projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ath79: Add support for TP-Link CPE210 v3
[openwrt/openwrt.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <limits.h>
50
51 #include "md5.h"
52
53
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
55
56
57 #define MAX_PARTITIONS 32
58
59 /** An image partition table entry */
60 struct image_partition_entry {
61 const char *name;
62 size_t size;
63 uint8_t *data;
64 };
65
66 /** A flash partition table entry */
67 struct flash_partition_entry {
68 char *name;
69 uint32_t base;
70 uint32_t size;
71 };
72
73 /** Firmware layout description */
74 struct device_info {
75 const char *id;
76 const char *vendor;
77 const char *support_list;
78 char support_trail;
79 const char *soft_ver;
80 struct flash_partition_entry partitions[MAX_PARTITIONS+1];
81 const char *first_sysupgrade_partition;
82 const char *last_sysupgrade_partition;
83 };
84
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__)) soft_version {
87 uint32_t magic;
88 uint32_t zero;
89 uint8_t pad1;
90 uint8_t version_major;
91 uint8_t version_minor;
92 uint8_t version_patch;
93 uint8_t year_hi;
94 uint8_t year_lo;
95 uint8_t month;
96 uint8_t day;
97 uint32_t rev;
98 uint8_t pad2;
99 };
100
101
102 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
103
104
105 /**
106 Salt for the MD5 hash
107
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
110 */
111 static const uint8_t md5_salt[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
116 };
117
118
119 /** Firmware layout table */
120 static struct device_info boards[] = {
121 /** Firmware layout for the CPE210/220 */
122 {
123 .id = "CPE210",
124 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
125 .support_list =
126 "SupportList:\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail = '\xff',
135 .soft_ver = NULL,
136
137 .partitions = {
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
151 {NULL, 0, 0}
152 },
153
154 .first_sysupgrade_partition = "os-image",
155 .last_sysupgrade_partition = "support-list",
156 },
157
158 /** Firmware layout for the CPE210 V2 */
159 {
160 .id = "CPE210V2",
161 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
162 .support_list =
163 "SupportList:\r\n"
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail = '\xff',
175 .soft_ver = NULL,
176
177 .partitions = {
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"firmware", 0x40000, 0x770000},
186 {"soft-version", 0x7b0000, 0x00100},
187 {"support-list", 0x7b1000, 0x01000},
188 {"user-config", 0x7c0000, 0x10000},
189 {"default-config", 0x7d0000, 0x10000},
190 {"log", 0x7e0000, 0x10000},
191 {"radio", 0x7f0000, 0x10000},
192 {NULL, 0, 0}
193 },
194
195 .first_sysupgrade_partition = "os-image",
196 .last_sysupgrade_partition = "support-list",
197 },
198
199 /** Firmware layout for the CPE210 V3 */
200 {
201 .id = "CPE210V3",
202 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n",
203 .support_list =
204 "SupportList:\r\n"
205 "CPE210(TP-LINK|EU|N300-2|45550000):3.0\r\n"
206 "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n"
207 "CPE210(TP-LINK|UN|N300-2):3.0\r\n"
208 "CPE210(TP-LINK|EU|N300-2):3.0\r\n",
209 .support_trail = '\xff',
210 .soft_ver = NULL,
211
212 .partitions = {
213 {"fs-uboot", 0x00000, 0x20000},
214 {"partition-table", 0x20000, 0x01000},
215 {"default-mac", 0x30000, 0x00020},
216 {"product-info", 0x31100, 0x00100},
217 {"device-info", 0x31400, 0x00400},
218 {"signature", 0x32000, 0x00400},
219 {"device-id", 0x33000, 0x00100},
220 {"firmware", 0x40000, 0x770000},
221 {"soft-version", 0x7b0000, 0x00100},
222 {"support-list", 0x7b1000, 0x01000},
223 {"user-config", 0x7c0000, 0x10000},
224 {"default-config", 0x7d0000, 0x10000},
225 {"log", 0x7e0000, 0x10000},
226 {"radio", 0x7f0000, 0x10000},
227 {NULL, 0, 0}
228 },
229
230 .first_sysupgrade_partition = "os-image",
231 .last_sysupgrade_partition = "support-list",
232 },
233
234 /** Firmware layout for the CPE510/520 */
235 {
236 .id = "CPE510",
237 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
238 .support_list =
239 "SupportList:\r\n"
240 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
241 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
242 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
243 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
244 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
245 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
246 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
247 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
248 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
249 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
250 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
251 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
252 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
253 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
254 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
255 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
256 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
257 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
258 .support_trail = '\xff',
259 .soft_ver = NULL,
260
261 .partitions = {
262 {"fs-uboot", 0x00000, 0x20000},
263 {"partition-table", 0x20000, 0x02000},
264 {"default-mac", 0x30000, 0x00020},
265 {"product-info", 0x31100, 0x00100},
266 {"signature", 0x32000, 0x00400},
267 {"os-image", 0x40000, 0x1c0000},
268 {"file-system", 0x200000, 0x5b0000},
269 {"soft-version", 0x7b0000, 0x00100},
270 {"support-list", 0x7b1000, 0x00400},
271 {"user-config", 0x7c0000, 0x10000},
272 {"default-config", 0x7d0000, 0x10000},
273 {"log", 0x7e0000, 0x10000},
274 {"radio", 0x7f0000, 0x10000},
275 {NULL, 0, 0}
276 },
277
278 .first_sysupgrade_partition = "os-image",
279 .last_sysupgrade_partition = "support-list",
280 },
281
282 {
283 .id = "WBS210",
284 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
285 .support_list =
286 "SupportList:\r\n"
287 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
288 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
289 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
290 .support_trail = '\xff',
291 .soft_ver = NULL,
292
293 .partitions = {
294 {"fs-uboot", 0x00000, 0x20000},
295 {"partition-table", 0x20000, 0x02000},
296 {"default-mac", 0x30000, 0x00020},
297 {"product-info", 0x31100, 0x00100},
298 {"signature", 0x32000, 0x00400},
299 {"os-image", 0x40000, 0x1c0000},
300 {"file-system", 0x200000, 0x5b0000},
301 {"soft-version", 0x7b0000, 0x00100},
302 {"support-list", 0x7b1000, 0x00400},
303 {"user-config", 0x7c0000, 0x10000},
304 {"default-config", 0x7d0000, 0x10000},
305 {"log", 0x7e0000, 0x10000},
306 {"radio", 0x7f0000, 0x10000},
307 {NULL, 0, 0}
308 },
309
310 .first_sysupgrade_partition = "os-image",
311 .last_sysupgrade_partition = "support-list",
312 },
313
314 {
315 .id = "WBS510",
316 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
317 .support_list =
318 "SupportList:\r\n"
319 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
320 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
321 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
322 .support_trail = '\xff',
323 .soft_ver = NULL,
324
325 .partitions = {
326 {"fs-uboot", 0x00000, 0x20000},
327 {"partition-table", 0x20000, 0x02000},
328 {"default-mac", 0x30000, 0x00020},
329 {"product-info", 0x31100, 0x00100},
330 {"signature", 0x32000, 0x00400},
331 {"os-image", 0x40000, 0x1c0000},
332 {"file-system", 0x200000, 0x5b0000},
333 {"soft-version", 0x7b0000, 0x00100},
334 {"support-list", 0x7b1000, 0x00400},
335 {"user-config", 0x7c0000, 0x10000},
336 {"default-config", 0x7d0000, 0x10000},
337 {"log", 0x7e0000, 0x10000},
338 {"radio", 0x7f0000, 0x10000},
339 {NULL, 0, 0}
340 },
341
342 .first_sysupgrade_partition = "os-image",
343 .last_sysupgrade_partition = "support-list",
344 },
345
346 /** Firmware layout for the C2600 */
347 {
348 .id = "C2600",
349 .vendor = "",
350 .support_list =
351 "SupportList:\r\n"
352 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
353 .support_trail = '\x00',
354 .soft_ver = NULL,
355
356 /**
357 We use a bigger os-image partition than the stock images (and thus
358 smaller file-system), as our kernel doesn't fit in the stock firmware's
359 2 MB os-image since kernel 4.14.
360 */
361 .partitions = {
362 {"SBL1", 0x00000, 0x20000},
363 {"MIBIB", 0x20000, 0x20000},
364 {"SBL2", 0x40000, 0x20000},
365 {"SBL3", 0x60000, 0x30000},
366 {"DDRCONFIG", 0x90000, 0x10000},
367 {"SSD", 0xa0000, 0x10000},
368 {"TZ", 0xb0000, 0x30000},
369 {"RPM", 0xe0000, 0x20000},
370 {"fs-uboot", 0x100000, 0x70000},
371 {"uboot-env", 0x170000, 0x40000},
372 {"radio", 0x1b0000, 0x40000},
373 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
374 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
375 {"default-mac", 0x1ef0000, 0x00200},
376 {"pin", 0x1ef0200, 0x00200},
377 {"product-info", 0x1ef0400, 0x0fc00},
378 {"partition-table", 0x1f00000, 0x10000},
379 {"soft-version", 0x1f10000, 0x10000},
380 {"support-list", 0x1f20000, 0x10000},
381 {"profile", 0x1f30000, 0x10000},
382 {"default-config", 0x1f40000, 0x10000},
383 {"user-config", 0x1f50000, 0x40000},
384 {"qos-db", 0x1f90000, 0x40000},
385 {"usb-config", 0x1fd0000, 0x10000},
386 {"log", 0x1fe0000, 0x20000},
387 {NULL, 0, 0}
388 },
389
390 .first_sysupgrade_partition = "os-image",
391 .last_sysupgrade_partition = "file-system"
392 },
393
394 /** Firmware layout for the A7-V5 */
395 {
396 .id = "ARCHER-A7-V5",
397 .support_list =
398 "SupportList:\n"
399 "{product_name:Archer A7,product_ver:5.0.0,special_id:45550000}\n"
400 "{product_name:Archer A7,product_ver:5.0.0,special_id:55530000}\n"
401 "{product_name:Archer A7,product_ver:5.0.0,special_id:43410000}\n"
402 "{product_name:Archer A7,product_ver:5.0.0,special_id:4A500000}\n"
403 "{product_name:Archer A7,product_ver:5.0.0,special_id:54570000}\n",
404 .support_trail = '\x00',
405 .soft_ver = "soft_ver:1.0.0\n",
406
407 /* We're using a dynamic kernel/rootfs split here */
408 .partitions = {
409 {"factory-boot", 0x00000, 0x20000},
410 {"fs-uboot", 0x20000, 0x20000},
411 {"firmware", 0x40000, 0xec0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
412 /* Stock: name file-system base 0x160000 size 0xda0000 */
413 {"default-mac", 0xf40000, 0x00200},
414 {"pin", 0xf40200, 0x00200},
415 {"device-id", 0xf40400, 0x00100},
416 {"product-info", 0xf40500, 0x0fb00},
417 {"soft-version", 0xf50000, 0x00100},
418 {"extra-para", 0xf51000, 0x01000},
419 {"support-list", 0xf52000, 0x0a000},
420 {"profile", 0xf5c000, 0x04000},
421 {"default-config", 0xf60000, 0x10000},
422 {"user-config", 0xf70000, 0x40000},
423 {"certificate", 0xfb0000, 0x10000},
424 {"partition-table", 0xfc0000, 0x10000},
425 {"log", 0xfd0000, 0x20000},
426 {"radio", 0xff0000, 0x10000},
427 {NULL, 0, 0}
428 },
429
430 .first_sysupgrade_partition = "os-image",
431 .last_sysupgrade_partition = "file-system",
432 },
433
434 /** Firmware layout for the C2v3 */
435 {
436 .id = "ARCHER-C2-V3",
437 .support_list =
438 "SupportList:\n"
439 "{product_name:ArcherC2,product_ver:3.0.0,special_id:00000000}\n"
440 "{product_name:ArcherC2,product_ver:3.0.0,special_id:55530000}\n"
441 "{product_name:ArcherC2,product_ver:3.0.0,special_id:45550000}\n",
442 .support_trail = '\x00',
443 .soft_ver = "soft_ver:3.0.1\n",
444
445 /** We're using a dynamic kernel/rootfs split here */
446
447 .partitions = {
448 {"factory-boot", 0x00000, 0x20000},
449 {"fs-uboot", 0x20000, 0x10000},
450 {"firmware", 0x30000, 0x7a0000},
451 {"user-config", 0x7d0000, 0x04000},
452 {"default-mac", 0x7e0000, 0x00100},
453 {"device-id", 0x7e0100, 0x00100},
454 {"extra-para", 0x7e0200, 0x00100},
455 {"pin", 0x7e0300, 0x00100},
456 {"support-list", 0x7e0400, 0x00400},
457 {"soft-version", 0x7e0800, 0x00400},
458 {"product-info", 0x7e0c00, 0x01400},
459 {"partition-table", 0x7e2000, 0x01000},
460 {"profile", 0x7e3000, 0x01000},
461 {"default-config", 0x7e4000, 0x04000},
462 {"merge-config", 0x7ec000, 0x02000},
463 {"qos-db", 0x7ee000, 0x02000},
464 {"radio", 0x7f0000, 0x10000},
465 {NULL, 0, 0}
466 },
467
468 .first_sysupgrade_partition = "os-image",
469 .last_sysupgrade_partition = "file-system",
470 },
471
472 /** Firmware layout for the C25v1 */
473 {
474 .id = "ARCHER-C25-V1",
475 .support_list =
476 "SupportList:\n"
477 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
478 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
479 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
480 .support_trail = '\x00',
481 .soft_ver = "soft_ver:1.0.0\n",
482
483 /* We're using a dynamic kernel/rootfs split here */
484 .partitions = {
485 {"factory-boot", 0x00000, 0x20000},
486 {"fs-uboot", 0x20000, 0x10000},
487 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
488 /* Stock: name file-system base 0x130000 size 0x6a0000 */
489 {"user-config", 0x7d0000, 0x04000},
490 {"default-mac", 0x7e0000, 0x00100},
491 {"device-id", 0x7e0100, 0x00100},
492 {"extra-para", 0x7e0200, 0x00100},
493 {"pin", 0x7e0300, 0x00100},
494 {"support-list", 0x7e0400, 0x00400},
495 {"soft-version", 0x7e0800, 0x00400},
496 {"product-info", 0x7e0c00, 0x01400},
497 {"partition-table", 0x7e2000, 0x01000},
498 {"profile", 0x7e3000, 0x01000},
499 {"default-config", 0x7e4000, 0x04000},
500 {"merge-config", 0x7ec000, 0x02000},
501 {"qos-db", 0x7ee000, 0x02000},
502 {"radio", 0x7f0000, 0x10000},
503 {NULL, 0, 0}
504 },
505
506 .first_sysupgrade_partition = "os-image",
507 .last_sysupgrade_partition = "file-system",
508 },
509
510 /** Firmware layout for the C58v1 */
511 {
512 .id = "ARCHER-C58-V1",
513 .vendor = "",
514 .support_list =
515 "SupportList:\r\n"
516 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
517 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
518 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
519 .support_trail = '\x00',
520 .soft_ver = "soft_ver:1.0.0\n",
521
522 .partitions = {
523 {"fs-uboot", 0x00000, 0x10000},
524 {"default-mac", 0x10000, 0x00200},
525 {"pin", 0x10200, 0x00200},
526 {"product-info", 0x10400, 0x00100},
527 {"partition-table", 0x10500, 0x00800},
528 {"soft-version", 0x11300, 0x00200},
529 {"support-list", 0x11500, 0x00100},
530 {"device-id", 0x11600, 0x00100},
531 {"profile", 0x11700, 0x03900},
532 {"default-config", 0x15000, 0x04000},
533 {"user-config", 0x19000, 0x04000},
534 {"firmware", 0x20000, 0x7c8000},
535 {"certyficate", 0x7e8000, 0x08000},
536 {"radio", 0x7f0000, 0x10000},
537 {NULL, 0, 0}
538 },
539
540 .first_sysupgrade_partition = "os-image",
541 .last_sysupgrade_partition = "file-system",
542 },
543
544 /** Firmware layout for the C59v1 */
545 {
546 .id = "ARCHER-C59-V1",
547 .vendor = "",
548 .support_list =
549 "SupportList:\r\n"
550 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
551 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
552 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
553 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
554 .support_trail = '\x00',
555 .soft_ver = "soft_ver:1.0.0\n",
556
557 /* We're using a dynamic kernel/rootfs split here */
558 .partitions = {
559 {"fs-uboot", 0x00000, 0x10000},
560 {"default-mac", 0x10000, 0x00200},
561 {"pin", 0x10200, 0x00200},
562 {"device-id", 0x10400, 0x00100},
563 {"product-info", 0x10500, 0x0fb00},
564 {"firmware", 0x20000, 0xe30000},
565 {"partition-table", 0xe50000, 0x10000},
566 {"soft-version", 0xe60000, 0x10000},
567 {"support-list", 0xe70000, 0x10000},
568 {"profile", 0xe80000, 0x10000},
569 {"default-config", 0xe90000, 0x10000},
570 {"user-config", 0xea0000, 0x40000},
571 {"usb-config", 0xee0000, 0x10000},
572 {"certificate", 0xef0000, 0x10000},
573 {"qos-db", 0xf00000, 0x40000},
574 {"log", 0xfe0000, 0x10000},
575 {"radio", 0xff0000, 0x10000},
576 {NULL, 0, 0}
577 },
578
579 .first_sysupgrade_partition = "os-image",
580 .last_sysupgrade_partition = "file-system",
581 },
582
583 /** Firmware layout for the C59v2 */
584 {
585 .id = "ARCHER-C59-V2",
586 .vendor = "",
587 .support_list =
588 "SupportList:\r\n"
589 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
590 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
591 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
592 .support_trail = '\x00',
593 .soft_ver = "soft_ver:2.0.0 Build 20161206 rel.7303\n",
594
595 /** We're using a dynamic kernel/rootfs split here */
596 .partitions = {
597 {"factory-boot", 0x00000, 0x20000},
598 {"fs-uboot", 0x20000, 0x10000},
599 {"default-mac", 0x30000, 0x00200},
600 {"pin", 0x30200, 0x00200},
601 {"device-id", 0x30400, 0x00100},
602 {"product-info", 0x30500, 0x0fb00},
603 {"firmware", 0x40000, 0xe10000},
604 {"partition-table", 0xe50000, 0x10000},
605 {"soft-version", 0xe60000, 0x10000},
606 {"support-list", 0xe70000, 0x10000},
607 {"profile", 0xe80000, 0x10000},
608 {"default-config", 0xe90000, 0x10000},
609 {"user-config", 0xea0000, 0x40000},
610 {"usb-config", 0xee0000, 0x10000},
611 {"certificate", 0xef0000, 0x10000},
612 {"extra-para", 0xf00000, 0x10000},
613 {"qos-db", 0xf10000, 0x30000},
614 {"log", 0xfe0000, 0x10000},
615 {"radio", 0xff0000, 0x10000},
616 {NULL, 0, 0}
617 },
618
619 .first_sysupgrade_partition = "os-image",
620 .last_sysupgrade_partition = "file-system",
621 },
622
623 /** Firmware layout for the C6v2 */
624 {
625 .id = "ARCHER-C6-V2",
626 .vendor = "",
627 .support_list =
628 "SupportList:\r\n"
629 "{product_name:Archer C6,product_ver:2.0.0,special_id:45550000}\r\n"
630 "{product_name:Archer C6,product_ver:2.0.0,special_id:52550000}\r\n"
631 "{product_name:Archer C6,product_ver:2.0.0,special_id:4A500000}\r\n",
632 .support_trail = '\x00',
633 .soft_ver = "soft_ver:1.0.0\n",
634
635 .partitions = {
636 {"fs-uboot", 0x00000, 0x20000},
637 {"default-mac", 0x20000, 0x00200},
638 {"pin", 0x20200, 0x00100},
639 {"product-info", 0x20300, 0x00200},
640 {"device-id", 0x20500, 0x0fb00},
641 {"firmware", 0x30000, 0x7a9400},
642 {"soft-version", 0x7d9400, 0x00100},
643 {"extra-para", 0x7d9500, 0x00100},
644 {"support-list", 0x7d9600, 0x00200},
645 {"profile", 0x7d9800, 0x03000},
646 {"default-config", 0x7dc800, 0x03000},
647 {"partition-table", 0x7df800, 0x00800},
648 {"user-config", 0x7e0000, 0x0c000},
649 {"certificate", 0x7ec000, 0x04000},
650 {"radio", 0x7f0000, 0x10000},
651 {NULL, 0, 0}
652 },
653
654 .first_sysupgrade_partition = "os-image",
655 .last_sysupgrade_partition = "file-system",
656 },
657
658
659 /** Firmware layout for the C60v1 */
660 {
661 .id = "ARCHER-C60-V1",
662 .vendor = "",
663 .support_list =
664 "SupportList:\r\n"
665 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
666 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
667 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
668 .support_trail = '\x00',
669 .soft_ver = "soft_ver:1.0.0\n",
670
671 .partitions = {
672 {"fs-uboot", 0x00000, 0x10000},
673 {"default-mac", 0x10000, 0x00200},
674 {"pin", 0x10200, 0x00200},
675 {"product-info", 0x10400, 0x00100},
676 {"partition-table", 0x10500, 0x00800},
677 {"soft-version", 0x11300, 0x00200},
678 {"support-list", 0x11500, 0x00100},
679 {"device-id", 0x11600, 0x00100},
680 {"profile", 0x11700, 0x03900},
681 {"default-config", 0x15000, 0x04000},
682 {"user-config", 0x19000, 0x04000},
683 {"firmware", 0x20000, 0x7c8000},
684 {"certyficate", 0x7e8000, 0x08000},
685 {"radio", 0x7f0000, 0x10000},
686 {NULL, 0, 0}
687 },
688
689 .first_sysupgrade_partition = "os-image",
690 .last_sysupgrade_partition = "file-system",
691 },
692
693 /** Firmware layout for the C60v2 */
694 {
695 .id = "ARCHER-C60-V2",
696 .vendor = "",
697 .support_list =
698 "SupportList:\r\n"
699 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
700 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
701 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
702 .support_trail = '\x00',
703 .soft_ver = "soft_ver:2.0.0\n",
704
705 .partitions = {
706 {"factory-boot", 0x00000, 0x1fb00},
707 {"default-mac", 0x1fb00, 0x00200},
708 {"pin", 0x1fd00, 0x00100},
709 {"product-info", 0x1fe00, 0x00100},
710 {"device-id", 0x1ff00, 0x00100},
711 {"fs-uboot", 0x20000, 0x10000},
712 {"firmware", 0x30000, 0x7a0000},
713 {"soft-version", 0x7d9500, 0x00100},
714 {"support-list", 0x7d9600, 0x00100},
715 {"extra-para", 0x7d9700, 0x00100},
716 {"profile", 0x7d9800, 0x03000},
717 {"default-config", 0x7dc800, 0x03000},
718 {"partition-table", 0x7df800, 0x00800},
719 {"user-config", 0x7e0000, 0x0c000},
720 {"certificate", 0x7ec000, 0x04000},
721 {"radio", 0x7f0000, 0x10000},
722 {NULL, 0, 0}
723 },
724
725 .first_sysupgrade_partition = "os-image",
726 .last_sysupgrade_partition = "file-system",
727 },
728
729 /** Firmware layout for the C5 */
730 {
731 .id = "ARCHER-C5-V2",
732 .vendor = "",
733 .support_list =
734 "SupportList:\r\n"
735 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
736 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
737 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
738 .support_trail = '\x00',
739 .soft_ver = NULL,
740
741 .partitions = {
742 {"fs-uboot", 0x00000, 0x40000},
743 {"os-image", 0x40000, 0x200000},
744 {"file-system", 0x240000, 0xc00000},
745 {"default-mac", 0xe40000, 0x00200},
746 {"pin", 0xe40200, 0x00200},
747 {"product-info", 0xe40400, 0x00200},
748 {"partition-table", 0xe50000, 0x10000},
749 {"soft-version", 0xe60000, 0x00200},
750 {"support-list", 0xe61000, 0x0f000},
751 {"profile", 0xe70000, 0x10000},
752 {"default-config", 0xe80000, 0x10000},
753 {"user-config", 0xe90000, 0x50000},
754 {"log", 0xee0000, 0x100000},
755 {"radio_bk", 0xfe0000, 0x10000},
756 {"radio", 0xff0000, 0x10000},
757 {NULL, 0, 0}
758 },
759
760 .first_sysupgrade_partition = "os-image",
761 .last_sysupgrade_partition = "file-system"
762 },
763
764 /** Firmware layout for the C7 */
765 {
766 .id = "ARCHER-C7-V4",
767 .support_list =
768 "SupportList:\n"
769 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
770 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
771 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
772 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
773 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
774 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
775 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
776 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
777 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
778 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
779 .support_trail = '\x00',
780 .soft_ver = "soft_ver:1.0.0\n",
781
782 /* We're using a dynamic kernel/rootfs split here */
783 .partitions = {
784 {"factory-boot", 0x00000, 0x20000},
785 {"fs-uboot", 0x20000, 0x20000},
786 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
787 /* Stock: name file-system base 0x160000 size 0xda0000 */
788 {"default-mac", 0xf00000, 0x00200},
789 {"pin", 0xf00200, 0x00200},
790 {"device-id", 0xf00400, 0x00100},
791 {"product-info", 0xf00500, 0x0fb00},
792 {"soft-version", 0xf10000, 0x00100},
793 {"extra-para", 0xf11000, 0x01000},
794 {"support-list", 0xf12000, 0x0a000},
795 {"profile", 0xf1c000, 0x04000},
796 {"default-config", 0xf20000, 0x10000},
797 {"user-config", 0xf30000, 0x40000},
798 {"qos-db", 0xf70000, 0x40000},
799 {"certificate", 0xfb0000, 0x10000},
800 {"partition-table", 0xfc0000, 0x10000},
801 {"log", 0xfd0000, 0x20000},
802 {"radio", 0xff0000, 0x10000},
803 {NULL, 0, 0}
804 },
805
806 .first_sysupgrade_partition = "os-image",
807 .last_sysupgrade_partition = "file-system",
808 },
809
810 /** Firmware layout for the C7 v5*/
811 {
812 .id = "ARCHER-C7-V5",
813 .support_list =
814 "SupportList:\n"
815 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
816 "{product_name:Archer C7,product_ver:5.0.0,special_id:45550000}\n"
817 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n"
818 "{product_name:Archer C7,product_ver:5.0.0,special_id:43410000}\n"
819 "{product_name:Archer C7,product_ver:5.0.0,special_id:4A500000}\n"
820 "{product_name:Archer C7,product_ver:5.0.0,special_id:54570000}\n"
821 "{product_name:Archer C7,product_ver:5.0.0,special_id:52550000}\n",
822
823 .support_trail = '\x00',
824 .soft_ver = "soft_ver:1.0.0\n",
825
826 /* We're using a dynamic kernel/rootfs split here */
827 .partitions = {
828 {"factory-boot", 0x00000, 0x20000},
829 {"fs-uboot", 0x20000, 0x20000},
830 {"partition-table", 0x40000, 0x10000},
831 {"radio", 0x50000, 0x10000},
832 {"default-mac", 0x60000, 0x00200},
833 {"pin", 0x60200, 0x00200},
834 {"device-id", 0x60400, 0x00100},
835 {"product-info", 0x60500, 0x0fb00},
836 {"soft-version", 0x70000, 0x01000},
837 {"extra-para", 0x71000, 0x01000},
838 {"support-list", 0x72000, 0x0a000},
839 {"profile", 0x7c000, 0x04000},
840 {"user-config", 0x80000, 0x40000},
841
842
843 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
844 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
845
846 {"log", 0xfc0000, 0x20000},
847 {"certificate", 0xfe0000, 0x10000},
848 {"default-config", 0xff0000, 0x10000},
849 {NULL, 0, 0}
850
851 },
852
853 .first_sysupgrade_partition = "os-image",
854 .last_sysupgrade_partition = "file-system",
855 },
856
857 /** Firmware layout for the C9 */
858 {
859 .id = "ARCHERC9",
860 .vendor = "",
861 .support_list =
862 "SupportList:\n"
863 "{product_name:ArcherC9,"
864 "product_ver:1.0.0,"
865 "special_id:00000000}\n",
866 .support_trail = '\x00',
867 .soft_ver = NULL,
868
869 .partitions = {
870 {"fs-uboot", 0x00000, 0x40000},
871 {"os-image", 0x40000, 0x200000},
872 {"file-system", 0x240000, 0xc00000},
873 {"default-mac", 0xe40000, 0x00200},
874 {"pin", 0xe40200, 0x00200},
875 {"product-info", 0xe40400, 0x00200},
876 {"partition-table", 0xe50000, 0x10000},
877 {"soft-version", 0xe60000, 0x00200},
878 {"support-list", 0xe61000, 0x0f000},
879 {"profile", 0xe70000, 0x10000},
880 {"default-config", 0xe80000, 0x10000},
881 {"user-config", 0xe90000, 0x50000},
882 {"log", 0xee0000, 0x100000},
883 {"radio_bk", 0xfe0000, 0x10000},
884 {"radio", 0xff0000, 0x10000},
885 {NULL, 0, 0}
886 },
887
888 .first_sysupgrade_partition = "os-image",
889 .last_sysupgrade_partition = "file-system"
890 },
891
892 /** Firmware layout for the EAP120 */
893 {
894 .id = "EAP120",
895 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
896 .support_list =
897 "SupportList:\r\n"
898 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
899 .support_trail = '\xff',
900 .soft_ver = NULL,
901
902 .partitions = {
903 {"fs-uboot", 0x00000, 0x20000},
904 {"partition-table", 0x20000, 0x02000},
905 {"default-mac", 0x30000, 0x00020},
906 {"support-list", 0x31000, 0x00100},
907 {"product-info", 0x31100, 0x00100},
908 {"soft-version", 0x32000, 0x00100},
909 {"os-image", 0x40000, 0x180000},
910 {"file-system", 0x1c0000, 0x600000},
911 {"user-config", 0x7c0000, 0x10000},
912 {"backup-config", 0x7d0000, 0x10000},
913 {"log", 0x7e0000, 0x10000},
914 {"radio", 0x7f0000, 0x10000},
915 {NULL, 0, 0}
916 },
917
918 .first_sysupgrade_partition = "os-image",
919 .last_sysupgrade_partition = "file-system"
920 },
921
922 /** Firmware layout for the TL-WA850RE v2 */
923 {
924 .id = "TLWA850REV2",
925 .vendor = "",
926 .support_list =
927 "SupportList:\n"
928 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
929 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
930 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
931 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
932 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
933 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
934 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
935 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
936 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
937 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
938 .support_trail = '\x00',
939 .soft_ver = NULL,
940
941 /**
942 576KB were moved from file-system to os-image
943 in comparison to the stock image
944 */
945 .partitions = {
946 {"fs-uboot", 0x00000, 0x20000},
947 {"os-image", 0x20000, 0x150000},
948 {"file-system", 0x170000, 0x240000},
949 {"partition-table", 0x3b0000, 0x02000},
950 {"default-mac", 0x3c0000, 0x00020},
951 {"pin", 0x3c0100, 0x00020},
952 {"product-info", 0x3c1000, 0x01000},
953 {"soft-version", 0x3c2000, 0x00100},
954 {"support-list", 0x3c3000, 0x01000},
955 {"profile", 0x3c4000, 0x08000},
956 {"user-config", 0x3d0000, 0x10000},
957 {"default-config", 0x3e0000, 0x10000},
958 {"radio", 0x3f0000, 0x10000},
959 {NULL, 0, 0}
960 },
961
962 .first_sysupgrade_partition = "os-image",
963 .last_sysupgrade_partition = "file-system"
964 },
965
966 /** Firmware layout for the TL-WA855RE v1 */
967 {
968 .id = "TLWA855REV1",
969 .vendor = "",
970 .support_list =
971 "SupportList:\n"
972 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
973 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
974 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
975 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
976 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
977 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
978 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
979 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
980 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
981 .support_trail = '\x00',
982 .soft_ver = NULL,
983
984 .partitions = {
985 {"fs-uboot", 0x00000, 0x20000},
986 {"os-image", 0x20000, 0x150000},
987 {"file-system", 0x170000, 0x240000},
988 {"partition-table", 0x3b0000, 0x02000},
989 {"default-mac", 0x3c0000, 0x00020},
990 {"pin", 0x3c0100, 0x00020},
991 {"product-info", 0x3c1000, 0x01000},
992 {"soft-version", 0x3c2000, 0x00100},
993 {"support-list", 0x3c3000, 0x01000},
994 {"profile", 0x3c4000, 0x08000},
995 {"user-config", 0x3d0000, 0x10000},
996 {"default-config", 0x3e0000, 0x10000},
997 {"radio", 0x3f0000, 0x10000},
998 {NULL, 0, 0}
999 },
1000
1001 .first_sysupgrade_partition = "os-image",
1002 .last_sysupgrade_partition = "file-system"
1003 },
1004
1005 /** Firmware layout for the TL-WR1043 v5 */
1006 {
1007 .id = "TLWR1043NV5",
1008 .vendor = "",
1009 .support_list =
1010 "SupportList:\n"
1011 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
1012 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
1013 .support_trail = '\x00',
1014 .soft_ver = "soft_ver:1.0.0\n",
1015 .partitions = {
1016 {"factory-boot", 0x00000, 0x20000},
1017 {"fs-uboot", 0x20000, 0x20000},
1018 {"firmware", 0x40000, 0xec0000},
1019 {"default-mac", 0xf00000, 0x00200},
1020 {"pin", 0xf00200, 0x00200},
1021 {"device-id", 0xf00400, 0x00100},
1022 {"product-info", 0xf00500, 0x0fb00},
1023 {"soft-version", 0xf10000, 0x01000},
1024 {"extra-para", 0xf11000, 0x01000},
1025 {"support-list", 0xf12000, 0x0a000},
1026 {"profile", 0xf1c000, 0x04000},
1027 {"default-config", 0xf20000, 0x10000},
1028 {"user-config", 0xf30000, 0x40000},
1029 {"qos-db", 0xf70000, 0x40000},
1030 {"certificate", 0xfb0000, 0x10000},
1031 {"partition-table", 0xfc0000, 0x10000},
1032 {"log", 0xfd0000, 0x20000},
1033 {"radio", 0xff0000, 0x10000},
1034 {NULL, 0, 0}
1035 },
1036 .first_sysupgrade_partition = "os-image",
1037 .last_sysupgrade_partition = "file-system"
1038 },
1039
1040 /** Firmware layout for the TL-WR1043 v4 */
1041 {
1042 .id = "TLWR1043NDV4",
1043 .vendor = "",
1044 .support_list =
1045 "SupportList:\n"
1046 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
1047 .support_trail = '\x00',
1048 .soft_ver = NULL,
1049
1050 /* We're using a dynamic kernel/rootfs split here */
1051 .partitions = {
1052 {"fs-uboot", 0x00000, 0x20000},
1053 {"firmware", 0x20000, 0xf30000},
1054 {"default-mac", 0xf50000, 0x00200},
1055 {"pin", 0xf50200, 0x00200},
1056 {"product-info", 0xf50400, 0x0fc00},
1057 {"soft-version", 0xf60000, 0x0b000},
1058 {"support-list", 0xf6b000, 0x04000},
1059 {"profile", 0xf70000, 0x04000},
1060 {"default-config", 0xf74000, 0x0b000},
1061 {"user-config", 0xf80000, 0x40000},
1062 {"partition-table", 0xfc0000, 0x10000},
1063 {"log", 0xfd0000, 0x20000},
1064 {"radio", 0xff0000, 0x10000},
1065 {NULL, 0, 0}
1066 },
1067
1068 .first_sysupgrade_partition = "os-image",
1069 .last_sysupgrade_partition = "file-system"
1070 },
1071
1072 /** Firmware layout for the TL-WR902AC v1 */
1073 {
1074 .id = "TL-WR902AC-V1",
1075 .vendor = "",
1076 .support_list =
1077 "SupportList:\n"
1078 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
1079 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
1080 .support_trail = '\x00',
1081 .soft_ver = NULL,
1082
1083 /**
1084 384KB were moved from file-system to os-image
1085 in comparison to the stock image
1086 */
1087 .partitions = {
1088 {"fs-uboot", 0x00000, 0x20000},
1089 {"firmware", 0x20000, 0x730000},
1090 {"default-mac", 0x750000, 0x00200},
1091 {"pin", 0x750200, 0x00200},
1092 {"product-info", 0x750400, 0x0fc00},
1093 {"soft-version", 0x760000, 0x0b000},
1094 {"support-list", 0x76b000, 0x04000},
1095 {"profile", 0x770000, 0x04000},
1096 {"default-config", 0x774000, 0x0b000},
1097 {"user-config", 0x780000, 0x40000},
1098 {"partition-table", 0x7c0000, 0x10000},
1099 {"log", 0x7d0000, 0x20000},
1100 {"radio", 0x7f0000, 0x10000},
1101 {NULL, 0, 0}
1102 },
1103
1104 .first_sysupgrade_partition = "os-image",
1105 .last_sysupgrade_partition = "file-system",
1106 },
1107
1108 /** Firmware layout for the TL-WR942N V1 */
1109 {
1110 .id = "TLWR942NV1",
1111 .vendor = "",
1112 .support_list =
1113 "SupportList:\r\n"
1114 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
1115 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
1116 .support_trail = '\x00',
1117 .soft_ver = NULL,
1118
1119 .partitions = {
1120 {"fs-uboot", 0x00000, 0x20000},
1121 {"firmware", 0x20000, 0xe20000},
1122 {"default-mac", 0xe40000, 0x00200},
1123 {"pin", 0xe40200, 0x00200},
1124 {"product-info", 0xe40400, 0x0fc00},
1125 {"partition-table", 0xe50000, 0x10000},
1126 {"soft-version", 0xe60000, 0x10000},
1127 {"support-list", 0xe70000, 0x10000},
1128 {"profile", 0xe80000, 0x10000},
1129 {"default-config", 0xe90000, 0x10000},
1130 {"user-config", 0xea0000, 0x40000},
1131 {"qos-db", 0xee0000, 0x40000},
1132 {"certificate", 0xf20000, 0x10000},
1133 {"usb-config", 0xfb0000, 0x10000},
1134 {"log", 0xfc0000, 0x20000},
1135 {"radio-bk", 0xfe0000, 0x10000},
1136 {"radio", 0xff0000, 0x10000},
1137 {NULL, 0, 0}
1138 },
1139
1140 .first_sysupgrade_partition = "os-image",
1141 .last_sysupgrade_partition = "file-system",
1142 },
1143
1144 /** Firmware layout for the RE350 v1 */
1145 {
1146 .id = "RE350-V1",
1147 .vendor = "",
1148 .support_list =
1149 "SupportList:\n"
1150 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1151 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1152 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1153 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1154 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1155 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1156 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1157 .support_trail = '\x00',
1158 .soft_ver = NULL,
1159
1160 /** We're using a dynamic kernel/rootfs split here */
1161 .partitions = {
1162 {"fs-uboot", 0x00000, 0x20000},
1163 {"firmware", 0x20000, 0x5e0000},
1164 {"partition-table", 0x600000, 0x02000},
1165 {"default-mac", 0x610000, 0x00020},
1166 {"pin", 0x610100, 0x00020},
1167 {"product-info", 0x611100, 0x01000},
1168 {"soft-version", 0x620000, 0x01000},
1169 {"support-list", 0x621000, 0x01000},
1170 {"profile", 0x622000, 0x08000},
1171 {"user-config", 0x630000, 0x10000},
1172 {"default-config", 0x640000, 0x10000},
1173 {"radio", 0x7f0000, 0x10000},
1174 {NULL, 0, 0}
1175 },
1176
1177 .first_sysupgrade_partition = "os-image",
1178 .last_sysupgrade_partition = "file-system"
1179 },
1180
1181 /** Firmware layout for the RE350K v1 */
1182 {
1183 .id = "RE350K-V1",
1184 .vendor = "",
1185 .support_list =
1186 "SupportList:\n"
1187 "{product_name:RE350K,product_ver:1.0.0,special_id:00000000,product_region:US}\n",
1188 .support_trail = '\x00',
1189 .soft_ver = NULL,
1190
1191 /** We're using a dynamic kernel/rootfs split here */
1192 .partitions = {
1193 {"fs-uboot", 0x00000, 0x20000},
1194 {"firmware", 0x20000, 0xd70000},
1195 {"partition-table", 0xd90000, 0x02000},
1196 {"default-mac", 0xda0000, 0x00020},
1197 {"pin", 0xda0100, 0x00020},
1198 {"product-info", 0xda1100, 0x01000},
1199 {"soft-version", 0xdb0000, 0x01000},
1200 {"support-list", 0xdb1000, 0x01000},
1201 {"profile", 0xdb2000, 0x08000},
1202 {"user-config", 0xdc0000, 0x10000},
1203 {"default-config", 0xdd0000, 0x10000},
1204 {"device-id", 0xde0000, 0x00108},
1205 {"radio", 0xff0000, 0x10000},
1206 {NULL, 0, 0}
1207 },
1208
1209 .first_sysupgrade_partition = "os-image",
1210 .last_sysupgrade_partition = "file-system"
1211 },
1212
1213 /** Firmware layout for the RE355 */
1214 {
1215 .id = "RE355",
1216 .vendor = "",
1217 .support_list =
1218 "SupportList:\r\n"
1219 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1220 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1221 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1222 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1223 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1224 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1225 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1226 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1227 .support_trail = '\x00',
1228 .soft_ver = NULL,
1229
1230 /* We're using a dynamic kernel/rootfs split here */
1231 .partitions = {
1232 {"fs-uboot", 0x00000, 0x20000},
1233 {"firmware", 0x20000, 0x5e0000},
1234 {"partition-table", 0x600000, 0x02000},
1235 {"default-mac", 0x610000, 0x00020},
1236 {"pin", 0x610100, 0x00020},
1237 {"product-info", 0x611100, 0x01000},
1238 {"soft-version", 0x620000, 0x01000},
1239 {"support-list", 0x621000, 0x01000},
1240 {"profile", 0x622000, 0x08000},
1241 {"user-config", 0x630000, 0x10000},
1242 {"default-config", 0x640000, 0x10000},
1243 {"radio", 0x7f0000, 0x10000},
1244 {NULL, 0, 0}
1245 },
1246
1247 .first_sysupgrade_partition = "os-image",
1248 .last_sysupgrade_partition = "file-system"
1249 },
1250
1251 /** Firmware layout for the RE450 */
1252 {
1253 .id = "RE450",
1254 .vendor = "",
1255 .support_list =
1256 "SupportList:\r\n"
1257 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1258 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1259 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1260 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1261 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1262 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1263 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1264 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1265 .support_trail = '\x00',
1266 .soft_ver = NULL,
1267
1268 /** We're using a dynamic kernel/rootfs split here */
1269 .partitions = {
1270 {"fs-uboot", 0x00000, 0x20000},
1271 {"firmware", 0x20000, 0x5e0000},
1272 {"partition-table", 0x600000, 0x02000},
1273 {"default-mac", 0x610000, 0x00020},
1274 {"pin", 0x610100, 0x00020},
1275 {"product-info", 0x611100, 0x01000},
1276 {"soft-version", 0x620000, 0x01000},
1277 {"support-list", 0x621000, 0x01000},
1278 {"profile", 0x622000, 0x08000},
1279 {"user-config", 0x630000, 0x10000},
1280 {"default-config", 0x640000, 0x10000},
1281 {"radio", 0x7f0000, 0x10000},
1282 {NULL, 0, 0}
1283 },
1284
1285 .first_sysupgrade_partition = "os-image",
1286 .last_sysupgrade_partition = "file-system"
1287 },
1288
1289 /** Firmware layout for the RE450 v2 */
1290 {
1291 .id = "RE450-V2",
1292 .vendor = "",
1293 .support_list =
1294 "SupportList:\r\n"
1295 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1296 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1297 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1298 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1299 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1300 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1301 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1302 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1303 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1304 .support_trail = '\x00',
1305 .soft_ver = NULL,
1306
1307 /* We're using a dynamic kernel/rootfs split here */
1308 .partitions = {
1309 {"fs-uboot", 0x00000, 0x20000},
1310 {"firmware", 0x20000, 0x5e0000},
1311 {"partition-table", 0x600000, 0x02000},
1312 {"default-mac", 0x610000, 0x00020},
1313 {"pin", 0x610100, 0x00020},
1314 {"product-info", 0x611100, 0x01000},
1315 {"soft-version", 0x620000, 0x01000},
1316 {"support-list", 0x621000, 0x01000},
1317 {"profile", 0x622000, 0x08000},
1318 {"user-config", 0x630000, 0x10000},
1319 {"default-config", 0x640000, 0x10000},
1320 {"radio", 0x7f0000, 0x10000},
1321
1322 {NULL, 0, 0}
1323 },
1324
1325 .first_sysupgrade_partition = "os-image",
1326 .last_sysupgrade_partition = "file-system"
1327 },
1328
1329 {}
1330 };
1331
1332 #define error(_ret, _errno, _str, ...) \
1333 do { \
1334 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1335 strerror(_errno)); \
1336 if (_ret) \
1337 exit(_ret); \
1338 } while (0)
1339
1340
1341 /** Stores a uint32 as big endian */
1342 static inline void put32(uint8_t *buf, uint32_t val) {
1343 buf[0] = val >> 24;
1344 buf[1] = val >> 16;
1345 buf[2] = val >> 8;
1346 buf[3] = val;
1347 }
1348
1349 /** Allocates a new image partition */
1350 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
1351 struct image_partition_entry entry = {name, len, malloc(len)};
1352 if (!entry.data)
1353 error(1, errno, "malloc");
1354
1355 return entry;
1356 }
1357
1358 /** Frees an image partition */
1359 static void free_image_partition(struct image_partition_entry entry) {
1360 free(entry.data);
1361 }
1362
1363 static time_t source_date_epoch = -1;
1364 static void set_source_date_epoch() {
1365 char *env = getenv("SOURCE_DATE_EPOCH");
1366 char *endptr = env;
1367 errno = 0;
1368 if (env && *env) {
1369 source_date_epoch = strtoull(env, &endptr, 10);
1370 if (errno || (endptr && *endptr != '\0')) {
1371 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1372 exit(1);
1373 }
1374 }
1375 }
1376
1377 /** Generates the partition-table partition */
1378 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1379 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1380
1381 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1382
1383 *(s++) = 0x00;
1384 *(s++) = 0x04;
1385 *(s++) = 0x00;
1386 *(s++) = 0x00;
1387
1388 size_t i;
1389 for (i = 0; p[i].name; i++) {
1390 size_t len = end-s;
1391 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1392
1393 if (w > len-1)
1394 error(1, 0, "flash partition table overflow?");
1395
1396 s += w;
1397 }
1398
1399 s++;
1400
1401 memset(s, 0xff, end-s);
1402
1403 return entry;
1404 }
1405
1406
1407 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1408 static inline uint8_t bcd(uint8_t v) {
1409 return 0x10 * (v/10) + v%10;
1410 }
1411
1412
1413 /** Generates the soft-version partition */
1414 static struct image_partition_entry make_soft_version(uint32_t rev) {
1415 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1416 struct soft_version *s = (struct soft_version *)entry.data;
1417
1418 time_t t;
1419
1420 if (source_date_epoch != -1)
1421 t = source_date_epoch;
1422 else if (time(&t) == (time_t)(-1))
1423 error(1, errno, "time");
1424
1425 struct tm *tm = localtime(&t);
1426
1427 s->magic = htonl(0x0000000c);
1428 s->zero = 0;
1429 s->pad1 = 0xff;
1430
1431 s->version_major = 0;
1432 s->version_minor = 0;
1433 s->version_patch = 0;
1434
1435 s->year_hi = bcd((1900+tm->tm_year)/100);
1436 s->year_lo = bcd(tm->tm_year%100);
1437 s->month = bcd(tm->tm_mon+1);
1438 s->day = bcd(tm->tm_mday);
1439 s->rev = htonl(rev);
1440
1441 s->pad2 = 0xff;
1442
1443 return entry;
1444 }
1445
1446 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1447 /** String length _including_ the terminating zero byte */
1448 uint32_t ver_len = strlen(soft_ver) + 1;
1449 /** Partition contains 64 bit header, the version string, and one additional null byte */
1450 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1451 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1452
1453 uint32_t *len = (uint32_t *)entry.data;
1454 len[0] = htonl(ver_len);
1455 len[1] = 0;
1456 memcpy(&len[2], soft_ver, ver_len);
1457
1458 entry.data[partition_len - 1] = 0;
1459
1460 return entry;
1461 }
1462
1463 /** Generates the support-list partition */
1464 static struct image_partition_entry make_support_list(struct device_info *info) {
1465 size_t len = strlen(info->support_list);
1466 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1467
1468 put32(entry.data, len);
1469 memset(entry.data+4, 0, 4);
1470 memcpy(entry.data+8, info->support_list, len);
1471 entry.data[len+8] = info->support_trail;
1472
1473 return entry;
1474 }
1475
1476 /** Creates a new image partition with an arbitrary name from a file */
1477 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof, struct flash_partition_entry *file_system_partition) {
1478 struct stat statbuf;
1479
1480 if (stat(filename, &statbuf) < 0)
1481 error(1, errno, "unable to stat file `%s'", filename);
1482
1483 size_t len = statbuf.st_size;
1484
1485 if (add_jffs2_eof)
1486 if (file_system_partition)
1487 len = ALIGN(len + file_system_partition->base, 0x10000) + sizeof(jffs2_eof_mark) - file_system_partition->base;
1488 else
1489 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1490
1491 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1492
1493 FILE *file = fopen(filename, "rb");
1494 if (!file)
1495 error(1, errno, "unable to open file `%s'", filename);
1496
1497 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1498 error(1, errno, "unable to read file `%s'", filename);
1499
1500 if (add_jffs2_eof) {
1501 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1502
1503 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1504 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1505 }
1506
1507 fclose(file);
1508
1509 return entry;
1510 }
1511
1512 /** Creates a new image partition from arbitrary data */
1513 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1514
1515 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1516
1517 memcpy(entry.data, datain, len);
1518
1519 return entry;
1520 }
1521
1522 /**
1523 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1524
1525 Example image partition table:
1526
1527 fwup-ptn partition-table base 0x00800 size 0x00800
1528 fwup-ptn os-image base 0x01000 size 0x113b45
1529 fwup-ptn file-system base 0x114b45 size 0x1d0004
1530 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1531
1532 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1533 the end of the partition table is marked with a zero byte.
1534
1535 The firmware image must contain at least the partition-table and support-list partitions
1536 to be accepted. There aren't any alignment constraints for the image partitions.
1537
1538 The partition-table partition contains the actual flash layout; partitions
1539 from the image partition table are mapped to the corresponding flash partitions during
1540 the firmware upgrade. The support-list partition contains a list of devices supported by
1541 the firmware image.
1542
1543 The base offsets in the firmware partition table are relative to the end
1544 of the vendor information block, so the partition-table partition will
1545 actually start at offset 0x1814 of the image.
1546
1547 I think partition-table must be the first partition in the firmware image.
1548 */
1549 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1550 size_t i, j;
1551 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1552
1553 size_t base = 0x800;
1554 for (i = 0; parts[i].name; i++) {
1555 for (j = 0; flash_parts[j].name; j++) {
1556 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1557 if (parts[i].size > flash_parts[j].size)
1558 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1559 break;
1560 }
1561 }
1562
1563 assert(flash_parts[j].name);
1564
1565 memcpy(buffer + base, parts[i].data, parts[i].size);
1566
1567 size_t len = end-image_pt;
1568 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1569
1570 if (w > len-1)
1571 error(1, 0, "image partition table overflow?");
1572
1573 image_pt += w;
1574
1575 base += parts[i].size;
1576 }
1577 }
1578
1579 /** Generates and writes the image MD5 checksum */
1580 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1581 MD5_CTX ctx;
1582
1583 MD5_Init(&ctx);
1584 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1585 MD5_Update(&ctx, buffer, len);
1586 MD5_Final(md5, &ctx);
1587 }
1588
1589
1590 /**
1591 Generates the firmware image in factory format
1592
1593 Image format:
1594
1595 Bytes (hex) Usage
1596 ----------- -----
1597 0000-0003 Image size (4 bytes, big endian)
1598 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1599 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1600 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1601 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1602 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1603 1814-xxxx Firmware partitions
1604 */
1605 static void * generate_factory_image(struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1606 *len = 0x1814;
1607
1608 size_t i;
1609 for (i = 0; parts[i].name; i++)
1610 *len += parts[i].size;
1611
1612 uint8_t *image = malloc(*len);
1613 if (!image)
1614 error(1, errno, "malloc");
1615
1616 memset(image, 0xff, *len);
1617 put32(image, *len);
1618
1619 if (info->vendor) {
1620 size_t vendor_len = strlen(info->vendor);
1621 put32(image+0x14, vendor_len);
1622 memcpy(image+0x18, info->vendor, vendor_len);
1623 }
1624
1625 put_partitions(image + 0x1014, info->partitions, parts);
1626 put_md5(image+0x04, image+0x14, *len-0x14);
1627
1628 return image;
1629 }
1630
1631 /**
1632 Generates the firmware image in sysupgrade format
1633
1634 This makes some assumptions about the provided flash and image partition tables and
1635 should be generalized when TP-LINK starts building its safeloader into hardware with
1636 different flash layouts.
1637 */
1638 static void * generate_sysupgrade_image(struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1639 size_t i, j;
1640 size_t flash_first_partition_index = 0;
1641 size_t flash_last_partition_index = 0;
1642 const struct flash_partition_entry *flash_first_partition = NULL;
1643 const struct flash_partition_entry *flash_last_partition = NULL;
1644 const struct image_partition_entry *image_last_partition = NULL;
1645
1646 /** Find first and last partitions */
1647 for (i = 0; info->partitions[i].name; i++) {
1648 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1649 flash_first_partition = &info->partitions[i];
1650 flash_first_partition_index = i;
1651 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1652 flash_last_partition = &info->partitions[i];
1653 flash_last_partition_index = i;
1654 }
1655 }
1656
1657 assert(flash_first_partition && flash_last_partition);
1658 assert(flash_first_partition_index < flash_last_partition_index);
1659
1660 /** Find last partition from image to calculate needed size */
1661 for (i = 0; image_parts[i].name; i++) {
1662 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1663 image_last_partition = &image_parts[i];
1664 break;
1665 }
1666 }
1667
1668 assert(image_last_partition);
1669
1670 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1671
1672 uint8_t *image = malloc(*len);
1673 if (!image)
1674 error(1, errno, "malloc");
1675
1676 memset(image, 0xff, *len);
1677
1678 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1679 for (j = 0; image_parts[j].name; j++) {
1680 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1681 if (image_parts[j].size > info->partitions[i].size)
1682 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1683 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1684 break;
1685 }
1686
1687 assert(image_parts[j].name);
1688 }
1689 }
1690
1691 return image;
1692 }
1693
1694 /** Generates an image according to a given layout and writes it to a file */
1695 static void build_image(const char *output,
1696 const char *kernel_image,
1697 const char *rootfs_image,
1698 uint32_t rev,
1699 bool add_jffs2_eof,
1700 bool sysupgrade,
1701 struct device_info *info) {
1702
1703 size_t i;
1704
1705 struct image_partition_entry parts[7] = {};
1706
1707 struct flash_partition_entry *firmware_partition = NULL;
1708 struct flash_partition_entry *os_image_partition = NULL;
1709 struct flash_partition_entry *file_system_partition = NULL;
1710 size_t firmware_partition_index = 0;
1711
1712 for (i = 0; info->partitions[i].name; i++) {
1713 if (!strcmp(info->partitions[i].name, "firmware"))
1714 {
1715 firmware_partition = &info->partitions[i];
1716 firmware_partition_index = i;
1717 }
1718 }
1719
1720 if (firmware_partition)
1721 {
1722 os_image_partition = &info->partitions[firmware_partition_index];
1723 file_system_partition = &info->partitions[firmware_partition_index + 1];
1724
1725 struct stat kernel;
1726 if (stat(kernel_image, &kernel) < 0)
1727 error(1, errno, "unable to stat file `%s'", kernel_image);
1728
1729 if (kernel.st_size > firmware_partition->size)
1730 error(1, 0, "kernel overflowed firmware partition\n");
1731
1732 for (i = MAX_PARTITIONS-1; i >= firmware_partition_index + 1; i--)
1733 info->partitions[i+1] = info->partitions[i];
1734
1735 file_system_partition->name = "file-system";
1736 file_system_partition->base = firmware_partition->base + kernel.st_size;
1737
1738 /* Align partition start to erase blocks for factory images only */
1739 if (!sysupgrade)
1740 file_system_partition->base = ALIGN(firmware_partition->base + kernel.st_size, 0x10000);
1741
1742 file_system_partition->size = firmware_partition->size - file_system_partition->base;
1743
1744 os_image_partition->name = "os-image";
1745 os_image_partition->size = kernel.st_size;
1746 }
1747
1748 parts[0] = make_partition_table(info->partitions);
1749 if (info->soft_ver)
1750 parts[1] = make_soft_version_from_string(info->soft_ver);
1751 else
1752 parts[1] = make_soft_version(rev);
1753
1754 parts[2] = make_support_list(info);
1755 parts[3] = read_file("os-image", kernel_image, false, NULL);
1756 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof, file_system_partition);
1757
1758 /* Some devices need the extra-para partition to accept the firmware */
1759 if (strcasecmp(info->id, "ARCHER-C2-V3") == 0 ||
1760 strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1761 strcasecmp(info->id, "ARCHER-C59-V2") == 0 ||
1762 strcasecmp(info->id, "ARCHER-C60-V2") == 0 ||
1763 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1764 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1765 parts[5] = put_data("extra-para", mdat, 11);
1766 } else if (strcasecmp(info->id, "ARCHER-A7-V5") == 0 || strcasecmp(info->id, "ARCHER-C7-V4") == 0 || strcasecmp(info->id, "ARCHER-C7-V5") == 0) {
1767 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1768 parts[5] = put_data("extra-para", mdat, 11);
1769 } else if (strcasecmp(info->id, "ARCHER-C6-V2") == 0) {
1770 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00};
1771 parts[5] = put_data("extra-para", mdat, 11);
1772 }
1773
1774 size_t len;
1775 void *image;
1776 if (sysupgrade)
1777 image = generate_sysupgrade_image(info, parts, &len);
1778 else
1779 image = generate_factory_image(info, parts, &len);
1780
1781 FILE *file = fopen(output, "wb");
1782 if (!file)
1783 error(1, errno, "unable to open output file");
1784
1785 if (fwrite(image, len, 1, file) != 1)
1786 error(1, 0, "unable to write output file");
1787
1788 fclose(file);
1789
1790 free(image);
1791
1792 for (i = 0; parts[i].name; i++)
1793 free_image_partition(parts[i]);
1794 }
1795
1796 /** Usage output */
1797 static void usage(const char *argv0) {
1798 fprintf(stderr,
1799 "Usage: %s [OPTIONS...]\n"
1800 "\n"
1801 "Options:\n"
1802 " -h show this help\n"
1803 "\n"
1804 "Create a new image:\n"
1805 " -B <board> create image for the board specified with <board>\n"
1806 " -k <file> read kernel image from the file <file>\n"
1807 " -r <file> read rootfs image from the file <file>\n"
1808 " -o <file> write output to the file <file>\n"
1809 " -V <rev> sets the revision number to <rev>\n"
1810 " -j add jffs2 end-of-filesystem markers\n"
1811 " -S create sysupgrade instead of factory image\n"
1812 "Extract an old image:\n"
1813 " -x <file> extract all oem firmware partition\n"
1814 " -d <dir> destination to extract the firmware partition\n"
1815 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1816 argv0
1817 );
1818 };
1819
1820
1821 static struct device_info *find_board(const char *id)
1822 {
1823 struct device_info *board = NULL;
1824
1825 for (board = boards; board->id != NULL; board++)
1826 if (strcasecmp(id, board->id) == 0)
1827 return board;
1828
1829 return NULL;
1830 }
1831
1832 static int add_flash_partition(
1833 struct flash_partition_entry *part_list,
1834 size_t max_entries,
1835 const char *name,
1836 unsigned long base,
1837 unsigned long size)
1838 {
1839 int ptr;
1840 /* check if the list has a free entry */
1841 for (ptr = 0; ptr < max_entries; ptr++, part_list++) {
1842 if (part_list->name == NULL &&
1843 part_list->base == 0 &&
1844 part_list->size == 0)
1845 break;
1846 }
1847
1848 if (ptr == max_entries) {
1849 error(1, 0, "No free flash part entry available.");
1850 }
1851
1852 part_list->name = calloc(1, strlen(name) + 1);
1853 if (!part_list->name) {
1854 error(1, 0, "Unable to allocate memory");
1855 }
1856
1857 memcpy((char *)part_list->name, name, strlen(name));
1858 part_list->base = base;
1859 part_list->size = size;
1860
1861 return 0;
1862 }
1863
1864 /** read the partition table into struct flash_partition_entry */
1865 static int read_partition_table(
1866 FILE *file, long offset,
1867 struct flash_partition_entry *entries, size_t max_entries,
1868 int type)
1869 {
1870 char buf[2048];
1871 char *ptr, *end;
1872 const char *parthdr = NULL;
1873 const char *fwuphdr = "fwup-ptn";
1874 const char *flashhdr = "partition";
1875
1876 /* TODO: search for the partition table */
1877
1878 switch(type) {
1879 case 0:
1880 parthdr = fwuphdr;
1881 break;
1882 case 1:
1883 parthdr = flashhdr;
1884 break;
1885 default:
1886 error(1, 0, "Invalid partition table");
1887 }
1888
1889 if (fseek(file, offset, SEEK_SET) < 0)
1890 error(1, errno, "Can not seek in the firmware");
1891
1892 if (fread(buf, 1, 2048, file) < 0)
1893 error(1, errno, "Can not read fwup-ptn from the firmware");
1894
1895 buf[2047] = '\0';
1896
1897 /* look for the partition header */
1898 if (memcmp(buf, parthdr, strlen(parthdr)) != 0) {
1899 fprintf(stderr, "DEBUG: can not find fwuphdr\n");
1900 return 1;
1901 }
1902
1903 ptr = buf;
1904 end = buf + sizeof(buf);
1905 while ((ptr + strlen(parthdr)) < end &&
1906 memcmp(ptr, parthdr, strlen(parthdr)) == 0) {
1907 char *end_part;
1908 char *end_element;
1909
1910 char name[32] = { 0 };
1911 int name_len = 0;
1912 unsigned long base = 0;
1913 unsigned long size = 0;
1914
1915 end_part = memchr(ptr, '\n', (end - ptr));
1916 if (end_part == NULL) {
1917 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1918 break;
1919 }
1920
1921 for (int i = 0; i <= 4; i++) {
1922 if (end_part <= ptr)
1923 break;
1924
1925 end_element = memchr(ptr, 0x20, (end_part - ptr));
1926 if (end_element == NULL) {
1927 error(1, errno, "Ignoring the rest of the partition entries.");
1928 break;
1929 }
1930
1931 switch (i) {
1932 /* partition header */
1933 case 0:
1934 ptr = end_element + 1;
1935 continue;
1936 /* name */
1937 case 1:
1938 name_len = (end_element - ptr) > 31 ? 31 : (end_element - ptr);
1939 strncpy(name, ptr, name_len);
1940 name[name_len] = '\0';
1941 ptr = end_element + 1;
1942 continue;
1943
1944 /* string "base" */
1945 case 2:
1946 ptr = end_element + 1;
1947 continue;
1948
1949 /* actual base */
1950 case 3:
1951 base = strtoul(ptr, NULL, 16);
1952 ptr = end_element + 1;
1953 continue;
1954
1955 /* string "size" */
1956 case 4:
1957 ptr = end_element + 1;
1958 /* actual size. The last element doesn't have a sepeartor */
1959 size = strtoul(ptr, NULL, 16);
1960 /* the part ends with 0x09, 0x0d, 0x0a */
1961 ptr = end_part + 1;
1962 add_flash_partition(entries, max_entries, name, base, size);
1963 continue;
1964 }
1965 }
1966 }
1967
1968 return 0;
1969 }
1970
1971 static void write_partition(
1972 FILE *input_file,
1973 size_t firmware_offset,
1974 struct flash_partition_entry *entry,
1975 FILE *output_file)
1976 {
1977 char buf[4096];
1978 size_t offset;
1979
1980 fseek(input_file, entry->base + firmware_offset, SEEK_SET);
1981
1982 for (offset = 0; sizeof(buf) + offset <= entry->size; offset += sizeof(buf)) {
1983 if (fread(buf, sizeof(buf), 1, input_file) < 0)
1984 error(1, errno, "Can not read partition from input_file");
1985
1986 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1987 error(1, errno, "Can not write partition to output_file");
1988 }
1989 /* write last chunk smaller than buffer */
1990 if (offset < entry->size) {
1991 offset = entry->size - offset;
1992 if (fread(buf, offset, 1, input_file) < 0)
1993 error(1, errno, "Can not read partition from input_file");
1994 if (fwrite(buf, offset, 1, output_file) < 0)
1995 error(1, errno, "Can not write partition to output_file");
1996 }
1997 }
1998
1999 static int extract_firmware_partition(FILE *input_file, size_t firmware_offset, struct flash_partition_entry *entry, const char *output_directory)
2000 {
2001 FILE *output_file;
2002 char output[PATH_MAX];
2003
2004 snprintf(output, PATH_MAX, "%s/%s", output_directory, entry->name);
2005 output_file = fopen(output, "wb+");
2006 if (output_file == NULL) {
2007 error(1, errno, "Can not open output file %s", output);
2008 }
2009
2010 write_partition(input_file, firmware_offset, entry, output_file);
2011
2012 fclose(output_file);
2013
2014 return 0;
2015 }
2016
2017 /** extract all partitions from the firmware file */
2018 static int extract_firmware(const char *input, const char *output_directory)
2019 {
2020 struct flash_partition_entry entries[16] = { 0 };
2021 size_t max_entries = 16;
2022 size_t firmware_offset = 0x1014;
2023 FILE *input_file;
2024
2025 struct stat statbuf;
2026
2027 /* check input file */
2028 if (stat(input, &statbuf)) {
2029 error(1, errno, "Can not read input firmware %s", input);
2030 }
2031
2032 /* check if output directory exists */
2033 if (stat(output_directory, &statbuf)) {
2034 error(1, errno, "Failed to stat output directory %s", output_directory);
2035 }
2036
2037 if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
2038 error(1, errno, "Given output directory is not a directory %s", output_directory);
2039 }
2040
2041 input_file = fopen(input, "rb");
2042
2043 if (read_partition_table(input_file, firmware_offset, entries, 16, 0) != 0) {
2044 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2045 }
2046
2047 for (int i = 0; i < max_entries; i++) {
2048 if (entries[i].name == NULL &&
2049 entries[i].base == 0 &&
2050 entries[i].size == 0)
2051 continue;
2052
2053 extract_firmware_partition(input_file, firmware_offset, &entries[i], output_directory);
2054 }
2055
2056 return 0;
2057 }
2058
2059 static struct flash_partition_entry *find_partition(
2060 struct flash_partition_entry *entries, size_t max_entries,
2061 const char *name, const char *error_msg)
2062 {
2063 for (int i = 0; i < max_entries; i++, entries++) {
2064 if (strcmp(entries->name, name) == 0)
2065 return entries;
2066 }
2067
2068 error(1, 0, "%s", error_msg);
2069 return NULL;
2070 }
2071
2072 static void write_ff(FILE *output_file, size_t size)
2073 {
2074 char buf[4096];
2075 int offset;
2076
2077 memset(buf, 0xff, sizeof(buf));
2078
2079 for (offset = 0; offset + sizeof(buf) < size ; offset += sizeof(buf)) {
2080 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
2081 error(1, errno, "Can not write 0xff to output_file");
2082 }
2083
2084 /* write last chunk smaller than buffer */
2085 if (offset < size) {
2086 offset = size - offset;
2087 if (fwrite(buf, offset, 1, output_file) < 0)
2088 error(1, errno, "Can not write partition to output_file");
2089 }
2090 }
2091
2092 static void convert_firmware(const char *input, const char *output)
2093 {
2094 struct flash_partition_entry fwup[MAX_PARTITIONS] = { 0 };
2095 struct flash_partition_entry flash[MAX_PARTITIONS] = { 0 };
2096 struct flash_partition_entry *fwup_os_image = NULL, *fwup_file_system = NULL;
2097 struct flash_partition_entry *flash_os_image = NULL, *flash_file_system = NULL;
2098 struct flash_partition_entry *fwup_partition_table = NULL;
2099 size_t firmware_offset = 0x1014;
2100 FILE *input_file, *output_file;
2101
2102 struct stat statbuf;
2103
2104 /* check input file */
2105 if (stat(input, &statbuf)) {
2106 error(1, errno, "Can not read input firmware %s", input);
2107 }
2108
2109 input_file = fopen(input, "rb");
2110 if (!input_file)
2111 error(1, 0, "Can not open input firmware %s", input);
2112
2113 output_file = fopen(output, "wb");
2114 if (!output_file)
2115 error(1, 0, "Can not open output firmware %s", output);
2116
2117 if (read_partition_table(input_file, firmware_offset, fwup, MAX_PARTITIONS, 0) != 0) {
2118 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2119 }
2120
2121 fwup_os_image = find_partition(fwup, MAX_PARTITIONS,
2122 "os-image", "Error can not find os-image partition (fwup)");
2123 fwup_file_system = find_partition(fwup, MAX_PARTITIONS,
2124 "file-system", "Error can not find file-system partition (fwup)");
2125 fwup_partition_table = find_partition(fwup, MAX_PARTITIONS,
2126 "partition-table", "Error can not find partition-table partition");
2127
2128 /* the flash partition table has a 0x00000004 magic haeder */
2129 if (read_partition_table(input_file, firmware_offset + fwup_partition_table->base + 4, flash, MAX_PARTITIONS, 1) != 0)
2130 error(1, 0, "Error can not read the partition table (flash)");
2131
2132 flash_os_image = find_partition(flash, MAX_PARTITIONS,
2133 "os-image", "Error can not find os-image partition (flash)");
2134 flash_file_system = find_partition(flash, MAX_PARTITIONS,
2135 "file-system", "Error can not find file-system partition (flash)");
2136
2137 /* write os_image to 0x0 */
2138 write_partition(input_file, firmware_offset, fwup_os_image, output_file);
2139 write_ff(output_file, flash_os_image->size - fwup_os_image->size);
2140
2141 /* write file-system behind os_image */
2142 fseek(output_file, flash_file_system->base - flash_os_image->base, SEEK_SET);
2143 write_partition(input_file, firmware_offset, fwup_file_system, output_file);
2144 write_ff(output_file, flash_file_system->size - fwup_file_system->size);
2145
2146 fclose(output_file);
2147 fclose(input_file);
2148 }
2149
2150 int main(int argc, char *argv[]) {
2151 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
2152 const char *extract_image = NULL, *output_directory = NULL, *convert_image = NULL;
2153 bool add_jffs2_eof = false, sysupgrade = false;
2154 unsigned rev = 0;
2155 struct device_info *info;
2156 set_source_date_epoch();
2157
2158 while (true) {
2159 int c;
2160
2161 c = getopt(argc, argv, "B:k:r:o:V:jSh:x:d:z:");
2162 if (c == -1)
2163 break;
2164
2165 switch (c) {
2166 case 'B':
2167 board = optarg;
2168 break;
2169
2170 case 'k':
2171 kernel_image = optarg;
2172 break;
2173
2174 case 'r':
2175 rootfs_image = optarg;
2176 break;
2177
2178 case 'o':
2179 output = optarg;
2180 break;
2181
2182 case 'V':
2183 sscanf(optarg, "r%u", &rev);
2184 break;
2185
2186 case 'j':
2187 add_jffs2_eof = true;
2188 break;
2189
2190 case 'S':
2191 sysupgrade = true;
2192 break;
2193
2194 case 'h':
2195 usage(argv[0]);
2196 return 0;
2197
2198 case 'd':
2199 output_directory = optarg;
2200 break;
2201
2202 case 'x':
2203 extract_image = optarg;
2204 break;
2205
2206 case 'z':
2207 convert_image = optarg;
2208 break;
2209
2210 default:
2211 usage(argv[0]);
2212 return 1;
2213 }
2214 }
2215
2216 if (extract_image || output_directory) {
2217 if (!extract_image)
2218 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2219 if (!output_directory)
2220 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2221 extract_firmware(extract_image, output_directory);
2222 } else if (convert_image) {
2223 if (!output)
2224 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2225 convert_firmware(convert_image, output);
2226 } else {
2227 if (!board)
2228 error(1, 0, "no board has been specified");
2229 if (!kernel_image)
2230 error(1, 0, "no kernel image has been specified");
2231 if (!rootfs_image)
2232 error(1, 0, "no rootfs image has been specified");
2233 if (!output)
2234 error(1, 0, "no output filename has been specified");
2235
2236 info = find_board(board);
2237
2238 if (info == NULL)
2239 error(1, 0, "unsupported board %s", board);
2240
2241 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
2242 }
2243
2244 return 0;
2245 }
OpenWrt Source Repository