projects / openwrt / staging / mkresin.git / blob
? search:


a51cca476e3bca696e61ae3bbeb4b72d60d0252b
[openwrt/staging/mkresin.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <limits.h>
50
51 #include "md5.h"
52
53
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
55
56
57 #define MAX_PARTITIONS 32
58
59 /** An image partition table entry */
60 struct image_partition_entry {
61 const char *name;
62 size_t size;
63 uint8_t *data;
64 };
65
66 /** A flash partition table entry */
67 struct flash_partition_entry {
68 char *name;
69 uint32_t base;
70 uint32_t size;
71 };
72
73 /** Firmware layout description */
74 struct device_info {
75 const char *id;
76 const char *vendor;
77 const char *support_list;
78 char support_trail;
79 const char *soft_ver;
80 struct flash_partition_entry partitions[MAX_PARTITIONS+1];
81 const char *first_sysupgrade_partition;
82 const char *last_sysupgrade_partition;
83 };
84
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__)) soft_version {
87 uint32_t magic;
88 uint32_t zero;
89 uint8_t pad1;
90 uint8_t version_major;
91 uint8_t version_minor;
92 uint8_t version_patch;
93 uint8_t year_hi;
94 uint8_t year_lo;
95 uint8_t month;
96 uint8_t day;
97 uint32_t rev;
98 uint8_t pad2;
99 };
100
101
102 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
103
104
105 /**
106 Salt for the MD5 hash
107
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
110 */
111 static const uint8_t md5_salt[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
116 };
117
118
119 /** Firmware layout table */
120 static struct device_info boards[] = {
121 /** Firmware layout for the CPE210/220 */
122 {
123 .id = "CPE210",
124 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
125 .support_list =
126 "SupportList:\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail = '\xff',
135 .soft_ver = NULL,
136
137 .partitions = {
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
151 {NULL, 0, 0}
152 },
153
154 .first_sysupgrade_partition = "os-image",
155 .last_sysupgrade_partition = "support-list",
156 },
157
158 /** Firmware layout for the CPE210 V2 */
159 {
160 .id = "CPE210V2",
161 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
162 .support_list =
163 "SupportList:\r\n"
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail = '\xff',
175 .soft_ver = NULL,
176
177 .partitions = {
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"os-image", 0x40000, 0x1c0000},
186 {"file-system", 0x200000, 0x5b0000},
187 {"soft-version", 0x7b0000, 0x00100},
188 {"support-list", 0x7b1000, 0x01000},
189 {"user-config", 0x7c0000, 0x10000},
190 {"default-config", 0x7d0000, 0x10000},
191 {"log", 0x7e0000, 0x10000},
192 {"radio", 0x7f0000, 0x10000},
193 {NULL, 0, 0}
194 },
195
196 .first_sysupgrade_partition = "os-image",
197 .last_sysupgrade_partition = "support-list",
198 },
199
200 /** Firmware layout for the CPE510/520 */
201 {
202 .id = "CPE510",
203 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
204 .support_list =
205 "SupportList:\r\n"
206 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
207 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
208 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
209 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
210 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
211 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
212 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
213 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
214 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
215 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
216 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
217 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
218 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
219 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
220 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
221 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
222 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
223 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
224 .support_trail = '\xff',
225 .soft_ver = NULL,
226
227 .partitions = {
228 {"fs-uboot", 0x00000, 0x20000},
229 {"partition-table", 0x20000, 0x02000},
230 {"default-mac", 0x30000, 0x00020},
231 {"product-info", 0x31100, 0x00100},
232 {"signature", 0x32000, 0x00400},
233 {"os-image", 0x40000, 0x1c0000},
234 {"file-system", 0x200000, 0x5b0000},
235 {"soft-version", 0x7b0000, 0x00100},
236 {"support-list", 0x7b1000, 0x00400},
237 {"user-config", 0x7c0000, 0x10000},
238 {"default-config", 0x7d0000, 0x10000},
239 {"log", 0x7e0000, 0x10000},
240 {"radio", 0x7f0000, 0x10000},
241 {NULL, 0, 0}
242 },
243
244 .first_sysupgrade_partition = "os-image",
245 .last_sysupgrade_partition = "support-list",
246 },
247
248 {
249 .id = "WBS210",
250 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
251 .support_list =
252 "SupportList:\r\n"
253 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
254 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
255 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
256 .support_trail = '\xff',
257 .soft_ver = NULL,
258
259 .partitions = {
260 {"fs-uboot", 0x00000, 0x20000},
261 {"partition-table", 0x20000, 0x02000},
262 {"default-mac", 0x30000, 0x00020},
263 {"product-info", 0x31100, 0x00100},
264 {"signature", 0x32000, 0x00400},
265 {"os-image", 0x40000, 0x1c0000},
266 {"file-system", 0x200000, 0x5b0000},
267 {"soft-version", 0x7b0000, 0x00100},
268 {"support-list", 0x7b1000, 0x00400},
269 {"user-config", 0x7c0000, 0x10000},
270 {"default-config", 0x7d0000, 0x10000},
271 {"log", 0x7e0000, 0x10000},
272 {"radio", 0x7f0000, 0x10000},
273 {NULL, 0, 0}
274 },
275
276 .first_sysupgrade_partition = "os-image",
277 .last_sysupgrade_partition = "support-list",
278 },
279
280 {
281 .id = "WBS510",
282 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
283 .support_list =
284 "SupportList:\r\n"
285 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
286 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
287 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
288 .support_trail = '\xff',
289 .soft_ver = NULL,
290
291 .partitions = {
292 {"fs-uboot", 0x00000, 0x20000},
293 {"partition-table", 0x20000, 0x02000},
294 {"default-mac", 0x30000, 0x00020},
295 {"product-info", 0x31100, 0x00100},
296 {"signature", 0x32000, 0x00400},
297 {"os-image", 0x40000, 0x1c0000},
298 {"file-system", 0x200000, 0x5b0000},
299 {"soft-version", 0x7b0000, 0x00100},
300 {"support-list", 0x7b1000, 0x00400},
301 {"user-config", 0x7c0000, 0x10000},
302 {"default-config", 0x7d0000, 0x10000},
303 {"log", 0x7e0000, 0x10000},
304 {"radio", 0x7f0000, 0x10000},
305 {NULL, 0, 0}
306 },
307
308 .first_sysupgrade_partition = "os-image",
309 .last_sysupgrade_partition = "support-list",
310 },
311
312 /** Firmware layout for the C2600 */
313 {
314 .id = "C2600",
315 .vendor = "",
316 .support_list =
317 "SupportList:\r\n"
318 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
319 .support_trail = '\x00',
320 .soft_ver = NULL,
321
322 /**
323 We use a bigger os-image partition than the stock images (and thus
324 smaller file-system), as our kernel doesn't fit in the stock firmware's
325 2 MB os-image since kernel 4.14.
326 */
327 .partitions = {
328 {"SBL1", 0x00000, 0x20000},
329 {"MIBIB", 0x20000, 0x20000},
330 {"SBL2", 0x40000, 0x20000},
331 {"SBL3", 0x60000, 0x30000},
332 {"DDRCONFIG", 0x90000, 0x10000},
333 {"SSD", 0xa0000, 0x10000},
334 {"TZ", 0xb0000, 0x30000},
335 {"RPM", 0xe0000, 0x20000},
336 {"fs-uboot", 0x100000, 0x70000},
337 {"uboot-env", 0x170000, 0x40000},
338 {"radio", 0x1b0000, 0x40000},
339 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
340 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
341 {"default-mac", 0x1ef0000, 0x00200},
342 {"pin", 0x1ef0200, 0x00200},
343 {"product-info", 0x1ef0400, 0x0fc00},
344 {"partition-table", 0x1f00000, 0x10000},
345 {"soft-version", 0x1f10000, 0x10000},
346 {"support-list", 0x1f20000, 0x10000},
347 {"profile", 0x1f30000, 0x10000},
348 {"default-config", 0x1f40000, 0x10000},
349 {"user-config", 0x1f50000, 0x40000},
350 {"qos-db", 0x1f90000, 0x40000},
351 {"usb-config", 0x1fd0000, 0x10000},
352 {"log", 0x1fe0000, 0x20000},
353 {NULL, 0, 0}
354 },
355
356 .first_sysupgrade_partition = "os-image",
357 .last_sysupgrade_partition = "file-system"
358 },
359
360 /** Firmware layout for the C25v1 */
361 {
362 .id = "ARCHER-C25-V1",
363 .support_list =
364 "SupportList:\n"
365 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
366 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
367 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
368 .support_trail = '\x00',
369 .soft_ver = "soft_ver:1.0.0\n",
370
371 /* We're using a dynamic kernel/rootfs split here */
372 .partitions = {
373 {"factory-boot", 0x00000, 0x20000},
374 {"fs-uboot", 0x20000, 0x10000},
375 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
376 /* Stock: name file-system base 0x130000 size 0x6a0000 */
377 {"user-config", 0x7d0000, 0x04000},
378 {"default-mac", 0x7e0000, 0x00100},
379 {"device-id", 0x7e0100, 0x00100},
380 {"extra-para", 0x7e0200, 0x00100},
381 {"pin", 0x7e0300, 0x00100},
382 {"support-list", 0x7e0400, 0x00400},
383 {"soft-version", 0x7e0800, 0x00400},
384 {"product-info", 0x7e0c00, 0x01400},
385 {"partition-table", 0x7e2000, 0x01000},
386 {"profile", 0x7e3000, 0x01000},
387 {"default-config", 0x7e4000, 0x04000},
388 {"merge-config", 0x7ec000, 0x02000},
389 {"qos-db", 0x7ee000, 0x02000},
390 {"radio", 0x7f0000, 0x10000},
391 {NULL, 0, 0}
392 },
393
394 .first_sysupgrade_partition = "os-image",
395 .last_sysupgrade_partition = "file-system",
396 },
397
398 /** Firmware layout for the C58v1 */
399 {
400 .id = "ARCHER-C58-V1",
401 .vendor = "",
402 .support_list =
403 "SupportList:\r\n"
404 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
405 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
406 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
407 .support_trail = '\x00',
408 .soft_ver = "soft_ver:1.0.0\n",
409
410 .partitions = {
411 {"fs-uboot", 0x00000, 0x10000},
412 {"default-mac", 0x10000, 0x00200},
413 {"pin", 0x10200, 0x00200},
414 {"product-info", 0x10400, 0x00100},
415 {"partition-table", 0x10500, 0x00800},
416 {"soft-version", 0x11300, 0x00200},
417 {"support-list", 0x11500, 0x00100},
418 {"device-id", 0x11600, 0x00100},
419 {"profile", 0x11700, 0x03900},
420 {"default-config", 0x15000, 0x04000},
421 {"user-config", 0x19000, 0x04000},
422 {"firmware", 0x20000, 0x7c8000},
423 {"certyficate", 0x7e8000, 0x08000},
424 {"radio", 0x7f0000, 0x10000},
425 {NULL, 0, 0}
426 },
427
428 .first_sysupgrade_partition = "os-image",
429 .last_sysupgrade_partition = "file-system",
430 },
431
432 /** Firmware layout for the C59v1 */
433 {
434 .id = "ARCHER-C59-V1",
435 .vendor = "",
436 .support_list =
437 "SupportList:\r\n"
438 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
439 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
440 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
441 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
442 .support_trail = '\x00',
443 .soft_ver = "soft_ver:1.0.0\n",
444
445 /* We're using a dynamic kernel/rootfs split here */
446 .partitions = {
447 {"fs-uboot", 0x00000, 0x10000},
448 {"default-mac", 0x10000, 0x00200},
449 {"pin", 0x10200, 0x00200},
450 {"device-id", 0x10400, 0x00100},
451 {"product-info", 0x10500, 0x0fb00},
452 {"firmware", 0x20000, 0xe30000},
453 {"partition-table", 0xe50000, 0x10000},
454 {"soft-version", 0xe60000, 0x10000},
455 {"support-list", 0xe70000, 0x10000},
456 {"profile", 0xe80000, 0x10000},
457 {"default-config", 0xe90000, 0x10000},
458 {"user-config", 0xea0000, 0x40000},
459 {"usb-config", 0xee0000, 0x10000},
460 {"certificate", 0xef0000, 0x10000},
461 {"qos-db", 0xf00000, 0x40000},
462 {"log", 0xfe0000, 0x10000},
463 {"radio", 0xff0000, 0x10000},
464 {NULL, 0, 0}
465 },
466
467 .first_sysupgrade_partition = "os-image",
468 .last_sysupgrade_partition = "file-system",
469 },
470
471 /** Firmware layout for the C59v2 */
472 {
473 .id = "ARCHER-C59-V2",
474 .vendor = "",
475 .support_list =
476 "SupportList:\r\n"
477 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
478 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
479 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
480 .support_trail = '\x00',
481 .soft_ver = "soft_ver:2.0.0 Build 20161206 rel.7303\n",
482
483 /** We're using a dynamic kernel/rootfs split here */
484 .partitions = {
485 {"factory-boot", 0x00000, 0x20000},
486 {"fs-uboot", 0x20000, 0x10000},
487 {"default-mac", 0x30000, 0x00200},
488 {"pin", 0x30200, 0x00200},
489 {"device-id", 0x30400, 0x00100},
490 {"product-info", 0x30500, 0x0fb00},
491 {"firmware", 0x40000, 0xe10000},
492 {"partition-table", 0xe50000, 0x10000},
493 {"soft-version", 0xe60000, 0x10000},
494 {"support-list", 0xe70000, 0x10000},
495 {"profile", 0xe80000, 0x10000},
496 {"default-config", 0xe90000, 0x10000},
497 {"user-config", 0xea0000, 0x40000},
498 {"usb-config", 0xee0000, 0x10000},
499 {"certificate", 0xef0000, 0x10000},
500 {"extra-para", 0xf00000, 0x10000},
501 {"qos-db", 0xf10000, 0x30000},
502 {"log", 0xfe0000, 0x10000},
503 {"radio", 0xff0000, 0x10000},
504 {NULL, 0, 0}
505 },
506
507 .first_sysupgrade_partition = "os-image",
508 .last_sysupgrade_partition = "file-system",
509 },
510
511 /** Firmware layout for the C60v1 */
512 {
513 .id = "ARCHER-C60-V1",
514 .vendor = "",
515 .support_list =
516 "SupportList:\r\n"
517 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
518 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
519 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
520 .support_trail = '\x00',
521 .soft_ver = "soft_ver:1.0.0\n",
522
523 .partitions = {
524 {"fs-uboot", 0x00000, 0x10000},
525 {"default-mac", 0x10000, 0x00200},
526 {"pin", 0x10200, 0x00200},
527 {"product-info", 0x10400, 0x00100},
528 {"partition-table", 0x10500, 0x00800},
529 {"soft-version", 0x11300, 0x00200},
530 {"support-list", 0x11500, 0x00100},
531 {"device-id", 0x11600, 0x00100},
532 {"profile", 0x11700, 0x03900},
533 {"default-config", 0x15000, 0x04000},
534 {"user-config", 0x19000, 0x04000},
535 {"firmware", 0x20000, 0x7c8000},
536 {"certyficate", 0x7e8000, 0x08000},
537 {"radio", 0x7f0000, 0x10000},
538 {NULL, 0, 0}
539 },
540
541 .first_sysupgrade_partition = "os-image",
542 .last_sysupgrade_partition = "file-system",
543 },
544
545 /** Firmware layout for the C60v2 */
546 {
547 .id = "ARCHER-C60-V2",
548 .vendor = "",
549 .support_list =
550 "SupportList:\r\n"
551 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
552 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
553 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
554 .support_trail = '\x00',
555 .soft_ver = "soft_ver:2.0.0\n",
556
557 .partitions = {
558 {"factory-boot", 0x00000, 0x1fb00},
559 {"default-mac", 0x1fb00, 0x00200},
560 {"pin", 0x1fd00, 0x00100},
561 {"product-info", 0x1fe00, 0x00100},
562 {"device-id", 0x1ff00, 0x00100},
563 {"fs-uboot", 0x20000, 0x10000},
564 {"firmware", 0x30000, 0x7a0000},
565 {"soft-version", 0x7d9500, 0x00100},
566 {"support-list", 0x7d9600, 0x00100},
567 {"extra-para", 0x7d9700, 0x00100},
568 {"profile", 0x7d9800, 0x03000},
569 {"default-config", 0x7dc800, 0x03000},
570 {"partition-table", 0x7df800, 0x00800},
571 {"user-config", 0x7e0000, 0x0c000},
572 {"certificate", 0x7ec000, 0x04000},
573 {"radio", 0x7f0000, 0x10000},
574 {NULL, 0, 0}
575 },
576
577 .first_sysupgrade_partition = "os-image",
578 .last_sysupgrade_partition = "file-system",
579 },
580
581 /** Firmware layout for the C5 */
582 {
583 .id = "ARCHER-C5-V2",
584 .vendor = "",
585 .support_list =
586 "SupportList:\r\n"
587 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
588 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
589 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
590 .support_trail = '\x00',
591 .soft_ver = NULL,
592
593 .partitions = {
594 {"fs-uboot", 0x00000, 0x40000},
595 {"os-image", 0x40000, 0x200000},
596 {"file-system", 0x240000, 0xc00000},
597 {"default-mac", 0xe40000, 0x00200},
598 {"pin", 0xe40200, 0x00200},
599 {"product-info", 0xe40400, 0x00200},
600 {"partition-table", 0xe50000, 0x10000},
601 {"soft-version", 0xe60000, 0x00200},
602 {"support-list", 0xe61000, 0x0f000},
603 {"profile", 0xe70000, 0x10000},
604 {"default-config", 0xe80000, 0x10000},
605 {"user-config", 0xe90000, 0x50000},
606 {"log", 0xee0000, 0x100000},
607 {"radio_bk", 0xfe0000, 0x10000},
608 {"radio", 0xff0000, 0x10000},
609 {NULL, 0, 0}
610 },
611
612 .first_sysupgrade_partition = "os-image",
613 .last_sysupgrade_partition = "file-system"
614 },
615
616 /** Firmware layout for the C7 */
617 {
618 .id = "ARCHER-C7-V4",
619 .support_list =
620 "SupportList:\n"
621 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
622 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
623 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
624 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
625 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
626 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
627 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
628 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
629 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
630 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
631 .support_trail = '\x00',
632 .soft_ver = "soft_ver:1.0.0\n",
633
634 /* We're using a dynamic kernel/rootfs split here */
635 .partitions = {
636 {"factory-boot", 0x00000, 0x20000},
637 {"fs-uboot", 0x20000, 0x20000},
638 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
639 /* Stock: name file-system base 0x160000 size 0xda0000 */
640 {"default-mac", 0xf00000, 0x00200},
641 {"pin", 0xf00200, 0x00200},
642 {"device-id", 0xf00400, 0x00100},
643 {"product-info", 0xf00500, 0x0fb00},
644 {"soft-version", 0xf10000, 0x00100},
645 {"extra-para", 0xf11000, 0x01000},
646 {"support-list", 0xf12000, 0x0a000},
647 {"profile", 0xf1c000, 0x04000},
648 {"default-config", 0xf20000, 0x10000},
649 {"user-config", 0xf30000, 0x40000},
650 {"qos-db", 0xf70000, 0x40000},
651 {"certificate", 0xfb0000, 0x10000},
652 {"partition-table", 0xfc0000, 0x10000},
653 {"log", 0xfd0000, 0x20000},
654 {"radio", 0xff0000, 0x10000},
655 {NULL, 0, 0}
656 },
657
658 .first_sysupgrade_partition = "os-image",
659 .last_sysupgrade_partition = "file-system",
660 },
661
662 /** Firmware layout for the C7 v5*/
663 {
664 .id = "ARCHER-C7-V5",
665 .support_list =
666 "SupportList:\n"
667 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
668 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n",
669
670 .support_trail = '\x00',
671 .soft_ver = "soft_ver:1.0.0\n",
672
673 /* We're using a dynamic kernel/rootfs split here */
674 .partitions = {
675 {"factory-boot", 0x00000, 0x20000},
676 {"fs-uboot", 0x20000, 0x20000},
677 {"partition-table", 0x40000, 0x10000},
678 {"radio", 0x50000, 0x10000},
679 {"default-mac", 0x60000, 0x00200},
680 {"pin", 0x60200, 0x00200},
681 {"device-id", 0x60400, 0x00100},
682 {"product-info", 0x60500, 0x0fb00},
683 {"soft-version", 0x70000, 0x01000},
684 {"extra-para", 0x71000, 0x01000},
685 {"support-list", 0x72000, 0x0a000},
686 {"profile", 0x7c000, 0x04000},
687 {"user-config", 0x80000, 0x40000},
688
689
690 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
691 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
692
693 {"log", 0xfc0000, 0x20000},
694 {"certificate", 0xfe0000, 0x10000},
695 {"default-config", 0xff0000, 0x10000},
696 {NULL, 0, 0}
697
698 },
699
700 .first_sysupgrade_partition = "os-image",
701 .last_sysupgrade_partition = "file-system",
702 },
703
704 /** Firmware layout for the C9 */
705 {
706 .id = "ARCHERC9",
707 .vendor = "",
708 .support_list =
709 "SupportList:\n"
710 "{product_name:ArcherC9,"
711 "product_ver:1.0.0,"
712 "special_id:00000000}\n",
713 .support_trail = '\x00',
714 .soft_ver = NULL,
715
716 .partitions = {
717 {"fs-uboot", 0x00000, 0x40000},
718 {"os-image", 0x40000, 0x200000},
719 {"file-system", 0x240000, 0xc00000},
720 {"default-mac", 0xe40000, 0x00200},
721 {"pin", 0xe40200, 0x00200},
722 {"product-info", 0xe40400, 0x00200},
723 {"partition-table", 0xe50000, 0x10000},
724 {"soft-version", 0xe60000, 0x00200},
725 {"support-list", 0xe61000, 0x0f000},
726 {"profile", 0xe70000, 0x10000},
727 {"default-config", 0xe80000, 0x10000},
728 {"user-config", 0xe90000, 0x50000},
729 {"log", 0xee0000, 0x100000},
730 {"radio_bk", 0xfe0000, 0x10000},
731 {"radio", 0xff0000, 0x10000},
732 {NULL, 0, 0}
733 },
734
735 .first_sysupgrade_partition = "os-image",
736 .last_sysupgrade_partition = "file-system"
737 },
738
739 /** Firmware layout for the EAP120 */
740 {
741 .id = "EAP120",
742 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
743 .support_list =
744 "SupportList:\r\n"
745 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
746 .support_trail = '\xff',
747 .soft_ver = NULL,
748
749 .partitions = {
750 {"fs-uboot", 0x00000, 0x20000},
751 {"partition-table", 0x20000, 0x02000},
752 {"default-mac", 0x30000, 0x00020},
753 {"support-list", 0x31000, 0x00100},
754 {"product-info", 0x31100, 0x00100},
755 {"soft-version", 0x32000, 0x00100},
756 {"os-image", 0x40000, 0x180000},
757 {"file-system", 0x1c0000, 0x600000},
758 {"user-config", 0x7c0000, 0x10000},
759 {"backup-config", 0x7d0000, 0x10000},
760 {"log", 0x7e0000, 0x10000},
761 {"radio", 0x7f0000, 0x10000},
762 {NULL, 0, 0}
763 },
764
765 .first_sysupgrade_partition = "os-image",
766 .last_sysupgrade_partition = "file-system"
767 },
768
769 /** Firmware layout for the TL-WA850RE v2 */
770 {
771 .id = "TLWA850REV2",
772 .vendor = "",
773 .support_list =
774 "SupportList:\n"
775 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
776 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
777 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
778 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
779 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
780 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
781 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
782 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
783 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
784 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
785 .support_trail = '\x00',
786 .soft_ver = NULL,
787
788 /**
789 576KB were moved from file-system to os-image
790 in comparison to the stock image
791 */
792 .partitions = {
793 {"fs-uboot", 0x00000, 0x20000},
794 {"os-image", 0x20000, 0x150000},
795 {"file-system", 0x170000, 0x240000},
796 {"partition-table", 0x3b0000, 0x02000},
797 {"default-mac", 0x3c0000, 0x00020},
798 {"pin", 0x3c0100, 0x00020},
799 {"product-info", 0x3c1000, 0x01000},
800 {"soft-version", 0x3c2000, 0x00100},
801 {"support-list", 0x3c3000, 0x01000},
802 {"profile", 0x3c4000, 0x08000},
803 {"user-config", 0x3d0000, 0x10000},
804 {"default-config", 0x3e0000, 0x10000},
805 {"radio", 0x3f0000, 0x10000},
806 {NULL, 0, 0}
807 },
808
809 .first_sysupgrade_partition = "os-image",
810 .last_sysupgrade_partition = "file-system"
811 },
812
813 /** Firmware layout for the TL-WA855RE v1 */
814 {
815 .id = "TLWA855REV1",
816 .vendor = "",
817 .support_list =
818 "SupportList:\n"
819 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
820 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
821 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
822 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
823 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
824 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
825 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
826 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
827 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
828 .support_trail = '\x00',
829 .soft_ver = NULL,
830
831 .partitions = {
832 {"fs-uboot", 0x00000, 0x20000},
833 {"os-image", 0x20000, 0x150000},
834 {"file-system", 0x170000, 0x240000},
835 {"partition-table", 0x3b0000, 0x02000},
836 {"default-mac", 0x3c0000, 0x00020},
837 {"pin", 0x3c0100, 0x00020},
838 {"product-info", 0x3c1000, 0x01000},
839 {"soft-version", 0x3c2000, 0x00100},
840 {"support-list", 0x3c3000, 0x01000},
841 {"profile", 0x3c4000, 0x08000},
842 {"user-config", 0x3d0000, 0x10000},
843 {"default-config", 0x3e0000, 0x10000},
844 {"radio", 0x3f0000, 0x10000},
845 {NULL, 0, 0}
846 },
847
848 .first_sysupgrade_partition = "os-image",
849 .last_sysupgrade_partition = "file-system"
850 },
851
852 /** Firmware layout for the TL-WR1043 v5 */
853 {
854 .id = "TLWR1043NV5",
855 .vendor = "",
856 .support_list =
857 "SupportList:\n"
858 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
859 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
860 .support_trail = '\x00',
861 .soft_ver = "soft_ver:1.0.0\n",
862 .partitions = {
863 {"factory-boot", 0x00000, 0x20000},
864 {"fs-uboot", 0x20000, 0x20000},
865 {"firmware", 0x40000, 0xec0000},
866 {"default-mac", 0xf00000, 0x00200},
867 {"pin", 0xf00200, 0x00200},
868 {"device-id", 0xf00400, 0x00100},
869 {"product-info", 0xf00500, 0x0fb00},
870 {"soft-version", 0xf10000, 0x01000},
871 {"extra-para", 0xf11000, 0x01000},
872 {"support-list", 0xf12000, 0x0a000},
873 {"profile", 0xf1c000, 0x04000},
874 {"default-config", 0xf20000, 0x10000},
875 {"user-config", 0xf30000, 0x40000},
876 {"qos-db", 0xf70000, 0x40000},
877 {"certificate", 0xfb0000, 0x10000},
878 {"partition-table", 0xfc0000, 0x10000},
879 {"log", 0xfd0000, 0x20000},
880 {"radio", 0xff0000, 0x10000},
881 {NULL, 0, 0}
882 },
883 .first_sysupgrade_partition = "os-image",
884 .last_sysupgrade_partition = "file-system"
885 },
886
887 /** Firmware layout for the TL-WR1043 v4 */
888 {
889 .id = "TLWR1043NDV4",
890 .vendor = "",
891 .support_list =
892 "SupportList:\n"
893 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
894 .support_trail = '\x00',
895 .soft_ver = NULL,
896
897 /* We're using a dynamic kernel/rootfs split here */
898 .partitions = {
899 {"fs-uboot", 0x00000, 0x20000},
900 {"firmware", 0x20000, 0xf30000},
901 {"default-mac", 0xf50000, 0x00200},
902 {"pin", 0xf50200, 0x00200},
903 {"product-info", 0xf50400, 0x0fc00},
904 {"soft-version", 0xf60000, 0x0b000},
905 {"support-list", 0xf6b000, 0x04000},
906 {"profile", 0xf70000, 0x04000},
907 {"default-config", 0xf74000, 0x0b000},
908 {"user-config", 0xf80000, 0x40000},
909 {"partition-table", 0xfc0000, 0x10000},
910 {"log", 0xfd0000, 0x20000},
911 {"radio", 0xff0000, 0x10000},
912 {NULL, 0, 0}
913 },
914
915 .first_sysupgrade_partition = "os-image",
916 .last_sysupgrade_partition = "file-system"
917 },
918
919 /** Firmware layout for the TL-WR902AC v1 */
920 {
921 .id = "TL-WR902AC-V1",
922 .vendor = "",
923 .support_list =
924 "SupportList:\n"
925 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
926 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
927 .support_trail = '\x00',
928 .soft_ver = NULL,
929
930 /**
931 384KB were moved from file-system to os-image
932 in comparison to the stock image
933 */
934 .partitions = {
935 {"fs-uboot", 0x00000, 0x20000},
936 {"firmware", 0x20000, 0x730000},
937 {"default-mac", 0x750000, 0x00200},
938 {"pin", 0x750200, 0x00200},
939 {"product-info", 0x750400, 0x0fc00},
940 {"soft-version", 0x760000, 0x0b000},
941 {"support-list", 0x76b000, 0x04000},
942 {"profile", 0x770000, 0x04000},
943 {"default-config", 0x774000, 0x0b000},
944 {"user-config", 0x780000, 0x40000},
945 {"partition-table", 0x7c0000, 0x10000},
946 {"log", 0x7d0000, 0x20000},
947 {"radio", 0x7f0000, 0x10000},
948 {NULL, 0, 0}
949 },
950
951 .first_sysupgrade_partition = "os-image",
952 .last_sysupgrade_partition = "file-system",
953 },
954
955 /** Firmware layout for the TL-WR942N V1 */
956 {
957 .id = "TLWR942NV1",
958 .vendor = "",
959 .support_list =
960 "SupportList:\r\n"
961 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
962 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
963 .support_trail = '\x00',
964 .soft_ver = NULL,
965
966 .partitions = {
967 {"fs-uboot", 0x00000, 0x20000},
968 {"firmware", 0x20000, 0xe20000},
969 {"default-mac", 0xe40000, 0x00200},
970 {"pin", 0xe40200, 0x00200},
971 {"product-info", 0xe40400, 0x0fc00},
972 {"partition-table", 0xe50000, 0x10000},
973 {"soft-version", 0xe60000, 0x10000},
974 {"support-list", 0xe70000, 0x10000},
975 {"profile", 0xe80000, 0x10000},
976 {"default-config", 0xe90000, 0x10000},
977 {"user-config", 0xea0000, 0x40000},
978 {"qos-db", 0xee0000, 0x40000},
979 {"certificate", 0xf20000, 0x10000},
980 {"usb-config", 0xfb0000, 0x10000},
981 {"log", 0xfc0000, 0x20000},
982 {"radio-bk", 0xfe0000, 0x10000},
983 {"radio", 0xff0000, 0x10000},
984 {NULL, 0, 0}
985 },
986
987 .first_sysupgrade_partition = "os-image",
988 .last_sysupgrade_partition = "file-system",
989 },
990
991 /** Firmware layout for the RE350 v1 */
992 {
993 .id = "RE350-V1",
994 .vendor = "",
995 .support_list =
996 "SupportList:\n"
997 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
998 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
999 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1000 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1001 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1002 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1003 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1004 .support_trail = '\x00',
1005 .soft_ver = NULL,
1006
1007 /** We're using a dynamic kernel/rootfs split here */
1008 .partitions = {
1009 {"fs-uboot", 0x00000, 0x20000},
1010 {"firmware", 0x20000, 0x5e0000},
1011 {"partition-table", 0x600000, 0x02000},
1012 {"default-mac", 0x610000, 0x00020},
1013 {"pin", 0x610100, 0x00020},
1014 {"product-info", 0x611100, 0x01000},
1015 {"soft-version", 0x620000, 0x01000},
1016 {"support-list", 0x621000, 0x01000},
1017 {"profile", 0x622000, 0x08000},
1018 {"user-config", 0x630000, 0x10000},
1019 {"default-config", 0x640000, 0x10000},
1020 {"radio", 0x7f0000, 0x10000},
1021 {NULL, 0, 0}
1022 },
1023
1024 .first_sysupgrade_partition = "os-image",
1025 .last_sysupgrade_partition = "file-system"
1026 },
1027
1028 /** Firmware layout for the RE355 */
1029 {
1030 .id = "RE355",
1031 .vendor = "",
1032 .support_list =
1033 "SupportList:\r\n"
1034 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1035 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1036 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1037 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1038 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1039 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1040 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1041 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1042 .support_trail = '\x00',
1043 .soft_ver = NULL,
1044
1045 /* We're using a dynamic kernel/rootfs split here */
1046 .partitions = {
1047 {"fs-uboot", 0x00000, 0x20000},
1048 {"firmware", 0x20000, 0x5e0000},
1049 {"partition-table", 0x600000, 0x02000},
1050 {"default-mac", 0x610000, 0x00020},
1051 {"pin", 0x610100, 0x00020},
1052 {"product-info", 0x611100, 0x01000},
1053 {"soft-version", 0x620000, 0x01000},
1054 {"support-list", 0x621000, 0x01000},
1055 {"profile", 0x622000, 0x08000},
1056 {"user-config", 0x630000, 0x10000},
1057 {"default-config", 0x640000, 0x10000},
1058 {"radio", 0x7f0000, 0x10000},
1059 {NULL, 0, 0}
1060 },
1061
1062 .first_sysupgrade_partition = "os-image",
1063 .last_sysupgrade_partition = "file-system"
1064 },
1065
1066 /** Firmware layout for the RE450 */
1067 {
1068 .id = "RE450",
1069 .vendor = "",
1070 .support_list =
1071 "SupportList:\r\n"
1072 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1073 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1074 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1075 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1076 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1077 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1078 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1079 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1080 .support_trail = '\x00',
1081 .soft_ver = NULL,
1082
1083 /** We're using a dynamic kernel/rootfs split here */
1084 .partitions = {
1085 {"fs-uboot", 0x00000, 0x20000},
1086 {"firmware", 0x20000, 0x5e0000},
1087 {"partition-table", 0x600000, 0x02000},
1088 {"default-mac", 0x610000, 0x00020},
1089 {"pin", 0x610100, 0x00020},
1090 {"product-info", 0x611100, 0x01000},
1091 {"soft-version", 0x620000, 0x01000},
1092 {"support-list", 0x621000, 0x01000},
1093 {"profile", 0x622000, 0x08000},
1094 {"user-config", 0x630000, 0x10000},
1095 {"default-config", 0x640000, 0x10000},
1096 {"radio", 0x7f0000, 0x10000},
1097 {NULL, 0, 0}
1098 },
1099
1100 .first_sysupgrade_partition = "os-image",
1101 .last_sysupgrade_partition = "file-system"
1102 },
1103
1104 /** Firmware layout for the RE450 v2 */
1105 {
1106 .id = "RE450-V2",
1107 .vendor = "",
1108 .support_list =
1109 "SupportList:\r\n"
1110 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1111 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1112 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1113 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1114 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1115 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1116 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1117 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1118 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1119 .support_trail = '\x00',
1120 .soft_ver = NULL,
1121
1122 /* We're using a dynamic kernel/rootfs split here */
1123 .partitions = {
1124 {"fs-uboot", 0x00000, 0x20000},
1125 {"firmware", 0x20000, 0x5e0000},
1126 {"partition-table", 0x600000, 0x02000},
1127 {"default-mac", 0x610000, 0x00020},
1128 {"pin", 0x610100, 0x00020},
1129 {"product-info", 0x611100, 0x01000},
1130 {"soft-version", 0x620000, 0x01000},
1131 {"support-list", 0x621000, 0x01000},
1132 {"profile", 0x622000, 0x08000},
1133 {"user-config", 0x630000, 0x10000},
1134 {"default-config", 0x640000, 0x10000},
1135 {"radio", 0x7f0000, 0x10000},
1136
1137 {NULL, 0, 0}
1138 },
1139
1140 .first_sysupgrade_partition = "os-image",
1141 .last_sysupgrade_partition = "file-system"
1142 },
1143
1144 {}
1145 };
1146
1147 #define error(_ret, _errno, _str, ...) \
1148 do { \
1149 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1150 strerror(_errno)); \
1151 if (_ret) \
1152 exit(_ret); \
1153 } while (0)
1154
1155
1156 /** Stores a uint32 as big endian */
1157 static inline void put32(uint8_t *buf, uint32_t val) {
1158 buf[0] = val >> 24;
1159 buf[1] = val >> 16;
1160 buf[2] = val >> 8;
1161 buf[3] = val;
1162 }
1163
1164 /** Allocates a new image partition */
1165 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
1166 struct image_partition_entry entry = {name, len, malloc(len)};
1167 if (!entry.data)
1168 error(1, errno, "malloc");
1169
1170 return entry;
1171 }
1172
1173 /** Frees an image partition */
1174 static void free_image_partition(struct image_partition_entry entry) {
1175 free(entry.data);
1176 }
1177
1178 static time_t source_date_epoch = -1;
1179 static void set_source_date_epoch() {
1180 char *env = getenv("SOURCE_DATE_EPOCH");
1181 char *endptr = env;
1182 errno = 0;
1183 if (env && *env) {
1184 source_date_epoch = strtoull(env, &endptr, 10);
1185 if (errno || (endptr && *endptr != '\0')) {
1186 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1187 exit(1);
1188 }
1189 }
1190 }
1191
1192 /** Generates the partition-table partition */
1193 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1194 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1195
1196 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1197
1198 *(s++) = 0x00;
1199 *(s++) = 0x04;
1200 *(s++) = 0x00;
1201 *(s++) = 0x00;
1202
1203 size_t i;
1204 for (i = 0; p[i].name; i++) {
1205 size_t len = end-s;
1206 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1207
1208 if (w > len-1)
1209 error(1, 0, "flash partition table overflow?");
1210
1211 s += w;
1212 }
1213
1214 s++;
1215
1216 memset(s, 0xff, end-s);
1217
1218 return entry;
1219 }
1220
1221
1222 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1223 static inline uint8_t bcd(uint8_t v) {
1224 return 0x10 * (v/10) + v%10;
1225 }
1226
1227
1228 /** Generates the soft-version partition */
1229 static struct image_partition_entry make_soft_version(uint32_t rev) {
1230 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1231 struct soft_version *s = (struct soft_version *)entry.data;
1232
1233 time_t t;
1234
1235 if (source_date_epoch != -1)
1236 t = source_date_epoch;
1237 else if (time(&t) == (time_t)(-1))
1238 error(1, errno, "time");
1239
1240 struct tm *tm = localtime(&t);
1241
1242 s->magic = htonl(0x0000000c);
1243 s->zero = 0;
1244 s->pad1 = 0xff;
1245
1246 s->version_major = 0;
1247 s->version_minor = 0;
1248 s->version_patch = 0;
1249
1250 s->year_hi = bcd((1900+tm->tm_year)/100);
1251 s->year_lo = bcd(tm->tm_year%100);
1252 s->month = bcd(tm->tm_mon+1);
1253 s->day = bcd(tm->tm_mday);
1254 s->rev = htonl(rev);
1255
1256 s->pad2 = 0xff;
1257
1258 return entry;
1259 }
1260
1261 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1262 /** String length _including_ the terminating zero byte */
1263 uint32_t ver_len = strlen(soft_ver) + 1;
1264 /** Partition contains 64 bit header, the version string, and one additional null byte */
1265 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1266 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1267
1268 uint32_t *len = (uint32_t *)entry.data;
1269 len[0] = htonl(ver_len);
1270 len[1] = 0;
1271 memcpy(&len[2], soft_ver, ver_len);
1272
1273 entry.data[partition_len - 1] = 0;
1274
1275 return entry;
1276 }
1277
1278 /** Generates the support-list partition */
1279 static struct image_partition_entry make_support_list(struct device_info *info) {
1280 size_t len = strlen(info->support_list);
1281 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1282
1283 put32(entry.data, len);
1284 memset(entry.data+4, 0, 4);
1285 memcpy(entry.data+8, info->support_list, len);
1286 entry.data[len+8] = info->support_trail;
1287
1288 return entry;
1289 }
1290
1291 /** Creates a new image partition with an arbitrary name from a file */
1292 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof, struct flash_partition_entry *file_system_partition) {
1293 struct stat statbuf;
1294
1295 if (stat(filename, &statbuf) < 0)
1296 error(1, errno, "unable to stat file `%s'", filename);
1297
1298 size_t len = statbuf.st_size;
1299
1300 if (add_jffs2_eof)
1301 if (file_system_partition)
1302 len = ALIGN(len + file_system_partition->base, 0x10000) + sizeof(jffs2_eof_mark) - file_system_partition->base;
1303 else
1304 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1305
1306 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1307
1308 FILE *file = fopen(filename, "rb");
1309 if (!file)
1310 error(1, errno, "unable to open file `%s'", filename);
1311
1312 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1313 error(1, errno, "unable to read file `%s'", filename);
1314
1315 if (add_jffs2_eof) {
1316 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1317
1318 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1319 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1320 }
1321
1322 fclose(file);
1323
1324 return entry;
1325 }
1326
1327 /** Creates a new image partition from arbitrary data */
1328 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1329
1330 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1331
1332 memcpy(entry.data, datain, len);
1333
1334 return entry;
1335 }
1336
1337 /**
1338 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1339
1340 Example image partition table:
1341
1342 fwup-ptn partition-table base 0x00800 size 0x00800
1343 fwup-ptn os-image base 0x01000 size 0x113b45
1344 fwup-ptn file-system base 0x114b45 size 0x1d0004
1345 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1346
1347 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1348 the end of the partition table is marked with a zero byte.
1349
1350 The firmware image must contain at least the partition-table and support-list partitions
1351 to be accepted. There aren't any alignment constraints for the image partitions.
1352
1353 The partition-table partition contains the actual flash layout; partitions
1354 from the image partition table are mapped to the corresponding flash partitions during
1355 the firmware upgrade. The support-list partition contains a list of devices supported by
1356 the firmware image.
1357
1358 The base offsets in the firmware partition table are relative to the end
1359 of the vendor information block, so the partition-table partition will
1360 actually start at offset 0x1814 of the image.
1361
1362 I think partition-table must be the first partition in the firmware image.
1363 */
1364 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1365 size_t i, j;
1366 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1367
1368 size_t base = 0x800;
1369 for (i = 0; parts[i].name; i++) {
1370 for (j = 0; flash_parts[j].name; j++) {
1371 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1372 if (parts[i].size > flash_parts[j].size)
1373 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1374 break;
1375 }
1376 }
1377
1378 assert(flash_parts[j].name);
1379
1380 memcpy(buffer + base, parts[i].data, parts[i].size);
1381
1382 size_t len = end-image_pt;
1383 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1384
1385 if (w > len-1)
1386 error(1, 0, "image partition table overflow?");
1387
1388 image_pt += w;
1389
1390 base += parts[i].size;
1391 }
1392 }
1393
1394 /** Generates and writes the image MD5 checksum */
1395 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1396 MD5_CTX ctx;
1397
1398 MD5_Init(&ctx);
1399 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1400 MD5_Update(&ctx, buffer, len);
1401 MD5_Final(md5, &ctx);
1402 }
1403
1404
1405 /**
1406 Generates the firmware image in factory format
1407
1408 Image format:
1409
1410 Bytes (hex) Usage
1411 ----------- -----
1412 0000-0003 Image size (4 bytes, big endian)
1413 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1414 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1415 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1416 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1417 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1418 1814-xxxx Firmware partitions
1419 */
1420 static void * generate_factory_image(struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1421 *len = 0x1814;
1422
1423 size_t i;
1424 for (i = 0; parts[i].name; i++)
1425 *len += parts[i].size;
1426
1427 uint8_t *image = malloc(*len);
1428 if (!image)
1429 error(1, errno, "malloc");
1430
1431 memset(image, 0xff, *len);
1432 put32(image, *len);
1433
1434 if (info->vendor) {
1435 size_t vendor_len = strlen(info->vendor);
1436 put32(image+0x14, vendor_len);
1437 memcpy(image+0x18, info->vendor, vendor_len);
1438 }
1439
1440 put_partitions(image + 0x1014, info->partitions, parts);
1441 put_md5(image+0x04, image+0x14, *len-0x14);
1442
1443 return image;
1444 }
1445
1446 /**
1447 Generates the firmware image in sysupgrade format
1448
1449 This makes some assumptions about the provided flash and image partition tables and
1450 should be generalized when TP-LINK starts building its safeloader into hardware with
1451 different flash layouts.
1452 */
1453 static void * generate_sysupgrade_image(struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1454 size_t i, j;
1455 size_t flash_first_partition_index = 0;
1456 size_t flash_last_partition_index = 0;
1457 const struct flash_partition_entry *flash_first_partition = NULL;
1458 const struct flash_partition_entry *flash_last_partition = NULL;
1459 const struct image_partition_entry *image_last_partition = NULL;
1460
1461 /** Find first and last partitions */
1462 for (i = 0; info->partitions[i].name; i++) {
1463 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1464 flash_first_partition = &info->partitions[i];
1465 flash_first_partition_index = i;
1466 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1467 flash_last_partition = &info->partitions[i];
1468 flash_last_partition_index = i;
1469 }
1470 }
1471
1472 assert(flash_first_partition && flash_last_partition);
1473 assert(flash_first_partition_index < flash_last_partition_index);
1474
1475 /** Find last partition from image to calculate needed size */
1476 for (i = 0; image_parts[i].name; i++) {
1477 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1478 image_last_partition = &image_parts[i];
1479 break;
1480 }
1481 }
1482
1483 assert(image_last_partition);
1484
1485 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1486
1487 uint8_t *image = malloc(*len);
1488 if (!image)
1489 error(1, errno, "malloc");
1490
1491 memset(image, 0xff, *len);
1492
1493 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1494 for (j = 0; image_parts[j].name; j++) {
1495 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1496 if (image_parts[j].size > info->partitions[i].size)
1497 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1498 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1499 break;
1500 }
1501
1502 assert(image_parts[j].name);
1503 }
1504 }
1505
1506 return image;
1507 }
1508
1509 /** Generates an image according to a given layout and writes it to a file */
1510 static void build_image(const char *output,
1511 const char *kernel_image,
1512 const char *rootfs_image,
1513 uint32_t rev,
1514 bool add_jffs2_eof,
1515 bool sysupgrade,
1516 struct device_info *info) {
1517
1518 size_t i;
1519
1520 struct image_partition_entry parts[7] = {};
1521
1522 struct flash_partition_entry *firmware_partition = NULL;
1523 struct flash_partition_entry *os_image_partition = NULL;
1524 struct flash_partition_entry *file_system_partition = NULL;
1525 size_t firmware_partition_index = 0;
1526
1527 for (i = 0; info->partitions[i].name; i++) {
1528 if (!strcmp(info->partitions[i].name, "firmware"))
1529 {
1530 firmware_partition = &info->partitions[i];
1531 firmware_partition_index = i;
1532 }
1533 }
1534
1535 if (firmware_partition)
1536 {
1537 os_image_partition = &info->partitions[firmware_partition_index];
1538 file_system_partition = &info->partitions[firmware_partition_index + 1];
1539
1540 struct stat kernel;
1541 if (stat(kernel_image, &kernel) < 0)
1542 error(1, errno, "unable to stat file `%s'", kernel_image);
1543
1544 if (kernel.st_size > firmware_partition->size)
1545 error(1, 0, "kernel overflowed firmware partition\n");
1546
1547 for (i = MAX_PARTITIONS-1; i >= firmware_partition_index + 1; i--)
1548 info->partitions[i+1] = info->partitions[i];
1549
1550 file_system_partition->name = "file-system";
1551 file_system_partition->base = firmware_partition->base + kernel.st_size;
1552
1553 /* Align partition start to erase blocks for factory images only */
1554 if (!sysupgrade)
1555 file_system_partition->base = ALIGN(firmware_partition->base + kernel.st_size, 0x10000);
1556
1557 file_system_partition->size = firmware_partition->size - file_system_partition->base;
1558
1559 os_image_partition->name = "os-image";
1560 os_image_partition->size = kernel.st_size;
1561 }
1562
1563 parts[0] = make_partition_table(info->partitions);
1564 if (info->soft_ver)
1565 parts[1] = make_soft_version_from_string(info->soft_ver);
1566 else
1567 parts[1] = make_soft_version(rev);
1568
1569 parts[2] = make_support_list(info);
1570 parts[3] = read_file("os-image", kernel_image, false, NULL);
1571 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof, file_system_partition);
1572
1573 /* Some devices need the extra-para partition to accept the firmware */
1574 if (strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1575 strcasecmp(info->id, "ARCHER-C59-V2") == 0 ||
1576 strcasecmp(info->id, "ARCHER-C60-V2") == 0 ||
1577 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1578 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1579 parts[5] = put_data("extra-para", mdat, 11);
1580 } else if (strcasecmp(info->id, "ARCHER-C7-V4") == 0 || strcasecmp(info->id, "ARCHER-C7-V5") == 0) {
1581 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1582 parts[5] = put_data("extra-para", mdat, 11);
1583 }
1584
1585 size_t len;
1586 void *image;
1587 if (sysupgrade)
1588 image = generate_sysupgrade_image(info, parts, &len);
1589 else
1590 image = generate_factory_image(info, parts, &len);
1591
1592 FILE *file = fopen(output, "wb");
1593 if (!file)
1594 error(1, errno, "unable to open output file");
1595
1596 if (fwrite(image, len, 1, file) != 1)
1597 error(1, 0, "unable to write output file");
1598
1599 fclose(file);
1600
1601 free(image);
1602
1603 for (i = 0; parts[i].name; i++)
1604 free_image_partition(parts[i]);
1605 }
1606
1607 /** Usage output */
1608 static void usage(const char *argv0) {
1609 fprintf(stderr,
1610 "Usage: %s [OPTIONS...]\n"
1611 "\n"
1612 "Options:\n"
1613 " -h show this help\n"
1614 "\n"
1615 "Create a new image:\n"
1616 " -B <board> create image for the board specified with <board>\n"
1617 " -k <file> read kernel image from the file <file>\n"
1618 " -r <file> read rootfs image from the file <file>\n"
1619 " -o <file> write output to the file <file>\n"
1620 " -V <rev> sets the revision number to <rev>\n"
1621 " -j add jffs2 end-of-filesystem markers\n"
1622 " -S create sysupgrade instead of factory image\n"
1623 "Extract an old image:\n"
1624 " -x <file> extract all oem firmware partition\n"
1625 " -d <dir> destination to extract the firmware partition\n"
1626 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1627 argv0
1628 );
1629 };
1630
1631
1632 static struct device_info *find_board(const char *id)
1633 {
1634 struct device_info *board = NULL;
1635
1636 for (board = boards; board->id != NULL; board++)
1637 if (strcasecmp(id, board->id) == 0)
1638 return board;
1639
1640 return NULL;
1641 }
1642
1643 static int add_flash_partition(
1644 struct flash_partition_entry *part_list,
1645 size_t max_entries,
1646 const char *name,
1647 unsigned long base,
1648 unsigned long size)
1649 {
1650 int ptr;
1651 /* check if the list has a free entry */
1652 for (ptr = 0; ptr < max_entries; ptr++, part_list++) {
1653 if (part_list->name == NULL &&
1654 part_list->base == 0 &&
1655 part_list->size == 0)
1656 break;
1657 }
1658
1659 if (ptr == max_entries) {
1660 error(1, 0, "No free flash part entry available.");
1661 }
1662
1663 part_list->name = calloc(1, strlen(name) + 1);
1664 if (!part_list->name) {
1665 error(1, 0, "Unable to allocate memory");
1666 }
1667
1668 memcpy((char *)part_list->name, name, strlen(name));
1669 part_list->base = base;
1670 part_list->size = size;
1671
1672 return 0;
1673 }
1674
1675 /** read the partition table into struct flash_partition_entry */
1676 static int read_partition_table(
1677 FILE *file, long offset,
1678 struct flash_partition_entry *entries, size_t max_entries,
1679 int type)
1680 {
1681 char buf[2048];
1682 char *ptr, *end;
1683 const char *parthdr = NULL;
1684 const char *fwuphdr = "fwup-ptn";
1685 const char *flashhdr = "partition";
1686
1687 /* TODO: search for the partition table */
1688
1689 switch(type) {
1690 case 0:
1691 parthdr = fwuphdr;
1692 break;
1693 case 1:
1694 parthdr = flashhdr;
1695 break;
1696 default:
1697 error(1, 0, "Invalid partition table");
1698 }
1699
1700 if (fseek(file, offset, SEEK_SET) < 0)
1701 error(1, errno, "Can not seek in the firmware");
1702
1703 if (fread(buf, 1, 2048, file) < 0)
1704 error(1, errno, "Can not read fwup-ptn from the firmware");
1705
1706 buf[2047] = '\0';
1707
1708 /* look for the partition header */
1709 if (memcmp(buf, parthdr, strlen(parthdr)) != 0) {
1710 fprintf(stderr, "DEBUG: can not find fwuphdr\n");
1711 return 1;
1712 }
1713
1714 ptr = buf;
1715 end = buf + sizeof(buf);
1716 while ((ptr + strlen(parthdr)) < end &&
1717 memcmp(ptr, parthdr, strlen(parthdr)) == 0) {
1718 char *end_part;
1719 char *end_element;
1720
1721 char name[32] = { 0 };
1722 int name_len = 0;
1723 unsigned long base = 0;
1724 unsigned long size = 0;
1725
1726 end_part = memchr(ptr, '\n', (end - ptr));
1727 if (end_part == NULL) {
1728 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1729 break;
1730 }
1731
1732 for (int i = 0; i <= 4; i++) {
1733 if (end_part <= ptr)
1734 break;
1735
1736 end_element = memchr(ptr, 0x20, (end_part - ptr));
1737 if (end_element == NULL) {
1738 error(1, errno, "Ignoring the rest of the partition entries.");
1739 break;
1740 }
1741
1742 switch (i) {
1743 /* partition header */
1744 case 0:
1745 ptr = end_element + 1;
1746 continue;
1747 /* name */
1748 case 1:
1749 name_len = (end_element - ptr) > 31 ? 31 : (end_element - ptr);
1750 strncpy(name, ptr, name_len);
1751 name[name_len] = '\0';
1752 ptr = end_element + 1;
1753 continue;
1754
1755 /* string "base" */
1756 case 2:
1757 ptr = end_element + 1;
1758 continue;
1759
1760 /* actual base */
1761 case 3:
1762 base = strtoul(ptr, NULL, 16);
1763 ptr = end_element + 1;
1764 continue;
1765
1766 /* string "size" */
1767 case 4:
1768 ptr = end_element + 1;
1769 /* actual size. The last element doesn't have a sepeartor */
1770 size = strtoul(ptr, NULL, 16);
1771 /* the part ends with 0x09, 0x0d, 0x0a */
1772 ptr = end_part + 1;
1773 add_flash_partition(entries, max_entries, name, base, size);
1774 continue;
1775 }
1776 }
1777 }
1778
1779 return 0;
1780 }
1781
1782 static void write_partition(
1783 FILE *input_file,
1784 size_t firmware_offset,
1785 struct flash_partition_entry *entry,
1786 FILE *output_file)
1787 {
1788 char buf[4096];
1789 size_t offset;
1790
1791 fseek(input_file, entry->base + firmware_offset, SEEK_SET);
1792
1793 for (offset = 0; sizeof(buf) + offset <= entry->size; offset += sizeof(buf)) {
1794 if (fread(buf, sizeof(buf), 1, input_file) < 0)
1795 error(1, errno, "Can not read partition from input_file");
1796
1797 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1798 error(1, errno, "Can not write partition to output_file");
1799 }
1800 /* write last chunk smaller than buffer */
1801 if (offset < entry->size) {
1802 offset = entry->size - offset;
1803 if (fread(buf, offset, 1, input_file) < 0)
1804 error(1, errno, "Can not read partition from input_file");
1805 if (fwrite(buf, offset, 1, output_file) < 0)
1806 error(1, errno, "Can not write partition to output_file");
1807 }
1808 }
1809
1810 static int extract_firmware_partition(FILE *input_file, size_t firmware_offset, struct flash_partition_entry *entry, const char *output_directory)
1811 {
1812 FILE *output_file;
1813 char output[PATH_MAX];
1814
1815 snprintf(output, PATH_MAX, "%s/%s", output_directory, entry->name);
1816 output_file = fopen(output, "wb+");
1817 if (output_file == NULL) {
1818 error(1, errno, "Can not open output file %s", output);
1819 }
1820
1821 write_partition(input_file, firmware_offset, entry, output_file);
1822
1823 fclose(output_file);
1824
1825 return 0;
1826 }
1827
1828 /** extract all partitions from the firmware file */
1829 static int extract_firmware(const char *input, const char *output_directory)
1830 {
1831 struct flash_partition_entry entries[16] = { 0 };
1832 size_t max_entries = 16;
1833 size_t firmware_offset = 0x1014;
1834 FILE *input_file;
1835
1836 struct stat statbuf;
1837
1838 /* check input file */
1839 if (stat(input, &statbuf)) {
1840 error(1, errno, "Can not read input firmware %s", input);
1841 }
1842
1843 /* check if output directory exists */
1844 if (stat(output_directory, &statbuf)) {
1845 error(1, errno, "Failed to stat output directory %s", output_directory);
1846 }
1847
1848 if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
1849 error(1, errno, "Given output directory is not a directory %s", output_directory);
1850 }
1851
1852 input_file = fopen(input, "rb");
1853
1854 if (read_partition_table(input_file, firmware_offset, entries, 16, 0) != 0) {
1855 error(1, 0, "Error can not read the partition table (fwup-ptn)");
1856 }
1857
1858 for (int i = 0; i < max_entries; i++) {
1859 if (entries[i].name == NULL &&
1860 entries[i].base == 0 &&
1861 entries[i].size == 0)
1862 continue;
1863
1864 extract_firmware_partition(input_file, firmware_offset, &entries[i], output_directory);
1865 }
1866
1867 return 0;
1868 }
1869
1870 static struct flash_partition_entry *find_partition(
1871 struct flash_partition_entry *entries, size_t max_entries,
1872 const char *name, const char *error_msg)
1873 {
1874 for (int i = 0; i < max_entries; i++, entries++) {
1875 if (strcmp(entries->name, name) == 0)
1876 return entries;
1877 }
1878
1879 error(1, 0, "%s", error_msg);
1880 return NULL;
1881 }
1882
1883 static void write_ff(FILE *output_file, size_t size)
1884 {
1885 char buf[4096];
1886 int offset;
1887
1888 memset(buf, 0xff, sizeof(buf));
1889
1890 for (offset = 0; offset + sizeof(buf) < size ; offset += sizeof(buf)) {
1891 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1892 error(1, errno, "Can not write 0xff to output_file");
1893 }
1894
1895 /* write last chunk smaller than buffer */
1896 if (offset < size) {
1897 offset = size - offset;
1898 if (fwrite(buf, offset, 1, output_file) < 0)
1899 error(1, errno, "Can not write partition to output_file");
1900 }
1901 }
1902
1903 static void convert_firmware(const char *input, const char *output)
1904 {
1905 struct flash_partition_entry fwup[MAX_PARTITIONS] = { 0 };
1906 struct flash_partition_entry flash[MAX_PARTITIONS] = { 0 };
1907 struct flash_partition_entry *fwup_os_image = NULL, *fwup_file_system = NULL;
1908 struct flash_partition_entry *flash_os_image = NULL, *flash_file_system = NULL;
1909 struct flash_partition_entry *fwup_partition_table = NULL;
1910 size_t firmware_offset = 0x1014;
1911 FILE *input_file, *output_file;
1912
1913 struct stat statbuf;
1914
1915 /* check input file */
1916 if (stat(input, &statbuf)) {
1917 error(1, errno, "Can not read input firmware %s", input);
1918 }
1919
1920 input_file = fopen(input, "rb");
1921 if (!input_file)
1922 error(1, 0, "Can not open input firmware %s", input);
1923
1924 output_file = fopen(output, "wb");
1925 if (!output_file)
1926 error(1, 0, "Can not open output firmware %s", output);
1927
1928 if (read_partition_table(input_file, firmware_offset, fwup, MAX_PARTITIONS, 0) != 0) {
1929 error(1, 0, "Error can not read the partition table (fwup-ptn)");
1930 }
1931
1932 fwup_os_image = find_partition(fwup, MAX_PARTITIONS,
1933 "os-image", "Error can not find os-image partition (fwup)");
1934 fwup_file_system = find_partition(fwup, MAX_PARTITIONS,
1935 "file-system", "Error can not find file-system partition (fwup)");
1936 fwup_partition_table = find_partition(fwup, MAX_PARTITIONS,
1937 "partition-table", "Error can not find partition-table partition");
1938
1939 /* the flash partition table has a 0x00000004 magic haeder */
1940 if (read_partition_table(input_file, firmware_offset + fwup_partition_table->base + 4, flash, MAX_PARTITIONS, 1) != 0)
1941 error(1, 0, "Error can not read the partition table (flash)");
1942
1943 flash_os_image = find_partition(flash, MAX_PARTITIONS,
1944 "os-image", "Error can not find os-image partition (flash)");
1945 flash_file_system = find_partition(flash, MAX_PARTITIONS,
1946 "file-system", "Error can not find file-system partition (flash)");
1947
1948 /* write os_image to 0x0 */
1949 write_partition(input_file, firmware_offset, fwup_os_image, output_file);
1950 write_ff(output_file, flash_os_image->size - fwup_os_image->size);
1951
1952 /* write file-system behind os_image */
1953 fseek(output_file, flash_file_system->base - flash_os_image->base, SEEK_SET);
1954 write_partition(input_file, firmware_offset, fwup_file_system, output_file);
1955 write_ff(output_file, flash_file_system->size - fwup_file_system->size);
1956
1957 fclose(output_file);
1958 fclose(input_file);
1959 }
1960
1961 int main(int argc, char *argv[]) {
1962 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
1963 const char *extract_image = NULL, *output_directory = NULL, *convert_image = NULL;
1964 bool add_jffs2_eof = false, sysupgrade = false;
1965 unsigned rev = 0;
1966 struct device_info *info;
1967 set_source_date_epoch();
1968
1969 while (true) {
1970 int c;
1971
1972 c = getopt(argc, argv, "B:k:r:o:V:jSh:x:d:z:");
1973 if (c == -1)
1974 break;
1975
1976 switch (c) {
1977 case 'B':
1978 board = optarg;
1979 break;
1980
1981 case 'k':
1982 kernel_image = optarg;
1983 break;
1984
1985 case 'r':
1986 rootfs_image = optarg;
1987 break;
1988
1989 case 'o':
1990 output = optarg;
1991 break;
1992
1993 case 'V':
1994 sscanf(optarg, "r%u", &rev);
1995 break;
1996
1997 case 'j':
1998 add_jffs2_eof = true;
1999 break;
2000
2001 case 'S':
2002 sysupgrade = true;
2003 break;
2004
2005 case 'h':
2006 usage(argv[0]);
2007 return 0;
2008
2009 case 'd':
2010 output_directory = optarg;
2011 break;
2012
2013 case 'x':
2014 extract_image = optarg;
2015 break;
2016
2017 case 'z':
2018 convert_image = optarg;
2019 break;
2020
2021 default:
2022 usage(argv[0]);
2023 return 1;
2024 }
2025 }
2026
2027 if (extract_image || output_directory) {
2028 if (!extract_image)
2029 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2030 if (!output_directory)
2031 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2032 extract_firmware(extract_image, output_directory);
2033 } else if (convert_image) {
2034 if (!output)
2035 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2036 convert_firmware(convert_image, output);
2037 } else {
2038 if (!board)
2039 error(1, 0, "no board has been specified");
2040 if (!kernel_image)
2041 error(1, 0, "no kernel image has been specified");
2042 if (!rootfs_image)
2043 error(1, 0, "no rootfs image has been specified");
2044 if (!output)
2045 error(1, 0, "no output filename has been specified");
2046
2047 info = find_board(board);
2048
2049 if (info == NULL)
2050 error(1, 0, "unsupported board %s", board);
2051
2052 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
2053 }
2054
2055 return 0;
2056 }
Staging tree of Mathias Kresin