2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
45 #include <arpa/inet.h>
47 #include <sys/types.h>
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
57 #define MAX_PARTITIONS 32
59 /** An image partition table entry */
60 struct image_partition_entry
{
66 /** A flash partition table entry */
67 struct flash_partition_entry
{
73 /** Firmware layout description */
77 const char *support_list
;
80 struct flash_partition_entry partitions
[MAX_PARTITIONS
+1];
81 const char *first_sysupgrade_partition
;
82 const char *last_sysupgrade_partition
;
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__
)) soft_version
{
90 uint8_t version_major
;
91 uint8_t version_minor
;
92 uint8_t version_patch
;
102 static const uint8_t jffs2_eof_mark
[4] = {0xde, 0xad, 0xc0, 0xde};
106 Salt for the MD5 hash
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
111 static const uint8_t md5_salt
[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
119 /** Firmware layout table */
120 static struct device_info boards
[] = {
121 /** Firmware layout for the CPE210/220 V1 */
124 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail
= '\xff',
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x200000},
144 {"file-system", 0x240000, 0x570000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
154 .first_sysupgrade_partition
= "os-image",
155 .last_sysupgrade_partition
= "support-list",
158 /** Firmware layout for the CPE210 V2 */
161 .vendor
= "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail
= '\xff',
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"firmware", 0x40000, 0x770000},
186 {"soft-version", 0x7b0000, 0x00100},
187 {"support-list", 0x7b1000, 0x01000},
188 {"user-config", 0x7c0000, 0x10000},
189 {"default-config", 0x7d0000, 0x10000},
190 {"log", 0x7e0000, 0x10000},
191 {"radio", 0x7f0000, 0x10000},
195 .first_sysupgrade_partition
= "os-image",
196 .last_sysupgrade_partition
= "support-list",
199 /** Firmware layout for the CPE210 V3 */
202 .vendor
= "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n",
205 "CPE210(TP-LINK|EU|N300-2|45550000):3.0\r\n"
206 "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n"
207 "CPE210(TP-LINK|UN|N300-2):3.0\r\n"
208 "CPE210(TP-LINK|EU|N300-2):3.0\r\n",
209 .support_trail
= '\xff',
213 {"fs-uboot", 0x00000, 0x20000},
214 {"partition-table", 0x20000, 0x01000},
215 {"default-mac", 0x30000, 0x00020},
216 {"product-info", 0x31100, 0x00100},
217 {"device-info", 0x31400, 0x00400},
218 {"signature", 0x32000, 0x00400},
219 {"device-id", 0x33000, 0x00100},
220 {"firmware", 0x40000, 0x770000},
221 {"soft-version", 0x7b0000, 0x00100},
222 {"support-list", 0x7b1000, 0x01000},
223 {"user-config", 0x7c0000, 0x10000},
224 {"default-config", 0x7d0000, 0x10000},
225 {"log", 0x7e0000, 0x10000},
226 {"radio", 0x7f0000, 0x10000},
230 .first_sysupgrade_partition
= "os-image",
231 .last_sysupgrade_partition
= "support-list",
234 /** Firmware layout for the CPE220 V2 */
237 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
240 "CPE220(TP-LINK|EU|N300-2|00000000):2.0\r\n"
241 "CPE220(TP-LINK|EU|N300-2|45550000):2.0\r\n"
242 "CPE220(TP-LINK|EU|N300-2|55530000):2.0\r\n"
243 "CPE220(TP-LINK|UN|N300-2|00000000):2.0\r\n"
244 "CPE220(TP-LINK|UN|N300-2|45550000):2.0\r\n"
245 "CPE220(TP-LINK|UN|N300-2|55530000):2.0\r\n"
246 "CPE220(TP-LINK|US|N300-2|55530000):2.0\r\n"
247 "CPE220(TP-LINK|UN|N300-2):2.0\r\n"
248 "CPE220(TP-LINK|EU|N300-2):2.0\r\n"
249 "CPE220(TP-LINK|US|N300-2):2.0\r\n",
250 .support_trail
= '\xff',
254 {"fs-uboot", 0x00000, 0x20000},
255 {"partition-table", 0x20000, 0x02000},
256 {"default-mac", 0x30000, 0x00020},
257 {"product-info", 0x31100, 0x00100},
258 {"signature", 0x32000, 0x00400},
259 {"os-image", 0x40000, 0x200000},
260 {"file-system", 0x240000, 0x570000},
261 {"soft-version", 0x7b0000, 0x00100},
262 {"support-list", 0x7b1000, 0x00400},
263 {"user-config", 0x7c0000, 0x10000},
264 {"default-config", 0x7d0000, 0x10000},
265 {"log", 0x7e0000, 0x10000},
266 {"radio", 0x7f0000, 0x10000},
270 .first_sysupgrade_partition
= "os-image",
271 .last_sysupgrade_partition
= "support-list",
274 /** Firmware layout for the CPE510/520 */
277 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
280 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
281 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
282 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
283 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
284 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
285 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
286 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
287 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
288 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
289 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
290 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
291 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
292 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
293 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
294 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
295 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
296 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
297 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
298 .support_trail
= '\xff',
302 {"fs-uboot", 0x00000, 0x20000},
303 {"partition-table", 0x20000, 0x02000},
304 {"default-mac", 0x30000, 0x00020},
305 {"product-info", 0x31100, 0x00100},
306 {"signature", 0x32000, 0x00400},
307 {"os-image", 0x40000, 0x200000},
308 {"file-system", 0x240000, 0x570000},
309 {"soft-version", 0x7b0000, 0x00100},
310 {"support-list", 0x7b1000, 0x00400},
311 {"user-config", 0x7c0000, 0x10000},
312 {"default-config", 0x7d0000, 0x10000},
313 {"log", 0x7e0000, 0x10000},
314 {"radio", 0x7f0000, 0x10000},
318 .first_sysupgrade_partition
= "os-image",
319 .last_sysupgrade_partition
= "support-list",
322 /** Firmware layout for the CPE510 V2 */
325 .vendor
= "CPE510(TP-LINK|UN|N300-5):2.0\r\n",
328 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
329 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
330 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
331 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
332 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
333 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
334 "CPE510(TP-LINK|US|N300-5|00000000):2.0\r\n"
335 "CPE510(TP-LINK|US|N300-5|45550000):2.0\r\n"
336 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
337 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
338 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
339 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
340 .support_trail
= '\xff',
344 {"fs-uboot", 0x00000, 0x20000},
345 {"partition-table", 0x20000, 0x02000},
346 {"default-mac", 0x30000, 0x00020},
347 {"product-info", 0x31100, 0x00100},
348 {"signature", 0x32000, 0x00400},
349 {"os-image", 0x40000, 0x200000},
350 {"file-system", 0x240000, 0x570000},
351 {"soft-version", 0x7b0000, 0x00100},
352 {"support-list", 0x7b1000, 0x00400},
353 {"user-config", 0x7c0000, 0x10000},
354 {"default-config", 0x7d0000, 0x10000},
355 {"log", 0x7e0000, 0x10000},
356 {"radio", 0x7f0000, 0x10000},
360 .first_sysupgrade_partition
= "os-image",
361 .last_sysupgrade_partition
= "support-list",
364 /** Firmware layout for the CPE510 V3 */
367 .vendor
= "CPE510(TP-LINK|UN|N300-5):3.0\r\n",
370 "CPE510(TP-LINK|EU|N300-5|00000000):3.0\r\n"
371 "CPE510(TP-LINK|EU|N300-5|45550000):3.0\r\n"
372 "CPE510(TP-LINK|EU|N300-5|55530000):3.0\r\n"
373 "CPE510(TP-LINK|UN|N300-5|00000000):3.0\r\n"
374 "CPE510(TP-LINK|UN|N300-5|45550000):3.0\r\n"
375 "CPE510(TP-LINK|UN|N300-5|55530000):3.0\r\n"
376 "CPE510(TP-LINK|US|N300-5|00000000):3.0\r\n"
377 "CPE510(TP-LINK|US|N300-5|45550000):3.0\r\n"
378 "CPE510(TP-LINK|US|N300-5|55530000):3.0\r\n"
379 "CPE510(TP-LINK|UN|N300-5):3.0\r\n"
380 "CPE510(TP-LINK|EU|N300-5):3.0\r\n"
381 "CPE510(TP-LINK|US|N300-5):3.0\r\n",
382 .support_trail
= '\xff',
386 {"fs-uboot", 0x00000, 0x20000},
387 {"partition-table", 0x20000, 0x02000},
388 {"default-mac", 0x30000, 0x00020},
389 {"product-info", 0x31100, 0x00100},
390 {"signature", 0x32000, 0x00400},
391 {"os-image", 0x40000, 0x200000},
392 {"file-system", 0x240000, 0x570000},
393 {"soft-version", 0x7b0000, 0x00100},
394 {"support-list", 0x7b1000, 0x00400},
395 {"user-config", 0x7c0000, 0x10000},
396 {"default-config", 0x7d0000, 0x10000},
397 {"log", 0x7e0000, 0x10000},
398 {"radio", 0x7f0000, 0x10000},
402 .first_sysupgrade_partition
= "os-image",
403 .last_sysupgrade_partition
= "support-list",
406 /** Firmware layout for the CPE610V1 */
409 .vendor
= "CPE610(TP-LINK|UN|N300-5|00000000):1.0\r\n",
412 "CPE610(TP-LINK|EU|N300-5|00000000):1.0\r\n"
413 "CPE610(TP-LINK|EU|N300-5|45550000):1.0\r\n"
414 "CPE610(TP-LINK|EU|N300-5|55530000):1.0\r\n"
415 "CPE610(TP-LINK|UN|N300-5|00000000):1.0\r\n"
416 "CPE610(TP-LINK|UN|N300-5|45550000):1.0\r\n"
417 "CPE610(TP-LINK|UN|N300-5|55530000):1.0\r\n"
418 "CPE610(TP-LINK|US|N300-5|55530000):1.0\r\n"
419 "CPE610(TP-LINK|UN|N300-5):1.0\r\n"
420 "CPE610(TP-LINK|EU|N300-5):1.0\r\n"
421 "CPE610(TP-LINK|US|N300-5):1.0\r\n",
422 .support_trail
= '\xff',
426 {"fs-uboot", 0x00000, 0x20000},
427 {"partition-table", 0x20000, 0x02000},
428 {"default-mac", 0x30000, 0x00020},
429 {"product-info", 0x31100, 0x00100},
430 {"signature", 0x32000, 0x00400},
431 {"os-image", 0x40000, 0x200000},
432 {"file-system", 0x240000, 0x570000},
433 {"soft-version", 0x7b0000, 0x00100},
434 {"support-list", 0x7b1000, 0x00400},
435 {"user-config", 0x7c0000, 0x10000},
436 {"default-config", 0x7d0000, 0x10000},
437 {"log", 0x7e0000, 0x10000},
438 {"radio", 0x7f0000, 0x10000},
442 .first_sysupgrade_partition
= "os-image",
443 .last_sysupgrade_partition
= "support-list",
448 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
451 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
452 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
453 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
454 .support_trail
= '\xff',
458 {"fs-uboot", 0x00000, 0x20000},
459 {"partition-table", 0x20000, 0x02000},
460 {"default-mac", 0x30000, 0x00020},
461 {"product-info", 0x31100, 0x00100},
462 {"signature", 0x32000, 0x00400},
463 {"os-image", 0x40000, 0x200000},
464 {"file-system", 0x240000, 0x570000},
465 {"soft-version", 0x7b0000, 0x00100},
466 {"support-list", 0x7b1000, 0x00400},
467 {"user-config", 0x7c0000, 0x10000},
468 {"default-config", 0x7d0000, 0x10000},
469 {"log", 0x7e0000, 0x10000},
470 {"radio", 0x7f0000, 0x10000},
474 .first_sysupgrade_partition
= "os-image",
475 .last_sysupgrade_partition
= "support-list",
480 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
483 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
484 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
485 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
486 .support_trail
= '\xff',
490 {"fs-uboot", 0x00000, 0x20000},
491 {"partition-table", 0x20000, 0x02000},
492 {"default-mac", 0x30000, 0x00020},
493 {"product-info", 0x31100, 0x00100},
494 {"signature", 0x32000, 0x00400},
495 {"os-image", 0x40000, 0x200000},
496 {"file-system", 0x240000, 0x570000},
497 {"soft-version", 0x7b0000, 0x00100},
498 {"support-list", 0x7b1000, 0x00400},
499 {"user-config", 0x7c0000, 0x10000},
500 {"default-config", 0x7d0000, 0x10000},
501 {"log", 0x7e0000, 0x10000},
502 {"radio", 0x7f0000, 0x10000},
506 .first_sysupgrade_partition
= "os-image",
507 .last_sysupgrade_partition
= "support-list",
510 /** Firmware layout for the C2600 */
516 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
517 .support_trail
= '\x00',
521 We use a bigger os-image partition than the stock images (and thus
522 smaller file-system), as our kernel doesn't fit in the stock firmware's
523 2 MB os-image since kernel 4.14.
526 {"SBL1", 0x00000, 0x20000},
527 {"MIBIB", 0x20000, 0x20000},
528 {"SBL2", 0x40000, 0x20000},
529 {"SBL3", 0x60000, 0x30000},
530 {"DDRCONFIG", 0x90000, 0x10000},
531 {"SSD", 0xa0000, 0x10000},
532 {"TZ", 0xb0000, 0x30000},
533 {"RPM", 0xe0000, 0x20000},
534 {"fs-uboot", 0x100000, 0x70000},
535 {"uboot-env", 0x170000, 0x40000},
536 {"radio", 0x1b0000, 0x40000},
537 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
538 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
539 {"default-mac", 0x1ef0000, 0x00200},
540 {"pin", 0x1ef0200, 0x00200},
541 {"product-info", 0x1ef0400, 0x0fc00},
542 {"partition-table", 0x1f00000, 0x10000},
543 {"soft-version", 0x1f10000, 0x10000},
544 {"support-list", 0x1f20000, 0x10000},
545 {"profile", 0x1f30000, 0x10000},
546 {"default-config", 0x1f40000, 0x10000},
547 {"user-config", 0x1f50000, 0x40000},
548 {"qos-db", 0x1f90000, 0x40000},
549 {"usb-config", 0x1fd0000, 0x10000},
550 {"log", 0x1fe0000, 0x20000},
554 .first_sysupgrade_partition
= "os-image",
555 .last_sysupgrade_partition
= "file-system"
558 /** Firmware layout for the A7-V5 */
560 .id
= "ARCHER-A7-V5",
563 "{product_name:Archer A7,product_ver:5.0.0,special_id:45550000}\n"
564 "{product_name:Archer A7,product_ver:5.0.0,special_id:55530000}\n"
565 "{product_name:Archer A7,product_ver:5.0.0,special_id:43410000}\n"
566 "{product_name:Archer A7,product_ver:5.0.0,special_id:4A500000}\n"
567 "{product_name:Archer A7,product_ver:5.0.0,special_id:54570000}\n",
568 .support_trail
= '\x00',
569 .soft_ver
= "soft_ver:1.0.0\n",
571 /* We're using a dynamic kernel/rootfs split here */
573 {"factory-boot", 0x00000, 0x20000},
574 {"fs-uboot", 0x20000, 0x20000},
575 {"firmware", 0x40000, 0xec0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
576 /* Stock: name file-system base 0x160000 size 0xda0000 */
577 {"default-mac", 0xf40000, 0x00200},
578 {"pin", 0xf40200, 0x00200},
579 {"device-id", 0xf40400, 0x00100},
580 {"product-info", 0xf40500, 0x0fb00},
581 {"soft-version", 0xf50000, 0x00100},
582 {"extra-para", 0xf51000, 0x01000},
583 {"support-list", 0xf52000, 0x0a000},
584 {"profile", 0xf5c000, 0x04000},
585 {"default-config", 0xf60000, 0x10000},
586 {"user-config", 0xf70000, 0x40000},
587 {"certificate", 0xfb0000, 0x10000},
588 {"partition-table", 0xfc0000, 0x10000},
589 {"log", 0xfd0000, 0x20000},
590 {"radio", 0xff0000, 0x10000},
594 .first_sysupgrade_partition
= "os-image",
595 .last_sysupgrade_partition
= "file-system",
598 /** Firmware layout for the C2v3 */
600 .id
= "ARCHER-C2-V3",
603 "{product_name:ArcherC2,product_ver:3.0.0,special_id:00000000}\n"
604 "{product_name:ArcherC2,product_ver:3.0.0,special_id:55530000}\n"
605 "{product_name:ArcherC2,product_ver:3.0.0,special_id:45550000}\n",
606 .support_trail
= '\x00',
607 .soft_ver
= "soft_ver:3.0.1\n",
609 /** We're using a dynamic kernel/rootfs split here */
612 {"factory-boot", 0x00000, 0x20000},
613 {"fs-uboot", 0x20000, 0x10000},
614 {"firmware", 0x30000, 0x7a0000},
615 {"user-config", 0x7d0000, 0x04000},
616 {"default-mac", 0x7e0000, 0x00100},
617 {"device-id", 0x7e0100, 0x00100},
618 {"extra-para", 0x7e0200, 0x00100},
619 {"pin", 0x7e0300, 0x00100},
620 {"support-list", 0x7e0400, 0x00400},
621 {"soft-version", 0x7e0800, 0x00400},
622 {"product-info", 0x7e0c00, 0x01400},
623 {"partition-table", 0x7e2000, 0x01000},
624 {"profile", 0x7e3000, 0x01000},
625 {"default-config", 0x7e4000, 0x04000},
626 {"merge-config", 0x7ec000, 0x02000},
627 {"qos-db", 0x7ee000, 0x02000},
628 {"radio", 0x7f0000, 0x10000},
632 .first_sysupgrade_partition
= "os-image",
633 .last_sysupgrade_partition
= "file-system",
636 /** Firmware layout for the C25v1 */
638 .id
= "ARCHER-C25-V1",
641 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
642 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
643 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
644 .support_trail
= '\x00',
645 .soft_ver
= "soft_ver:1.0.0\n",
647 /* We're using a dynamic kernel/rootfs split here */
649 {"factory-boot", 0x00000, 0x20000},
650 {"fs-uboot", 0x20000, 0x10000},
651 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
652 /* Stock: name file-system base 0x130000 size 0x6a0000 */
653 {"user-config", 0x7d0000, 0x04000},
654 {"default-mac", 0x7e0000, 0x00100},
655 {"device-id", 0x7e0100, 0x00100},
656 {"extra-para", 0x7e0200, 0x00100},
657 {"pin", 0x7e0300, 0x00100},
658 {"support-list", 0x7e0400, 0x00400},
659 {"soft-version", 0x7e0800, 0x00400},
660 {"product-info", 0x7e0c00, 0x01400},
661 {"partition-table", 0x7e2000, 0x01000},
662 {"profile", 0x7e3000, 0x01000},
663 {"default-config", 0x7e4000, 0x04000},
664 {"merge-config", 0x7ec000, 0x02000},
665 {"qos-db", 0x7ee000, 0x02000},
666 {"radio", 0x7f0000, 0x10000},
670 .first_sysupgrade_partition
= "os-image",
671 .last_sysupgrade_partition
= "file-system",
674 /** Firmware layout for the C58v1 */
676 .id
= "ARCHER-C58-V1",
680 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
681 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
682 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
683 .support_trail
= '\x00',
684 .soft_ver
= "soft_ver:1.0.0\n",
687 {"fs-uboot", 0x00000, 0x10000},
688 {"default-mac", 0x10000, 0x00200},
689 {"pin", 0x10200, 0x00200},
690 {"product-info", 0x10400, 0x00100},
691 {"partition-table", 0x10500, 0x00800},
692 {"soft-version", 0x11300, 0x00200},
693 {"support-list", 0x11500, 0x00100},
694 {"device-id", 0x11600, 0x00100},
695 {"profile", 0x11700, 0x03900},
696 {"default-config", 0x15000, 0x04000},
697 {"user-config", 0x19000, 0x04000},
698 {"firmware", 0x20000, 0x7c8000},
699 {"certyficate", 0x7e8000, 0x08000},
700 {"radio", 0x7f0000, 0x10000},
704 .first_sysupgrade_partition
= "os-image",
705 .last_sysupgrade_partition
= "file-system",
708 /** Firmware layout for the C59v1 */
710 .id
= "ARCHER-C59-V1",
714 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
715 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
716 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
717 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
718 .support_trail
= '\x00',
719 .soft_ver
= "soft_ver:1.0.0\n",
721 /* We're using a dynamic kernel/rootfs split here */
723 {"fs-uboot", 0x00000, 0x10000},
724 {"default-mac", 0x10000, 0x00200},
725 {"pin", 0x10200, 0x00200},
726 {"device-id", 0x10400, 0x00100},
727 {"product-info", 0x10500, 0x0fb00},
728 {"firmware", 0x20000, 0xe30000},
729 {"partition-table", 0xe50000, 0x10000},
730 {"soft-version", 0xe60000, 0x10000},
731 {"support-list", 0xe70000, 0x10000},
732 {"profile", 0xe80000, 0x10000},
733 {"default-config", 0xe90000, 0x10000},
734 {"user-config", 0xea0000, 0x40000},
735 {"usb-config", 0xee0000, 0x10000},
736 {"certificate", 0xef0000, 0x10000},
737 {"qos-db", 0xf00000, 0x40000},
738 {"log", 0xfe0000, 0x10000},
739 {"radio", 0xff0000, 0x10000},
743 .first_sysupgrade_partition
= "os-image",
744 .last_sysupgrade_partition
= "file-system",
747 /** Firmware layout for the C59v2 */
749 .id
= "ARCHER-C59-V2",
753 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
754 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
755 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
756 .support_trail
= '\x00',
757 .soft_ver
= "soft_ver:2.0.0 Build 20161206 rel.7303\n",
759 /** We're using a dynamic kernel/rootfs split here */
761 {"factory-boot", 0x00000, 0x20000},
762 {"fs-uboot", 0x20000, 0x10000},
763 {"default-mac", 0x30000, 0x00200},
764 {"pin", 0x30200, 0x00200},
765 {"device-id", 0x30400, 0x00100},
766 {"product-info", 0x30500, 0x0fb00},
767 {"firmware", 0x40000, 0xe10000},
768 {"partition-table", 0xe50000, 0x10000},
769 {"soft-version", 0xe60000, 0x10000},
770 {"support-list", 0xe70000, 0x10000},
771 {"profile", 0xe80000, 0x10000},
772 {"default-config", 0xe90000, 0x10000},
773 {"user-config", 0xea0000, 0x40000},
774 {"usb-config", 0xee0000, 0x10000},
775 {"certificate", 0xef0000, 0x10000},
776 {"extra-para", 0xf00000, 0x10000},
777 {"qos-db", 0xf10000, 0x30000},
778 {"log", 0xfe0000, 0x10000},
779 {"radio", 0xff0000, 0x10000},
783 .first_sysupgrade_partition
= "os-image",
784 .last_sysupgrade_partition
= "file-system",
787 /** Firmware layout for the C6v2 */
789 .id
= "ARCHER-C6-V2",
793 "{product_name:Archer C6,product_ver:2.0.0,special_id:45550000}\r\n"
794 "{product_name:Archer C6,product_ver:2.0.0,special_id:52550000}\r\n"
795 "{product_name:Archer C6,product_ver:2.0.0,special_id:4A500000}\r\n",
796 .support_trail
= '\x00',
797 .soft_ver
= "soft_ver:1.0.0\n",
800 {"fs-uboot", 0x00000, 0x20000},
801 {"default-mac", 0x20000, 0x00200},
802 {"pin", 0x20200, 0x00100},
803 {"product-info", 0x20300, 0x00200},
804 {"device-id", 0x20500, 0x0fb00},
805 {"firmware", 0x30000, 0x7a9400},
806 {"soft-version", 0x7d9400, 0x00100},
807 {"extra-para", 0x7d9500, 0x00100},
808 {"support-list", 0x7d9600, 0x00200},
809 {"profile", 0x7d9800, 0x03000},
810 {"default-config", 0x7dc800, 0x03000},
811 {"partition-table", 0x7df800, 0x00800},
812 {"user-config", 0x7e0000, 0x0c000},
813 {"certificate", 0x7ec000, 0x04000},
814 {"radio", 0x7f0000, 0x10000},
818 .first_sysupgrade_partition
= "os-image",
819 .last_sysupgrade_partition
= "file-system",
823 /** Firmware layout for the C60v1 */
825 .id
= "ARCHER-C60-V1",
829 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
830 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
831 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
832 .support_trail
= '\x00',
833 .soft_ver
= "soft_ver:1.0.0\n",
836 {"fs-uboot", 0x00000, 0x10000},
837 {"default-mac", 0x10000, 0x00200},
838 {"pin", 0x10200, 0x00200},
839 {"product-info", 0x10400, 0x00100},
840 {"partition-table", 0x10500, 0x00800},
841 {"soft-version", 0x11300, 0x00200},
842 {"support-list", 0x11500, 0x00100},
843 {"device-id", 0x11600, 0x00100},
844 {"profile", 0x11700, 0x03900},
845 {"default-config", 0x15000, 0x04000},
846 {"user-config", 0x19000, 0x04000},
847 {"firmware", 0x20000, 0x7c8000},
848 {"certyficate", 0x7e8000, 0x08000},
849 {"radio", 0x7f0000, 0x10000},
853 .first_sysupgrade_partition
= "os-image",
854 .last_sysupgrade_partition
= "file-system",
857 /** Firmware layout for the C60v2 */
859 .id
= "ARCHER-C60-V2",
863 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
864 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
865 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
866 .support_trail
= '\x00',
867 .soft_ver
= "soft_ver:2.0.0\n",
870 {"factory-boot", 0x00000, 0x1fb00},
871 {"default-mac", 0x1fb00, 0x00200},
872 {"pin", 0x1fd00, 0x00100},
873 {"product-info", 0x1fe00, 0x00100},
874 {"device-id", 0x1ff00, 0x00100},
875 {"fs-uboot", 0x20000, 0x10000},
876 {"firmware", 0x30000, 0x7a0000},
877 {"soft-version", 0x7d9500, 0x00100},
878 {"support-list", 0x7d9600, 0x00100},
879 {"extra-para", 0x7d9700, 0x00100},
880 {"profile", 0x7d9800, 0x03000},
881 {"default-config", 0x7dc800, 0x03000},
882 {"partition-table", 0x7df800, 0x00800},
883 {"user-config", 0x7e0000, 0x0c000},
884 {"certificate", 0x7ec000, 0x04000},
885 {"radio", 0x7f0000, 0x10000},
889 .first_sysupgrade_partition
= "os-image",
890 .last_sysupgrade_partition
= "file-system",
893 /** Firmware layout for the C5 */
895 .id
= "ARCHER-C5-V2",
899 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
900 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
901 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
902 .support_trail
= '\x00',
906 {"fs-uboot", 0x00000, 0x40000},
907 {"os-image", 0x40000, 0x200000},
908 {"file-system", 0x240000, 0xc00000},
909 {"default-mac", 0xe40000, 0x00200},
910 {"pin", 0xe40200, 0x00200},
911 {"product-info", 0xe40400, 0x00200},
912 {"partition-table", 0xe50000, 0x10000},
913 {"soft-version", 0xe60000, 0x00200},
914 {"support-list", 0xe61000, 0x0f000},
915 {"profile", 0xe70000, 0x10000},
916 {"default-config", 0xe80000, 0x10000},
917 {"user-config", 0xe90000, 0x50000},
918 {"log", 0xee0000, 0x100000},
919 {"radio_bk", 0xfe0000, 0x10000},
920 {"radio", 0xff0000, 0x10000},
924 .first_sysupgrade_partition
= "os-image",
925 .last_sysupgrade_partition
= "file-system"
928 /** Firmware layout for the C7 */
930 .id
= "ARCHER-C7-V4",
933 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
934 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
935 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
936 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
937 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
938 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
939 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
940 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
941 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
942 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
943 .support_trail
= '\x00',
944 .soft_ver
= "soft_ver:1.0.0\n",
946 /* We're using a dynamic kernel/rootfs split here */
948 {"factory-boot", 0x00000, 0x20000},
949 {"fs-uboot", 0x20000, 0x20000},
950 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
951 /* Stock: name file-system base 0x160000 size 0xda0000 */
952 {"default-mac", 0xf00000, 0x00200},
953 {"pin", 0xf00200, 0x00200},
954 {"device-id", 0xf00400, 0x00100},
955 {"product-info", 0xf00500, 0x0fb00},
956 {"soft-version", 0xf10000, 0x00100},
957 {"extra-para", 0xf11000, 0x01000},
958 {"support-list", 0xf12000, 0x0a000},
959 {"profile", 0xf1c000, 0x04000},
960 {"default-config", 0xf20000, 0x10000},
961 {"user-config", 0xf30000, 0x40000},
962 {"qos-db", 0xf70000, 0x40000},
963 {"certificate", 0xfb0000, 0x10000},
964 {"partition-table", 0xfc0000, 0x10000},
965 {"log", 0xfd0000, 0x20000},
966 {"radio", 0xff0000, 0x10000},
970 .first_sysupgrade_partition
= "os-image",
971 .last_sysupgrade_partition
= "file-system",
974 /** Firmware layout for the C7 v5*/
976 .id
= "ARCHER-C7-V5",
979 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
980 "{product_name:Archer C7,product_ver:5.0.0,special_id:45550000}\n"
981 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n"
982 "{product_name:Archer C7,product_ver:5.0.0,special_id:43410000}\n"
983 "{product_name:Archer C7,product_ver:5.0.0,special_id:4A500000}\n"
984 "{product_name:Archer C7,product_ver:5.0.0,special_id:54570000}\n"
985 "{product_name:Archer C7,product_ver:5.0.0,special_id:52550000}\n"
986 "{product_name:Archer C7,product_ver:5.0.0,special_id:4B520000}\n",
988 .support_trail
= '\x00',
989 .soft_ver
= "soft_ver:1.0.0\n",
991 /* We're using a dynamic kernel/rootfs split here */
993 {"factory-boot", 0x00000, 0x20000},
994 {"fs-uboot", 0x20000, 0x20000},
995 {"partition-table", 0x40000, 0x10000},
996 {"radio", 0x50000, 0x10000},
997 {"default-mac", 0x60000, 0x00200},
998 {"pin", 0x60200, 0x00200},
999 {"device-id", 0x60400, 0x00100},
1000 {"product-info", 0x60500, 0x0fb00},
1001 {"soft-version", 0x70000, 0x01000},
1002 {"extra-para", 0x71000, 0x01000},
1003 {"support-list", 0x72000, 0x0a000},
1004 {"profile", 0x7c000, 0x04000},
1005 {"user-config", 0x80000, 0x40000},
1008 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
1009 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
1011 {"log", 0xfc0000, 0x20000},
1012 {"certificate", 0xfe0000, 0x10000},
1013 {"default-config", 0xff0000, 0x10000},
1018 .first_sysupgrade_partition
= "os-image",
1019 .last_sysupgrade_partition
= "file-system",
1022 /** Firmware layout for the C9 */
1028 "{product_name:ArcherC9,"
1029 "product_ver:1.0.0,"
1030 "special_id:00000000}\n",
1031 .support_trail
= '\x00',
1035 {"fs-uboot", 0x00000, 0x40000},
1036 {"os-image", 0x40000, 0x200000},
1037 {"file-system", 0x240000, 0xc00000},
1038 {"default-mac", 0xe40000, 0x00200},
1039 {"pin", 0xe40200, 0x00200},
1040 {"product-info", 0xe40400, 0x00200},
1041 {"partition-table", 0xe50000, 0x10000},
1042 {"soft-version", 0xe60000, 0x00200},
1043 {"support-list", 0xe61000, 0x0f000},
1044 {"profile", 0xe70000, 0x10000},
1045 {"default-config", 0xe80000, 0x10000},
1046 {"user-config", 0xe90000, 0x50000},
1047 {"log", 0xee0000, 0x100000},
1048 {"radio_bk", 0xfe0000, 0x10000},
1049 {"radio", 0xff0000, 0x10000},
1053 .first_sysupgrade_partition
= "os-image",
1054 .last_sysupgrade_partition
= "file-system"
1057 /** Firmware layout for the EAP120 */
1060 .vendor
= "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
1063 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
1064 .support_trail
= '\xff',
1068 {"fs-uboot", 0x00000, 0x20000},
1069 {"partition-table", 0x20000, 0x02000},
1070 {"default-mac", 0x30000, 0x00020},
1071 {"support-list", 0x31000, 0x00100},
1072 {"product-info", 0x31100, 0x00100},
1073 {"soft-version", 0x32000, 0x00100},
1074 {"os-image", 0x40000, 0x180000},
1075 {"file-system", 0x1c0000, 0x600000},
1076 {"user-config", 0x7c0000, 0x10000},
1077 {"backup-config", 0x7d0000, 0x10000},
1078 {"log", 0x7e0000, 0x10000},
1079 {"radio", 0x7f0000, 0x10000},
1083 .first_sysupgrade_partition
= "os-image",
1084 .last_sysupgrade_partition
= "file-system"
1087 /** Firmware layout for the TL-WA850RE v2 */
1089 .id
= "TLWA850REV2",
1093 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
1094 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
1095 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
1096 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
1097 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
1098 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
1099 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
1100 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
1101 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
1102 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
1103 .support_trail
= '\x00',
1107 576KB were moved from file-system to os-image
1108 in comparison to the stock image
1111 {"fs-uboot", 0x00000, 0x20000},
1112 {"os-image", 0x20000, 0x150000},
1113 {"file-system", 0x170000, 0x240000},
1114 {"partition-table", 0x3b0000, 0x02000},
1115 {"default-mac", 0x3c0000, 0x00020},
1116 {"pin", 0x3c0100, 0x00020},
1117 {"product-info", 0x3c1000, 0x01000},
1118 {"soft-version", 0x3c2000, 0x00100},
1119 {"support-list", 0x3c3000, 0x01000},
1120 {"profile", 0x3c4000, 0x08000},
1121 {"user-config", 0x3d0000, 0x10000},
1122 {"default-config", 0x3e0000, 0x10000},
1123 {"radio", 0x3f0000, 0x10000},
1127 .first_sysupgrade_partition
= "os-image",
1128 .last_sysupgrade_partition
= "file-system"
1131 /** Firmware layout for the TL-WA855RE v1 */
1133 .id
= "TLWA855REV1",
1137 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
1138 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
1139 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
1140 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
1141 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
1142 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
1143 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
1144 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
1145 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
1146 .support_trail
= '\x00',
1150 {"fs-uboot", 0x00000, 0x20000},
1151 {"os-image", 0x20000, 0x150000},
1152 {"file-system", 0x170000, 0x240000},
1153 {"partition-table", 0x3b0000, 0x02000},
1154 {"default-mac", 0x3c0000, 0x00020},
1155 {"pin", 0x3c0100, 0x00020},
1156 {"product-info", 0x3c1000, 0x01000},
1157 {"soft-version", 0x3c2000, 0x00100},
1158 {"support-list", 0x3c3000, 0x01000},
1159 {"profile", 0x3c4000, 0x08000},
1160 {"user-config", 0x3d0000, 0x10000},
1161 {"default-config", 0x3e0000, 0x10000},
1162 {"radio", 0x3f0000, 0x10000},
1166 .first_sysupgrade_partition
= "os-image",
1167 .last_sysupgrade_partition
= "file-system"
1170 /** Firmware layout for the TL-WR1043 v5 */
1172 .id
= "TLWR1043NV5",
1176 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
1177 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
1178 .support_trail
= '\x00',
1179 .soft_ver
= "soft_ver:1.0.0\n",
1181 {"factory-boot", 0x00000, 0x20000},
1182 {"fs-uboot", 0x20000, 0x20000},
1183 {"firmware", 0x40000, 0xec0000},
1184 {"default-mac", 0xf00000, 0x00200},
1185 {"pin", 0xf00200, 0x00200},
1186 {"device-id", 0xf00400, 0x00100},
1187 {"product-info", 0xf00500, 0x0fb00},
1188 {"soft-version", 0xf10000, 0x01000},
1189 {"extra-para", 0xf11000, 0x01000},
1190 {"support-list", 0xf12000, 0x0a000},
1191 {"profile", 0xf1c000, 0x04000},
1192 {"default-config", 0xf20000, 0x10000},
1193 {"user-config", 0xf30000, 0x40000},
1194 {"qos-db", 0xf70000, 0x40000},
1195 {"certificate", 0xfb0000, 0x10000},
1196 {"partition-table", 0xfc0000, 0x10000},
1197 {"log", 0xfd0000, 0x20000},
1198 {"radio", 0xff0000, 0x10000},
1201 .first_sysupgrade_partition
= "os-image",
1202 .last_sysupgrade_partition
= "file-system"
1205 /** Firmware layout for the TL-WR1043 v4 */
1207 .id
= "TLWR1043NDV4",
1211 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
1212 .support_trail
= '\x00',
1215 /* We're using a dynamic kernel/rootfs split here */
1217 {"fs-uboot", 0x00000, 0x20000},
1218 {"firmware", 0x20000, 0xf30000},
1219 {"default-mac", 0xf50000, 0x00200},
1220 {"pin", 0xf50200, 0x00200},
1221 {"product-info", 0xf50400, 0x0fc00},
1222 {"soft-version", 0xf60000, 0x0b000},
1223 {"support-list", 0xf6b000, 0x04000},
1224 {"profile", 0xf70000, 0x04000},
1225 {"default-config", 0xf74000, 0x0b000},
1226 {"user-config", 0xf80000, 0x40000},
1227 {"partition-table", 0xfc0000, 0x10000},
1228 {"log", 0xfd0000, 0x20000},
1229 {"radio", 0xff0000, 0x10000},
1233 .first_sysupgrade_partition
= "os-image",
1234 .last_sysupgrade_partition
= "file-system"
1237 /** Firmware layout for the TL-WR902AC v1 */
1239 .id
= "TL-WR902AC-V1",
1243 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
1244 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
1245 .support_trail
= '\x00',
1249 384KB were moved from file-system to os-image
1250 in comparison to the stock image
1253 {"fs-uboot", 0x00000, 0x20000},
1254 {"firmware", 0x20000, 0x730000},
1255 {"default-mac", 0x750000, 0x00200},
1256 {"pin", 0x750200, 0x00200},
1257 {"product-info", 0x750400, 0x0fc00},
1258 {"soft-version", 0x760000, 0x0b000},
1259 {"support-list", 0x76b000, 0x04000},
1260 {"profile", 0x770000, 0x04000},
1261 {"default-config", 0x774000, 0x0b000},
1262 {"user-config", 0x780000, 0x40000},
1263 {"partition-table", 0x7c0000, 0x10000},
1264 {"log", 0x7d0000, 0x20000},
1265 {"radio", 0x7f0000, 0x10000},
1269 .first_sysupgrade_partition
= "os-image",
1270 .last_sysupgrade_partition
= "file-system",
1273 /** Firmware layout for the TL-WR942N V1 */
1279 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
1280 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
1281 .support_trail
= '\x00',
1285 {"fs-uboot", 0x00000, 0x20000},
1286 {"firmware", 0x20000, 0xe20000},
1287 {"default-mac", 0xe40000, 0x00200},
1288 {"pin", 0xe40200, 0x00200},
1289 {"product-info", 0xe40400, 0x0fc00},
1290 {"partition-table", 0xe50000, 0x10000},
1291 {"soft-version", 0xe60000, 0x10000},
1292 {"support-list", 0xe70000, 0x10000},
1293 {"profile", 0xe80000, 0x10000},
1294 {"default-config", 0xe90000, 0x10000},
1295 {"user-config", 0xea0000, 0x40000},
1296 {"qos-db", 0xee0000, 0x40000},
1297 {"certificate", 0xf20000, 0x10000},
1298 {"usb-config", 0xfb0000, 0x10000},
1299 {"log", 0xfc0000, 0x20000},
1300 {"radio-bk", 0xfe0000, 0x10000},
1301 {"radio", 0xff0000, 0x10000},
1305 .first_sysupgrade_partition
= "os-image",
1306 .last_sysupgrade_partition
= "file-system",
1309 /** Firmware layout for the RE350 v1 */
1315 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1316 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1317 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1318 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1319 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1320 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1321 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1322 .support_trail
= '\x00',
1325 /** We're using a dynamic kernel/rootfs split here */
1327 {"fs-uboot", 0x00000, 0x20000},
1328 {"firmware", 0x20000, 0x5e0000},
1329 {"partition-table", 0x600000, 0x02000},
1330 {"default-mac", 0x610000, 0x00020},
1331 {"pin", 0x610100, 0x00020},
1332 {"product-info", 0x611100, 0x01000},
1333 {"soft-version", 0x620000, 0x01000},
1334 {"support-list", 0x621000, 0x01000},
1335 {"profile", 0x622000, 0x08000},
1336 {"user-config", 0x630000, 0x10000},
1337 {"default-config", 0x640000, 0x10000},
1338 {"radio", 0x7f0000, 0x10000},
1342 .first_sysupgrade_partition
= "os-image",
1343 .last_sysupgrade_partition
= "file-system"
1346 /** Firmware layout for the RE350K v1 */
1352 "{product_name:RE350K,product_ver:1.0.0,special_id:00000000,product_region:US}\n",
1353 .support_trail
= '\x00',
1356 /** We're using a dynamic kernel/rootfs split here */
1358 {"fs-uboot", 0x00000, 0x20000},
1359 {"firmware", 0x20000, 0xd70000},
1360 {"partition-table", 0xd90000, 0x02000},
1361 {"default-mac", 0xda0000, 0x00020},
1362 {"pin", 0xda0100, 0x00020},
1363 {"product-info", 0xda1100, 0x01000},
1364 {"soft-version", 0xdb0000, 0x01000},
1365 {"support-list", 0xdb1000, 0x01000},
1366 {"profile", 0xdb2000, 0x08000},
1367 {"user-config", 0xdc0000, 0x10000},
1368 {"default-config", 0xdd0000, 0x10000},
1369 {"device-id", 0xde0000, 0x00108},
1370 {"radio", 0xff0000, 0x10000},
1374 .first_sysupgrade_partition
= "os-image",
1375 .last_sysupgrade_partition
= "file-system"
1378 /** Firmware layout for the RE355 */
1384 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1385 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1386 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1387 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1388 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1389 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1390 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1391 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1392 .support_trail
= '\x00',
1395 /* We're using a dynamic kernel/rootfs split here */
1397 {"fs-uboot", 0x00000, 0x20000},
1398 {"firmware", 0x20000, 0x5e0000},
1399 {"partition-table", 0x600000, 0x02000},
1400 {"default-mac", 0x610000, 0x00020},
1401 {"pin", 0x610100, 0x00020},
1402 {"product-info", 0x611100, 0x01000},
1403 {"soft-version", 0x620000, 0x01000},
1404 {"support-list", 0x621000, 0x01000},
1405 {"profile", 0x622000, 0x08000},
1406 {"user-config", 0x630000, 0x10000},
1407 {"default-config", 0x640000, 0x10000},
1408 {"radio", 0x7f0000, 0x10000},
1412 .first_sysupgrade_partition
= "os-image",
1413 .last_sysupgrade_partition
= "file-system"
1416 /** Firmware layout for the RE450 */
1422 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1423 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1424 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1425 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1426 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1427 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1428 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1429 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1430 .support_trail
= '\x00',
1433 /** We're using a dynamic kernel/rootfs split here */
1435 {"fs-uboot", 0x00000, 0x20000},
1436 {"firmware", 0x20000, 0x5e0000},
1437 {"partition-table", 0x600000, 0x02000},
1438 {"default-mac", 0x610000, 0x00020},
1439 {"pin", 0x610100, 0x00020},
1440 {"product-info", 0x611100, 0x01000},
1441 {"soft-version", 0x620000, 0x01000},
1442 {"support-list", 0x621000, 0x01000},
1443 {"profile", 0x622000, 0x08000},
1444 {"user-config", 0x630000, 0x10000},
1445 {"default-config", 0x640000, 0x10000},
1446 {"radio", 0x7f0000, 0x10000},
1450 .first_sysupgrade_partition
= "os-image",
1451 .last_sysupgrade_partition
= "file-system"
1454 /** Firmware layout for the RE450 v2 */
1460 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1461 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1462 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1463 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1464 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1465 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1466 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1467 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1468 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1469 .support_trail
= '\x00',
1472 /* We're using a dynamic kernel/rootfs split here */
1474 {"fs-uboot", 0x00000, 0x20000},
1475 {"firmware", 0x20000, 0x5e0000},
1476 {"partition-table", 0x600000, 0x02000},
1477 {"default-mac", 0x610000, 0x00020},
1478 {"pin", 0x610100, 0x00020},
1479 {"product-info", 0x611100, 0x01000},
1480 {"soft-version", 0x620000, 0x01000},
1481 {"support-list", 0x621000, 0x01000},
1482 {"profile", 0x622000, 0x08000},
1483 {"user-config", 0x630000, 0x10000},
1484 {"default-config", 0x640000, 0x10000},
1485 {"radio", 0x7f0000, 0x10000},
1490 .first_sysupgrade_partition
= "os-image",
1491 .last_sysupgrade_partition
= "file-system"
1494 /** Firmware layout for the RE650 */
1500 "{product_name:RE650,product_ver:1.0.0,special_id:00000000}\r\n"
1501 "{product_name:RE650,product_ver:1.0.0,special_id:55530000}\r\n"
1502 "{product_name:RE650,product_ver:1.0.0,special_id:45550000}\r\n"
1503 "{product_name:RE650,product_ver:1.0.0,special_id:4A500000}\r\n"
1504 "{product_name:RE650,product_ver:1.0.0,special_id:43410000}\r\n"
1505 "{product_name:RE650,product_ver:1.0.0,special_id:41550000}\r\n"
1506 "{product_name:RE650,product_ver:1.0.0,special_id:41530000}\r\n",
1507 .support_trail
= '\x00',
1510 /* We're using a dynamic kernel/rootfs split here */
1512 {"fs-uboot", 0x00000, 0x20000},
1513 {"firmware", 0x20000, 0xde0000},
1514 {"partition-table", 0xe00000, 0x02000},
1515 {"default-mac", 0xe10000, 0x00020},
1516 {"pin", 0xe10100, 0x00020},
1517 {"product-info", 0xe11100, 0x01000},
1518 {"soft-version", 0xe20000, 0x01000},
1519 {"support-list", 0xe21000, 0x01000},
1520 {"profile", 0xe22000, 0x08000},
1521 {"user-config", 0xe30000, 0x10000},
1522 {"default-config", 0xe40000, 0x10000},
1523 {"radio", 0xff0000, 0x10000},
1527 .first_sysupgrade_partition
= "os-image",
1528 .last_sysupgrade_partition
= "file-system"
1534 #define error(_ret, _errno, _str, ...) \
1536 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1537 strerror(_errno)); \
1543 /** Stores a uint32 as big endian */
1544 static inline void put32(uint8_t *buf
, uint32_t val
) {
1551 /** Allocates a new image partition */
1552 static struct image_partition_entry
alloc_image_partition(const char *name
, size_t len
) {
1553 struct image_partition_entry entry
= {name
, len
, malloc(len
)};
1555 error(1, errno
, "malloc");
1560 /** Frees an image partition */
1561 static void free_image_partition(struct image_partition_entry entry
) {
1565 static time_t source_date_epoch
= -1;
1566 static void set_source_date_epoch() {
1567 char *env
= getenv("SOURCE_DATE_EPOCH");
1571 source_date_epoch
= strtoull(env
, &endptr
, 10);
1572 if (errno
|| (endptr
&& *endptr
!= '\0')) {
1573 fprintf(stderr
, "Invalid SOURCE_DATE_EPOCH");
1579 /** Generates the partition-table partition */
1580 static struct image_partition_entry
make_partition_table(const struct flash_partition_entry
*p
) {
1581 struct image_partition_entry entry
= alloc_image_partition("partition-table", 0x800);
1583 char *s
= (char *)entry
.data
, *end
= (char *)(s
+entry
.size
);
1591 for (i
= 0; p
[i
].name
; i
++) {
1593 size_t w
= snprintf(s
, len
, "partition %s base 0x%05x size 0x%05x\n", p
[i
].name
, p
[i
].base
, p
[i
].size
);
1596 error(1, 0, "flash partition table overflow?");
1603 memset(s
, 0xff, end
-s
);
1609 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1610 static inline uint8_t bcd(uint8_t v
) {
1611 return 0x10 * (v
/10) + v
%10;
1615 /** Generates the soft-version partition */
1616 static struct image_partition_entry
make_soft_version(uint32_t rev
) {
1617 struct image_partition_entry entry
= alloc_image_partition("soft-version", sizeof(struct soft_version
));
1618 struct soft_version
*s
= (struct soft_version
*)entry
.data
;
1622 if (source_date_epoch
!= -1)
1623 t
= source_date_epoch
;
1624 else if (time(&t
) == (time_t)(-1))
1625 error(1, errno
, "time");
1627 struct tm
*tm
= localtime(&t
);
1629 s
->magic
= htonl(0x0000000c);
1633 s
->version_major
= 0;
1634 s
->version_minor
= 0;
1635 s
->version_patch
= 0;
1637 s
->year_hi
= bcd((1900+tm
->tm_year
)/100);
1638 s
->year_lo
= bcd(tm
->tm_year
%100);
1639 s
->month
= bcd(tm
->tm_mon
+1);
1640 s
->day
= bcd(tm
->tm_mday
);
1641 s
->rev
= htonl(rev
);
1648 static struct image_partition_entry
make_soft_version_from_string(const char *soft_ver
) {
1649 /** String length _including_ the terminating zero byte */
1650 uint32_t ver_len
= strlen(soft_ver
) + 1;
1651 /** Partition contains 64 bit header, the version string, and one additional null byte */
1652 size_t partition_len
= 2*sizeof(uint32_t) + ver_len
+ 1;
1653 struct image_partition_entry entry
= alloc_image_partition("soft-version", partition_len
);
1655 uint32_t *len
= (uint32_t *)entry
.data
;
1656 len
[0] = htonl(ver_len
);
1658 memcpy(&len
[2], soft_ver
, ver_len
);
1660 entry
.data
[partition_len
- 1] = 0;
1665 /** Generates the support-list partition */
1666 static struct image_partition_entry
make_support_list(struct device_info
*info
) {
1667 size_t len
= strlen(info
->support_list
);
1668 struct image_partition_entry entry
= alloc_image_partition("support-list", len
+ 9);
1670 put32(entry
.data
, len
);
1671 memset(entry
.data
+4, 0, 4);
1672 memcpy(entry
.data
+8, info
->support_list
, len
);
1673 entry
.data
[len
+8] = info
->support_trail
;
1678 /** Creates a new image partition with an arbitrary name from a file */
1679 static struct image_partition_entry
read_file(const char *part_name
, const char *filename
, bool add_jffs2_eof
, struct flash_partition_entry
*file_system_partition
) {
1680 struct stat statbuf
;
1682 if (stat(filename
, &statbuf
) < 0)
1683 error(1, errno
, "unable to stat file `%s'", filename
);
1685 size_t len
= statbuf
.st_size
;
1688 if (file_system_partition
)
1689 len
= ALIGN(len
+ file_system_partition
->base
, 0x10000) + sizeof(jffs2_eof_mark
) - file_system_partition
->base
;
1691 len
= ALIGN(len
, 0x10000) + sizeof(jffs2_eof_mark
);
1693 struct image_partition_entry entry
= alloc_image_partition(part_name
, len
);
1695 FILE *file
= fopen(filename
, "rb");
1697 error(1, errno
, "unable to open file `%s'", filename
);
1699 if (fread(entry
.data
, statbuf
.st_size
, 1, file
) != 1)
1700 error(1, errno
, "unable to read file `%s'", filename
);
1702 if (add_jffs2_eof
) {
1703 uint8_t *eof
= entry
.data
+ statbuf
.st_size
, *end
= entry
.data
+entry
.size
;
1705 memset(eof
, 0xff, end
- eof
- sizeof(jffs2_eof_mark
));
1706 memcpy(end
- sizeof(jffs2_eof_mark
), jffs2_eof_mark
, sizeof(jffs2_eof_mark
));
1714 /** Creates a new image partition from arbitrary data */
1715 static struct image_partition_entry
put_data(const char *part_name
, const char *datain
, size_t len
) {
1717 struct image_partition_entry entry
= alloc_image_partition(part_name
, len
);
1719 memcpy(entry
.data
, datain
, len
);
1725 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1727 Example image partition table:
1729 fwup-ptn partition-table base 0x00800 size 0x00800
1730 fwup-ptn os-image base 0x01000 size 0x113b45
1731 fwup-ptn file-system base 0x114b45 size 0x1d0004
1732 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1734 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1735 the end of the partition table is marked with a zero byte.
1737 The firmware image must contain at least the partition-table and support-list partitions
1738 to be accepted. There aren't any alignment constraints for the image partitions.
1740 The partition-table partition contains the actual flash layout; partitions
1741 from the image partition table are mapped to the corresponding flash partitions during
1742 the firmware upgrade. The support-list partition contains a list of devices supported by
1745 The base offsets in the firmware partition table are relative to the end
1746 of the vendor information block, so the partition-table partition will
1747 actually start at offset 0x1814 of the image.
1749 I think partition-table must be the first partition in the firmware image.
1751 static void put_partitions(uint8_t *buffer
, const struct flash_partition_entry
*flash_parts
, const struct image_partition_entry
*parts
) {
1753 char *image_pt
= (char *)buffer
, *end
= image_pt
+ 0x800;
1755 size_t base
= 0x800;
1756 for (i
= 0; parts
[i
].name
; i
++) {
1757 for (j
= 0; flash_parts
[j
].name
; j
++) {
1758 if (!strcmp(flash_parts
[j
].name
, parts
[i
].name
)) {
1759 if (parts
[i
].size
> flash_parts
[j
].size
)
1760 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts
[j
].name
, (unsigned)flash_parts
[j
].size
);
1765 assert(flash_parts
[j
].name
);
1767 memcpy(buffer
+ base
, parts
[i
].data
, parts
[i
].size
);
1769 size_t len
= end
-image_pt
;
1770 size_t w
= snprintf(image_pt
, len
, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts
[i
].name
, (unsigned)base
, (unsigned)parts
[i
].size
);
1773 error(1, 0, "image partition table overflow?");
1777 base
+= parts
[i
].size
;
1781 /** Generates and writes the image MD5 checksum */
1782 static void put_md5(uint8_t *md5
, uint8_t *buffer
, unsigned int len
) {
1786 MD5_Update(&ctx
, md5_salt
, (unsigned int)sizeof(md5_salt
));
1787 MD5_Update(&ctx
, buffer
, len
);
1788 MD5_Final(md5
, &ctx
);
1793 Generates the firmware image in factory format
1799 0000-0003 Image size (4 bytes, big endian)
1800 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1801 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1802 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1803 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1804 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1805 1814-xxxx Firmware partitions
1807 static void * generate_factory_image(struct device_info
*info
, const struct image_partition_entry
*parts
, size_t *len
) {
1811 for (i
= 0; parts
[i
].name
; i
++)
1812 *len
+= parts
[i
].size
;
1814 uint8_t *image
= malloc(*len
);
1816 error(1, errno
, "malloc");
1818 memset(image
, 0xff, *len
);
1822 size_t vendor_len
= strlen(info
->vendor
);
1823 put32(image
+0x14, vendor_len
);
1824 memcpy(image
+0x18, info
->vendor
, vendor_len
);
1827 put_partitions(image
+ 0x1014, info
->partitions
, parts
);
1828 put_md5(image
+0x04, image
+0x14, *len
-0x14);
1834 Generates the firmware image in sysupgrade format
1836 This makes some assumptions about the provided flash and image partition tables and
1837 should be generalized when TP-LINK starts building its safeloader into hardware with
1838 different flash layouts.
1840 static void * generate_sysupgrade_image(struct device_info
*info
, const struct image_partition_entry
*image_parts
, size_t *len
) {
1842 size_t flash_first_partition_index
= 0;
1843 size_t flash_last_partition_index
= 0;
1844 const struct flash_partition_entry
*flash_first_partition
= NULL
;
1845 const struct flash_partition_entry
*flash_last_partition
= NULL
;
1846 const struct image_partition_entry
*image_last_partition
= NULL
;
1848 /** Find first and last partitions */
1849 for (i
= 0; info
->partitions
[i
].name
; i
++) {
1850 if (!strcmp(info
->partitions
[i
].name
, info
->first_sysupgrade_partition
)) {
1851 flash_first_partition
= &info
->partitions
[i
];
1852 flash_first_partition_index
= i
;
1853 } else if (!strcmp(info
->partitions
[i
].name
, info
->last_sysupgrade_partition
)) {
1854 flash_last_partition
= &info
->partitions
[i
];
1855 flash_last_partition_index
= i
;
1859 assert(flash_first_partition
&& flash_last_partition
);
1860 assert(flash_first_partition_index
< flash_last_partition_index
);
1862 /** Find last partition from image to calculate needed size */
1863 for (i
= 0; image_parts
[i
].name
; i
++) {
1864 if (!strcmp(image_parts
[i
].name
, info
->last_sysupgrade_partition
)) {
1865 image_last_partition
= &image_parts
[i
];
1870 assert(image_last_partition
);
1872 *len
= flash_last_partition
->base
- flash_first_partition
->base
+ image_last_partition
->size
;
1874 uint8_t *image
= malloc(*len
);
1876 error(1, errno
, "malloc");
1878 memset(image
, 0xff, *len
);
1880 for (i
= flash_first_partition_index
; i
<= flash_last_partition_index
; i
++) {
1881 for (j
= 0; image_parts
[j
].name
; j
++) {
1882 if (!strcmp(info
->partitions
[i
].name
, image_parts
[j
].name
)) {
1883 if (image_parts
[j
].size
> info
->partitions
[i
].size
)
1884 error(1, 0, "%s partition too big (more than %u bytes)", info
->partitions
[i
].name
, (unsigned)info
->partitions
[i
].size
);
1885 memcpy(image
+ info
->partitions
[i
].base
- flash_first_partition
->base
, image_parts
[j
].data
, image_parts
[j
].size
);
1889 assert(image_parts
[j
].name
);
1896 /** Generates an image according to a given layout and writes it to a file */
1897 static void build_image(const char *output
,
1898 const char *kernel_image
,
1899 const char *rootfs_image
,
1903 struct device_info
*info
) {
1907 struct image_partition_entry parts
[7] = {};
1909 struct flash_partition_entry
*firmware_partition
= NULL
;
1910 struct flash_partition_entry
*os_image_partition
= NULL
;
1911 struct flash_partition_entry
*file_system_partition
= NULL
;
1912 size_t firmware_partition_index
= 0;
1914 for (i
= 0; info
->partitions
[i
].name
; i
++) {
1915 if (!strcmp(info
->partitions
[i
].name
, "firmware"))
1917 firmware_partition
= &info
->partitions
[i
];
1918 firmware_partition_index
= i
;
1922 if (firmware_partition
)
1924 os_image_partition
= &info
->partitions
[firmware_partition_index
];
1925 file_system_partition
= &info
->partitions
[firmware_partition_index
+ 1];
1928 if (stat(kernel_image
, &kernel
) < 0)
1929 error(1, errno
, "unable to stat file `%s'", kernel_image
);
1931 if (kernel
.st_size
> firmware_partition
->size
)
1932 error(1, 0, "kernel overflowed firmware partition\n");
1934 for (i
= MAX_PARTITIONS
-1; i
>= firmware_partition_index
+ 1; i
--)
1935 info
->partitions
[i
+1] = info
->partitions
[i
];
1937 file_system_partition
->name
= "file-system";
1938 file_system_partition
->base
= firmware_partition
->base
+ kernel
.st_size
;
1940 /* Align partition start to erase blocks for factory images only */
1942 file_system_partition
->base
= ALIGN(firmware_partition
->base
+ kernel
.st_size
, 0x10000);
1944 file_system_partition
->size
= firmware_partition
->size
- file_system_partition
->base
;
1946 os_image_partition
->name
= "os-image";
1947 os_image_partition
->size
= kernel
.st_size
;
1950 parts
[0] = make_partition_table(info
->partitions
);
1952 parts
[1] = make_soft_version_from_string(info
->soft_ver
);
1954 parts
[1] = make_soft_version(rev
);
1956 parts
[2] = make_support_list(info
);
1957 parts
[3] = read_file("os-image", kernel_image
, false, NULL
);
1958 parts
[4] = read_file("file-system", rootfs_image
, add_jffs2_eof
, file_system_partition
);
1960 /* Some devices need the extra-para partition to accept the firmware */
1961 if (strcasecmp(info
->id
, "ARCHER-C2-V3") == 0 ||
1962 strcasecmp(info
->id
, "ARCHER-C25-V1") == 0 ||
1963 strcasecmp(info
->id
, "ARCHER-C59-V2") == 0 ||
1964 strcasecmp(info
->id
, "ARCHER-C60-V2") == 0 ||
1965 strcasecmp(info
->id
, "TLWR1043NV5") == 0) {
1966 const char mdat
[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1967 parts
[5] = put_data("extra-para", mdat
, 11);
1968 } else if (strcasecmp(info
->id
, "ARCHER-A7-V5") == 0 || strcasecmp(info
->id
, "ARCHER-C7-V4") == 0 || strcasecmp(info
->id
, "ARCHER-C7-V5") == 0) {
1969 const char mdat
[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1970 parts
[5] = put_data("extra-para", mdat
, 11);
1971 } else if (strcasecmp(info
->id
, "ARCHER-C6-V2") == 0) {
1972 const char mdat
[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00};
1973 parts
[5] = put_data("extra-para", mdat
, 11);
1979 image
= generate_sysupgrade_image(info
, parts
, &len
);
1981 image
= generate_factory_image(info
, parts
, &len
);
1983 FILE *file
= fopen(output
, "wb");
1985 error(1, errno
, "unable to open output file");
1987 if (fwrite(image
, len
, 1, file
) != 1)
1988 error(1, 0, "unable to write output file");
1994 for (i
= 0; parts
[i
].name
; i
++)
1995 free_image_partition(parts
[i
]);
1999 static void usage(const char *argv0
) {
2001 "Usage: %s [OPTIONS...]\n"
2004 " -h show this help\n"
2006 "Create a new image:\n"
2007 " -B <board> create image for the board specified with <board>\n"
2008 " -k <file> read kernel image from the file <file>\n"
2009 " -r <file> read rootfs image from the file <file>\n"
2010 " -o <file> write output to the file <file>\n"
2011 " -V <rev> sets the revision number to <rev>\n"
2012 " -j add jffs2 end-of-filesystem markers\n"
2013 " -S create sysupgrade instead of factory image\n"
2014 "Extract an old image:\n"
2015 " -x <file> extract all oem firmware partition\n"
2016 " -d <dir> destination to extract the firmware partition\n"
2017 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
2023 static struct device_info
*find_board(const char *id
)
2025 struct device_info
*board
= NULL
;
2027 for (board
= boards
; board
->id
!= NULL
; board
++)
2028 if (strcasecmp(id
, board
->id
) == 0)
2034 static int add_flash_partition(
2035 struct flash_partition_entry
*part_list
,
2042 /* check if the list has a free entry */
2043 for (ptr
= 0; ptr
< max_entries
; ptr
++, part_list
++) {
2044 if (part_list
->name
== NULL
&&
2045 part_list
->base
== 0 &&
2046 part_list
->size
== 0)
2050 if (ptr
== max_entries
) {
2051 error(1, 0, "No free flash part entry available.");
2054 part_list
->name
= calloc(1, strlen(name
) + 1);
2055 if (!part_list
->name
) {
2056 error(1, 0, "Unable to allocate memory");
2059 memcpy((char *)part_list
->name
, name
, strlen(name
));
2060 part_list
->base
= base
;
2061 part_list
->size
= size
;
2066 /** read the partition table into struct flash_partition_entry */
2067 static int read_partition_table(
2068 FILE *file
, long offset
,
2069 struct flash_partition_entry
*entries
, size_t max_entries
,
2074 const char *parthdr
= NULL
;
2075 const char *fwuphdr
= "fwup-ptn";
2076 const char *flashhdr
= "partition";
2078 /* TODO: search for the partition table */
2088 error(1, 0, "Invalid partition table");
2091 if (fseek(file
, offset
, SEEK_SET
) < 0)
2092 error(1, errno
, "Can not seek in the firmware");
2094 if (fread(buf
, 1, 2048, file
) < 0)
2095 error(1, errno
, "Can not read fwup-ptn from the firmware");
2099 /* look for the partition header */
2100 if (memcmp(buf
, parthdr
, strlen(parthdr
)) != 0) {
2101 fprintf(stderr
, "DEBUG: can not find fwuphdr\n");
2106 end
= buf
+ sizeof(buf
);
2107 while ((ptr
+ strlen(parthdr
)) < end
&&
2108 memcmp(ptr
, parthdr
, strlen(parthdr
)) == 0) {
2112 char name
[32] = { 0 };
2114 unsigned long base
= 0;
2115 unsigned long size
= 0;
2117 end_part
= memchr(ptr
, '\n', (end
- ptr
));
2118 if (end_part
== NULL
) {
2119 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
2123 for (int i
= 0; i
<= 4; i
++) {
2124 if (end_part
<= ptr
)
2127 end_element
= memchr(ptr
, 0x20, (end_part
- ptr
));
2128 if (end_element
== NULL
) {
2129 error(1, errno
, "Ignoring the rest of the partition entries.");
2134 /* partition header */
2136 ptr
= end_element
+ 1;
2140 name_len
= (end_element
- ptr
) > 31 ? 31 : (end_element
- ptr
);
2141 strncpy(name
, ptr
, name_len
);
2142 name
[name_len
] = '\0';
2143 ptr
= end_element
+ 1;
2148 ptr
= end_element
+ 1;
2153 base
= strtoul(ptr
, NULL
, 16);
2154 ptr
= end_element
+ 1;
2159 ptr
= end_element
+ 1;
2160 /* actual size. The last element doesn't have a sepeartor */
2161 size
= strtoul(ptr
, NULL
, 16);
2162 /* the part ends with 0x09, 0x0d, 0x0a */
2164 add_flash_partition(entries
, max_entries
, name
, base
, size
);
2173 static void write_partition(
2175 size_t firmware_offset
,
2176 struct flash_partition_entry
*entry
,
2182 fseek(input_file
, entry
->base
+ firmware_offset
, SEEK_SET
);
2184 for (offset
= 0; sizeof(buf
) + offset
<= entry
->size
; offset
+= sizeof(buf
)) {
2185 if (fread(buf
, sizeof(buf
), 1, input_file
) < 0)
2186 error(1, errno
, "Can not read partition from input_file");
2188 if (fwrite(buf
, sizeof(buf
), 1, output_file
) < 0)
2189 error(1, errno
, "Can not write partition to output_file");
2191 /* write last chunk smaller than buffer */
2192 if (offset
< entry
->size
) {
2193 offset
= entry
->size
- offset
;
2194 if (fread(buf
, offset
, 1, input_file
) < 0)
2195 error(1, errno
, "Can not read partition from input_file");
2196 if (fwrite(buf
, offset
, 1, output_file
) < 0)
2197 error(1, errno
, "Can not write partition to output_file");
2201 static int extract_firmware_partition(FILE *input_file
, size_t firmware_offset
, struct flash_partition_entry
*entry
, const char *output_directory
)
2204 char output
[PATH_MAX
];
2206 snprintf(output
, PATH_MAX
, "%s/%s", output_directory
, entry
->name
);
2207 output_file
= fopen(output
, "wb+");
2208 if (output_file
== NULL
) {
2209 error(1, errno
, "Can not open output file %s", output
);
2212 write_partition(input_file
, firmware_offset
, entry
, output_file
);
2214 fclose(output_file
);
2219 /** extract all partitions from the firmware file */
2220 static int extract_firmware(const char *input
, const char *output_directory
)
2222 struct flash_partition_entry entries
[16] = { 0 };
2223 size_t max_entries
= 16;
2224 size_t firmware_offset
= 0x1014;
2227 struct stat statbuf
;
2229 /* check input file */
2230 if (stat(input
, &statbuf
)) {
2231 error(1, errno
, "Can not read input firmware %s", input
);
2234 /* check if output directory exists */
2235 if (stat(output_directory
, &statbuf
)) {
2236 error(1, errno
, "Failed to stat output directory %s", output_directory
);
2239 if ((statbuf
.st_mode
& S_IFMT
) != S_IFDIR
) {
2240 error(1, errno
, "Given output directory is not a directory %s", output_directory
);
2243 input_file
= fopen(input
, "rb");
2245 if (read_partition_table(input_file
, firmware_offset
, entries
, 16, 0) != 0) {
2246 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2249 for (int i
= 0; i
< max_entries
; i
++) {
2250 if (entries
[i
].name
== NULL
&&
2251 entries
[i
].base
== 0 &&
2252 entries
[i
].size
== 0)
2255 extract_firmware_partition(input_file
, firmware_offset
, &entries
[i
], output_directory
);
2261 static struct flash_partition_entry
*find_partition(
2262 struct flash_partition_entry
*entries
, size_t max_entries
,
2263 const char *name
, const char *error_msg
)
2265 for (int i
= 0; i
< max_entries
; i
++, entries
++) {
2266 if (strcmp(entries
->name
, name
) == 0)
2270 error(1, 0, "%s", error_msg
);
2274 static void write_ff(FILE *output_file
, size_t size
)
2279 memset(buf
, 0xff, sizeof(buf
));
2281 for (offset
= 0; offset
+ sizeof(buf
) < size
; offset
+= sizeof(buf
)) {
2282 if (fwrite(buf
, sizeof(buf
), 1, output_file
) < 0)
2283 error(1, errno
, "Can not write 0xff to output_file");
2286 /* write last chunk smaller than buffer */
2287 if (offset
< size
) {
2288 offset
= size
- offset
;
2289 if (fwrite(buf
, offset
, 1, output_file
) < 0)
2290 error(1, errno
, "Can not write partition to output_file");
2294 static void convert_firmware(const char *input
, const char *output
)
2296 struct flash_partition_entry fwup
[MAX_PARTITIONS
] = { 0 };
2297 struct flash_partition_entry flash
[MAX_PARTITIONS
] = { 0 };
2298 struct flash_partition_entry
*fwup_os_image
= NULL
, *fwup_file_system
= NULL
;
2299 struct flash_partition_entry
*flash_os_image
= NULL
, *flash_file_system
= NULL
;
2300 struct flash_partition_entry
*fwup_partition_table
= NULL
;
2301 size_t firmware_offset
= 0x1014;
2302 FILE *input_file
, *output_file
;
2304 struct stat statbuf
;
2306 /* check input file */
2307 if (stat(input
, &statbuf
)) {
2308 error(1, errno
, "Can not read input firmware %s", input
);
2311 input_file
= fopen(input
, "rb");
2313 error(1, 0, "Can not open input firmware %s", input
);
2315 output_file
= fopen(output
, "wb");
2317 error(1, 0, "Can not open output firmware %s", output
);
2319 if (read_partition_table(input_file
, firmware_offset
, fwup
, MAX_PARTITIONS
, 0) != 0) {
2320 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2323 fwup_os_image
= find_partition(fwup
, MAX_PARTITIONS
,
2324 "os-image", "Error can not find os-image partition (fwup)");
2325 fwup_file_system
= find_partition(fwup
, MAX_PARTITIONS
,
2326 "file-system", "Error can not find file-system partition (fwup)");
2327 fwup_partition_table
= find_partition(fwup
, MAX_PARTITIONS
,
2328 "partition-table", "Error can not find partition-table partition");
2330 /* the flash partition table has a 0x00000004 magic haeder */
2331 if (read_partition_table(input_file
, firmware_offset
+ fwup_partition_table
->base
+ 4, flash
, MAX_PARTITIONS
, 1) != 0)
2332 error(1, 0, "Error can not read the partition table (flash)");
2334 flash_os_image
= find_partition(flash
, MAX_PARTITIONS
,
2335 "os-image", "Error can not find os-image partition (flash)");
2336 flash_file_system
= find_partition(flash
, MAX_PARTITIONS
,
2337 "file-system", "Error can not find file-system partition (flash)");
2339 /* write os_image to 0x0 */
2340 write_partition(input_file
, firmware_offset
, fwup_os_image
, output_file
);
2341 write_ff(output_file
, flash_os_image
->size
- fwup_os_image
->size
);
2343 /* write file-system behind os_image */
2344 fseek(output_file
, flash_file_system
->base
- flash_os_image
->base
, SEEK_SET
);
2345 write_partition(input_file
, firmware_offset
, fwup_file_system
, output_file
);
2346 write_ff(output_file
, flash_file_system
->size
- fwup_file_system
->size
);
2348 fclose(output_file
);
2352 int main(int argc
, char *argv
[]) {
2353 const char *board
= NULL
, *kernel_image
= NULL
, *rootfs_image
= NULL
, *output
= NULL
;
2354 const char *extract_image
= NULL
, *output_directory
= NULL
, *convert_image
= NULL
;
2355 bool add_jffs2_eof
= false, sysupgrade
= false;
2357 struct device_info
*info
;
2358 set_source_date_epoch();
2363 c
= getopt(argc
, argv
, "B:k:r:o:V:jSh:x:d:z:");
2373 kernel_image
= optarg
;
2377 rootfs_image
= optarg
;
2385 sscanf(optarg
, "r%u", &rev
);
2389 add_jffs2_eof
= true;
2401 output_directory
= optarg
;
2405 extract_image
= optarg
;
2409 convert_image
= optarg
;
2418 if (extract_image
|| output_directory
) {
2420 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2421 if (!output_directory
)
2422 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2423 extract_firmware(extract_image
, output_directory
);
2424 } else if (convert_image
) {
2426 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2427 convert_firmware(convert_image
, output
);
2430 error(1, 0, "no board has been specified");
2432 error(1, 0, "no kernel image has been specified");
2434 error(1, 0, "no rootfs image has been specified");
2436 error(1, 0, "no output filename has been specified");
2438 info
= find_board(board
);
2441 error(1, 0, "unsupported board %s", board
);
2443 build_image(output
, kernel_image
, rootfs_image
, rev
, add_jffs2_eof
, sysupgrade
, info
);