ar71xx: switch TP-Link RE450 v1 to dynamic partitioning
[openwrt/openwrt.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <limits.h>
50
51 #include "md5.h"
52
53
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
55
56
57 #define MAX_PARTITIONS 32
58
59 /** An image partition table entry */
60 struct image_partition_entry {
61 const char *name;
62 size_t size;
63 uint8_t *data;
64 };
65
66 /** A flash partition table entry */
67 struct flash_partition_entry {
68 char *name;
69 uint32_t base;
70 uint32_t size;
71 };
72
73 /** Firmware layout description */
74 struct device_info {
75 const char *id;
76 const char *vendor;
77 const char *support_list;
78 char support_trail;
79 const char *soft_ver;
80 struct flash_partition_entry partitions[MAX_PARTITIONS+1];
81 const char *first_sysupgrade_partition;
82 const char *last_sysupgrade_partition;
83 };
84
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__)) soft_version {
87 uint32_t magic;
88 uint32_t zero;
89 uint8_t pad1;
90 uint8_t version_major;
91 uint8_t version_minor;
92 uint8_t version_patch;
93 uint8_t year_hi;
94 uint8_t year_lo;
95 uint8_t month;
96 uint8_t day;
97 uint32_t rev;
98 uint8_t pad2;
99 };
100
101
102 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
103
104
105 /**
106 Salt for the MD5 hash
107
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
110 */
111 static const uint8_t md5_salt[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
116 };
117
118
119 /** Firmware layout table */
120 static struct device_info boards[] = {
121 /** Firmware layout for the CPE210/220 */
122 {
123 .id = "CPE210",
124 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
125 .support_list =
126 "SupportList:\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail = '\xff',
135 .soft_ver = NULL,
136
137 .partitions = {
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
151 {NULL, 0, 0}
152 },
153
154 .first_sysupgrade_partition = "os-image",
155 .last_sysupgrade_partition = "support-list",
156 },
157
158 /** Firmware layout for the CPE210 V2 */
159 {
160 .id = "CPE210V2",
161 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
162 .support_list =
163 "SupportList:\r\n"
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail = '\xff',
175 .soft_ver = NULL,
176
177 .partitions = {
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"os-image", 0x40000, 0x1c0000},
186 {"file-system", 0x200000, 0x5b0000},
187 {"soft-version", 0x7b0000, 0x00100},
188 {"support-list", 0x7b1000, 0x01000},
189 {"user-config", 0x7c0000, 0x10000},
190 {"default-config", 0x7d0000, 0x10000},
191 {"log", 0x7e0000, 0x10000},
192 {"radio", 0x7f0000, 0x10000},
193 {NULL, 0, 0}
194 },
195
196 .first_sysupgrade_partition = "os-image",
197 .last_sysupgrade_partition = "support-list",
198 },
199
200 /** Firmware layout for the CPE510/520 */
201 {
202 .id = "CPE510",
203 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
204 .support_list =
205 "SupportList:\r\n"
206 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
207 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
208 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
209 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
210 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
211 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
212 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
213 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
214 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
215 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
216 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
217 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
218 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
219 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
220 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
221 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
222 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
223 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
224 .support_trail = '\xff',
225 .soft_ver = NULL,
226
227 .partitions = {
228 {"fs-uboot", 0x00000, 0x20000},
229 {"partition-table", 0x20000, 0x02000},
230 {"default-mac", 0x30000, 0x00020},
231 {"product-info", 0x31100, 0x00100},
232 {"signature", 0x32000, 0x00400},
233 {"os-image", 0x40000, 0x1c0000},
234 {"file-system", 0x200000, 0x5b0000},
235 {"soft-version", 0x7b0000, 0x00100},
236 {"support-list", 0x7b1000, 0x00400},
237 {"user-config", 0x7c0000, 0x10000},
238 {"default-config", 0x7d0000, 0x10000},
239 {"log", 0x7e0000, 0x10000},
240 {"radio", 0x7f0000, 0x10000},
241 {NULL, 0, 0}
242 },
243
244 .first_sysupgrade_partition = "os-image",
245 .last_sysupgrade_partition = "support-list",
246 },
247
248 {
249 .id = "WBS210",
250 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
251 .support_list =
252 "SupportList:\r\n"
253 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
254 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
255 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
256 .support_trail = '\xff',
257 .soft_ver = NULL,
258
259 .partitions = {
260 {"fs-uboot", 0x00000, 0x20000},
261 {"partition-table", 0x20000, 0x02000},
262 {"default-mac", 0x30000, 0x00020},
263 {"product-info", 0x31100, 0x00100},
264 {"signature", 0x32000, 0x00400},
265 {"os-image", 0x40000, 0x1c0000},
266 {"file-system", 0x200000, 0x5b0000},
267 {"soft-version", 0x7b0000, 0x00100},
268 {"support-list", 0x7b1000, 0x00400},
269 {"user-config", 0x7c0000, 0x10000},
270 {"default-config", 0x7d0000, 0x10000},
271 {"log", 0x7e0000, 0x10000},
272 {"radio", 0x7f0000, 0x10000},
273 {NULL, 0, 0}
274 },
275
276 .first_sysupgrade_partition = "os-image",
277 .last_sysupgrade_partition = "support-list",
278 },
279
280 {
281 .id = "WBS510",
282 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
283 .support_list =
284 "SupportList:\r\n"
285 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
286 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
287 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
288 .support_trail = '\xff',
289 .soft_ver = NULL,
290
291 .partitions = {
292 {"fs-uboot", 0x00000, 0x20000},
293 {"partition-table", 0x20000, 0x02000},
294 {"default-mac", 0x30000, 0x00020},
295 {"product-info", 0x31100, 0x00100},
296 {"signature", 0x32000, 0x00400},
297 {"os-image", 0x40000, 0x1c0000},
298 {"file-system", 0x200000, 0x5b0000},
299 {"soft-version", 0x7b0000, 0x00100},
300 {"support-list", 0x7b1000, 0x00400},
301 {"user-config", 0x7c0000, 0x10000},
302 {"default-config", 0x7d0000, 0x10000},
303 {"log", 0x7e0000, 0x10000},
304 {"radio", 0x7f0000, 0x10000},
305 {NULL, 0, 0}
306 },
307
308 .first_sysupgrade_partition = "os-image",
309 .last_sysupgrade_partition = "support-list",
310 },
311
312 /** Firmware layout for the C2600 */
313 {
314 .id = "C2600",
315 .vendor = "",
316 .support_list =
317 "SupportList:\r\n"
318 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
319 .support_trail = '\x00',
320 .soft_ver = NULL,
321
322 /**
323 We use a bigger os-image partition than the stock images (and thus
324 smaller file-system), as our kernel doesn't fit in the stock firmware's
325 2 MB os-image since kernel 4.14.
326 */
327 .partitions = {
328 {"SBL1", 0x00000, 0x20000},
329 {"MIBIB", 0x20000, 0x20000},
330 {"SBL2", 0x40000, 0x20000},
331 {"SBL3", 0x60000, 0x30000},
332 {"DDRCONFIG", 0x90000, 0x10000},
333 {"SSD", 0xa0000, 0x10000},
334 {"TZ", 0xb0000, 0x30000},
335 {"RPM", 0xe0000, 0x20000},
336 {"fs-uboot", 0x100000, 0x70000},
337 {"uboot-env", 0x170000, 0x40000},
338 {"radio", 0x1b0000, 0x40000},
339 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
340 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
341 {"default-mac", 0x1ef0000, 0x00200},
342 {"pin", 0x1ef0200, 0x00200},
343 {"product-info", 0x1ef0400, 0x0fc00},
344 {"partition-table", 0x1f00000, 0x10000},
345 {"soft-version", 0x1f10000, 0x10000},
346 {"support-list", 0x1f20000, 0x10000},
347 {"profile", 0x1f30000, 0x10000},
348 {"default-config", 0x1f40000, 0x10000},
349 {"user-config", 0x1f50000, 0x40000},
350 {"qos-db", 0x1f90000, 0x40000},
351 {"usb-config", 0x1fd0000, 0x10000},
352 {"log", 0x1fe0000, 0x20000},
353 {NULL, 0, 0}
354 },
355
356 .first_sysupgrade_partition = "os-image",
357 .last_sysupgrade_partition = "file-system"
358 },
359
360 /** Firmware layout for the C25v1 */
361 {
362 .id = "ARCHER-C25-V1",
363 .support_list =
364 "SupportList:\n"
365 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
366 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
367 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
368 .support_trail = '\x00',
369 .soft_ver = "soft_ver:1.0.0\n",
370
371 /**
372 We use a bigger os-image partition than the stock images (and thus
373 smaller file-system), as our kernel doesn't fit in the stock firmware's
374 1MB os-image.
375 */
376 .partitions = {
377 {"factory-boot", 0x00000, 0x20000},
378 {"fs-uboot", 0x20000, 0x10000},
379 {"os-image", 0x30000, 0x180000}, /* Stock: base 0x30000 size 0x100000 */
380 {"file-system", 0x1b0000, 0x620000}, /* Stock: base 0x130000 size 0x6a0000 */
381 {"user-config", 0x7d0000, 0x04000},
382 {"default-mac", 0x7e0000, 0x00100},
383 {"device-id", 0x7e0100, 0x00100},
384 {"extra-para", 0x7e0200, 0x00100},
385 {"pin", 0x7e0300, 0x00100},
386 {"support-list", 0x7e0400, 0x00400},
387 {"soft-version", 0x7e0800, 0x00400},
388 {"product-info", 0x7e0c00, 0x01400},
389 {"partition-table", 0x7e2000, 0x01000},
390 {"profile", 0x7e3000, 0x01000},
391 {"default-config", 0x7e4000, 0x04000},
392 {"merge-config", 0x7ec000, 0x02000},
393 {"qos-db", 0x7ee000, 0x02000},
394 {"radio", 0x7f0000, 0x10000},
395 {NULL, 0, 0}
396 },
397
398 .first_sysupgrade_partition = "os-image",
399 .last_sysupgrade_partition = "file-system",
400 },
401
402 /** Firmware layout for the C58v1 */
403 {
404 .id = "ARCHER-C58-V1",
405 .vendor = "",
406 .support_list =
407 "SupportList:\r\n"
408 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
409 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
410 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
411 .support_trail = '\x00',
412 .soft_ver = "soft_ver:1.0.0\n",
413
414 .partitions = {
415 {"fs-uboot", 0x00000, 0x10000},
416 {"default-mac", 0x10000, 0x00200},
417 {"pin", 0x10200, 0x00200},
418 {"product-info", 0x10400, 0x00100},
419 {"partition-table", 0x10500, 0x00800},
420 {"soft-version", 0x11300, 0x00200},
421 {"support-list", 0x11500, 0x00100},
422 {"device-id", 0x11600, 0x00100},
423 {"profile", 0x11700, 0x03900},
424 {"default-config", 0x15000, 0x04000},
425 {"user-config", 0x19000, 0x04000},
426 {"os-image", 0x20000, 0x180000},
427 {"file-system", 0x1a0000, 0x648000},
428 {"certyficate", 0x7e8000, 0x08000},
429 {"radio", 0x7f0000, 0x10000},
430 {NULL, 0, 0}
431 },
432
433 .first_sysupgrade_partition = "os-image",
434 .last_sysupgrade_partition = "file-system",
435 },
436
437 /** Firmware layout for the C59v1 */
438 {
439 .id = "ARCHER-C59-V1",
440 .vendor = "",
441 .support_list =
442 "SupportList:\r\n"
443 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
444 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
445 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
446 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
447 .support_trail = '\x00',
448 .soft_ver = "soft_ver:1.0.0\n",
449
450 .partitions = {
451 {"fs-uboot", 0x00000, 0x10000},
452 {"default-mac", 0x10000, 0x00200},
453 {"pin", 0x10200, 0x00200},
454 {"device-id", 0x10400, 0x00100},
455 {"product-info", 0x10500, 0x0fb00},
456 {"os-image", 0x20000, 0x180000},
457 {"file-system", 0x1a0000, 0xcb0000},
458 {"partition-table", 0xe50000, 0x10000},
459 {"soft-version", 0xe60000, 0x10000},
460 {"support-list", 0xe70000, 0x10000},
461 {"profile", 0xe80000, 0x10000},
462 {"default-config", 0xe90000, 0x10000},
463 {"user-config", 0xea0000, 0x40000},
464 {"usb-config", 0xee0000, 0x10000},
465 {"certificate", 0xef0000, 0x10000},
466 {"qos-db", 0xf00000, 0x40000},
467 {"log", 0xfe0000, 0x10000},
468 {"radio", 0xff0000, 0x10000},
469 {NULL, 0, 0}
470 },
471
472 .first_sysupgrade_partition = "os-image",
473 .last_sysupgrade_partition = "file-system",
474 },
475
476 /** Firmware layout for the C59v2 */
477 {
478 .id = "ARCHER-C59-V2",
479 .vendor = "",
480 .support_list =
481 "SupportList:\r\n"
482 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
483 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
484 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
485 .support_trail = '\x00',
486 .soft_ver = "soft_ver:2.0.0 Build 20161206 rel.7303\n",
487
488 /** We're using a dynamic kernel/rootfs split here */
489 .partitions = {
490 {"factory-boot", 0x00000, 0x20000},
491 {"fs-uboot", 0x20000, 0x10000},
492 {"default-mac", 0x30000, 0x00200},
493 {"pin", 0x30200, 0x00200},
494 {"device-id", 0x30400, 0x00100},
495 {"product-info", 0x30500, 0x0fb00},
496 {"firmware", 0x40000, 0xe10000},
497 {"partition-table", 0xe50000, 0x10000},
498 {"soft-version", 0xe60000, 0x10000},
499 {"support-list", 0xe70000, 0x10000},
500 {"profile", 0xe80000, 0x10000},
501 {"default-config", 0xe90000, 0x10000},
502 {"user-config", 0xea0000, 0x40000},
503 {"usb-config", 0xee0000, 0x10000},
504 {"certificate", 0xef0000, 0x10000},
505 {"extra-para", 0xf00000, 0x10000},
506 {"qos-db", 0xf10000, 0x30000},
507 {"log", 0xfe0000, 0x10000},
508 {"radio", 0xff0000, 0x10000},
509 {NULL, 0, 0}
510 },
511
512 .first_sysupgrade_partition = "os-image",
513 .last_sysupgrade_partition = "file-system",
514 },
515
516 /** Firmware layout for the C60v1 */
517 {
518 .id = "ARCHER-C60-V1",
519 .vendor = "",
520 .support_list =
521 "SupportList:\r\n"
522 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
523 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
524 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
525 .support_trail = '\x00',
526 .soft_ver = "soft_ver:1.0.0\n",
527
528 .partitions = {
529 {"fs-uboot", 0x00000, 0x10000},
530 {"default-mac", 0x10000, 0x00200},
531 {"pin", 0x10200, 0x00200},
532 {"product-info", 0x10400, 0x00100},
533 {"partition-table", 0x10500, 0x00800},
534 {"soft-version", 0x11300, 0x00200},
535 {"support-list", 0x11500, 0x00100},
536 {"device-id", 0x11600, 0x00100},
537 {"profile", 0x11700, 0x03900},
538 {"default-config", 0x15000, 0x04000},
539 {"user-config", 0x19000, 0x04000},
540 {"os-image", 0x20000, 0x180000},
541 {"file-system", 0x1a0000, 0x648000},
542 {"certyficate", 0x7e8000, 0x08000},
543 {"radio", 0x7f0000, 0x10000},
544 {NULL, 0, 0}
545 },
546
547 .first_sysupgrade_partition = "os-image",
548 .last_sysupgrade_partition = "file-system",
549 },
550
551 /** Firmware layout for the C60v2 */
552 {
553 .id = "ARCHER-C60-V2",
554 .vendor = "",
555 .support_list =
556 "SupportList:\r\n"
557 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
558 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
559 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
560 .support_trail = '\x00',
561 .soft_ver = "soft_ver:2.0.0\n",
562
563 .partitions = {
564 {"factory-boot", 0x00000, 0x1fb00},
565 {"default-mac", 0x1fb00, 0x00200},
566 {"pin", 0x1fd00, 0x00100},
567 {"product-info", 0x1fe00, 0x00100},
568 {"device-id", 0x1ff00, 0x00100},
569 {"fs-uboot", 0x20000, 0x10000},
570 {"os-image", 0x30000, 0x180000},
571 {"file-system", 0x1b0000, 0x620000},
572 {"soft-version", 0x7d9500, 0x00100},
573 {"support-list", 0x7d9600, 0x00100},
574 {"extra-para", 0x7d9700, 0x00100},
575 {"profile", 0x7d9800, 0x03000},
576 {"default-config", 0x7dc800, 0x03000},
577 {"partition-table", 0x7df800, 0x00800},
578 {"user-config", 0x7e0000, 0x0c000},
579 {"certificate", 0x7ec000, 0x04000},
580 {"radio", 0x7f0000, 0x10000},
581 {NULL, 0, 0}
582 },
583
584 .first_sysupgrade_partition = "os-image",
585 .last_sysupgrade_partition = "file-system",
586 },
587
588 /** Firmware layout for the C5 */
589 {
590 .id = "ARCHER-C5-V2",
591 .vendor = "",
592 .support_list =
593 "SupportList:\r\n"
594 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
595 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
596 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
597 .support_trail = '\x00',
598 .soft_ver = NULL,
599
600 .partitions = {
601 {"fs-uboot", 0x00000, 0x40000},
602 {"os-image", 0x40000, 0x200000},
603 {"file-system", 0x240000, 0xc00000},
604 {"default-mac", 0xe40000, 0x00200},
605 {"pin", 0xe40200, 0x00200},
606 {"product-info", 0xe40400, 0x00200},
607 {"partition-table", 0xe50000, 0x10000},
608 {"soft-version", 0xe60000, 0x00200},
609 {"support-list", 0xe61000, 0x0f000},
610 {"profile", 0xe70000, 0x10000},
611 {"default-config", 0xe80000, 0x10000},
612 {"user-config", 0xe90000, 0x50000},
613 {"log", 0xee0000, 0x100000},
614 {"radio_bk", 0xfe0000, 0x10000},
615 {"radio", 0xff0000, 0x10000},
616 {NULL, 0, 0}
617 },
618
619 .first_sysupgrade_partition = "os-image",
620 .last_sysupgrade_partition = "file-system"
621 },
622
623 /** Firmware layout for the C7 */
624 {
625 .id = "ARCHER-C7-V4",
626 .support_list =
627 "SupportList:\n"
628 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
629 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
630 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
631 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
632 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
633 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
634 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
635 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
636 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
637 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
638 .support_trail = '\x00',
639 .soft_ver = "soft_ver:1.0.0\n",
640
641 /**
642 We use a bigger os-image partition than the stock images (and thus
643 smaller file-system), as our kernel doesn't fit in the stock firmware's
644 1MB os-image.
645 */
646 .partitions = {
647 {"factory-boot", 0x00000, 0x20000},
648 {"fs-uboot", 0x20000, 0x20000},
649 {"os-image", 0x40000, 0x180000}, /* Stock: base 0x40000 size 0x120000 */
650 {"file-system", 0x1c0000, 0xd40000}, /* Stock: base 0x160000 size 0xda0000 */
651 {"default-mac", 0xf00000, 0x00200},
652 {"pin", 0xf00200, 0x00200},
653 {"device-id", 0xf00400, 0x00100},
654 {"product-info", 0xf00500, 0x0fb00},
655 {"soft-version", 0xf10000, 0x00100},
656 {"extra-para", 0xf11000, 0x01000},
657 {"support-list", 0xf12000, 0x0a000},
658 {"profile", 0xf1c000, 0x04000},
659 {"default-config", 0xf20000, 0x10000},
660 {"user-config", 0xf30000, 0x40000},
661 {"qos-db", 0xf70000, 0x40000},
662 {"certificate", 0xfb0000, 0x10000},
663 {"partition-table", 0xfc0000, 0x10000},
664 {"log", 0xfd0000, 0x20000},
665 {"radio", 0xff0000, 0x10000},
666 {NULL, 0, 0}
667 },
668
669 .first_sysupgrade_partition = "os-image",
670 .last_sysupgrade_partition = "file-system",
671 },
672
673 /** Firmware layout for the C7 v5*/
674 {
675 .id = "ARCHER-C7-V5",
676 .support_list =
677 "SupportList:\n"
678 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
679 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n",
680
681 .support_trail = '\x00',
682 .soft_ver = "soft_ver:1.0.0\n",
683
684 /**
685 We use a bigger os-image partition than the stock images (and thus
686 smaller file-system), as our kernel doesn't fit in the stock firmware's
687 1MB os-image.
688 */
689 .partitions = {
690 {"factory-boot", 0x00000, 0x20000},
691 {"fs-uboot", 0x20000, 0x20000},
692 {"partition-table", 0x40000, 0x10000},
693 {"radio", 0x50000, 0x10000},
694 {"default-mac", 0x60000, 0x00200},
695 {"pin", 0x60200, 0x00200},
696 {"device-id", 0x60400, 0x00100},
697 {"product-info", 0x60500, 0x0fb00},
698 {"soft-version", 0x70000, 0x01000},
699 {"extra-para", 0x71000, 0x01000},
700 {"support-list", 0x72000, 0x0a000},
701 {"profile", 0x7c000, 0x04000},
702 {"user-config", 0x80000, 0x40000},
703
704
705 {"os-image", 0xc0000, 0x180000}, /* Stock: base 0xc0000 size 0x120000 */
706 {"file-system", 0x240000, 0xd80000}, /* Stock: base 0x1e0000 size 0xde0000 */
707
708 {"log", 0xfc0000, 0x20000},
709 {"certificate", 0xfe0000, 0x10000},
710 {"default-config", 0xff0000, 0x10000},
711 {NULL, 0, 0}
712
713 },
714
715 .first_sysupgrade_partition = "os-image",
716 .last_sysupgrade_partition = "file-system",
717 },
718
719 /** Firmware layout for the C9 */
720 {
721 .id = "ARCHERC9",
722 .vendor = "",
723 .support_list =
724 "SupportList:\n"
725 "{product_name:ArcherC9,"
726 "product_ver:1.0.0,"
727 "special_id:00000000}\n",
728 .support_trail = '\x00',
729 .soft_ver = NULL,
730
731 .partitions = {
732 {"fs-uboot", 0x00000, 0x40000},
733 {"os-image", 0x40000, 0x200000},
734 {"file-system", 0x240000, 0xc00000},
735 {"default-mac", 0xe40000, 0x00200},
736 {"pin", 0xe40200, 0x00200},
737 {"product-info", 0xe40400, 0x00200},
738 {"partition-table", 0xe50000, 0x10000},
739 {"soft-version", 0xe60000, 0x00200},
740 {"support-list", 0xe61000, 0x0f000},
741 {"profile", 0xe70000, 0x10000},
742 {"default-config", 0xe80000, 0x10000},
743 {"user-config", 0xe90000, 0x50000},
744 {"log", 0xee0000, 0x100000},
745 {"radio_bk", 0xfe0000, 0x10000},
746 {"radio", 0xff0000, 0x10000},
747 {NULL, 0, 0}
748 },
749
750 .first_sysupgrade_partition = "os-image",
751 .last_sysupgrade_partition = "file-system"
752 },
753
754 /** Firmware layout for the EAP120 */
755 {
756 .id = "EAP120",
757 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
758 .support_list =
759 "SupportList:\r\n"
760 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
761 .support_trail = '\xff',
762 .soft_ver = NULL,
763
764 .partitions = {
765 {"fs-uboot", 0x00000, 0x20000},
766 {"partition-table", 0x20000, 0x02000},
767 {"default-mac", 0x30000, 0x00020},
768 {"support-list", 0x31000, 0x00100},
769 {"product-info", 0x31100, 0x00100},
770 {"soft-version", 0x32000, 0x00100},
771 {"os-image", 0x40000, 0x180000},
772 {"file-system", 0x1c0000, 0x600000},
773 {"user-config", 0x7c0000, 0x10000},
774 {"backup-config", 0x7d0000, 0x10000},
775 {"log", 0x7e0000, 0x10000},
776 {"radio", 0x7f0000, 0x10000},
777 {NULL, 0, 0}
778 },
779
780 .first_sysupgrade_partition = "os-image",
781 .last_sysupgrade_partition = "file-system"
782 },
783
784 /** Firmware layout for the TL-WA850RE v2 */
785 {
786 .id = "TLWA850REV2",
787 .vendor = "",
788 .support_list =
789 "SupportList:\n"
790 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
791 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
792 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
793 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
794 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
795 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
796 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
797 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
798 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
799 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
800 .support_trail = '\x00',
801 .soft_ver = NULL,
802
803 /**
804 576KB were moved from file-system to os-image
805 in comparison to the stock image
806 */
807 .partitions = {
808 {"fs-uboot", 0x00000, 0x20000},
809 {"os-image", 0x20000, 0x150000},
810 {"file-system", 0x170000, 0x240000},
811 {"partition-table", 0x3b0000, 0x02000},
812 {"default-mac", 0x3c0000, 0x00020},
813 {"pin", 0x3c0100, 0x00020},
814 {"product-info", 0x3c1000, 0x01000},
815 {"soft-version", 0x3c2000, 0x00100},
816 {"support-list", 0x3c3000, 0x01000},
817 {"profile", 0x3c4000, 0x08000},
818 {"user-config", 0x3d0000, 0x10000},
819 {"default-config", 0x3e0000, 0x10000},
820 {"radio", 0x3f0000, 0x10000},
821 {NULL, 0, 0}
822 },
823
824 .first_sysupgrade_partition = "os-image",
825 .last_sysupgrade_partition = "file-system"
826 },
827
828 /** Firmware layout for the TL-WA855RE v1 */
829 {
830 .id = "TLWA855REV1",
831 .vendor = "",
832 .support_list =
833 "SupportList:\n"
834 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
835 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
836 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
837 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
838 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
839 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
840 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
841 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
842 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
843 .support_trail = '\x00',
844 .soft_ver = NULL,
845
846 .partitions = {
847 {"fs-uboot", 0x00000, 0x20000},
848 {"os-image", 0x20000, 0x150000},
849 {"file-system", 0x170000, 0x240000},
850 {"partition-table", 0x3b0000, 0x02000},
851 {"default-mac", 0x3c0000, 0x00020},
852 {"pin", 0x3c0100, 0x00020},
853 {"product-info", 0x3c1000, 0x01000},
854 {"soft-version", 0x3c2000, 0x00100},
855 {"support-list", 0x3c3000, 0x01000},
856 {"profile", 0x3c4000, 0x08000},
857 {"user-config", 0x3d0000, 0x10000},
858 {"default-config", 0x3e0000, 0x10000},
859 {"radio", 0x3f0000, 0x10000},
860 {NULL, 0, 0}
861 },
862
863 .first_sysupgrade_partition = "os-image",
864 .last_sysupgrade_partition = "file-system"
865 },
866
867 /** Firmware layout for the TL-WR1043 v5 */
868 {
869 .id = "TLWR1043NV5",
870 .vendor = "",
871 .support_list =
872 "SupportList:\n"
873 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
874 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
875 .support_trail = '\x00',
876 .soft_ver = "soft_ver:1.0.0\n",
877 .partitions = {
878 {"factory-boot", 0x00000, 0x20000},
879 {"fs-uboot", 0x20000, 0x20000},
880 {"os-image", 0x40000, 0x180000},
881 {"file-system", 0x1c0000, 0xd40000},
882 {"default-mac", 0xf00000, 0x00200},
883 {"pin", 0xf00200, 0x00200},
884 {"device-id", 0xf00400, 0x00100},
885 {"product-info", 0xf00500, 0x0fb00},
886 {"soft-version", 0xf10000, 0x01000},
887 {"extra-para", 0xf11000, 0x01000},
888 {"support-list", 0xf12000, 0x0a000},
889 {"profile", 0xf1c000, 0x04000},
890 {"default-config", 0xf20000, 0x10000},
891 {"user-config", 0xf30000, 0x40000},
892 {"qos-db", 0xf70000, 0x40000},
893 {"certificate", 0xfb0000, 0x10000},
894 {"partition-table", 0xfc0000, 0x10000},
895 {"log", 0xfd0000, 0x20000},
896 {"radio", 0xff0000, 0x10000},
897 {NULL, 0, 0}
898 },
899 .first_sysupgrade_partition = "os-image",
900 .last_sysupgrade_partition = "file-system"
901 },
902
903 /** Firmware layout for the TL-WR1043 v4 */
904 {
905 .id = "TLWR1043NDV4",
906 .vendor = "",
907 .support_list =
908 "SupportList:\n"
909 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
910 .support_trail = '\x00',
911 .soft_ver = NULL,
912
913 /* We're using a dynamic kernel/rootfs split here */
914 .partitions = {
915 {"fs-uboot", 0x00000, 0x20000},
916 {"firmware", 0x20000, 0xf30000},
917 {"default-mac", 0xf50000, 0x00200},
918 {"pin", 0xf50200, 0x00200},
919 {"product-info", 0xf50400, 0x0fc00},
920 {"soft-version", 0xf60000, 0x0b000},
921 {"support-list", 0xf6b000, 0x04000},
922 {"profile", 0xf70000, 0x04000},
923 {"default-config", 0xf74000, 0x0b000},
924 {"user-config", 0xf80000, 0x40000},
925 {"partition-table", 0xfc0000, 0x10000},
926 {"log", 0xfd0000, 0x20000},
927 {"radio", 0xff0000, 0x10000},
928 {NULL, 0, 0}
929 },
930
931 .first_sysupgrade_partition = "os-image",
932 .last_sysupgrade_partition = "file-system"
933 },
934
935 /** Firmware layout for the TL-WR902AC v1 */
936 {
937 .id = "TL-WR902AC-V1",
938 .vendor = "",
939 .support_list =
940 "SupportList:\n"
941 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
942 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
943 .support_trail = '\x00',
944 .soft_ver = NULL,
945
946 /**
947 384KB were moved from file-system to os-image
948 in comparison to the stock image
949 */
950 .partitions = {
951 {"fs-uboot", 0x00000, 0x20000},
952 {"os-image", 0x20000, 0x180000},
953 {"file-system", 0x1a0000, 0x5b0000},
954 {"default-mac", 0x750000, 0x00200},
955 {"pin", 0x750200, 0x00200},
956 {"product-info", 0x750400, 0x0fc00},
957 {"soft-version", 0x760000, 0x0b000},
958 {"support-list", 0x76b000, 0x04000},
959 {"profile", 0x770000, 0x04000},
960 {"default-config", 0x774000, 0x0b000},
961 {"user-config", 0x780000, 0x40000},
962 {"partition-table", 0x7c0000, 0x10000},
963 {"log", 0x7d0000, 0x20000},
964 {"radio", 0x7f0000, 0x10000},
965 {NULL, 0, 0}
966 },
967
968 .first_sysupgrade_partition = "os-image",
969 .last_sysupgrade_partition = "file-system",
970 },
971
972 /** Firmware layout for the TL-WR942N V1 */
973 {
974 .id = "TLWR942NV1",
975 .vendor = "",
976 .support_list =
977 "SupportList:\r\n"
978 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
979 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
980 .support_trail = '\x00',
981 .soft_ver = NULL,
982
983 .partitions = {
984 {"fs-uboot", 0x00000, 0x20000},
985 {"os-image", 0x20000, 0x180000},
986 {"file-system", 0x1a0000, 0xca0000},
987 {"default-mac", 0xe40000, 0x00200},
988 {"pin", 0xe40200, 0x00200},
989 {"product-info", 0xe40400, 0x0fc00},
990 {"partition-table", 0xe50000, 0x10000},
991 {"soft-version", 0xe60000, 0x10000},
992 {"support-list", 0xe70000, 0x10000},
993 {"profile", 0xe80000, 0x10000},
994 {"default-config", 0xe90000, 0x10000},
995 {"user-config", 0xea0000, 0x40000},
996 {"qos-db", 0xee0000, 0x40000},
997 {"certificate", 0xf20000, 0x10000},
998 {"usb-config", 0xfb0000, 0x10000},
999 {"log", 0xfc0000, 0x20000},
1000 {"radio-bk", 0xfe0000, 0x10000},
1001 {"radio", 0xff0000, 0x10000},
1002 {NULL, 0, 0}
1003 },
1004
1005 .first_sysupgrade_partition = "os-image",
1006 .last_sysupgrade_partition = "file-system",
1007 },
1008
1009 /** Firmware layout for the RE350 v1 */
1010 {
1011 .id = "RE350-V1",
1012 .vendor = "",
1013 .support_list =
1014 "SupportList:\n"
1015 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1016 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1017 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1018 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1019 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1020 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1021 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1022 .support_trail = '\x00',
1023 .soft_ver = NULL,
1024
1025 /** We're using a dynamic kernel/rootfs split here */
1026 .partitions = {
1027 {"fs-uboot", 0x00000, 0x20000},
1028 {"firmware", 0x20000, 0x5e0000},
1029 {"partition-table", 0x600000, 0x02000},
1030 {"default-mac", 0x610000, 0x00020},
1031 {"pin", 0x610100, 0x00020},
1032 {"product-info", 0x611100, 0x01000},
1033 {"soft-version", 0x620000, 0x01000},
1034 {"support-list", 0x621000, 0x01000},
1035 {"profile", 0x622000, 0x08000},
1036 {"user-config", 0x630000, 0x10000},
1037 {"default-config", 0x640000, 0x10000},
1038 {"radio", 0x7f0000, 0x10000},
1039 {NULL, 0, 0}
1040 },
1041
1042 .first_sysupgrade_partition = "os-image",
1043 .last_sysupgrade_partition = "file-system"
1044 },
1045
1046 /** Firmware layout for the RE355 */
1047 {
1048 .id = "RE355",
1049 .vendor = "",
1050 .support_list =
1051 "SupportList:\r\n"
1052 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1053 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1054 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1055 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1056 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1057 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1058 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1059 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1060 .support_trail = '\x00',
1061 .soft_ver = NULL,
1062
1063 /**
1064 The flash partition table for RE355;
1065 it is almost the same as the one used by the stock images,
1066 576KB were moved from file-system to os-image.
1067 */
1068 .partitions = {
1069 {"fs-uboot", 0x00000, 0x20000},
1070 {"os-image", 0x20000, 0x180000},
1071 {"file-system", 0x1a0000, 0x460000},
1072 {"partition-table", 0x600000, 0x02000},
1073 {"default-mac", 0x610000, 0x00020},
1074 {"pin", 0x610100, 0x00020},
1075 {"product-info", 0x611100, 0x01000},
1076 {"soft-version", 0x620000, 0x01000},
1077 {"support-list", 0x621000, 0x01000},
1078 {"profile", 0x622000, 0x08000},
1079 {"user-config", 0x630000, 0x10000},
1080 {"default-config", 0x640000, 0x10000},
1081 {"radio", 0x7f0000, 0x10000},
1082 {NULL, 0, 0}
1083 },
1084
1085 .first_sysupgrade_partition = "os-image",
1086 .last_sysupgrade_partition = "file-system"
1087 },
1088
1089 /** Firmware layout for the RE450 */
1090 {
1091 .id = "RE450",
1092 .vendor = "",
1093 .support_list =
1094 "SupportList:\r\n"
1095 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1096 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1097 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1098 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1099 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1100 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1101 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1102 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1103 .support_trail = '\x00',
1104 .soft_ver = NULL,
1105
1106 /** We're using a dynamic kernel/rootfs split here */
1107 .partitions = {
1108 {"fs-uboot", 0x00000, 0x20000},
1109 {"firmware", 0x20000, 0x5e0000},
1110 {"partition-table", 0x600000, 0x02000},
1111 {"default-mac", 0x610000, 0x00020},
1112 {"pin", 0x610100, 0x00020},
1113 {"product-info", 0x611100, 0x01000},
1114 {"soft-version", 0x620000, 0x01000},
1115 {"support-list", 0x621000, 0x01000},
1116 {"profile", 0x622000, 0x08000},
1117 {"user-config", 0x630000, 0x10000},
1118 {"default-config", 0x640000, 0x10000},
1119 {"radio", 0x7f0000, 0x10000},
1120 {NULL, 0, 0}
1121 },
1122
1123 .first_sysupgrade_partition = "os-image",
1124 .last_sysupgrade_partition = "file-system"
1125 },
1126
1127 /** Firmware layout for the RE450 v2 */
1128 {
1129 .id = "RE450-V2",
1130 .vendor = "",
1131 .support_list =
1132 "SupportList:\r\n"
1133 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1134 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1135 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1136 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1137 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1138 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1139 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1140 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1141 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1142 .support_trail = '\x00',
1143 .soft_ver = NULL,
1144
1145 /* We're using a dynamic kernel/rootfs split here */
1146 .partitions = {
1147 {"fs-uboot", 0x00000, 0x20000},
1148 {"firmware", 0x20000, 0x5e0000},
1149 {"partition-table", 0x600000, 0x02000},
1150 {"default-mac", 0x610000, 0x00020},
1151 {"pin", 0x610100, 0x00020},
1152 {"product-info", 0x611100, 0x01000},
1153 {"soft-version", 0x620000, 0x01000},
1154 {"support-list", 0x621000, 0x01000},
1155 {"profile", 0x622000, 0x08000},
1156 {"user-config", 0x630000, 0x10000},
1157 {"default-config", 0x640000, 0x10000},
1158 {"radio", 0x7f0000, 0x10000},
1159
1160 {NULL, 0, 0}
1161 },
1162
1163 .first_sysupgrade_partition = "os-image",
1164 .last_sysupgrade_partition = "file-system"
1165 },
1166
1167 {}
1168 };
1169
1170 #define error(_ret, _errno, _str, ...) \
1171 do { \
1172 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1173 strerror(_errno)); \
1174 if (_ret) \
1175 exit(_ret); \
1176 } while (0)
1177
1178
1179 /** Stores a uint32 as big endian */
1180 static inline void put32(uint8_t *buf, uint32_t val) {
1181 buf[0] = val >> 24;
1182 buf[1] = val >> 16;
1183 buf[2] = val >> 8;
1184 buf[3] = val;
1185 }
1186
1187 /** Allocates a new image partition */
1188 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
1189 struct image_partition_entry entry = {name, len, malloc(len)};
1190 if (!entry.data)
1191 error(1, errno, "malloc");
1192
1193 return entry;
1194 }
1195
1196 /** Frees an image partition */
1197 static void free_image_partition(struct image_partition_entry entry) {
1198 free(entry.data);
1199 }
1200
1201 static time_t source_date_epoch = -1;
1202 static void set_source_date_epoch() {
1203 char *env = getenv("SOURCE_DATE_EPOCH");
1204 char *endptr = env;
1205 errno = 0;
1206 if (env && *env) {
1207 source_date_epoch = strtoull(env, &endptr, 10);
1208 if (errno || (endptr && *endptr != '\0')) {
1209 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1210 exit(1);
1211 }
1212 }
1213 }
1214
1215 /** Generates the partition-table partition */
1216 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1217 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1218
1219 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1220
1221 *(s++) = 0x00;
1222 *(s++) = 0x04;
1223 *(s++) = 0x00;
1224 *(s++) = 0x00;
1225
1226 size_t i;
1227 for (i = 0; p[i].name; i++) {
1228 size_t len = end-s;
1229 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1230
1231 if (w > len-1)
1232 error(1, 0, "flash partition table overflow?");
1233
1234 s += w;
1235 }
1236
1237 s++;
1238
1239 memset(s, 0xff, end-s);
1240
1241 return entry;
1242 }
1243
1244
1245 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1246 static inline uint8_t bcd(uint8_t v) {
1247 return 0x10 * (v/10) + v%10;
1248 }
1249
1250
1251 /** Generates the soft-version partition */
1252 static struct image_partition_entry make_soft_version(uint32_t rev) {
1253 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1254 struct soft_version *s = (struct soft_version *)entry.data;
1255
1256 time_t t;
1257
1258 if (source_date_epoch != -1)
1259 t = source_date_epoch;
1260 else if (time(&t) == (time_t)(-1))
1261 error(1, errno, "time");
1262
1263 struct tm *tm = localtime(&t);
1264
1265 s->magic = htonl(0x0000000c);
1266 s->zero = 0;
1267 s->pad1 = 0xff;
1268
1269 s->version_major = 0;
1270 s->version_minor = 0;
1271 s->version_patch = 0;
1272
1273 s->year_hi = bcd((1900+tm->tm_year)/100);
1274 s->year_lo = bcd(tm->tm_year%100);
1275 s->month = bcd(tm->tm_mon+1);
1276 s->day = bcd(tm->tm_mday);
1277 s->rev = htonl(rev);
1278
1279 s->pad2 = 0xff;
1280
1281 return entry;
1282 }
1283
1284 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1285 /** String length _including_ the terminating zero byte */
1286 uint32_t ver_len = strlen(soft_ver) + 1;
1287 /** Partition contains 64 bit header, the version string, and one additional null byte */
1288 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1289 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1290
1291 uint32_t *len = (uint32_t *)entry.data;
1292 len[0] = htonl(ver_len);
1293 len[1] = 0;
1294 memcpy(&len[2], soft_ver, ver_len);
1295
1296 entry.data[partition_len - 1] = 0;
1297
1298 return entry;
1299 }
1300
1301 /** Generates the support-list partition */
1302 static struct image_partition_entry make_support_list(struct device_info *info) {
1303 size_t len = strlen(info->support_list);
1304 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1305
1306 put32(entry.data, len);
1307 memset(entry.data+4, 0, 4);
1308 memcpy(entry.data+8, info->support_list, len);
1309 entry.data[len+8] = info->support_trail;
1310
1311 return entry;
1312 }
1313
1314 /** Creates a new image partition with an arbitrary name from a file */
1315 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof, struct flash_partition_entry *file_system_partition) {
1316 struct stat statbuf;
1317
1318 if (stat(filename, &statbuf) < 0)
1319 error(1, errno, "unable to stat file `%s'", filename);
1320
1321 size_t len = statbuf.st_size;
1322
1323 if (add_jffs2_eof)
1324 if (file_system_partition)
1325 len = ALIGN(len + file_system_partition->base, 0x10000) + sizeof(jffs2_eof_mark) - file_system_partition->base;
1326 else
1327 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1328
1329 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1330
1331 FILE *file = fopen(filename, "rb");
1332 if (!file)
1333 error(1, errno, "unable to open file `%s'", filename);
1334
1335 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1336 error(1, errno, "unable to read file `%s'", filename);
1337
1338 if (add_jffs2_eof) {
1339 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1340
1341 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1342 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1343 }
1344
1345 fclose(file);
1346
1347 return entry;
1348 }
1349
1350 /** Creates a new image partition from arbitrary data */
1351 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1352
1353 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1354
1355 memcpy(entry.data, datain, len);
1356
1357 return entry;
1358 }
1359
1360 /**
1361 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1362
1363 Example image partition table:
1364
1365 fwup-ptn partition-table base 0x00800 size 0x00800
1366 fwup-ptn os-image base 0x01000 size 0x113b45
1367 fwup-ptn file-system base 0x114b45 size 0x1d0004
1368 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1369
1370 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1371 the end of the partition table is marked with a zero byte.
1372
1373 The firmware image must contain at least the partition-table and support-list partitions
1374 to be accepted. There aren't any alignment constraints for the image partitions.
1375
1376 The partition-table partition contains the actual flash layout; partitions
1377 from the image partition table are mapped to the corresponding flash partitions during
1378 the firmware upgrade. The support-list partition contains a list of devices supported by
1379 the firmware image.
1380
1381 The base offsets in the firmware partition table are relative to the end
1382 of the vendor information block, so the partition-table partition will
1383 actually start at offset 0x1814 of the image.
1384
1385 I think partition-table must be the first partition in the firmware image.
1386 */
1387 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1388 size_t i, j;
1389 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1390
1391 size_t base = 0x800;
1392 for (i = 0; parts[i].name; i++) {
1393 for (j = 0; flash_parts[j].name; j++) {
1394 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1395 if (parts[i].size > flash_parts[j].size)
1396 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1397 break;
1398 }
1399 }
1400
1401 assert(flash_parts[j].name);
1402
1403 memcpy(buffer + base, parts[i].data, parts[i].size);
1404
1405 size_t len = end-image_pt;
1406 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1407
1408 if (w > len-1)
1409 error(1, 0, "image partition table overflow?");
1410
1411 image_pt += w;
1412
1413 base += parts[i].size;
1414 }
1415 }
1416
1417 /** Generates and writes the image MD5 checksum */
1418 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1419 MD5_CTX ctx;
1420
1421 MD5_Init(&ctx);
1422 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1423 MD5_Update(&ctx, buffer, len);
1424 MD5_Final(md5, &ctx);
1425 }
1426
1427
1428 /**
1429 Generates the firmware image in factory format
1430
1431 Image format:
1432
1433 Bytes (hex) Usage
1434 ----------- -----
1435 0000-0003 Image size (4 bytes, big endian)
1436 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1437 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1438 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1439 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1440 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1441 1814-xxxx Firmware partitions
1442 */
1443 static void * generate_factory_image(struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1444 *len = 0x1814;
1445
1446 size_t i;
1447 for (i = 0; parts[i].name; i++)
1448 *len += parts[i].size;
1449
1450 uint8_t *image = malloc(*len);
1451 if (!image)
1452 error(1, errno, "malloc");
1453
1454 memset(image, 0xff, *len);
1455 put32(image, *len);
1456
1457 if (info->vendor) {
1458 size_t vendor_len = strlen(info->vendor);
1459 put32(image+0x14, vendor_len);
1460 memcpy(image+0x18, info->vendor, vendor_len);
1461 }
1462
1463 put_partitions(image + 0x1014, info->partitions, parts);
1464 put_md5(image+0x04, image+0x14, *len-0x14);
1465
1466 return image;
1467 }
1468
1469 /**
1470 Generates the firmware image in sysupgrade format
1471
1472 This makes some assumptions about the provided flash and image partition tables and
1473 should be generalized when TP-LINK starts building its safeloader into hardware with
1474 different flash layouts.
1475 */
1476 static void * generate_sysupgrade_image(struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1477 size_t i, j;
1478 size_t flash_first_partition_index = 0;
1479 size_t flash_last_partition_index = 0;
1480 const struct flash_partition_entry *flash_first_partition = NULL;
1481 const struct flash_partition_entry *flash_last_partition = NULL;
1482 const struct image_partition_entry *image_last_partition = NULL;
1483
1484 /** Find first and last partitions */
1485 for (i = 0; info->partitions[i].name; i++) {
1486 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1487 flash_first_partition = &info->partitions[i];
1488 flash_first_partition_index = i;
1489 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1490 flash_last_partition = &info->partitions[i];
1491 flash_last_partition_index = i;
1492 }
1493 }
1494
1495 assert(flash_first_partition && flash_last_partition);
1496 assert(flash_first_partition_index < flash_last_partition_index);
1497
1498 /** Find last partition from image to calculate needed size */
1499 for (i = 0; image_parts[i].name; i++) {
1500 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1501 image_last_partition = &image_parts[i];
1502 break;
1503 }
1504 }
1505
1506 assert(image_last_partition);
1507
1508 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1509
1510 uint8_t *image = malloc(*len);
1511 if (!image)
1512 error(1, errno, "malloc");
1513
1514 memset(image, 0xff, *len);
1515
1516 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1517 for (j = 0; image_parts[j].name; j++) {
1518 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1519 if (image_parts[j].size > info->partitions[i].size)
1520 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1521 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1522 break;
1523 }
1524
1525 assert(image_parts[j].name);
1526 }
1527 }
1528
1529 return image;
1530 }
1531
1532 /** Generates an image according to a given layout and writes it to a file */
1533 static void build_image(const char *output,
1534 const char *kernel_image,
1535 const char *rootfs_image,
1536 uint32_t rev,
1537 bool add_jffs2_eof,
1538 bool sysupgrade,
1539 struct device_info *info) {
1540
1541 size_t i;
1542
1543 struct image_partition_entry parts[7] = {};
1544
1545 struct flash_partition_entry *firmware_partition = NULL;
1546 struct flash_partition_entry *os_image_partition = NULL;
1547 struct flash_partition_entry *file_system_partition = NULL;
1548 size_t firmware_partition_index = 0;
1549
1550 for (i = 0; info->partitions[i].name; i++) {
1551 if (!strcmp(info->partitions[i].name, "firmware"))
1552 {
1553 firmware_partition = &info->partitions[i];
1554 firmware_partition_index = i;
1555 }
1556 }
1557
1558 if (firmware_partition)
1559 {
1560 os_image_partition = &info->partitions[firmware_partition_index];
1561 file_system_partition = &info->partitions[firmware_partition_index + 1];
1562
1563 struct stat kernel;
1564 if (stat(kernel_image, &kernel) < 0)
1565 error(1, errno, "unable to stat file `%s'", kernel_image);
1566
1567 if (kernel.st_size > firmware_partition->size)
1568 error(1, 0, "kernel overflowed firmware partition\n");
1569
1570 for (i = MAX_PARTITIONS-1; i >= firmware_partition_index + 1; i--)
1571 info->partitions[i+1] = info->partitions[i];
1572
1573 file_system_partition->name = "file-system";
1574 file_system_partition->base = firmware_partition->base + kernel.st_size;
1575
1576 /* Align partition start to erase blocks for factory images only */
1577 if (!sysupgrade)
1578 file_system_partition->base = ALIGN(firmware_partition->base + kernel.st_size, 0x10000);
1579
1580 file_system_partition->size = firmware_partition->size - file_system_partition->base;
1581
1582 os_image_partition->name = "os-image";
1583 os_image_partition->size = kernel.st_size;
1584 }
1585
1586 parts[0] = make_partition_table(info->partitions);
1587 if (info->soft_ver)
1588 parts[1] = make_soft_version_from_string(info->soft_ver);
1589 else
1590 parts[1] = make_soft_version(rev);
1591
1592 parts[2] = make_support_list(info);
1593 parts[3] = read_file("os-image", kernel_image, false, NULL);
1594 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof, file_system_partition);
1595
1596 /* Some devices need the extra-para partition to accept the firmware */
1597 if (strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1598 strcasecmp(info->id, "ARCHER-C59-V2") == 0 ||
1599 strcasecmp(info->id, "ARCHER-C60-V2") == 0 ||
1600 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1601 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1602 parts[5] = put_data("extra-para", mdat, 11);
1603 } else if (strcasecmp(info->id, "ARCHER-C7-V4") == 0 || strcasecmp(info->id, "ARCHER-C7-V5") == 0) {
1604 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1605 parts[5] = put_data("extra-para", mdat, 11);
1606 }
1607
1608 size_t len;
1609 void *image;
1610 if (sysupgrade)
1611 image = generate_sysupgrade_image(info, parts, &len);
1612 else
1613 image = generate_factory_image(info, parts, &len);
1614
1615 FILE *file = fopen(output, "wb");
1616 if (!file)
1617 error(1, errno, "unable to open output file");
1618
1619 if (fwrite(image, len, 1, file) != 1)
1620 error(1, 0, "unable to write output file");
1621
1622 fclose(file);
1623
1624 free(image);
1625
1626 for (i = 0; parts[i].name; i++)
1627 free_image_partition(parts[i]);
1628 }
1629
1630 /** Usage output */
1631 static void usage(const char *argv0) {
1632 fprintf(stderr,
1633 "Usage: %s [OPTIONS...]\n"
1634 "\n"
1635 "Options:\n"
1636 " -h show this help\n"
1637 "\n"
1638 "Create a new image:\n"
1639 " -B <board> create image for the board specified with <board>\n"
1640 " -k <file> read kernel image from the file <file>\n"
1641 " -r <file> read rootfs image from the file <file>\n"
1642 " -o <file> write output to the file <file>\n"
1643 " -V <rev> sets the revision number to <rev>\n"
1644 " -j add jffs2 end-of-filesystem markers\n"
1645 " -S create sysupgrade instead of factory image\n"
1646 "Extract an old image:\n"
1647 " -x <file> extract all oem firmware partition\n"
1648 " -d <dir> destination to extract the firmware partition\n"
1649 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1650 argv0
1651 );
1652 };
1653
1654
1655 static struct device_info *find_board(const char *id)
1656 {
1657 struct device_info *board = NULL;
1658
1659 for (board = boards; board->id != NULL; board++)
1660 if (strcasecmp(id, board->id) == 0)
1661 return board;
1662
1663 return NULL;
1664 }
1665
1666 static int add_flash_partition(
1667 struct flash_partition_entry *part_list,
1668 size_t max_entries,
1669 const char *name,
1670 unsigned long base,
1671 unsigned long size)
1672 {
1673 int ptr;
1674 /* check if the list has a free entry */
1675 for (ptr = 0; ptr < max_entries; ptr++, part_list++) {
1676 if (part_list->name == NULL &&
1677 part_list->base == 0 &&
1678 part_list->size == 0)
1679 break;
1680 }
1681
1682 if (ptr == max_entries) {
1683 error(1, 0, "No free flash part entry available.");
1684 }
1685
1686 part_list->name = calloc(1, strlen(name) + 1);
1687 if (!part_list->name) {
1688 error(1, 0, "Unable to allocate memory");
1689 }
1690
1691 memcpy((char *)part_list->name, name, strlen(name));
1692 part_list->base = base;
1693 part_list->size = size;
1694
1695 return 0;
1696 }
1697
1698 /** read the partition table into struct flash_partition_entry */
1699 static int read_partition_table(
1700 FILE *file, long offset,
1701 struct flash_partition_entry *entries, size_t max_entries,
1702 int type)
1703 {
1704 char buf[2048];
1705 char *ptr, *end;
1706 const char *parthdr = NULL;
1707 const char *fwuphdr = "fwup-ptn";
1708 const char *flashhdr = "partition";
1709
1710 /* TODO: search for the partition table */
1711
1712 switch(type) {
1713 case 0:
1714 parthdr = fwuphdr;
1715 break;
1716 case 1:
1717 parthdr = flashhdr;
1718 break;
1719 default:
1720 error(1, 0, "Invalid partition table");
1721 }
1722
1723 if (fseek(file, offset, SEEK_SET) < 0)
1724 error(1, errno, "Can not seek in the firmware");
1725
1726 if (fread(buf, 1, 2048, file) < 0)
1727 error(1, errno, "Can not read fwup-ptn from the firmware");
1728
1729 buf[2047] = '\0';
1730
1731 /* look for the partition header */
1732 if (memcmp(buf, parthdr, strlen(parthdr)) != 0) {
1733 fprintf(stderr, "DEBUG: can not find fwuphdr\n");
1734 return 1;
1735 }
1736
1737 ptr = buf;
1738 end = buf + sizeof(buf);
1739 while ((ptr + strlen(parthdr)) < end &&
1740 memcmp(ptr, parthdr, strlen(parthdr)) == 0) {
1741 char *end_part;
1742 char *end_element;
1743
1744 char name[32] = { 0 };
1745 int name_len = 0;
1746 unsigned long base = 0;
1747 unsigned long size = 0;
1748
1749 end_part = memchr(ptr, '\n', (end - ptr));
1750 if (end_part == NULL) {
1751 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1752 break;
1753 }
1754
1755 for (int i = 0; i <= 4; i++) {
1756 if (end_part <= ptr)
1757 break;
1758
1759 end_element = memchr(ptr, 0x20, (end_part - ptr));
1760 if (end_element == NULL) {
1761 error(1, errno, "Ignoring the rest of the partition entries.");
1762 break;
1763 }
1764
1765 switch (i) {
1766 /* partition header */
1767 case 0:
1768 ptr = end_element + 1;
1769 continue;
1770 /* name */
1771 case 1:
1772 name_len = (end_element - ptr) > 31 ? 31 : (end_element - ptr);
1773 strncpy(name, ptr, name_len);
1774 name[name_len] = '\0';
1775 ptr = end_element + 1;
1776 continue;
1777
1778 /* string "base" */
1779 case 2:
1780 ptr = end_element + 1;
1781 continue;
1782
1783 /* actual base */
1784 case 3:
1785 base = strtoul(ptr, NULL, 16);
1786 ptr = end_element + 1;
1787 continue;
1788
1789 /* string "size" */
1790 case 4:
1791 ptr = end_element + 1;
1792 /* actual size. The last element doesn't have a sepeartor */
1793 size = strtoul(ptr, NULL, 16);
1794 /* the part ends with 0x09, 0x0d, 0x0a */
1795 ptr = end_part + 1;
1796 add_flash_partition(entries, max_entries, name, base, size);
1797 continue;
1798 }
1799 }
1800 }
1801
1802 return 0;
1803 }
1804
1805 static void write_partition(
1806 FILE *input_file,
1807 size_t firmware_offset,
1808 struct flash_partition_entry *entry,
1809 FILE *output_file)
1810 {
1811 char buf[4096];
1812 size_t offset;
1813
1814 fseek(input_file, entry->base + firmware_offset, SEEK_SET);
1815
1816 for (offset = 0; sizeof(buf) + offset <= entry->size; offset += sizeof(buf)) {
1817 if (fread(buf, sizeof(buf), 1, input_file) < 0)
1818 error(1, errno, "Can not read partition from input_file");
1819
1820 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1821 error(1, errno, "Can not write partition to output_file");
1822 }
1823 /* write last chunk smaller than buffer */
1824 if (offset < entry->size) {
1825 offset = entry->size - offset;
1826 if (fread(buf, offset, 1, input_file) < 0)
1827 error(1, errno, "Can not read partition from input_file");
1828 if (fwrite(buf, offset, 1, output_file) < 0)
1829 error(1, errno, "Can not write partition to output_file");
1830 }
1831 }
1832
1833 static int extract_firmware_partition(FILE *input_file, size_t firmware_offset, struct flash_partition_entry *entry, const char *output_directory)
1834 {
1835 FILE *output_file;
1836 char output[PATH_MAX];
1837
1838 snprintf(output, PATH_MAX, "%s/%s", output_directory, entry->name);
1839 output_file = fopen(output, "wb+");
1840 if (output_file == NULL) {
1841 error(1, errno, "Can not open output file %s", output);
1842 }
1843
1844 write_partition(input_file, firmware_offset, entry, output_file);
1845
1846 fclose(output_file);
1847
1848 return 0;
1849 }
1850
1851 /** extract all partitions from the firmware file */
1852 static int extract_firmware(const char *input, const char *output_directory)
1853 {
1854 struct flash_partition_entry entries[16] = { 0 };
1855 size_t max_entries = 16;
1856 size_t firmware_offset = 0x1014;
1857 FILE *input_file;
1858
1859 struct stat statbuf;
1860
1861 /* check input file */
1862 if (stat(input, &statbuf)) {
1863 error(1, errno, "Can not read input firmware %s", input);
1864 }
1865
1866 /* check if output directory exists */
1867 if (stat(output_directory, &statbuf)) {
1868 error(1, errno, "Failed to stat output directory %s", output_directory);
1869 }
1870
1871 if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
1872 error(1, errno, "Given output directory is not a directory %s", output_directory);
1873 }
1874
1875 input_file = fopen(input, "rb");
1876
1877 if (read_partition_table(input_file, firmware_offset, entries, 16, 0) != 0) {
1878 error(1, 0, "Error can not read the partition table (fwup-ptn)");
1879 }
1880
1881 for (int i = 0; i < max_entries; i++) {
1882 if (entries[i].name == NULL &&
1883 entries[i].base == 0 &&
1884 entries[i].size == 0)
1885 continue;
1886
1887 extract_firmware_partition(input_file, firmware_offset, &entries[i], output_directory);
1888 }
1889
1890 return 0;
1891 }
1892
1893 static struct flash_partition_entry *find_partition(
1894 struct flash_partition_entry *entries, size_t max_entries,
1895 const char *name, const char *error_msg)
1896 {
1897 for (int i = 0; i < max_entries; i++, entries++) {
1898 if (strcmp(entries->name, name) == 0)
1899 return entries;
1900 }
1901
1902 error(1, 0, "%s", error_msg);
1903 return NULL;
1904 }
1905
1906 static void write_ff(FILE *output_file, size_t size)
1907 {
1908 char buf[4096];
1909 int offset;
1910
1911 memset(buf, 0xff, sizeof(buf));
1912
1913 for (offset = 0; offset + sizeof(buf) < size ; offset += sizeof(buf)) {
1914 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1915 error(1, errno, "Can not write 0xff to output_file");
1916 }
1917
1918 /* write last chunk smaller than buffer */
1919 if (offset < size) {
1920 offset = size - offset;
1921 if (fwrite(buf, offset, 1, output_file) < 0)
1922 error(1, errno, "Can not write partition to output_file");
1923 }
1924 }
1925
1926 static void convert_firmware(const char *input, const char *output)
1927 {
1928 struct flash_partition_entry fwup[MAX_PARTITIONS] = { 0 };
1929 struct flash_partition_entry flash[MAX_PARTITIONS] = { 0 };
1930 struct flash_partition_entry *fwup_os_image = NULL, *fwup_file_system = NULL;
1931 struct flash_partition_entry *flash_os_image = NULL, *flash_file_system = NULL;
1932 struct flash_partition_entry *fwup_partition_table = NULL;
1933 size_t firmware_offset = 0x1014;
1934 FILE *input_file, *output_file;
1935
1936 struct stat statbuf;
1937
1938 /* check input file */
1939 if (stat(input, &statbuf)) {
1940 error(1, errno, "Can not read input firmware %s", input);
1941 }
1942
1943 input_file = fopen(input, "rb");
1944 if (!input_file)
1945 error(1, 0, "Can not open input firmware %s", input);
1946
1947 output_file = fopen(output, "wb");
1948 if (!output_file)
1949 error(1, 0, "Can not open output firmware %s", output);
1950
1951 if (read_partition_table(input_file, firmware_offset, fwup, MAX_PARTITIONS, 0) != 0) {
1952 error(1, 0, "Error can not read the partition table (fwup-ptn)");
1953 }
1954
1955 fwup_os_image = find_partition(fwup, MAX_PARTITIONS,
1956 "os-image", "Error can not find os-image partition (fwup)");
1957 fwup_file_system = find_partition(fwup, MAX_PARTITIONS,
1958 "file-system", "Error can not find file-system partition (fwup)");
1959 fwup_partition_table = find_partition(fwup, MAX_PARTITIONS,
1960 "partition-table", "Error can not find partition-table partition");
1961
1962 /* the flash partition table has a 0x00000004 magic haeder */
1963 if (read_partition_table(input_file, firmware_offset + fwup_partition_table->base + 4, flash, MAX_PARTITIONS, 1) != 0)
1964 error(1, 0, "Error can not read the partition table (flash)");
1965
1966 flash_os_image = find_partition(flash, MAX_PARTITIONS,
1967 "os-image", "Error can not find os-image partition (flash)");
1968 flash_file_system = find_partition(flash, MAX_PARTITIONS,
1969 "file-system", "Error can not find file-system partition (flash)");
1970
1971 /* write os_image to 0x0 */
1972 write_partition(input_file, firmware_offset, fwup_os_image, output_file);
1973 write_ff(output_file, flash_os_image->size - fwup_os_image->size);
1974
1975 /* write file-system behind os_image */
1976 fseek(output_file, flash_file_system->base - flash_os_image->base, SEEK_SET);
1977 write_partition(input_file, firmware_offset, fwup_file_system, output_file);
1978 write_ff(output_file, flash_file_system->size - fwup_file_system->size);
1979
1980 fclose(output_file);
1981 fclose(input_file);
1982 }
1983
1984 int main(int argc, char *argv[]) {
1985 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
1986 const char *extract_image = NULL, *output_directory = NULL, *convert_image = NULL;
1987 bool add_jffs2_eof = false, sysupgrade = false;
1988 unsigned rev = 0;
1989 struct device_info *info;
1990 set_source_date_epoch();
1991
1992 while (true) {
1993 int c;
1994
1995 c = getopt(argc, argv, "B:k:r:o:V:jSh:x:d:z:");
1996 if (c == -1)
1997 break;
1998
1999 switch (c) {
2000 case 'B':
2001 board = optarg;
2002 break;
2003
2004 case 'k':
2005 kernel_image = optarg;
2006 break;
2007
2008 case 'r':
2009 rootfs_image = optarg;
2010 break;
2011
2012 case 'o':
2013 output = optarg;
2014 break;
2015
2016 case 'V':
2017 sscanf(optarg, "r%u", &rev);
2018 break;
2019
2020 case 'j':
2021 add_jffs2_eof = true;
2022 break;
2023
2024 case 'S':
2025 sysupgrade = true;
2026 break;
2027
2028 case 'h':
2029 usage(argv[0]);
2030 return 0;
2031
2032 case 'd':
2033 output_directory = optarg;
2034 break;
2035
2036 case 'x':
2037 extract_image = optarg;
2038 break;
2039
2040 case 'z':
2041 convert_image = optarg;
2042 break;
2043
2044 default:
2045 usage(argv[0]);
2046 return 1;
2047 }
2048 }
2049
2050 if (extract_image || output_directory) {
2051 if (!extract_image)
2052 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2053 if (!output_directory)
2054 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2055 extract_firmware(extract_image, output_directory);
2056 } else if (convert_image) {
2057 if (!output)
2058 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2059 convert_firmware(convert_image, output);
2060 } else {
2061 if (!board)
2062 error(1, 0, "no board has been specified");
2063 if (!kernel_image)
2064 error(1, 0, "no kernel image has been specified");
2065 if (!rootfs_image)
2066 error(1, 0, "no rootfs image has been specified");
2067 if (!output)
2068 error(1, 0, "no output filename has been specified");
2069
2070 info = find_board(board);
2071
2072 if (info == NULL)
2073 error(1, 0, "unsupported board %s", board);
2074
2075 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
2076 }
2077
2078 return 0;
2079 }