projects / openwrt / staging / ynezz.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
tools: tplink-safeloader: add C7v5 KR Support
[openwrt/staging/ynezz.git] / tools / firmware-utils / src / tplink-safeloader.c
1 /*
2 Copyright (c) 2014, Matthias Schiffer <mschiffer@universe-factory.net>
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright notice,
11 this list of conditions and the following disclaimer in the documentation
12 and/or other materials provided with the distribution.
13
14 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26
27 /*
28 tplink-safeloader
29
30 Image generation tool for the TP-LINK SafeLoader as seen on
31 TP-LINK Pharos devices (CPE210/220/510/520)
32 */
33
34
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdint.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <arpa/inet.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <limits.h>
50
51 #include "md5.h"
52
53
54 #define ALIGN(x,a) ({ typeof(a) __a = (a); (((x) + __a - 1) & ~(__a - 1)); })
55
56
57 #define MAX_PARTITIONS 32
58
59 /** An image partition table entry */
60 struct image_partition_entry {
61 const char *name;
62 size_t size;
63 uint8_t *data;
64 };
65
66 /** A flash partition table entry */
67 struct flash_partition_entry {
68 char *name;
69 uint32_t base;
70 uint32_t size;
71 };
72
73 /** Firmware layout description */
74 struct device_info {
75 const char *id;
76 const char *vendor;
77 const char *support_list;
78 char support_trail;
79 const char *soft_ver;
80 struct flash_partition_entry partitions[MAX_PARTITIONS+1];
81 const char *first_sysupgrade_partition;
82 const char *last_sysupgrade_partition;
83 };
84
85 /** The content of the soft-version structure */
86 struct __attribute__((__packed__)) soft_version {
87 uint32_t magic;
88 uint32_t zero;
89 uint8_t pad1;
90 uint8_t version_major;
91 uint8_t version_minor;
92 uint8_t version_patch;
93 uint8_t year_hi;
94 uint8_t year_lo;
95 uint8_t month;
96 uint8_t day;
97 uint32_t rev;
98 uint8_t pad2;
99 };
100
101
102 static const uint8_t jffs2_eof_mark[4] = {0xde, 0xad, 0xc0, 0xde};
103
104
105 /**
106 Salt for the MD5 hash
107
108 Fortunately, TP-LINK seems to use the same salt for most devices which use
109 the new image format.
110 */
111 static const uint8_t md5_salt[16] = {
112 0x7a, 0x2b, 0x15, 0xed,
113 0x9b, 0x98, 0x59, 0x6d,
114 0xe5, 0x04, 0xab, 0x44,
115 0xac, 0x2a, 0x9f, 0x4e,
116 };
117
118
119 /** Firmware layout table */
120 static struct device_info boards[] = {
121 /** Firmware layout for the CPE210/220 */
122 {
123 .id = "CPE210",
124 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
125 .support_list =
126 "SupportList:\r\n"
127 "CPE210(TP-LINK|UN|N300-2):1.0\r\n"
128 "CPE210(TP-LINK|UN|N300-2):1.1\r\n"
129 "CPE210(TP-LINK|US|N300-2):1.1\r\n"
130 "CPE210(TP-LINK|EU|N300-2):1.1\r\n"
131 "CPE220(TP-LINK|UN|N300-2):1.1\r\n"
132 "CPE220(TP-LINK|US|N300-2):1.1\r\n"
133 "CPE220(TP-LINK|EU|N300-2):1.1\r\n",
134 .support_trail = '\xff',
135 .soft_ver = NULL,
136
137 .partitions = {
138 {"fs-uboot", 0x00000, 0x20000},
139 {"partition-table", 0x20000, 0x02000},
140 {"default-mac", 0x30000, 0x00020},
141 {"product-info", 0x31100, 0x00100},
142 {"signature", 0x32000, 0x00400},
143 {"os-image", 0x40000, 0x1c0000},
144 {"file-system", 0x200000, 0x5b0000},
145 {"soft-version", 0x7b0000, 0x00100},
146 {"support-list", 0x7b1000, 0x00400},
147 {"user-config", 0x7c0000, 0x10000},
148 {"default-config", 0x7d0000, 0x10000},
149 {"log", 0x7e0000, 0x10000},
150 {"radio", 0x7f0000, 0x10000},
151 {NULL, 0, 0}
152 },
153
154 .first_sysupgrade_partition = "os-image",
155 .last_sysupgrade_partition = "support-list",
156 },
157
158 /** Firmware layout for the CPE210 V2 */
159 {
160 .id = "CPE210V2",
161 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n",
162 .support_list =
163 "SupportList:\r\n"
164 "CPE210(TP-LINK|EU|N300-2|00000000):2.0\r\n"
165 "CPE210(TP-LINK|EU|N300-2|45550000):2.0\r\n"
166 "CPE210(TP-LINK|EU|N300-2|55530000):2.0\r\n"
167 "CPE210(TP-LINK|UN|N300-2|00000000):2.0\r\n"
168 "CPE210(TP-LINK|UN|N300-2|45550000):2.0\r\n"
169 "CPE210(TP-LINK|UN|N300-2|55530000):2.0\r\n"
170 "CPE210(TP-LINK|US|N300-2|55530000):2.0\r\n"
171 "CPE210(TP-LINK|UN|N300-2):2.0\r\n"
172 "CPE210(TP-LINK|EU|N300-2):2.0\r\n"
173 "CPE210(TP-LINK|US|N300-2):2.0\r\n",
174 .support_trail = '\xff',
175 .soft_ver = NULL,
176
177 .partitions = {
178 {"fs-uboot", 0x00000, 0x20000},
179 {"partition-table", 0x20000, 0x02000},
180 {"default-mac", 0x30000, 0x00020},
181 {"product-info", 0x31100, 0x00100},
182 {"device-info", 0x31400, 0x00400},
183 {"signature", 0x32000, 0x00400},
184 {"device-id", 0x33000, 0x00100},
185 {"firmware", 0x40000, 0x770000},
186 {"soft-version", 0x7b0000, 0x00100},
187 {"support-list", 0x7b1000, 0x01000},
188 {"user-config", 0x7c0000, 0x10000},
189 {"default-config", 0x7d0000, 0x10000},
190 {"log", 0x7e0000, 0x10000},
191 {"radio", 0x7f0000, 0x10000},
192 {NULL, 0, 0}
193 },
194
195 .first_sysupgrade_partition = "os-image",
196 .last_sysupgrade_partition = "support-list",
197 },
198
199 /** Firmware layout for the CPE210 V3 */
200 {
201 .id = "CPE210V3",
202 .vendor = "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n",
203 .support_list =
204 "SupportList:\r\n"
205 "CPE210(TP-LINK|EU|N300-2|45550000):3.0\r\n"
206 "CPE210(TP-LINK|UN|N300-2|00000000):3.0\r\n"
207 "CPE210(TP-LINK|UN|N300-2):3.0\r\n"
208 "CPE210(TP-LINK|EU|N300-2):3.0\r\n",
209 .support_trail = '\xff',
210 .soft_ver = NULL,
211
212 .partitions = {
213 {"fs-uboot", 0x00000, 0x20000},
214 {"partition-table", 0x20000, 0x01000},
215 {"default-mac", 0x30000, 0x00020},
216 {"product-info", 0x31100, 0x00100},
217 {"device-info", 0x31400, 0x00400},
218 {"signature", 0x32000, 0x00400},
219 {"device-id", 0x33000, 0x00100},
220 {"firmware", 0x40000, 0x770000},
221 {"soft-version", 0x7b0000, 0x00100},
222 {"support-list", 0x7b1000, 0x01000},
223 {"user-config", 0x7c0000, 0x10000},
224 {"default-config", 0x7d0000, 0x10000},
225 {"log", 0x7e0000, 0x10000},
226 {"radio", 0x7f0000, 0x10000},
227 {NULL, 0, 0}
228 },
229
230 .first_sysupgrade_partition = "os-image",
231 .last_sysupgrade_partition = "support-list",
232 },
233
234 /** Firmware layout for the CPE510/520 */
235 {
236 .id = "CPE510",
237 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
238 .support_list =
239 "SupportList:\r\n"
240 "CPE510(TP-LINK|UN|N300-5):1.0\r\n"
241 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
242 "CPE510(TP-LINK|UN|N300-5):1.1\r\n"
243 "CPE510(TP-LINK|US|N300-5):1.1\r\n"
244 "CPE510(TP-LINK|EU|N300-5):1.1\r\n"
245 "CPE520(TP-LINK|UN|N300-5):1.1\r\n"
246 "CPE520(TP-LINK|US|N300-5):1.1\r\n"
247 "CPE520(TP-LINK|EU|N300-5):1.1\r\n"
248 "CPE510(TP-LINK|EU|N300-5|00000000):2.0\r\n"
249 "CPE510(TP-LINK|EU|N300-5|45550000):2.0\r\n"
250 "CPE510(TP-LINK|EU|N300-5|55530000):2.0\r\n"
251 "CPE510(TP-LINK|UN|N300-5|00000000):2.0\r\n"
252 "CPE510(TP-LINK|UN|N300-5|45550000):2.0\r\n"
253 "CPE510(TP-LINK|UN|N300-5|55530000):2.0\r\n"
254 "CPE510(TP-LINK|US|N300-5|55530000):2.0\r\n"
255 "CPE510(TP-LINK|UN|N300-5):2.0\r\n"
256 "CPE510(TP-LINK|EU|N300-5):2.0\r\n"
257 "CPE510(TP-LINK|US|N300-5):2.0\r\n",
258 .support_trail = '\xff',
259 .soft_ver = NULL,
260
261 .partitions = {
262 {"fs-uboot", 0x00000, 0x20000},
263 {"partition-table", 0x20000, 0x02000},
264 {"default-mac", 0x30000, 0x00020},
265 {"product-info", 0x31100, 0x00100},
266 {"signature", 0x32000, 0x00400},
267 {"os-image", 0x40000, 0x1c0000},
268 {"file-system", 0x200000, 0x5b0000},
269 {"soft-version", 0x7b0000, 0x00100},
270 {"support-list", 0x7b1000, 0x00400},
271 {"user-config", 0x7c0000, 0x10000},
272 {"default-config", 0x7d0000, 0x10000},
273 {"log", 0x7e0000, 0x10000},
274 {"radio", 0x7f0000, 0x10000},
275 {NULL, 0, 0}
276 },
277
278 .first_sysupgrade_partition = "os-image",
279 .last_sysupgrade_partition = "support-list",
280 },
281
282 {
283 .id = "WBS210",
284 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
285 .support_list =
286 "SupportList:\r\n"
287 "WBS210(TP-LINK|UN|N300-2):1.20\r\n"
288 "WBS210(TP-LINK|US|N300-2):1.20\r\n"
289 "WBS210(TP-LINK|EU|N300-2):1.20\r\n",
290 .support_trail = '\xff',
291 .soft_ver = NULL,
292
293 .partitions = {
294 {"fs-uboot", 0x00000, 0x20000},
295 {"partition-table", 0x20000, 0x02000},
296 {"default-mac", 0x30000, 0x00020},
297 {"product-info", 0x31100, 0x00100},
298 {"signature", 0x32000, 0x00400},
299 {"os-image", 0x40000, 0x1c0000},
300 {"file-system", 0x200000, 0x5b0000},
301 {"soft-version", 0x7b0000, 0x00100},
302 {"support-list", 0x7b1000, 0x00400},
303 {"user-config", 0x7c0000, 0x10000},
304 {"default-config", 0x7d0000, 0x10000},
305 {"log", 0x7e0000, 0x10000},
306 {"radio", 0x7f0000, 0x10000},
307 {NULL, 0, 0}
308 },
309
310 .first_sysupgrade_partition = "os-image",
311 .last_sysupgrade_partition = "support-list",
312 },
313
314 {
315 .id = "WBS510",
316 .vendor = "CPE510(TP-LINK|UN|N300-5):1.0\r\n",
317 .support_list =
318 "SupportList:\r\n"
319 "WBS510(TP-LINK|UN|N300-5):1.20\r\n"
320 "WBS510(TP-LINK|US|N300-5):1.20\r\n"
321 "WBS510(TP-LINK|EU|N300-5):1.20\r\n",
322 .support_trail = '\xff',
323 .soft_ver = NULL,
324
325 .partitions = {
326 {"fs-uboot", 0x00000, 0x20000},
327 {"partition-table", 0x20000, 0x02000},
328 {"default-mac", 0x30000, 0x00020},
329 {"product-info", 0x31100, 0x00100},
330 {"signature", 0x32000, 0x00400},
331 {"os-image", 0x40000, 0x1c0000},
332 {"file-system", 0x200000, 0x5b0000},
333 {"soft-version", 0x7b0000, 0x00100},
334 {"support-list", 0x7b1000, 0x00400},
335 {"user-config", 0x7c0000, 0x10000},
336 {"default-config", 0x7d0000, 0x10000},
337 {"log", 0x7e0000, 0x10000},
338 {"radio", 0x7f0000, 0x10000},
339 {NULL, 0, 0}
340 },
341
342 .first_sysupgrade_partition = "os-image",
343 .last_sysupgrade_partition = "support-list",
344 },
345
346 /** Firmware layout for the C2600 */
347 {
348 .id = "C2600",
349 .vendor = "",
350 .support_list =
351 "SupportList:\r\n"
352 "{product_name:Archer C2600,product_ver:1.0.0,special_id:00000000}\r\n",
353 .support_trail = '\x00',
354 .soft_ver = NULL,
355
356 /**
357 We use a bigger os-image partition than the stock images (and thus
358 smaller file-system), as our kernel doesn't fit in the stock firmware's
359 2 MB os-image since kernel 4.14.
360 */
361 .partitions = {
362 {"SBL1", 0x00000, 0x20000},
363 {"MIBIB", 0x20000, 0x20000},
364 {"SBL2", 0x40000, 0x20000},
365 {"SBL3", 0x60000, 0x30000},
366 {"DDRCONFIG", 0x90000, 0x10000},
367 {"SSD", 0xa0000, 0x10000},
368 {"TZ", 0xb0000, 0x30000},
369 {"RPM", 0xe0000, 0x20000},
370 {"fs-uboot", 0x100000, 0x70000},
371 {"uboot-env", 0x170000, 0x40000},
372 {"radio", 0x1b0000, 0x40000},
373 {"os-image", 0x1f0000, 0x400000}, /* Stock: base 0x1f0000 size 0x200000 */
374 {"file-system", 0x5f0000, 0x1900000}, /* Stock: base 0x3f0000 size 0x1b00000 */
375 {"default-mac", 0x1ef0000, 0x00200},
376 {"pin", 0x1ef0200, 0x00200},
377 {"product-info", 0x1ef0400, 0x0fc00},
378 {"partition-table", 0x1f00000, 0x10000},
379 {"soft-version", 0x1f10000, 0x10000},
380 {"support-list", 0x1f20000, 0x10000},
381 {"profile", 0x1f30000, 0x10000},
382 {"default-config", 0x1f40000, 0x10000},
383 {"user-config", 0x1f50000, 0x40000},
384 {"qos-db", 0x1f90000, 0x40000},
385 {"usb-config", 0x1fd0000, 0x10000},
386 {"log", 0x1fe0000, 0x20000},
387 {NULL, 0, 0}
388 },
389
390 .first_sysupgrade_partition = "os-image",
391 .last_sysupgrade_partition = "file-system"
392 },
393
394 /** Firmware layout for the A7-V5 */
395 {
396 .id = "ARCHER-A7-V5",
397 .support_list =
398 "SupportList:\n"
399 "{product_name:Archer A7,product_ver:5.0.0,special_id:45550000}\n"
400 "{product_name:Archer A7,product_ver:5.0.0,special_id:55530000}\n"
401 "{product_name:Archer A7,product_ver:5.0.0,special_id:43410000}\n"
402 "{product_name:Archer A7,product_ver:5.0.0,special_id:4A500000}\n"
403 "{product_name:Archer A7,product_ver:5.0.0,special_id:54570000}\n",
404 .support_trail = '\x00',
405 .soft_ver = "soft_ver:1.0.0\n",
406
407 /* We're using a dynamic kernel/rootfs split here */
408 .partitions = {
409 {"factory-boot", 0x00000, 0x20000},
410 {"fs-uboot", 0x20000, 0x20000},
411 {"firmware", 0x40000, 0xec0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
412 /* Stock: name file-system base 0x160000 size 0xda0000 */
413 {"default-mac", 0xf40000, 0x00200},
414 {"pin", 0xf40200, 0x00200},
415 {"device-id", 0xf40400, 0x00100},
416 {"product-info", 0xf40500, 0x0fb00},
417 {"soft-version", 0xf50000, 0x00100},
418 {"extra-para", 0xf51000, 0x01000},
419 {"support-list", 0xf52000, 0x0a000},
420 {"profile", 0xf5c000, 0x04000},
421 {"default-config", 0xf60000, 0x10000},
422 {"user-config", 0xf70000, 0x40000},
423 {"certificate", 0xfb0000, 0x10000},
424 {"partition-table", 0xfc0000, 0x10000},
425 {"log", 0xfd0000, 0x20000},
426 {"radio", 0xff0000, 0x10000},
427 {NULL, 0, 0}
428 },
429
430 .first_sysupgrade_partition = "os-image",
431 .last_sysupgrade_partition = "file-system",
432 },
433
434 /** Firmware layout for the C2v3 */
435 {
436 .id = "ARCHER-C2-V3",
437 .support_list =
438 "SupportList:\n"
439 "{product_name:ArcherC2,product_ver:3.0.0,special_id:00000000}\n"
440 "{product_name:ArcherC2,product_ver:3.0.0,special_id:55530000}\n"
441 "{product_name:ArcherC2,product_ver:3.0.0,special_id:45550000}\n",
442 .support_trail = '\x00',
443 .soft_ver = "soft_ver:3.0.1\n",
444
445 /** We're using a dynamic kernel/rootfs split here */
446
447 .partitions = {
448 {"factory-boot", 0x00000, 0x20000},
449 {"fs-uboot", 0x20000, 0x10000},
450 {"firmware", 0x30000, 0x7a0000},
451 {"user-config", 0x7d0000, 0x04000},
452 {"default-mac", 0x7e0000, 0x00100},
453 {"device-id", 0x7e0100, 0x00100},
454 {"extra-para", 0x7e0200, 0x00100},
455 {"pin", 0x7e0300, 0x00100},
456 {"support-list", 0x7e0400, 0x00400},
457 {"soft-version", 0x7e0800, 0x00400},
458 {"product-info", 0x7e0c00, 0x01400},
459 {"partition-table", 0x7e2000, 0x01000},
460 {"profile", 0x7e3000, 0x01000},
461 {"default-config", 0x7e4000, 0x04000},
462 {"merge-config", 0x7ec000, 0x02000},
463 {"qos-db", 0x7ee000, 0x02000},
464 {"radio", 0x7f0000, 0x10000},
465 {NULL, 0, 0}
466 },
467
468 .first_sysupgrade_partition = "os-image",
469 .last_sysupgrade_partition = "file-system",
470 },
471
472 /** Firmware layout for the C25v1 */
473 {
474 .id = "ARCHER-C25-V1",
475 .support_list =
476 "SupportList:\n"
477 "{product_name:ArcherC25,product_ver:1.0.0,special_id:00000000}\n"
478 "{product_name:ArcherC25,product_ver:1.0.0,special_id:55530000}\n"
479 "{product_name:ArcherC25,product_ver:1.0.0,special_id:45550000}\n",
480 .support_trail = '\x00',
481 .soft_ver = "soft_ver:1.0.0\n",
482
483 /* We're using a dynamic kernel/rootfs split here */
484 .partitions = {
485 {"factory-boot", 0x00000, 0x20000},
486 {"fs-uboot", 0x20000, 0x10000},
487 {"firmware", 0x30000, 0x7a0000}, /* Stock: name os-image base 0x30000 size 0x100000 */
488 /* Stock: name file-system base 0x130000 size 0x6a0000 */
489 {"user-config", 0x7d0000, 0x04000},
490 {"default-mac", 0x7e0000, 0x00100},
491 {"device-id", 0x7e0100, 0x00100},
492 {"extra-para", 0x7e0200, 0x00100},
493 {"pin", 0x7e0300, 0x00100},
494 {"support-list", 0x7e0400, 0x00400},
495 {"soft-version", 0x7e0800, 0x00400},
496 {"product-info", 0x7e0c00, 0x01400},
497 {"partition-table", 0x7e2000, 0x01000},
498 {"profile", 0x7e3000, 0x01000},
499 {"default-config", 0x7e4000, 0x04000},
500 {"merge-config", 0x7ec000, 0x02000},
501 {"qos-db", 0x7ee000, 0x02000},
502 {"radio", 0x7f0000, 0x10000},
503 {NULL, 0, 0}
504 },
505
506 .first_sysupgrade_partition = "os-image",
507 .last_sysupgrade_partition = "file-system",
508 },
509
510 /** Firmware layout for the C58v1 */
511 {
512 .id = "ARCHER-C58-V1",
513 .vendor = "",
514 .support_list =
515 "SupportList:\r\n"
516 "{product_name:Archer C58,product_ver:1.0.0,special_id:00000000}\r\n"
517 "{product_name:Archer C58,product_ver:1.0.0,special_id:45550000}\r\n"
518 "{product_name:Archer C58,product_ver:1.0.0,special_id:55530000}\r\n",
519 .support_trail = '\x00',
520 .soft_ver = "soft_ver:1.0.0\n",
521
522 .partitions = {
523 {"fs-uboot", 0x00000, 0x10000},
524 {"default-mac", 0x10000, 0x00200},
525 {"pin", 0x10200, 0x00200},
526 {"product-info", 0x10400, 0x00100},
527 {"partition-table", 0x10500, 0x00800},
528 {"soft-version", 0x11300, 0x00200},
529 {"support-list", 0x11500, 0x00100},
530 {"device-id", 0x11600, 0x00100},
531 {"profile", 0x11700, 0x03900},
532 {"default-config", 0x15000, 0x04000},
533 {"user-config", 0x19000, 0x04000},
534 {"firmware", 0x20000, 0x7c8000},
535 {"certyficate", 0x7e8000, 0x08000},
536 {"radio", 0x7f0000, 0x10000},
537 {NULL, 0, 0}
538 },
539
540 .first_sysupgrade_partition = "os-image",
541 .last_sysupgrade_partition = "file-system",
542 },
543
544 /** Firmware layout for the C59v1 */
545 {
546 .id = "ARCHER-C59-V1",
547 .vendor = "",
548 .support_list =
549 "SupportList:\r\n"
550 "{product_name:Archer C59,product_ver:1.0.0,special_id:00000000}\r\n"
551 "{product_name:Archer C59,product_ver:1.0.0,special_id:45550000}\r\n"
552 "{product_name:Archer C59,product_ver:1.0.0,special_id:52550000}\r\n"
553 "{product_name:Archer C59,product_ver:1.0.0,special_id:55530000}\r\n",
554 .support_trail = '\x00',
555 .soft_ver = "soft_ver:1.0.0\n",
556
557 /* We're using a dynamic kernel/rootfs split here */
558 .partitions = {
559 {"fs-uboot", 0x00000, 0x10000},
560 {"default-mac", 0x10000, 0x00200},
561 {"pin", 0x10200, 0x00200},
562 {"device-id", 0x10400, 0x00100},
563 {"product-info", 0x10500, 0x0fb00},
564 {"firmware", 0x20000, 0xe30000},
565 {"partition-table", 0xe50000, 0x10000},
566 {"soft-version", 0xe60000, 0x10000},
567 {"support-list", 0xe70000, 0x10000},
568 {"profile", 0xe80000, 0x10000},
569 {"default-config", 0xe90000, 0x10000},
570 {"user-config", 0xea0000, 0x40000},
571 {"usb-config", 0xee0000, 0x10000},
572 {"certificate", 0xef0000, 0x10000},
573 {"qos-db", 0xf00000, 0x40000},
574 {"log", 0xfe0000, 0x10000},
575 {"radio", 0xff0000, 0x10000},
576 {NULL, 0, 0}
577 },
578
579 .first_sysupgrade_partition = "os-image",
580 .last_sysupgrade_partition = "file-system",
581 },
582
583 /** Firmware layout for the C59v2 */
584 {
585 .id = "ARCHER-C59-V2",
586 .vendor = "",
587 .support_list =
588 "SupportList:\r\n"
589 "{product_name:Archer C59,product_ver:2.0.0,special_id:00000000}\r\n"
590 "{product_name:Archer C59,product_ver:2.0.0,special_id:45550000}\r\n"
591 "{product_name:Archer C59,product_ver:2.0.0,special_id:55530000}\r\n",
592 .support_trail = '\x00',
593 .soft_ver = "soft_ver:2.0.0 Build 20161206 rel.7303\n",
594
595 /** We're using a dynamic kernel/rootfs split here */
596 .partitions = {
597 {"factory-boot", 0x00000, 0x20000},
598 {"fs-uboot", 0x20000, 0x10000},
599 {"default-mac", 0x30000, 0x00200},
600 {"pin", 0x30200, 0x00200},
601 {"device-id", 0x30400, 0x00100},
602 {"product-info", 0x30500, 0x0fb00},
603 {"firmware", 0x40000, 0xe10000},
604 {"partition-table", 0xe50000, 0x10000},
605 {"soft-version", 0xe60000, 0x10000},
606 {"support-list", 0xe70000, 0x10000},
607 {"profile", 0xe80000, 0x10000},
608 {"default-config", 0xe90000, 0x10000},
609 {"user-config", 0xea0000, 0x40000},
610 {"usb-config", 0xee0000, 0x10000},
611 {"certificate", 0xef0000, 0x10000},
612 {"extra-para", 0xf00000, 0x10000},
613 {"qos-db", 0xf10000, 0x30000},
614 {"log", 0xfe0000, 0x10000},
615 {"radio", 0xff0000, 0x10000},
616 {NULL, 0, 0}
617 },
618
619 .first_sysupgrade_partition = "os-image",
620 .last_sysupgrade_partition = "file-system",
621 },
622
623 /** Firmware layout for the C6v2 */
624 {
625 .id = "ARCHER-C6-V2",
626 .vendor = "",
627 .support_list =
628 "SupportList:\r\n"
629 "{product_name:Archer C6,product_ver:2.0.0,special_id:45550000}\r\n"
630 "{product_name:Archer C6,product_ver:2.0.0,special_id:52550000}\r\n"
631 "{product_name:Archer C6,product_ver:2.0.0,special_id:4A500000}\r\n",
632 .support_trail = '\x00',
633 .soft_ver = "soft_ver:1.0.0\n",
634
635 .partitions = {
636 {"fs-uboot", 0x00000, 0x20000},
637 {"default-mac", 0x20000, 0x00200},
638 {"pin", 0x20200, 0x00100},
639 {"product-info", 0x20300, 0x00200},
640 {"device-id", 0x20500, 0x0fb00},
641 {"firmware", 0x30000, 0x7a9400},
642 {"soft-version", 0x7d9400, 0x00100},
643 {"extra-para", 0x7d9500, 0x00100},
644 {"support-list", 0x7d9600, 0x00200},
645 {"profile", 0x7d9800, 0x03000},
646 {"default-config", 0x7dc800, 0x03000},
647 {"partition-table", 0x7df800, 0x00800},
648 {"user-config", 0x7e0000, 0x0c000},
649 {"certificate", 0x7ec000, 0x04000},
650 {"radio", 0x7f0000, 0x10000},
651 {NULL, 0, 0}
652 },
653
654 .first_sysupgrade_partition = "os-image",
655 .last_sysupgrade_partition = "file-system",
656 },
657
658
659 /** Firmware layout for the C60v1 */
660 {
661 .id = "ARCHER-C60-V1",
662 .vendor = "",
663 .support_list =
664 "SupportList:\r\n"
665 "{product_name:Archer C60,product_ver:1.0.0,special_id:00000000}\r\n"
666 "{product_name:Archer C60,product_ver:1.0.0,special_id:45550000}\r\n"
667 "{product_name:Archer C60,product_ver:1.0.0,special_id:55530000}\r\n",
668 .support_trail = '\x00',
669 .soft_ver = "soft_ver:1.0.0\n",
670
671 .partitions = {
672 {"fs-uboot", 0x00000, 0x10000},
673 {"default-mac", 0x10000, 0x00200},
674 {"pin", 0x10200, 0x00200},
675 {"product-info", 0x10400, 0x00100},
676 {"partition-table", 0x10500, 0x00800},
677 {"soft-version", 0x11300, 0x00200},
678 {"support-list", 0x11500, 0x00100},
679 {"device-id", 0x11600, 0x00100},
680 {"profile", 0x11700, 0x03900},
681 {"default-config", 0x15000, 0x04000},
682 {"user-config", 0x19000, 0x04000},
683 {"firmware", 0x20000, 0x7c8000},
684 {"certyficate", 0x7e8000, 0x08000},
685 {"radio", 0x7f0000, 0x10000},
686 {NULL, 0, 0}
687 },
688
689 .first_sysupgrade_partition = "os-image",
690 .last_sysupgrade_partition = "file-system",
691 },
692
693 /** Firmware layout for the C60v2 */
694 {
695 .id = "ARCHER-C60-V2",
696 .vendor = "",
697 .support_list =
698 "SupportList:\r\n"
699 "{product_name:Archer C60,product_ver:2.0.0,special_id:42520000}\r\n"
700 "{product_name:Archer C60,product_ver:2.0.0,special_id:45550000}\r\n"
701 "{product_name:Archer C60,product_ver:2.0.0,special_id:55530000}\r\n",
702 .support_trail = '\x00',
703 .soft_ver = "soft_ver:2.0.0\n",
704
705 .partitions = {
706 {"factory-boot", 0x00000, 0x1fb00},
707 {"default-mac", 0x1fb00, 0x00200},
708 {"pin", 0x1fd00, 0x00100},
709 {"product-info", 0x1fe00, 0x00100},
710 {"device-id", 0x1ff00, 0x00100},
711 {"fs-uboot", 0x20000, 0x10000},
712 {"firmware", 0x30000, 0x7a0000},
713 {"soft-version", 0x7d9500, 0x00100},
714 {"support-list", 0x7d9600, 0x00100},
715 {"extra-para", 0x7d9700, 0x00100},
716 {"profile", 0x7d9800, 0x03000},
717 {"default-config", 0x7dc800, 0x03000},
718 {"partition-table", 0x7df800, 0x00800},
719 {"user-config", 0x7e0000, 0x0c000},
720 {"certificate", 0x7ec000, 0x04000},
721 {"radio", 0x7f0000, 0x10000},
722 {NULL, 0, 0}
723 },
724
725 .first_sysupgrade_partition = "os-image",
726 .last_sysupgrade_partition = "file-system",
727 },
728
729 /** Firmware layout for the C5 */
730 {
731 .id = "ARCHER-C5-V2",
732 .vendor = "",
733 .support_list =
734 "SupportList:\r\n"
735 "{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}\r\n"
736 "{product_name:ArcherC5,product_ver:2.0.0,special_id:55530000}\r\n"
737 "{product_name:ArcherC5,product_ver:2.0.0,special_id:4A500000}\r\n", /* JP version */
738 .support_trail = '\x00',
739 .soft_ver = NULL,
740
741 .partitions = {
742 {"fs-uboot", 0x00000, 0x40000},
743 {"os-image", 0x40000, 0x200000},
744 {"file-system", 0x240000, 0xc00000},
745 {"default-mac", 0xe40000, 0x00200},
746 {"pin", 0xe40200, 0x00200},
747 {"product-info", 0xe40400, 0x00200},
748 {"partition-table", 0xe50000, 0x10000},
749 {"soft-version", 0xe60000, 0x00200},
750 {"support-list", 0xe61000, 0x0f000},
751 {"profile", 0xe70000, 0x10000},
752 {"default-config", 0xe80000, 0x10000},
753 {"user-config", 0xe90000, 0x50000},
754 {"log", 0xee0000, 0x100000},
755 {"radio_bk", 0xfe0000, 0x10000},
756 {"radio", 0xff0000, 0x10000},
757 {NULL, 0, 0}
758 },
759
760 .first_sysupgrade_partition = "os-image",
761 .last_sysupgrade_partition = "file-system"
762 },
763
764 /** Firmware layout for the C7 */
765 {
766 .id = "ARCHER-C7-V4",
767 .support_list =
768 "SupportList:\n"
769 "{product_name:Archer C7,product_ver:4.0.0,special_id:00000000}\n"
770 "{product_name:Archer C7,product_ver:4.0.0,special_id:41550000}\n"
771 "{product_name:Archer C7,product_ver:4.0.0,special_id:45550000}\n"
772 "{product_name:Archer C7,product_ver:4.0.0,special_id:4B520000}\n"
773 "{product_name:Archer C7,product_ver:4.0.0,special_id:42520000}\n"
774 "{product_name:Archer C7,product_ver:4.0.0,special_id:4A500000}\n"
775 "{product_name:Archer C7,product_ver:4.0.0,special_id:52550000}\n"
776 "{product_name:Archer C7,product_ver:4.0.0,special_id:54570000}\n"
777 "{product_name:Archer C7,product_ver:4.0.0,special_id:55530000}\n"
778 "{product_name:Archer C7,product_ver:4.0.0,special_id:43410000}\n",
779 .support_trail = '\x00',
780 .soft_ver = "soft_ver:1.0.0\n",
781
782 /* We're using a dynamic kernel/rootfs split here */
783 .partitions = {
784 {"factory-boot", 0x00000, 0x20000},
785 {"fs-uboot", 0x20000, 0x20000},
786 {"firmware", 0x40000, 0xEC0000}, /* Stock: name os-image base 0x40000 size 0x120000 */
787 /* Stock: name file-system base 0x160000 size 0xda0000 */
788 {"default-mac", 0xf00000, 0x00200},
789 {"pin", 0xf00200, 0x00200},
790 {"device-id", 0xf00400, 0x00100},
791 {"product-info", 0xf00500, 0x0fb00},
792 {"soft-version", 0xf10000, 0x00100},
793 {"extra-para", 0xf11000, 0x01000},
794 {"support-list", 0xf12000, 0x0a000},
795 {"profile", 0xf1c000, 0x04000},
796 {"default-config", 0xf20000, 0x10000},
797 {"user-config", 0xf30000, 0x40000},
798 {"qos-db", 0xf70000, 0x40000},
799 {"certificate", 0xfb0000, 0x10000},
800 {"partition-table", 0xfc0000, 0x10000},
801 {"log", 0xfd0000, 0x20000},
802 {"radio", 0xff0000, 0x10000},
803 {NULL, 0, 0}
804 },
805
806 .first_sysupgrade_partition = "os-image",
807 .last_sysupgrade_partition = "file-system",
808 },
809
810 /** Firmware layout for the C7 v5*/
811 {
812 .id = "ARCHER-C7-V5",
813 .support_list =
814 "SupportList:\n"
815 "{product_name:Archer C7,product_ver:5.0.0,special_id:00000000}\n"
816 "{product_name:Archer C7,product_ver:5.0.0,special_id:45550000}\n"
817 "{product_name:Archer C7,product_ver:5.0.0,special_id:55530000}\n"
818 "{product_name:Archer C7,product_ver:5.0.0,special_id:43410000}\n"
819 "{product_name:Archer C7,product_ver:5.0.0,special_id:4A500000}\n"
820 "{product_name:Archer C7,product_ver:5.0.0,special_id:54570000}\n"
821 "{product_name:Archer C7,product_ver:5.0.0,special_id:52550000}\n"
822 "{product_name:Archer C7,product_ver:5.0.0,special_id:4B520000}\n",
823
824 .support_trail = '\x00',
825 .soft_ver = "soft_ver:1.0.0\n",
826
827 /* We're using a dynamic kernel/rootfs split here */
828 .partitions = {
829 {"factory-boot", 0x00000, 0x20000},
830 {"fs-uboot", 0x20000, 0x20000},
831 {"partition-table", 0x40000, 0x10000},
832 {"radio", 0x50000, 0x10000},
833 {"default-mac", 0x60000, 0x00200},
834 {"pin", 0x60200, 0x00200},
835 {"device-id", 0x60400, 0x00100},
836 {"product-info", 0x60500, 0x0fb00},
837 {"soft-version", 0x70000, 0x01000},
838 {"extra-para", 0x71000, 0x01000},
839 {"support-list", 0x72000, 0x0a000},
840 {"profile", 0x7c000, 0x04000},
841 {"user-config", 0x80000, 0x40000},
842
843
844 {"firmware", 0xc0000, 0xf00000}, /* Stock: name os-image base 0xc0000 size 0x120000 */
845 /* Stock: name file-system base 0x1e0000 size 0xde0000 */
846
847 {"log", 0xfc0000, 0x20000},
848 {"certificate", 0xfe0000, 0x10000},
849 {"default-config", 0xff0000, 0x10000},
850 {NULL, 0, 0}
851
852 },
853
854 .first_sysupgrade_partition = "os-image",
855 .last_sysupgrade_partition = "file-system",
856 },
857
858 /** Firmware layout for the C9 */
859 {
860 .id = "ARCHERC9",
861 .vendor = "",
862 .support_list =
863 "SupportList:\n"
864 "{product_name:ArcherC9,"
865 "product_ver:1.0.0,"
866 "special_id:00000000}\n",
867 .support_trail = '\x00',
868 .soft_ver = NULL,
869
870 .partitions = {
871 {"fs-uboot", 0x00000, 0x40000},
872 {"os-image", 0x40000, 0x200000},
873 {"file-system", 0x240000, 0xc00000},
874 {"default-mac", 0xe40000, 0x00200},
875 {"pin", 0xe40200, 0x00200},
876 {"product-info", 0xe40400, 0x00200},
877 {"partition-table", 0xe50000, 0x10000},
878 {"soft-version", 0xe60000, 0x00200},
879 {"support-list", 0xe61000, 0x0f000},
880 {"profile", 0xe70000, 0x10000},
881 {"default-config", 0xe80000, 0x10000},
882 {"user-config", 0xe90000, 0x50000},
883 {"log", 0xee0000, 0x100000},
884 {"radio_bk", 0xfe0000, 0x10000},
885 {"radio", 0xff0000, 0x10000},
886 {NULL, 0, 0}
887 },
888
889 .first_sysupgrade_partition = "os-image",
890 .last_sysupgrade_partition = "file-system"
891 },
892
893 /** Firmware layout for the EAP120 */
894 {
895 .id = "EAP120",
896 .vendor = "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
897 .support_list =
898 "SupportList:\r\n"
899 "EAP120(TP-LINK|UN|N300-2):1.0\r\n",
900 .support_trail = '\xff',
901 .soft_ver = NULL,
902
903 .partitions = {
904 {"fs-uboot", 0x00000, 0x20000},
905 {"partition-table", 0x20000, 0x02000},
906 {"default-mac", 0x30000, 0x00020},
907 {"support-list", 0x31000, 0x00100},
908 {"product-info", 0x31100, 0x00100},
909 {"soft-version", 0x32000, 0x00100},
910 {"os-image", 0x40000, 0x180000},
911 {"file-system", 0x1c0000, 0x600000},
912 {"user-config", 0x7c0000, 0x10000},
913 {"backup-config", 0x7d0000, 0x10000},
914 {"log", 0x7e0000, 0x10000},
915 {"radio", 0x7f0000, 0x10000},
916 {NULL, 0, 0}
917 },
918
919 .first_sysupgrade_partition = "os-image",
920 .last_sysupgrade_partition = "file-system"
921 },
922
923 /** Firmware layout for the TL-WA850RE v2 */
924 {
925 .id = "TLWA850REV2",
926 .vendor = "",
927 .support_list =
928 "SupportList:\n"
929 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55530000}\n"
930 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:00000000}\n"
931 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:55534100}\n"
932 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:45550000}\n"
933 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4B520000}\n"
934 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:42520000}\n"
935 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:4A500000}\n"
936 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:43410000}\n"
937 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:41550000}\n"
938 "{product_name:TL-WA850RE,product_ver:2.0.0,special_id:52550000}\n",
939 .support_trail = '\x00',
940 .soft_ver = NULL,
941
942 /**
943 576KB were moved from file-system to os-image
944 in comparison to the stock image
945 */
946 .partitions = {
947 {"fs-uboot", 0x00000, 0x20000},
948 {"os-image", 0x20000, 0x150000},
949 {"file-system", 0x170000, 0x240000},
950 {"partition-table", 0x3b0000, 0x02000},
951 {"default-mac", 0x3c0000, 0x00020},
952 {"pin", 0x3c0100, 0x00020},
953 {"product-info", 0x3c1000, 0x01000},
954 {"soft-version", 0x3c2000, 0x00100},
955 {"support-list", 0x3c3000, 0x01000},
956 {"profile", 0x3c4000, 0x08000},
957 {"user-config", 0x3d0000, 0x10000},
958 {"default-config", 0x3e0000, 0x10000},
959 {"radio", 0x3f0000, 0x10000},
960 {NULL, 0, 0}
961 },
962
963 .first_sysupgrade_partition = "os-image",
964 .last_sysupgrade_partition = "file-system"
965 },
966
967 /** Firmware layout for the TL-WA855RE v1 */
968 {
969 .id = "TLWA855REV1",
970 .vendor = "",
971 .support_list =
972 "SupportList:\n"
973 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:00000000}\n"
974 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:55530000}\n"
975 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:45550000}\n"
976 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4B520000}\n"
977 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:42520000}\n"
978 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:4A500000}\n"
979 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:43410000}\n"
980 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:41550000}\n"
981 "{product_name:TL-WA855RE,product_ver:1.0.0,special_id:52550000}\n",
982 .support_trail = '\x00',
983 .soft_ver = NULL,
984
985 .partitions = {
986 {"fs-uboot", 0x00000, 0x20000},
987 {"os-image", 0x20000, 0x150000},
988 {"file-system", 0x170000, 0x240000},
989 {"partition-table", 0x3b0000, 0x02000},
990 {"default-mac", 0x3c0000, 0x00020},
991 {"pin", 0x3c0100, 0x00020},
992 {"product-info", 0x3c1000, 0x01000},
993 {"soft-version", 0x3c2000, 0x00100},
994 {"support-list", 0x3c3000, 0x01000},
995 {"profile", 0x3c4000, 0x08000},
996 {"user-config", 0x3d0000, 0x10000},
997 {"default-config", 0x3e0000, 0x10000},
998 {"radio", 0x3f0000, 0x10000},
999 {NULL, 0, 0}
1000 },
1001
1002 .first_sysupgrade_partition = "os-image",
1003 .last_sysupgrade_partition = "file-system"
1004 },
1005
1006 /** Firmware layout for the TL-WR1043 v5 */
1007 {
1008 .id = "TLWR1043NV5",
1009 .vendor = "",
1010 .support_list =
1011 "SupportList:\n"
1012 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:45550000}\n"
1013 "{product_name:TL-WR1043N,product_ver:5.0.0,special_id:55530000}\n",
1014 .support_trail = '\x00',
1015 .soft_ver = "soft_ver:1.0.0\n",
1016 .partitions = {
1017 {"factory-boot", 0x00000, 0x20000},
1018 {"fs-uboot", 0x20000, 0x20000},
1019 {"firmware", 0x40000, 0xec0000},
1020 {"default-mac", 0xf00000, 0x00200},
1021 {"pin", 0xf00200, 0x00200},
1022 {"device-id", 0xf00400, 0x00100},
1023 {"product-info", 0xf00500, 0x0fb00},
1024 {"soft-version", 0xf10000, 0x01000},
1025 {"extra-para", 0xf11000, 0x01000},
1026 {"support-list", 0xf12000, 0x0a000},
1027 {"profile", 0xf1c000, 0x04000},
1028 {"default-config", 0xf20000, 0x10000},
1029 {"user-config", 0xf30000, 0x40000},
1030 {"qos-db", 0xf70000, 0x40000},
1031 {"certificate", 0xfb0000, 0x10000},
1032 {"partition-table", 0xfc0000, 0x10000},
1033 {"log", 0xfd0000, 0x20000},
1034 {"radio", 0xff0000, 0x10000},
1035 {NULL, 0, 0}
1036 },
1037 .first_sysupgrade_partition = "os-image",
1038 .last_sysupgrade_partition = "file-system"
1039 },
1040
1041 /** Firmware layout for the TL-WR1043 v4 */
1042 {
1043 .id = "TLWR1043NDV4",
1044 .vendor = "",
1045 .support_list =
1046 "SupportList:\n"
1047 "{product_name:TL-WR1043ND,product_ver:4.0.0,special_id:45550000}\n",
1048 .support_trail = '\x00',
1049 .soft_ver = NULL,
1050
1051 /* We're using a dynamic kernel/rootfs split here */
1052 .partitions = {
1053 {"fs-uboot", 0x00000, 0x20000},
1054 {"firmware", 0x20000, 0xf30000},
1055 {"default-mac", 0xf50000, 0x00200},
1056 {"pin", 0xf50200, 0x00200},
1057 {"product-info", 0xf50400, 0x0fc00},
1058 {"soft-version", 0xf60000, 0x0b000},
1059 {"support-list", 0xf6b000, 0x04000},
1060 {"profile", 0xf70000, 0x04000},
1061 {"default-config", 0xf74000, 0x0b000},
1062 {"user-config", 0xf80000, 0x40000},
1063 {"partition-table", 0xfc0000, 0x10000},
1064 {"log", 0xfd0000, 0x20000},
1065 {"radio", 0xff0000, 0x10000},
1066 {NULL, 0, 0}
1067 },
1068
1069 .first_sysupgrade_partition = "os-image",
1070 .last_sysupgrade_partition = "file-system"
1071 },
1072
1073 /** Firmware layout for the TL-WR902AC v1 */
1074 {
1075 .id = "TL-WR902AC-V1",
1076 .vendor = "",
1077 .support_list =
1078 "SupportList:\n"
1079 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:45550000}\n"
1080 "{product_name:TL-WR902AC,product_ver:1.0.0,special_id:55530000}\n",
1081 .support_trail = '\x00',
1082 .soft_ver = NULL,
1083
1084 /**
1085 384KB were moved from file-system to os-image
1086 in comparison to the stock image
1087 */
1088 .partitions = {
1089 {"fs-uboot", 0x00000, 0x20000},
1090 {"firmware", 0x20000, 0x730000},
1091 {"default-mac", 0x750000, 0x00200},
1092 {"pin", 0x750200, 0x00200},
1093 {"product-info", 0x750400, 0x0fc00},
1094 {"soft-version", 0x760000, 0x0b000},
1095 {"support-list", 0x76b000, 0x04000},
1096 {"profile", 0x770000, 0x04000},
1097 {"default-config", 0x774000, 0x0b000},
1098 {"user-config", 0x780000, 0x40000},
1099 {"partition-table", 0x7c0000, 0x10000},
1100 {"log", 0x7d0000, 0x20000},
1101 {"radio", 0x7f0000, 0x10000},
1102 {NULL, 0, 0}
1103 },
1104
1105 .first_sysupgrade_partition = "os-image",
1106 .last_sysupgrade_partition = "file-system",
1107 },
1108
1109 /** Firmware layout for the TL-WR942N V1 */
1110 {
1111 .id = "TLWR942NV1",
1112 .vendor = "",
1113 .support_list =
1114 "SupportList:\r\n"
1115 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:00000000}\r\n"
1116 "{product_name:TL-WR942N,product_ver:1.0.0,special_id:52550000}\r\n",
1117 .support_trail = '\x00',
1118 .soft_ver = NULL,
1119
1120 .partitions = {
1121 {"fs-uboot", 0x00000, 0x20000},
1122 {"firmware", 0x20000, 0xe20000},
1123 {"default-mac", 0xe40000, 0x00200},
1124 {"pin", 0xe40200, 0x00200},
1125 {"product-info", 0xe40400, 0x0fc00},
1126 {"partition-table", 0xe50000, 0x10000},
1127 {"soft-version", 0xe60000, 0x10000},
1128 {"support-list", 0xe70000, 0x10000},
1129 {"profile", 0xe80000, 0x10000},
1130 {"default-config", 0xe90000, 0x10000},
1131 {"user-config", 0xea0000, 0x40000},
1132 {"qos-db", 0xee0000, 0x40000},
1133 {"certificate", 0xf20000, 0x10000},
1134 {"usb-config", 0xfb0000, 0x10000},
1135 {"log", 0xfc0000, 0x20000},
1136 {"radio-bk", 0xfe0000, 0x10000},
1137 {"radio", 0xff0000, 0x10000},
1138 {NULL, 0, 0}
1139 },
1140
1141 .first_sysupgrade_partition = "os-image",
1142 .last_sysupgrade_partition = "file-system",
1143 },
1144
1145 /** Firmware layout for the RE350 v1 */
1146 {
1147 .id = "RE350-V1",
1148 .vendor = "",
1149 .support_list =
1150 "SupportList:\n"
1151 "{product_name:RE350,product_ver:1.0.0,special_id:45550000}\n"
1152 "{product_name:RE350,product_ver:1.0.0,special_id:00000000}\n"
1153 "{product_name:RE350,product_ver:1.0.0,special_id:41550000}\n"
1154 "{product_name:RE350,product_ver:1.0.0,special_id:55530000}\n"
1155 "{product_name:RE350,product_ver:1.0.0,special_id:43410000}\n"
1156 "{product_name:RE350,product_ver:1.0.0,special_id:4b520000}\n"
1157 "{product_name:RE350,product_ver:1.0.0,special_id:4a500000}\n",
1158 .support_trail = '\x00',
1159 .soft_ver = NULL,
1160
1161 /** We're using a dynamic kernel/rootfs split here */
1162 .partitions = {
1163 {"fs-uboot", 0x00000, 0x20000},
1164 {"firmware", 0x20000, 0x5e0000},
1165 {"partition-table", 0x600000, 0x02000},
1166 {"default-mac", 0x610000, 0x00020},
1167 {"pin", 0x610100, 0x00020},
1168 {"product-info", 0x611100, 0x01000},
1169 {"soft-version", 0x620000, 0x01000},
1170 {"support-list", 0x621000, 0x01000},
1171 {"profile", 0x622000, 0x08000},
1172 {"user-config", 0x630000, 0x10000},
1173 {"default-config", 0x640000, 0x10000},
1174 {"radio", 0x7f0000, 0x10000},
1175 {NULL, 0, 0}
1176 },
1177
1178 .first_sysupgrade_partition = "os-image",
1179 .last_sysupgrade_partition = "file-system"
1180 },
1181
1182 /** Firmware layout for the RE350K v1 */
1183 {
1184 .id = "RE350K-V1",
1185 .vendor = "",
1186 .support_list =
1187 "SupportList:\n"
1188 "{product_name:RE350K,product_ver:1.0.0,special_id:00000000,product_region:US}\n",
1189 .support_trail = '\x00',
1190 .soft_ver = NULL,
1191
1192 /** We're using a dynamic kernel/rootfs split here */
1193 .partitions = {
1194 {"fs-uboot", 0x00000, 0x20000},
1195 {"firmware", 0x20000, 0xd70000},
1196 {"partition-table", 0xd90000, 0x02000},
1197 {"default-mac", 0xda0000, 0x00020},
1198 {"pin", 0xda0100, 0x00020},
1199 {"product-info", 0xda1100, 0x01000},
1200 {"soft-version", 0xdb0000, 0x01000},
1201 {"support-list", 0xdb1000, 0x01000},
1202 {"profile", 0xdb2000, 0x08000},
1203 {"user-config", 0xdc0000, 0x10000},
1204 {"default-config", 0xdd0000, 0x10000},
1205 {"device-id", 0xde0000, 0x00108},
1206 {"radio", 0xff0000, 0x10000},
1207 {NULL, 0, 0}
1208 },
1209
1210 .first_sysupgrade_partition = "os-image",
1211 .last_sysupgrade_partition = "file-system"
1212 },
1213
1214 /** Firmware layout for the RE355 */
1215 {
1216 .id = "RE355",
1217 .vendor = "",
1218 .support_list =
1219 "SupportList:\r\n"
1220 "{product_name:RE355,product_ver:1.0.0,special_id:00000000}\r\n"
1221 "{product_name:RE355,product_ver:1.0.0,special_id:55530000}\r\n"
1222 "{product_name:RE355,product_ver:1.0.0,special_id:45550000}\r\n"
1223 "{product_name:RE355,product_ver:1.0.0,special_id:4A500000}\r\n"
1224 "{product_name:RE355,product_ver:1.0.0,special_id:43410000}\r\n"
1225 "{product_name:RE355,product_ver:1.0.0,special_id:41550000}\r\n"
1226 "{product_name:RE355,product_ver:1.0.0,special_id:4B520000}\r\n"
1227 "{product_name:RE355,product_ver:1.0.0,special_id:55534100}\r\n",
1228 .support_trail = '\x00',
1229 .soft_ver = NULL,
1230
1231 /* We're using a dynamic kernel/rootfs split here */
1232 .partitions = {
1233 {"fs-uboot", 0x00000, 0x20000},
1234 {"firmware", 0x20000, 0x5e0000},
1235 {"partition-table", 0x600000, 0x02000},
1236 {"default-mac", 0x610000, 0x00020},
1237 {"pin", 0x610100, 0x00020},
1238 {"product-info", 0x611100, 0x01000},
1239 {"soft-version", 0x620000, 0x01000},
1240 {"support-list", 0x621000, 0x01000},
1241 {"profile", 0x622000, 0x08000},
1242 {"user-config", 0x630000, 0x10000},
1243 {"default-config", 0x640000, 0x10000},
1244 {"radio", 0x7f0000, 0x10000},
1245 {NULL, 0, 0}
1246 },
1247
1248 .first_sysupgrade_partition = "os-image",
1249 .last_sysupgrade_partition = "file-system"
1250 },
1251
1252 /** Firmware layout for the RE450 */
1253 {
1254 .id = "RE450",
1255 .vendor = "",
1256 .support_list =
1257 "SupportList:\r\n"
1258 "{product_name:RE450,product_ver:1.0.0,special_id:00000000}\r\n"
1259 "{product_name:RE450,product_ver:1.0.0,special_id:55530000}\r\n"
1260 "{product_name:RE450,product_ver:1.0.0,special_id:45550000}\r\n"
1261 "{product_name:RE450,product_ver:1.0.0,special_id:4A500000}\r\n"
1262 "{product_name:RE450,product_ver:1.0.0,special_id:43410000}\r\n"
1263 "{product_name:RE450,product_ver:1.0.0,special_id:41550000}\r\n"
1264 "{product_name:RE450,product_ver:1.0.0,special_id:4B520000}\r\n"
1265 "{product_name:RE450,product_ver:1.0.0,special_id:55534100}\r\n",
1266 .support_trail = '\x00',
1267 .soft_ver = NULL,
1268
1269 /** We're using a dynamic kernel/rootfs split here */
1270 .partitions = {
1271 {"fs-uboot", 0x00000, 0x20000},
1272 {"firmware", 0x20000, 0x5e0000},
1273 {"partition-table", 0x600000, 0x02000},
1274 {"default-mac", 0x610000, 0x00020},
1275 {"pin", 0x610100, 0x00020},
1276 {"product-info", 0x611100, 0x01000},
1277 {"soft-version", 0x620000, 0x01000},
1278 {"support-list", 0x621000, 0x01000},
1279 {"profile", 0x622000, 0x08000},
1280 {"user-config", 0x630000, 0x10000},
1281 {"default-config", 0x640000, 0x10000},
1282 {"radio", 0x7f0000, 0x10000},
1283 {NULL, 0, 0}
1284 },
1285
1286 .first_sysupgrade_partition = "os-image",
1287 .last_sysupgrade_partition = "file-system"
1288 },
1289
1290 /** Firmware layout for the RE450 v2 */
1291 {
1292 .id = "RE450-V2",
1293 .vendor = "",
1294 .support_list =
1295 "SupportList:\r\n"
1296 "{product_name:RE450,product_ver:2.0.0,special_id:00000000}\r\n"
1297 "{product_name:RE450,product_ver:2.0.0,special_id:55530000}\r\n"
1298 "{product_name:RE450,product_ver:2.0.0,special_id:45550000}\r\n"
1299 "{product_name:RE450,product_ver:2.0.0,special_id:4A500000}\r\n"
1300 "{product_name:RE450,product_ver:2.0.0,special_id:43410000}\r\n"
1301 "{product_name:RE450,product_ver:2.0.0,special_id:41550000}\r\n"
1302 "{product_name:RE450,product_ver:2.0.0,special_id:41530000}\r\n"
1303 "{product_name:RE450,product_ver:2.0.0,special_id:4B520000}\r\n"
1304 "{product_name:RE450,product_ver:2.0.0,special_id:42520000}\r\n",
1305 .support_trail = '\x00',
1306 .soft_ver = NULL,
1307
1308 /* We're using a dynamic kernel/rootfs split here */
1309 .partitions = {
1310 {"fs-uboot", 0x00000, 0x20000},
1311 {"firmware", 0x20000, 0x5e0000},
1312 {"partition-table", 0x600000, 0x02000},
1313 {"default-mac", 0x610000, 0x00020},
1314 {"pin", 0x610100, 0x00020},
1315 {"product-info", 0x611100, 0x01000},
1316 {"soft-version", 0x620000, 0x01000},
1317 {"support-list", 0x621000, 0x01000},
1318 {"profile", 0x622000, 0x08000},
1319 {"user-config", 0x630000, 0x10000},
1320 {"default-config", 0x640000, 0x10000},
1321 {"radio", 0x7f0000, 0x10000},
1322
1323 {NULL, 0, 0}
1324 },
1325
1326 .first_sysupgrade_partition = "os-image",
1327 .last_sysupgrade_partition = "file-system"
1328 },
1329
1330 {}
1331 };
1332
1333 #define error(_ret, _errno, _str, ...) \
1334 do { \
1335 fprintf(stderr, _str ": %s\n", ## __VA_ARGS__, \
1336 strerror(_errno)); \
1337 if (_ret) \
1338 exit(_ret); \
1339 } while (0)
1340
1341
1342 /** Stores a uint32 as big endian */
1343 static inline void put32(uint8_t *buf, uint32_t val) {
1344 buf[0] = val >> 24;
1345 buf[1] = val >> 16;
1346 buf[2] = val >> 8;
1347 buf[3] = val;
1348 }
1349
1350 /** Allocates a new image partition */
1351 static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
1352 struct image_partition_entry entry = {name, len, malloc(len)};
1353 if (!entry.data)
1354 error(1, errno, "malloc");
1355
1356 return entry;
1357 }
1358
1359 /** Frees an image partition */
1360 static void free_image_partition(struct image_partition_entry entry) {
1361 free(entry.data);
1362 }
1363
1364 static time_t source_date_epoch = -1;
1365 static void set_source_date_epoch() {
1366 char *env = getenv("SOURCE_DATE_EPOCH");
1367 char *endptr = env;
1368 errno = 0;
1369 if (env && *env) {
1370 source_date_epoch = strtoull(env, &endptr, 10);
1371 if (errno || (endptr && *endptr != '\0')) {
1372 fprintf(stderr, "Invalid SOURCE_DATE_EPOCH");
1373 exit(1);
1374 }
1375 }
1376 }
1377
1378 /** Generates the partition-table partition */
1379 static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
1380 struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
1381
1382 char *s = (char *)entry.data, *end = (char *)(s+entry.size);
1383
1384 *(s++) = 0x00;
1385 *(s++) = 0x04;
1386 *(s++) = 0x00;
1387 *(s++) = 0x00;
1388
1389 size_t i;
1390 for (i = 0; p[i].name; i++) {
1391 size_t len = end-s;
1392 size_t w = snprintf(s, len, "partition %s base 0x%05x size 0x%05x\n", p[i].name, p[i].base, p[i].size);
1393
1394 if (w > len-1)
1395 error(1, 0, "flash partition table overflow?");
1396
1397 s += w;
1398 }
1399
1400 s++;
1401
1402 memset(s, 0xff, end-s);
1403
1404 return entry;
1405 }
1406
1407
1408 /** Generates a binary-coded decimal representation of an integer in the range [0, 99] */
1409 static inline uint8_t bcd(uint8_t v) {
1410 return 0x10 * (v/10) + v%10;
1411 }
1412
1413
1414 /** Generates the soft-version partition */
1415 static struct image_partition_entry make_soft_version(uint32_t rev) {
1416 struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
1417 struct soft_version *s = (struct soft_version *)entry.data;
1418
1419 time_t t;
1420
1421 if (source_date_epoch != -1)
1422 t = source_date_epoch;
1423 else if (time(&t) == (time_t)(-1))
1424 error(1, errno, "time");
1425
1426 struct tm *tm = localtime(&t);
1427
1428 s->magic = htonl(0x0000000c);
1429 s->zero = 0;
1430 s->pad1 = 0xff;
1431
1432 s->version_major = 0;
1433 s->version_minor = 0;
1434 s->version_patch = 0;
1435
1436 s->year_hi = bcd((1900+tm->tm_year)/100);
1437 s->year_lo = bcd(tm->tm_year%100);
1438 s->month = bcd(tm->tm_mon+1);
1439 s->day = bcd(tm->tm_mday);
1440 s->rev = htonl(rev);
1441
1442 s->pad2 = 0xff;
1443
1444 return entry;
1445 }
1446
1447 static struct image_partition_entry make_soft_version_from_string(const char *soft_ver) {
1448 /** String length _including_ the terminating zero byte */
1449 uint32_t ver_len = strlen(soft_ver) + 1;
1450 /** Partition contains 64 bit header, the version string, and one additional null byte */
1451 size_t partition_len = 2*sizeof(uint32_t) + ver_len + 1;
1452 struct image_partition_entry entry = alloc_image_partition("soft-version", partition_len);
1453
1454 uint32_t *len = (uint32_t *)entry.data;
1455 len[0] = htonl(ver_len);
1456 len[1] = 0;
1457 memcpy(&len[2], soft_ver, ver_len);
1458
1459 entry.data[partition_len - 1] = 0;
1460
1461 return entry;
1462 }
1463
1464 /** Generates the support-list partition */
1465 static struct image_partition_entry make_support_list(struct device_info *info) {
1466 size_t len = strlen(info->support_list);
1467 struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
1468
1469 put32(entry.data, len);
1470 memset(entry.data+4, 0, 4);
1471 memcpy(entry.data+8, info->support_list, len);
1472 entry.data[len+8] = info->support_trail;
1473
1474 return entry;
1475 }
1476
1477 /** Creates a new image partition with an arbitrary name from a file */
1478 static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof, struct flash_partition_entry *file_system_partition) {
1479 struct stat statbuf;
1480
1481 if (stat(filename, &statbuf) < 0)
1482 error(1, errno, "unable to stat file `%s'", filename);
1483
1484 size_t len = statbuf.st_size;
1485
1486 if (add_jffs2_eof)
1487 if (file_system_partition)
1488 len = ALIGN(len + file_system_partition->base, 0x10000) + sizeof(jffs2_eof_mark) - file_system_partition->base;
1489 else
1490 len = ALIGN(len, 0x10000) + sizeof(jffs2_eof_mark);
1491
1492 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1493
1494 FILE *file = fopen(filename, "rb");
1495 if (!file)
1496 error(1, errno, "unable to open file `%s'", filename);
1497
1498 if (fread(entry.data, statbuf.st_size, 1, file) != 1)
1499 error(1, errno, "unable to read file `%s'", filename);
1500
1501 if (add_jffs2_eof) {
1502 uint8_t *eof = entry.data + statbuf.st_size, *end = entry.data+entry.size;
1503
1504 memset(eof, 0xff, end - eof - sizeof(jffs2_eof_mark));
1505 memcpy(end - sizeof(jffs2_eof_mark), jffs2_eof_mark, sizeof(jffs2_eof_mark));
1506 }
1507
1508 fclose(file);
1509
1510 return entry;
1511 }
1512
1513 /** Creates a new image partition from arbitrary data */
1514 static struct image_partition_entry put_data(const char *part_name, const char *datain, size_t len) {
1515
1516 struct image_partition_entry entry = alloc_image_partition(part_name, len);
1517
1518 memcpy(entry.data, datain, len);
1519
1520 return entry;
1521 }
1522
1523 /**
1524 Copies a list of image partitions into an image buffer and generates the image partition table while doing so
1525
1526 Example image partition table:
1527
1528 fwup-ptn partition-table base 0x00800 size 0x00800
1529 fwup-ptn os-image base 0x01000 size 0x113b45
1530 fwup-ptn file-system base 0x114b45 size 0x1d0004
1531 fwup-ptn support-list base 0x2e4b49 size 0x000d1
1532
1533 Each line of the partition table is terminated with the bytes 09 0d 0a ("\t\r\n"),
1534 the end of the partition table is marked with a zero byte.
1535
1536 The firmware image must contain at least the partition-table and support-list partitions
1537 to be accepted. There aren't any alignment constraints for the image partitions.
1538
1539 The partition-table partition contains the actual flash layout; partitions
1540 from the image partition table are mapped to the corresponding flash partitions during
1541 the firmware upgrade. The support-list partition contains a list of devices supported by
1542 the firmware image.
1543
1544 The base offsets in the firmware partition table are relative to the end
1545 of the vendor information block, so the partition-table partition will
1546 actually start at offset 0x1814 of the image.
1547
1548 I think partition-table must be the first partition in the firmware image.
1549 */
1550 static void put_partitions(uint8_t *buffer, const struct flash_partition_entry *flash_parts, const struct image_partition_entry *parts) {
1551 size_t i, j;
1552 char *image_pt = (char *)buffer, *end = image_pt + 0x800;
1553
1554 size_t base = 0x800;
1555 for (i = 0; parts[i].name; i++) {
1556 for (j = 0; flash_parts[j].name; j++) {
1557 if (!strcmp(flash_parts[j].name, parts[i].name)) {
1558 if (parts[i].size > flash_parts[j].size)
1559 error(1, 0, "%s partition too big (more than %u bytes)", flash_parts[j].name, (unsigned)flash_parts[j].size);
1560 break;
1561 }
1562 }
1563
1564 assert(flash_parts[j].name);
1565
1566 memcpy(buffer + base, parts[i].data, parts[i].size);
1567
1568 size_t len = end-image_pt;
1569 size_t w = snprintf(image_pt, len, "fwup-ptn %s base 0x%05x size 0x%05x\t\r\n", parts[i].name, (unsigned)base, (unsigned)parts[i].size);
1570
1571 if (w > len-1)
1572 error(1, 0, "image partition table overflow?");
1573
1574 image_pt += w;
1575
1576 base += parts[i].size;
1577 }
1578 }
1579
1580 /** Generates and writes the image MD5 checksum */
1581 static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
1582 MD5_CTX ctx;
1583
1584 MD5_Init(&ctx);
1585 MD5_Update(&ctx, md5_salt, (unsigned int)sizeof(md5_salt));
1586 MD5_Update(&ctx, buffer, len);
1587 MD5_Final(md5, &ctx);
1588 }
1589
1590
1591 /**
1592 Generates the firmware image in factory format
1593
1594 Image format:
1595
1596 Bytes (hex) Usage
1597 ----------- -----
1598 0000-0003 Image size (4 bytes, big endian)
1599 0004-0013 MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
1600 0014-0017 Vendor information length (without padding) (4 bytes, big endian)
1601 0018-1013 Vendor information (4092 bytes, padded with 0xff; there seem to be older
1602 (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
1603 1014-1813 Image partition table (2048 bytes, padded with 0xff)
1604 1814-xxxx Firmware partitions
1605 */
1606 static void * generate_factory_image(struct device_info *info, const struct image_partition_entry *parts, size_t *len) {
1607 *len = 0x1814;
1608
1609 size_t i;
1610 for (i = 0; parts[i].name; i++)
1611 *len += parts[i].size;
1612
1613 uint8_t *image = malloc(*len);
1614 if (!image)
1615 error(1, errno, "malloc");
1616
1617 memset(image, 0xff, *len);
1618 put32(image, *len);
1619
1620 if (info->vendor) {
1621 size_t vendor_len = strlen(info->vendor);
1622 put32(image+0x14, vendor_len);
1623 memcpy(image+0x18, info->vendor, vendor_len);
1624 }
1625
1626 put_partitions(image + 0x1014, info->partitions, parts);
1627 put_md5(image+0x04, image+0x14, *len-0x14);
1628
1629 return image;
1630 }
1631
1632 /**
1633 Generates the firmware image in sysupgrade format
1634
1635 This makes some assumptions about the provided flash and image partition tables and
1636 should be generalized when TP-LINK starts building its safeloader into hardware with
1637 different flash layouts.
1638 */
1639 static void * generate_sysupgrade_image(struct device_info *info, const struct image_partition_entry *image_parts, size_t *len) {
1640 size_t i, j;
1641 size_t flash_first_partition_index = 0;
1642 size_t flash_last_partition_index = 0;
1643 const struct flash_partition_entry *flash_first_partition = NULL;
1644 const struct flash_partition_entry *flash_last_partition = NULL;
1645 const struct image_partition_entry *image_last_partition = NULL;
1646
1647 /** Find first and last partitions */
1648 for (i = 0; info->partitions[i].name; i++) {
1649 if (!strcmp(info->partitions[i].name, info->first_sysupgrade_partition)) {
1650 flash_first_partition = &info->partitions[i];
1651 flash_first_partition_index = i;
1652 } else if (!strcmp(info->partitions[i].name, info->last_sysupgrade_partition)) {
1653 flash_last_partition = &info->partitions[i];
1654 flash_last_partition_index = i;
1655 }
1656 }
1657
1658 assert(flash_first_partition && flash_last_partition);
1659 assert(flash_first_partition_index < flash_last_partition_index);
1660
1661 /** Find last partition from image to calculate needed size */
1662 for (i = 0; image_parts[i].name; i++) {
1663 if (!strcmp(image_parts[i].name, info->last_sysupgrade_partition)) {
1664 image_last_partition = &image_parts[i];
1665 break;
1666 }
1667 }
1668
1669 assert(image_last_partition);
1670
1671 *len = flash_last_partition->base - flash_first_partition->base + image_last_partition->size;
1672
1673 uint8_t *image = malloc(*len);
1674 if (!image)
1675 error(1, errno, "malloc");
1676
1677 memset(image, 0xff, *len);
1678
1679 for (i = flash_first_partition_index; i <= flash_last_partition_index; i++) {
1680 for (j = 0; image_parts[j].name; j++) {
1681 if (!strcmp(info->partitions[i].name, image_parts[j].name)) {
1682 if (image_parts[j].size > info->partitions[i].size)
1683 error(1, 0, "%s partition too big (more than %u bytes)", info->partitions[i].name, (unsigned)info->partitions[i].size);
1684 memcpy(image + info->partitions[i].base - flash_first_partition->base, image_parts[j].data, image_parts[j].size);
1685 break;
1686 }
1687
1688 assert(image_parts[j].name);
1689 }
1690 }
1691
1692 return image;
1693 }
1694
1695 /** Generates an image according to a given layout and writes it to a file */
1696 static void build_image(const char *output,
1697 const char *kernel_image,
1698 const char *rootfs_image,
1699 uint32_t rev,
1700 bool add_jffs2_eof,
1701 bool sysupgrade,
1702 struct device_info *info) {
1703
1704 size_t i;
1705
1706 struct image_partition_entry parts[7] = {};
1707
1708 struct flash_partition_entry *firmware_partition = NULL;
1709 struct flash_partition_entry *os_image_partition = NULL;
1710 struct flash_partition_entry *file_system_partition = NULL;
1711 size_t firmware_partition_index = 0;
1712
1713 for (i = 0; info->partitions[i].name; i++) {
1714 if (!strcmp(info->partitions[i].name, "firmware"))
1715 {
1716 firmware_partition = &info->partitions[i];
1717 firmware_partition_index = i;
1718 }
1719 }
1720
1721 if (firmware_partition)
1722 {
1723 os_image_partition = &info->partitions[firmware_partition_index];
1724 file_system_partition = &info->partitions[firmware_partition_index + 1];
1725
1726 struct stat kernel;
1727 if (stat(kernel_image, &kernel) < 0)
1728 error(1, errno, "unable to stat file `%s'", kernel_image);
1729
1730 if (kernel.st_size > firmware_partition->size)
1731 error(1, 0, "kernel overflowed firmware partition\n");
1732
1733 for (i = MAX_PARTITIONS-1; i >= firmware_partition_index + 1; i--)
1734 info->partitions[i+1] = info->partitions[i];
1735
1736 file_system_partition->name = "file-system";
1737 file_system_partition->base = firmware_partition->base + kernel.st_size;
1738
1739 /* Align partition start to erase blocks for factory images only */
1740 if (!sysupgrade)
1741 file_system_partition->base = ALIGN(firmware_partition->base + kernel.st_size, 0x10000);
1742
1743 file_system_partition->size = firmware_partition->size - file_system_partition->base;
1744
1745 os_image_partition->name = "os-image";
1746 os_image_partition->size = kernel.st_size;
1747 }
1748
1749 parts[0] = make_partition_table(info->partitions);
1750 if (info->soft_ver)
1751 parts[1] = make_soft_version_from_string(info->soft_ver);
1752 else
1753 parts[1] = make_soft_version(rev);
1754
1755 parts[2] = make_support_list(info);
1756 parts[3] = read_file("os-image", kernel_image, false, NULL);
1757 parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof, file_system_partition);
1758
1759 /* Some devices need the extra-para partition to accept the firmware */
1760 if (strcasecmp(info->id, "ARCHER-C2-V3") == 0 ||
1761 strcasecmp(info->id, "ARCHER-C25-V1") == 0 ||
1762 strcasecmp(info->id, "ARCHER-C59-V2") == 0 ||
1763 strcasecmp(info->id, "ARCHER-C60-V2") == 0 ||
1764 strcasecmp(info->id, "TLWR1043NV5") == 0) {
1765 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00};
1766 parts[5] = put_data("extra-para", mdat, 11);
1767 } else if (strcasecmp(info->id, "ARCHER-A7-V5") == 0 || strcasecmp(info->id, "ARCHER-C7-V4") == 0 || strcasecmp(info->id, "ARCHER-C7-V5") == 0) {
1768 const char mdat[11] = {0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0xca, 0x00, 0x01, 0x00, 0x00};
1769 parts[5] = put_data("extra-para", mdat, 11);
1770 } else if (strcasecmp(info->id, "ARCHER-C6-V2") == 0) {
1771 const char mdat[11] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00};
1772 parts[5] = put_data("extra-para", mdat, 11);
1773 }
1774
1775 size_t len;
1776 void *image;
1777 if (sysupgrade)
1778 image = generate_sysupgrade_image(info, parts, &len);
1779 else
1780 image = generate_factory_image(info, parts, &len);
1781
1782 FILE *file = fopen(output, "wb");
1783 if (!file)
1784 error(1, errno, "unable to open output file");
1785
1786 if (fwrite(image, len, 1, file) != 1)
1787 error(1, 0, "unable to write output file");
1788
1789 fclose(file);
1790
1791 free(image);
1792
1793 for (i = 0; parts[i].name; i++)
1794 free_image_partition(parts[i]);
1795 }
1796
1797 /** Usage output */
1798 static void usage(const char *argv0) {
1799 fprintf(stderr,
1800 "Usage: %s [OPTIONS...]\n"
1801 "\n"
1802 "Options:\n"
1803 " -h show this help\n"
1804 "\n"
1805 "Create a new image:\n"
1806 " -B <board> create image for the board specified with <board>\n"
1807 " -k <file> read kernel image from the file <file>\n"
1808 " -r <file> read rootfs image from the file <file>\n"
1809 " -o <file> write output to the file <file>\n"
1810 " -V <rev> sets the revision number to <rev>\n"
1811 " -j add jffs2 end-of-filesystem markers\n"
1812 " -S create sysupgrade instead of factory image\n"
1813 "Extract an old image:\n"
1814 " -x <file> extract all oem firmware partition\n"
1815 " -d <dir> destination to extract the firmware partition\n"
1816 " -z <file> convert an oem firmware into a sysupgade file. Use -o for output file\n",
1817 argv0
1818 );
1819 };
1820
1821
1822 static struct device_info *find_board(const char *id)
1823 {
1824 struct device_info *board = NULL;
1825
1826 for (board = boards; board->id != NULL; board++)
1827 if (strcasecmp(id, board->id) == 0)
1828 return board;
1829
1830 return NULL;
1831 }
1832
1833 static int add_flash_partition(
1834 struct flash_partition_entry *part_list,
1835 size_t max_entries,
1836 const char *name,
1837 unsigned long base,
1838 unsigned long size)
1839 {
1840 int ptr;
1841 /* check if the list has a free entry */
1842 for (ptr = 0; ptr < max_entries; ptr++, part_list++) {
1843 if (part_list->name == NULL &&
1844 part_list->base == 0 &&
1845 part_list->size == 0)
1846 break;
1847 }
1848
1849 if (ptr == max_entries) {
1850 error(1, 0, "No free flash part entry available.");
1851 }
1852
1853 part_list->name = calloc(1, strlen(name) + 1);
1854 if (!part_list->name) {
1855 error(1, 0, "Unable to allocate memory");
1856 }
1857
1858 memcpy((char *)part_list->name, name, strlen(name));
1859 part_list->base = base;
1860 part_list->size = size;
1861
1862 return 0;
1863 }
1864
1865 /** read the partition table into struct flash_partition_entry */
1866 static int read_partition_table(
1867 FILE *file, long offset,
1868 struct flash_partition_entry *entries, size_t max_entries,
1869 int type)
1870 {
1871 char buf[2048];
1872 char *ptr, *end;
1873 const char *parthdr = NULL;
1874 const char *fwuphdr = "fwup-ptn";
1875 const char *flashhdr = "partition";
1876
1877 /* TODO: search for the partition table */
1878
1879 switch(type) {
1880 case 0:
1881 parthdr = fwuphdr;
1882 break;
1883 case 1:
1884 parthdr = flashhdr;
1885 break;
1886 default:
1887 error(1, 0, "Invalid partition table");
1888 }
1889
1890 if (fseek(file, offset, SEEK_SET) < 0)
1891 error(1, errno, "Can not seek in the firmware");
1892
1893 if (fread(buf, 1, 2048, file) < 0)
1894 error(1, errno, "Can not read fwup-ptn from the firmware");
1895
1896 buf[2047] = '\0';
1897
1898 /* look for the partition header */
1899 if (memcmp(buf, parthdr, strlen(parthdr)) != 0) {
1900 fprintf(stderr, "DEBUG: can not find fwuphdr\n");
1901 return 1;
1902 }
1903
1904 ptr = buf;
1905 end = buf + sizeof(buf);
1906 while ((ptr + strlen(parthdr)) < end &&
1907 memcmp(ptr, parthdr, strlen(parthdr)) == 0) {
1908 char *end_part;
1909 char *end_element;
1910
1911 char name[32] = { 0 };
1912 int name_len = 0;
1913 unsigned long base = 0;
1914 unsigned long size = 0;
1915
1916 end_part = memchr(ptr, '\n', (end - ptr));
1917 if (end_part == NULL) {
1918 /* in theory this should never happen, because a partition always ends with 0x09, 0x0D, 0x0A */
1919 break;
1920 }
1921
1922 for (int i = 0; i <= 4; i++) {
1923 if (end_part <= ptr)
1924 break;
1925
1926 end_element = memchr(ptr, 0x20, (end_part - ptr));
1927 if (end_element == NULL) {
1928 error(1, errno, "Ignoring the rest of the partition entries.");
1929 break;
1930 }
1931
1932 switch (i) {
1933 /* partition header */
1934 case 0:
1935 ptr = end_element + 1;
1936 continue;
1937 /* name */
1938 case 1:
1939 name_len = (end_element - ptr) > 31 ? 31 : (end_element - ptr);
1940 strncpy(name, ptr, name_len);
1941 name[name_len] = '\0';
1942 ptr = end_element + 1;
1943 continue;
1944
1945 /* string "base" */
1946 case 2:
1947 ptr = end_element + 1;
1948 continue;
1949
1950 /* actual base */
1951 case 3:
1952 base = strtoul(ptr, NULL, 16);
1953 ptr = end_element + 1;
1954 continue;
1955
1956 /* string "size" */
1957 case 4:
1958 ptr = end_element + 1;
1959 /* actual size. The last element doesn't have a sepeartor */
1960 size = strtoul(ptr, NULL, 16);
1961 /* the part ends with 0x09, 0x0d, 0x0a */
1962 ptr = end_part + 1;
1963 add_flash_partition(entries, max_entries, name, base, size);
1964 continue;
1965 }
1966 }
1967 }
1968
1969 return 0;
1970 }
1971
1972 static void write_partition(
1973 FILE *input_file,
1974 size_t firmware_offset,
1975 struct flash_partition_entry *entry,
1976 FILE *output_file)
1977 {
1978 char buf[4096];
1979 size_t offset;
1980
1981 fseek(input_file, entry->base + firmware_offset, SEEK_SET);
1982
1983 for (offset = 0; sizeof(buf) + offset <= entry->size; offset += sizeof(buf)) {
1984 if (fread(buf, sizeof(buf), 1, input_file) < 0)
1985 error(1, errno, "Can not read partition from input_file");
1986
1987 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
1988 error(1, errno, "Can not write partition to output_file");
1989 }
1990 /* write last chunk smaller than buffer */
1991 if (offset < entry->size) {
1992 offset = entry->size - offset;
1993 if (fread(buf, offset, 1, input_file) < 0)
1994 error(1, errno, "Can not read partition from input_file");
1995 if (fwrite(buf, offset, 1, output_file) < 0)
1996 error(1, errno, "Can not write partition to output_file");
1997 }
1998 }
1999
2000 static int extract_firmware_partition(FILE *input_file, size_t firmware_offset, struct flash_partition_entry *entry, const char *output_directory)
2001 {
2002 FILE *output_file;
2003 char output[PATH_MAX];
2004
2005 snprintf(output, PATH_MAX, "%s/%s", output_directory, entry->name);
2006 output_file = fopen(output, "wb+");
2007 if (output_file == NULL) {
2008 error(1, errno, "Can not open output file %s", output);
2009 }
2010
2011 write_partition(input_file, firmware_offset, entry, output_file);
2012
2013 fclose(output_file);
2014
2015 return 0;
2016 }
2017
2018 /** extract all partitions from the firmware file */
2019 static int extract_firmware(const char *input, const char *output_directory)
2020 {
2021 struct flash_partition_entry entries[16] = { 0 };
2022 size_t max_entries = 16;
2023 size_t firmware_offset = 0x1014;
2024 FILE *input_file;
2025
2026 struct stat statbuf;
2027
2028 /* check input file */
2029 if (stat(input, &statbuf)) {
2030 error(1, errno, "Can not read input firmware %s", input);
2031 }
2032
2033 /* check if output directory exists */
2034 if (stat(output_directory, &statbuf)) {
2035 error(1, errno, "Failed to stat output directory %s", output_directory);
2036 }
2037
2038 if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
2039 error(1, errno, "Given output directory is not a directory %s", output_directory);
2040 }
2041
2042 input_file = fopen(input, "rb");
2043
2044 if (read_partition_table(input_file, firmware_offset, entries, 16, 0) != 0) {
2045 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2046 }
2047
2048 for (int i = 0; i < max_entries; i++) {
2049 if (entries[i].name == NULL &&
2050 entries[i].base == 0 &&
2051 entries[i].size == 0)
2052 continue;
2053
2054 extract_firmware_partition(input_file, firmware_offset, &entries[i], output_directory);
2055 }
2056
2057 return 0;
2058 }
2059
2060 static struct flash_partition_entry *find_partition(
2061 struct flash_partition_entry *entries, size_t max_entries,
2062 const char *name, const char *error_msg)
2063 {
2064 for (int i = 0; i < max_entries; i++, entries++) {
2065 if (strcmp(entries->name, name) == 0)
2066 return entries;
2067 }
2068
2069 error(1, 0, "%s", error_msg);
2070 return NULL;
2071 }
2072
2073 static void write_ff(FILE *output_file, size_t size)
2074 {
2075 char buf[4096];
2076 int offset;
2077
2078 memset(buf, 0xff, sizeof(buf));
2079
2080 for (offset = 0; offset + sizeof(buf) < size ; offset += sizeof(buf)) {
2081 if (fwrite(buf, sizeof(buf), 1, output_file) < 0)
2082 error(1, errno, "Can not write 0xff to output_file");
2083 }
2084
2085 /* write last chunk smaller than buffer */
2086 if (offset < size) {
2087 offset = size - offset;
2088 if (fwrite(buf, offset, 1, output_file) < 0)
2089 error(1, errno, "Can not write partition to output_file");
2090 }
2091 }
2092
2093 static void convert_firmware(const char *input, const char *output)
2094 {
2095 struct flash_partition_entry fwup[MAX_PARTITIONS] = { 0 };
2096 struct flash_partition_entry flash[MAX_PARTITIONS] = { 0 };
2097 struct flash_partition_entry *fwup_os_image = NULL, *fwup_file_system = NULL;
2098 struct flash_partition_entry *flash_os_image = NULL, *flash_file_system = NULL;
2099 struct flash_partition_entry *fwup_partition_table = NULL;
2100 size_t firmware_offset = 0x1014;
2101 FILE *input_file, *output_file;
2102
2103 struct stat statbuf;
2104
2105 /* check input file */
2106 if (stat(input, &statbuf)) {
2107 error(1, errno, "Can not read input firmware %s", input);
2108 }
2109
2110 input_file = fopen(input, "rb");
2111 if (!input_file)
2112 error(1, 0, "Can not open input firmware %s", input);
2113
2114 output_file = fopen(output, "wb");
2115 if (!output_file)
2116 error(1, 0, "Can not open output firmware %s", output);
2117
2118 if (read_partition_table(input_file, firmware_offset, fwup, MAX_PARTITIONS, 0) != 0) {
2119 error(1, 0, "Error can not read the partition table (fwup-ptn)");
2120 }
2121
2122 fwup_os_image = find_partition(fwup, MAX_PARTITIONS,
2123 "os-image", "Error can not find os-image partition (fwup)");
2124 fwup_file_system = find_partition(fwup, MAX_PARTITIONS,
2125 "file-system", "Error can not find file-system partition (fwup)");
2126 fwup_partition_table = find_partition(fwup, MAX_PARTITIONS,
2127 "partition-table", "Error can not find partition-table partition");
2128
2129 /* the flash partition table has a 0x00000004 magic haeder */
2130 if (read_partition_table(input_file, firmware_offset + fwup_partition_table->base + 4, flash, MAX_PARTITIONS, 1) != 0)
2131 error(1, 0, "Error can not read the partition table (flash)");
2132
2133 flash_os_image = find_partition(flash, MAX_PARTITIONS,
2134 "os-image", "Error can not find os-image partition (flash)");
2135 flash_file_system = find_partition(flash, MAX_PARTITIONS,
2136 "file-system", "Error can not find file-system partition (flash)");
2137
2138 /* write os_image to 0x0 */
2139 write_partition(input_file, firmware_offset, fwup_os_image, output_file);
2140 write_ff(output_file, flash_os_image->size - fwup_os_image->size);
2141
2142 /* write file-system behind os_image */
2143 fseek(output_file, flash_file_system->base - flash_os_image->base, SEEK_SET);
2144 write_partition(input_file, firmware_offset, fwup_file_system, output_file);
2145 write_ff(output_file, flash_file_system->size - fwup_file_system->size);
2146
2147 fclose(output_file);
2148 fclose(input_file);
2149 }
2150
2151 int main(int argc, char *argv[]) {
2152 const char *board = NULL, *kernel_image = NULL, *rootfs_image = NULL, *output = NULL;
2153 const char *extract_image = NULL, *output_directory = NULL, *convert_image = NULL;
2154 bool add_jffs2_eof = false, sysupgrade = false;
2155 unsigned rev = 0;
2156 struct device_info *info;
2157 set_source_date_epoch();
2158
2159 while (true) {
2160 int c;
2161
2162 c = getopt(argc, argv, "B:k:r:o:V:jSh:x:d:z:");
2163 if (c == -1)
2164 break;
2165
2166 switch (c) {
2167 case 'B':
2168 board = optarg;
2169 break;
2170
2171 case 'k':
2172 kernel_image = optarg;
2173 break;
2174
2175 case 'r':
2176 rootfs_image = optarg;
2177 break;
2178
2179 case 'o':
2180 output = optarg;
2181 break;
2182
2183 case 'V':
2184 sscanf(optarg, "r%u", &rev);
2185 break;
2186
2187 case 'j':
2188 add_jffs2_eof = true;
2189 break;
2190
2191 case 'S':
2192 sysupgrade = true;
2193 break;
2194
2195 case 'h':
2196 usage(argv[0]);
2197 return 0;
2198
2199 case 'd':
2200 output_directory = optarg;
2201 break;
2202
2203 case 'x':
2204 extract_image = optarg;
2205 break;
2206
2207 case 'z':
2208 convert_image = optarg;
2209 break;
2210
2211 default:
2212 usage(argv[0]);
2213 return 1;
2214 }
2215 }
2216
2217 if (extract_image || output_directory) {
2218 if (!extract_image)
2219 error(1, 0, "No factory/oem image given via -x <file>. Output directory is only valid with -x");
2220 if (!output_directory)
2221 error(1, 0, "Can not extract an image without output directory. Use -d <dir>");
2222 extract_firmware(extract_image, output_directory);
2223 } else if (convert_image) {
2224 if (!output)
2225 error(1, 0, "Can not convert a factory/oem image into sysupgrade image without output file. Use -o <file>");
2226 convert_firmware(convert_image, output);
2227 } else {
2228 if (!board)
2229 error(1, 0, "no board has been specified");
2230 if (!kernel_image)
2231 error(1, 0, "no kernel image has been specified");
2232 if (!rootfs_image)
2233 error(1, 0, "no rootfs image has been specified");
2234 if (!output)
2235 error(1, 0, "no output filename has been specified");
2236
2237 info = find_board(board);
2238
2239 if (info == NULL)
2240 error(1, 0, "unsupported board %s", board);
2241
2242 build_image(output, kernel_image, rootfs_image, rev, add_jffs2_eof, sysupgrade, info);
2243 }
2244
2245 return 0;
2246 }
Staging tree of Petr Stetiar