projects / openwrt / openwrt.git / blob
? search:


c96edb4609c4e36e987bb1eb29e1240568038dc7
[openwrt/openwrt.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49
50 #include "md5.h"
51
52
53 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
54
55
56 #define MAX_PARTITIONS 32
57
58 /** An image partition table entry */
59 struct image_partition_entry {
60 const char *name;
61 size_t size;
62 uint8_t *data;
63 };
64
65 /** A flash partition table entry */
66 struct flash_partition_entry {
67 const char *name;
68 uint32_t base;
69 uint32_t size;
70 };
71
72 /** Firmware layout description */
73 struct device_info {
74 const char *id;
75 const char *vendor;
76 const char *support_list;
77 char support_trail;
78 const char *soft_ver;
79 const struct flash_partition_entry partitions[MAX_PARTITIONS+1];
80 const char *first_sysupgrade_partition;
81 const char *last_sysupgrade_partition;
82 };
83
84 /** The content of the soft-version structure */
85 struct __attribute__((__packed__)) soft_version {
86 uint32_t magic;
87 uint32_t zero;
88 uint8_t pad1;
89 uint8_t version_major;
90 uint8_t version_minor;
91 uint8_t version_patch;
92 uint8_t year_hi;
93 uint8_t year_lo;
94 uint8_t month;
95 uint8_t day;
96 uint32_t rev;
97 uint8_t pad2;
98 };
99
100
101 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
102
103
104 /**
105 Salt for the MD5 hash
106
107 Fortunately, TP-LINK seems to use the same salt for most devices which use
108 the new image format.
109 */
110 static const uint8_t md5_salt[16] = {
111 0x7a, 0x2b, 0x15, 0xed,
112 0x9b, 0x98, 0x59, 0x6d,
113 0xe5, 0x04, 0xab, 0x44,
114 0xac, 0x2a, 0x9f, 0x4e,
115 };
116
117
118 /** Firmware layout table */
119 static struct device_info boards[] = {
120 /** Firmware layout for the CPE210/220 */
121 {
122 .id = "CPE210",
123 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
124 .support_list =
125 "SupportList:\r\n"
126 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
128 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
130 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
133 .support_trail = '\xff',
134 .soft_ver = NULL,
135
136 .partitions = {
137 {"fs-uboot", 0x00000, 0x20000},
138 {"partition-table", 0x20000, 0x02000},
139 {"default-mac", 0x30000, 0x00020},
140 {"product-info", 0x31100, 0x00100},
141 {"signature", 0x32000, 0x00400},
142 {"os-image", 0x40000, 0x170000},
143 {"soft-version", 0x1b0000, 0x00100},
144 {"support-list", 0x1b1000, 0x00400},
145 {"file-system", 0x1c0000, 0x600000},
146 {"user-config", 0x7c0000, 0x10000},
147 {"default-config", 0x7d0000, 0x10000},
148 {"log", 0x7e0000, 0x10000},
149 {"radio", 0x7f0000, 0x10000},
150 {NULL, 0, 0}
151 },
152
153 .first_sysupgrade_partition = "os-image",
154 .last_sysupgrade_partition = "file-system",
155 },
156
157 /** Firmware layout for the CPE510/520 */
158 {
159 .id = "CPE510",
160 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
161 .support_list =
162 "SupportList:\r\n"
163 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
164 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
165 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
166 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
167 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
168 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
169 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
170 "CPE520(TP-LINK|EU|N300-5):1.1\r\n",
171 .support_trail = '\xff',
172 .soft_ver = NULL,
173
174 .partitions = {
175 {"fs-uboot", 0x00000, 0x20000},
176 {"partition-table", 0x20000, 0x02000},
177 {"default-mac", 0x30000, 0x00020},
178 {"product-info", 0x31100, 0x00100},
179 {"signature", 0x32000, 0x00400},
180 {"os-image", 0x40000, 0x170000},
181 {"soft-version", 0x1b0000, 0x00100},
182 {"support-list", 0x1b1000, 0x00400},
183 {"file-system", 0x1c0000, 0x600000},
184 {"user-config", 0x7c0000, 0x10000},
185 {"default-config", 0x7d0000, 0x10000},
186 {"log", 0x7e0000, 0x10000},
187 {"radio", 0x7f0000, 0x10000},
188 {NULL, 0, 0}
189 },
190
191 .first_sysupgrade_partition = "os-image",
192 .last_sysupgrade_partition = "file-system",
193 },
194
195 {
196 .id = "WBS210",
197 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
198 .support_list =
199 "SupportList:\r\n"
200 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
201 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
202 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
203 .support_trail = '\xff',
204 .soft_ver = NULL,
205
206 .partitions = {
207 {"fs-uboot", 0x00000, 0x20000},
208 {"partition-table", 0x20000, 0x02000},
209 {"default-mac", 0x30000, 0x00020},
210 {"product-info", 0x31100, 0x00100},
211 {"signature", 0x32000, 0x00400},
212 {"os-image", 0x40000, 0x170000},
213 {"soft-version", 0x1b0000, 0x00100},
214 {"support-list", 0x1b1000, 0x00400},
215 {"file-system", 0x1c0000, 0x600000},
216 {"user-config", 0x7c0000, 0x10000},
217 {"default-config", 0x7d0000, 0x10000},
218 {"log", 0x7e0000, 0x10000},
219 {"radio", 0x7f0000, 0x10000},
220 {NULL, 0, 0}
221 },
222
223 .first_sysupgrade_partition = "os-image",
224 .last_sysupgrade_partition = "file-system",
225 },
226
227 {
228 .id = "WBS510",
229 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
230 .support_list =
231 "SupportList:\r\n"
232 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
233 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
234 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
235 .support_trail = '\xff',
236 .soft_ver = NULL,
237
238 .partitions = {
239 {"fs-uboot", 0x00000, 0x20000},
240 {"partition-table", 0x20000, 0x02000},
241 {"default-mac", 0x30000, 0x00020},
242 {"product-info", 0x31100, 0x00100},
243 {"signature", 0x32000, 0x00400},
244 {"os-image", 0x40000, 0x170000},
245 {"soft-version", 0x1b0000, 0x00100},
246 {"support-list", 0x1b1000, 0x00400},
247 {"file-system", 0x1c0000, 0x600000},
248 {"user-config", 0x7c0000, 0x10000},
249 {"default-config", 0x7d0000, 0x10000},
250 {"log", 0x7e0000, 0x10000},
251 {"radio", 0x7f0000, 0x10000},
252 {NULL, 0, 0}
253 },
254
255 .first_sysupgrade_partition = "os-image",
256 .last_sysupgrade_partition = "file-system",
257 },
258
259 /** Firmware layout for the C2600 */
260 {
261 .id = "C2600",
262 .vendor = "",
263 .support_list =
264 "SupportList:\r\n"
265 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
266 .support_trail = '\x00',
267 .soft_ver = NULL,
268
269 .partitions = {
270 {"SBL1", 0x00000, 0x20000},
271 {"MIBIB", 0x20000, 0x20000},
272 {"SBL2", 0x40000, 0x20000},
273 {"SBL3", 0x60000, 0x30000},
274 {"DDRCONFIG", 0x90000, 0x10000},
275 {"SSD", 0xa0000, 0x10000},
276 {"TZ", 0xb0000, 0x30000},
277 {"RPM", 0xe0000, 0x20000},
278 {"fs-uboot", 0x100000, 0x70000},
279 {"uboot-env", 0x170000, 0x40000},
280 {"radio", 0x1b0000, 0x40000},
281 {"os-image", 0x1f0000, 0x200000},
282 {"file-system", 0x3f0000, 0x1b00000},
283 {"default-mac", 0x1ef0000, 0x00200},
284 {"pin", 0x1ef0200, 0x00200},
285 {"product-info", 0x1ef0400, 0x0fc00},
286 {"partition-table", 0x1f00000, 0x10000},
287 {"soft-version", 0x1f10000, 0x10000},
288 {"support-list", 0x1f20000, 0x10000},
289 {"profile", 0x1f30000, 0x10000},
290 {"default-config", 0x1f40000, 0x10000},
291 {"user-config", 0x1f50000, 0x40000},
292 {"qos-db", 0x1f90000, 0x40000},
293 {"usb-config", 0x1fd0000, 0x10000},
294 {"log", 0x1fe0000, 0x20000},
295 {NULL, 0, 0}
296 },
297
298 .first_sysupgrade_partition = "os-image",
299 .last_sysupgrade_partition = "file-system"
300 },
301
302 /** Firmware layout for the C25v1 */
303 {
304 .id = "ARCHER-C25-V1",
305 .support_list =
306 "SupportList:\n"
307 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
308 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
309 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
310 .support_trail = '\x00',
311 .soft_ver = "soft_ver:1.0.0\n",
312
313 /**
314 We use a bigger os-image partition than the stock images (and thus
315 smaller file-system), as our kernel doesn't fit in the stock firmware's
316 1MB os-image.
317 */
318 .partitions = {
319 {"factory-boot", 0x00000, 0x20000},
320 {"fs-uboot", 0x20000, 0x10000},
321 {"os-image", 0x30000, 0x180000}, /* Stock: base 0x30000 size 0x100000 */
322 {"file-system", 0x1b0000, 0x620000}, /* Stock: base 0x130000 size 0x6a0000 */
323 {"user-config", 0x7d0000, 0x04000},
324 {"default-mac", 0x7e0000, 0x00100},
325 {"device-id", 0x7e0100, 0x00100},
326 {"extra-para", 0x7e0200, 0x00100},
327 {"pin", 0x7e0300, 0x00100},
328 {"support-list", 0x7e0400, 0x00400},
329 {"soft-version", 0x7e0800, 0x00400},
330 {"product-info", 0x7e0c00, 0x01400},
331 {"partition-table", 0x7e2000, 0x01000},
332 {"profile", 0x7e3000, 0x01000},
333 {"default-config", 0x7e4000, 0x04000},
334 {"merge-config", 0x7ec000, 0x02000},
335 {"qos-db", 0x7ee000, 0x02000},
336 {"radio", 0x7f0000, 0x10000},
337 {NULL, 0, 0}
338 },
339
340 .first_sysupgrade_partition = "os-image",
341 .last_sysupgrade_partition = "file-system",
342 },
343
344 /** Firmware layout for the C58v1 */
345 {
346 .id = "ARCHER-C58-V1",
347 .vendor = "",
348 .support_list =
349 "SupportList:\r\n"
350 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
351 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
352 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
353 .support_trail = '\x00',
354 .soft_ver = "soft_ver:1.0.0\n",
355
356 .partitions = {
357 {"fs-uboot", 0x00000, 0x10000},
358 {"default-mac", 0x10000, 0x00200},
359 {"pin", 0x10200, 0x00200},
360 {"product-info", 0x10400, 0x00100},
361 {"partition-table", 0x10500, 0x00800},
362 {"soft-version", 0x11300, 0x00200},
363 {"support-list", 0x11500, 0x00100},
364 {"device-id", 0x11600, 0x00100},
365 {"profile", 0x11700, 0x03900},
366 {"default-config", 0x15000, 0x04000},
367 {"user-config", 0x19000, 0x04000},
368 {"os-image", 0x20000, 0x180000},
369 {"file-system", 0x1a0000, 0x648000},
370 {"certyficate", 0x7e8000, 0x08000},
371 {"radio", 0x7f0000, 0x10000},
372 {NULL, 0, 0}
373 },
374
375 .first_sysupgrade_partition = "os-image",
376 .last_sysupgrade_partition = "file-system",
377 },
378
379 /** Firmware layout for the C59v1 */
380 {
381 .id = "ARCHER-C59-V1",
382 .vendor = "",
383 .support_list =
384 "SupportList:\r\n"
385 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
386 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
387 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
388 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
389 .support_trail = '\x00',
390 .soft_ver = "soft_ver:1.0.0\n",
391
392 .partitions = {
393 {"fs-uboot", 0x00000, 0x10000},
394 {"default-mac", 0x10000, 0x00200},
395 {"pin", 0x10200, 0x00200},
396 {"device-id", 0x10400, 0x00100},
397 {"product-info", 0x10500, 0x0fb00},
398 {"os-image", 0x20000, 0x180000},
399 {"file-system", 0x1a0000, 0xcb0000},
400 {"partition-table", 0xe50000, 0x10000},
401 {"soft-version", 0xe60000, 0x10000},
402 {"support-list", 0xe70000, 0x10000},
403 {"profile", 0xe80000, 0x10000},
404 {"default-config", 0xe90000, 0x10000},
405 {"user-config", 0xea0000, 0x40000},
406 {"usb-config", 0xee0000, 0x10000},
407 {"certificate", 0xef0000, 0x10000},
408 {"qos-db", 0xf00000, 0x40000},
409 {"log", 0xfe0000, 0x10000},
410 {"radio", 0xff0000, 0x10000},
411 {NULL, 0, 0}
412 },
413
414 .first_sysupgrade_partition = "os-image",
415 .last_sysupgrade_partition = "file-system",
416 },
417
418 /** Firmware layout for the C60v1 */
419 {
420 .id = "ARCHER-C60-V1",
421 .vendor = "",
422 .support_list =
423 "SupportList:\r\n"
424 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
425 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
426 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
427 .support_trail = '\x00',
428 .soft_ver = "soft_ver:1.0.0\n",
429
430 .partitions = {
431 {"fs-uboot", 0x00000, 0x10000},
432 {"default-mac", 0x10000, 0x00200},
433 {"pin", 0x10200, 0x00200},
434 {"product-info", 0x10400, 0x00100},
435 {"partition-table", 0x10500, 0x00800},
436 {"soft-version", 0x11300, 0x00200},
437 {"support-list", 0x11500, 0x00100},
438 {"device-id", 0x11600, 0x00100},
439 {"profile", 0x11700, 0x03900},
440 {"default-config", 0x15000, 0x04000},
441 {"user-config", 0x19000, 0x04000},
442 {"os-image", 0x20000, 0x180000},
443 {"file-system", 0x1a0000, 0x648000},
444 {"certyficate", 0x7e8000, 0x08000},
445 {"radio", 0x7f0000, 0x10000},
446 {NULL, 0, 0}
447 },
448
449 .first_sysupgrade_partition = "os-image",
450 .last_sysupgrade_partition = "file-system",
451 },
452
453 /** Firmware layout for the C5 */
454 {
455 .id = "ARCHER-C5-V2",
456 .vendor = "",
457 .support_list =
458 "SupportList:\r\n"
459 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
460 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
461 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
462 .support_trail = '\x00',
463 .soft_ver = NULL,
464
465 .partitions = {
466 {"fs-uboot", 0x00000, 0x40000},
467 {"os-image", 0x40000, 0x200000},
468 {"file-system", 0x240000, 0xc00000},
469 {"default-mac", 0xe40000, 0x00200},
470 {"pin", 0xe40200, 0x00200},
471 {"product-info", 0xe40400, 0x00200},
472 {"partition-table", 0xe50000, 0x10000},
473 {"soft-version", 0xe60000, 0x00200},
474 {"support-list", 0xe61000, 0x0f000},
475 {"profile", 0xe70000, 0x10000},
476 {"default-config", 0xe80000, 0x10000},
477 {"user-config", 0xe90000, 0x50000},
478 {"log", 0xee0000, 0x100000},
479 {"radio_bk", 0xfe0000, 0x10000},
480 {"radio", 0xff0000, 0x10000},
481 {NULL, 0, 0}
482 },
483
484 .first_sysupgrade_partition = "os-image",
485 .last_sysupgrade_partition = "file-system"
486 },
487
488 /** Firmware layout for the C7 */
489 {
490 .id = "ARCHER-C7-V4",
491 .support_list =
492 "SupportList:\n"
493 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
494 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
495 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
496 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
497 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
498 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
499 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
500 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
501 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
502 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
503 .support_trail = '\x00',
504 .soft_ver = "soft_ver:1.0.0\n",
505
506 /**
507 We use a bigger os-image partition than the stock images (and thus
508 smaller file-system), as our kernel doesn't fit in the stock firmware's
509 1MB os-image.
510 */
511 .partitions = {
512 {"factory-boot", 0x00000, 0x20000},
513 {"fs-uboot", 0x20000, 0x20000},
514 {"os-image", 0x40000, 0x180000}, /* Stock: base 0x40000 size 0x120000 */
515 {"file-system", 0x1c0000, 0xd40000}, /* Stock: base 0x160000 size 0xda0000 */
516 {"default-mac", 0xf00000, 0x00200},
517 {"pin", 0xf00200, 0x00200},
518 {"device-id", 0xf00400, 0x00100},
519 {"product-info", 0xf00500, 0x0fb00},
520 {"soft-version", 0xf10000, 0x00100},
521 {"extra-para", 0xf11000, 0x01000},
522 {"support-list", 0xf12000, 0x0a000},
523 {"profile", 0xf1c000, 0x04000},
524 {"default-config", 0xf20000, 0x10000},
525 {"user-config", 0xf30000, 0x40000},
526 {"qos-db", 0xf70000, 0x40000},
527 {"certificate", 0xfb0000, 0x10000},
528 {"partition-table", 0xfc0000, 0x10000},
529 {"log", 0xfd0000, 0x20000},
530 {"radio", 0xff0000, 0x10000},
531 {NULL, 0, 0}
532 },
533
534 .first_sysupgrade_partition = "os-image",
535 .last_sysupgrade_partition = "file-system",
536 },
537
538 /** Firmware layout for the C9 */
539 {
540 .id = "ARCHERC9",
541 .vendor = "",
542 .support_list =
543 "SupportList:\n"
544 "{product_name:ArcherC9,"
545 "product_ver:1.0.0,"
546 "special_id:00000000}\n",
547 .support_trail = '\x00',
548 .soft_ver = NULL,
549
550 .partitions = {
551 {"fs-uboot", 0x00000, 0x40000},
552 {"os-image", 0x40000, 0x200000},
553 {"file-system", 0x240000, 0xc00000},
554 {"default-mac", 0xe40000, 0x00200},
555 {"pin", 0xe40200, 0x00200},
556 {"product-info", 0xe40400, 0x00200},
557 {"partition-table", 0xe50000, 0x10000},
558 {"soft-version", 0xe60000, 0x00200},
559 {"support-list", 0xe61000, 0x0f000},
560 {"profile", 0xe70000, 0x10000},
561 {"default-config", 0xe80000, 0x10000},
562 {"user-config", 0xe90000, 0x50000},
563 {"log", 0xee0000, 0x100000},
564 {"radio_bk", 0xfe0000, 0x10000},
565 {"radio", 0xff0000, 0x10000},
566 {NULL, 0, 0}
567 },
568
569 .first_sysupgrade_partition = "os-image",
570 .last_sysupgrade_partition = "file-system"
571 },
572
573 /** Firmware layout for the EAP120 */
574 {
575 .id = "EAP120",
576 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
577 .support_list =
578 "SupportList:\r\n"
579 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
580 .support_trail = '\xff',
581 .soft_ver = NULL,
582
583 .partitions = {
584 {"fs-uboot", 0x00000, 0x20000},
585 {"partition-table", 0x20000, 0x02000},
586 {"default-mac", 0x30000, 0x00020},
587 {"support-list", 0x31000, 0x00100},
588 {"product-info", 0x31100, 0x00100},
589 {"soft-version", 0x32000, 0x00100},
590 {"os-image", 0x40000, 0x180000},
591 {"file-system", 0x1c0000, 0x600000},
592 {"user-config", 0x7c0000, 0x10000},
593 {"backup-config", 0x7d0000, 0x10000},
594 {"log", 0x7e0000, 0x10000},
595 {"radio", 0x7f0000, 0x10000},
596 {NULL, 0, 0}
597 },
598
599 .first_sysupgrade_partition = "os-image",
600 .last_sysupgrade_partition = "file-system"
601 },
602
603 /** Firmware layout for the TL-WA850RE v2 */
604 {
605 .id = "TLWA850REV2",
606 .vendor = "",
607 .support_list =
608 "SupportList:\n"
609 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
610 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
611 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
612 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
613 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
614 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
615 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
616 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
617 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
618 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
619 .support_trail = '\x00',
620 .soft_ver = NULL,
621
622 /**
623 576KB were moved from file-system to os-image
624 in comparison to the stock image
625 */
626 .partitions = {
627 {"fs-uboot", 0x00000, 0x20000},
628 {"os-image", 0x20000, 0x150000},
629 {"file-system", 0x170000, 0x240000},
630 {"partition-table", 0x3b0000, 0x02000},
631 {"default-mac", 0x3c0000, 0x00020},
632 {"pin", 0x3c0100, 0x00020},
633 {"product-info", 0x3c1000, 0x01000},
634 {"soft-version", 0x3c2000, 0x00100},
635 {"support-list", 0x3c3000, 0x01000},
636 {"profile", 0x3c4000, 0x08000},
637 {"user-config", 0x3d0000, 0x10000},
638 {"default-config", 0x3e0000, 0x10000},
639 {"radio", 0x3f0000, 0x10000},
640 {NULL, 0, 0}
641 },
642
643 .first_sysupgrade_partition = "os-image",
644 .last_sysupgrade_partition = "file-system"
645 },
646
647 /** Firmware layout for the TL-WA855RE v1 */
648 {
649 .id = "TLWA855REV1",
650 .vendor = "",
651 .support_list =
652 "SupportList:\n"
653 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
654 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
655 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
656 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
657 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
658 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
659 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
660 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
661 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
662 .support_trail = '\x00',
663 .soft_ver = NULL,
664
665 .partitions = {
666 {"fs-uboot", 0x00000, 0x20000},
667 {"os-image", 0x20000, 0x150000},
668 {"file-system", 0x170000, 0x240000},
669 {"partition-table", 0x3b0000, 0x02000},
670 {"default-mac", 0x3c0000, 0x00020},
671 {"pin", 0x3c0100, 0x00020},
672 {"product-info", 0x3c1000, 0x01000},
673 {"soft-version", 0x3c2000, 0x00100},
674 {"support-list", 0x3c3000, 0x01000},
675 {"profile", 0x3c4000, 0x08000},
676 {"user-config", 0x3d0000, 0x10000},
677 {"default-config", 0x3e0000, 0x10000},
678 {"radio", 0x3f0000, 0x10000},
679 {NULL, 0, 0}
680 },
681
682 .first_sysupgrade_partition = "os-image",
683 .last_sysupgrade_partition = "file-system"
684 },
685
686 /** Firmware layout for the TL-WR1043 v5 */
687 {
688 .id = "TLWR1043NV5",
689 .vendor = "",
690 .support_list =
691 "SupportList:\n"
692 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
693 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
694 .support_trail = '\x00',
695 .soft_ver = "soft_ver:1.0.0\n",
696 .partitions = {
697 {"factory-boot", 0x00000, 0x20000},
698 {"fs-uboot", 0x20000, 0x20000},
699 {"os-image", 0x40000, 0x180000},
700 {"file-system", 0x1c0000, 0xd40000},
701 {"default-mac", 0xf00000, 0x00200},
702 {"pin", 0xf00200, 0x00200},
703 {"device-id", 0xf00400, 0x00100},
704 {"product-info", 0xf00500, 0x0fb00},
705 {"soft-version", 0xf10000, 0x01000},
706 {"extra-para", 0xf11000, 0x01000},
707 {"support-list", 0xf12000, 0x0a000},
708 {"profile", 0xf1c000, 0x04000},
709 {"default-config", 0xf20000, 0x10000},
710 {"user-config", 0xf30000, 0x40000},
711 {"qos-db", 0xf70000, 0x40000},
712 {"certificate", 0xfb0000, 0x10000},
713 {"partition-table", 0xfc0000, 0x10000},
714 {"log", 0xfd0000, 0x20000},
715 {"radio", 0xff0000, 0x10000},
716 {NULL, 0, 0}
717 },
718 .first_sysupgrade_partition = "os-image",
719 .last_sysupgrade_partition = "file-system"
720 },
721
722 /** Firmware layout for the TL-WR1043 v4 */
723 {
724 .id = "TLWR1043NDV4",
725 .vendor = "",
726 .support_list =
727 "SupportList:\n"
728 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
729 .support_trail = '\x00',
730 .soft_ver = NULL,
731
732 /**
733 We use a bigger os-image partition than the stock images (and thus
734 smaller file-system), as our kernel doesn't fit in the stock firmware's
735 1MB os-image.
736 */
737 .partitions = {
738 {"fs-uboot", 0x00000, 0x20000},
739 {"os-image", 0x20000, 0x180000},
740 {"file-system", 0x1a0000, 0xdb0000},
741 {"default-mac", 0xf50000, 0x00200},
742 {"pin", 0xf50200, 0x00200},
743 {"product-info", 0xf50400, 0x0fc00},
744 {"soft-version", 0xf60000, 0x0b000},
745 {"support-list", 0xf6b000, 0x04000},
746 {"profile", 0xf70000, 0x04000},
747 {"default-config", 0xf74000, 0x0b000},
748 {"user-config", 0xf80000, 0x40000},
749 {"partition-table", 0xfc0000, 0x10000},
750 {"log", 0xfd0000, 0x20000},
751 {"radio", 0xff0000, 0x10000},
752 {NULL, 0, 0}
753 },
754
755 .first_sysupgrade_partition = "os-image",
756 .last_sysupgrade_partition = "file-system"
757 },
758
759 /** Firmware layout for the TL-WR902AC v1 */
760 {
761 .id = "TL-WR902AC-V1",
762 .vendor = "",
763 .support_list =
764 "SupportList:\n"
765 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
766 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
767 .support_trail = '\x00',
768 .soft_ver = NULL,
769
770 /**
771 384KB were moved from file-system to os-image
772 in comparison to the stock image
773 */
774 .partitions = {
775 {"fs-uboot", 0x00000, 0x20000},
776 {"os-image", 0x20000, 0x180000},
777 {"file-system", 0x1a0000, 0x5b0000},
778 {"default-mac", 0x750000, 0x00200},
779 {"pin", 0x750200, 0x00200},
780 {"product-info", 0x750400, 0x0fc00},
781 {"soft-version", 0x760000, 0x0b000},
782 {"support-list", 0x76b000, 0x04000},
783 {"profile", 0x770000, 0x04000},
784 {"default-config", 0x774000, 0x0b000},
785 {"user-config", 0x780000, 0x40000},
786 {"partition-table", 0x7c0000, 0x10000},
787 {"log", 0x7d0000, 0x20000},
788 {"radio", 0x7f0000, 0x10000},
789 {NULL, 0, 0}
790 },
791
792 .first_sysupgrade_partition = "os-image",
793 .last_sysupgrade_partition = "file-system",
794 },
795
796 /** Firmware layout for the TL-WR942N V1 */
797 {
798 .id = "TLWR942NV1",
799 .vendor = "",
800 .support_list =
801 "SupportList:\r\n"
802 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
803 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
804 .support_trail = '\x00',
805 .soft_ver = NULL,
806
807 .partitions = {
808 {"fs-uboot", 0x00000, 0x20000},
809 {"os-image", 0x20000, 0x180000},
810 {"file-system", 0x1a0000, 0xca0000},
811 {"default-mac", 0xe40000, 0x00200},
812 {"pin", 0xe40200, 0x00200},
813 {"product-info", 0xe40400, 0x0fc00},
814 {"partition-table", 0xe50000, 0x10000},
815 {"soft-version", 0xe60000, 0x10000},
816 {"support-list", 0xe70000, 0x10000},
817 {"profile", 0xe80000, 0x10000},
818 {"default-config", 0xe90000, 0x10000},
819 {"user-config", 0xea0000, 0x40000},
820 {"qos-db", 0xee0000, 0x40000},
821 {"certificate", 0xf20000, 0x10000},
822 {"usb-config", 0xfb0000, 0x10000},
823 {"log", 0xfc0000, 0x20000},
824 {"radio-bk", 0xfe0000, 0x10000},
825 {"radio", 0xff0000, 0x10000},
826 {NULL, 0, 0}
827 },
828
829 .first_sysupgrade_partition = "os-image",
830 .last_sysupgrade_partition = "file-system",
831 },
832
833 /** Firmware layout for the RE350 v1 */
834 {
835 .id = "RE350-V1",
836 .vendor = "",
837 .support_list =
838 "SupportList:\n"
839 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
840 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
841 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
842 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
843 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
844 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
845 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
846 .support_trail = '\x00',
847 .soft_ver = NULL,
848
849 /**
850 The original os-image partition is too small,
851 so we enlarge it to 1.6M
852 */
853 .partitions = {
854 {"fs-uboot", 0x00000, 0x20000},
855 {"os-image", 0x20000, 0x1a0000},
856 {"file-system", 0x1c0000, 0x440000},
857 {"partition-table", 0x600000, 0x02000},
858 {"default-mac", 0x610000, 0x00020},
859 {"pin", 0x610100, 0x00020},
860 {"product-info", 0x611100, 0x01000},
861 {"soft-version", 0x620000, 0x01000},
862 {"support-list", 0x621000, 0x01000},
863 {"profile", 0x622000, 0x08000},
864 {"user-config", 0x630000, 0x10000},
865 {"default-config", 0x640000, 0x10000},
866 {"radio", 0x7f0000, 0x10000},
867 {NULL, 0, 0}
868 },
869
870 .first_sysupgrade_partition = "os-image",
871 .last_sysupgrade_partition = "file-system"
872 },
873
874 /** Firmware layout for the RE355 */
875 {
876 .id = "RE355",
877 .vendor = "",
878 .support_list =
879 "SupportList:\r\n"
880 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
881 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
882 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
883 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
884 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
885 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
886 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
887 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
888 .support_trail = '\x00',
889 .soft_ver = NULL,
890
891 /**
892 The flash partition table for RE355;
893 it is almost the same as the one used by the stock images,
894 576KB were moved from file-system to os-image.
895 */
896 .partitions = {
897 {"fs-uboot", 0x00000, 0x20000},
898 {"os-image", 0x20000, 0x180000},
899 {"file-system", 0x1a0000, 0x460000},
900 {"partition-table", 0x600000, 0x02000},
901 {"default-mac", 0x610000, 0x00020},
902 {"pin", 0x610100, 0x00020},
903 {"product-info", 0x611100, 0x01000},
904 {"soft-version", 0x620000, 0x01000},
905 {"support-list", 0x621000, 0x01000},
906 {"profile", 0x622000, 0x08000},
907 {"user-config", 0x630000, 0x10000},
908 {"default-config", 0x640000, 0x10000},
909 {"radio", 0x7f0000, 0x10000},
910 {NULL, 0, 0}
911 },
912
913 .first_sysupgrade_partition = "os-image",
914 .last_sysupgrade_partition = "file-system"
915 },
916
917 /** Firmware layout for the RE450 */
918 {
919 .id = "RE450",
920 .vendor = "",
921 .support_list =
922 "SupportList:\r\n"
923 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
924 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
925 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
926 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
927 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
928 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
929 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
930 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
931 .support_trail = '\x00',
932 .soft_ver = NULL,
933
934 /**
935 The flash partition table for RE450;
936 it is almost the same as the one used by the stock images,
937 576KB were moved from file-system to os-image.
938 */
939 .partitions = {
940 {"fs-uboot", 0x00000, 0x20000},
941 {"os-image", 0x20000, 0x180000},
942 {"file-system", 0x1a0000, 0x460000},
943 {"partition-table", 0x600000, 0x02000},
944 {"default-mac", 0x610000, 0x00020},
945 {"pin", 0x610100, 0x00020},
946 {"product-info", 0x611100, 0x01000},
947 {"soft-version", 0x620000, 0x01000},
948 {"support-list", 0x621000, 0x01000},
949 {"profile", 0x622000, 0x08000},
950 {"user-config", 0x630000, 0x10000},
951 {"default-config", 0x640000, 0x10000},
952 {"radio", 0x7f0000, 0x10000},
953 {NULL, 0, 0}
954 },
955
956 .first_sysupgrade_partition = "os-image",
957 .last_sysupgrade_partition = "file-system"
958 },
959
960 {}
961 };
962
963 #define error(_ret, _errno, _str, ...) \
964 do { \
965 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
966 strerror(_errno)); \
967 if (_ret) \
968 exit(_ret); \
969 } while (0)
970
971
972 /** Stores a uint32 as big endian */
973 static inline void put32(uint8_t *buf, uint32_t val) {
974 buf[0] = val >> 24;
975 buf[1] = val >> 16;
976 buf[2] = val >> 8;
977 buf[3] = val;
978 }
979
980 /** Allocates a new image partition */
981 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
982 struct image_partition_entry entry = {name, len, malloc(len)};
983 if (!entry.data)
984 error(1, errno, "malloc");
985
986 return entry;
987 }
988
989 /** Frees an image partition */
990 static void free_image_partition(struct image_partition_entry entry) {
991 free(entry.data);
992 }
993
994 static time_t source_date_epoch = -1;
995 static void set_source_date_epoch() {
996 char *env = getenv("SOURCE_DATE_EPOCH");
997 char *endptr = env;
998 errno = 0;
999 if (env && *env) {
1000 source_date_epoch = strtoull(env, &endptr, 10);
1001 if (errno || (endptr && *endptr != '\0')) {
1002 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1003 exit(1);
1004 }
1005 }
1006 }
1007
1008 /** Generates the partition-table partition */
1009 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1010 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1011
1012 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1013
1014 *(s++) = 0x00;
1015 *(s++) = 0x04;
1016 *(s++) = 0x00;
1017 *(s++) = 0x00;
1018
1019 size_t i;
1020 for (i = 0; p[i].name; i++) {
1021 size_t len = end-s;
1022 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1023
1024 if (w > len-1)
1025 error(1, 0, "flash partition table overflow?");
1026
1027 s += w;
1028 }
1029
1030 s++;
1031
1032 memset(s, 0xff, end-s);
1033
1034 return entry;
1035 }
1036
1037
1038 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1039 static inline uint8_t bcd(uint8_t v) {
1040 return 0x10 * (v/10) + v%10;
1041 }
1042
1043
1044 /** Generates the soft-version partition */
1045 static struct image_partition_entry make_soft_version(uint32_t rev) {
1046 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1047 struct soft_version *s = (struct soft_version *)entry.data;
1048
1049 time_t t;
1050
1051 if (source_date_epoch != -1)
1052 t = source_date_epoch;
1053 else if (time(&t) == (time_t)(-1))
1054 error(1, errno, "time");
1055
1056 struct tm *tm = localtime(&t);
1057
1058 s->magic = htonl(0x0000000c);
1059 s->zero = 0;
1060 s->pad1 = 0xff;
1061
1062 s->version_major = 0;
1063 s->version_minor = 0;
1064 s->version_patch = 0;
1065
1066 s->year_hi = bcd((1900+tm->tm_year)/100);
1067 s->year_lo = bcd(tm->tm_year%100);
1068 s->month = bcd(tm->tm_mon+1);
1069 s->day = bcd(tm->tm_mday);
1070 s->rev = htonl(rev);
1071
1072 s->pad2 = 0xff;
1073
1074 return entry;
1075 }
1076
1077 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1078 /** String length _including_ the terminating zero byte */
1079 uint32_t ver_len = strlen(soft_ver) + 1;
1080 /** Partition contains 64 bit header, the version string, and one additional null byte */
1081 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1082 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1083
1084 uint32_t *len = (uint32_t *)entry.data;
1085 len[0] = htonl(ver_len);
1086 len[1] = 0;
1087 memcpy(&len[2], soft_ver, ver_len);
1088
1089 entry.data[partition_len - 1] = 0;
1090
1091 return entry;
1092 }
1093
1094 /** Generates the support-list partition */
1095 static struct image_partition_entry make_support_list(const struct device_info *info) {
1096 size_t len = strlen(info->support_list);
1097 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1098
1099 put32(entry.data, len);
1100 memset(entry.data+4, 0, 4);
1101 memcpy(entry.data+8, info->support_list, len);
1102 entry.data[len+8] = info->support_trail;
1103
1104 return entry;
1105 }
1106
1107 /** Creates a new image partition with an arbitrary name from a file */
1108 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof) {
1109 struct stat statbuf;
1110
1111 if (stat(filename, &statbuf) < 0)
1112 error(1, errno, "unable to stat file `%s'", filename);
1113
1114 size_t len = statbuf.st_size;
1115
1116 if (add_jffs2_eof)
1117 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1118
1119 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1120
1121 FILE *file = fopen(filename, "rb");
1122 if (!file)
1123 error(1, errno, "unable to open file `%s'", filename);
1124
1125 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1126 error(1, errno, "unable to read file `%s'", filename);
1127
1128 if (add_jffs2_eof) {
1129 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1130
1131 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1132 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1133 }
1134
1135 fclose(file);
1136
1137 return entry;
1138 }
1139
1140 /** Creates a new image partition from arbitrary data */
1141 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1142
1143 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1144
1145 memcpy(entry.data, datain, len);
1146
1147 return entry;
1148 }
1149
1150 /**
1151 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1152
1153 Example image partition table:
1154
1155 fwup-ptn partition-table base 0x00800 size 0x00800
1156 fwup-ptn os-image base 0x01000 size 0x113b45
1157 fwup-ptn file-system base 0x114b45 size 0x1d0004
1158 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1159
1160 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1161 the end of the partition table is marked with a zero byte.
1162
1163 The firmware image must contain at least the partition-table and support-list partitions
1164 to be accepted. There aren't any alignment constraints for the image partitions.
1165
1166 The partition-table partition contains the actual flash layout; partitions
1167 from the image partition table are mapped to the corresponding flash partitions during
1168 the firmware upgrade. The support-list partition contains a list of devices supported by
1169 the firmware image.
1170
1171 The base offsets in the firmware partition table are relative to the end
1172 of the vendor information block, so the partition-table partition will
1173 actually start at offset 0x1814 of the image.
1174
1175 I think partition-table must be the first partition in the firmware image.
1176 */
1177 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1178 size_t i, j;
1179 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1180
1181 size_t base = 0x800;
1182 for (i = 0; parts[i].name; i++) {
1183 for (j = 0; flash_parts[j].name; j++) {
1184 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1185 if (parts[i].size > flash_parts[j].size)
1186 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1187 break;
1188 }
1189 }
1190
1191 assert(flash_parts[j].name);
1192
1193 memcpy(buffer + base, parts[i].data, parts[i].size);
1194
1195 size_t len = end-image_pt;
1196 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1197
1198 if (w > len-1)
1199 error(1, 0, "image partition table overflow?");
1200
1201 image_pt += w;
1202
1203 base += parts[i].size;
1204 }
1205 }
1206
1207 /** Generates and writes the image MD5 checksum */
1208 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1209 MD5_CTX ctx;
1210
1211 MD5_Init(&ctx);
1212 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1213 MD5_Update(&ctx, buffer, len);
1214 MD5_Final(md5, &ctx);
1215 }
1216
1217
1218 /**
1219 Generates the firmware image in factory format
1220
1221 Image format:
1222
1223 Bytes (hex) Usage
1224 ----------- -----
1225 0000-0003 Image size (4 bytes, big endian)
1226 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1227 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1228 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1229 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1230 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1231 1814-xxxx Firmware partitions
1232 */
1233 static void * generate_factory_image(const struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1234 *len = 0x1814;
1235
1236 size_t i;
1237 for (i = 0; parts[i].name; i++)
1238 *len += parts[i].size;
1239
1240 uint8_t *image = malloc(*len);
1241 if (!image)
1242 error(1, errno, "malloc");
1243
1244 memset(image, 0xff, *len);
1245 put32(image, *len);
1246
1247 if (info->vendor) {
1248 size_t vendor_len = strlen(info->vendor);
1249 put32(image+0x14, vendor_len);
1250 memcpy(image+0x18, info->vendor, vendor_len);
1251 }
1252
1253 put_partitions(image + 0x1014, info->partitions, parts);
1254 put_md5(image+0x04, image+0x14, *len-0x14);
1255
1256 return image;
1257 }
1258
1259 /**
1260 Generates the firmware image in sysupgrade format
1261
1262 This makes some assumptions about the provided flash and image partition tables and
1263 should be generalized when TP-LINK starts building its safeloader into hardware with
1264 different flash layouts.
1265 */
1266 static void * generate_sysupgrade_image(const struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1267 size_t i, j;
1268 size_t flash_first_partition_index = 0;
1269 size_t flash_last_partition_index = 0;
1270 const struct flash_partition_entry *flash_first_partition = NULL;
1271 const struct flash_partition_entry *flash_last_partition = NULL;
1272 const struct image_partition_entry *image_last_partition = NULL;
1273
1274 /** Find first and last partitions */
1275 for (i = 0; info->partitions[i].name; i++) {
1276 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1277 flash_first_partition = &info->partitions[i];
1278 flash_first_partition_index = i;
1279 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1280 flash_last_partition = &info->partitions[i];
1281 flash_last_partition_index = i;
1282 }
1283 }
1284
1285 assert(flash_first_partition && flash_last_partition);
1286 assert(flash_first_partition_index < flash_last_partition_index);
1287
1288 /** Find last partition from image to calculate needed size */
1289 for (i = 0; image_parts[i].name; i++) {
1290 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1291 image_last_partition = &image_parts[i];
1292 break;
1293 }
1294 }
1295
1296 assert(image_last_partition);
1297
1298 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1299
1300 uint8_t *image = malloc(*len);
1301 if (!image)
1302 error(1, errno, "malloc");
1303
1304 memset(image, 0xff, *len);
1305
1306 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1307 for (j = 0; image_parts[j].name; j++) {
1308 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1309 if (image_parts[j].size > info->partitions[i].size)
1310 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1311 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1312 break;
1313 }
1314
1315 assert(image_parts[j].name);
1316 }
1317 }
1318
1319 return image;
1320 }
1321
1322 /** Generates an image according to a given layout and writes it to a file */
1323 static void build_image(const char *output,
1324 const char *kernel_image,
1325 const char *rootfs_image,
1326 uint32_t rev,
1327 bool add_jffs2_eof,
1328 bool sysupgrade,
1329 const struct device_info *info) {
1330
1331 struct image_partition_entry parts[7] = {};
1332
1333 parts[0] = make_partition_table(info->partitions);
1334 if (info->soft_ver)
1335 parts[1] = make_soft_version_from_string(info->soft_ver);
1336 else
1337 parts[1] = make_soft_version(rev);
1338
1339 parts[2] = make_support_list(info);
1340 parts[3] = read_file("os-image", kernel_image, false);
1341 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof);
1342
1343 /* Some devices need the extra-para partition to accept the firmware */
1344 if (strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1345 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1346 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1347 parts[5] = put_data("extra-para", mdat, 11);
1348 } else if (strcasecmp(info->id, "ARCHER-C7-V4") == 0) {
1349 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1350 parts[5] = put_data("extra-para", mdat, 11);
1351 }
1352
1353 size_t len;
1354 void *image;
1355 if (sysupgrade)
1356 image = generate_sysupgrade_image(info, parts, &len);
1357 else
1358 image = generate_factory_image(info, parts, &len);
1359
1360 FILE *file = fopen(output, "wb");
1361 if (!file)
1362 error(1, errno, "unable to open output file");
1363
1364 if (fwrite(image, len, 1, file) != 1)
1365 error(1, 0, "unable to write output file");
1366
1367 fclose(file);
1368
1369 free(image);
1370
1371 size_t i;
1372 for (i = 0; parts[i].name; i++)
1373 free_image_partition(parts[i]);
1374 }
1375
1376 /** Usage output */
1377 static void usage(const char *argv0) {
1378 fprintf(stderr,
1379 "Usage: %s [OPTIONS...]\n"
1380 "\n"
1381 "Options:\n"
1382 " -B <board> create image for the board specified with <board>\n"
1383 " -k <file> read kernel image from the file <file>\n"
1384 " -r <file> read rootfs image from the file <file>\n"
1385 " -o <file> write output to the file <file>\n"
1386 " -V <rev> sets the revision number to <rev>\n"
1387 " -j add jffs2 end-of-filesystem markers\n"
1388 " -S create sysupgrade instead of factory image\n"
1389 " -h show this help\n",
1390 argv0
1391 );
1392 };
1393
1394
1395 static const struct device_info *find_board(const char *id)
1396 {
1397 struct device_info *board = NULL;
1398
1399 for (board = boards; board->id != NULL; board++)
1400 if (strcasecmp(id, board->id) == 0)
1401 return board;
1402
1403 return NULL;
1404 }
1405
1406 int main(int argc, char *argv[]) {
1407 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
1408 bool add_jffs2_eof = false, sysupgrade = false;
1409 unsigned rev = 0;
1410 const struct device_info *info;
1411 set_source_date_epoch();
1412
1413 while (true) {
1414 int c;
1415
1416 c = getopt(argc, argv, "B:k:r:o:V:jSh");
1417 if (c == -1)
1418 break;
1419
1420 switch (c) {
1421 case 'B':
1422 board = optarg;
1423 break;
1424
1425 case 'k':
1426 kernel_image = optarg;
1427 break;
1428
1429 case 'r':
1430 rootfs_image = optarg;
1431 break;
1432
1433 case 'o':
1434 output = optarg;
1435 break;
1436
1437 case 'V':
1438 sscanf(optarg, "r%u", &rev);
1439 break;
1440
1441 case 'j':
1442 add_jffs2_eof = true;
1443 break;
1444
1445 case 'S':
1446 sysupgrade = true;
1447 break;
1448
1449 case 'h':
1450 usage(argv[0]);
1451 return 0;
1452
1453 default:
1454 usage(argv[0]);
1455 return 1;
1456 }
1457 }
1458
1459 if (!board)
1460 error(1, 0, "no board has been specified");
1461 if (!kernel_image)
1462 error(1, 0, "no kernel image has been specified");
1463 if (!rootfs_image)
1464 error(1, 0, "no rootfs image has been specified");
1465 if (!output)
1466 error(1, 0, "no output filename has been specified");
1467
1468 info = find_board(board);
1469
1470 if (info == NULL)
1471 error(1, 0, "unsupported board %s", board);
1472
1473 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
1474
1475 return 0;
1476 }
OpenWrt Source Repository