2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
45 #include <arpa/inet.h>
47 #include <sys/types.h>
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
57 #define MAX_PARTITIONS 32
59 /** An image partition table entry */
60 struct image_partition_entry
{
66 /** A flash partition table entry */
67 struct flash_partition_entry
{
73 /** Firmware layout description */
77 const char *support_list
;
80 struct flash_partition_entry partitions
[MAX_PARTITIONS
+1];
81 const char *first_sysupgrade_partition
;
82 const char *last_sysupgrade_partition
;
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__
)) soft_version
{
90 uint8_t version_major
;
91 uint8_t version_minor
;
92 uint8_t version_patch
;
102 static const uint8_t jffs2_eof_mark
[4] = {0xde, 0xad, 0xc0, 0xde};
106 Salt for the MD5 hash
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
111 static const uint8_t md5_salt
[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
119 /** Firmware layout table */
120 static struct device_info boards
[] = {
121 /** Firmware layout for the CPE210/220 */
124 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail
= '\xff',
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
154 .first_sysupgrade_partition
= "os-image",
155 .last_sysupgrade_partition
= "support-list",
158 /** Firmware layout for the CPE210 V2 */
161 .vendor
= "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail
= '\xff',
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"firmware", 0x40000, 0x770000},
186 {"soft-version", 0x7b0000, 0x00100},
187 {"support-list", 0x7b1000, 0x01000},
188 {"user-config", 0x7c0000, 0x10000},
189 {"default-config", 0x7d0000, 0x10000},
190 {"log", 0x7e0000, 0x10000},
191 {"radio", 0x7f0000, 0x10000},
195 .first_sysupgrade_partition
= "os-image",
196 .last_sysupgrade_partition
= "support-list",
199 /** Firmware layout for the CPE210 V3 */
202 .vendor
= "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n",
205 "CPE210(TP-LINK|EU|N300-2|45550000):3.0\r\n"
206 "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n"
207 "CPE210(TP-LINK|UN|N300-2):3.0\r\n"
208 "CPE210(TP-LINK|EU|N300-2):3.0\r\n",
209 .support_trail
= '\xff',
213 {"fs-uboot", 0x00000, 0x20000},
214 {"partition-table", 0x20000, 0x01000},
215 {"default-mac", 0x30000, 0x00020},
216 {"product-info", 0x31100, 0x00100},
217 {"device-info", 0x31400, 0x00400},
218 {"signature", 0x32000, 0x00400},
219 {"device-id", 0x33000, 0x00100},
220 {"firmware", 0x40000, 0x770000},
221 {"soft-version", 0x7b0000, 0x00100},
222 {"support-list", 0x7b1000, 0x01000},
223 {"user-config", 0x7c0000, 0x10000},
224 {"default-config", 0x7d0000, 0x10000},
225 {"log", 0x7e0000, 0x10000},
226 {"radio", 0x7f0000, 0x10000},
230 .first_sysupgrade_partition
= "os-image",
231 .last_sysupgrade_partition
= "support-list",
234 /** Firmware layout for the CPE510/520 */
237 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
240 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
241 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
242 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
243 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
244 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
245 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
246 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
247 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
248 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
249 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
250 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
251 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
252 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
253 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
254 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
255 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
256 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
257 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
258 .support_trail
= '\xff',
262 {"fs-uboot", 0x00000, 0x20000},
263 {"partition-table", 0x20000, 0x02000},
264 {"default-mac", 0x30000, 0x00020},
265 {"product-info", 0x31100, 0x00100},
266 {"signature", 0x32000, 0x00400},
267 {"os-image", 0x40000, 0x1c0000},
268 {"file-system", 0x200000, 0x5b0000},
269 {"soft-version", 0x7b0000, 0x00100},
270 {"support-list", 0x7b1000, 0x00400},
271 {"user-config", 0x7c0000, 0x10000},
272 {"default-config", 0x7d0000, 0x10000},
273 {"log", 0x7e0000, 0x10000},
274 {"radio", 0x7f0000, 0x10000},
278 .first_sysupgrade_partition
= "os-image",
279 .last_sysupgrade_partition
= "support-list",
284 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
287 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
288 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
289 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
290 .support_trail
= '\xff',
294 {"fs-uboot", 0x00000, 0x20000},
295 {"partition-table", 0x20000, 0x02000},
296 {"default-mac", 0x30000, 0x00020},
297 {"product-info", 0x31100, 0x00100},
298 {"signature", 0x32000, 0x00400},
299 {"os-image", 0x40000, 0x1c0000},
300 {"file-system", 0x200000, 0x5b0000},
301 {"soft-version", 0x7b0000, 0x00100},
302 {"support-list", 0x7b1000, 0x00400},
303 {"user-config", 0x7c0000, 0x10000},
304 {"default-config", 0x7d0000, 0x10000},
305 {"log", 0x7e0000, 0x10000},
306 {"radio", 0x7f0000, 0x10000},
310 .first_sysupgrade_partition
= "os-image",
311 .last_sysupgrade_partition
= "support-list",
316 .vendor
= "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
319 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
320 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
321 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
322 .support_trail
= '\xff',
326 {"fs-uboot", 0x00000, 0x20000},
327 {"partition-table", 0x20000, 0x02000},
328 {"default-mac", 0x30000, 0x00020},
329 {"product-info", 0x31100, 0x00100},
330 {"signature", 0x32000, 0x00400},
331 {"os-image", 0x40000, 0x1c0000},
332 {"file-system", 0x200000, 0x5b0000},
333 {"soft-version", 0x7b0000, 0x00100},
334 {"support-list", 0x7b1000, 0x00400},
335 {"user-config", 0x7c0000, 0x10000},
336 {"default-config", 0x7d0000, 0x10000},
337 {"log", 0x7e0000, 0x10000},
338 {"radio", 0x7f0000, 0x10000},
342 .first_sysupgrade_partition
= "os-image",
343 .last_sysupgrade_partition
= "support-list",
346 /** Firmware layout for the C2600 */
352 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
353 .support_trail
= '\x00',
357 We use a bigger os-image partition than the stock images (and thus
358 smaller file-system), as our kernel doesn't fit in the stock firmware's
359 2 MB os-image since kernel 4.14.
362 {"SBL1", 0x00000, 0x20000},
363 {"MIBIB", 0x20000, 0x20000},
364 {"SBL2", 0x40000, 0x20000},
365 {"SBL3", 0x60000, 0x30000},
366 {"DDRCONFIG", 0x90000, 0x10000},
367 {"SSD", 0xa0000, 0x10000},
368 {"TZ", 0xb0000, 0x30000},
369 {"RPM", 0xe0000, 0x20000},
370 {"fs-uboot", 0x100000, 0x70000},
371 {"uboot-env", 0x170000, 0x40000},
372 {"radio", 0x1b0000, 0x40000},
373 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
374 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
375 {"default-mac", 0x1ef0000, 0x00200},
376 {"pin", 0x1ef0200, 0x00200},
377 {"product-info", 0x1ef0400, 0x0fc00},
378 {"partition-table", 0x1f00000, 0x10000},
379 {"soft-version", 0x1f10000, 0x10000},
380 {"support-list", 0x1f20000, 0x10000},
381 {"profile", 0x1f30000, 0x10000},
382 {"default-config", 0x1f40000, 0x10000},
383 {"user-config", 0x1f50000, 0x40000},
384 {"qos-db", 0x1f90000, 0x40000},
385 {"usb-config", 0x1fd0000, 0x10000},
386 {"log", 0x1fe0000, 0x20000},
390 .first_sysupgrade_partition
= "os-image",
391 .last_sysupgrade_partition
= "file-system"
394 /** Firmware layout for the A7-V5 */
396 .id
= "ARCHER-A7-V5",
399 "{product_name:Archer A7,product_ver:5.0.0,special_id:45550000}\n"
400 "{product_name:Archer A7,product_ver:5.0.0,special_id:55530000}\n"
401 "{product_name:Archer A7,product_ver:5.0.0,special_id:43410000}\n"
402 "{product_name:Archer A7,product_ver:5.0.0,special_id:4A500000}\n"
403 "{product_name:Archer A7,product_ver:5.0.0,special_id:54570000}\n",
404 .support_trail
= '\x00',
405 .soft_ver
= "soft_ver:1.0.0\n",
407 /* We're using a dynamic kernel/rootfs split here */
409 {"factory-boot", 0x00000, 0x20000},
410 {"fs-uboot", 0x20000, 0x20000},
411 {"firmware", 0x40000, 0xec0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
412 /* Stock: name file-system base 0x160000 size 0xda0000 */
413 {"default-mac", 0xf40000, 0x00200},
414 {"pin", 0xf40200, 0x00200},
415 {"device-id", 0xf40400, 0x00100},
416 {"product-info", 0xf40500, 0x0fb00},
417 {"soft-version", 0xf50000, 0x00100},
418 {"extra-para", 0xf51000, 0x01000},
419 {"support-list", 0xf52000, 0x0a000},
420 {"profile", 0xf5c000, 0x04000},
421 {"default-config", 0xf60000, 0x10000},
422 {"user-config", 0xf70000, 0x40000},
423 {"certificate", 0xfb0000, 0x10000},
424 {"partition-table", 0xfc0000, 0x10000},
425 {"log", 0xfd0000, 0x20000},
426 {"radio", 0xff0000, 0x10000},
430 .first_sysupgrade_partition
= "os-image",
431 .last_sysupgrade_partition
= "file-system",
434 /** Firmware layout for the C2v3 */
436 .id
= "ARCHER-C2-V3",
439 "{product_name:ArcherC2,product_ver:3.0.0,special_id:00000000}\n"
440 "{product_name:ArcherC2,product_ver:3.0.0,special_id:55530000}\n"
441 "{product_name:ArcherC2,product_ver:3.0.0,special_id:45550000}\n",
442 .support_trail
= '\x00',
443 .soft_ver
= "soft_ver:3.0.1\n",
445 /** We're using a dynamic kernel/rootfs split here */
448 {"factory-boot", 0x00000, 0x20000},
449 {"fs-uboot", 0x20000, 0x10000},
450 {"firmware", 0x30000, 0x7a0000},
451 {"user-config", 0x7d0000, 0x04000},
452 {"default-mac", 0x7e0000, 0x00100},
453 {"device-id", 0x7e0100, 0x00100},
454 {"extra-para", 0x7e0200, 0x00100},
455 {"pin", 0x7e0300, 0x00100},
456 {"support-list", 0x7e0400, 0x00400},
457 {"soft-version", 0x7e0800, 0x00400},
458 {"product-info", 0x7e0c00, 0x01400},
459 {"partition-table", 0x7e2000, 0x01000},
460 {"profile", 0x7e3000, 0x01000},
461 {"default-config", 0x7e4000, 0x04000},
462 {"merge-config", 0x7ec000, 0x02000},
463 {"qos-db", 0x7ee000, 0x02000},
464 {"radio", 0x7f0000, 0x10000},
468 .first_sysupgrade_partition
= "os-image",
469 .last_sysupgrade_partition
= "file-system",
472 /** Firmware layout for the C25v1 */
474 .id
= "ARCHER-C25-V1",
477 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
478 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
479 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
480 .support_trail
= '\x00',
481 .soft_ver
= "soft_ver:1.0.0\n",
483 /* We're using a dynamic kernel/rootfs split here */
485 {"factory-boot", 0x00000, 0x20000},
486 {"fs-uboot", 0x20000, 0x10000},
487 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
488 /* Stock: name file-system base 0x130000 size 0x6a0000 */
489 {"user-config", 0x7d0000, 0x04000},
490 {"default-mac", 0x7e0000, 0x00100},
491 {"device-id", 0x7e0100, 0x00100},
492 {"extra-para", 0x7e0200, 0x00100},
493 {"pin", 0x7e0300, 0x00100},
494 {"support-list", 0x7e0400, 0x00400},
495 {"soft-version", 0x7e0800, 0x00400},
496 {"product-info", 0x7e0c00, 0x01400},
497 {"partition-table", 0x7e2000, 0x01000},
498 {"profile", 0x7e3000, 0x01000},
499 {"default-config", 0x7e4000, 0x04000},
500 {"merge-config", 0x7ec000, 0x02000},
501 {"qos-db", 0x7ee000, 0x02000},
502 {"radio", 0x7f0000, 0x10000},
506 .first_sysupgrade_partition
= "os-image",
507 .last_sysupgrade_partition
= "file-system",
510 /** Firmware layout for the C58v1 */
512 .id
= "ARCHER-C58-V1",
516 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
517 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
518 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
519 .support_trail
= '\x00',
520 .soft_ver
= "soft_ver:1.0.0\n",
523 {"fs-uboot", 0x00000, 0x10000},
524 {"default-mac", 0x10000, 0x00200},
525 {"pin", 0x10200, 0x00200},
526 {"product-info", 0x10400, 0x00100},
527 {"partition-table", 0x10500, 0x00800},
528 {"soft-version", 0x11300, 0x00200},
529 {"support-list", 0x11500, 0x00100},
530 {"device-id", 0x11600, 0x00100},
531 {"profile", 0x11700, 0x03900},
532 {"default-config", 0x15000, 0x04000},
533 {"user-config", 0x19000, 0x04000},
534 {"firmware", 0x20000, 0x7c8000},
535 {"certyficate", 0x7e8000, 0x08000},
536 {"radio", 0x7f0000, 0x10000},
540 .first_sysupgrade_partition
= "os-image",
541 .last_sysupgrade_partition
= "file-system",
544 /** Firmware layout for the C59v1 */
546 .id
= "ARCHER-C59-V1",
550 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
551 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
552 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
553 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
554 .support_trail
= '\x00',
555 .soft_ver
= "soft_ver:1.0.0\n",
557 /* We're using a dynamic kernel/rootfs split here */
559 {"fs-uboot", 0x00000, 0x10000},
560 {"default-mac", 0x10000, 0x00200},
561 {"pin", 0x10200, 0x00200},
562 {"device-id", 0x10400, 0x00100},
563 {"product-info", 0x10500, 0x0fb00},
564 {"firmware", 0x20000, 0xe30000},
565 {"partition-table", 0xe50000, 0x10000},
566 {"soft-version", 0xe60000, 0x10000},
567 {"support-list", 0xe70000, 0x10000},
568 {"profile", 0xe80000, 0x10000},
569 {"default-config", 0xe90000, 0x10000},
570 {"user-config", 0xea0000, 0x40000},
571 {"usb-config", 0xee0000, 0x10000},
572 {"certificate", 0xef0000, 0x10000},
573 {"qos-db", 0xf00000, 0x40000},
574 {"log", 0xfe0000, 0x10000},
575 {"radio", 0xff0000, 0x10000},
579 .first_sysupgrade_partition
= "os-image",
580 .last_sysupgrade_partition
= "file-system",
583 /** Firmware layout for the C59v2 */
585 .id
= "ARCHER-C59-V2",
589 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
590 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
591 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
592 .support_trail
= '\x00',
593 .soft_ver
= "soft_ver:2.0.0 Build 20161206 rel.7303\n",
595 /** We're using a dynamic kernel/rootfs split here */
597 {"factory-boot", 0x00000, 0x20000},
598 {"fs-uboot", 0x20000, 0x10000},
599 {"default-mac", 0x30000, 0x00200},
600 {"pin", 0x30200, 0x00200},
601 {"device-id", 0x30400, 0x00100},
602 {"product-info", 0x30500, 0x0fb00},
603 {"firmware", 0x40000, 0xe10000},
604 {"partition-table", 0xe50000, 0x10000},
605 {"soft-version", 0xe60000, 0x10000},
606 {"support-list", 0xe70000, 0x10000},
607 {"profile", 0xe80000, 0x10000},
608 {"default-config", 0xe90000, 0x10000},
609 {"user-config", 0xea0000, 0x40000},
610 {"usb-config", 0xee0000, 0x10000},
611 {"certificate", 0xef0000, 0x10000},
612 {"extra-para", 0xf00000, 0x10000},
613 {"qos-db", 0xf10000, 0x30000},
614 {"log", 0xfe0000, 0x10000},
615 {"radio", 0xff0000, 0x10000},
619 .first_sysupgrade_partition
= "os-image",
620 .last_sysupgrade_partition
= "file-system",
623 /** Firmware layout for the C6v2 */
625 .id
= "ARCHER-C6-V2",
629 "{product_name:Archer C6,product_ver:2.0.0,special_id:45550000}\r\n"
630 "{product_name:Archer C6,product_ver:2.0.0,special_id:52550000}\r\n"
631 "{product_name:Archer C6,product_ver:2.0.0,special_id:4A500000}\r\n",
632 .support_trail
= '\x00',
633 .soft_ver
= "soft_ver:1.0.0\n",
636 {"fs-uboot", 0x00000, 0x20000},
637 {"default-mac", 0x20000, 0x00200},
638 {"pin", 0x20200, 0x00100},
639 {"product-info", 0x20300, 0x00200},
640 {"device-id", 0x20500, 0x0fb00},
641 {"firmware", 0x30000, 0x7a9400},
642 {"soft-version", 0x7d9400, 0x00100},
643 {"extra-para", 0x7d9500, 0x00100},
644 {"support-list", 0x7d9600, 0x00200},
645 {"profile", 0x7d9800, 0x03000},
646 {"default-config", 0x7dc800, 0x03000},
647 {"partition-table", 0x7df800, 0x00800},
648 {"user-config", 0x7e0000, 0x0c000},
649 {"certificate", 0x7ec000, 0x04000},
650 {"radio", 0x7f0000, 0x10000},
654 .first_sysupgrade_partition
= "os-image",
655 .last_sysupgrade_partition
= "file-system",
659 /** Firmware layout for the C60v1 */
661 .id
= "ARCHER-C60-V1",
665 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
666 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
667 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
668 .support_trail
= '\x00',
669 .soft_ver
= "soft_ver:1.0.0\n",
672 {"fs-uboot", 0x00000, 0x10000},
673 {"default-mac", 0x10000, 0x00200},
674 {"pin", 0x10200, 0x00200},
675 {"product-info", 0x10400, 0x00100},
676 {"partition-table", 0x10500, 0x00800},
677 {"soft-version", 0x11300, 0x00200},
678 {"support-list", 0x11500, 0x00100},
679 {"device-id", 0x11600, 0x00100},
680 {"profile", 0x11700, 0x03900},
681 {"default-config", 0x15000, 0x04000},
682 {"user-config", 0x19000, 0x04000},
683 {"firmware", 0x20000, 0x7c8000},
684 {"certyficate", 0x7e8000, 0x08000},
685 {"radio", 0x7f0000, 0x10000},
689 .first_sysupgrade_partition
= "os-image",
690 .last_sysupgrade_partition
= "file-system",
693 /** Firmware layout for the C60v2 */
695 .id
= "ARCHER-C60-V2",
699 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
700 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
701 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
702 .support_trail
= '\x00',
703 .soft_ver
= "soft_ver:2.0.0\n",
706 {"factory-boot", 0x00000, 0x1fb00},
707 {"default-mac", 0x1fb00, 0x00200},
708 {"pin", 0x1fd00, 0x00100},
709 {"product-info", 0x1fe00, 0x00100},
710 {"device-id", 0x1ff00, 0x00100},
711 {"fs-uboot", 0x20000, 0x10000},
712 {"firmware", 0x30000, 0x7a0000},
713 {"soft-version", 0x7d9500, 0x00100},
714 {"support-list", 0x7d9600, 0x00100},
715 {"extra-para", 0x7d9700, 0x00100},
716 {"profile", 0x7d9800, 0x03000},
717 {"default-config", 0x7dc800, 0x03000},
718 {"partition-table", 0x7df800, 0x00800},
719 {"user-config", 0x7e0000, 0x0c000},
720 {"certificate", 0x7ec000, 0x04000},
721 {"radio", 0x7f0000, 0x10000},
725 .first_sysupgrade_partition
= "os-image",
726 .last_sysupgrade_partition
= "file-system",
729 /** Firmware layout for the C5 */
731 .id
= "ARCHER-C5-V2",
735 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
736 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
737 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
738 .support_trail
= '\x00',
742 {"fs-uboot", 0x00000, 0x40000},
743 {"os-image", 0x40000, 0x200000},
744 {"file-system", 0x240000, 0xc00000},
745 {"default-mac", 0xe40000, 0x00200},
746 {"pin", 0xe40200, 0x00200},
747 {"product-info", 0xe40400, 0x00200},
748 {"partition-table", 0xe50000, 0x10000},
749 {"soft-version", 0xe60000, 0x00200},
750 {"support-list", 0xe61000, 0x0f000},
751 {"profile", 0xe70000, 0x10000},
752 {"default-config", 0xe80000, 0x10000},
753 {"user-config", 0xe90000, 0x50000},
754 {"log", 0xee0000, 0x100000},
755 {"radio_bk", 0xfe0000, 0x10000},
756 {"radio", 0xff0000, 0x10000},
760 .first_sysupgrade_partition
= "os-image",
761 .last_sysupgrade_partition
= "file-system"
764 /** Firmware layout for the C7 */
766 .id
= "ARCHER-C7-V4",
769 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
770 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
771 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
772 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
773 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
774 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
775 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
776 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
777 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
778 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
779 .support_trail
= '\x00',
780 .soft_ver
= "soft_ver:1.0.0\n",
782 /* We're using a dynamic kernel/rootfs split here */
784 {"factory-boot", 0x00000, 0x20000},
785 {"fs-uboot", 0x20000, 0x20000},
786 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
787 /* Stock: name file-system base 0x160000 size 0xda0000 */
788 {"default-mac", 0xf00000, 0x00200},
789 {"pin", 0xf00200, 0x00200},
790 {"device-id", 0xf00400, 0x00100},
791 {"product-info", 0xf00500, 0x0fb00},
792 {"soft-version", 0xf10000, 0x00100},
793 {"extra-para", 0xf11000, 0x01000},
794 {"support-list", 0xf12000, 0x0a000},
795 {"profile", 0xf1c000, 0x04000},
796 {"default-config", 0xf20000, 0x10000},
797 {"user-config", 0xf30000, 0x40000},
798 {"qos-db", 0xf70000, 0x40000},
799 {"certificate", 0xfb0000, 0x10000},
800 {"partition-table", 0xfc0000, 0x10000},
801 {"log", 0xfd0000, 0x20000},
802 {"radio", 0xff0000, 0x10000},
806 .first_sysupgrade_partition
= "os-image",
807 .last_sysupgrade_partition
= "file-system",
810 /** Firmware layout for the C7 v5*/
812 .id
= "ARCHER-C7-V5",
815 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
816 "{product_name:Archer C7,product_ver:5.0.0,special_id:45550000}\n"
817 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n"
818 "{product_name:Archer C7,product_ver:5.0.0,special_id:43410000}\n"
819 "{product_name:Archer C7,product_ver:5.0.0,special_id:4A500000}\n"
820 "{product_name:Archer C7,product_ver:5.0.0,special_id:54570000}\n"
821 "{product_name:Archer C7,product_ver:5.0.0,special_id:52550000}\n"
822 "{product_name:Archer C7,product_ver:5.0.0,special_id:4B520000}\n",
824 .support_trail
= '\x00',
825 .soft_ver
= "soft_ver:1.0.0\n",
827 /* We're using a dynamic kernel/rootfs split here */
829 {"factory-boot", 0x00000, 0x20000},
830 {"fs-uboot", 0x20000, 0x20000},
831 {"partition-table", 0x40000, 0x10000},
832 {"radio", 0x50000, 0x10000},
833 {"default-mac", 0x60000, 0x00200},
834 {"pin", 0x60200, 0x00200},
835 {"device-id", 0x60400, 0x00100},
836 {"product-info", 0x60500, 0x0fb00},
837 {"soft-version", 0x70000, 0x01000},
838 {"extra-para", 0x71000, 0x01000},
839 {"support-list", 0x72000, 0x0a000},
840 {"profile", 0x7c000, 0x04000},
841 {"user-config", 0x80000, 0x40000},
844 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
845 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
847 {"log", 0xfc0000, 0x20000},
848 {"certificate", 0xfe0000, 0x10000},
849 {"default-config", 0xff0000, 0x10000},
854 .first_sysupgrade_partition
= "os-image",
855 .last_sysupgrade_partition
= "file-system",
858 /** Firmware layout for the C9 */
864 "{product_name:ArcherC9,"
866 "special_id:00000000}\n",
867 .support_trail
= '\x00',
871 {"fs-uboot", 0x00000, 0x40000},
872 {"os-image", 0x40000, 0x200000},
873 {"file-system", 0x240000, 0xc00000},
874 {"default-mac", 0xe40000, 0x00200},
875 {"pin", 0xe40200, 0x00200},
876 {"product-info", 0xe40400, 0x00200},
877 {"partition-table", 0xe50000, 0x10000},
878 {"soft-version", 0xe60000, 0x00200},
879 {"support-list", 0xe61000, 0x0f000},
880 {"profile", 0xe70000, 0x10000},
881 {"default-config", 0xe80000, 0x10000},
882 {"user-config", 0xe90000, 0x50000},
883 {"log", 0xee0000, 0x100000},
884 {"radio_bk", 0xfe0000, 0x10000},
885 {"radio", 0xff0000, 0x10000},
889 .first_sysupgrade_partition
= "os-image",
890 .last_sysupgrade_partition
= "file-system"
893 /** Firmware layout for the EAP120 */
896 .vendor
= "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
899 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
900 .support_trail
= '\xff',
904 {"fs-uboot", 0x00000, 0x20000},
905 {"partition-table", 0x20000, 0x02000},
906 {"default-mac", 0x30000, 0x00020},
907 {"support-list", 0x31000, 0x00100},
908 {"product-info", 0x31100, 0x00100},
909 {"soft-version", 0x32000, 0x00100},
910 {"os-image", 0x40000, 0x180000},
911 {"file-system", 0x1c0000, 0x600000},
912 {"user-config", 0x7c0000, 0x10000},
913 {"backup-config", 0x7d0000, 0x10000},
914 {"log", 0x7e0000, 0x10000},
915 {"radio", 0x7f0000, 0x10000},
919 .first_sysupgrade_partition
= "os-image",
920 .last_sysupgrade_partition
= "file-system"
923 /** Firmware layout for the TL-WA850RE v2 */
929 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
930 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
931 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
932 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
933 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
934 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
935 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
936 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
937 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
938 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
939 .support_trail
= '\x00',
943 576KB were moved from file-system to os-image
944 in comparison to the stock image
947 {"fs-uboot", 0x00000, 0x20000},
948 {"os-image", 0x20000, 0x150000},
949 {"file-system", 0x170000, 0x240000},
950 {"partition-table", 0x3b0000, 0x02000},
951 {"default-mac", 0x3c0000, 0x00020},
952 {"pin", 0x3c0100, 0x00020},
953 {"product-info", 0x3c1000, 0x01000},
954 {"soft-version", 0x3c2000, 0x00100},
955 {"support-list", 0x3c3000, 0x01000},
956 {"profile", 0x3c4000, 0x08000},
957 {"user-config", 0x3d0000, 0x10000},
958 {"default-config", 0x3e0000, 0x10000},
959 {"radio", 0x3f0000, 0x10000},
963 .first_sysupgrade_partition
= "os-image",
964 .last_sysupgrade_partition
= "file-system"
967 /** Firmware layout for the TL-WA855RE v1 */
973 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
974 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
975 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
976 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
977 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
978 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
979 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
980 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
981 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
982 .support_trail
= '\x00',
986 {"fs-uboot", 0x00000, 0x20000},
987 {"os-image", 0x20000, 0x150000},
988 {"file-system", 0x170000, 0x240000},
989 {"partition-table", 0x3b0000, 0x02000},
990 {"default-mac", 0x3c0000, 0x00020},
991 {"pin", 0x3c0100, 0x00020},
992 {"product-info", 0x3c1000, 0x01000},
993 {"soft-version", 0x3c2000, 0x00100},
994 {"support-list", 0x3c3000, 0x01000},
995 {"profile", 0x3c4000, 0x08000},
996 {"user-config", 0x3d0000, 0x10000},
997 {"default-config", 0x3e0000, 0x10000},
998 {"radio", 0x3f0000, 0x10000},
1002 .first_sysupgrade_partition
= "os-image",
1003 .last_sysupgrade_partition
= "file-system"
1006 /** Firmware layout for the TL-WR1043 v5 */
1008 .id
= "TLWR1043NV5",
1012 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
1013 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
1014 .support_trail
= '\x00',
1015 .soft_ver
= "soft_ver:1.0.0\n",
1017 {"factory-boot", 0x00000, 0x20000},
1018 {"fs-uboot", 0x20000, 0x20000},
1019 {"firmware", 0x40000, 0xec0000},
1020 {"default-mac", 0xf00000, 0x00200},
1021 {"pin", 0xf00200, 0x00200},
1022 {"device-id", 0xf00400, 0x00100},
1023 {"product-info", 0xf00500, 0x0fb00},
1024 {"soft-version", 0xf10000, 0x01000},
1025 {"extra-para", 0xf11000, 0x01000},
1026 {"support-list", 0xf12000, 0x0a000},
1027 {"profile", 0xf1c000, 0x04000},
1028 {"default-config", 0xf20000, 0x10000},
1029 {"user-config", 0xf30000, 0x40000},
1030 {"qos-db", 0xf70000, 0x40000},
1031 {"certificate", 0xfb0000, 0x10000},
1032 {"partition-table", 0xfc0000, 0x10000},
1033 {"log", 0xfd0000, 0x20000},
1034 {"radio", 0xff0000, 0x10000},
1037 .first_sysupgrade_partition
= "os-image",
1038 .last_sysupgrade_partition
= "file-system"
1041 /** Firmware layout for the TL-WR1043 v4 */
1043 .id
= "TLWR1043NDV4",
1047 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
1048 .support_trail
= '\x00',
1051 /* We're using a dynamic kernel/rootfs split here */
1053 {"fs-uboot", 0x00000, 0x20000},
1054 {"firmware", 0x20000, 0xf30000},
1055 {"default-mac", 0xf50000, 0x00200},
1056 {"pin", 0xf50200, 0x00200},
1057 {"product-info", 0xf50400, 0x0fc00},
1058 {"soft-version", 0xf60000, 0x0b000},
1059 {"support-list", 0xf6b000, 0x04000},
1060 {"profile", 0xf70000, 0x04000},
1061 {"default-config", 0xf74000, 0x0b000},
1062 {"user-config", 0xf80000, 0x40000},
1063 {"partition-table", 0xfc0000, 0x10000},
1064 {"log", 0xfd0000, 0x20000},
1065 {"radio", 0xff0000, 0x10000},
1069 .first_sysupgrade_partition
= "os-image",
1070 .last_sysupgrade_partition
= "file-system"
1073 /** Firmware layout for the TL-WR902AC v1 */
1075 .id
= "TL-WR902AC-V1",
1079 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
1080 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
1081 .support_trail
= '\x00',
1085 384KB were moved from file-system to os-image
1086 in comparison to the stock image
1089 {"fs-uboot", 0x00000, 0x20000},
1090 {"firmware", 0x20000, 0x730000},
1091 {"default-mac", 0x750000, 0x00200},
1092 {"pin", 0x750200, 0x00200},
1093 {"product-info", 0x750400, 0x0fc00},
1094 {"soft-version", 0x760000, 0x0b000},
1095 {"support-list", 0x76b000, 0x04000},
1096 {"profile", 0x770000, 0x04000},
1097 {"default-config", 0x774000, 0x0b000},
1098 {"user-config", 0x780000, 0x40000},
1099 {"partition-table", 0x7c0000, 0x10000},
1100 {"log", 0x7d0000, 0x20000},
1101 {"radio", 0x7f0000, 0x10000},
1105 .first_sysupgrade_partition
= "os-image",
1106 .last_sysupgrade_partition
= "file-system",
1109 /** Firmware layout for the TL-WR942N V1 */
1115 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
1116 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
1117 .support_trail
= '\x00',
1121 {"fs-uboot", 0x00000, 0x20000},
1122 {"firmware", 0x20000, 0xe20000},
1123 {"default-mac", 0xe40000, 0x00200},
1124 {"pin", 0xe40200, 0x00200},
1125 {"product-info", 0xe40400, 0x0fc00},
1126 {"partition-table", 0xe50000, 0x10000},
1127 {"soft-version", 0xe60000, 0x10000},
1128 {"support-list", 0xe70000, 0x10000},
1129 {"profile", 0xe80000, 0x10000},
1130 {"default-config", 0xe90000, 0x10000},
1131 {"user-config", 0xea0000, 0x40000},
1132 {"qos-db", 0xee0000, 0x40000},
1133 {"certificate", 0xf20000, 0x10000},
1134 {"usb-config", 0xfb0000, 0x10000},
1135 {"log", 0xfc0000, 0x20000},
1136 {"radio-bk", 0xfe0000, 0x10000},
1137 {"radio", 0xff0000, 0x10000},
1141 .first_sysupgrade_partition
= "os-image",
1142 .last_sysupgrade_partition
= "file-system",
1145 /** Firmware layout for the RE350 v1 */
1151 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1152 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1153 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1154 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1155 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1156 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1157 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1158 .support_trail
= '\x00',
1161 /** We're using a dynamic kernel/rootfs split here */
1163 {"fs-uboot", 0x00000, 0x20000},
1164 {"firmware", 0x20000, 0x5e0000},
1165 {"partition-table", 0x600000, 0x02000},
1166 {"default-mac", 0x610000, 0x00020},
1167 {"pin", 0x610100, 0x00020},
1168 {"product-info", 0x611100, 0x01000},
1169 {"soft-version", 0x620000, 0x01000},
1170 {"support-list", 0x621000, 0x01000},
1171 {"profile", 0x622000, 0x08000},
1172 {"user-config", 0x630000, 0x10000},
1173 {"default-config", 0x640000, 0x10000},
1174 {"radio", 0x7f0000, 0x10000},
1178 .first_sysupgrade_partition
= "os-image",
1179 .last_sysupgrade_partition
= "file-system"
1182 /** Firmware layout for the RE350K v1 */
1188 "{product_name:RE350K,product_ver:1.0.0,special_id:00000000,product_region:US}\n",
1189 .support_trail
= '\x00',
1192 /** We're using a dynamic kernel/rootfs split here */
1194 {"fs-uboot", 0x00000, 0x20000},
1195 {"firmware", 0x20000, 0xd70000},
1196 {"partition-table", 0xd90000, 0x02000},
1197 {"default-mac", 0xda0000, 0x00020},
1198 {"pin", 0xda0100, 0x00020},
1199 {"product-info", 0xda1100, 0x01000},
1200 {"soft-version", 0xdb0000, 0x01000},
1201 {"support-list", 0xdb1000, 0x01000},
1202 {"profile", 0xdb2000, 0x08000},
1203 {"user-config", 0xdc0000, 0x10000},
1204 {"default-config", 0xdd0000, 0x10000},
1205 {"device-id", 0xde0000, 0x00108},
1206 {"radio", 0xff0000, 0x10000},
1210 .first_sysupgrade_partition
= "os-image",
1211 .last_sysupgrade_partition
= "file-system"
1214 /** Firmware layout for the RE355 */
1220 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1221 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1222 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1223 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1224 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1225 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1226 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1227 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1228 .support_trail
= '\x00',
1231 /* We're using a dynamic kernel/rootfs split here */
1233 {"fs-uboot", 0x00000, 0x20000},
1234 {"firmware", 0x20000, 0x5e0000},
1235 {"partition-table", 0x600000, 0x02000},
1236 {"default-mac", 0x610000, 0x00020},
1237 {"pin", 0x610100, 0x00020},
1238 {"product-info", 0x611100, 0x01000},
1239 {"soft-version", 0x620000, 0x01000},
1240 {"support-list", 0x621000, 0x01000},
1241 {"profile", 0x622000, 0x08000},
1242 {"user-config", 0x630000, 0x10000},
1243 {"default-config", 0x640000, 0x10000},
1244 {"radio", 0x7f0000, 0x10000},
1248 .first_sysupgrade_partition
= "os-image",
1249 .last_sysupgrade_partition
= "file-system"
1252 /** Firmware layout for the RE450 */
1258 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1259 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1260 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1261 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1262 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1263 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1264 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1265 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1266 .support_trail
= '\x00',
1269 /** We're using a dynamic kernel/rootfs split here */
1271 {"fs-uboot", 0x00000, 0x20000},
1272 {"firmware", 0x20000, 0x5e0000},
1273 {"partition-table", 0x600000, 0x02000},
1274 {"default-mac", 0x610000, 0x00020},
1275 {"pin", 0x610100, 0x00020},
1276 {"product-info", 0x611100, 0x01000},
1277 {"soft-version", 0x620000, 0x01000},
1278 {"support-list", 0x621000, 0x01000},
1279 {"profile", 0x622000, 0x08000},
1280 {"user-config", 0x630000, 0x10000},
1281 {"default-config", 0x640000, 0x10000},
1282 {"radio", 0x7f0000, 0x10000},
1286 .first_sysupgrade_partition
= "os-image",
1287 .last_sysupgrade_partition
= "file-system"
1290 /** Firmware layout for the RE450 v2 */
1296 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1297 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1298 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1299 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1300 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1301 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1302 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1303 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1304 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1305 .support_trail
= '\x00',
1308 /* We're using a dynamic kernel/rootfs split here */
1310 {"fs-uboot", 0x00000, 0x20000},
1311 {"firmware", 0x20000, 0x5e0000},
1312 {"partition-table", 0x600000, 0x02000},
1313 {"default-mac", 0x610000, 0x00020},
1314 {"pin", 0x610100, 0x00020},
1315 {"product-info", 0x611100, 0x01000},
1316 {"soft-version", 0x620000, 0x01000},
1317 {"support-list", 0x621000, 0x01000},
1318 {"profile", 0x622000, 0x08000},
1319 {"user-config", 0x630000, 0x10000},
1320 {"default-config", 0x640000, 0x10000},
1321 {"radio", 0x7f0000, 0x10000},
1326 .first_sysupgrade_partition
= "os-image",
1327 .last_sysupgrade_partition
= "file-system"
1333 #define error(_ret, _errno, _str, ...) \
1335 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1336 strerror(_errno)); \
1342 /** Stores a uint32 as big endian */
1343 static inline void put32(uint8_t *buf
, uint32_t val
) {
1350 /** Allocates a new image partition */
1351 static struct image_partition_entry
alloc_image_partition(const char *name
, size_t len
) {
1352 struct image_partition_entry entry
= {name
, len
, malloc(len
)};
1354 error(1, errno
, "malloc");
1359 /** Frees an image partition */
1360 static void free_image_partition(struct image_partition_entry entry
) {
1364 static time_t source_date_epoch
= -1;
1365 static void set_source_date_epoch() {
1366 char *env
= getenv("SOURCE_DATE_EPOCH");
1370 source_date_epoch
= strtoull(env
, &endptr
, 10);
1371 if (errno
|| (endptr
&& *endptr
!= '\0')) {
1372 fprintf(stderr
, "Invalid SOURCE_DATE_EPOCH");
1378 /** Generates the partition-table partition */
1379 static struct image_partition_entry
make_partition_table(const struct flash_partition_entry
*p
) {
1380 struct image_partition_entry entry
= alloc_image_partition("partition-table", 0x800);
1382 char *s
= (char *)entry
.data
, *end
= (char *)(s
+entry
.size
);
1390 for (i
= 0; p
[i
].name
; i
++) {
1392 size_t w
= snprintf(s
, len
, "partition %s base 0x%05x size 0x%05x\n", p
[i
].name
, p
[i
].base
, p
[i
].size
);
1395 error(1, 0, "flash partition table overflow?");
1402 memset(s
, 0xff, end
-s
);
1408 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1409 static inline uint8_t bcd(uint8_t v
) {
1410 return 0x10 * (v
/10) + v
%10;
1414 /** Generates the soft-version partition */
1415 static struct image_partition_entry
make_soft_version(uint32_t rev
) {
1416 struct image_partition_entry entry
= alloc_image_partition("soft-version", sizeof(struct soft_version
));
1417 struct soft_version
*s
= (struct soft_version
*)entry
.data
;
1421 if (source_date_epoch
!= -1)
1422 t
= source_date_epoch
;
1423 else if (time(&t
) == (time_t)(-1))
1424 error(1, errno
, "time");
1426 struct tm
*tm
= localtime(&t
);
1428 s
->magic
= htonl(0x0000000c);
1432 s
->version_major
= 0;
1433 s
->version_minor
= 0;
1434 s
->version_patch
= 0;
1436 s
->year_hi
= bcd((1900+tm
->tm_year
)/100);
1437 s
->year_lo
= bcd(tm
->tm_year
%100);
1438 s
->month
= bcd(tm
->tm_mon
+1);
1439 s
->day
= bcd(tm
->tm_mday
);
1440 s
->rev
= htonl(rev
);
1447 static struct image_partition_entry
make_soft_version_from_string(const char *soft_ver
) {
1448 /** String length _including_ the terminating zero byte */
1449 uint32_t ver_len
= strlen(soft_ver
) + 1;
1450 /** Partition contains 64 bit header, the version string, and one additional null byte */
1451 size_t partition_len
= 2*sizeof(uint32_t) + ver_len
+ 1;
1452 struct image_partition_entry entry
= alloc_image_partition("soft-version", partition_len
);
1454 uint32_t *len
= (uint32_t *)entry
.data
;
1455 len
[0] = htonl(ver_len
);
1457 memcpy(&len
[2], soft_ver
, ver_len
);
1459 entry
.data
[partition_len
- 1] = 0;
1464 /** Generates the support-list partition */
1465 static struct image_partition_entry
make_support_list(struct device_info
*info
) {
1466 size_t len
= strlen(info
->support_list
);
1467 struct image_partition_entry entry
= alloc_image_partition("support-list", len
+ 9);
1469 put32(entry
.data
, len
);
1470 memset(entry
.data
+4, 0, 4);
1471 memcpy(entry
.data
+8, info
->support_list
, len
);
1472 entry
.data
[len
+8] = info
->support_trail
;
1477 /** Creates a new image partition with an arbitrary name from a file */
1478 static struct image_partition_entry
read_file(const char *part_name
, const char *filename
, bool add_jffs2_eof
, struct flash_partition_entry
*file_system_partition
) {
1479 struct stat statbuf
;
1481 if (stat(filename
, &statbuf
) < 0)
1482 error(1, errno
, "unable to stat file `%s'", filename
);
1484 size_t len
= statbuf
.st_size
;
1486 if (add_jffs2_eof
) {
1487 if (file_system_partition
)
1488 len
= ALIGN(len
+ file_system_partition
->base
, 0x10000) + sizeof(jffs2_eof_mark
) - file_system_partition
->base
;
1490 len
= ALIGN(len
, 0x10000) + sizeof(jffs2_eof_mark
);
1493 struct image_partition_entry entry
= alloc_image_partition(part_name
, len
);
1495 FILE *file
= fopen(filename
, "rb");
1497 error(1, errno
, "unable to open file `%s'", filename
);
1499 if (fread(entry
.data
, statbuf
.st_size
, 1, file
) != 1)
1500 error(1, errno
, "unable to read file `%s'", filename
);
1502 if (add_jffs2_eof
) {
1503 uint8_t *eof
= entry
.data
+ statbuf
.st_size
, *end
= entry
.data
+entry
.size
;
1505 memset(eof
, 0xff, end
- eof
- sizeof(jffs2_eof_mark
));
1506 memcpy(end
- sizeof(jffs2_eof_mark
), jffs2_eof_mark
, sizeof(jffs2_eof_mark
));
1514 /** Creates a new image partition from arbitrary data */
1515 static struct image_partition_entry
put_data(const char *part_name
, const char *datain
, size_t len
) {
1517 struct image_partition_entry entry
= alloc_image_partition(part_name
, len
);
1519 memcpy(entry
.data
, datain
, len
);
1525 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1527 Example image partition table:
1529 fwup-ptn partition-table base 0x00800 size 0x00800
1530 fwup-ptn os-image base 0x01000 size 0x113b45
1531 fwup-ptn file-system base 0x114b45 size 0x1d0004
1532 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1534 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1535 the end of the partition table is marked with a zero byte.
1537 The firmware image must contain at least the partition-table and support-list partitions
1538 to be accepted. There aren't any alignment constraints for the image partitions.
1540 The partition-table partition contains the actual flash layout; partitions
1541 from the image partition table are mapped to the corresponding flash partitions during
1542 the firmware upgrade. The support-list partition contains a list of devices supported by
1545 The base offsets in the firmware partition table are relative to the end
1546 of the vendor information block, so the partition-table partition will
1547 actually start at offset 0x1814 of the image.
1549 I think partition-table must be the first partition in the firmware image.
1551 static void put_partitions(uint8_t *buffer
, const struct flash_partition_entry
*flash_parts
, const struct image_partition_entry
*parts
) {
1553 char *image_pt
= (char *)buffer
, *end
= image_pt
+ 0x800;
1555 size_t base
= 0x800;
1556 for (i
= 0; parts
[i
].name
; i
++) {
1557 for (j
= 0; flash_parts
[j
].name
; j
++) {
1558 if (!strcmp(flash_parts
[j
].name
, parts
[i
].name
)) {
1559 if (parts
[i
].size
> flash_parts
[j
].size
)
1560 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts
[j
].name
, (unsigned)flash_parts
[j
].size
);
1565 assert(flash_parts
[j
].name
);
1567 memcpy(buffer
+ base
, parts
[i
].data
, parts
[i
].size
);
1569 size_t len
= end
-image_pt
;
1570 size_t w
= snprintf(image_pt
, len
, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts
[i
].name
, (unsigned)base
, (unsigned)parts
[i
].size
);
1573 error(1, 0, "image partition table overflow?");
1577 base
+= parts
[i
].size
;
1581 /** Generates and writes the image MD5 checksum */
1582 static void put_md5(uint8_t *md5
, uint8_t *buffer
, unsigned int len
) {
1586 MD5_Update(&ctx
, md5_salt
, (unsigned int)sizeof(md5_salt
));
1587 MD5_Update(&ctx
, buffer
, len
);
1588 MD5_Final(md5
, &ctx
);
1593 Generates the firmware image in factory format
1599 0000-0003 Image size (4 bytes, big endian)
1600 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1601 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1602 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1603 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1604 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1605 1814-xxxx Firmware partitions
1607 static void * generate_factory_image(struct device_info
*info
, const struct image_partition_entry
*parts
, size_t *len
) {
1611 for (i
= 0; parts
[i
].name
; i
++)
1612 *len
+= parts
[i
].size
;
1614 uint8_t *image
= malloc(*len
);
1616 error(1, errno
, "malloc");
1618 memset(image
, 0xff, *len
);
1622 size_t vendor_len
= strlen(info
->vendor
);
1623 put32(image
+0x14, vendor_len
);
1624 memcpy(image
+0x18, info
->vendor
, vendor_len
);
1627 put_partitions(image
+ 0x1014, info
->partitions
, parts
);
1628 put_md5(image
+0x04, image
+0x14, *len
-0x14);
1634 Generates the firmware image in sysupgrade format
1636 This makes some assumptions about the provided flash and image partition tables and
1637 should be generalized when TP-LINK starts building its safeloader into hardware with
1638 different flash layouts.
1640 static void * generate_sysupgrade_image(struct device_info
*info
, const struct image_partition_entry
*image_parts
, size_t *len
) {
1642 size_t flash_first_partition_index
= 0;
1643 size_t flash_last_partition_index
= 0;
1644 const struct flash_partition_entry
*flash_first_partition
= NULL
;
1645 const struct flash_partition_entry
*flash_last_partition
= NULL
;
1646 const struct image_partition_entry
*image_last_partition
= NULL
;
1648 /** Find first and last partitions */
1649 for (i
= 0; info
->partitions
[i
].name
; i
++) {
1650 if (!strcmp(info
->partitions
[i
].name
, info
->first_sysupgrade_partition
)) {
1651 flash_first_partition
= &info
->partitions
[i
];
1652 flash_first_partition_index
= i
;
1653 } else if (!strcmp(info
->partitions
[i
].name
, info
->last_sysupgrade_partition
)) {
1654 flash_last_partition
= &info
->partitions
[i
];
1655 flash_last_partition_index
= i
;
1659 assert(flash_first_partition
&& flash_last_partition
);
1660 assert(flash_first_partition_index
< flash_last_partition_index
);
1662 /** Find last partition from image to calculate needed size */
1663 for (i
= 0; image_parts
[i
].name
; i
++) {
1664 if (!strcmp(image_parts
[i
].name
, info
->last_sysupgrade_partition
)) {
1665 image_last_partition
= &image_parts
[i
];
1670 assert(image_last_partition
);
1672 *len
= flash_last_partition
->base
- flash_first_partition
->base
+ image_last_partition
->size
;
1674 uint8_t *image
= malloc(*len
);
1676 error(1, errno
, "malloc");
1678 memset(image
, 0xff, *len
);
1680 for (i
= flash_first_partition_index
; i
<= flash_last_partition_index
; i
++) {
1681 for (j
= 0; image_parts
[j
].name
; j
++) {
1682 if (!strcmp(info
->partitions
[i
].name
, image_parts
[j
].name
)) {
1683 if (image_parts
[j
].size
> info
->partitions
[i
].size
)
1684 error(1, 0, "%s partition too big (more than %u bytes)", info
->partitions
[i
].name
, (unsigned)info
->partitions
[i
].size
);
1685 memcpy(image
+ info
->partitions
[i
].base
- flash_first_partition
->base
, image_parts
[j
].data
, image_parts
[j
].size
);
1689 assert(image_parts
[j
].name
);
1696 /** Generates an image according to a given layout and writes it to a file */
1697 static void build_image(const char *output
,
1698 const char *kernel_image
,
1699 const char *rootfs_image
,
1703 struct device_info
*info
) {
1707 struct image_partition_entry parts
[7] = {};
1709 struct flash_partition_entry
*firmware_partition
= NULL
;
1710 struct flash_partition_entry
*os_image_partition
= NULL
;
1711 struct flash_partition_entry
*file_system_partition
= NULL
;
1712 size_t firmware_partition_index
= 0;
1714 for (i
= 0; info
->partitions
[i
].name
; i
++) {
1715 if (!strcmp(info
->partitions
[i
].name
, "firmware"))
1717 firmware_partition
= &info
->partitions
[i
];
1718 firmware_partition_index
= i
;
1722 if (firmware_partition
)
1724 os_image_partition
= &info
->partitions
[firmware_partition_index
];
1725 file_system_partition
= &info
->partitions
[firmware_partition_index
+ 1];
1728 if (stat(kernel_image
, &kernel
) < 0)
1729 error(1, errno
, "unable to stat file `%s'", kernel_image
);
1731 if (kernel
.st_size
> firmware_partition
->size
)
1732 error(1, 0, "kernel overflowed firmware partition\n");
1734 for (i
= MAX_PARTITIONS
-1; i
>= firmware_partition_index
+ 1; i
--)
1735 info
->partitions
[i
+1] = info
->partitions
[i
];
1737 file_system_partition
->name
= "file-system";
1738 file_system_partition
->base
= firmware_partition
->base
+ kernel
.st_size
;
1740 /* Align partition start to erase blocks for factory images only */
1742 file_system_partition
->base
= ALIGN(firmware_partition
->base
+ kernel
.st_size
, 0x10000);
1744 file_system_partition
->size
= firmware_partition
->size
- file_system_partition
->base
;
1746 os_image_partition
->name
= "os-image";
1747 os_image_partition
->size
= kernel
.st_size
;
1750 parts
[0] = make_partition_table(info
->partitions
);
1752 parts
[1] = make_soft_version_from_string(info
->soft_ver
);
1754 parts
[1] = make_soft_version(rev
);
1756 parts
[2] = make_support_list(info
);
1757 parts
[3] = read_file("os-image", kernel_image
, false, NULL
);
1758 parts
[4] = read_file("file-system", rootfs_image
, add_jffs2_eof
, file_system_partition
);
1760 /* Some devices need the extra-para partition to accept the firmware */
1761 if (strcasecmp(info
->id
, "ARCHER-C2-V3") == 0 ||
1762 strcasecmp(info
->id
, "ARCHER-C25-V1") == 0 ||
1763 strcasecmp(info
->id
, "ARCHER-C59-V2") == 0 ||
1764 strcasecmp(info
->id
, "ARCHER-C60-V2") == 0 ||
1765 strcasecmp(info
->id
, "TLWR1043NV5") == 0) {
1766 const char mdat
[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1767 parts
[5] = put_data("extra-para", mdat
, 11);
1768 } else if (strcasecmp(info
->id
, "ARCHER-A7-V5") == 0 || strcasecmp(info
->id
, "ARCHER-C7-V4") == 0 || strcasecmp(info
->id
, "ARCHER-C7-V5") == 0) {
1769 const char mdat
[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1770 parts
[5] = put_data("extra-para", mdat
, 11);
1771 } else if (strcasecmp(info
->id
, "ARCHER-C6-V2") == 0) {
1772 const char mdat
[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00};
1773 parts
[5] = put_data("extra-para", mdat
, 11);
1779 image
= generate_sysupgrade_image(info
, parts
, &len
);
1781 image
= generate_factory_image(info
, parts
, &len
);
1783 FILE *file
= fopen(output
, "wb");
1785 error(1, errno
, "unable to open output file");
1787 if (fwrite(image
, len
, 1, file
) != 1)
1788 error(1, 0, "unable to write output file");
1794 for (i
= 0; parts
[i
].name
; i
++)
1795 free_image_partition(parts
[i
]);
1799 static void usage(const char *argv0
) {
1801 "Usage: %s [OPTIONS...]\n"
1804 " -h show this help\n"
1806 "Create a new image:\n"
1807 " -B <board> create image for the board specified with <board>\n"
1808 " -k <file> read kernel image from the file <file>\n"
1809 " -r <file> read rootfs image from the file <file>\n"
1810 " -o <file> write output to the file <file>\n"
1811 " -V <rev> sets the revision number to <rev>\n"
1812 " -j add jffs2 end-of-filesystem markers\n"
1813 " -S create sysupgrade instead of factory image\n"
1814 "Extract an old image:\n"
1815 " -x <file> extract all oem firmware partition\n"
1816 " -d <dir> destination to extract the firmware partition\n"
1817 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1823 static struct device_info
*find_board(const char *id
)
1825 struct device_info
*board
= NULL
;
1827 for (board
= boards
; board
->id
!= NULL
; board
++)
1828 if (strcasecmp(id
, board
->id
) == 0)
1834 static int add_flash_partition(
1835 struct flash_partition_entry
*part_list
,
1842 /* check if the list has a free entry */
1843 for (ptr
= 0; ptr
< max_entries
; ptr
++, part_list
++) {
1844 if (part_list
->name
== NULL
&&
1845 part_list
->base
== 0 &&
1846 part_list
->size
== 0)
1850 if (ptr
== max_entries
) {
1851 error(1, 0, "No free flash part entry available.");
1854 part_list
->name
= calloc(1, strlen(name
) + 1);
1855 if (!part_list
->name
) {
1856 error(1, 0, "Unable to allocate memory");
1859 memcpy((char *)part_list
->name
, name
, strlen(name
));
1860 part_list
->base
= base
;
1861 part_list
->size
= size
;
1866 /** read the partition table into struct flash_partition_entry */
1867 static int read_partition_table(
1868 FILE *file
, long offset
,
1869 struct flash_partition_entry
*entries
, size_t max_entries
,
1874 const char *parthdr
= NULL
;
1875 const char *fwuphdr
= "fwup-ptn";
1876 const char *flashhdr
= "partition";
1878 /* TODO: search for the partition table */
1888 error(1, 0, "Invalid partition table");
1891 if (fseek(file
, offset
, SEEK_SET
) < 0)
1892 error(1, errno
, "Can not seek in the firmware");
1894 if (fread(buf
, 2048, 1, file
) != 1)
1895 error(1, errno
, "Can not read fwup-ptn from the firmware");
1899 /* look for the partition header */
1900 if (memcmp(buf
, parthdr
, strlen(parthdr
)) != 0) {
1901 fprintf(stderr
, "DEBUG: can not find fwuphdr\n");
1906 end
= buf
+ sizeof(buf
);
1907 while ((ptr
+ strlen(parthdr
)) < end
&&
1908 memcmp(ptr
, parthdr
, strlen(parthdr
)) == 0) {
1912 char name
[32] = { 0 };
1914 unsigned long base
= 0;
1915 unsigned long size
= 0;
1917 end_part
= memchr(ptr
, '\n', (end
- ptr
));
1918 if (end_part
== NULL
) {
1919 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1923 for (int i
= 0; i
<= 4; i
++) {
1924 if (end_part
<= ptr
)
1927 end_element
= memchr(ptr
, 0x20, (end_part
- ptr
));
1928 if (end_element
== NULL
) {
1929 error(1, errno
, "Ignoring the rest of the partition entries.");
1934 /* partition header */
1936 ptr
= end_element
+ 1;
1940 name_len
= (end_element
- ptr
) > 31 ? 31 : (end_element
- ptr
);
1941 strncpy(name
, ptr
, name_len
);
1942 name
[name_len
] = '\0';
1943 ptr
= end_element
+ 1;
1948 ptr
= end_element
+ 1;
1953 base
= strtoul(ptr
, NULL
, 16);
1954 ptr
= end_element
+ 1;
1959 ptr
= end_element
+ 1;
1960 /* actual size. The last element doesn't have a sepeartor */
1961 size
= strtoul(ptr
, NULL
, 16);
1962 /* the part ends with 0x09, 0x0d, 0x0a */
1964 add_flash_partition(entries
, max_entries
, name
, base
, size
);
1973 static void write_partition(
1975 size_t firmware_offset
,
1976 struct flash_partition_entry
*entry
,
1982 fseek(input_file
, entry
->base
+ firmware_offset
, SEEK_SET
);
1984 for (offset
= 0; sizeof(buf
) + offset
<= entry
->size
; offset
+= sizeof(buf
)) {
1985 if (fread(buf
, sizeof(buf
), 1, input_file
) != 1)
1986 error(1, errno
, "Can not read partition from input_file");
1988 if (fwrite(buf
, sizeof(buf
), 1, output_file
) != 1)
1989 error(1, errno
, "Can not write partition to output_file");
1991 /* write last chunk smaller than buffer */
1992 if (offset
< entry
->size
) {
1993 offset
= entry
->size
- offset
;
1994 if (fread(buf
, offset
, 1, input_file
) != 1)
1995 error(1, errno
, "Can not read partition from input_file");
1996 if (fwrite(buf
, offset
, 1, output_file
) != 1)
1997 error(1, errno
, "Can not write partition to output_file");
2001 static int extract_firmware_partition(FILE *input_file
, size_t firmware_offset
, struct flash_partition_entry
*entry
, const char *output_directory
)
2004 char output
[PATH_MAX
];
2006 snprintf(output
, PATH_MAX
, "%s/%s", output_directory
, entry
->name
);
2007 output_file
= fopen(output
, "wb+");
2008 if (output_file
== NULL
) {
2009 error(1, errno
, "Can not open output file %s", output
);
2012 write_partition(input_file
, firmware_offset
, entry
, output_file
);
2014 fclose(output_file
);
2019 /** extract all partitions from the firmware file */
2020 static int extract_firmware(const char *input
, const char *output_directory
)
2022 struct flash_partition_entry entries
[16] = { 0 };
2023 size_t max_entries
= 16;
2024 size_t firmware_offset
= 0x1014;
2027 struct stat statbuf
;
2029 /* check input file */
2030 if (stat(input
, &statbuf
)) {
2031 error(1, errno
, "Can not read input firmware %s", input
);
2034 /* check if output directory exists */
2035 if (stat(output_directory
, &statbuf
)) {
2036 error(1, errno
, "Failed to stat output directory %s", output_directory
);
2039 if ((statbuf
.st_mode
& S_IFMT
) != S_IFDIR
) {
2040 error(1, errno
, "Given output directory is not a directory %s", output_directory
);
2043 input_file
= fopen(input
, "rb");
2045 if (read_partition_table(input_file
, firmware_offset
, entries
, 16, 0) != 0) {
2046 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2049 for (size_t i
= 0; i
< max_entries
; i
++) {
2050 if (entries
[i
].name
== NULL
&&
2051 entries
[i
].base
== 0 &&
2052 entries
[i
].size
== 0)
2055 extract_firmware_partition(input_file
, firmware_offset
, &entries
[i
], output_directory
);
2061 static struct flash_partition_entry
*find_partition(
2062 struct flash_partition_entry
*entries
, size_t max_entries
,
2063 const char *name
, const char *error_msg
)
2065 for (size_t i
= 0; i
< max_entries
; i
++, entries
++) {
2066 if (strcmp(entries
->name
, name
) == 0)
2070 error(1, 0, "%s", error_msg
);
2074 static void write_ff(FILE *output_file
, size_t size
)
2079 memset(buf
, 0xff, sizeof(buf
));
2081 for (offset
= 0; offset
+ sizeof(buf
) < size
; offset
+= sizeof(buf
)) {
2082 if (fwrite(buf
, sizeof(buf
), 1, output_file
) != 1)
2083 error(1, errno
, "Can not write 0xff to output_file");
2086 /* write last chunk smaller than buffer */
2087 if (offset
< size
) {
2088 offset
= size
- offset
;
2089 if (fwrite(buf
, offset
, 1, output_file
) != 1)
2090 error(1, errno
, "Can not write partition to output_file");
2094 static void convert_firmware(const char *input
, const char *output
)
2096 struct flash_partition_entry fwup
[MAX_PARTITIONS
] = { 0 };
2097 struct flash_partition_entry flash
[MAX_PARTITIONS
] = { 0 };
2098 struct flash_partition_entry
*fwup_os_image
= NULL
, *fwup_file_system
= NULL
;
2099 struct flash_partition_entry
*flash_os_image
= NULL
, *flash_file_system
= NULL
;
2100 struct flash_partition_entry
*fwup_partition_table
= NULL
;
2101 size_t firmware_offset
= 0x1014;
2102 FILE *input_file
, *output_file
;
2104 struct stat statbuf
;
2106 /* check input file */
2107 if (stat(input
, &statbuf
)) {
2108 error(1, errno
, "Can not read input firmware %s", input
);
2111 input_file
= fopen(input
, "rb");
2113 error(1, 0, "Can not open input firmware %s", input
);
2115 output_file
= fopen(output
, "wb");
2117 error(1, 0, "Can not open output firmware %s", output
);
2119 if (read_partition_table(input_file
, firmware_offset
, fwup
, MAX_PARTITIONS
, 0) != 0) {
2120 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2123 fwup_os_image
= find_partition(fwup
, MAX_PARTITIONS
,
2124 "os-image", "Error can not find os-image partition (fwup)");
2125 fwup_file_system
= find_partition(fwup
, MAX_PARTITIONS
,
2126 "file-system", "Error can not find file-system partition (fwup)");
2127 fwup_partition_table
= find_partition(fwup
, MAX_PARTITIONS
,
2128 "partition-table", "Error can not find partition-table partition");
2130 /* the flash partition table has a 0x00000004 magic haeder */
2131 if (read_partition_table(input_file
, firmware_offset
+ fwup_partition_table
->base
+ 4, flash
, MAX_PARTITIONS
, 1) != 0)
2132 error(1, 0, "Error can not read the partition table (flash)");
2134 flash_os_image
= find_partition(flash
, MAX_PARTITIONS
,
2135 "os-image", "Error can not find os-image partition (flash)");
2136 flash_file_system
= find_partition(flash
, MAX_PARTITIONS
,
2137 "file-system", "Error can not find file-system partition (flash)");
2139 /* write os_image to 0x0 */
2140 write_partition(input_file
, firmware_offset
, fwup_os_image
, output_file
);
2141 write_ff(output_file
, flash_os_image
->size
- fwup_os_image
->size
);
2143 /* write file-system behind os_image */
2144 fseek(output_file
, flash_file_system
->base
- flash_os_image
->base
, SEEK_SET
);
2145 write_partition(input_file
, firmware_offset
, fwup_file_system
, output_file
);
2146 write_ff(output_file
, flash_file_system
->size
- fwup_file_system
->size
);
2148 fclose(output_file
);
2152 int main(int argc
, char *argv
[]) {
2153 const char *board
= NULL
, *kernel_image
= NULL
, *rootfs_image
= NULL
, *output
= NULL
;
2154 const char *extract_image
= NULL
, *output_directory
= NULL
, *convert_image
= NULL
;
2155 bool add_jffs2_eof
= false, sysupgrade
= false;
2157 struct device_info
*info
;
2158 set_source_date_epoch();
2163 c
= getopt(argc
, argv
, "B:k:r:o:V:jSh:x:d:z:");
2173 kernel_image
= optarg
;
2177 rootfs_image
= optarg
;
2185 sscanf(optarg
, "r%u", &rev
);
2189 add_jffs2_eof
= true;
2201 output_directory
= optarg
;
2205 extract_image
= optarg
;
2209 convert_image
= optarg
;
2218 if (extract_image
|| output_directory
) {
2220 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2221 if (!output_directory
)
2222 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2223 extract_firmware(extract_image
, output_directory
);
2224 } else if (convert_image
) {
2226 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2227 convert_firmware(convert_image
, output
);
2230 error(1, 0, "no board has been specified");
2232 error(1, 0, "no kernel image has been specified");
2234 error(1, 0, "no rootfs image has been specified");
2236 error(1, 0, "no output filename has been specified");
2238 info
= find_board(board
);
2241 error(1, 0, "unsupported board %s", board
);
2243 build_image(output
, kernel_image
, rootfs_image
, rev
, add_jffs2_eof
, sysupgrade
, info
);