projects / openwrt / openwrt.git / blob
? search:


15eaa830d6fed15f2b90933e253fd42832845601
[openwrt/openwrt.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <limits.h>
50
51 #include "md5.h"
52
53
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
55
56
57 #define MAX_PARTITIONS 32
58
59 /** An image partition table entry */
60 struct image_partition_entry {
61 const char *name;
62 size_t size;
63 uint8_t *data;
64 };
65
66 /** A flash partition table entry */
67 struct flash_partition_entry {
68 char *name;
69 uint32_t base;
70 uint32_t size;
71 };
72
73 /** Firmware layout description */
74 struct device_info {
75 const char *id;
76 const char *vendor;
77 const char *support_list;
78 char support_trail;
79 const char *soft_ver;
80 struct flash_partition_entry partitions[MAX_PARTITIONS+1];
81 const char *first_sysupgrade_partition;
82 const char *last_sysupgrade_partition;
83 };
84
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__)) soft_version {
87 uint32_t magic;
88 uint32_t zero;
89 uint8_t pad1;
90 uint8_t version_major;
91 uint8_t version_minor;
92 uint8_t version_patch;
93 uint8_t year_hi;
94 uint8_t year_lo;
95 uint8_t month;
96 uint8_t day;
97 uint32_t rev;
98 uint8_t pad2;
99 };
100
101
102 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
103
104
105 /**
106 Salt for the MD5 hash
107
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
110 */
111 static const uint8_t md5_salt[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
116 };
117
118
119 /** Firmware layout table */
120 static struct device_info boards[] = {
121 /** Firmware layout for the CPE210/220 */
122 {
123 .id = "CPE210",
124 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
125 .support_list =
126 "SupportList:\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail = '\xff',
135 .soft_ver = NULL,
136
137 .partitions = {
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
151 {NULL, 0, 0}
152 },
153
154 .first_sysupgrade_partition = "os-image",
155 .last_sysupgrade_partition = "support-list",
156 },
157
158 /** Firmware layout for the CPE210 V2 */
159 {
160 .id = "CPE210V2",
161 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
162 .support_list =
163 "SupportList:\r\n"
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail = '\xff',
175 .soft_ver = NULL,
176
177 .partitions = {
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"os-image", 0x40000, 0x1c0000},
186 {"file-system", 0x200000, 0x5b0000},
187 {"soft-version", 0x7b0000, 0x00100},
188 {"support-list", 0x7b1000, 0x01000},
189 {"user-config", 0x7c0000, 0x10000},
190 {"default-config", 0x7d0000, 0x10000},
191 {"log", 0x7e0000, 0x10000},
192 {"radio", 0x7f0000, 0x10000},
193 {NULL, 0, 0}
194 },
195
196 .first_sysupgrade_partition = "os-image",
197 .last_sysupgrade_partition = "support-list",
198 },
199
200 /** Firmware layout for the CPE510/520 */
201 {
202 .id = "CPE510",
203 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
204 .support_list =
205 "SupportList:\r\n"
206 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
207 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
208 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
209 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
210 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
211 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
212 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
213 "CPE520(TP-LINK|EU|N300-5):1.1\r\n",
214 .support_trail = '\xff',
215 .soft_ver = NULL,
216
217 .partitions = {
218 {"fs-uboot", 0x00000, 0x20000},
219 {"partition-table", 0x20000, 0x02000},
220 {"default-mac", 0x30000, 0x00020},
221 {"product-info", 0x31100, 0x00100},
222 {"signature", 0x32000, 0x00400},
223 {"os-image", 0x40000, 0x1c0000},
224 {"file-system", 0x200000, 0x5b0000},
225 {"soft-version", 0x7b0000, 0x00100},
226 {"support-list", 0x7b1000, 0x00400},
227 {"user-config", 0x7c0000, 0x10000},
228 {"default-config", 0x7d0000, 0x10000},
229 {"log", 0x7e0000, 0x10000},
230 {"radio", 0x7f0000, 0x10000},
231 {NULL, 0, 0}
232 },
233
234 .first_sysupgrade_partition = "os-image",
235 .last_sysupgrade_partition = "support-list",
236 },
237
238 {
239 .id = "WBS210",
240 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
241 .support_list =
242 "SupportList:\r\n"
243 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
244 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
245 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
246 .support_trail = '\xff',
247 .soft_ver = NULL,
248
249 .partitions = {
250 {"fs-uboot", 0x00000, 0x20000},
251 {"partition-table", 0x20000, 0x02000},
252 {"default-mac", 0x30000, 0x00020},
253 {"product-info", 0x31100, 0x00100},
254 {"signature", 0x32000, 0x00400},
255 {"os-image", 0x40000, 0x1c0000},
256 {"file-system", 0x200000, 0x5b0000},
257 {"soft-version", 0x7b0000, 0x00100},
258 {"support-list", 0x7b1000, 0x00400},
259 {"user-config", 0x7c0000, 0x10000},
260 {"default-config", 0x7d0000, 0x10000},
261 {"log", 0x7e0000, 0x10000},
262 {"radio", 0x7f0000, 0x10000},
263 {NULL, 0, 0}
264 },
265
266 .first_sysupgrade_partition = "os-image",
267 .last_sysupgrade_partition = "support-list",
268 },
269
270 {
271 .id = "WBS510",
272 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
273 .support_list =
274 "SupportList:\r\n"
275 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
276 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
277 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
278 .support_trail = '\xff',
279 .soft_ver = NULL,
280
281 .partitions = {
282 {"fs-uboot", 0x00000, 0x20000},
283 {"partition-table", 0x20000, 0x02000},
284 {"default-mac", 0x30000, 0x00020},
285 {"product-info", 0x31100, 0x00100},
286 {"signature", 0x32000, 0x00400},
287 {"os-image", 0x40000, 0x1c0000},
288 {"file-system", 0x200000, 0x5b0000},
289 {"soft-version", 0x7b0000, 0x00100},
290 {"support-list", 0x7b1000, 0x00400},
291 {"user-config", 0x7c0000, 0x10000},
292 {"default-config", 0x7d0000, 0x10000},
293 {"log", 0x7e0000, 0x10000},
294 {"radio", 0x7f0000, 0x10000},
295 {NULL, 0, 0}
296 },
297
298 .first_sysupgrade_partition = "os-image",
299 .last_sysupgrade_partition = "support-list",
300 },
301
302 /** Firmware layout for the C2600 */
303 {
304 .id = "C2600",
305 .vendor = "",
306 .support_list =
307 "SupportList:\r\n"
308 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
309 .support_trail = '\x00',
310 .soft_ver = NULL,
311
312 /**
313 We use a bigger os-image partition than the stock images (and thus
314 smaller file-system), as our kernel doesn't fit in the stock firmware's
315 2 MB os-image since kernel 4.14.
316 */
317 .partitions = {
318 {"SBL1", 0x00000, 0x20000},
319 {"MIBIB", 0x20000, 0x20000},
320 {"SBL2", 0x40000, 0x20000},
321 {"SBL3", 0x60000, 0x30000},
322 {"DDRCONFIG", 0x90000, 0x10000},
323 {"SSD", 0xa0000, 0x10000},
324 {"TZ", 0xb0000, 0x30000},
325 {"RPM", 0xe0000, 0x20000},
326 {"fs-uboot", 0x100000, 0x70000},
327 {"uboot-env", 0x170000, 0x40000},
328 {"radio", 0x1b0000, 0x40000},
329 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
330 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
331 {"default-mac", 0x1ef0000, 0x00200},
332 {"pin", 0x1ef0200, 0x00200},
333 {"product-info", 0x1ef0400, 0x0fc00},
334 {"partition-table", 0x1f00000, 0x10000},
335 {"soft-version", 0x1f10000, 0x10000},
336 {"support-list", 0x1f20000, 0x10000},
337 {"profile", 0x1f30000, 0x10000},
338 {"default-config", 0x1f40000, 0x10000},
339 {"user-config", 0x1f50000, 0x40000},
340 {"qos-db", 0x1f90000, 0x40000},
341 {"usb-config", 0x1fd0000, 0x10000},
342 {"log", 0x1fe0000, 0x20000},
343 {NULL, 0, 0}
344 },
345
346 .first_sysupgrade_partition = "os-image",
347 .last_sysupgrade_partition = "file-system"
348 },
349
350 /** Firmware layout for the C25v1 */
351 {
352 .id = "ARCHER-C25-V1",
353 .support_list =
354 "SupportList:\n"
355 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
356 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
357 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
358 .support_trail = '\x00',
359 .soft_ver = "soft_ver:1.0.0\n",
360
361 /**
362 We use a bigger os-image partition than the stock images (and thus
363 smaller file-system), as our kernel doesn't fit in the stock firmware's
364 1MB os-image.
365 */
366 .partitions = {
367 {"factory-boot", 0x00000, 0x20000},
368 {"fs-uboot", 0x20000, 0x10000},
369 {"os-image", 0x30000, 0x180000}, /* Stock: base 0x30000 size 0x100000 */
370 {"file-system", 0x1b0000, 0x620000}, /* Stock: base 0x130000 size 0x6a0000 */
371 {"user-config", 0x7d0000, 0x04000},
372 {"default-mac", 0x7e0000, 0x00100},
373 {"device-id", 0x7e0100, 0x00100},
374 {"extra-para", 0x7e0200, 0x00100},
375 {"pin", 0x7e0300, 0x00100},
376 {"support-list", 0x7e0400, 0x00400},
377 {"soft-version", 0x7e0800, 0x00400},
378 {"product-info", 0x7e0c00, 0x01400},
379 {"partition-table", 0x7e2000, 0x01000},
380 {"profile", 0x7e3000, 0x01000},
381 {"default-config", 0x7e4000, 0x04000},
382 {"merge-config", 0x7ec000, 0x02000},
383 {"qos-db", 0x7ee000, 0x02000},
384 {"radio", 0x7f0000, 0x10000},
385 {NULL, 0, 0}
386 },
387
388 .first_sysupgrade_partition = "os-image",
389 .last_sysupgrade_partition = "file-system",
390 },
391
392 /** Firmware layout for the C58v1 */
393 {
394 .id = "ARCHER-C58-V1",
395 .vendor = "",
396 .support_list =
397 "SupportList:\r\n"
398 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
399 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
400 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
401 .support_trail = '\x00',
402 .soft_ver = "soft_ver:1.0.0\n",
403
404 .partitions = {
405 {"fs-uboot", 0x00000, 0x10000},
406 {"default-mac", 0x10000, 0x00200},
407 {"pin", 0x10200, 0x00200},
408 {"product-info", 0x10400, 0x00100},
409 {"partition-table", 0x10500, 0x00800},
410 {"soft-version", 0x11300, 0x00200},
411 {"support-list", 0x11500, 0x00100},
412 {"device-id", 0x11600, 0x00100},
413 {"profile", 0x11700, 0x03900},
414 {"default-config", 0x15000, 0x04000},
415 {"user-config", 0x19000, 0x04000},
416 {"os-image", 0x20000, 0x180000},
417 {"file-system", 0x1a0000, 0x648000},
418 {"certyficate", 0x7e8000, 0x08000},
419 {"radio", 0x7f0000, 0x10000},
420 {NULL, 0, 0}
421 },
422
423 .first_sysupgrade_partition = "os-image",
424 .last_sysupgrade_partition = "file-system",
425 },
426
427 /** Firmware layout for the C59v1 */
428 {
429 .id = "ARCHER-C59-V1",
430 .vendor = "",
431 .support_list =
432 "SupportList:\r\n"
433 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
434 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
435 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
436 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
437 .support_trail = '\x00',
438 .soft_ver = "soft_ver:1.0.0\n",
439
440 .partitions = {
441 {"fs-uboot", 0x00000, 0x10000},
442 {"default-mac", 0x10000, 0x00200},
443 {"pin", 0x10200, 0x00200},
444 {"device-id", 0x10400, 0x00100},
445 {"product-info", 0x10500, 0x0fb00},
446 {"os-image", 0x20000, 0x180000},
447 {"file-system", 0x1a0000, 0xcb0000},
448 {"partition-table", 0xe50000, 0x10000},
449 {"soft-version", 0xe60000, 0x10000},
450 {"support-list", 0xe70000, 0x10000},
451 {"profile", 0xe80000, 0x10000},
452 {"default-config", 0xe90000, 0x10000},
453 {"user-config", 0xea0000, 0x40000},
454 {"usb-config", 0xee0000, 0x10000},
455 {"certificate", 0xef0000, 0x10000},
456 {"qos-db", 0xf00000, 0x40000},
457 {"log", 0xfe0000, 0x10000},
458 {"radio", 0xff0000, 0x10000},
459 {NULL, 0, 0}
460 },
461
462 .first_sysupgrade_partition = "os-image",
463 .last_sysupgrade_partition = "file-system",
464 },
465
466 /** Firmware layout for the C59v2 */
467 {
468 .id = "ARCHER-C59-V2",
469 .vendor = "",
470 .support_list =
471 "SupportList:\r\n"
472 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
473 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
474 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
475 .support_trail = '\x00',
476 .soft_ver = "soft_ver:2.0.0 Build 20161206 rel.7303\n",
477
478 /** We're using a dynamic kernel/rootfs split here */
479 .partitions = {
480 {"factory-boot", 0x00000, 0x20000},
481 {"fs-uboot", 0x20000, 0x10000},
482 {"default-mac", 0x30000, 0x00200},
483 {"pin", 0x30200, 0x00200},
484 {"device-id", 0x30400, 0x00100},
485 {"product-info", 0x30500, 0x0fb00},
486 {"firmware", 0x40000, 0xe10000},
487 {"partition-table", 0xe50000, 0x10000},
488 {"soft-version", 0xe60000, 0x10000},
489 {"support-list", 0xe70000, 0x10000},
490 {"profile", 0xe80000, 0x10000},
491 {"default-config", 0xe90000, 0x10000},
492 {"user-config", 0xea0000, 0x40000},
493 {"usb-config", 0xee0000, 0x10000},
494 {"certificate", 0xef0000, 0x10000},
495 {"extra-para", 0xf00000, 0x10000},
496 {"qos-db", 0xf10000, 0x30000},
497 {"log", 0xfe0000, 0x10000},
498 {"radio", 0xff0000, 0x10000},
499 {NULL, 0, 0}
500 },
501
502 .first_sysupgrade_partition = "os-image",
503 .last_sysupgrade_partition = "file-system",
504 },
505
506 /** Firmware layout for the C60v1 */
507 {
508 .id = "ARCHER-C60-V1",
509 .vendor = "",
510 .support_list =
511 "SupportList:\r\n"
512 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
513 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
514 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
515 .support_trail = '\x00',
516 .soft_ver = "soft_ver:1.0.0\n",
517
518 .partitions = {
519 {"fs-uboot", 0x00000, 0x10000},
520 {"default-mac", 0x10000, 0x00200},
521 {"pin", 0x10200, 0x00200},
522 {"product-info", 0x10400, 0x00100},
523 {"partition-table", 0x10500, 0x00800},
524 {"soft-version", 0x11300, 0x00200},
525 {"support-list", 0x11500, 0x00100},
526 {"device-id", 0x11600, 0x00100},
527 {"profile", 0x11700, 0x03900},
528 {"default-config", 0x15000, 0x04000},
529 {"user-config", 0x19000, 0x04000},
530 {"os-image", 0x20000, 0x180000},
531 {"file-system", 0x1a0000, 0x648000},
532 {"certyficate", 0x7e8000, 0x08000},
533 {"radio", 0x7f0000, 0x10000},
534 {NULL, 0, 0}
535 },
536
537 .first_sysupgrade_partition = "os-image",
538 .last_sysupgrade_partition = "file-system",
539 },
540
541 /** Firmware layout for the C60v2 */
542 {
543 .id = "ARCHER-C60-V2",
544 .vendor = "",
545 .support_list =
546 "SupportList:\r\n"
547 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
548 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
549 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
550 .support_trail = '\x00',
551 .soft_ver = "soft_ver:2.0.0\n",
552
553 .partitions = {
554 {"factory-boot", 0x00000, 0x1fb00},
555 {"default-mac", 0x1fb00, 0x00200},
556 {"pin", 0x1fd00, 0x00100},
557 {"product-info", 0x1fe00, 0x00100},
558 {"device-id", 0x1ff00, 0x00100},
559 {"fs-uboot", 0x20000, 0x10000},
560 {"os-image", 0x30000, 0x180000},
561 {"file-system", 0x1b0000, 0x620000},
562 {"soft-version", 0x7d9500, 0x00100},
563 {"support-list", 0x7d9600, 0x00100},
564 {"extra-para", 0x7d9700, 0x00100},
565 {"profile", 0x7d9800, 0x03000},
566 {"default-config", 0x7dc800, 0x03000},
567 {"partition-table", 0x7df800, 0x00800},
568 {"user-config", 0x7e0000, 0x0c000},
569 {"certificate", 0x7ec000, 0x04000},
570 {"radio", 0x7f0000, 0x10000},
571 {NULL, 0, 0}
572 },
573
574 .first_sysupgrade_partition = "os-image",
575 .last_sysupgrade_partition = "file-system",
576 },
577
578 /** Firmware layout for the C5 */
579 {
580 .id = "ARCHER-C5-V2",
581 .vendor = "",
582 .support_list =
583 "SupportList:\r\n"
584 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
585 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
586 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
587 .support_trail = '\x00',
588 .soft_ver = NULL,
589
590 .partitions = {
591 {"fs-uboot", 0x00000, 0x40000},
592 {"os-image", 0x40000, 0x200000},
593 {"file-system", 0x240000, 0xc00000},
594 {"default-mac", 0xe40000, 0x00200},
595 {"pin", 0xe40200, 0x00200},
596 {"product-info", 0xe40400, 0x00200},
597 {"partition-table", 0xe50000, 0x10000},
598 {"soft-version", 0xe60000, 0x00200},
599 {"support-list", 0xe61000, 0x0f000},
600 {"profile", 0xe70000, 0x10000},
601 {"default-config", 0xe80000, 0x10000},
602 {"user-config", 0xe90000, 0x50000},
603 {"log", 0xee0000, 0x100000},
604 {"radio_bk", 0xfe0000, 0x10000},
605 {"radio", 0xff0000, 0x10000},
606 {NULL, 0, 0}
607 },
608
609 .first_sysupgrade_partition = "os-image",
610 .last_sysupgrade_partition = "file-system"
611 },
612
613 /** Firmware layout for the C7 */
614 {
615 .id = "ARCHER-C7-V4",
616 .support_list =
617 "SupportList:\n"
618 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
619 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
620 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
621 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
622 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
623 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
624 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
625 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
626 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
627 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
628 .support_trail = '\x00',
629 .soft_ver = "soft_ver:1.0.0\n",
630
631 /**
632 We use a bigger os-image partition than the stock images (and thus
633 smaller file-system), as our kernel doesn't fit in the stock firmware's
634 1MB os-image.
635 */
636 .partitions = {
637 {"factory-boot", 0x00000, 0x20000},
638 {"fs-uboot", 0x20000, 0x20000},
639 {"os-image", 0x40000, 0x180000}, /* Stock: base 0x40000 size 0x120000 */
640 {"file-system", 0x1c0000, 0xd40000}, /* Stock: base 0x160000 size 0xda0000 */
641 {"default-mac", 0xf00000, 0x00200},
642 {"pin", 0xf00200, 0x00200},
643 {"device-id", 0xf00400, 0x00100},
644 {"product-info", 0xf00500, 0x0fb00},
645 {"soft-version", 0xf10000, 0x00100},
646 {"extra-para", 0xf11000, 0x01000},
647 {"support-list", 0xf12000, 0x0a000},
648 {"profile", 0xf1c000, 0x04000},
649 {"default-config", 0xf20000, 0x10000},
650 {"user-config", 0xf30000, 0x40000},
651 {"qos-db", 0xf70000, 0x40000},
652 {"certificate", 0xfb0000, 0x10000},
653 {"partition-table", 0xfc0000, 0x10000},
654 {"log", 0xfd0000, 0x20000},
655 {"radio", 0xff0000, 0x10000},
656 {NULL, 0, 0}
657 },
658
659 .first_sysupgrade_partition = "os-image",
660 .last_sysupgrade_partition = "file-system",
661 },
662
663 /** Firmware layout for the C7 v5*/
664 {
665 .id = "ARCHER-C7-V5",
666 .support_list =
667 "SupportList:\n"
668 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
669 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n",
670
671 .support_trail = '\x00',
672 .soft_ver = "soft_ver:1.0.0\n",
673
674 /**
675 We use a bigger os-image partition than the stock images (and thus
676 smaller file-system), as our kernel doesn't fit in the stock firmware's
677 1MB os-image.
678 */
679 .partitions = {
680 {"factory-boot", 0x00000, 0x20000},
681 {"fs-uboot", 0x20000, 0x20000},
682 {"partition-table", 0x40000, 0x10000},
683 {"radio", 0x50000, 0x10000},
684 {"default-mac", 0x60000, 0x00200},
685 {"pin", 0x60200, 0x00200},
686 {"device-id", 0x60400, 0x00100},
687 {"product-info", 0x60500, 0x0fb00},
688 {"soft-version", 0x70000, 0x01000},
689 {"extra-para", 0x71000, 0x01000},
690 {"support-list", 0x72000, 0x0a000},
691 {"profile", 0x7c000, 0x04000},
692 {"user-config", 0x80000, 0x40000},
693
694
695 {"os-image", 0xc0000, 0x180000}, /* Stock: base 0xc0000 size 0x120000 */
696 {"file-system", 0x240000, 0xd80000}, /* Stock: base 0x1e0000 size 0xde0000 */
697
698 {"log", 0xfc0000, 0x20000},
699 {"certificate", 0xfe0000, 0x10000},
700 {"default-config", 0xff0000, 0x10000},
701 {NULL, 0, 0}
702
703 },
704
705 .first_sysupgrade_partition = "os-image",
706 .last_sysupgrade_partition = "file-system",
707 },
708
709 /** Firmware layout for the C9 */
710 {
711 .id = "ARCHERC9",
712 .vendor = "",
713 .support_list =
714 "SupportList:\n"
715 "{product_name:ArcherC9,"
716 "product_ver:1.0.0,"
717 "special_id:00000000}\n",
718 .support_trail = '\x00',
719 .soft_ver = NULL,
720
721 .partitions = {
722 {"fs-uboot", 0x00000, 0x40000},
723 {"os-image", 0x40000, 0x200000},
724 {"file-system", 0x240000, 0xc00000},
725 {"default-mac", 0xe40000, 0x00200},
726 {"pin", 0xe40200, 0x00200},
727 {"product-info", 0xe40400, 0x00200},
728 {"partition-table", 0xe50000, 0x10000},
729 {"soft-version", 0xe60000, 0x00200},
730 {"support-list", 0xe61000, 0x0f000},
731 {"profile", 0xe70000, 0x10000},
732 {"default-config", 0xe80000, 0x10000},
733 {"user-config", 0xe90000, 0x50000},
734 {"log", 0xee0000, 0x100000},
735 {"radio_bk", 0xfe0000, 0x10000},
736 {"radio", 0xff0000, 0x10000},
737 {NULL, 0, 0}
738 },
739
740 .first_sysupgrade_partition = "os-image",
741 .last_sysupgrade_partition = "file-system"
742 },
743
744 /** Firmware layout for the EAP120 */
745 {
746 .id = "EAP120",
747 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
748 .support_list =
749 "SupportList:\r\n"
750 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
751 .support_trail = '\xff',
752 .soft_ver = NULL,
753
754 .partitions = {
755 {"fs-uboot", 0x00000, 0x20000},
756 {"partition-table", 0x20000, 0x02000},
757 {"default-mac", 0x30000, 0x00020},
758 {"support-list", 0x31000, 0x00100},
759 {"product-info", 0x31100, 0x00100},
760 {"soft-version", 0x32000, 0x00100},
761 {"os-image", 0x40000, 0x180000},
762 {"file-system", 0x1c0000, 0x600000},
763 {"user-config", 0x7c0000, 0x10000},
764 {"backup-config", 0x7d0000, 0x10000},
765 {"log", 0x7e0000, 0x10000},
766 {"radio", 0x7f0000, 0x10000},
767 {NULL, 0, 0}
768 },
769
770 .first_sysupgrade_partition = "os-image",
771 .last_sysupgrade_partition = "file-system"
772 },
773
774 /** Firmware layout for the TL-WA850RE v2 */
775 {
776 .id = "TLWA850REV2",
777 .vendor = "",
778 .support_list =
779 "SupportList:\n"
780 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
781 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
782 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
783 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
784 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
785 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
786 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
787 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
788 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
789 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
790 .support_trail = '\x00',
791 .soft_ver = NULL,
792
793 /**
794 576KB were moved from file-system to os-image
795 in comparison to the stock image
796 */
797 .partitions = {
798 {"fs-uboot", 0x00000, 0x20000},
799 {"os-image", 0x20000, 0x150000},
800 {"file-system", 0x170000, 0x240000},
801 {"partition-table", 0x3b0000, 0x02000},
802 {"default-mac", 0x3c0000, 0x00020},
803 {"pin", 0x3c0100, 0x00020},
804 {"product-info", 0x3c1000, 0x01000},
805 {"soft-version", 0x3c2000, 0x00100},
806 {"support-list", 0x3c3000, 0x01000},
807 {"profile", 0x3c4000, 0x08000},
808 {"user-config", 0x3d0000, 0x10000},
809 {"default-config", 0x3e0000, 0x10000},
810 {"radio", 0x3f0000, 0x10000},
811 {NULL, 0, 0}
812 },
813
814 .first_sysupgrade_partition = "os-image",
815 .last_sysupgrade_partition = "file-system"
816 },
817
818 /** Firmware layout for the TL-WA855RE v1 */
819 {
820 .id = "TLWA855REV1",
821 .vendor = "",
822 .support_list =
823 "SupportList:\n"
824 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
825 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
826 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
827 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
828 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
829 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
830 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
831 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
832 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
833 .support_trail = '\x00',
834 .soft_ver = NULL,
835
836 .partitions = {
837 {"fs-uboot", 0x00000, 0x20000},
838 {"os-image", 0x20000, 0x150000},
839 {"file-system", 0x170000, 0x240000},
840 {"partition-table", 0x3b0000, 0x02000},
841 {"default-mac", 0x3c0000, 0x00020},
842 {"pin", 0x3c0100, 0x00020},
843 {"product-info", 0x3c1000, 0x01000},
844 {"soft-version", 0x3c2000, 0x00100},
845 {"support-list", 0x3c3000, 0x01000},
846 {"profile", 0x3c4000, 0x08000},
847 {"user-config", 0x3d0000, 0x10000},
848 {"default-config", 0x3e0000, 0x10000},
849 {"radio", 0x3f0000, 0x10000},
850 {NULL, 0, 0}
851 },
852
853 .first_sysupgrade_partition = "os-image",
854 .last_sysupgrade_partition = "file-system"
855 },
856
857 /** Firmware layout for the TL-WR1043 v5 */
858 {
859 .id = "TLWR1043NV5",
860 .vendor = "",
861 .support_list =
862 "SupportList:\n"
863 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
864 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
865 .support_trail = '\x00',
866 .soft_ver = "soft_ver:1.0.0\n",
867 .partitions = {
868 {"factory-boot", 0x00000, 0x20000},
869 {"fs-uboot", 0x20000, 0x20000},
870 {"os-image", 0x40000, 0x180000},
871 {"file-system", 0x1c0000, 0xd40000},
872 {"default-mac", 0xf00000, 0x00200},
873 {"pin", 0xf00200, 0x00200},
874 {"device-id", 0xf00400, 0x00100},
875 {"product-info", 0xf00500, 0x0fb00},
876 {"soft-version", 0xf10000, 0x01000},
877 {"extra-para", 0xf11000, 0x01000},
878 {"support-list", 0xf12000, 0x0a000},
879 {"profile", 0xf1c000, 0x04000},
880 {"default-config", 0xf20000, 0x10000},
881 {"user-config", 0xf30000, 0x40000},
882 {"qos-db", 0xf70000, 0x40000},
883 {"certificate", 0xfb0000, 0x10000},
884 {"partition-table", 0xfc0000, 0x10000},
885 {"log", 0xfd0000, 0x20000},
886 {"radio", 0xff0000, 0x10000},
887 {NULL, 0, 0}
888 },
889 .first_sysupgrade_partition = "os-image",
890 .last_sysupgrade_partition = "file-system"
891 },
892
893 /** Firmware layout for the TL-WR1043 v4 */
894 {
895 .id = "TLWR1043NDV4",
896 .vendor = "",
897 .support_list =
898 "SupportList:\n"
899 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
900 .support_trail = '\x00',
901 .soft_ver = NULL,
902
903 /* We're using a dynamic kernel/rootfs split here */
904 .partitions = {
905 {"fs-uboot", 0x00000, 0x20000},
906 {"firmware", 0x20000, 0xf30000},
907 {"default-mac", 0xf50000, 0x00200},
908 {"pin", 0xf50200, 0x00200},
909 {"product-info", 0xf50400, 0x0fc00},
910 {"soft-version", 0xf60000, 0x0b000},
911 {"support-list", 0xf6b000, 0x04000},
912 {"profile", 0xf70000, 0x04000},
913 {"default-config", 0xf74000, 0x0b000},
914 {"user-config", 0xf80000, 0x40000},
915 {"partition-table", 0xfc0000, 0x10000},
916 {"log", 0xfd0000, 0x20000},
917 {"radio", 0xff0000, 0x10000},
918 {NULL, 0, 0}
919 },
920
921 .first_sysupgrade_partition = "os-image",
922 .last_sysupgrade_partition = "file-system"
923 },
924
925 /** Firmware layout for the TL-WR902AC v1 */
926 {
927 .id = "TL-WR902AC-V1",
928 .vendor = "",
929 .support_list =
930 "SupportList:\n"
931 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
932 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
933 .support_trail = '\x00',
934 .soft_ver = NULL,
935
936 /**
937 384KB were moved from file-system to os-image
938 in comparison to the stock image
939 */
940 .partitions = {
941 {"fs-uboot", 0x00000, 0x20000},
942 {"os-image", 0x20000, 0x180000},
943 {"file-system", 0x1a0000, 0x5b0000},
944 {"default-mac", 0x750000, 0x00200},
945 {"pin", 0x750200, 0x00200},
946 {"product-info", 0x750400, 0x0fc00},
947 {"soft-version", 0x760000, 0x0b000},
948 {"support-list", 0x76b000, 0x04000},
949 {"profile", 0x770000, 0x04000},
950 {"default-config", 0x774000, 0x0b000},
951 {"user-config", 0x780000, 0x40000},
952 {"partition-table", 0x7c0000, 0x10000},
953 {"log", 0x7d0000, 0x20000},
954 {"radio", 0x7f0000, 0x10000},
955 {NULL, 0, 0}
956 },
957
958 .first_sysupgrade_partition = "os-image",
959 .last_sysupgrade_partition = "file-system",
960 },
961
962 /** Firmware layout for the TL-WR942N V1 */
963 {
964 .id = "TLWR942NV1",
965 .vendor = "",
966 .support_list =
967 "SupportList:\r\n"
968 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
969 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
970 .support_trail = '\x00',
971 .soft_ver = NULL,
972
973 .partitions = {
974 {"fs-uboot", 0x00000, 0x20000},
975 {"os-image", 0x20000, 0x180000},
976 {"file-system", 0x1a0000, 0xca0000},
977 {"default-mac", 0xe40000, 0x00200},
978 {"pin", 0xe40200, 0x00200},
979 {"product-info", 0xe40400, 0x0fc00},
980 {"partition-table", 0xe50000, 0x10000},
981 {"soft-version", 0xe60000, 0x10000},
982 {"support-list", 0xe70000, 0x10000},
983 {"profile", 0xe80000, 0x10000},
984 {"default-config", 0xe90000, 0x10000},
985 {"user-config", 0xea0000, 0x40000},
986 {"qos-db", 0xee0000, 0x40000},
987 {"certificate", 0xf20000, 0x10000},
988 {"usb-config", 0xfb0000, 0x10000},
989 {"log", 0xfc0000, 0x20000},
990 {"radio-bk", 0xfe0000, 0x10000},
991 {"radio", 0xff0000, 0x10000},
992 {NULL, 0, 0}
993 },
994
995 .first_sysupgrade_partition = "os-image",
996 .last_sysupgrade_partition = "file-system",
997 },
998
999 /** Firmware layout for the RE350 v1 */
1000 {
1001 .id = "RE350-V1",
1002 .vendor = "",
1003 .support_list =
1004 "SupportList:\n"
1005 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1006 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1007 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1008 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1009 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1010 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1011 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1012 .support_trail = '\x00',
1013 .soft_ver = NULL,
1014
1015 /** We're using a dynamic kernel/rootfs split here */
1016 .partitions = {
1017 {"fs-uboot", 0x00000, 0x20000},
1018 {"firmware", 0x20000, 0x5e0000},
1019 {"partition-table", 0x600000, 0x02000},
1020 {"default-mac", 0x610000, 0x00020},
1021 {"pin", 0x610100, 0x00020},
1022 {"product-info", 0x611100, 0x01000},
1023 {"soft-version", 0x620000, 0x01000},
1024 {"support-list", 0x621000, 0x01000},
1025 {"profile", 0x622000, 0x08000},
1026 {"user-config", 0x630000, 0x10000},
1027 {"default-config", 0x640000, 0x10000},
1028 {"radio", 0x7f0000, 0x10000},
1029 {NULL, 0, 0}
1030 },
1031
1032 .first_sysupgrade_partition = "os-image",
1033 .last_sysupgrade_partition = "file-system"
1034 },
1035
1036 /** Firmware layout for the RE355 */
1037 {
1038 .id = "RE355",
1039 .vendor = "",
1040 .support_list =
1041 "SupportList:\r\n"
1042 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1043 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1044 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1045 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1046 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1047 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1048 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1049 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1050 .support_trail = '\x00',
1051 .soft_ver = NULL,
1052
1053 /**
1054 The flash partition table for RE355;
1055 it is almost the same as the one used by the stock images,
1056 576KB were moved from file-system to os-image.
1057 */
1058 .partitions = {
1059 {"fs-uboot", 0x00000, 0x20000},
1060 {"os-image", 0x20000, 0x180000},
1061 {"file-system", 0x1a0000, 0x460000},
1062 {"partition-table", 0x600000, 0x02000},
1063 {"default-mac", 0x610000, 0x00020},
1064 {"pin", 0x610100, 0x00020},
1065 {"product-info", 0x611100, 0x01000},
1066 {"soft-version", 0x620000, 0x01000},
1067 {"support-list", 0x621000, 0x01000},
1068 {"profile", 0x622000, 0x08000},
1069 {"user-config", 0x630000, 0x10000},
1070 {"default-config", 0x640000, 0x10000},
1071 {"radio", 0x7f0000, 0x10000},
1072 {NULL, 0, 0}
1073 },
1074
1075 .first_sysupgrade_partition = "os-image",
1076 .last_sysupgrade_partition = "file-system"
1077 },
1078
1079 /** Firmware layout for the RE450 */
1080 {
1081 .id = "RE450",
1082 .vendor = "",
1083 .support_list =
1084 "SupportList:\r\n"
1085 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1086 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1087 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1088 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1089 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1090 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1091 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1092 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1093 .support_trail = '\x00',
1094 .soft_ver = NULL,
1095
1096 /**
1097 The flash partition table for RE450;
1098 it is almost the same as the one used by the stock images,
1099 576KB were moved from file-system to os-image.
1100 */
1101 .partitions = {
1102 {"fs-uboot", 0x00000, 0x20000},
1103 {"os-image", 0x20000, 0x180000},
1104 {"file-system", 0x1a0000, 0x460000},
1105 {"partition-table", 0x600000, 0x02000},
1106 {"default-mac", 0x610000, 0x00020},
1107 {"pin", 0x610100, 0x00020},
1108 {"product-info", 0x611100, 0x01000},
1109 {"soft-version", 0x620000, 0x01000},
1110 {"support-list", 0x621000, 0x01000},
1111 {"profile", 0x622000, 0x08000},
1112 {"user-config", 0x630000, 0x10000},
1113 {"default-config", 0x640000, 0x10000},
1114 {"radio", 0x7f0000, 0x10000},
1115 {NULL, 0, 0}
1116 },
1117
1118 .first_sysupgrade_partition = "os-image",
1119 .last_sysupgrade_partition = "file-system"
1120 },
1121
1122 /** Firmware layout for the RE450 v2 */
1123 {
1124 .id = "RE450-V2",
1125 .vendor = "",
1126 .support_list =
1127 "SupportList:\r\n"
1128 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1129 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1130 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1131 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1132 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1133 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1134 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1135 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1136 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1137 .support_trail = '\x00',
1138 .soft_ver = NULL,
1139
1140 /* We're using a dynamic kernel/rootfs split here */
1141 .partitions = {
1142 {"fs-uboot", 0x00000, 0x20000},
1143 {"firmware", 0x20000, 0x5e0000},
1144 {"partition-table", 0x600000, 0x02000},
1145 {"default-mac", 0x610000, 0x00020},
1146 {"pin", 0x610100, 0x00020},
1147 {"product-info", 0x611100, 0x01000},
1148 {"soft-version", 0x620000, 0x01000},
1149 {"support-list", 0x621000, 0x01000},
1150 {"profile", 0x622000, 0x08000},
1151 {"user-config", 0x630000, 0x10000},
1152 {"default-config", 0x640000, 0x10000},
1153 {"radio", 0x7f0000, 0x10000},
1154
1155 {NULL, 0, 0}
1156 },
1157
1158 .first_sysupgrade_partition = "os-image",
1159 .last_sysupgrade_partition = "file-system"
1160 },
1161
1162 {}
1163 };
1164
1165 #define error(_ret, _errno, _str, ...) \
1166 do { \
1167 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1168 strerror(_errno)); \
1169 if (_ret) \
1170 exit(_ret); \
1171 } while (0)
1172
1173
1174 /** Stores a uint32 as big endian */
1175 static inline void put32(uint8_t *buf, uint32_t val) {
1176 buf[0] = val >> 24;
1177 buf[1] = val >> 16;
1178 buf[2] = val >> 8;
1179 buf[3] = val;
1180 }
1181
1182 /** Allocates a new image partition */
1183 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
1184 struct image_partition_entry entry = {name, len, malloc(len)};
1185 if (!entry.data)
1186 error(1, errno, "malloc");
1187
1188 return entry;
1189 }
1190
1191 /** Frees an image partition */
1192 static void free_image_partition(struct image_partition_entry entry) {
1193 free(entry.data);
1194 }
1195
1196 static time_t source_date_epoch = -1;
1197 static void set_source_date_epoch() {
1198 char *env = getenv("SOURCE_DATE_EPOCH");
1199 char *endptr = env;
1200 errno = 0;
1201 if (env && *env) {
1202 source_date_epoch = strtoull(env, &endptr, 10);
1203 if (errno || (endptr && *endptr != '\0')) {
1204 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1205 exit(1);
1206 }
1207 }
1208 }
1209
1210 /** Generates the partition-table partition */
1211 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1212 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1213
1214 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1215
1216 *(s++) = 0x00;
1217 *(s++) = 0x04;
1218 *(s++) = 0x00;
1219 *(s++) = 0x00;
1220
1221 size_t i;
1222 for (i = 0; p[i].name; i++) {
1223 size_t len = end-s;
1224 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1225
1226 if (w > len-1)
1227 error(1, 0, "flash partition table overflow?");
1228
1229 s += w;
1230 }
1231
1232 s++;
1233
1234 memset(s, 0xff, end-s);
1235
1236 return entry;
1237 }
1238
1239
1240 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1241 static inline uint8_t bcd(uint8_t v) {
1242 return 0x10 * (v/10) + v%10;
1243 }
1244
1245
1246 /** Generates the soft-version partition */
1247 static struct image_partition_entry make_soft_version(uint32_t rev) {
1248 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1249 struct soft_version *s = (struct soft_version *)entry.data;
1250
1251 time_t t;
1252
1253 if (source_date_epoch != -1)
1254 t = source_date_epoch;
1255 else if (time(&t) == (time_t)(-1))
1256 error(1, errno, "time");
1257
1258 struct tm *tm = localtime(&t);
1259
1260 s->magic = htonl(0x0000000c);
1261 s->zero = 0;
1262 s->pad1 = 0xff;
1263
1264 s->version_major = 0;
1265 s->version_minor = 0;
1266 s->version_patch = 0;
1267
1268 s->year_hi = bcd((1900+tm->tm_year)/100);
1269 s->year_lo = bcd(tm->tm_year%100);
1270 s->month = bcd(tm->tm_mon+1);
1271 s->day = bcd(tm->tm_mday);
1272 s->rev = htonl(rev);
1273
1274 s->pad2 = 0xff;
1275
1276 return entry;
1277 }
1278
1279 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1280 /** String length _including_ the terminating zero byte */
1281 uint32_t ver_len = strlen(soft_ver) + 1;
1282 /** Partition contains 64 bit header, the version string, and one additional null byte */
1283 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1284 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1285
1286 uint32_t *len = (uint32_t *)entry.data;
1287 len[0] = htonl(ver_len);
1288 len[1] = 0;
1289 memcpy(&len[2], soft_ver, ver_len);
1290
1291 entry.data[partition_len - 1] = 0;
1292
1293 return entry;
1294 }
1295
1296 /** Generates the support-list partition */
1297 static struct image_partition_entry make_support_list(struct device_info *info) {
1298 size_t len = strlen(info->support_list);
1299 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1300
1301 put32(entry.data, len);
1302 memset(entry.data+4, 0, 4);
1303 memcpy(entry.data+8, info->support_list, len);
1304 entry.data[len+8] = info->support_trail;
1305
1306 return entry;
1307 }
1308
1309 /** Creates a new image partition with an arbitrary name from a file */
1310 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof, struct flash_partition_entry *file_system_partition) {
1311 struct stat statbuf;
1312
1313 if (stat(filename, &statbuf) < 0)
1314 error(1, errno, "unable to stat file `%s'", filename);
1315
1316 size_t len = statbuf.st_size;
1317
1318 if (add_jffs2_eof)
1319 if (file_system_partition)
1320 len = ALIGN(len + file_system_partition->base, 0x10000) + sizeof(jffs2_eof_mark) - file_system_partition->base;
1321 else
1322 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1323
1324 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1325
1326 FILE *file = fopen(filename, "rb");
1327 if (!file)
1328 error(1, errno, "unable to open file `%s'", filename);
1329
1330 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1331 error(1, errno, "unable to read file `%s'", filename);
1332
1333 if (add_jffs2_eof) {
1334 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1335
1336 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1337 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1338 }
1339
1340 fclose(file);
1341
1342 return entry;
1343 }
1344
1345 /** Creates a new image partition from arbitrary data */
1346 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1347
1348 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1349
1350 memcpy(entry.data, datain, len);
1351
1352 return entry;
1353 }
1354
1355 /**
1356 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1357
1358 Example image partition table:
1359
1360 fwup-ptn partition-table base 0x00800 size 0x00800
1361 fwup-ptn os-image base 0x01000 size 0x113b45
1362 fwup-ptn file-system base 0x114b45 size 0x1d0004
1363 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1364
1365 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1366 the end of the partition table is marked with a zero byte.
1367
1368 The firmware image must contain at least the partition-table and support-list partitions
1369 to be accepted. There aren't any alignment constraints for the image partitions.
1370
1371 The partition-table partition contains the actual flash layout; partitions
1372 from the image partition table are mapped to the corresponding flash partitions during
1373 the firmware upgrade. The support-list partition contains a list of devices supported by
1374 the firmware image.
1375
1376 The base offsets in the firmware partition table are relative to the end
1377 of the vendor information block, so the partition-table partition will
1378 actually start at offset 0x1814 of the image.
1379
1380 I think partition-table must be the first partition in the firmware image.
1381 */
1382 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1383 size_t i, j;
1384 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1385
1386 size_t base = 0x800;
1387 for (i = 0; parts[i].name; i++) {
1388 for (j = 0; flash_parts[j].name; j++) {
1389 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1390 if (parts[i].size > flash_parts[j].size)
1391 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1392 break;
1393 }
1394 }
1395
1396 assert(flash_parts[j].name);
1397
1398 memcpy(buffer + base, parts[i].data, parts[i].size);
1399
1400 size_t len = end-image_pt;
1401 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1402
1403 if (w > len-1)
1404 error(1, 0, "image partition table overflow?");
1405
1406 image_pt += w;
1407
1408 base += parts[i].size;
1409 }
1410 }
1411
1412 /** Generates and writes the image MD5 checksum */
1413 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1414 MD5_CTX ctx;
1415
1416 MD5_Init(&ctx);
1417 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1418 MD5_Update(&ctx, buffer, len);
1419 MD5_Final(md5, &ctx);
1420 }
1421
1422
1423 /**
1424 Generates the firmware image in factory format
1425
1426 Image format:
1427
1428 Bytes (hex) Usage
1429 ----------- -----
1430 0000-0003 Image size (4 bytes, big endian)
1431 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1432 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1433 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1434 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1435 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1436 1814-xxxx Firmware partitions
1437 */
1438 static void * generate_factory_image(struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1439 *len = 0x1814;
1440
1441 size_t i;
1442 for (i = 0; parts[i].name; i++)
1443 *len += parts[i].size;
1444
1445 uint8_t *image = malloc(*len);
1446 if (!image)
1447 error(1, errno, "malloc");
1448
1449 memset(image, 0xff, *len);
1450 put32(image, *len);
1451
1452 if (info->vendor) {
1453 size_t vendor_len = strlen(info->vendor);
1454 put32(image+0x14, vendor_len);
1455 memcpy(image+0x18, info->vendor, vendor_len);
1456 }
1457
1458 put_partitions(image + 0x1014, info->partitions, parts);
1459 put_md5(image+0x04, image+0x14, *len-0x14);
1460
1461 return image;
1462 }
1463
1464 /**
1465 Generates the firmware image in sysupgrade format
1466
1467 This makes some assumptions about the provided flash and image partition tables and
1468 should be generalized when TP-LINK starts building its safeloader into hardware with
1469 different flash layouts.
1470 */
1471 static void * generate_sysupgrade_image(struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1472 size_t i, j;
1473 size_t flash_first_partition_index = 0;
1474 size_t flash_last_partition_index = 0;
1475 const struct flash_partition_entry *flash_first_partition = NULL;
1476 const struct flash_partition_entry *flash_last_partition = NULL;
1477 const struct image_partition_entry *image_last_partition = NULL;
1478
1479 /** Find first and last partitions */
1480 for (i = 0; info->partitions[i].name; i++) {
1481 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1482 flash_first_partition = &info->partitions[i];
1483 flash_first_partition_index = i;
1484 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1485 flash_last_partition = &info->partitions[i];
1486 flash_last_partition_index = i;
1487 }
1488 }
1489
1490 assert(flash_first_partition && flash_last_partition);
1491 assert(flash_first_partition_index < flash_last_partition_index);
1492
1493 /** Find last partition from image to calculate needed size */
1494 for (i = 0; image_parts[i].name; i++) {
1495 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1496 image_last_partition = &image_parts[i];
1497 break;
1498 }
1499 }
1500
1501 assert(image_last_partition);
1502
1503 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1504
1505 uint8_t *image = malloc(*len);
1506 if (!image)
1507 error(1, errno, "malloc");
1508
1509 memset(image, 0xff, *len);
1510
1511 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1512 for (j = 0; image_parts[j].name; j++) {
1513 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1514 if (image_parts[j].size > info->partitions[i].size)
1515 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1516 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1517 break;
1518 }
1519
1520 assert(image_parts[j].name);
1521 }
1522 }
1523
1524 return image;
1525 }
1526
1527 /** Generates an image according to a given layout and writes it to a file */
1528 static void build_image(const char *output,
1529 const char *kernel_image,
1530 const char *rootfs_image,
1531 uint32_t rev,
1532 bool add_jffs2_eof,
1533 bool sysupgrade,
1534 struct device_info *info) {
1535
1536 size_t i;
1537
1538 struct image_partition_entry parts[7] = {};
1539
1540 struct flash_partition_entry *firmware_partition = NULL;
1541 struct flash_partition_entry *os_image_partition = NULL;
1542 struct flash_partition_entry *file_system_partition = NULL;
1543 size_t firmware_partition_index = 0;
1544
1545 for (i = 0; info->partitions[i].name; i++) {
1546 if (!strcmp(info->partitions[i].name, "firmware"))
1547 {
1548 firmware_partition = &info->partitions[i];
1549 firmware_partition_index = i;
1550 }
1551 }
1552
1553 if (firmware_partition)
1554 {
1555 os_image_partition = &info->partitions[firmware_partition_index];
1556 file_system_partition = &info->partitions[firmware_partition_index + 1];
1557
1558 struct stat kernel;
1559 if (stat(kernel_image, &kernel) < 0)
1560 error(1, errno, "unable to stat file `%s'", kernel_image);
1561
1562 if (kernel.st_size > firmware_partition->size)
1563 error(1, 0, "kernel overflowed firmware partition\n");
1564
1565 for (i = MAX_PARTITIONS-1; i >= firmware_partition_index + 1; i--)
1566 info->partitions[i+1] = info->partitions[i];
1567
1568 file_system_partition->name = "file-system";
1569 file_system_partition->base = firmware_partition->base + kernel.st_size;
1570
1571 /* Align partition start to erase blocks for factory images only */
1572 if (!sysupgrade)
1573 file_system_partition->base = ALIGN(firmware_partition->base + kernel.st_size, 0x10000);
1574
1575 file_system_partition->size = firmware_partition->size - file_system_partition->base;
1576
1577 os_image_partition->name = "os-image";
1578 os_image_partition->size = kernel.st_size;
1579 }
1580
1581 parts[0] = make_partition_table(info->partitions);
1582 if (info->soft_ver)
1583 parts[1] = make_soft_version_from_string(info->soft_ver);
1584 else
1585 parts[1] = make_soft_version(rev);
1586
1587 parts[2] = make_support_list(info);
1588 parts[3] = read_file("os-image", kernel_image, false, NULL);
1589 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof, file_system_partition);
1590
1591 /* Some devices need the extra-para partition to accept the firmware */
1592 if (strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1593 strcasecmp(info->id, "ARCHER-C59-V2") == 0 ||
1594 strcasecmp(info->id, "ARCHER-C60-V2") == 0 ||
1595 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1596 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1597 parts[5] = put_data("extra-para", mdat, 11);
1598 } else if (strcasecmp(info->id, "ARCHER-C7-V4") == 0 || strcasecmp(info->id, "ARCHER-C7-V5") == 0) {
1599 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1600 parts[5] = put_data("extra-para", mdat, 11);
1601 }
1602
1603 size_t len;
1604 void *image;
1605 if (sysupgrade)
1606 image = generate_sysupgrade_image(info, parts, &len);
1607 else
1608 image = generate_factory_image(info, parts, &len);
1609
1610 FILE *file = fopen(output, "wb");
1611 if (!file)
1612 error(1, errno, "unable to open output file");
1613
1614 if (fwrite(image, len, 1, file) != 1)
1615 error(1, 0, "unable to write output file");
1616
1617 fclose(file);
1618
1619 free(image);
1620
1621 for (i = 0; parts[i].name; i++)
1622 free_image_partition(parts[i]);
1623 }
1624
1625 /** Usage output */
1626 static void usage(const char *argv0) {
1627 fprintf(stderr,
1628 "Usage: %s [OPTIONS...]\n"
1629 "\n"
1630 "Options:\n"
1631 " -h show this help\n"
1632 "\n"
1633 "Create a new image:\n"
1634 " -B <board> create image for the board specified with <board>\n"
1635 " -k <file> read kernel image from the file <file>\n"
1636 " -r <file> read rootfs image from the file <file>\n"
1637 " -o <file> write output to the file <file>\n"
1638 " -V <rev> sets the revision number to <rev>\n"
1639 " -j add jffs2 end-of-filesystem markers\n"
1640 " -S create sysupgrade instead of factory image\n"
1641 "Extract an old image:\n"
1642 " -x <file> extract all oem firmware partition\n"
1643 " -d <dir> destination to extract the firmware partition\n"
1644 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1645 argv0
1646 );
1647 };
1648
1649
1650 static struct device_info *find_board(const char *id)
1651 {
1652 struct device_info *board = NULL;
1653
1654 for (board = boards; board->id != NULL; board++)
1655 if (strcasecmp(id, board->id) == 0)
1656 return board;
1657
1658 return NULL;
1659 }
1660
1661 static int add_flash_partition(
1662 struct flash_partition_entry *part_list,
1663 size_t max_entries,
1664 const char *name,
1665 unsigned long base,
1666 unsigned long size)
1667 {
1668 int ptr;
1669 /* check if the list has a free entry */
1670 for (ptr = 0; ptr < max_entries; ptr++, part_list++) {
1671 if (part_list->name == NULL &&
1672 part_list->base == 0 &&
1673 part_list->size == 0)
1674 break;
1675 }
1676
1677 if (ptr == max_entries) {
1678 error(1, 0, "No free flash part entry available.");
1679 }
1680
1681 part_list->name = calloc(1, strlen(name) + 1);
1682 if (!part_list->name) {
1683 error(1, 0, "Unable to allocate memory");
1684 }
1685
1686 memcpy((char *)part_list->name, name, strlen(name));
1687 part_list->base = base;
1688 part_list->size = size;
1689
1690 return 0;
1691 }
1692
1693 /** read the partition table into struct flash_partition_entry */
1694 static int read_partition_table(
1695 FILE *file, long offset,
1696 struct flash_partition_entry *entries, size_t max_entries,
1697 int type)
1698 {
1699 char buf[2048];
1700 char *ptr, *end;
1701 const char *parthdr = NULL;
1702 const char *fwuphdr = "fwup-ptn";
1703 const char *flashhdr = "partition";
1704
1705 /* TODO: search for the partition table */
1706
1707 switch(type) {
1708 case 0:
1709 parthdr = fwuphdr;
1710 break;
1711 case 1:
1712 parthdr = flashhdr;
1713 break;
1714 default:
1715 error(1, 0, "Invalid partition table");
1716 }
1717
1718 if (fseek(file, offset, SEEK_SET) < 0)
1719 error(1, errno, "Can not seek in the firmware");
1720
1721 if (fread(buf, 1, 2048, file) < 0)
1722 error(1, errno, "Can not read fwup-ptn from the firmware");
1723
1724 buf[2047] = '\0';
1725
1726 /* look for the partition header */
1727 if (memcmp(buf, parthdr, strlen(parthdr)) != 0) {
1728 fprintf(stderr, "DEBUG: can not find fwuphdr\n");
1729 return 1;
1730 }
1731
1732 ptr = buf;
1733 end = buf + sizeof(buf);
1734 while ((ptr + strlen(parthdr)) < end &&
1735 memcmp(ptr, parthdr, strlen(parthdr)) == 0) {
1736 char *end_part;
1737 char *end_element;
1738
1739 char name[32] = { 0 };
1740 int name_len = 0;
1741 unsigned long base = 0;
1742 unsigned long size = 0;
1743
1744 end_part = memchr(ptr, '\n', (end - ptr));
1745 if (end_part == NULL) {
1746 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1747 break;
1748 }
1749
1750 for (int i = 0; i <= 4; i++) {
1751 if (end_part <= ptr)
1752 break;
1753
1754 end_element = memchr(ptr, 0x20, (end_part - ptr));
1755 if (end_element == NULL) {
1756 error(1, errno, "Ignoring the rest of the partition entries.");
1757 break;
1758 }
1759
1760 switch (i) {
1761 /* partition header */
1762 case 0:
1763 ptr = end_element + 1;
1764 continue;
1765 /* name */
1766 case 1:
1767 name_len = (end_element - ptr) > 31 ? 31 : (end_element - ptr);
1768 strncpy(name, ptr, name_len);
1769 name[name_len] = '\0';
1770 ptr = end_element + 1;
1771 continue;
1772
1773 /* string "base" */
1774 case 2:
1775 ptr = end_element + 1;
1776 continue;
1777
1778 /* actual base */
1779 case 3:
1780 base = strtoul(ptr, NULL, 16);
1781 ptr = end_element + 1;
1782 continue;
1783
1784 /* string "size" */
1785 case 4:
1786 ptr = end_element + 1;
1787 /* actual size. The last element doesn't have a sepeartor */
1788 size = strtoul(ptr, NULL, 16);
1789 /* the part ends with 0x09, 0x0d, 0x0a */
1790 ptr = end_part + 1;
1791 add_flash_partition(entries, max_entries, name, base, size);
1792 continue;
1793 }
1794 }
1795 }
1796
1797 return 0;
1798 }
1799
1800 static void write_partition(
1801 FILE *input_file,
1802 size_t firmware_offset,
1803 struct flash_partition_entry *entry,
1804 FILE *output_file)
1805 {
1806 char buf[4096];
1807 size_t offset;
1808
1809 fseek(input_file, entry->base + firmware_offset, SEEK_SET);
1810
1811 for (offset = 0; sizeof(buf) + offset <= entry->size; offset += sizeof(buf)) {
1812 if (fread(buf, sizeof(buf), 1, input_file) < 0)
1813 error(1, errno, "Can not read partition from input_file");
1814
1815 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1816 error(1, errno, "Can not write partition to output_file");
1817 }
1818 /* write last chunk smaller than buffer */
1819 if (offset < entry->size) {
1820 offset = entry->size - offset;
1821 if (fread(buf, offset, 1, input_file) < 0)
1822 error(1, errno, "Can not read partition from input_file");
1823 if (fwrite(buf, offset, 1, output_file) < 0)
1824 error(1, errno, "Can not write partition to output_file");
1825 }
1826 }
1827
1828 static int extract_firmware_partition(FILE *input_file, size_t firmware_offset, struct flash_partition_entry *entry, const char *output_directory)
1829 {
1830 FILE *output_file;
1831 char output[PATH_MAX];
1832
1833 snprintf(output, PATH_MAX, "%s/%s", output_directory, entry->name);
1834 output_file = fopen(output, "wb+");
1835 if (output_file == NULL) {
1836 error(1, errno, "Can not open output file %s", output);
1837 }
1838
1839 write_partition(input_file, firmware_offset, entry, output_file);
1840
1841 fclose(output_file);
1842
1843 return 0;
1844 }
1845
1846 /** extract all partitions from the firmware file */
1847 static int extract_firmware(const char *input, const char *output_directory)
1848 {
1849 struct flash_partition_entry entries[16] = { 0 };
1850 size_t max_entries = 16;
1851 size_t firmware_offset = 0x1014;
1852 FILE *input_file;
1853
1854 struct stat statbuf;
1855
1856 /* check input file */
1857 if (stat(input, &statbuf)) {
1858 error(1, errno, "Can not read input firmware %s", input);
1859 }
1860
1861 /* check if output directory exists */
1862 if (stat(output_directory, &statbuf)) {
1863 error(1, errno, "Failed to stat output directory %s", output_directory);
1864 }
1865
1866 if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
1867 error(1, errno, "Given output directory is not a directory %s", output_directory);
1868 }
1869
1870 input_file = fopen(input, "rb");
1871
1872 if (read_partition_table(input_file, firmware_offset, entries, 16, 0) != 0) {
1873 error(1, 0, "Error can not read the partition table (fwup-ptn)");
1874 }
1875
1876 for (int i = 0; i < max_entries; i++) {
1877 if (entries[i].name == NULL &&
1878 entries[i].base == 0 &&
1879 entries[i].size == 0)
1880 continue;
1881
1882 extract_firmware_partition(input_file, firmware_offset, &entries[i], output_directory);
1883 }
1884
1885 return 0;
1886 }
1887
1888 static struct flash_partition_entry *find_partition(
1889 struct flash_partition_entry *entries, size_t max_entries,
1890 const char *name, const char *error_msg)
1891 {
1892 for (int i = 0; i < max_entries; i++, entries++) {
1893 if (strcmp(entries->name, name) == 0)
1894 return entries;
1895 }
1896
1897 error(1, 0, "%s", error_msg);
1898 return NULL;
1899 }
1900
1901 static void write_ff(FILE *output_file, size_t size)
1902 {
1903 char buf[4096];
1904 int offset;
1905
1906 memset(buf, 0xff, sizeof(buf));
1907
1908 for (offset = 0; offset + sizeof(buf) < size ; offset += sizeof(buf)) {
1909 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1910 error(1, errno, "Can not write 0xff to output_file");
1911 }
1912
1913 /* write last chunk smaller than buffer */
1914 if (offset < size) {
1915 offset = size - offset;
1916 if (fwrite(buf, offset, 1, output_file) < 0)
1917 error(1, errno, "Can not write partition to output_file");
1918 }
1919 }
1920
1921 static void convert_firmware(const char *input, const char *output)
1922 {
1923 struct flash_partition_entry fwup[MAX_PARTITIONS] = { 0 };
1924 struct flash_partition_entry flash[MAX_PARTITIONS] = { 0 };
1925 struct flash_partition_entry *fwup_os_image = NULL, *fwup_file_system = NULL;
1926 struct flash_partition_entry *flash_os_image = NULL, *flash_file_system = NULL;
1927 struct flash_partition_entry *fwup_partition_table = NULL;
1928 size_t firmware_offset = 0x1014;
1929 FILE *input_file, *output_file;
1930
1931 struct stat statbuf;
1932
1933 /* check input file */
1934 if (stat(input, &statbuf)) {
1935 error(1, errno, "Can not read input firmware %s", input);
1936 }
1937
1938 input_file = fopen(input, "rb");
1939 if (!input_file)
1940 error(1, 0, "Can not open input firmware %s", input);
1941
1942 output_file = fopen(output, "wb");
1943 if (!output_file)
1944 error(1, 0, "Can not open output firmware %s", output);
1945
1946 if (read_partition_table(input_file, firmware_offset, fwup, MAX_PARTITIONS, 0) != 0) {
1947 error(1, 0, "Error can not read the partition table (fwup-ptn)");
1948 }
1949
1950 fwup_os_image = find_partition(fwup, MAX_PARTITIONS,
1951 "os-image", "Error can not find os-image partition (fwup)");
1952 fwup_file_system = find_partition(fwup, MAX_PARTITIONS,
1953 "file-system", "Error can not find file-system partition (fwup)");
1954 fwup_partition_table = find_partition(fwup, MAX_PARTITIONS,
1955 "partition-table", "Error can not find partition-table partition");
1956
1957 /* the flash partition table has a 0x00000004 magic haeder */
1958 if (read_partition_table(input_file, firmware_offset + fwup_partition_table->base + 4, flash, MAX_PARTITIONS, 1) != 0)
1959 error(1, 0, "Error can not read the partition table (flash)");
1960
1961 flash_os_image = find_partition(flash, MAX_PARTITIONS,
1962 "os-image", "Error can not find os-image partition (flash)");
1963 flash_file_system = find_partition(flash, MAX_PARTITIONS,
1964 "file-system", "Error can not find file-system partition (flash)");
1965
1966 /* write os_image to 0x0 */
1967 write_partition(input_file, firmware_offset, fwup_os_image, output_file);
1968 write_ff(output_file, flash_os_image->size - fwup_os_image->size);
1969
1970 /* write file-system behind os_image */
1971 fseek(output_file, flash_file_system->base - flash_os_image->base, SEEK_SET);
1972 write_partition(input_file, firmware_offset, fwup_file_system, output_file);
1973 write_ff(output_file, flash_file_system->size - fwup_file_system->size);
1974
1975 fclose(output_file);
1976 fclose(input_file);
1977 }
1978
1979 int main(int argc, char *argv[]) {
1980 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
1981 const char *extract_image = NULL, *output_directory = NULL, *convert_image = NULL;
1982 bool add_jffs2_eof = false, sysupgrade = false;
1983 unsigned rev = 0;
1984 struct device_info *info;
1985 set_source_date_epoch();
1986
1987 while (true) {
1988 int c;
1989
1990 c = getopt(argc, argv, "B:k:r:o:V:jSh:x:d:z:");
1991 if (c == -1)
1992 break;
1993
1994 switch (c) {
1995 case 'B':
1996 board = optarg;
1997 break;
1998
1999 case 'k':
2000 kernel_image = optarg;
2001 break;
2002
2003 case 'r':
2004 rootfs_image = optarg;
2005 break;
2006
2007 case 'o':
2008 output = optarg;
2009 break;
2010
2011 case 'V':
2012 sscanf(optarg, "r%u", &rev);
2013 break;
2014
2015 case 'j':
2016 add_jffs2_eof = true;
2017 break;
2018
2019 case 'S':
2020 sysupgrade = true;
2021 break;
2022
2023 case 'h':
2024 usage(argv[0]);
2025 return 0;
2026
2027 case 'd':
2028 output_directory = optarg;
2029 break;
2030
2031 case 'x':
2032 extract_image = optarg;
2033 break;
2034
2035 case 'z':
2036 convert_image = optarg;
2037 break;
2038
2039 default:
2040 usage(argv[0]);
2041 return 1;
2042 }
2043 }
2044
2045 if (extract_image || output_directory) {
2046 if (!extract_image)
2047 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2048 if (!output_directory)
2049 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2050 extract_firmware(extract_image, output_directory);
2051 } else if (convert_image) {
2052 if (!output)
2053 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2054 convert_firmware(convert_image, output);
2055 } else {
2056 if (!board)
2057 error(1, 0, "no board has been specified");
2058 if (!kernel_image)
2059 error(1, 0, "no kernel image has been specified");
2060 if (!rootfs_image)
2061 error(1, 0, "no rootfs image has been specified");
2062 if (!output)
2063 error(1, 0, "no output filename has been specified");
2064
2065 info = find_board(board);
2066
2067 if (info == NULL)
2068 error(1, 0, "unsupported board %s", board);
2069
2070 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
2071 }
2072
2073 return 0;
2074 }
OpenWrt Source Repository