->partitions[i].size)
+ error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
+ memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
+ break;
+ }
+
+ assert(image_parts[j].name);
+ }
+ }
return image;
}
-
-/** Generates an image for CPE210/220/510/520 and writes it to a file */
-static void do_cpe510(const char *output, const char *kernel_image, const char *rootfs_image, uint32_t rev, bool add_jffs2_eof, bool sysupgrade) {
+/** Generates an image according to a given layout and writes it to a file */
+static void build_image(const char *output,
+ const char *kernel_image,
+ const char *rootfs_image,
+ uint32_t rev,
+ bool add_jffs2_eof,
+ bool sysupgrade,
+ const struct device_info *info) {
struct image_partition_entry parts[6] = {};
- parts[0] = make_partition_table(cpe510_partitions);
+ parts[0] = make_partition_table(info->partitions);
parts[1] = make_soft_version(rev);
- parts[2] = make_support_list(cpe510_support_list, sizeof(cpe510_support_list)-1);
+ parts[2] = make_support_list(info);
parts[3] = read_file("os-image", kernel_image, false);
parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof);
size_t len;
void *image;
if (sysupgrade)
- image = generate_sysupgrade_image(cpe510_partitions, parts, &len);
+ image = generate_sysupgrade_image(info, parts, &len);
else
- image = generate_factory_image(cpe510_vendor, sizeof(cpe510_vendor)-1, parts, &len);
+ image = generate_factory_image(info, parts, &len);
FILE *file = fopen(output, "wb");
if (!file)
free_image_partition(parts[i]);
}
-
/** Usage output */
-void usage(const char *argv0) {
+static void usage(const char *argv0) {
fprintf(stderr,
"Usage: %s [OPTIONS...]\n"
"\n"
};
+static const struct device_info *find_board(const char *id)
+{
+ struct device_info *board = NULL;
+
+ for (board = boards; board->id != NULL; board++)
+ if (strcasecmp(id, board->id) == 0)
+ return board;
+
+ return NULL;
+}
+
int main(int argc, char *argv[]) {
const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
bool add_jffs2_eof = false, sysupgrade = false;
unsigned rev = 0;
+ const struct device_info *info;
while (true) {
int c;
if (!output)
error(1, 0, "no output filename has been specified");
- if (strcmp(board, "CPE510") == 0)
- do_cpe510(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade);
- else
+ info = find_board(board);
+
+ if (info == NULL)
error(1, 0, "unsupported board %s", board);
+ build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
+
return 0;
}