#include <assert.h>
#include <errno.h>
-#include <error.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdint.h>
uint32_t size;
};
+struct device_info {
+ const char *vendor;
+ const char *support_list;
+ const struct flash_partition_entry *partitions;
+ void *(*generate_sysupgrade_image)(const struct flash_partition_entry *flash_parts, const struct image_partition_entry *image_parts, size_t *len);
+};
/** The content of the soft-version structure */
struct __attribute__((__packed__)) soft_version {
/** Vendor information for CPE210/220/510/520 */
-static const unsigned char cpe510_vendor[] = "\x00\x00\x00\x1f""CPE510(TP-LINK|UN|N300-5):1.0\r\n";
+static const char cpe510_vendor[] = "CPE510(TP-LINK|UN|N300-5):1.0\r\n";
+
+/** Vendor information for C2600 */
+static const char c2600_vendor[] = "";
+/** Vendor information for EAP120 */
+static const char eap120_vendor[] = "EAP120(TP-LINK|UN|N300-2):1.0\r\n";
/**
The flash partition table for CPE210/220/510/520;
};
/**
- The support list for CPE210/220/510/520
+ The flash partition table for C2600;
+ it is the same as the one used by the stock images.
+*/
+static const struct flash_partition_entry c2600_partitions[] = {
+ {"SBL1", 0x00000, 0x20000},
+ {"MIBIB", 0x20000, 0x20000},
+ {"SBL2", 0x40000, 0x20000},
+ {"SBL3", 0x60000, 0x30000},
+ {"DDRCONFIG", 0x90000, 0x10000},
+ {"SSD", 0xa0000, 0x10000},
+ {"TZ", 0xb0000, 0x30000},
+ {"RPM", 0xe0000, 0x20000},
+ {"fs-uboot", 0x100000, 0x70000},
+ {"uboot-env", 0x170000, 0x40000},
+ {"radio", 0x1b0000, 0x40000},
+ {"os-image", 0x1f0000, 0x200000},
+ {"file-system", 0x3f0000, 0x1b00000},
+ {"default-mac", 0x1ef0000, 0x00200},
+ {"pin", 0x1ef0200, 0x00200},
+ {"product-info", 0x1ef0400, 0x0fc00},
+ {"partition-table", 0x1f00000, 0x10000},
+ {"soft-version", 0x1f10000, 0x10000},
+ {"support-list", 0x1f20000, 0x10000},
+ {"profile", 0x1f30000, 0x10000},
+ {"default-config", 0x1f40000, 0x10000},
+ {"user-config", 0x1f50000, 0x40000},
+ {"qos-db", 0x1f90000, 0x40000},
+ {"usb-config", 0x1fd0000, 0x10000},
+ {"log", 0x1fe0000, 0x20000},
+ {NULL, 0, 0}
+};
+
+static const struct flash_partition_entry c5_partitions[] = {
+ {"fs-uboot", 0x00000, 0x40000},
+ {"os-image", 0x40000, 0x200000},
+ {"file-system", 0x240000, 0xc00000},
+ {"default-mac", 0xe40000, 0x00200},
+ {"pin", 0xe40200, 0x00200},
+ {"product-info", 0xe40400, 0x00200},
+ {"partition-table", 0xe50000, 0x10000},
+ {"soft-version", 0xe60000, 0x00200},
+ {"support-list", 0xe61000, 0x0f000},
+ {"profile", 0xe70000, 0x10000},
+ {"default-config", 0xe80000, 0x10000},
+ {"user-config", 0xe90000, 0x50000},
+ {"log", 0xee0000, 0x100000},
+ {"radio_bk", 0xfe0000, 0x10000},
+ {"radio", 0xff0000, 0x10000},
+ {NULL, 0, 0}
+};
+
+/** The flash partition table for EAP120;
+ it is the same as the one used by the stock images.
+*/
+static const struct flash_partition_entry eap120_partitions[] = {
+ {"fs-uboot", 0x00000, 0x20000},
+ {"partition-table", 0x20000, 0x02000},
+ {"default-mac", 0x30000, 0x00020},
+ {"support-list", 0x31000, 0x00100},
+ {"product-info", 0x31100, 0x00100},
+ {"soft-version", 0x32000, 0x00100},
+ {"os-image", 0x40000, 0x180000},
+ {"file-system", 0x1c0000, 0x600000},
+ {"user-config", 0x7c0000, 0x10000},
+ {"backup-config", 0x7d0000, 0x10000},
+ {"log", 0x7e0000, 0x10000},
+ {"radio", 0x7f0000, 0x10000},
+ {NULL, 0, 0}
+};
- The stock images also contain strings for two more devices: BS510 and BS210.
- At the moment, there exists no public information about these devices.
+/**
+ The support list for CPE210/220
*/
-static const unsigned char cpe510_support_list[] =
- "\x00\x00\x00\xc8\x00\x00\x00\x00"
+static const char cpe210_support_list[] =
"SupportList:\r\n"
- "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
- "CPE520(TP-LINK|UN|N300-5):1.0\r\n"
"CPE210(TP-LINK|UN|N300-2):1.0\r\n"
+ "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
"CPE220(TP-LINK|UN|N300-2):1.0\r\n"
- "\r\n\xff";
+ "CPE220(TP-LINK|UN|N300-2):1.1\r\n";
+/**
+ The support list for CPE210/220/510/520
+*/
+static const char cpe510_support_list[] =
+ "SupportList:\r\n"
+ "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
+ "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
+ "CPE520(TP-LINK|UN|N300-5):1.0\r\n"
+ "CPE520(TP-LINK|UN|N300-5):1.1\r\n";
+
+/**
+ The support list for C2600
+*/
+static const char c2600_support_list[] =
+ "SupportList:\r\n"
+ "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n";
+static const char c9_support_list[] =
+ "SupportList:\n"
+ "{product_name:ArcherC9,"
+ "product_ver:1.0.0,"
+ "special_id:00000000}\n";
+
+/**
+ The support list for EAP120
+*/
+static const char eap120_support_list[] =
+ "SupportList:\r\n"
+ "EAP120(TP-LINK|UN|N300-2):1.0\r\n";
+
+#define error(_ret, _errno, _str, ...) \
+ do { \
+ fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
+ strerror(_errno)); \
+ if (_ret) \
+ exit(_ret); \
+ } while (0)
+
+
+/** Stores a uint32 as big endian */
+static inline void put32(uint8_t *buf, uint32_t val) {
+ buf[0] = val >> 24;
+ buf[1] = val >> 16;
+ buf[2] = val >> 8;
+ buf[3] = val;
+}
/** Allocates a new image partition */
-struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
+static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
struct image_partition_entry entry = {name, len, malloc(len)};
if (!entry.data)
error(1, errno, "malloc");
}
/** Frees an image partition */
-void free_image_partition(struct image_partition_entry entry) {
+static void free_image_partition(struct image_partition_entry entry) {
free(entry.data);
}
/** Generates the partition-table partition */
-struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
+static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
char *s = (char *)entry.data, *end = (char *)(s+entry.size);
/** Generates the soft-version partition */
-struct image_partition_entry make_soft_version(uint32_t rev) {
+static struct image_partition_entry make_soft_version(uint32_t rev) {
struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
struct soft_version *s = (struct soft_version *)entry.data;
time_t t;
+
if (time(&t) == (time_t)(-1))
error(1, errno, "time");
}
/** Generates the support-list partition */
-struct image_partition_entry make_support_list(const unsigned char *support_list, size_t len) {
- struct image_partition_entry entry = alloc_image_partition("support-list", len);
- memcpy(entry.data, support_list, len);
+static struct image_partition_entry make_support_list(const char *support_list, bool trailzero) {
+ size_t len = strlen(support_list);
+ struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
+
+ put32(entry.data, len);
+ memset(entry.data+4, 0, 4);
+ memcpy(entry.data+8, support_list, len);
+ entry.data[len+8] = trailzero ? '\x00' : '\xff';
+
return entry;
}
/** Creates a new image partition with an arbitrary name from a file */
-struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof) {
+static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof) {
struct stat statbuf;
if (stat(filename, &statbuf) < 0)
I think partition-table must be the first partition in the firmware image.
*/
-void put_partitions(uint8_t *buffer, const struct image_partition_entry *parts) {
+static void put_partitions(uint8_t *buffer, const struct image_partition_entry *parts) {
size_t i;
char *image_pt = (char *)buffer, *end = image_pt + 0x800;
}
/** Generates and writes the image MD5 checksum */
-void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
+static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
MD5_CTX ctx;
MD5_Init(&ctx);
----------- -----
0000-0003 Image size (4 bytes, big endian)
0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
- 0014-1013 Vendor information (4096 bytes, padded with 0xff; there seem to be older
+ 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
+ 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
(VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1014-1813 Image partition table (2048 bytes, padded with 0xff)
1814-xxxx Firmware partitions
*/
-void * generate_factory_image(const unsigned char *vendor, size_t vendor_len, const struct image_partition_entry *parts, size_t *len) {
+static void * generate_factory_image(const char *vendor, const struct image_partition_entry *parts, size_t *len) {
*len = 0x1814;
size_t i;
if (!image)
error(1, errno, "malloc");
- image[0] = *len >> 24;
- image[1] = *len >> 16;
- image[2] = *len >> 8;
- image[3] = *len;
+ put32(image, *len);
- memcpy(image+0x14, vendor, vendor_len);
- memset(image+0x14+vendor_len, 0xff, 4096-vendor_len);
+ size_t vendor_len = strlen(vendor);
+ put32(image+0x14, vendor_len);
+ memcpy(image+0x18, vendor, vendor_len);
+ memset(image+0x18+vendor_len, 0xff, 4092-vendor_len);
put_partitions(image + 0x1014, parts);
put_md5(image+0x04, image+0x14, *len-0x14);
should be generalized when TP-LINK starts building its safeloader into hardware with
different flash layouts.
*/
-void * generate_sysupgrade_image(const struct flash_partition_entry *flash_parts, const struct image_partition_entry *image_parts, size_t *len) {
+static void * generate_sysupgrade_image(const struct flash_partition_entry *flash_parts, const struct image_partition_entry *image_parts, size_t *len) {
const struct flash_partition_entry *flash_os_image = &flash_parts[5];
const struct flash_partition_entry *flash_soft_version = &flash_parts[6];
const struct flash_partition_entry *flash_support_list = &flash_parts[7];
return image;
}
+static void * generate_sysupgrade_image_c2600(const struct flash_partition_entry *flash_parts, const struct image_partition_entry *image_parts, size_t *len) {
+ const struct flash_partition_entry *flash_os_image = &flash_parts[11];
+ const struct flash_partition_entry *flash_file_system = &flash_parts[12];
+
+ const struct image_partition_entry *image_os_image = &image_parts[3];
+ const struct image_partition_entry *image_file_system = &image_parts[4];
+
+ assert(strcmp(flash_os_image->name, "os-image") == 0);
+ assert(strcmp(flash_file_system->name, "file-system") == 0);
+
+ assert(strcmp(image_os_image->name, "os-image") == 0);
+ assert(strcmp(image_file_system->name, "file-system") == 0);
-/** Generates an image for CPE210/220/510/520 and writes it to a file */
-static void do_cpe510(const char *output, const char *kernel_image, const char *rootfs_image, uint32_t rev, bool add_jffs2_eof, bool sysupgrade) {
+ if (image_os_image->size > flash_os_image->size)
+ error(1, 0, "kernel image too big (more than %u bytes)", (unsigned)flash_os_image->size);
+ if (image_file_system->size > flash_file_system->size)
+ error(1, 0, "rootfs image too big (more than %u bytes)", (unsigned)flash_file_system->size);
+
+ *len = flash_file_system->base - flash_os_image->base + image_file_system->size;
+
+ uint8_t *image = malloc(*len);
+ if (!image)
+ error(1, errno, "malloc");
+
+ memset(image, 0xff, *len);
+
+ memcpy(image, image_os_image->data, image_os_image->size);
+ memcpy(image + flash_file_system->base - flash_os_image->base, image_file_system->data, image_file_system->size);
+
+ return image;
+}
+static void *generate_sysupgrade_image_eap120(const struct flash_partition_entry *flash_parts, const struct image_partition_entry *image_parts, size_t *len)
+{
+ const struct flash_partition_entry *flash_os_image = &flash_parts[6];
+ const struct flash_partition_entry *flash_file_system = &flash_parts[7];
+
+ const struct image_partition_entry *image_os_image = &image_parts[3];
+ const struct image_partition_entry *image_file_system = &image_parts[4];
+
+ assert(strcmp(flash_os_image->name, "os-image") == 0);
+ assert(strcmp(flash_file_system->name, "file-system") == 0);
+
+ assert(strcmp(image_os_image->name, "os-image") == 0);
+ assert(strcmp(image_file_system->name, "file-system") == 0);
+
+ if (image_os_image->size > flash_os_image->size)
+ error(1, 0, "kernel image too big (more than %u bytes)", (unsigned)flash_os_image->size);
+ if (image_file_system->size > flash_file_system->size)
+ error(1, 0, "rootfs image too big (more than %u bytes)", (unsigned)flash_file_system->size);
+
+ *len = flash_file_system->base - flash_os_image->base + image_file_system->size;
+
+ uint8_t *image = malloc(*len);
+ if (!image)
+ error(1, errno, "malloc");
+
+ memset(image, 0xff, *len);
+ memcpy(image, image_os_image->data, image_os_image->size);
+ memcpy(image + flash_file_system->base - flash_os_image->base, image_file_system->data, image_file_system->size);
+
+ return image;
+}
+
+struct device_info cpe210_info = {
+ .vendor = cpe510_vendor,
+ .support_list = cpe210_support_list,
+ .partitions = cpe510_partitions,
+ .generate_sysupgrade_image = &generate_sysupgrade_image,
+};
+
+struct device_info cpe510_info = {
+ .vendor = cpe510_vendor,
+ .support_list = cpe510_support_list,
+ .partitions = cpe510_partitions,
+ .generate_sysupgrade_image = &generate_sysupgrade_image,
+};
+
+struct device_info c2600_info = {
+ .vendor = c2600_vendor,
+ .support_list = c2600_support_list,
+ .partitions = c2600_partitions,
+ .generate_sysupgrade_image = &generate_sysupgrade_image_c2600,
+};
+
+struct device_info e9_info = {
+ .vendor = c2600_vendor,
+ .support_list = c9_support_list,
+ .partitions = c5_partitions,
+};
+
+struct device_info eap120_info = {
+ .vendor = eap120_vendor,
+ .support_list = eap120_support_list,
+ .partitions = eap120_partitions,
+ .generate_sysupgrade_image = &generate_sysupgrade_image_eap120,
+};
+
+static void build_image(const char *output,
+ const char *kernel_image,
+ const char *rootfs_image,
+ uint32_t rev,
+ bool add_jffs2_eof,
+ bool sysupgrade,
+ struct device_info *info) {
struct image_partition_entry parts[6] = {};
- parts[0] = make_partition_table(cpe510_partitions);
+ parts[0] = make_partition_table(info->partitions);
parts[1] = make_soft_version(rev);
- parts[2] = make_support_list(cpe510_support_list, sizeof(cpe510_support_list)-1);
+ parts[2] = make_support_list(info->support_list, false);
parts[3] = read_file("os-image", kernel_image, false);
parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof);
size_t len;
void *image;
if (sysupgrade)
- image = generate_sysupgrade_image(cpe510_partitions, parts, &len);
+ image = info->generate_sysupgrade_image(info->partitions, parts, &len);
else
- image = generate_factory_image(cpe510_vendor, sizeof(cpe510_vendor)-1, parts, &len);
+ image = generate_factory_image(info->vendor, parts, &len);
FILE *file = fopen(output, "wb");
if (!file)
free_image_partition(parts[i]);
}
-
/** Usage output */
-void usage(const char *argv0) {
+static void usage(const char *argv0) {
fprintf(stderr,
"Usage: %s [OPTIONS...]\n"
"\n"
const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
bool add_jffs2_eof = false, sysupgrade = false;
unsigned rev = 0;
+ struct device_info *info;
while (true) {
int c;
if (!output)
error(1, 0, "no output filename has been specified");
- if (strcmp(board, "CPE510") == 0)
- do_cpe510(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade);
+ if (strcmp(board, "CPE210") == 0)
+ info = &cpe210_info;
+ else if (strcmp(board, "CPE510") == 0)
+ info = &cpe510_info;
+ else if (strcmp(board, "C2600") == 0)
+ info = &c2600_info;
+ else if (strcmp(board, "EAP120") == 0)
+ info = &eap120_info;
+ else if (strcmp(board, "ARCHERC9") == 0)
+ info = &e9_info;
else
error(1, 0, "unsupported board %s", board);
+ build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
+
return 0;
}