projects / openwrt / staging / wigyori.git / blob
? search:


c2aa2962f67c52ad678d5dc3460c8255279b79f8
[openwrt/staging/wigyori.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <limits.h>
50
51 #include "md5.h"
52
53
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
55
56
57 #define MAX_PARTITIONS 32
58
59 /** An image partition table entry */
60 struct image_partition_entry {
61 const char *name;
62 size_t size;
63 uint8_t *data;
64 };
65
66 /** A flash partition table entry */
67 struct flash_partition_entry {
68 char *name;
69 uint32_t base;
70 uint32_t size;
71 };
72
73 /** Firmware layout description */
74 struct device_info {
75 const char *id;
76 const char *vendor;
77 const char *support_list;
78 char support_trail;
79 const char *soft_ver;
80 struct flash_partition_entry partitions[MAX_PARTITIONS+1];
81 const char *first_sysupgrade_partition;
82 const char *last_sysupgrade_partition;
83 };
84
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__)) soft_version {
87 uint32_t magic;
88 uint32_t zero;
89 uint8_t pad1;
90 uint8_t version_major;
91 uint8_t version_minor;
92 uint8_t version_patch;
93 uint8_t year_hi;
94 uint8_t year_lo;
95 uint8_t month;
96 uint8_t day;
97 uint32_t rev;
98 uint8_t pad2;
99 };
100
101
102 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
103
104
105 /**
106 Salt for the MD5 hash
107
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
110 */
111 static const uint8_t md5_salt[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
116 };
117
118
119 /** Firmware layout table */
120 static struct device_info boards[] = {
121 /** Firmware layout for the CPE210/220 */
122 {
123 .id = "CPE210",
124 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
125 .support_list =
126 "SupportList:\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail = '\xff',
135 .soft_ver = NULL,
136
137 .partitions = {
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
151 {NULL, 0, 0}
152 },
153
154 .first_sysupgrade_partition = "os-image",
155 .last_sysupgrade_partition = "support-list",
156 },
157
158 /** Firmware layout for the CPE210 V2 */
159 {
160 .id = "CPE210V2",
161 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
162 .support_list =
163 "SupportList:\r\n"
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail = '\xff',
175 .soft_ver = NULL,
176
177 .partitions = {
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"os-image", 0x40000, 0x1c0000},
186 {"file-system", 0x200000, 0x5b0000},
187 {"soft-version", 0x7b0000, 0x00100},
188 {"support-list", 0x7b1000, 0x01000},
189 {"user-config", 0x7c0000, 0x10000},
190 {"default-config", 0x7d0000, 0x10000},
191 {"log", 0x7e0000, 0x10000},
192 {"radio", 0x7f0000, 0x10000},
193 {NULL, 0, 0}
194 },
195
196 .first_sysupgrade_partition = "os-image",
197 .last_sysupgrade_partition = "support-list",
198 },
199
200 /** Firmware layout for the CPE510/520 */
201 {
202 .id = "CPE510",
203 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
204 .support_list =
205 "SupportList:\r\n"
206 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
207 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
208 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
209 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
210 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
211 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
212 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
213 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
214 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
215 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
216 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
217 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
218 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
219 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
220 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
221 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
222 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
223 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
224 .support_trail = '\xff',
225 .soft_ver = NULL,
226
227 .partitions = {
228 {"fs-uboot", 0x00000, 0x20000},
229 {"partition-table", 0x20000, 0x02000},
230 {"default-mac", 0x30000, 0x00020},
231 {"product-info", 0x31100, 0x00100},
232 {"signature", 0x32000, 0x00400},
233 {"os-image", 0x40000, 0x1c0000},
234 {"file-system", 0x200000, 0x5b0000},
235 {"soft-version", 0x7b0000, 0x00100},
236 {"support-list", 0x7b1000, 0x00400},
237 {"user-config", 0x7c0000, 0x10000},
238 {"default-config", 0x7d0000, 0x10000},
239 {"log", 0x7e0000, 0x10000},
240 {"radio", 0x7f0000, 0x10000},
241 {NULL, 0, 0}
242 },
243
244 .first_sysupgrade_partition = "os-image",
245 .last_sysupgrade_partition = "support-list",
246 },
247
248 {
249 .id = "WBS210",
250 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
251 .support_list =
252 "SupportList:\r\n"
253 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
254 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
255 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
256 .support_trail = '\xff',
257 .soft_ver = NULL,
258
259 .partitions = {
260 {"fs-uboot", 0x00000, 0x20000},
261 {"partition-table", 0x20000, 0x02000},
262 {"default-mac", 0x30000, 0x00020},
263 {"product-info", 0x31100, 0x00100},
264 {"signature", 0x32000, 0x00400},
265 {"os-image", 0x40000, 0x1c0000},
266 {"file-system", 0x200000, 0x5b0000},
267 {"soft-version", 0x7b0000, 0x00100},
268 {"support-list", 0x7b1000, 0x00400},
269 {"user-config", 0x7c0000, 0x10000},
270 {"default-config", 0x7d0000, 0x10000},
271 {"log", 0x7e0000, 0x10000},
272 {"radio", 0x7f0000, 0x10000},
273 {NULL, 0, 0}
274 },
275
276 .first_sysupgrade_partition = "os-image",
277 .last_sysupgrade_partition = "support-list",
278 },
279
280 {
281 .id = "WBS510",
282 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
283 .support_list =
284 "SupportList:\r\n"
285 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
286 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
287 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
288 .support_trail = '\xff',
289 .soft_ver = NULL,
290
291 .partitions = {
292 {"fs-uboot", 0x00000, 0x20000},
293 {"partition-table", 0x20000, 0x02000},
294 {"default-mac", 0x30000, 0x00020},
295 {"product-info", 0x31100, 0x00100},
296 {"signature", 0x32000, 0x00400},
297 {"os-image", 0x40000, 0x1c0000},
298 {"file-system", 0x200000, 0x5b0000},
299 {"soft-version", 0x7b0000, 0x00100},
300 {"support-list", 0x7b1000, 0x00400},
301 {"user-config", 0x7c0000, 0x10000},
302 {"default-config", 0x7d0000, 0x10000},
303 {"log", 0x7e0000, 0x10000},
304 {"radio", 0x7f0000, 0x10000},
305 {NULL, 0, 0}
306 },
307
308 .first_sysupgrade_partition = "os-image",
309 .last_sysupgrade_partition = "support-list",
310 },
311
312 /** Firmware layout for the C2600 */
313 {
314 .id = "C2600",
315 .vendor = "",
316 .support_list =
317 "SupportList:\r\n"
318 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
319 .support_trail = '\x00',
320 .soft_ver = NULL,
321
322 /**
323 We use a bigger os-image partition than the stock images (and thus
324 smaller file-system), as our kernel doesn't fit in the stock firmware's
325 2 MB os-image since kernel 4.14.
326 */
327 .partitions = {
328 {"SBL1", 0x00000, 0x20000},
329 {"MIBIB", 0x20000, 0x20000},
330 {"SBL2", 0x40000, 0x20000},
331 {"SBL3", 0x60000, 0x30000},
332 {"DDRCONFIG", 0x90000, 0x10000},
333 {"SSD", 0xa0000, 0x10000},
334 {"TZ", 0xb0000, 0x30000},
335 {"RPM", 0xe0000, 0x20000},
336 {"fs-uboot", 0x100000, 0x70000},
337 {"uboot-env", 0x170000, 0x40000},
338 {"radio", 0x1b0000, 0x40000},
339 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
340 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
341 {"default-mac", 0x1ef0000, 0x00200},
342 {"pin", 0x1ef0200, 0x00200},
343 {"product-info", 0x1ef0400, 0x0fc00},
344 {"partition-table", 0x1f00000, 0x10000},
345 {"soft-version", 0x1f10000, 0x10000},
346 {"support-list", 0x1f20000, 0x10000},
347 {"profile", 0x1f30000, 0x10000},
348 {"default-config", 0x1f40000, 0x10000},
349 {"user-config", 0x1f50000, 0x40000},
350 {"qos-db", 0x1f90000, 0x40000},
351 {"usb-config", 0x1fd0000, 0x10000},
352 {"log", 0x1fe0000, 0x20000},
353 {NULL, 0, 0}
354 },
355
356 .first_sysupgrade_partition = "os-image",
357 .last_sysupgrade_partition = "file-system"
358 },
359
360 /** Firmware layout for the A7-V5 */
361 {
362 .id = "ARCHER-A7-V5",
363 .support_list =
364 "SupportList:\n"
365 "{product_name:Archer A7,product_ver:5.0.0,special_id:45550000}\n"
366 "{product_name:Archer A7,product_ver:5.0.0,special_id:55530000}\n"
367 "{product_name:Archer A7,product_ver:5.0.0,special_id:43410000}\n"
368 "{product_name:Archer A7,product_ver:5.0.0,special_id:4A500000}\n"
369 "{product_name:Archer A7,product_ver:5.0.0,special_id:54570000}\n",
370 .support_trail = '\x00',
371 .soft_ver = "soft_ver:1.0.0\n",
372
373 /* We're using a dynamic kernel/rootfs split here */
374 .partitions = {
375 {"factory-boot", 0x00000, 0x20000},
376 {"fs-uboot", 0x20000, 0x20000},
377 {"firmware", 0x40000, 0xec0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
378 /* Stock: name file-system base 0x160000 size 0xda0000 */
379 {"default-mac", 0xf40000, 0x00200},
380 {"pin", 0xf40200, 0x00200},
381 {"device-id", 0xf40400, 0x00100},
382 {"product-info", 0xf40500, 0x0fb00},
383 {"soft-version", 0xf50000, 0x00100},
384 {"extra-para", 0xf51000, 0x01000},
385 {"support-list", 0xf52000, 0x0a000},
386 {"profile", 0xf5c000, 0x04000},
387 {"default-config", 0xf60000, 0x10000},
388 {"user-config", 0xf70000, 0x40000},
389 {"certificate", 0xfb0000, 0x10000},
390 {"partition-table", 0xfc0000, 0x10000},
391 {"log", 0xfd0000, 0x20000},
392 {"radio", 0xff0000, 0x10000},
393 {NULL, 0, 0}
394 },
395
396 .first_sysupgrade_partition = "os-image",
397 .last_sysupgrade_partition = "file-system",
398 },
399
400 /** Firmware layout for the C2v3 */
401 {
402 .id = "ARCHER-C2-V3",
403 .support_list =
404 "SupportList:\n"
405 "{product_name:ArcherC2,product_ver:3.0.0,special_id:00000000}\n"
406 "{product_name:ArcherC2,product_ver:3.0.0,special_id:55530000}\n"
407 "{product_name:ArcherC2,product_ver:3.0.0,special_id:45550000}\n",
408 .support_trail = '\x00',
409 .soft_ver = "soft_ver:3.0.1\n",
410
411 /** We're using a dynamic kernel/rootfs split here */
412
413 .partitions = {
414 {"factory-boot", 0x00000, 0x20000},
415 {"fs-uboot", 0x20000, 0x10000},
416 {"firmware", 0x30000, 0x7a0000},
417 {"user-config", 0x7d0000, 0x04000},
418 {"default-mac", 0x7e0000, 0x00100},
419 {"device-id", 0x7e0100, 0x00100},
420 {"extra-para", 0x7e0200, 0x00100},
421 {"pin", 0x7e0300, 0x00100},
422 {"support-list", 0x7e0400, 0x00400},
423 {"soft-version", 0x7e0800, 0x00400},
424 {"product-info", 0x7e0c00, 0x01400},
425 {"partition-table", 0x7e2000, 0x01000},
426 {"profile", 0x7e3000, 0x01000},
427 {"default-config", 0x7e4000, 0x04000},
428 {"merge-config", 0x7ec000, 0x02000},
429 {"qos-db", 0x7ee000, 0x02000},
430 {"radio", 0x7f0000, 0x10000},
431 {NULL, 0, 0}
432 },
433
434 .first_sysupgrade_partition = "os-image",
435 .last_sysupgrade_partition = "file-system",
436 },
437
438 /** Firmware layout for the C25v1 */
439 {
440 .id = "ARCHER-C25-V1",
441 .support_list =
442 "SupportList:\n"
443 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
444 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
445 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
446 .support_trail = '\x00',
447 .soft_ver = "soft_ver:1.0.0\n",
448
449 /* We're using a dynamic kernel/rootfs split here */
450 .partitions = {
451 {"factory-boot", 0x00000, 0x20000},
452 {"fs-uboot", 0x20000, 0x10000},
453 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
454 /* Stock: name file-system base 0x130000 size 0x6a0000 */
455 {"user-config", 0x7d0000, 0x04000},
456 {"default-mac", 0x7e0000, 0x00100},
457 {"device-id", 0x7e0100, 0x00100},
458 {"extra-para", 0x7e0200, 0x00100},
459 {"pin", 0x7e0300, 0x00100},
460 {"support-list", 0x7e0400, 0x00400},
461 {"soft-version", 0x7e0800, 0x00400},
462 {"product-info", 0x7e0c00, 0x01400},
463 {"partition-table", 0x7e2000, 0x01000},
464 {"profile", 0x7e3000, 0x01000},
465 {"default-config", 0x7e4000, 0x04000},
466 {"merge-config", 0x7ec000, 0x02000},
467 {"qos-db", 0x7ee000, 0x02000},
468 {"radio", 0x7f0000, 0x10000},
469 {NULL, 0, 0}
470 },
471
472 .first_sysupgrade_partition = "os-image",
473 .last_sysupgrade_partition = "file-system",
474 },
475
476 /** Firmware layout for the C58v1 */
477 {
478 .id = "ARCHER-C58-V1",
479 .vendor = "",
480 .support_list =
481 "SupportList:\r\n"
482 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
483 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
484 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
485 .support_trail = '\x00',
486 .soft_ver = "soft_ver:1.0.0\n",
487
488 .partitions = {
489 {"fs-uboot", 0x00000, 0x10000},
490 {"default-mac", 0x10000, 0x00200},
491 {"pin", 0x10200, 0x00200},
492 {"product-info", 0x10400, 0x00100},
493 {"partition-table", 0x10500, 0x00800},
494 {"soft-version", 0x11300, 0x00200},
495 {"support-list", 0x11500, 0x00100},
496 {"device-id", 0x11600, 0x00100},
497 {"profile", 0x11700, 0x03900},
498 {"default-config", 0x15000, 0x04000},
499 {"user-config", 0x19000, 0x04000},
500 {"firmware", 0x20000, 0x7c8000},
501 {"certyficate", 0x7e8000, 0x08000},
502 {"radio", 0x7f0000, 0x10000},
503 {NULL, 0, 0}
504 },
505
506 .first_sysupgrade_partition = "os-image",
507 .last_sysupgrade_partition = "file-system",
508 },
509
510 /** Firmware layout for the C59v1 */
511 {
512 .id = "ARCHER-C59-V1",
513 .vendor = "",
514 .support_list =
515 "SupportList:\r\n"
516 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
517 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
518 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
519 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
520 .support_trail = '\x00',
521 .soft_ver = "soft_ver:1.0.0\n",
522
523 /* We're using a dynamic kernel/rootfs split here */
524 .partitions = {
525 {"fs-uboot", 0x00000, 0x10000},
526 {"default-mac", 0x10000, 0x00200},
527 {"pin", 0x10200, 0x00200},
528 {"device-id", 0x10400, 0x00100},
529 {"product-info", 0x10500, 0x0fb00},
530 {"firmware", 0x20000, 0xe30000},
531 {"partition-table", 0xe50000, 0x10000},
532 {"soft-version", 0xe60000, 0x10000},
533 {"support-list", 0xe70000, 0x10000},
534 {"profile", 0xe80000, 0x10000},
535 {"default-config", 0xe90000, 0x10000},
536 {"user-config", 0xea0000, 0x40000},
537 {"usb-config", 0xee0000, 0x10000},
538 {"certificate", 0xef0000, 0x10000},
539 {"qos-db", 0xf00000, 0x40000},
540 {"log", 0xfe0000, 0x10000},
541 {"radio", 0xff0000, 0x10000},
542 {NULL, 0, 0}
543 },
544
545 .first_sysupgrade_partition = "os-image",
546 .last_sysupgrade_partition = "file-system",
547 },
548
549 /** Firmware layout for the C59v2 */
550 {
551 .id = "ARCHER-C59-V2",
552 .vendor = "",
553 .support_list =
554 "SupportList:\r\n"
555 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
556 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
557 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
558 .support_trail = '\x00',
559 .soft_ver = "soft_ver:2.0.0 Build 20161206 rel.7303\n",
560
561 /** We're using a dynamic kernel/rootfs split here */
562 .partitions = {
563 {"factory-boot", 0x00000, 0x20000},
564 {"fs-uboot", 0x20000, 0x10000},
565 {"default-mac", 0x30000, 0x00200},
566 {"pin", 0x30200, 0x00200},
567 {"device-id", 0x30400, 0x00100},
568 {"product-info", 0x30500, 0x0fb00},
569 {"firmware", 0x40000, 0xe10000},
570 {"partition-table", 0xe50000, 0x10000},
571 {"soft-version", 0xe60000, 0x10000},
572 {"support-list", 0xe70000, 0x10000},
573 {"profile", 0xe80000, 0x10000},
574 {"default-config", 0xe90000, 0x10000},
575 {"user-config", 0xea0000, 0x40000},
576 {"usb-config", 0xee0000, 0x10000},
577 {"certificate", 0xef0000, 0x10000},
578 {"extra-para", 0xf00000, 0x10000},
579 {"qos-db", 0xf10000, 0x30000},
580 {"log", 0xfe0000, 0x10000},
581 {"radio", 0xff0000, 0x10000},
582 {NULL, 0, 0}
583 },
584
585 .first_sysupgrade_partition = "os-image",
586 .last_sysupgrade_partition = "file-system",
587 },
588
589 /** Firmware layout for the C6v2 */
590 {
591 .id = "ARCHER-C6-V2",
592 .vendor = "",
593 .support_list =
594 "SupportList:\r\n"
595 "{product_name:Archer C6,product_ver:2.0.0,special_id:45550000}\r\n"
596 "{product_name:Archer C6,product_ver:2.0.0,special_id:52550000}\r\n"
597 "{product_name:Archer C6,product_ver:2.0.0,special_id:4A500000}\r\n",
598 .support_trail = '\x00',
599 .soft_ver = "soft_ver:1.0.0\n",
600
601 .partitions = {
602 {"fs-uboot", 0x00000, 0x20000},
603 {"default-mac", 0x20000, 0x00200},
604 {"pin", 0x20200, 0x00100},
605 {"product-info", 0x20300, 0x00200},
606 {"device-id", 0x20500, 0x0fb00},
607 {"firmware", 0x30000, 0x7a9400},
608 {"soft-version", 0x7d9400, 0x00100},
609 {"extra-para", 0x7d9500, 0x00100},
610 {"support-list", 0x7d9600, 0x00200},
611 {"profile", 0x7d9800, 0x03000},
612 {"default-config", 0x7dc800, 0x03000},
613 {"partition-table", 0x7df800, 0x00800},
614 {"user-config", 0x7e0000, 0x0c000},
615 {"certificate", 0x7ec000, 0x04000},
616 {"radio", 0x7f0000, 0x10000},
617 {NULL, 0, 0}
618 },
619
620 .first_sysupgrade_partition = "os-image",
621 .last_sysupgrade_partition = "file-system",
622 },
623
624
625 /** Firmware layout for the C60v1 */
626 {
627 .id = "ARCHER-C60-V1",
628 .vendor = "",
629 .support_list =
630 "SupportList:\r\n"
631 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
632 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
633 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
634 .support_trail = '\x00',
635 .soft_ver = "soft_ver:1.0.0\n",
636
637 .partitions = {
638 {"fs-uboot", 0x00000, 0x10000},
639 {"default-mac", 0x10000, 0x00200},
640 {"pin", 0x10200, 0x00200},
641 {"product-info", 0x10400, 0x00100},
642 {"partition-table", 0x10500, 0x00800},
643 {"soft-version", 0x11300, 0x00200},
644 {"support-list", 0x11500, 0x00100},
645 {"device-id", 0x11600, 0x00100},
646 {"profile", 0x11700, 0x03900},
647 {"default-config", 0x15000, 0x04000},
648 {"user-config", 0x19000, 0x04000},
649 {"firmware", 0x20000, 0x7c8000},
650 {"certyficate", 0x7e8000, 0x08000},
651 {"radio", 0x7f0000, 0x10000},
652 {NULL, 0, 0}
653 },
654
655 .first_sysupgrade_partition = "os-image",
656 .last_sysupgrade_partition = "file-system",
657 },
658
659 /** Firmware layout for the C60v2 */
660 {
661 .id = "ARCHER-C60-V2",
662 .vendor = "",
663 .support_list =
664 "SupportList:\r\n"
665 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
666 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
667 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
668 .support_trail = '\x00',
669 .soft_ver = "soft_ver:2.0.0\n",
670
671 .partitions = {
672 {"factory-boot", 0x00000, 0x1fb00},
673 {"default-mac", 0x1fb00, 0x00200},
674 {"pin", 0x1fd00, 0x00100},
675 {"product-info", 0x1fe00, 0x00100},
676 {"device-id", 0x1ff00, 0x00100},
677 {"fs-uboot", 0x20000, 0x10000},
678 {"firmware", 0x30000, 0x7a0000},
679 {"soft-version", 0x7d9500, 0x00100},
680 {"support-list", 0x7d9600, 0x00100},
681 {"extra-para", 0x7d9700, 0x00100},
682 {"profile", 0x7d9800, 0x03000},
683 {"default-config", 0x7dc800, 0x03000},
684 {"partition-table", 0x7df800, 0x00800},
685 {"user-config", 0x7e0000, 0x0c000},
686 {"certificate", 0x7ec000, 0x04000},
687 {"radio", 0x7f0000, 0x10000},
688 {NULL, 0, 0}
689 },
690
691 .first_sysupgrade_partition = "os-image",
692 .last_sysupgrade_partition = "file-system",
693 },
694
695 /** Firmware layout for the C5 */
696 {
697 .id = "ARCHER-C5-V2",
698 .vendor = "",
699 .support_list =
700 "SupportList:\r\n"
701 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
702 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
703 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
704 .support_trail = '\x00',
705 .soft_ver = NULL,
706
707 .partitions = {
708 {"fs-uboot", 0x00000, 0x40000},
709 {"os-image", 0x40000, 0x200000},
710 {"file-system", 0x240000, 0xc00000},
711 {"default-mac", 0xe40000, 0x00200},
712 {"pin", 0xe40200, 0x00200},
713 {"product-info", 0xe40400, 0x00200},
714 {"partition-table", 0xe50000, 0x10000},
715 {"soft-version", 0xe60000, 0x00200},
716 {"support-list", 0xe61000, 0x0f000},
717 {"profile", 0xe70000, 0x10000},
718 {"default-config", 0xe80000, 0x10000},
719 {"user-config", 0xe90000, 0x50000},
720 {"log", 0xee0000, 0x100000},
721 {"radio_bk", 0xfe0000, 0x10000},
722 {"radio", 0xff0000, 0x10000},
723 {NULL, 0, 0}
724 },
725
726 .first_sysupgrade_partition = "os-image",
727 .last_sysupgrade_partition = "file-system"
728 },
729
730 /** Firmware layout for the C7 */
731 {
732 .id = "ARCHER-C7-V4",
733 .support_list =
734 "SupportList:\n"
735 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
736 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
737 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
738 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
739 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
740 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
741 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
742 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
743 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
744 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
745 .support_trail = '\x00',
746 .soft_ver = "soft_ver:1.0.0\n",
747
748 /* We're using a dynamic kernel/rootfs split here */
749 .partitions = {
750 {"factory-boot", 0x00000, 0x20000},
751 {"fs-uboot", 0x20000, 0x20000},
752 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
753 /* Stock: name file-system base 0x160000 size 0xda0000 */
754 {"default-mac", 0xf00000, 0x00200},
755 {"pin", 0xf00200, 0x00200},
756 {"device-id", 0xf00400, 0x00100},
757 {"product-info", 0xf00500, 0x0fb00},
758 {"soft-version", 0xf10000, 0x00100},
759 {"extra-para", 0xf11000, 0x01000},
760 {"support-list", 0xf12000, 0x0a000},
761 {"profile", 0xf1c000, 0x04000},
762 {"default-config", 0xf20000, 0x10000},
763 {"user-config", 0xf30000, 0x40000},
764 {"qos-db", 0xf70000, 0x40000},
765 {"certificate", 0xfb0000, 0x10000},
766 {"partition-table", 0xfc0000, 0x10000},
767 {"log", 0xfd0000, 0x20000},
768 {"radio", 0xff0000, 0x10000},
769 {NULL, 0, 0}
770 },
771
772 .first_sysupgrade_partition = "os-image",
773 .last_sysupgrade_partition = "file-system",
774 },
775
776 /** Firmware layout for the C7 v5*/
777 {
778 .id = "ARCHER-C7-V5",
779 .support_list =
780 "SupportList:\n"
781 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
782 "{product_name:Archer C7,product_ver:5.0.0,special_id:45550000}\n"
783 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n"
784 "{product_name:Archer C7,product_ver:5.0.0,special_id:43410000}\n"
785 "{product_name:Archer C7,product_ver:5.0.0,special_id:4A500000}\n"
786 "{product_name:Archer C7,product_ver:5.0.0,special_id:54570000}\n"
787 "{product_name:Archer C7,product_ver:5.0.0,special_id:52550000}\n",
788
789 .support_trail = '\x00',
790 .soft_ver = "soft_ver:1.0.0\n",
791
792 /* We're using a dynamic kernel/rootfs split here */
793 .partitions = {
794 {"factory-boot", 0x00000, 0x20000},
795 {"fs-uboot", 0x20000, 0x20000},
796 {"partition-table", 0x40000, 0x10000},
797 {"radio", 0x50000, 0x10000},
798 {"default-mac", 0x60000, 0x00200},
799 {"pin", 0x60200, 0x00200},
800 {"device-id", 0x60400, 0x00100},
801 {"product-info", 0x60500, 0x0fb00},
802 {"soft-version", 0x70000, 0x01000},
803 {"extra-para", 0x71000, 0x01000},
804 {"support-list", 0x72000, 0x0a000},
805 {"profile", 0x7c000, 0x04000},
806 {"user-config", 0x80000, 0x40000},
807
808
809 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
810 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
811
812 {"log", 0xfc0000, 0x20000},
813 {"certificate", 0xfe0000, 0x10000},
814 {"default-config", 0xff0000, 0x10000},
815 {NULL, 0, 0}
816
817 },
818
819 .first_sysupgrade_partition = "os-image",
820 .last_sysupgrade_partition = "file-system",
821 },
822
823 /** Firmware layout for the C9 */
824 {
825 .id = "ARCHERC9",
826 .vendor = "",
827 .support_list =
828 "SupportList:\n"
829 "{product_name:ArcherC9,"
830 "product_ver:1.0.0,"
831 "special_id:00000000}\n",
832 .support_trail = '\x00',
833 .soft_ver = NULL,
834
835 .partitions = {
836 {"fs-uboot", 0x00000, 0x40000},
837 {"os-image", 0x40000, 0x200000},
838 {"file-system", 0x240000, 0xc00000},
839 {"default-mac", 0xe40000, 0x00200},
840 {"pin", 0xe40200, 0x00200},
841 {"product-info", 0xe40400, 0x00200},
842 {"partition-table", 0xe50000, 0x10000},
843 {"soft-version", 0xe60000, 0x00200},
844 {"support-list", 0xe61000, 0x0f000},
845 {"profile", 0xe70000, 0x10000},
846 {"default-config", 0xe80000, 0x10000},
847 {"user-config", 0xe90000, 0x50000},
848 {"log", 0xee0000, 0x100000},
849 {"radio_bk", 0xfe0000, 0x10000},
850 {"radio", 0xff0000, 0x10000},
851 {NULL, 0, 0}
852 },
853
854 .first_sysupgrade_partition = "os-image",
855 .last_sysupgrade_partition = "file-system"
856 },
857
858 /** Firmware layout for the EAP120 */
859 {
860 .id = "EAP120",
861 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
862 .support_list =
863 "SupportList:\r\n"
864 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
865 .support_trail = '\xff',
866 .soft_ver = NULL,
867
868 .partitions = {
869 {"fs-uboot", 0x00000, 0x20000},
870 {"partition-table", 0x20000, 0x02000},
871 {"default-mac", 0x30000, 0x00020},
872 {"support-list", 0x31000, 0x00100},
873 {"product-info", 0x31100, 0x00100},
874 {"soft-version", 0x32000, 0x00100},
875 {"os-image", 0x40000, 0x180000},
876 {"file-system", 0x1c0000, 0x600000},
877 {"user-config", 0x7c0000, 0x10000},
878 {"backup-config", 0x7d0000, 0x10000},
879 {"log", 0x7e0000, 0x10000},
880 {"radio", 0x7f0000, 0x10000},
881 {NULL, 0, 0}
882 },
883
884 .first_sysupgrade_partition = "os-image",
885 .last_sysupgrade_partition = "file-system"
886 },
887
888 /** Firmware layout for the TL-WA850RE v2 */
889 {
890 .id = "TLWA850REV2",
891 .vendor = "",
892 .support_list =
893 "SupportList:\n"
894 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
895 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
896 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
897 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
898 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
899 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
900 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
901 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
902 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
903 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
904 .support_trail = '\x00',
905 .soft_ver = NULL,
906
907 /**
908 576KB were moved from file-system to os-image
909 in comparison to the stock image
910 */
911 .partitions = {
912 {"fs-uboot", 0x00000, 0x20000},
913 {"os-image", 0x20000, 0x150000},
914 {"file-system", 0x170000, 0x240000},
915 {"partition-table", 0x3b0000, 0x02000},
916 {"default-mac", 0x3c0000, 0x00020},
917 {"pin", 0x3c0100, 0x00020},
918 {"product-info", 0x3c1000, 0x01000},
919 {"soft-version", 0x3c2000, 0x00100},
920 {"support-list", 0x3c3000, 0x01000},
921 {"profile", 0x3c4000, 0x08000},
922 {"user-config", 0x3d0000, 0x10000},
923 {"default-config", 0x3e0000, 0x10000},
924 {"radio", 0x3f0000, 0x10000},
925 {NULL, 0, 0}
926 },
927
928 .first_sysupgrade_partition = "os-image",
929 .last_sysupgrade_partition = "file-system"
930 },
931
932 /** Firmware layout for the TL-WA855RE v1 */
933 {
934 .id = "TLWA855REV1",
935 .vendor = "",
936 .support_list =
937 "SupportList:\n"
938 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
939 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
940 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
941 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
942 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
943 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
944 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
945 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
946 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
947 .support_trail = '\x00',
948 .soft_ver = NULL,
949
950 .partitions = {
951 {"fs-uboot", 0x00000, 0x20000},
952 {"os-image", 0x20000, 0x150000},
953 {"file-system", 0x170000, 0x240000},
954 {"partition-table", 0x3b0000, 0x02000},
955 {"default-mac", 0x3c0000, 0x00020},
956 {"pin", 0x3c0100, 0x00020},
957 {"product-info", 0x3c1000, 0x01000},
958 {"soft-version", 0x3c2000, 0x00100},
959 {"support-list", 0x3c3000, 0x01000},
960 {"profile", 0x3c4000, 0x08000},
961 {"user-config", 0x3d0000, 0x10000},
962 {"default-config", 0x3e0000, 0x10000},
963 {"radio", 0x3f0000, 0x10000},
964 {NULL, 0, 0}
965 },
966
967 .first_sysupgrade_partition = "os-image",
968 .last_sysupgrade_partition = "file-system"
969 },
970
971 /** Firmware layout for the TL-WR1043 v5 */
972 {
973 .id = "TLWR1043NV5",
974 .vendor = "",
975 .support_list =
976 "SupportList:\n"
977 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
978 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
979 .support_trail = '\x00',
980 .soft_ver = "soft_ver:1.0.0\n",
981 .partitions = {
982 {"factory-boot", 0x00000, 0x20000},
983 {"fs-uboot", 0x20000, 0x20000},
984 {"firmware", 0x40000, 0xec0000},
985 {"default-mac", 0xf00000, 0x00200},
986 {"pin", 0xf00200, 0x00200},
987 {"device-id", 0xf00400, 0x00100},
988 {"product-info", 0xf00500, 0x0fb00},
989 {"soft-version", 0xf10000, 0x01000},
990 {"extra-para", 0xf11000, 0x01000},
991 {"support-list", 0xf12000, 0x0a000},
992 {"profile", 0xf1c000, 0x04000},
993 {"default-config", 0xf20000, 0x10000},
994 {"user-config", 0xf30000, 0x40000},
995 {"qos-db", 0xf70000, 0x40000},
996 {"certificate", 0xfb0000, 0x10000},
997 {"partition-table", 0xfc0000, 0x10000},
998 {"log", 0xfd0000, 0x20000},
999 {"radio", 0xff0000, 0x10000},
1000 {NULL, 0, 0}
1001 },
1002 .first_sysupgrade_partition = "os-image",
1003 .last_sysupgrade_partition = "file-system"
1004 },
1005
1006 /** Firmware layout for the TL-WR1043 v4 */
1007 {
1008 .id = "TLWR1043NDV4",
1009 .vendor = "",
1010 .support_list =
1011 "SupportList:\n"
1012 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
1013 .support_trail = '\x00',
1014 .soft_ver = NULL,
1015
1016 /* We're using a dynamic kernel/rootfs split here */
1017 .partitions = {
1018 {"fs-uboot", 0x00000, 0x20000},
1019 {"firmware", 0x20000, 0xf30000},
1020 {"default-mac", 0xf50000, 0x00200},
1021 {"pin", 0xf50200, 0x00200},
1022 {"product-info", 0xf50400, 0x0fc00},
1023 {"soft-version", 0xf60000, 0x0b000},
1024 {"support-list", 0xf6b000, 0x04000},
1025 {"profile", 0xf70000, 0x04000},
1026 {"default-config", 0xf74000, 0x0b000},
1027 {"user-config", 0xf80000, 0x40000},
1028 {"partition-table", 0xfc0000, 0x10000},
1029 {"log", 0xfd0000, 0x20000},
1030 {"radio", 0xff0000, 0x10000},
1031 {NULL, 0, 0}
1032 },
1033
1034 .first_sysupgrade_partition = "os-image",
1035 .last_sysupgrade_partition = "file-system"
1036 },
1037
1038 /** Firmware layout for the TL-WR902AC v1 */
1039 {
1040 .id = "TL-WR902AC-V1",
1041 .vendor = "",
1042 .support_list =
1043 "SupportList:\n"
1044 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
1045 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
1046 .support_trail = '\x00',
1047 .soft_ver = NULL,
1048
1049 /**
1050 384KB were moved from file-system to os-image
1051 in comparison to the stock image
1052 */
1053 .partitions = {
1054 {"fs-uboot", 0x00000, 0x20000},
1055 {"firmware", 0x20000, 0x730000},
1056 {"default-mac", 0x750000, 0x00200},
1057 {"pin", 0x750200, 0x00200},
1058 {"product-info", 0x750400, 0x0fc00},
1059 {"soft-version", 0x760000, 0x0b000},
1060 {"support-list", 0x76b000, 0x04000},
1061 {"profile", 0x770000, 0x04000},
1062 {"default-config", 0x774000, 0x0b000},
1063 {"user-config", 0x780000, 0x40000},
1064 {"partition-table", 0x7c0000, 0x10000},
1065 {"log", 0x7d0000, 0x20000},
1066 {"radio", 0x7f0000, 0x10000},
1067 {NULL, 0, 0}
1068 },
1069
1070 .first_sysupgrade_partition = "os-image",
1071 .last_sysupgrade_partition = "file-system",
1072 },
1073
1074 /** Firmware layout for the TL-WR942N V1 */
1075 {
1076 .id = "TLWR942NV1",
1077 .vendor = "",
1078 .support_list =
1079 "SupportList:\r\n"
1080 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
1081 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
1082 .support_trail = '\x00',
1083 .soft_ver = NULL,
1084
1085 .partitions = {
1086 {"fs-uboot", 0x00000, 0x20000},
1087 {"firmware", 0x20000, 0xe20000},
1088 {"default-mac", 0xe40000, 0x00200},
1089 {"pin", 0xe40200, 0x00200},
1090 {"product-info", 0xe40400, 0x0fc00},
1091 {"partition-table", 0xe50000, 0x10000},
1092 {"soft-version", 0xe60000, 0x10000},
1093 {"support-list", 0xe70000, 0x10000},
1094 {"profile", 0xe80000, 0x10000},
1095 {"default-config", 0xe90000, 0x10000},
1096 {"user-config", 0xea0000, 0x40000},
1097 {"qos-db", 0xee0000, 0x40000},
1098 {"certificate", 0xf20000, 0x10000},
1099 {"usb-config", 0xfb0000, 0x10000},
1100 {"log", 0xfc0000, 0x20000},
1101 {"radio-bk", 0xfe0000, 0x10000},
1102 {"radio", 0xff0000, 0x10000},
1103 {NULL, 0, 0}
1104 },
1105
1106 .first_sysupgrade_partition = "os-image",
1107 .last_sysupgrade_partition = "file-system",
1108 },
1109
1110 /** Firmware layout for the RE350 v1 */
1111 {
1112 .id = "RE350-V1",
1113 .vendor = "",
1114 .support_list =
1115 "SupportList:\n"
1116 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1117 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1118 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1119 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1120 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1121 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1122 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1123 .support_trail = '\x00',
1124 .soft_ver = NULL,
1125
1126 /** We're using a dynamic kernel/rootfs split here */
1127 .partitions = {
1128 {"fs-uboot", 0x00000, 0x20000},
1129 {"firmware", 0x20000, 0x5e0000},
1130 {"partition-table", 0x600000, 0x02000},
1131 {"default-mac", 0x610000, 0x00020},
1132 {"pin", 0x610100, 0x00020},
1133 {"product-info", 0x611100, 0x01000},
1134 {"soft-version", 0x620000, 0x01000},
1135 {"support-list", 0x621000, 0x01000},
1136 {"profile", 0x622000, 0x08000},
1137 {"user-config", 0x630000, 0x10000},
1138 {"default-config", 0x640000, 0x10000},
1139 {"radio", 0x7f0000, 0x10000},
1140 {NULL, 0, 0}
1141 },
1142
1143 .first_sysupgrade_partition = "os-image",
1144 .last_sysupgrade_partition = "file-system"
1145 },
1146
1147 /** Firmware layout for the RE350K v1 */
1148 {
1149 .id = "RE350K-V1",
1150 .vendor = "",
1151 .support_list =
1152 "SupportList:\n"
1153 "{product_name:RE350K,product_ver:1.0.0,special_id:00000000,product_region:US}\n",
1154 .support_trail = '\x00',
1155 .soft_ver = NULL,
1156
1157 /** We're using a dynamic kernel/rootfs split here */
1158 .partitions = {
1159 {"fs-uboot", 0x00000, 0x20000},
1160 {"firmware", 0x20000, 0xd70000},
1161 {"partition-table", 0xd90000, 0x02000},
1162 {"default-mac", 0xda0000, 0x00020},
1163 {"pin", 0xda0100, 0x00020},
1164 {"product-info", 0xda1100, 0x01000},
1165 {"soft-version", 0xdb0000, 0x01000},
1166 {"support-list", 0xdb1000, 0x01000},
1167 {"profile", 0xdb2000, 0x08000},
1168 {"user-config", 0xdc0000, 0x10000},
1169 {"default-config", 0xdd0000, 0x10000},
1170 {"device-id", 0xde0000, 0x00108},
1171 {"radio", 0xff0000, 0x10000},
1172 {NULL, 0, 0}
1173 },
1174
1175 .first_sysupgrade_partition = "os-image",
1176 .last_sysupgrade_partition = "file-system"
1177 },
1178
1179 /** Firmware layout for the RE355 */
1180 {
1181 .id = "RE355",
1182 .vendor = "",
1183 .support_list =
1184 "SupportList:\r\n"
1185 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1186 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1187 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1188 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1189 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1190 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1191 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1192 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1193 .support_trail = '\x00',
1194 .soft_ver = NULL,
1195
1196 /* We're using a dynamic kernel/rootfs split here */
1197 .partitions = {
1198 {"fs-uboot", 0x00000, 0x20000},
1199 {"firmware", 0x20000, 0x5e0000},
1200 {"partition-table", 0x600000, 0x02000},
1201 {"default-mac", 0x610000, 0x00020},
1202 {"pin", 0x610100, 0x00020},
1203 {"product-info", 0x611100, 0x01000},
1204 {"soft-version", 0x620000, 0x01000},
1205 {"support-list", 0x621000, 0x01000},
1206 {"profile", 0x622000, 0x08000},
1207 {"user-config", 0x630000, 0x10000},
1208 {"default-config", 0x640000, 0x10000},
1209 {"radio", 0x7f0000, 0x10000},
1210 {NULL, 0, 0}
1211 },
1212
1213 .first_sysupgrade_partition = "os-image",
1214 .last_sysupgrade_partition = "file-system"
1215 },
1216
1217 /** Firmware layout for the RE450 */
1218 {
1219 .id = "RE450",
1220 .vendor = "",
1221 .support_list =
1222 "SupportList:\r\n"
1223 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1224 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1225 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1226 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1227 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1228 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1229 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1230 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1231 .support_trail = '\x00',
1232 .soft_ver = NULL,
1233
1234 /** We're using a dynamic kernel/rootfs split here */
1235 .partitions = {
1236 {"fs-uboot", 0x00000, 0x20000},
1237 {"firmware", 0x20000, 0x5e0000},
1238 {"partition-table", 0x600000, 0x02000},
1239 {"default-mac", 0x610000, 0x00020},
1240 {"pin", 0x610100, 0x00020},
1241 {"product-info", 0x611100, 0x01000},
1242 {"soft-version", 0x620000, 0x01000},
1243 {"support-list", 0x621000, 0x01000},
1244 {"profile", 0x622000, 0x08000},
1245 {"user-config", 0x630000, 0x10000},
1246 {"default-config", 0x640000, 0x10000},
1247 {"radio", 0x7f0000, 0x10000},
1248 {NULL, 0, 0}
1249 },
1250
1251 .first_sysupgrade_partition = "os-image",
1252 .last_sysupgrade_partition = "file-system"
1253 },
1254
1255 /** Firmware layout for the RE450 v2 */
1256 {
1257 .id = "RE450-V2",
1258 .vendor = "",
1259 .support_list =
1260 "SupportList:\r\n"
1261 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1262 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1263 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1264 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1265 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1266 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1267 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1268 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1269 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1270 .support_trail = '\x00',
1271 .soft_ver = NULL,
1272
1273 /* We're using a dynamic kernel/rootfs split here */
1274 .partitions = {
1275 {"fs-uboot", 0x00000, 0x20000},
1276 {"firmware", 0x20000, 0x5e0000},
1277 {"partition-table", 0x600000, 0x02000},
1278 {"default-mac", 0x610000, 0x00020},
1279 {"pin", 0x610100, 0x00020},
1280 {"product-info", 0x611100, 0x01000},
1281 {"soft-version", 0x620000, 0x01000},
1282 {"support-list", 0x621000, 0x01000},
1283 {"profile", 0x622000, 0x08000},
1284 {"user-config", 0x630000, 0x10000},
1285 {"default-config", 0x640000, 0x10000},
1286 {"radio", 0x7f0000, 0x10000},
1287
1288 {NULL, 0, 0}
1289 },
1290
1291 .first_sysupgrade_partition = "os-image",
1292 .last_sysupgrade_partition = "file-system"
1293 },
1294
1295 {}
1296 };
1297
1298 #define error(_ret, _errno, _str, ...) \
1299 do { \
1300 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1301 strerror(_errno)); \
1302 if (_ret) \
1303 exit(_ret); \
1304 } while (0)
1305
1306
1307 /** Stores a uint32 as big endian */
1308 static inline void put32(uint8_t *buf, uint32_t val) {
1309 buf[0] = val >> 24;
1310 buf[1] = val >> 16;
1311 buf[2] = val >> 8;
1312 buf[3] = val;
1313 }
1314
1315 /** Allocates a new image partition */
1316 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
1317 struct image_partition_entry entry = {name, len, malloc(len)};
1318 if (!entry.data)
1319 error(1, errno, "malloc");
1320
1321 return entry;
1322 }
1323
1324 /** Frees an image partition */
1325 static void free_image_partition(struct image_partition_entry entry) {
1326 free(entry.data);
1327 }
1328
1329 static time_t source_date_epoch = -1;
1330 static void set_source_date_epoch() {
1331 char *env = getenv("SOURCE_DATE_EPOCH");
1332 char *endptr = env;
1333 errno = 0;
1334 if (env && *env) {
1335 source_date_epoch = strtoull(env, &endptr, 10);
1336 if (errno || (endptr && *endptr != '\0')) {
1337 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1338 exit(1);
1339 }
1340 }
1341 }
1342
1343 /** Generates the partition-table partition */
1344 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1345 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1346
1347 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1348
1349 *(s++) = 0x00;
1350 *(s++) = 0x04;
1351 *(s++) = 0x00;
1352 *(s++) = 0x00;
1353
1354 size_t i;
1355 for (i = 0; p[i].name; i++) {
1356 size_t len = end-s;
1357 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1358
1359 if (w > len-1)
1360 error(1, 0, "flash partition table overflow?");
1361
1362 s += w;
1363 }
1364
1365 s++;
1366
1367 memset(s, 0xff, end-s);
1368
1369 return entry;
1370 }
1371
1372
1373 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1374 static inline uint8_t bcd(uint8_t v) {
1375 return 0x10 * (v/10) + v%10;
1376 }
1377
1378
1379 /** Generates the soft-version partition */
1380 static struct image_partition_entry make_soft_version(uint32_t rev) {
1381 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1382 struct soft_version *s = (struct soft_version *)entry.data;
1383
1384 time_t t;
1385
1386 if (source_date_epoch != -1)
1387 t = source_date_epoch;
1388 else if (time(&t) == (time_t)(-1))
1389 error(1, errno, "time");
1390
1391 struct tm *tm = localtime(&t);
1392
1393 s->magic = htonl(0x0000000c);
1394 s->zero = 0;
1395 s->pad1 = 0xff;
1396
1397 s->version_major = 0;
1398 s->version_minor = 0;
1399 s->version_patch = 0;
1400
1401 s->year_hi = bcd((1900+tm->tm_year)/100);
1402 s->year_lo = bcd(tm->tm_year%100);
1403 s->month = bcd(tm->tm_mon+1);
1404 s->day = bcd(tm->tm_mday);
1405 s->rev = htonl(rev);
1406
1407 s->pad2 = 0xff;
1408
1409 return entry;
1410 }
1411
1412 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1413 /** String length _including_ the terminating zero byte */
1414 uint32_t ver_len = strlen(soft_ver) + 1;
1415 /** Partition contains 64 bit header, the version string, and one additional null byte */
1416 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1417 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1418
1419 uint32_t *len = (uint32_t *)entry.data;
1420 len[0] = htonl(ver_len);
1421 len[1] = 0;
1422 memcpy(&len[2], soft_ver, ver_len);
1423
1424 entry.data[partition_len - 1] = 0;
1425
1426 return entry;
1427 }
1428
1429 /** Generates the support-list partition */
1430 static struct image_partition_entry make_support_list(struct device_info *info) {
1431 size_t len = strlen(info->support_list);
1432 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1433
1434 put32(entry.data, len);
1435 memset(entry.data+4, 0, 4);
1436 memcpy(entry.data+8, info->support_list, len);
1437 entry.data[len+8] = info->support_trail;
1438
1439 return entry;
1440 }
1441
1442 /** Creates a new image partition with an arbitrary name from a file */
1443 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof, struct flash_partition_entry *file_system_partition) {
1444 struct stat statbuf;
1445
1446 if (stat(filename, &statbuf) < 0)
1447 error(1, errno, "unable to stat file `%s'", filename);
1448
1449 size_t len = statbuf.st_size;
1450
1451 if (add_jffs2_eof)
1452 if (file_system_partition)
1453 len = ALIGN(len + file_system_partition->base, 0x10000) + sizeof(jffs2_eof_mark) - file_system_partition->base;
1454 else
1455 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1456
1457 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1458
1459 FILE *file = fopen(filename, "rb");
1460 if (!file)
1461 error(1, errno, "unable to open file `%s'", filename);
1462
1463 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1464 error(1, errno, "unable to read file `%s'", filename);
1465
1466 if (add_jffs2_eof) {
1467 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1468
1469 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1470 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1471 }
1472
1473 fclose(file);
1474
1475 return entry;
1476 }
1477
1478 /** Creates a new image partition from arbitrary data */
1479 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1480
1481 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1482
1483 memcpy(entry.data, datain, len);
1484
1485 return entry;
1486 }
1487
1488 /**
1489 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1490
1491 Example image partition table:
1492
1493 fwup-ptn partition-table base 0x00800 size 0x00800
1494 fwup-ptn os-image base 0x01000 size 0x113b45
1495 fwup-ptn file-system base 0x114b45 size 0x1d0004
1496 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1497
1498 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1499 the end of the partition table is marked with a zero byte.
1500
1501 The firmware image must contain at least the partition-table and support-list partitions
1502 to be accepted. There aren't any alignment constraints for the image partitions.
1503
1504 The partition-table partition contains the actual flash layout; partitions
1505 from the image partition table are mapped to the corresponding flash partitions during
1506 the firmware upgrade. The support-list partition contains a list of devices supported by
1507 the firmware image.
1508
1509 The base offsets in the firmware partition table are relative to the end
1510 of the vendor information block, so the partition-table partition will
1511 actually start at offset 0x1814 of the image.
1512
1513 I think partition-table must be the first partition in the firmware image.
1514 */
1515 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1516 size_t i, j;
1517 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1518
1519 size_t base = 0x800;
1520 for (i = 0; parts[i].name; i++) {
1521 for (j = 0; flash_parts[j].name; j++) {
1522 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1523 if (parts[i].size > flash_parts[j].size)
1524 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1525 break;
1526 }
1527 }
1528
1529 assert(flash_parts[j].name);
1530
1531 memcpy(buffer + base, parts[i].data, parts[i].size);
1532
1533 size_t len = end-image_pt;
1534 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1535
1536 if (w > len-1)
1537 error(1, 0, "image partition table overflow?");
1538
1539 image_pt += w;
1540
1541 base += parts[i].size;
1542 }
1543 }
1544
1545 /** Generates and writes the image MD5 checksum */
1546 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1547 MD5_CTX ctx;
1548
1549 MD5_Init(&ctx);
1550 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1551 MD5_Update(&ctx, buffer, len);
1552 MD5_Final(md5, &ctx);
1553 }
1554
1555
1556 /**
1557 Generates the firmware image in factory format
1558
1559 Image format:
1560
1561 Bytes (hex) Usage
1562 ----------- -----
1563 0000-0003 Image size (4 bytes, big endian)
1564 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1565 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1566 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1567 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1568 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1569 1814-xxxx Firmware partitions
1570 */
1571 static void * generate_factory_image(struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1572 *len = 0x1814;
1573
1574 size_t i;
1575 for (i = 0; parts[i].name; i++)
1576 *len += parts[i].size;
1577
1578 uint8_t *image = malloc(*len);
1579 if (!image)
1580 error(1, errno, "malloc");
1581
1582 memset(image, 0xff, *len);
1583 put32(image, *len);
1584
1585 if (info->vendor) {
1586 size_t vendor_len = strlen(info->vendor);
1587 put32(image+0x14, vendor_len);
1588 memcpy(image+0x18, info->vendor, vendor_len);
1589 }
1590
1591 put_partitions(image + 0x1014, info->partitions, parts);
1592 put_md5(image+0x04, image+0x14, *len-0x14);
1593
1594 return image;
1595 }
1596
1597 /**
1598 Generates the firmware image in sysupgrade format
1599
1600 This makes some assumptions about the provided flash and image partition tables and
1601 should be generalized when TP-LINK starts building its safeloader into hardware with
1602 different flash layouts.
1603 */
1604 static void * generate_sysupgrade_image(struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1605 size_t i, j;
1606 size_t flash_first_partition_index = 0;
1607 size_t flash_last_partition_index = 0;
1608 const struct flash_partition_entry *flash_first_partition = NULL;
1609 const struct flash_partition_entry *flash_last_partition = NULL;
1610 const struct image_partition_entry *image_last_partition = NULL;
1611
1612 /** Find first and last partitions */
1613 for (i = 0; info->partitions[i].name; i++) {
1614 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1615 flash_first_partition = &info->partitions[i];
1616 flash_first_partition_index = i;
1617 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1618 flash_last_partition = &info->partitions[i];
1619 flash_last_partition_index = i;
1620 }
1621 }
1622
1623 assert(flash_first_partition && flash_last_partition);
1624 assert(flash_first_partition_index < flash_last_partition_index);
1625
1626 /** Find last partition from image to calculate needed size */
1627 for (i = 0; image_parts[i].name; i++) {
1628 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1629 image_last_partition = &image_parts[i];
1630 break;
1631 }
1632 }
1633
1634 assert(image_last_partition);
1635
1636 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1637
1638 uint8_t *image = malloc(*len);
1639 if (!image)
1640 error(1, errno, "malloc");
1641
1642 memset(image, 0xff, *len);
1643
1644 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1645 for (j = 0; image_parts[j].name; j++) {
1646 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1647 if (image_parts[j].size > info->partitions[i].size)
1648 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1649 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1650 break;
1651 }
1652
1653 assert(image_parts[j].name);
1654 }
1655 }
1656
1657 return image;
1658 }
1659
1660 /** Generates an image according to a given layout and writes it to a file */
1661 static void build_image(const char *output,
1662 const char *kernel_image,
1663 const char *rootfs_image,
1664 uint32_t rev,
1665 bool add_jffs2_eof,
1666 bool sysupgrade,
1667 struct device_info *info) {
1668
1669 size_t i;
1670
1671 struct image_partition_entry parts[7] = {};
1672
1673 struct flash_partition_entry *firmware_partition = NULL;
1674 struct flash_partition_entry *os_image_partition = NULL;
1675 struct flash_partition_entry *file_system_partition = NULL;
1676 size_t firmware_partition_index = 0;
1677
1678 for (i = 0; info->partitions[i].name; i++) {
1679 if (!strcmp(info->partitions[i].name, "firmware"))
1680 {
1681 firmware_partition = &info->partitions[i];
1682 firmware_partition_index = i;
1683 }
1684 }
1685
1686 if (firmware_partition)
1687 {
1688 os_image_partition = &info->partitions[firmware_partition_index];
1689 file_system_partition = &info->partitions[firmware_partition_index + 1];
1690
1691 struct stat kernel;
1692 if (stat(kernel_image, &kernel) < 0)
1693 error(1, errno, "unable to stat file `%s'", kernel_image);
1694
1695 if (kernel.st_size > firmware_partition->size)
1696 error(1, 0, "kernel overflowed firmware partition\n");
1697
1698 for (i = MAX_PARTITIONS-1; i >= firmware_partition_index + 1; i--)
1699 info->partitions[i+1] = info->partitions[i];
1700
1701 file_system_partition->name = "file-system";
1702 file_system_partition->base = firmware_partition->base + kernel.st_size;
1703
1704 /* Align partition start to erase blocks for factory images only */
1705 if (!sysupgrade)
1706 file_system_partition->base = ALIGN(firmware_partition->base + kernel.st_size, 0x10000);
1707
1708 file_system_partition->size = firmware_partition->size - file_system_partition->base;
1709
1710 os_image_partition->name = "os-image";
1711 os_image_partition->size = kernel.st_size;
1712 }
1713
1714 parts[0] = make_partition_table(info->partitions);
1715 if (info->soft_ver)
1716 parts[1] = make_soft_version_from_string(info->soft_ver);
1717 else
1718 parts[1] = make_soft_version(rev);
1719
1720 parts[2] = make_support_list(info);
1721 parts[3] = read_file("os-image", kernel_image, false, NULL);
1722 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof, file_system_partition);
1723
1724 /* Some devices need the extra-para partition to accept the firmware */
1725 if (strcasecmp(info->id, "ARCHER-C2-V3") == 0 ||
1726 strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1727 strcasecmp(info->id, "ARCHER-C59-V2") == 0 ||
1728 strcasecmp(info->id, "ARCHER-C60-V2") == 0 ||
1729 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1730 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1731 parts[5] = put_data("extra-para", mdat, 11);
1732 } else if (strcasecmp(info->id, "ARCHER-A7-V5") == 0 || strcasecmp(info->id, "ARCHER-C7-V4") == 0 || strcasecmp(info->id, "ARCHER-C7-V5") == 0) {
1733 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1734 parts[5] = put_data("extra-para", mdat, 11);
1735 } else if (strcasecmp(info->id, "ARCHER-C6-V2") == 0) {
1736 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00};
1737 parts[5] = put_data("extra-para", mdat, 11);
1738 }
1739
1740 size_t len;
1741 void *image;
1742 if (sysupgrade)
1743 image = generate_sysupgrade_image(info, parts, &len);
1744 else
1745 image = generate_factory_image(info, parts, &len);
1746
1747 FILE *file = fopen(output, "wb");
1748 if (!file)
1749 error(1, errno, "unable to open output file");
1750
1751 if (fwrite(image, len, 1, file) != 1)
1752 error(1, 0, "unable to write output file");
1753
1754 fclose(file);
1755
1756 free(image);
1757
1758 for (i = 0; parts[i].name; i++)
1759 free_image_partition(parts[i]);
1760 }
1761
1762 /** Usage output */
1763 static void usage(const char *argv0) {
1764 fprintf(stderr,
1765 "Usage: %s [OPTIONS...]\n"
1766 "\n"
1767 "Options:\n"
1768 " -h show this help\n"
1769 "\n"
1770 "Create a new image:\n"
1771 " -B <board> create image for the board specified with <board>\n"
1772 " -k <file> read kernel image from the file <file>\n"
1773 " -r <file> read rootfs image from the file <file>\n"
1774 " -o <file> write output to the file <file>\n"
1775 " -V <rev> sets the revision number to <rev>\n"
1776 " -j add jffs2 end-of-filesystem markers\n"
1777 " -S create sysupgrade instead of factory image\n"
1778 "Extract an old image:\n"
1779 " -x <file> extract all oem firmware partition\n"
1780 " -d <dir> destination to extract the firmware partition\n"
1781 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1782 argv0
1783 );
1784 };
1785
1786
1787 static struct device_info *find_board(const char *id)
1788 {
1789 struct device_info *board = NULL;
1790
1791 for (board = boards; board->id != NULL; board++)
1792 if (strcasecmp(id, board->id) == 0)
1793 return board;
1794
1795 return NULL;
1796 }
1797
1798 static int add_flash_partition(
1799 struct flash_partition_entry *part_list,
1800 size_t max_entries,
1801 const char *name,
1802 unsigned long base,
1803 unsigned long size)
1804 {
1805 int ptr;
1806 /* check if the list has a free entry */
1807 for (ptr = 0; ptr < max_entries; ptr++, part_list++) {
1808 if (part_list->name == NULL &&
1809 part_list->base == 0 &&
1810 part_list->size == 0)
1811 break;
1812 }
1813
1814 if (ptr == max_entries) {
1815 error(1, 0, "No free flash part entry available.");
1816 }
1817
1818 part_list->name = calloc(1, strlen(name) + 1);
1819 if (!part_list->name) {
1820 error(1, 0, "Unable to allocate memory");
1821 }
1822
1823 memcpy((char *)part_list->name, name, strlen(name));
1824 part_list->base = base;
1825 part_list->size = size;
1826
1827 return 0;
1828 }
1829
1830 /** read the partition table into struct flash_partition_entry */
1831 static int read_partition_table(
1832 FILE *file, long offset,
1833 struct flash_partition_entry *entries, size_t max_entries,
1834 int type)
1835 {
1836 char buf[2048];
1837 char *ptr, *end;
1838 const char *parthdr = NULL;
1839 const char *fwuphdr = "fwup-ptn";
1840 const char *flashhdr = "partition";
1841
1842 /* TODO: search for the partition table */
1843
1844 switch(type) {
1845 case 0:
1846 parthdr = fwuphdr;
1847 break;
1848 case 1:
1849 parthdr = flashhdr;
1850 break;
1851 default:
1852 error(1, 0, "Invalid partition table");
1853 }
1854
1855 if (fseek(file, offset, SEEK_SET) < 0)
1856 error(1, errno, "Can not seek in the firmware");
1857
1858 if (fread(buf, 1, 2048, file) < 0)
1859 error(1, errno, "Can not read fwup-ptn from the firmware");
1860
1861 buf[2047] = '\0';
1862
1863 /* look for the partition header */
1864 if (memcmp(buf, parthdr, strlen(parthdr)) != 0) {
1865 fprintf(stderr, "DEBUG: can not find fwuphdr\n");
1866 return 1;
1867 }
1868
1869 ptr = buf;
1870 end = buf + sizeof(buf);
1871 while ((ptr + strlen(parthdr)) < end &&
1872 memcmp(ptr, parthdr, strlen(parthdr)) == 0) {
1873 char *end_part;
1874 char *end_element;
1875
1876 char name[32] = { 0 };
1877 int name_len = 0;
1878 unsigned long base = 0;
1879 unsigned long size = 0;
1880
1881 end_part = memchr(ptr, '\n', (end - ptr));
1882 if (end_part == NULL) {
1883 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1884 break;
1885 }
1886
1887 for (int i = 0; i <= 4; i++) {
1888 if (end_part <= ptr)
1889 break;
1890
1891 end_element = memchr(ptr, 0x20, (end_part - ptr));
1892 if (end_element == NULL) {
1893 error(1, errno, "Ignoring the rest of the partition entries.");
1894 break;
1895 }
1896
1897 switch (i) {
1898 /* partition header */
1899 case 0:
1900 ptr = end_element + 1;
1901 continue;
1902 /* name */
1903 case 1:
1904 name_len = (end_element - ptr) > 31 ? 31 : (end_element - ptr);
1905 strncpy(name, ptr, name_len);
1906 name[name_len] = '\0';
1907 ptr = end_element + 1;
1908 continue;
1909
1910 /* string "base" */
1911 case 2:
1912 ptr = end_element + 1;
1913 continue;
1914
1915 /* actual base */
1916 case 3:
1917 base = strtoul(ptr, NULL, 16);
1918 ptr = end_element + 1;
1919 continue;
1920
1921 /* string "size" */
1922 case 4:
1923 ptr = end_element + 1;
1924 /* actual size. The last element doesn't have a sepeartor */
1925 size = strtoul(ptr, NULL, 16);
1926 /* the part ends with 0x09, 0x0d, 0x0a */
1927 ptr = end_part + 1;
1928 add_flash_partition(entries, max_entries, name, base, size);
1929 continue;
1930 }
1931 }
1932 }
1933
1934 return 0;
1935 }
1936
1937 static void write_partition(
1938 FILE *input_file,
1939 size_t firmware_offset,
1940 struct flash_partition_entry *entry,
1941 FILE *output_file)
1942 {
1943 char buf[4096];
1944 size_t offset;
1945
1946 fseek(input_file, entry->base + firmware_offset, SEEK_SET);
1947
1948 for (offset = 0; sizeof(buf) + offset <= entry->size; offset += sizeof(buf)) {
1949 if (fread(buf, sizeof(buf), 1, input_file) < 0)
1950 error(1, errno, "Can not read partition from input_file");
1951
1952 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1953 error(1, errno, "Can not write partition to output_file");
1954 }
1955 /* write last chunk smaller than buffer */
1956 if (offset < entry->size) {
1957 offset = entry->size - offset;
1958 if (fread(buf, offset, 1, input_file) < 0)
1959 error(1, errno, "Can not read partition from input_file");
1960 if (fwrite(buf, offset, 1, output_file) < 0)
1961 error(1, errno, "Can not write partition to output_file");
1962 }
1963 }
1964
1965 static int extract_firmware_partition(FILE *input_file, size_t firmware_offset, struct flash_partition_entry *entry, const char *output_directory)
1966 {
1967 FILE *output_file;
1968 char output[PATH_MAX];
1969
1970 snprintf(output, PATH_MAX, "%s/%s", output_directory, entry->name);
1971 output_file = fopen(output, "wb+");
1972 if (output_file == NULL) {
1973 error(1, errno, "Can not open output file %s", output);
1974 }
1975
1976 write_partition(input_file, firmware_offset, entry, output_file);
1977
1978 fclose(output_file);
1979
1980 return 0;
1981 }
1982
1983 /** extract all partitions from the firmware file */
1984 static int extract_firmware(const char *input, const char *output_directory)
1985 {
1986 struct flash_partition_entry entries[16] = { 0 };
1987 size_t max_entries = 16;
1988 size_t firmware_offset = 0x1014;
1989 FILE *input_file;
1990
1991 struct stat statbuf;
1992
1993 /* check input file */
1994 if (stat(input, &statbuf)) {
1995 error(1, errno, "Can not read input firmware %s", input);
1996 }
1997
1998 /* check if output directory exists */
1999 if (stat(output_directory, &statbuf)) {
2000 error(1, errno, "Failed to stat output directory %s", output_directory);
2001 }
2002
2003 if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
2004 error(1, errno, "Given output directory is not a directory %s", output_directory);
2005 }
2006
2007 input_file = fopen(input, "rb");
2008
2009 if (read_partition_table(input_file, firmware_offset, entries, 16, 0) != 0) {
2010 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2011 }
2012
2013 for (int i = 0; i < max_entries; i++) {
2014 if (entries[i].name == NULL &&
2015 entries[i].base == 0 &&
2016 entries[i].size == 0)
2017 continue;
2018
2019 extract_firmware_partition(input_file, firmware_offset, &entries[i], output_directory);
2020 }
2021
2022 return 0;
2023 }
2024
2025 static struct flash_partition_entry *find_partition(
2026 struct flash_partition_entry *entries, size_t max_entries,
2027 const char *name, const char *error_msg)
2028 {
2029 for (int i = 0; i < max_entries; i++, entries++) {
2030 if (strcmp(entries->name, name) == 0)
2031 return entries;
2032 }
2033
2034 error(1, 0, "%s", error_msg);
2035 return NULL;
2036 }
2037
2038 static void write_ff(FILE *output_file, size_t size)
2039 {
2040 char buf[4096];
2041 int offset;
2042
2043 memset(buf, 0xff, sizeof(buf));
2044
2045 for (offset = 0; offset + sizeof(buf) < size ; offset += sizeof(buf)) {
2046 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
2047 error(1, errno, "Can not write 0xff to output_file");
2048 }
2049
2050 /* write last chunk smaller than buffer */
2051 if (offset < size) {
2052 offset = size - offset;
2053 if (fwrite(buf, offset, 1, output_file) < 0)
2054 error(1, errno, "Can not write partition to output_file");
2055 }
2056 }
2057
2058 static void convert_firmware(const char *input, const char *output)
2059 {
2060 struct flash_partition_entry fwup[MAX_PARTITIONS] = { 0 };
2061 struct flash_partition_entry flash[MAX_PARTITIONS] = { 0 };
2062 struct flash_partition_entry *fwup_os_image = NULL, *fwup_file_system = NULL;
2063 struct flash_partition_entry *flash_os_image = NULL, *flash_file_system = NULL;
2064 struct flash_partition_entry *fwup_partition_table = NULL;
2065 size_t firmware_offset = 0x1014;
2066 FILE *input_file, *output_file;
2067
2068 struct stat statbuf;
2069
2070 /* check input file */
2071 if (stat(input, &statbuf)) {
2072 error(1, errno, "Can not read input firmware %s", input);
2073 }
2074
2075 input_file = fopen(input, "rb");
2076 if (!input_file)
2077 error(1, 0, "Can not open input firmware %s", input);
2078
2079 output_file = fopen(output, "wb");
2080 if (!output_file)
2081 error(1, 0, "Can not open output firmware %s", output);
2082
2083 if (read_partition_table(input_file, firmware_offset, fwup, MAX_PARTITIONS, 0) != 0) {
2084 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2085 }
2086
2087 fwup_os_image = find_partition(fwup, MAX_PARTITIONS,
2088 "os-image", "Error can not find os-image partition (fwup)");
2089 fwup_file_system = find_partition(fwup, MAX_PARTITIONS,
2090 "file-system", "Error can not find file-system partition (fwup)");
2091 fwup_partition_table = find_partition(fwup, MAX_PARTITIONS,
2092 "partition-table", "Error can not find partition-table partition");
2093
2094 /* the flash partition table has a 0x00000004 magic haeder */
2095 if (read_partition_table(input_file, firmware_offset + fwup_partition_table->base + 4, flash, MAX_PARTITIONS, 1) != 0)
2096 error(1, 0, "Error can not read the partition table (flash)");
2097
2098 flash_os_image = find_partition(flash, MAX_PARTITIONS,
2099 "os-image", "Error can not find os-image partition (flash)");
2100 flash_file_system = find_partition(flash, MAX_PARTITIONS,
2101 "file-system", "Error can not find file-system partition (flash)");
2102
2103 /* write os_image to 0x0 */
2104 write_partition(input_file, firmware_offset, fwup_os_image, output_file);
2105 write_ff(output_file, flash_os_image->size - fwup_os_image->size);
2106
2107 /* write file-system behind os_image */
2108 fseek(output_file, flash_file_system->base - flash_os_image->base, SEEK_SET);
2109 write_partition(input_file, firmware_offset, fwup_file_system, output_file);
2110 write_ff(output_file, flash_file_system->size - fwup_file_system->size);
2111
2112 fclose(output_file);
2113 fclose(input_file);
2114 }
2115
2116 int main(int argc, char *argv[]) {
2117 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
2118 const char *extract_image = NULL, *output_directory = NULL, *convert_image = NULL;
2119 bool add_jffs2_eof = false, sysupgrade = false;
2120 unsigned rev = 0;
2121 struct device_info *info;
2122 set_source_date_epoch();
2123
2124 while (true) {
2125 int c;
2126
2127 c = getopt(argc, argv, "B:k:r:o:V:jSh:x:d:z:");
2128 if (c == -1)
2129 break;
2130
2131 switch (c) {
2132 case 'B':
2133 board = optarg;
2134 break;
2135
2136 case 'k':
2137 kernel_image = optarg;
2138 break;
2139
2140 case 'r':
2141 rootfs_image = optarg;
2142 break;
2143
2144 case 'o':
2145 output = optarg;
2146 break;
2147
2148 case 'V':
2149 sscanf(optarg, "r%u", &rev);
2150 break;
2151
2152 case 'j':
2153 add_jffs2_eof = true;
2154 break;
2155
2156 case 'S':
2157 sysupgrade = true;
2158 break;
2159
2160 case 'h':
2161 usage(argv[0]);
2162 return 0;
2163
2164 case 'd':
2165 output_directory = optarg;
2166 break;
2167
2168 case 'x':
2169 extract_image = optarg;
2170 break;
2171
2172 case 'z':
2173 convert_image = optarg;
2174 break;
2175
2176 default:
2177 usage(argv[0]);
2178 return 1;
2179 }
2180 }
2181
2182 if (extract_image || output_directory) {
2183 if (!extract_image)
2184 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2185 if (!output_directory)
2186 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2187 extract_firmware(extract_image, output_directory);
2188 } else if (convert_image) {
2189 if (!output)
2190 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2191 convert_firmware(convert_image, output);
2192 } else {
2193 if (!board)
2194 error(1, 0, "no board has been specified");
2195 if (!kernel_image)
2196 error(1, 0, "no kernel image has been specified");
2197 if (!rootfs_image)
2198 error(1, 0, "no rootfs image has been specified");
2199 if (!output)
2200 error(1, 0, "no output filename has been specified");
2201
2202 info = find_board(board);
2203
2204 if (info == NULL)
2205 error(1, 0, "unsupported board %s", board);
2206
2207 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
2208 }
2209
2210 return 0;
2211 }
Staging tree of Zoltan Herpai