2 * Copyright (C) 2009 Gabor Juhos <juhosg@openwrt.org>
4 * This tool was based on:
5 * TP-Link WR941 V2 firmware checksum fixing tool.
6 * Copyright (C) 2008,2009 Wang Jian <lark@linux.net.cn>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License version 2 as published
10 * by the Free Software Foundation.
18 #include <unistd.h> /* for unlink() */
20 #include <getopt.h> /* for getopt() */
27 #include <arpa/inet.h>
28 #include <netinet/in.h>
31 #include "mktplinkfw-lib.h"
34 uint32_t version; /* 0x00: header version */
35 char fw_version[48]; /* 0x04: fw version string */
36 uint32_t hw_id; /* 0x34: hardware id */
37 uint32_t hw_rev; /* 0x38: FIXME: hardware revision? */
38 uint32_t hw_ver_add; /* 0x3c: additional hardware version */
39 uint8_t md5sum1[MD5SUM_LEN]; /* 0x40 */
40 uint32_t unk2; /* 0x50: 0x00000000 */
41 uint8_t md5sum2[MD5SUM_LEN]; /* 0x54 */
42 uint32_t unk3; /* 0x64: 0xffffffff */
44 uint32_t kernel_la; /* 0x68: kernel load address */
45 uint32_t kernel_ep; /* 0x6c: kernel entry point */
46 uint32_t fw_length; /* 0x70: total length of the image */
47 uint32_t kernel_ofs; /* 0x74: kernel data offset */
48 uint32_t kernel_len; /* 0x78: kernel data length */
49 uint32_t rootfs_ofs; /* 0x7c: rootfs data offset */
50 uint32_t rootfs_len; /* 0x80: rootfs data length */
51 uint32_t boot_ofs; /* 0x84: bootloader offset */
52 uint32_t boot_len; /* 0x88: bootloader length */
53 uint16_t unk4; /* 0x8c: 0x55aa */
54 uint8_t sver_hi; /* 0x8e */
55 uint8_t sver_lo; /* 0x8f */
56 uint8_t unk5; /* 0x90: magic: 0xa5 */
57 uint8_t ver_hi; /* 0x91 */
58 uint8_t ver_mid; /* 0x92 */
59 uint8_t ver_lo; /* 0x93 */
61 } __attribute__ ((packed));
63 #define FLAG_LE_KERNEL_LA_EP 0x00000001 /* Little-endian used for kernel load address & entry point */
80 static char *vendor = "TP-LINK Technologies";
81 static char *version = "ver. 1.0";
82 static char *fw_ver = "0.0.0";
83 static char *sver = "1.0";
84 static uint32_t hdr_ver = 2;
86 static struct board_info custom_board;
88 static struct board_info *board;
89 static char *layout_id;
90 struct flash_layout *layout;
91 static char *opt_hw_id;
92 static char *opt_hw_rev;
93 static char *opt_hw_ver_add;
95 static int fw_ver_mid;
99 struct file_info kernel_info;
100 static uint32_t kernel_la = 0;
101 static uint32_t kernel_ep = 0;
102 uint32_t kernel_len = 0;
103 struct file_info rootfs_info;
104 uint32_t rootfs_ofs = 0;
105 uint32_t rootfs_align;
106 static struct file_info boot_info;
111 static struct file_info inspect_info;
112 static int extract = 0;
114 char md5salt_normal[MD5SUM_LEN] = {
115 0xdc, 0xd7, 0x3a, 0xa5, 0xc3, 0x95, 0x98, 0xfb,
116 0xdc, 0xf9, 0xe7, 0xf4, 0x0e, 0xae, 0x47, 0x37,
119 char md5salt_boot[MD5SUM_LEN] = {
120 0x8c, 0xef, 0x33, 0x5f, 0xd5, 0xc5, 0xce, 0xfa,
121 0xac, 0x9c, 0x28, 0xda, 0xb2, 0xe9, 0x0f, 0x42,
124 static struct flash_layout layouts[] = {
127 .fw_max_len = 0x3d0000,
128 .kernel_la = 0x80000000,
129 .kernel_ep = 0x80000000,
130 .rootfs_ofs = 0x140000,
133 .fw_max_len = 0x7a0000,
134 .kernel_la = 0x80002000,
135 .kernel_ep = 0x80002000,
136 .rootfs_ofs = 0x140000,
139 .fw_max_len = 0xf90000,
140 .kernel_la = 0x80002000,
141 .kernel_ep = 0x800061b0,
142 .rootfs_ofs = 0x140000,
145 .fw_max_len = 0x7a0000,
146 .kernel_la = 0x80000000,
147 .kernel_ep = 0x80000000,
148 .rootfs_ofs = 0x140000,
150 .id = "8MSUmtk", /* Split U-Boot OS */
151 .fw_max_len = 0x770000,
152 .kernel_la = 0x80000000,
153 .kernel_ep = 0x80000000,
154 .rootfs_ofs = 0x140000,
157 .fw_max_len = 0x7b0000,
158 .kernel_la = 0x80000000,
159 .kernel_ep = 0x80000000,
160 .rootfs_ofs = 0x140000,
163 .fw_max_len = 0x7a0000,
164 .kernel_la = 0x80060000,
165 .kernel_ep = 0x80060000,
166 .rootfs_ofs = 0x140000,
169 .fw_max_len = 0xf90000,
170 .kernel_la = 0x80060000,
171 .kernel_ep = 0x80060000,
172 .rootfs_ofs = 0x140000,
174 /* terminating entry */
178 static void usage(int status)
180 FILE *stream = (status != EXIT_SUCCESS) ? stderr : stdout;
181 struct board_info *board;
183 fprintf(stream, "Usage: %s [OPTIONS...]\n", progname);
187 " -c use combined kernel image\n"
188 " -e swap endianness in kernel load address and entry point\n"
189 " -E <ep> overwrite kernel entry point with <ep> (hexval prefixed with 0x)\n"
190 " -L <la> overwrite kernel load address with <la> (hexval prefixed with 0x)\n"
191 " -H <hwid> use hardware id specified with <hwid>\n"
192 " -W <hwrev> use hardware revision specified with <hwrev>\n"
193 " -w <hwveradd> use additional hardware version specified with <hwveradd>\n"
194 " -F <id> use flash layout specified with <id>\n"
195 " -k <file> read kernel image from the file <file>\n"
196 " -r <file> read rootfs image from the file <file>\n"
197 " -a <align> align the rootfs start on an <align> bytes boundary\n"
198 " -R <offset> overwrite rootfs offset with <offset> (hexval prefixed with 0x)\n"
199 " -o <file> write output to the file <file>\n"
200 " -s strip padding from the end of the image\n"
201 " -j add jffs2 end-of-filesystem markers\n"
202 " -N <vendor> set image vendor to <vendor>\n"
203 " -T <version> set header version to <version>\n"
204 " -V <version> set image version to <version>\n"
205 " -v <version> set firmware version to <version>\n"
206 " -y <version> set secondary version to <version>\n"
207 " -i <file> inspect given firmware file <file>\n"
208 " -x extract kernel and rootfs while inspecting (requires -i)\n"
209 " -h show this screen\n"
215 static int check_options(void)
219 if (inspect_info.file_name) {
220 ret = get_file_stat(&inspect_info);
225 } else if (extract) {
226 ERR("no firmware for inspection specified");
230 if (opt_hw_id == NULL) {
231 ERR("hardware id must be specified");
235 board = &custom_board;
237 if (layout_id == NULL) {
238 ERR("flash layout is not specified");
242 board->hw_id = strtoul(opt_hw_id, NULL, 0);
245 board->hw_ver_add = 0;
248 board->hw_rev = strtoul(opt_hw_rev, NULL, 0);
250 board->hw_ver_add = strtoul(opt_hw_ver_add, NULL, 0);
252 layout = find_layout(layouts, layout_id);
253 if (layout == NULL) {
254 ERR("unknown flash layout \"%s\"", layout_id);
259 kernel_la = layout->kernel_la;
261 kernel_ep = layout->kernel_ep;
263 rootfs_ofs = layout->rootfs_ofs;
265 if (kernel_info.file_name == NULL) {
266 ERR("no kernel image specified");
270 ret = get_file_stat(&kernel_info);
274 kernel_len = kernel_info.file_size;
277 if (kernel_info.file_size >
278 layout->fw_max_len - sizeof(struct fw_header)) {
279 ERR("kernel image is too big");
283 if (rootfs_info.file_name == NULL) {
284 ERR("no rootfs image specified");
288 ret = get_file_stat(&rootfs_info);
293 kernel_len += sizeof(struct fw_header);
294 rootfs_ofs = ALIGN(kernel_len, rootfs_align);
295 kernel_len -= sizeof(struct fw_header);
297 DBG("rootfs offset aligned to 0x%u", rootfs_ofs);
299 if (kernel_len + rootfs_info.file_size >
300 layout->fw_max_len - sizeof(struct fw_header)) {
301 ERR("images are too big");
305 if (kernel_info.file_size >
306 rootfs_ofs - sizeof(struct fw_header)) {
307 ERR("kernel image is too big");
311 if (rootfs_info.file_size >
312 (layout->fw_max_len - rootfs_ofs)) {
313 ERR("rootfs image is too big");
319 if (ofname == NULL) {
320 ERR("no output file specified");
324 ret = sscanf(fw_ver, "%d.%d.%d", &fw_ver_hi, &fw_ver_mid, &fw_ver_lo);
326 ERR("invalid firmware version '%s'", fw_ver);
330 ret = sscanf(sver, "%d.%d", &sver_hi, &sver_lo);
332 ERR("invalid secondary version '%s'", sver);
339 void fill_header(char *buf, int len)
341 struct fw_header *hdr = (struct fw_header *)buf;
344 memset(hdr, '\xff', sizeof(struct fw_header));
346 hdr->version = htonl(bswap_32(hdr_ver));
347 ver_len = strlen(version);
348 if (ver_len > (sizeof(hdr->fw_version) - 1))
349 ver_len = sizeof(hdr->fw_version) - 1;
351 memcpy(hdr->fw_version, version, ver_len);
352 hdr->fw_version[ver_len] = 0;
354 hdr->hw_id = htonl(board->hw_id);
355 hdr->hw_rev = htonl(board->hw_rev);
356 hdr->hw_ver_add = htonl(board->hw_ver_add);
358 if (boot_info.file_size == 0) {
359 memcpy(hdr->md5sum1, md5salt_normal, sizeof(hdr->md5sum1));
360 hdr->boot_ofs = htonl(0);
361 hdr->boot_len = htonl(0);
363 memcpy(hdr->md5sum1, md5salt_boot, sizeof(hdr->md5sum1));
364 hdr->boot_ofs = htonl(rootfs_ofs + rootfs_info.file_size);
365 hdr->boot_len = htonl(rootfs_info.file_size);
368 hdr->kernel_la = htonl(kernel_la);
369 hdr->kernel_ep = htonl(kernel_ep);
370 hdr->fw_length = htonl(layout->fw_max_len);
371 hdr->kernel_ofs = htonl(sizeof(struct fw_header));
372 hdr->kernel_len = htonl(kernel_len);
374 hdr->rootfs_ofs = htonl(rootfs_ofs);
375 hdr->rootfs_len = htonl(rootfs_info.file_size);
378 hdr->boot_ofs = htonl(0);
379 hdr->boot_len = htonl(boot_info.file_size);
381 hdr->unk2 = htonl(0);
382 hdr->unk3 = htonl(0xffffffff);
383 hdr->unk4 = htons(0x55aa);
386 hdr->sver_hi = sver_hi;
387 hdr->sver_lo = sver_lo;
389 hdr->ver_hi = fw_ver_hi;
390 hdr->ver_mid = fw_ver_mid;
391 hdr->ver_lo = fw_ver_lo;
393 if (board->flags & FLAG_LE_KERNEL_LA_EP) {
394 hdr->kernel_la = bswap_32(hdr->kernel_la);
395 hdr->kernel_ep = bswap_32(hdr->kernel_ep);
398 get_md5(buf, len, hdr->md5sum1);
401 static int inspect_fw(void)
404 struct fw_header *hdr;
405 uint8_t md5sum[MD5SUM_LEN];
406 struct board_info *board;
407 int ret = EXIT_FAILURE;
409 buf = malloc(inspect_info.file_size);
411 ERR("no memory for buffer!\n");
415 ret = read_to_buf(&inspect_info, buf);
418 hdr = (struct fw_header *)buf;
420 board = &custom_board;
422 if (board->flags & FLAG_LE_KERNEL_LA_EP) {
423 hdr->kernel_la = bswap_32(hdr->kernel_la);
424 hdr->kernel_ep = bswap_32(hdr->kernel_ep);
427 inspect_fw_pstr("File name", inspect_info.file_name);
428 inspect_fw_phexdec("File size", inspect_info.file_size);
430 switch(bswap_32(ntohl(hdr->version))) {
435 ERR("file does not seem to have V2/V3 header!\n");
439 inspect_fw_phexdec("Version 2 Header size", sizeof(struct fw_header));
441 memcpy(md5sum, hdr->md5sum1, sizeof(md5sum));
442 if (ntohl(hdr->boot_len) == 0)
443 memcpy(hdr->md5sum1, md5salt_normal, sizeof(md5sum));
445 memcpy(hdr->md5sum1, md5salt_boot, sizeof(md5sum));
446 get_md5(buf, inspect_info.file_size, hdr->md5sum1);
448 if (memcmp(md5sum, hdr->md5sum1, sizeof(md5sum))) {
449 inspect_fw_pmd5sum("Header MD5Sum1", md5sum, "(*ERROR*)");
450 inspect_fw_pmd5sum(" --> expected", hdr->md5sum1, "");
452 inspect_fw_pmd5sum("Header MD5Sum1", md5sum, "(ok)");
454 if (ntohl(hdr->unk2) != 0)
455 inspect_fw_phexdec("Unknown value 2", hdr->unk2);
456 inspect_fw_pmd5sum("Header MD5Sum2", hdr->md5sum2,
457 "(purpose yet unknown, unchecked here)");
459 if (ntohl(hdr->unk3) != 0xffffffff)
460 inspect_fw_phexdec("Unknown value 3", hdr->unk3);
462 if (ntohs(hdr->unk4) != 0x55aa)
463 inspect_fw_phexdec("Unknown value 4", hdr->unk4);
465 if (hdr->unk5 != 0xa5)
466 inspect_fw_phexdec("Unknown value 5", hdr->unk5);
470 inspect_fw_pstr("Firmware version", hdr->fw_version);
471 inspect_fw_phex("Hardware ID", ntohl(hdr->hw_id));
472 inspect_fw_phex("Hardware Revision",
474 inspect_fw_phex("Additional HW Version",
475 ntohl(hdr->hw_ver_add));
477 printf("%-23s: %d.%d.%d-%d.%d\n", "Software version",
478 hdr->ver_hi, hdr->ver_mid, hdr->ver_lo,
479 hdr->sver_hi, hdr->sver_lo);
483 inspect_fw_phexdec("Kernel data offset",
484 ntohl(hdr->kernel_ofs));
485 inspect_fw_phexdec("Kernel data length",
486 ntohl(hdr->kernel_len));
487 inspect_fw_phex("Kernel load address",
488 ntohl(hdr->kernel_la));
489 inspect_fw_phex("Kernel entry point",
490 ntohl(hdr->kernel_ep));
491 inspect_fw_phexdec("Rootfs data offset",
492 ntohl(hdr->rootfs_ofs));
493 inspect_fw_phexdec("Rootfs data length",
494 ntohl(hdr->rootfs_len));
495 inspect_fw_phexdec("Boot loader data offset",
496 ntohl(hdr->boot_ofs));
497 inspect_fw_phexdec("Boot loader data length",
498 ntohl(hdr->boot_len));
499 inspect_fw_phexdec("Total firmware length",
500 ntohl(hdr->fw_length));
508 filename = malloc(strlen(inspect_info.file_name) + 8);
509 sprintf(filename, "%s-kernel", inspect_info.file_name);
510 printf("Extracting kernel to \"%s\"...\n", filename);
511 fp = fopen(filename, "w");
513 if (!fwrite(buf + ntohl(hdr->kernel_ofs),
514 ntohl(hdr->kernel_len), 1, fp)) {
515 ERR("error in fwrite(): %s", strerror(errno));
519 ERR("error in fopen(): %s", strerror(errno));
523 filename = malloc(strlen(inspect_info.file_name) + 8);
524 sprintf(filename, "%s-rootfs", inspect_info.file_name);
525 printf("Extracting rootfs to \"%s\"...\n", filename);
526 fp = fopen(filename, "w");
528 if (!fwrite(buf + ntohl(hdr->rootfs_ofs),
529 ntohl(hdr->rootfs_len), 1, fp)) {
530 ERR("error in fwrite(): %s", strerror(errno));
534 ERR("error in fopen(): %s", strerror(errno));
545 int main(int argc, char *argv[])
547 int ret = EXIT_FAILURE;
549 progname = basename(argv[0]);
554 c = getopt(argc, argv, "a:H:E:F:L:V:N:W:w:ci:k:r:R:o:xhsjv:y:T:e");
560 sscanf(optarg, "0x%x", &rootfs_align);
566 sscanf(optarg, "0x%x", &kernel_ep);
575 opt_hw_ver_add = optarg;
578 sscanf(optarg, "0x%x", &kernel_la);
596 kernel_info.file_name = optarg;
599 rootfs_info.file_name = optarg;
602 sscanf(optarg, "0x%x", &rootfs_ofs);
611 inspect_info.file_name = optarg;
620 hdr_ver = atoi(optarg);
623 custom_board.flags = FLAG_LE_KERNEL_LA_EP;
634 ret = check_options();
638 if (!inspect_info.file_name)
639 ret = build_fw(sizeof(struct fw_header));
projects / librecmc / librecmc.git / blob