projects / openwrt / openwrt.git / blob
? search:


3c979f7f86d385ffd2bca5d4cf7f87001815cc89
[openwrt/openwrt.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <limits.h>
50
51 #include "md5.h"
52
53
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
55
56
57 #define MAX_PARTITIONS 32
58
59 /** An image partition table entry */
60 struct image_partition_entry {
61 const char *name;
62 size_t size;
63 uint8_t *data;
64 };
65
66 /** A flash partition table entry */
67 struct flash_partition_entry {
68 const char *name;
69 uint32_t base;
70 uint32_t size;
71 };
72
73 /** Firmware layout description */
74 struct device_info {
75 const char *id;
76 const char *vendor;
77 const char *support_list;
78 char support_trail;
79 const char *soft_ver;
80 const struct flash_partition_entry partitions[MAX_PARTITIONS+1];
81 const char *first_sysupgrade_partition;
82 const char *last_sysupgrade_partition;
83 };
84
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__)) soft_version {
87 uint32_t magic;
88 uint32_t zero;
89 uint8_t pad1;
90 uint8_t version_major;
91 uint8_t version_minor;
92 uint8_t version_patch;
93 uint8_t year_hi;
94 uint8_t year_lo;
95 uint8_t month;
96 uint8_t day;
97 uint32_t rev;
98 uint8_t pad2;
99 };
100
101
102 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
103
104
105 /**
106 Salt for the MD5 hash
107
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
110 */
111 static const uint8_t md5_salt[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
116 };
117
118
119 /** Firmware layout table */
120 static struct device_info boards[] = {
121 /** Firmware layout for the CPE210/220 */
122 {
123 .id = "CPE210",
124 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
125 .support_list =
126 "SupportList:\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail = '\xff',
135 .soft_ver = NULL,
136
137 .partitions = {
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x170000},
144 {"soft-version", 0x1b0000, 0x00100},
145 {"support-list", 0x1b1000, 0x00400},
146 {"file-system", 0x1c0000, 0x600000},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
151 {NULL, 0, 0}
152 },
153
154 .first_sysupgrade_partition = "os-image",
155 .last_sysupgrade_partition = "file-system",
156 },
157
158 /** Firmware layout for the CPE510/520 */
159 {
160 .id = "CPE510",
161 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
162 .support_list =
163 "SupportList:\r\n"
164 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
165 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
166 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
167 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
168 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
169 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
170 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
171 "CPE520(TP-LINK|EU|N300-5):1.1\r\n",
172 .support_trail = '\xff',
173 .soft_ver = NULL,
174
175 .partitions = {
176 {"fs-uboot", 0x00000, 0x20000},
177 {"partition-table", 0x20000, 0x02000},
178 {"default-mac", 0x30000, 0x00020},
179 {"product-info", 0x31100, 0x00100},
180 {"signature", 0x32000, 0x00400},
181 {"os-image", 0x40000, 0x170000},
182 {"soft-version", 0x1b0000, 0x00100},
183 {"support-list", 0x1b1000, 0x00400},
184 {"file-system", 0x1c0000, 0x600000},
185 {"user-config", 0x7c0000, 0x10000},
186 {"default-config", 0x7d0000, 0x10000},
187 {"log", 0x7e0000, 0x10000},
188 {"radio", 0x7f0000, 0x10000},
189 {NULL, 0, 0}
190 },
191
192 .first_sysupgrade_partition = "os-image",
193 .last_sysupgrade_partition = "file-system",
194 },
195
196 {
197 .id = "WBS210",
198 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
199 .support_list =
200 "SupportList:\r\n"
201 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
202 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
203 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
204 .support_trail = '\xff',
205 .soft_ver = NULL,
206
207 .partitions = {
208 {"fs-uboot", 0x00000, 0x20000},
209 {"partition-table", 0x20000, 0x02000},
210 {"default-mac", 0x30000, 0x00020},
211 {"product-info", 0x31100, 0x00100},
212 {"signature", 0x32000, 0x00400},
213 {"os-image", 0x40000, 0x170000},
214 {"soft-version", 0x1b0000, 0x00100},
215 {"support-list", 0x1b1000, 0x00400},
216 {"file-system", 0x1c0000, 0x600000},
217 {"user-config", 0x7c0000, 0x10000},
218 {"default-config", 0x7d0000, 0x10000},
219 {"log", 0x7e0000, 0x10000},
220 {"radio", 0x7f0000, 0x10000},
221 {NULL, 0, 0}
222 },
223
224 .first_sysupgrade_partition = "os-image",
225 .last_sysupgrade_partition = "file-system",
226 },
227
228 {
229 .id = "WBS510",
230 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
231 .support_list =
232 "SupportList:\r\n"
233 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
234 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
235 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
236 .support_trail = '\xff',
237 .soft_ver = NULL,
238
239 .partitions = {
240 {"fs-uboot", 0x00000, 0x20000},
241 {"partition-table", 0x20000, 0x02000},
242 {"default-mac", 0x30000, 0x00020},
243 {"product-info", 0x31100, 0x00100},
244 {"signature", 0x32000, 0x00400},
245 {"os-image", 0x40000, 0x170000},
246 {"soft-version", 0x1b0000, 0x00100},
247 {"support-list", 0x1b1000, 0x00400},
248 {"file-system", 0x1c0000, 0x600000},
249 {"user-config", 0x7c0000, 0x10000},
250 {"default-config", 0x7d0000, 0x10000},
251 {"log", 0x7e0000, 0x10000},
252 {"radio", 0x7f0000, 0x10000},
253 {NULL, 0, 0}
254 },
255
256 .first_sysupgrade_partition = "os-image",
257 .last_sysupgrade_partition = "file-system",
258 },
259
260 /** Firmware layout for the C2600 */
261 {
262 .id = "C2600",
263 .vendor = "",
264 .support_list =
265 "SupportList:\r\n"
266 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
267 .support_trail = '\x00',
268 .soft_ver = NULL,
269
270 .partitions = {
271 {"SBL1", 0x00000, 0x20000},
272 {"MIBIB", 0x20000, 0x20000},
273 {"SBL2", 0x40000, 0x20000},
274 {"SBL3", 0x60000, 0x30000},
275 {"DDRCONFIG", 0x90000, 0x10000},
276 {"SSD", 0xa0000, 0x10000},
277 {"TZ", 0xb0000, 0x30000},
278 {"RPM", 0xe0000, 0x20000},
279 {"fs-uboot", 0x100000, 0x70000},
280 {"uboot-env", 0x170000, 0x40000},
281 {"radio", 0x1b0000, 0x40000},
282 {"os-image", 0x1f0000, 0x200000},
283 {"file-system", 0x3f0000, 0x1b00000},
284 {"default-mac", 0x1ef0000, 0x00200},
285 {"pin", 0x1ef0200, 0x00200},
286 {"product-info", 0x1ef0400, 0x0fc00},
287 {"partition-table", 0x1f00000, 0x10000},
288 {"soft-version", 0x1f10000, 0x10000},
289 {"support-list", 0x1f20000, 0x10000},
290 {"profile", 0x1f30000, 0x10000},
291 {"default-config", 0x1f40000, 0x10000},
292 {"user-config", 0x1f50000, 0x40000},
293 {"qos-db", 0x1f90000, 0x40000},
294 {"usb-config", 0x1fd0000, 0x10000},
295 {"log", 0x1fe0000, 0x20000},
296 {NULL, 0, 0}
297 },
298
299 .first_sysupgrade_partition = "os-image",
300 .last_sysupgrade_partition = "file-system"
301 },
302
303 /** Firmware layout for the C25v1 */
304 {
305 .id = "ARCHER-C25-V1",
306 .support_list =
307 "SupportList:\n"
308 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
309 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
310 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
311 .support_trail = '\x00',
312 .soft_ver = "soft_ver:1.0.0\n",
313
314 /**
315 We use a bigger os-image partition than the stock images (and thus
316 smaller file-system), as our kernel doesn't fit in the stock firmware's
317 1MB os-image.
318 */
319 .partitions = {
320 {"factory-boot", 0x00000, 0x20000},
321 {"fs-uboot", 0x20000, 0x10000},
322 {"os-image", 0x30000, 0x180000}, /* Stock: base 0x30000 size 0x100000 */
323 {"file-system", 0x1b0000, 0x620000}, /* Stock: base 0x130000 size 0x6a0000 */
324 {"user-config", 0x7d0000, 0x04000},
325 {"default-mac", 0x7e0000, 0x00100},
326 {"device-id", 0x7e0100, 0x00100},
327 {"extra-para", 0x7e0200, 0x00100},
328 {"pin", 0x7e0300, 0x00100},
329 {"support-list", 0x7e0400, 0x00400},
330 {"soft-version", 0x7e0800, 0x00400},
331 {"product-info", 0x7e0c00, 0x01400},
332 {"partition-table", 0x7e2000, 0x01000},
333 {"profile", 0x7e3000, 0x01000},
334 {"default-config", 0x7e4000, 0x04000},
335 {"merge-config", 0x7ec000, 0x02000},
336 {"qos-db", 0x7ee000, 0x02000},
337 {"radio", 0x7f0000, 0x10000},
338 {NULL, 0, 0}
339 },
340
341 .first_sysupgrade_partition = "os-image",
342 .last_sysupgrade_partition = "file-system",
343 },
344
345 /** Firmware layout for the C58v1 */
346 {
347 .id = "ARCHER-C58-V1",
348 .vendor = "",
349 .support_list =
350 "SupportList:\r\n"
351 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
352 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
353 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
354 .support_trail = '\x00',
355 .soft_ver = "soft_ver:1.0.0\n",
356
357 .partitions = {
358 {"fs-uboot", 0x00000, 0x10000},
359 {"default-mac", 0x10000, 0x00200},
360 {"pin", 0x10200, 0x00200},
361 {"product-info", 0x10400, 0x00100},
362 {"partition-table", 0x10500, 0x00800},
363 {"soft-version", 0x11300, 0x00200},
364 {"support-list", 0x11500, 0x00100},
365 {"device-id", 0x11600, 0x00100},
366 {"profile", 0x11700, 0x03900},
367 {"default-config", 0x15000, 0x04000},
368 {"user-config", 0x19000, 0x04000},
369 {"os-image", 0x20000, 0x180000},
370 {"file-system", 0x1a0000, 0x648000},
371 {"certyficate", 0x7e8000, 0x08000},
372 {"radio", 0x7f0000, 0x10000},
373 {NULL, 0, 0}
374 },
375
376 .first_sysupgrade_partition = "os-image",
377 .last_sysupgrade_partition = "file-system",
378 },
379
380 /** Firmware layout for the C59v1 */
381 {
382 .id = "ARCHER-C59-V1",
383 .vendor = "",
384 .support_list =
385 "SupportList:\r\n"
386 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
387 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
388 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
389 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
390 .support_trail = '\x00',
391 .soft_ver = "soft_ver:1.0.0\n",
392
393 .partitions = {
394 {"fs-uboot", 0x00000, 0x10000},
395 {"default-mac", 0x10000, 0x00200},
396 {"pin", 0x10200, 0x00200},
397 {"device-id", 0x10400, 0x00100},
398 {"product-info", 0x10500, 0x0fb00},
399 {"os-image", 0x20000, 0x180000},
400 {"file-system", 0x1a0000, 0xcb0000},
401 {"partition-table", 0xe50000, 0x10000},
402 {"soft-version", 0xe60000, 0x10000},
403 {"support-list", 0xe70000, 0x10000},
404 {"profile", 0xe80000, 0x10000},
405 {"default-config", 0xe90000, 0x10000},
406 {"user-config", 0xea0000, 0x40000},
407 {"usb-config", 0xee0000, 0x10000},
408 {"certificate", 0xef0000, 0x10000},
409 {"qos-db", 0xf00000, 0x40000},
410 {"log", 0xfe0000, 0x10000},
411 {"radio", 0xff0000, 0x10000},
412 {NULL, 0, 0}
413 },
414
415 .first_sysupgrade_partition = "os-image",
416 .last_sysupgrade_partition = "file-system",
417 },
418
419 /** Firmware layout for the C60v1 */
420 {
421 .id = "ARCHER-C60-V1",
422 .vendor = "",
423 .support_list =
424 "SupportList:\r\n"
425 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
426 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
427 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
428 .support_trail = '\x00',
429 .soft_ver = "soft_ver:1.0.0\n",
430
431 .partitions = {
432 {"fs-uboot", 0x00000, 0x10000},
433 {"default-mac", 0x10000, 0x00200},
434 {"pin", 0x10200, 0x00200},
435 {"product-info", 0x10400, 0x00100},
436 {"partition-table", 0x10500, 0x00800},
437 {"soft-version", 0x11300, 0x00200},
438 {"support-list", 0x11500, 0x00100},
439 {"device-id", 0x11600, 0x00100},
440 {"profile", 0x11700, 0x03900},
441 {"default-config", 0x15000, 0x04000},
442 {"user-config", 0x19000, 0x04000},
443 {"os-image", 0x20000, 0x180000},
444 {"file-system", 0x1a0000, 0x648000},
445 {"certyficate", 0x7e8000, 0x08000},
446 {"radio", 0x7f0000, 0x10000},
447 {NULL, 0, 0}
448 },
449
450 .first_sysupgrade_partition = "os-image",
451 .last_sysupgrade_partition = "file-system",
452 },
453
454 /** Firmware layout for the C5 */
455 {
456 .id = "ARCHER-C5-V2",
457 .vendor = "",
458 .support_list =
459 "SupportList:\r\n"
460 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
461 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
462 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
463 .support_trail = '\x00',
464 .soft_ver = NULL,
465
466 .partitions = {
467 {"fs-uboot", 0x00000, 0x40000},
468 {"os-image", 0x40000, 0x200000},
469 {"file-system", 0x240000, 0xc00000},
470 {"default-mac", 0xe40000, 0x00200},
471 {"pin", 0xe40200, 0x00200},
472 {"product-info", 0xe40400, 0x00200},
473 {"partition-table", 0xe50000, 0x10000},
474 {"soft-version", 0xe60000, 0x00200},
475 {"support-list", 0xe61000, 0x0f000},
476 {"profile", 0xe70000, 0x10000},
477 {"default-config", 0xe80000, 0x10000},
478 {"user-config", 0xe90000, 0x50000},
479 {"log", 0xee0000, 0x100000},
480 {"radio_bk", 0xfe0000, 0x10000},
481 {"radio", 0xff0000, 0x10000},
482 {NULL, 0, 0}
483 },
484
485 .first_sysupgrade_partition = "os-image",
486 .last_sysupgrade_partition = "file-system"
487 },
488
489 /** Firmware layout for the C7 */
490 {
491 .id = "ARCHER-C7-V4",
492 .support_list =
493 "SupportList:\n"
494 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
495 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
496 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
497 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
498 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
499 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
500 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
501 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
502 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
503 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
504 .support_trail = '\x00',
505 .soft_ver = "soft_ver:1.0.0\n",
506
507 /**
508 We use a bigger os-image partition than the stock images (and thus
509 smaller file-system), as our kernel doesn't fit in the stock firmware's
510 1MB os-image.
511 */
512 .partitions = {
513 {"factory-boot", 0x00000, 0x20000},
514 {"fs-uboot", 0x20000, 0x20000},
515 {"os-image", 0x40000, 0x180000}, /* Stock: base 0x40000 size 0x120000 */
516 {"file-system", 0x1c0000, 0xd40000}, /* Stock: base 0x160000 size 0xda0000 */
517 {"default-mac", 0xf00000, 0x00200},
518 {"pin", 0xf00200, 0x00200},
519 {"device-id", 0xf00400, 0x00100},
520 {"product-info", 0xf00500, 0x0fb00},
521 {"soft-version", 0xf10000, 0x00100},
522 {"extra-para", 0xf11000, 0x01000},
523 {"support-list", 0xf12000, 0x0a000},
524 {"profile", 0xf1c000, 0x04000},
525 {"default-config", 0xf20000, 0x10000},
526 {"user-config", 0xf30000, 0x40000},
527 {"qos-db", 0xf70000, 0x40000},
528 {"certificate", 0xfb0000, 0x10000},
529 {"partition-table", 0xfc0000, 0x10000},
530 {"log", 0xfd0000, 0x20000},
531 {"radio", 0xff0000, 0x10000},
532 {NULL, 0, 0}
533 },
534
535 .first_sysupgrade_partition = "os-image",
536 .last_sysupgrade_partition = "file-system",
537 },
538
539 /** Firmware layout for the C9 */
540 {
541 .id = "ARCHERC9",
542 .vendor = "",
543 .support_list =
544 "SupportList:\n"
545 "{product_name:ArcherC9,"
546 "product_ver:1.0.0,"
547 "special_id:00000000}\n",
548 .support_trail = '\x00',
549 .soft_ver = NULL,
550
551 .partitions = {
552 {"fs-uboot", 0x00000, 0x40000},
553 {"os-image", 0x40000, 0x200000},
554 {"file-system", 0x240000, 0xc00000},
555 {"default-mac", 0xe40000, 0x00200},
556 {"pin", 0xe40200, 0x00200},
557 {"product-info", 0xe40400, 0x00200},
558 {"partition-table", 0xe50000, 0x10000},
559 {"soft-version", 0xe60000, 0x00200},
560 {"support-list", 0xe61000, 0x0f000},
561 {"profile", 0xe70000, 0x10000},
562 {"default-config", 0xe80000, 0x10000},
563 {"user-config", 0xe90000, 0x50000},
564 {"log", 0xee0000, 0x100000},
565 {"radio_bk", 0xfe0000, 0x10000},
566 {"radio", 0xff0000, 0x10000},
567 {NULL, 0, 0}
568 },
569
570 .first_sysupgrade_partition = "os-image",
571 .last_sysupgrade_partition = "file-system"
572 },
573
574 /** Firmware layout for the EAP120 */
575 {
576 .id = "EAP120",
577 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
578 .support_list =
579 "SupportList:\r\n"
580 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
581 .support_trail = '\xff',
582 .soft_ver = NULL,
583
584 .partitions = {
585 {"fs-uboot", 0x00000, 0x20000},
586 {"partition-table", 0x20000, 0x02000},
587 {"default-mac", 0x30000, 0x00020},
588 {"support-list", 0x31000, 0x00100},
589 {"product-info", 0x31100, 0x00100},
590 {"soft-version", 0x32000, 0x00100},
591 {"os-image", 0x40000, 0x180000},
592 {"file-system", 0x1c0000, 0x600000},
593 {"user-config", 0x7c0000, 0x10000},
594 {"backup-config", 0x7d0000, 0x10000},
595 {"log", 0x7e0000, 0x10000},
596 {"radio", 0x7f0000, 0x10000},
597 {NULL, 0, 0}
598 },
599
600 .first_sysupgrade_partition = "os-image",
601 .last_sysupgrade_partition = "file-system"
602 },
603
604 /** Firmware layout for the TL-WA850RE v2 */
605 {
606 .id = "TLWA850REV2",
607 .vendor = "",
608 .support_list =
609 "SupportList:\n"
610 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
611 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
612 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
613 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
614 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
615 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
616 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
617 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
618 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
619 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
620 .support_trail = '\x00',
621 .soft_ver = NULL,
622
623 /**
624 576KB were moved from file-system to os-image
625 in comparison to the stock image
626 */
627 .partitions = {
628 {"fs-uboot", 0x00000, 0x20000},
629 {"os-image", 0x20000, 0x150000},
630 {"file-system", 0x170000, 0x240000},
631 {"partition-table", 0x3b0000, 0x02000},
632 {"default-mac", 0x3c0000, 0x00020},
633 {"pin", 0x3c0100, 0x00020},
634 {"product-info", 0x3c1000, 0x01000},
635 {"soft-version", 0x3c2000, 0x00100},
636 {"support-list", 0x3c3000, 0x01000},
637 {"profile", 0x3c4000, 0x08000},
638 {"user-config", 0x3d0000, 0x10000},
639 {"default-config", 0x3e0000, 0x10000},
640 {"radio", 0x3f0000, 0x10000},
641 {NULL, 0, 0}
642 },
643
644 .first_sysupgrade_partition = "os-image",
645 .last_sysupgrade_partition = "file-system"
646 },
647
648 /** Firmware layout for the TL-WA855RE v1 */
649 {
650 .id = "TLWA855REV1",
651 .vendor = "",
652 .support_list =
653 "SupportList:\n"
654 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
655 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
656 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
657 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
658 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
659 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
660 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
661 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
662 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
663 .support_trail = '\x00',
664 .soft_ver = NULL,
665
666 .partitions = {
667 {"fs-uboot", 0x00000, 0x20000},
668 {"os-image", 0x20000, 0x150000},
669 {"file-system", 0x170000, 0x240000},
670 {"partition-table", 0x3b0000, 0x02000},
671 {"default-mac", 0x3c0000, 0x00020},
672 {"pin", 0x3c0100, 0x00020},
673 {"product-info", 0x3c1000, 0x01000},
674 {"soft-version", 0x3c2000, 0x00100},
675 {"support-list", 0x3c3000, 0x01000},
676 {"profile", 0x3c4000, 0x08000},
677 {"user-config", 0x3d0000, 0x10000},
678 {"default-config", 0x3e0000, 0x10000},
679 {"radio", 0x3f0000, 0x10000},
680 {NULL, 0, 0}
681 },
682
683 .first_sysupgrade_partition = "os-image",
684 .last_sysupgrade_partition = "file-system"
685 },
686
687 /** Firmware layout for the TL-WR1043 v5 */
688 {
689 .id = "TLWR1043NV5",
690 .vendor = "",
691 .support_list =
692 "SupportList:\n"
693 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
694 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
695 .support_trail = '\x00',
696 .soft_ver = "soft_ver:1.0.0\n",
697 .partitions = {
698 {"factory-boot", 0x00000, 0x20000},
699 {"fs-uboot", 0x20000, 0x20000},
700 {"os-image", 0x40000, 0x180000},
701 {"file-system", 0x1c0000, 0xd40000},
702 {"default-mac", 0xf00000, 0x00200},
703 {"pin", 0xf00200, 0x00200},
704 {"device-id", 0xf00400, 0x00100},
705 {"product-info", 0xf00500, 0x0fb00},
706 {"soft-version", 0xf10000, 0x01000},
707 {"extra-para", 0xf11000, 0x01000},
708 {"support-list", 0xf12000, 0x0a000},
709 {"profile", 0xf1c000, 0x04000},
710 {"default-config", 0xf20000, 0x10000},
711 {"user-config", 0xf30000, 0x40000},
712 {"qos-db", 0xf70000, 0x40000},
713 {"certificate", 0xfb0000, 0x10000},
714 {"partition-table", 0xfc0000, 0x10000},
715 {"log", 0xfd0000, 0x20000},
716 {"radio", 0xff0000, 0x10000},
717 {NULL, 0, 0}
718 },
719 .first_sysupgrade_partition = "os-image",
720 .last_sysupgrade_partition = "file-system"
721 },
722
723 /** Firmware layout for the TL-WR1043 v4 */
724 {
725 .id = "TLWR1043NDV4",
726 .vendor = "",
727 .support_list =
728 "SupportList:\n"
729 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
730 .support_trail = '\x00',
731 .soft_ver = NULL,
732
733 /**
734 We use a bigger os-image partition than the stock images (and thus
735 smaller file-system), as our kernel doesn't fit in the stock firmware's
736 1MB os-image.
737 */
738 .partitions = {
739 {"fs-uboot", 0x00000, 0x20000},
740 {"os-image", 0x20000, 0x180000},
741 {"file-system", 0x1a0000, 0xdb0000},
742 {"default-mac", 0xf50000, 0x00200},
743 {"pin", 0xf50200, 0x00200},
744 {"product-info", 0xf50400, 0x0fc00},
745 {"soft-version", 0xf60000, 0x0b000},
746 {"support-list", 0xf6b000, 0x04000},
747 {"profile", 0xf70000, 0x04000},
748 {"default-config", 0xf74000, 0x0b000},
749 {"user-config", 0xf80000, 0x40000},
750 {"partition-table", 0xfc0000, 0x10000},
751 {"log", 0xfd0000, 0x20000},
752 {"radio", 0xff0000, 0x10000},
753 {NULL, 0, 0}
754 },
755
756 .first_sysupgrade_partition = "os-image",
757 .last_sysupgrade_partition = "file-system"
758 },
759
760 /** Firmware layout for the TL-WR902AC v1 */
761 {
762 .id = "TL-WR902AC-V1",
763 .vendor = "",
764 .support_list =
765 "SupportList:\n"
766 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
767 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
768 .support_trail = '\x00',
769 .soft_ver = NULL,
770
771 /**
772 384KB were moved from file-system to os-image
773 in comparison to the stock image
774 */
775 .partitions = {
776 {"fs-uboot", 0x00000, 0x20000},
777 {"os-image", 0x20000, 0x180000},
778 {"file-system", 0x1a0000, 0x5b0000},
779 {"default-mac", 0x750000, 0x00200},
780 {"pin", 0x750200, 0x00200},
781 {"product-info", 0x750400, 0x0fc00},
782 {"soft-version", 0x760000, 0x0b000},
783 {"support-list", 0x76b000, 0x04000},
784 {"profile", 0x770000, 0x04000},
785 {"default-config", 0x774000, 0x0b000},
786 {"user-config", 0x780000, 0x40000},
787 {"partition-table", 0x7c0000, 0x10000},
788 {"log", 0x7d0000, 0x20000},
789 {"radio", 0x7f0000, 0x10000},
790 {NULL, 0, 0}
791 },
792
793 .first_sysupgrade_partition = "os-image",
794 .last_sysupgrade_partition = "file-system",
795 },
796
797 /** Firmware layout for the TL-WR942N V1 */
798 {
799 .id = "TLWR942NV1",
800 .vendor = "",
801 .support_list =
802 "SupportList:\r\n"
803 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
804 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
805 .support_trail = '\x00',
806 .soft_ver = NULL,
807
808 .partitions = {
809 {"fs-uboot", 0x00000, 0x20000},
810 {"os-image", 0x20000, 0x180000},
811 {"file-system", 0x1a0000, 0xca0000},
812 {"default-mac", 0xe40000, 0x00200},
813 {"pin", 0xe40200, 0x00200},
814 {"product-info", 0xe40400, 0x0fc00},
815 {"partition-table", 0xe50000, 0x10000},
816 {"soft-version", 0xe60000, 0x10000},
817 {"support-list", 0xe70000, 0x10000},
818 {"profile", 0xe80000, 0x10000},
819 {"default-config", 0xe90000, 0x10000},
820 {"user-config", 0xea0000, 0x40000},
821 {"qos-db", 0xee0000, 0x40000},
822 {"certificate", 0xf20000, 0x10000},
823 {"usb-config", 0xfb0000, 0x10000},
824 {"log", 0xfc0000, 0x20000},
825 {"radio-bk", 0xfe0000, 0x10000},
826 {"radio", 0xff0000, 0x10000},
827 {NULL, 0, 0}
828 },
829
830 .first_sysupgrade_partition = "os-image",
831 .last_sysupgrade_partition = "file-system",
832 },
833
834 /** Firmware layout for the RE350 v1 */
835 {
836 .id = "RE350-V1",
837 .vendor = "",
838 .support_list =
839 "SupportList:\n"
840 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
841 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
842 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
843 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
844 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
845 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
846 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
847 .support_trail = '\x00',
848 .soft_ver = NULL,
849
850 /**
851 The original os-image partition is too small,
852 so we enlarge it to 1.6M
853 */
854 .partitions = {
855 {"fs-uboot", 0x00000, 0x20000},
856 {"os-image", 0x20000, 0x1a0000},
857 {"file-system", 0x1c0000, 0x440000},
858 {"partition-table", 0x600000, 0x02000},
859 {"default-mac", 0x610000, 0x00020},
860 {"pin", 0x610100, 0x00020},
861 {"product-info", 0x611100, 0x01000},
862 {"soft-version", 0x620000, 0x01000},
863 {"support-list", 0x621000, 0x01000},
864 {"profile", 0x622000, 0x08000},
865 {"user-config", 0x630000, 0x10000},
866 {"default-config", 0x640000, 0x10000},
867 {"radio", 0x7f0000, 0x10000},
868 {NULL, 0, 0}
869 },
870
871 .first_sysupgrade_partition = "os-image",
872 .last_sysupgrade_partition = "file-system"
873 },
874
875 /** Firmware layout for the RE355 */
876 {
877 .id = "RE355",
878 .vendor = "",
879 .support_list =
880 "SupportList:\r\n"
881 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
882 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
883 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
884 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
885 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
886 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
887 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
888 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
889 .support_trail = '\x00',
890 .soft_ver = NULL,
891
892 /**
893 The flash partition table for RE355;
894 it is almost the same as the one used by the stock images,
895 576KB were moved from file-system to os-image.
896 */
897 .partitions = {
898 {"fs-uboot", 0x00000, 0x20000},
899 {"os-image", 0x20000, 0x180000},
900 {"file-system", 0x1a0000, 0x460000},
901 {"partition-table", 0x600000, 0x02000},
902 {"default-mac", 0x610000, 0x00020},
903 {"pin", 0x610100, 0x00020},
904 {"product-info", 0x611100, 0x01000},
905 {"soft-version", 0x620000, 0x01000},
906 {"support-list", 0x621000, 0x01000},
907 {"profile", 0x622000, 0x08000},
908 {"user-config", 0x630000, 0x10000},
909 {"default-config", 0x640000, 0x10000},
910 {"radio", 0x7f0000, 0x10000},
911 {NULL, 0, 0}
912 },
913
914 .first_sysupgrade_partition = "os-image",
915 .last_sysupgrade_partition = "file-system"
916 },
917
918 /** Firmware layout for the RE450 */
919 {
920 .id = "RE450",
921 .vendor = "",
922 .support_list =
923 "SupportList:\r\n"
924 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
925 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
926 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
927 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
928 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
929 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
930 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
931 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
932 .support_trail = '\x00',
933 .soft_ver = NULL,
934
935 /**
936 The flash partition table for RE450;
937 it is almost the same as the one used by the stock images,
938 576KB were moved from file-system to os-image.
939 */
940 .partitions = {
941 {"fs-uboot", 0x00000, 0x20000},
942 {"os-image", 0x20000, 0x180000},
943 {"file-system", 0x1a0000, 0x460000},
944 {"partition-table", 0x600000, 0x02000},
945 {"default-mac", 0x610000, 0x00020},
946 {"pin", 0x610100, 0x00020},
947 {"product-info", 0x611100, 0x01000},
948 {"soft-version", 0x620000, 0x01000},
949 {"support-list", 0x621000, 0x01000},
950 {"profile", 0x622000, 0x08000},
951 {"user-config", 0x630000, 0x10000},
952 {"default-config", 0x640000, 0x10000},
953 {"radio", 0x7f0000, 0x10000},
954 {NULL, 0, 0}
955 },
956
957 .first_sysupgrade_partition = "os-image",
958 .last_sysupgrade_partition = "file-system"
959 },
960
961 {}
962 };
963
964 #define error(_ret, _errno, _str, ...) \
965 do { \
966 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
967 strerror(_errno)); \
968 if (_ret) \
969 exit(_ret); \
970 } while (0)
971
972
973 /** Stores a uint32 as big endian */
974 static inline void put32(uint8_t *buf, uint32_t val) {
975 buf[0] = val >> 24;
976 buf[1] = val >> 16;
977 buf[2] = val >> 8;
978 buf[3] = val;
979 }
980
981 /** Allocates a new image partition */
982 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
983 struct image_partition_entry entry = {name, len, malloc(len)};
984 if (!entry.data)
985 error(1, errno, "malloc");
986
987 return entry;
988 }
989
990 /** Frees an image partition */
991 static void free_image_partition(struct image_partition_entry entry) {
992 free(entry.data);
993 }
994
995 static time_t source_date_epoch = -1;
996 static void set_source_date_epoch() {
997 char *env = getenv("SOURCE_DATE_EPOCH");
998 char *endptr = env;
999 errno = 0;
1000 if (env && *env) {
1001 source_date_epoch = strtoull(env, &endptr, 10);
1002 if (errno || (endptr && *endptr != '\0')) {
1003 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1004 exit(1);
1005 }
1006 }
1007 }
1008
1009 /** Generates the partition-table partition */
1010 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1011 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1012
1013 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1014
1015 *(s++) = 0x00;
1016 *(s++) = 0x04;
1017 *(s++) = 0x00;
1018 *(s++) = 0x00;
1019
1020 size_t i;
1021 for (i = 0; p[i].name; i++) {
1022 size_t len = end-s;
1023 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1024
1025 if (w > len-1)
1026 error(1, 0, "flash partition table overflow?");
1027
1028 s += w;
1029 }
1030
1031 s++;
1032
1033 memset(s, 0xff, end-s);
1034
1035 return entry;
1036 }
1037
1038
1039 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1040 static inline uint8_t bcd(uint8_t v) {
1041 return 0x10 * (v/10) + v%10;
1042 }
1043
1044
1045 /** Generates the soft-version partition */
1046 static struct image_partition_entry make_soft_version(uint32_t rev) {
1047 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1048 struct soft_version *s = (struct soft_version *)entry.data;
1049
1050 time_t t;
1051
1052 if (source_date_epoch != -1)
1053 t = source_date_epoch;
1054 else if (time(&t) == (time_t)(-1))
1055 error(1, errno, "time");
1056
1057 struct tm *tm = localtime(&t);
1058
1059 s->magic = htonl(0x0000000c);
1060 s->zero = 0;
1061 s->pad1 = 0xff;
1062
1063 s->version_major = 0;
1064 s->version_minor = 0;
1065 s->version_patch = 0;
1066
1067 s->year_hi = bcd((1900+tm->tm_year)/100);
1068 s->year_lo = bcd(tm->tm_year%100);
1069 s->month = bcd(tm->tm_mon+1);
1070 s->day = bcd(tm->tm_mday);
1071 s->rev = htonl(rev);
1072
1073 s->pad2 = 0xff;
1074
1075 return entry;
1076 }
1077
1078 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1079 /** String length _including_ the terminating zero byte */
1080 uint32_t ver_len = strlen(soft_ver) + 1;
1081 /** Partition contains 64 bit header, the version string, and one additional null byte */
1082 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1083 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1084
1085 uint32_t *len = (uint32_t *)entry.data;
1086 len[0] = htonl(ver_len);
1087 len[1] = 0;
1088 memcpy(&len[2], soft_ver, ver_len);
1089
1090 entry.data[partition_len - 1] = 0;
1091
1092 return entry;
1093 }
1094
1095 /** Generates the support-list partition */
1096 static struct image_partition_entry make_support_list(const struct device_info *info) {
1097 size_t len = strlen(info->support_list);
1098 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1099
1100 put32(entry.data, len);
1101 memset(entry.data+4, 0, 4);
1102 memcpy(entry.data+8, info->support_list, len);
1103 entry.data[len+8] = info->support_trail;
1104
1105 return entry;
1106 }
1107
1108 /** Creates a new image partition with an arbitrary name from a file */
1109 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof) {
1110 struct stat statbuf;
1111
1112 if (stat(filename, &statbuf) < 0)
1113 error(1, errno, "unable to stat file `%s'", filename);
1114
1115 size_t len = statbuf.st_size;
1116
1117 if (add_jffs2_eof)
1118 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1119
1120 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1121
1122 FILE *file = fopen(filename, "rb");
1123 if (!file)
1124 error(1, errno, "unable to open file `%s'", filename);
1125
1126 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1127 error(1, errno, "unable to read file `%s'", filename);
1128
1129 if (add_jffs2_eof) {
1130 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1131
1132 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1133 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1134 }
1135
1136 fclose(file);
1137
1138 return entry;
1139 }
1140
1141 /** Creates a new image partition from arbitrary data */
1142 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1143
1144 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1145
1146 memcpy(entry.data, datain, len);
1147
1148 return entry;
1149 }
1150
1151 /**
1152 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1153
1154 Example image partition table:
1155
1156 fwup-ptn partition-table base 0x00800 size 0x00800
1157 fwup-ptn os-image base 0x01000 size 0x113b45
1158 fwup-ptn file-system base 0x114b45 size 0x1d0004
1159 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1160
1161 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1162 the end of the partition table is marked with a zero byte.
1163
1164 The firmware image must contain at least the partition-table and support-list partitions
1165 to be accepted. There aren't any alignment constraints for the image partitions.
1166
1167 The partition-table partition contains the actual flash layout; partitions
1168 from the image partition table are mapped to the corresponding flash partitions during
1169 the firmware upgrade. The support-list partition contains a list of devices supported by
1170 the firmware image.
1171
1172 The base offsets in the firmware partition table are relative to the end
1173 of the vendor information block, so the partition-table partition will
1174 actually start at offset 0x1814 of the image.
1175
1176 I think partition-table must be the first partition in the firmware image.
1177 */
1178 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1179 size_t i, j;
1180 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1181
1182 size_t base = 0x800;
1183 for (i = 0; parts[i].name; i++) {
1184 for (j = 0; flash_parts[j].name; j++) {
1185 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1186 if (parts[i].size > flash_parts[j].size)
1187 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1188 break;
1189 }
1190 }
1191
1192 assert(flash_parts[j].name);
1193
1194 memcpy(buffer + base, parts[i].data, parts[i].size);
1195
1196 size_t len = end-image_pt;
1197 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1198
1199 if (w > len-1)
1200 error(1, 0, "image partition table overflow?");
1201
1202 image_pt += w;
1203
1204 base += parts[i].size;
1205 }
1206 }
1207
1208 /** Generates and writes the image MD5 checksum */
1209 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1210 MD5_CTX ctx;
1211
1212 MD5_Init(&ctx);
1213 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1214 MD5_Update(&ctx, buffer, len);
1215 MD5_Final(md5, &ctx);
1216 }
1217
1218
1219 /**
1220 Generates the firmware image in factory format
1221
1222 Image format:
1223
1224 Bytes (hex) Usage
1225 ----------- -----
1226 0000-0003 Image size (4 bytes, big endian)
1227 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1228 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1229 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1230 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1231 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1232 1814-xxxx Firmware partitions
1233 */
1234 static void * generate_factory_image(const struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1235 *len = 0x1814;
1236
1237 size_t i;
1238 for (i = 0; parts[i].name; i++)
1239 *len += parts[i].size;
1240
1241 uint8_t *image = malloc(*len);
1242 if (!image)
1243 error(1, errno, "malloc");
1244
1245 memset(image, 0xff, *len);
1246 put32(image, *len);
1247
1248 if (info->vendor) {
1249 size_t vendor_len = strlen(info->vendor);
1250 put32(image+0x14, vendor_len);
1251 memcpy(image+0x18, info->vendor, vendor_len);
1252 }
1253
1254 put_partitions(image + 0x1014, info->partitions, parts);
1255 put_md5(image+0x04, image+0x14, *len-0x14);
1256
1257 return image;
1258 }
1259
1260 /**
1261 Generates the firmware image in sysupgrade format
1262
1263 This makes some assumptions about the provided flash and image partition tables and
1264 should be generalized when TP-LINK starts building its safeloader into hardware with
1265 different flash layouts.
1266 */
1267 static void * generate_sysupgrade_image(const struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1268 size_t i, j;
1269 size_t flash_first_partition_index = 0;
1270 size_t flash_last_partition_index = 0;
1271 const struct flash_partition_entry *flash_first_partition = NULL;
1272 const struct flash_partition_entry *flash_last_partition = NULL;
1273 const struct image_partition_entry *image_last_partition = NULL;
1274
1275 /** Find first and last partitions */
1276 for (i = 0; info->partitions[i].name; i++) {
1277 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1278 flash_first_partition = &info->partitions[i];
1279 flash_first_partition_index = i;
1280 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1281 flash_last_partition = &info->partitions[i];
1282 flash_last_partition_index = i;
1283 }
1284 }
1285
1286 assert(flash_first_partition && flash_last_partition);
1287 assert(flash_first_partition_index < flash_last_partition_index);
1288
1289 /** Find last partition from image to calculate needed size */
1290 for (i = 0; image_parts[i].name; i++) {
1291 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1292 image_last_partition = &image_parts[i];
1293 break;
1294 }
1295 }
1296
1297 assert(image_last_partition);
1298
1299 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1300
1301 uint8_t *image = malloc(*len);
1302 if (!image)
1303 error(1, errno, "malloc");
1304
1305 memset(image, 0xff, *len);
1306
1307 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1308 for (j = 0; image_parts[j].name; j++) {
1309 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1310 if (image_parts[j].size > info->partitions[i].size)
1311 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1312 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1313 break;
1314 }
1315
1316 assert(image_parts[j].name);
1317 }
1318 }
1319
1320 return image;
1321 }
1322
1323 /** Generates an image according to a given layout and writes it to a file */
1324 static void build_image(const char *output,
1325 const char *kernel_image,
1326 const char *rootfs_image,
1327 uint32_t rev,
1328 bool add_jffs2_eof,
1329 bool sysupgrade,
1330 const struct device_info *info) {
1331
1332 struct image_partition_entry parts[7] = {};
1333
1334 parts[0] = make_partition_table(info->partitions);
1335 if (info->soft_ver)
1336 parts[1] = make_soft_version_from_string(info->soft_ver);
1337 else
1338 parts[1] = make_soft_version(rev);
1339
1340 parts[2] = make_support_list(info);
1341 parts[3] = read_file("os-image", kernel_image, false);
1342 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof);
1343
1344 /* Some devices need the extra-para partition to accept the firmware */
1345 if (strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1346 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1347 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1348 parts[5] = put_data("extra-para", mdat, 11);
1349 } else if (strcasecmp(info->id, "ARCHER-C7-V4") == 0) {
1350 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1351 parts[5] = put_data("extra-para", mdat, 11);
1352 }
1353
1354 size_t len;
1355 void *image;
1356 if (sysupgrade)
1357 image = generate_sysupgrade_image(info, parts, &len);
1358 else
1359 image = generate_factory_image(info, parts, &len);
1360
1361 FILE *file = fopen(output, "wb");
1362 if (!file)
1363 error(1, errno, "unable to open output file");
1364
1365 if (fwrite(image, len, 1, file) != 1)
1366 error(1, 0, "unable to write output file");
1367
1368 fclose(file);
1369
1370 free(image);
1371
1372 size_t i;
1373 for (i = 0; parts[i].name; i++)
1374 free_image_partition(parts[i]);
1375 }
1376
1377 /** Usage output */
1378 static void usage(const char *argv0) {
1379 fprintf(stderr,
1380 "Usage: %s [OPTIONS...]\n"
1381 "\n"
1382 "Options:\n"
1383 " -h show this help\n"
1384 "\n"
1385 "Create a new image:\n"
1386 " -B <board> create image for the board specified with <board>\n"
1387 " -k <file> read kernel image from the file <file>\n"
1388 " -r <file> read rootfs image from the file <file>\n"
1389 " -o <file> write output to the file <file>\n"
1390 " -V <rev> sets the revision number to <rev>\n"
1391 " -j add jffs2 end-of-filesystem markers\n"
1392 " -S create sysupgrade instead of factory image\n"
1393 "Extract an old image:\n"
1394 " -x <file> extract all oem firmware partition\n"
1395 " -d <dir> destination to extract the firmware partition\n"
1396 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1397 argv0
1398 );
1399 };
1400
1401
1402 static const struct device_info *find_board(const char *id)
1403 {
1404 struct device_info *board = NULL;
1405
1406 for (board = boards; board->id != NULL; board++)
1407 if (strcasecmp(id, board->id) == 0)
1408 return board;
1409
1410 return NULL;
1411 }
1412
1413 static int add_flash_partition(
1414 struct flash_partition_entry *part_list,
1415 size_t max_entries,
1416 const char *name,
1417 unsigned long base,
1418 unsigned long size)
1419 {
1420 /* check if the list has a free entry */
1421 for (int ptr=0; ptr<max_entries; ptr++, part_list++) {
1422 if (part_list->name == NULL &&
1423 part_list->base == 0 &&
1424 part_list->size == 0)
1425 break;
1426 }
1427
1428 if (ptr == max_entries) {
1429 error(1, 0, "No free flash part entry available.");
1430 }
1431
1432 part_list->name = calloc(1, strlen(name) + 1);
1433 memcpy((char *)part_list->name, name, strlen(name));
1434 part_list->base = base;
1435 part_list->size = size;
1436
1437 return 0;
1438 }
1439
1440 /** read the partition table into struct flash_partition_entry */
1441 static int read_partition_table(
1442 FILE *file, long offset,
1443 struct flash_partition_entry *entries, size_t max_entries,
1444 int type)
1445 {
1446 char buf[2048];
1447 char *ptr, *end;
1448 const char *parthdr = NULL;
1449 const char *fwuphdr = "fwup-ptn";
1450 const char *flashhdr = "partition";
1451
1452 /* TODO: search for the partition table */
1453
1454 switch(type) {
1455 case 0:
1456 parthdr = fwuphdr;
1457 break;
1458 case 1:
1459 parthdr = flashhdr;
1460 break;
1461 default:
1462 error(1, 0, "Invalid partition table");
1463 }
1464
1465 if (fseek(file, offset, SEEK_SET) < 0)
1466 error(1, errno, "Can not seek in the firmware");
1467
1468 if (fread(buf, 1, 2048, file) < 0)
1469 error(1, errno, "Can not read fwup-ptn from the firmware");
1470
1471 buf[2047] = '\0';
1472
1473 /* look for the partition header */
1474 if (memcmp(buf, parthdr, strlen(parthdr)) != 0) {
1475 fprintf(stderr, "DEBUG: can not find fwuphdr\n");
1476 return 1;
1477 }
1478
1479 ptr = buf;
1480 end = buf + sizeof(buf);
1481 while ((ptr + strlen(parthdr)) < end &&
1482 memcmp(ptr, parthdr, strlen(parthdr)) == 0) {
1483 char *end_part;
1484 char *end_element;
1485
1486 char name[32] = { 0 };
1487 int name_len = 0;
1488 unsigned long base = 0;
1489 unsigned long size = 0;
1490
1491 end_part = memchr(ptr, '\n', (end - ptr));
1492 if (end_part == NULL) {
1493 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1494 break;
1495 }
1496
1497 for (int i=0; i<=4; i++) {
1498 if (end_part <= ptr)
1499 break;
1500
1501 end_element = memchr(ptr, 0x20, (end_part - ptr));
1502 if (end_element == NULL) {
1503 error(1, errno, "Ignoring the rest of the partition entries.");
1504 break;
1505 }
1506
1507 switch (i) {
1508 /* partition header */
1509 case 0:
1510 ptr = end_element + 1;
1511 continue;
1512 /* name */
1513 case 1:
1514 name_len = (end_element - ptr) > 31 ? 31 : (end_element - ptr);
1515 strncpy(name, ptr, name_len);
1516 name[name_len] = '\0';
1517 ptr = end_element + 1;
1518 continue;
1519
1520 /* string "base" */
1521 case 2:
1522 ptr = end_element + 1;
1523 continue;
1524
1525 /* actual base */
1526 case 3:
1527 base = strtoul(ptr, NULL, 16);
1528 ptr = end_element + 1;
1529 continue;
1530
1531 /* string "size" */
1532 case 4:
1533 ptr = end_element + 1;
1534 /* actual size. The last element doesn't have a sepeartor */
1535 size = strtoul(ptr, NULL, 16);
1536 /* the part ends with 0x09, 0x0d, 0x0a */
1537 ptr = end_part + 1;
1538 add_flash_partition(entries, max_entries, name, base, size);
1539 continue;
1540 }
1541 }
1542 }
1543
1544 return 0;
1545 }
1546
1547 static void write_partition(
1548 FILE *input_file,
1549 size_t firmware_offset,
1550 struct flash_partition_entry *entry,
1551 FILE *output_file)
1552 {
1553 char buf[4096];
1554 size_t offset;
1555
1556 fseek(input_file, entry->base + firmware_offset, SEEK_SET);
1557
1558 for (offset = 0; sizeof(buf) + offset <= entry->size; offset += sizeof(buf)) {
1559 if (fread(buf, sizeof(buf), 1, input_file) < 0)
1560 error(1, errno, "Can not read partition from input_file");
1561
1562 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1563 error(1, errno, "Can not write partition to output_file");
1564 }
1565 /* write last chunk smaller than buffer */
1566 if (offset < entry->size) {
1567 offset = entry->size - offset;
1568 if (fread(buf, offset, 1, input_file) < 0)
1569 error(1, errno, "Can not read partition from input_file");
1570 if (fwrite(buf, offset, 1, output_file) < 0)
1571 error(1, errno, "Can not write partition to output_file");
1572 }
1573 }
1574
1575 static int extract_firmware_partition(FILE *input_file, size_t firmware_offset, struct flash_partition_entry *entry, const char *output_directory)
1576 {
1577 FILE *output_file;
1578 char output[PATH_MAX];
1579
1580 snprintf(output, PATH_MAX, "%s/%s", output_directory, entry->name);
1581 output_file = fopen(output, "wb+");
1582 if (output_file == NULL) {
1583 error(1, errno, "Can not open output file %s", output);
1584 }
1585
1586 write_partition(input_file, firmware_offset, entry, output_file);
1587
1588 fclose(output_file);
1589
1590 return 0;
1591 }
1592
1593 /** extract all partitions from the firmware file */
1594 static int extract_firmware(const char *input, const char *output_directory)
1595 {
1596 struct flash_partition_entry entries[16] = { 0 };
1597 size_t max_entries = 16;
1598 size_t firmware_offset = 0x1014;
1599 FILE *input_file;
1600
1601 struct stat statbuf;
1602
1603 /* check input file */
1604 if (stat(input, &statbuf)) {
1605 error(1, errno, "Can not read input firmware %s", input);
1606 }
1607
1608 /* check if output directory exists */
1609 if (stat(output_directory, &statbuf)) {
1610 error(1, errno, "Failed to stat output directory %s", output_directory);
1611 }
1612
1613 if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
1614 error(1, errno, "Given output directory is not a directory %s", output_directory);
1615 }
1616
1617 input_file = fopen(input, "rb");
1618
1619 if (read_partition_table(input_file, firmware_offset, entries, 16, 0) != 0) {
1620 error(1, 0, "Error can not read the partition table (fwup-ptn)");
1621 }
1622
1623 for (int i=0; i<max_entries; i++) {
1624 if (entries[i].name == NULL &&
1625 entries[i].base == 0 &&
1626 entries[i].size == 0)
1627 continue;
1628
1629 extract_firmware_partition(input_file, firmware_offset, &entries[i], output_directory);
1630 }
1631
1632 return 0;
1633 }
1634
1635 static struct flash_partition_entry *find_partition(
1636 struct flash_partition_entry *entries, size_t max_entries,
1637 const char *name, const char *error_msg)
1638 {
1639 for (int i=0; i<max_entries; i++, entries++) {
1640 if (strcmp(entries->name, name) == 0)
1641 return entries;
1642 }
1643
1644 error(1, 0, "%s", error_msg);
1645 return NULL;
1646 }
1647
1648 static void write_ff(FILE *output_file, size_t size)
1649 {
1650 char buf[4096];
1651 int offset;
1652
1653 memset(buf, 0xff, sizeof(buf));
1654
1655 for (offset = 0; offset + sizeof(buf) < size ; offset += sizeof(buf)) {
1656 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1657 error(1, errno, "Can not write 0xff to output_file");
1658 }
1659
1660 /* write last chunk smaller than buffer */
1661 if (offset < size) {
1662 offset = size - offset;
1663 if (fwrite(buf, offset, 1, output_file) < 0)
1664 error(1, errno, "Can not write partition to output_file");
1665 }
1666 }
1667
1668 static void convert_firmware(const char *input, const char *output)
1669 {
1670 struct flash_partition_entry fwup[MAX_PARTITIONS] = { 0 };
1671 struct flash_partition_entry flash[MAX_PARTITIONS] = { 0 };
1672 struct flash_partition_entry *fwup_os_image = NULL, *fwup_file_system = NULL;
1673 struct flash_partition_entry *flash_os_image = NULL, *flash_file_system = NULL;
1674 struct flash_partition_entry *fwup_partition_table = NULL;
1675 size_t firmware_offset = 0x1014;
1676 FILE *input_file, *output_file;
1677
1678 struct stat statbuf;
1679
1680 /* check input file */
1681 if (stat(input, &statbuf)) {
1682 error(1, errno, "Can not read input firmware %s", input);
1683 }
1684
1685 input_file = fopen(input, "rb");
1686 if (!input_file)
1687 error(1, 0, "Can not open input firmware %s", input);
1688
1689 output_file = fopen(output, "wb");
1690 if (!output_file)
1691 error(1, 0, "Can not open output firmware %s", output);
1692
1693 if (read_partition_table(input_file, firmware_offset, fwup, MAX_PARTITIONS, 0) != 0) {
1694 error(1, 0, "Error can not read the partition table (fwup-ptn)");
1695 }
1696
1697 fwup_os_image = find_partition(fwup, MAX_PARTITIONS,
1698 "os-image", "Error can not find os-image partition (fwup)");
1699 fwup_file_system = find_partition(fwup, MAX_PARTITIONS,
1700 "file-system", "Error can not find file-system partition (fwup)");
1701 fwup_partition_table = find_partition(fwup, MAX_PARTITIONS,
1702 "partition-table", "Error can not find partition-table partition");
1703
1704 /* the flash partition table has a 0x00000004 magic haeder */
1705 if (read_partition_table(input_file, firmware_offset + fwup_partition_table->base + 4, flash, MAX_PARTITIONS, 1) != 0)
1706 error(1, 0, "Error can not read the partition table (flash)");
1707
1708 flash_os_image = find_partition(flash, MAX_PARTITIONS,
1709 "os-image", "Error can not find os-image partition (flash)");
1710 flash_file_system = find_partition(flash, MAX_PARTITIONS,
1711 "file-system", "Error can not find file-system partition (flash)");
1712
1713 /* write os_image to 0x0 */
1714 write_partition(input_file, firmware_offset, fwup_os_image, output_file);
1715 write_ff(output_file, flash_os_image->size - fwup_os_image->size);
1716
1717 /* write file-system behind os_image */
1718 fseek(output_file, flash_file_system->base - flash_os_image->base, SEEK_SET);
1719 write_partition(input_file, firmware_offset, fwup_file_system, output_file);
1720 write_ff(output_file, flash_file_system->size - fwup_file_system->size);
1721
1722 fclose(output_file);
1723 fclose(input_file);
1724 }
1725
1726 int main(int argc, char *argv[]) {
1727 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
1728 const char *extract_image = NULL, *output_directory = NULL, *convert_image = NULL;
1729 bool add_jffs2_eof = false, sysupgrade = false;
1730 unsigned rev = 0;
1731 const struct device_info *info;
1732 set_source_date_epoch();
1733
1734 while (true) {
1735 int c;
1736
1737 c = getopt(argc, argv, "B:k:r:o:V:jSh:x:d:z:");
1738 if (c == -1)
1739 break;
1740
1741 switch (c) {
1742 case 'B':
1743 board = optarg;
1744 break;
1745
1746 case 'k':
1747 kernel_image = optarg;
1748 break;
1749
1750 case 'r':
1751 rootfs_image = optarg;
1752 break;
1753
1754 case 'o':
1755 output = optarg;
1756 break;
1757
1758 case 'V':
1759 sscanf(optarg, "r%u", &rev);
1760 break;
1761
1762 case 'j':
1763 add_jffs2_eof = true;
1764 break;
1765
1766 case 'S':
1767 sysupgrade = true;
1768 break;
1769
1770 case 'h':
1771 usage(argv[0]);
1772 return 0;
1773
1774 case 'd':
1775 output_directory = optarg;
1776 break;
1777
1778 case 'x':
1779 extract_image = optarg;
1780 break;
1781
1782 case 'z':
1783 convert_image = optarg;
1784 break;
1785
1786 default:
1787 usage(argv[0]);
1788 return 1;
1789 }
1790 }
1791
1792 if (extract_image || output_directory) {
1793 if (!extract_image)
1794 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
1795 if (!output_directory)
1796 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
1797 extract_firmware(extract_image, output_directory);
1798 } else if (convert_image) {
1799 if (!output)
1800 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
1801 convert_firmware(convert_image, output);
1802 } else {
1803 if (!board)
1804 error(1, 0, "no board has been specified");
1805 if (!kernel_image)
1806 error(1, 0, "no kernel image has been specified");
1807 if (!rootfs_image)
1808 error(1, 0, "no rootfs image has been specified");
1809 if (!output)
1810 error(1, 0, "no output filename has been specified");
1811
1812 info = find_board(board);
1813
1814 if (info == NULL)
1815 error(1, 0, "unsupported board %s", board);
1816
1817 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
1818 }
1819
1820 return 0;
1821 }
OpenWrt Source Repository