tplink 2.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. #------------------------------------------------------------------------------
  2. # $File: tplink,v 1.4 2019/04/19 00:42:27 christos Exp $
  3. # tplink: File magic for openwrt firmware files
  4. # URL: https://wiki.openwrt.org/doc/techref/header
  5. # Reference: https://git.openwrt.org/?p=openwrt.git;a=blob;f=tools/firmware-utils/src/mktplinkfw.c
  6. # From: Joerg Jenderek
  7. # check for valid header version 1 or 2
  8. 0 ulelong <3
  9. >0 ulelong !0
  10. # test for header padding with nulls
  11. >>0x100 long 0
  12. # skip Norton Commander Cleanup Utility NCCLEAN.INI by looking for valid vendor
  13. >>>4 ubelong >0x1F000000
  14. >>>>0 use firmware-tplink
  15. 0 name firmware-tplink
  16. >0 ubyte x firmware
  17. !:mime application/x-tplink-bin
  18. !:ext bin
  19. # hardware id like 10430001 07410001 09410004 09410006
  20. >0x40 ubeshort x %x
  21. >0x42 ubeshort x v%x
  22. # hardware revision like 1
  23. >0x44 ubelong !1 (revision %u)
  24. # vendor_name[24] like OpenWrt or TP-LINK Technologies
  25. >4 string x %.24s
  26. # fw_version[36] like r49389 or ver. 1.0
  27. >0x1c string x %.36s
  28. # header version 1 or 2
  29. >0 ubyte !1 V%X
  30. # ver_hi.ver_mid.ver_lo
  31. >0x98 long !0 \b, version
  32. >>0x98 ubeshort x %u
  33. >>0x9A ubeshort x \b.%u
  34. >>0x9C ubeshort x \b.%u
  35. # region code 0~universal 1~US
  36. >0x48 ubelong x
  37. #>>0x48 ubelong 0 (universal)
  38. >>0x48 ubelong 1 (US)
  39. >>0x48 ubelong >1 (region %u)
  40. # total length of the firmware. not always true
  41. >0x7C ubelong x \b, %u bytes or less
  42. # unknown 1
  43. >0x48 ubelong !0 \b, UNKNOWN1 0x%x
  44. # md5sum1[16]
  45. #>0x4c ubequad x \b, MD5 %llx
  46. #>>0x54 ubequad x \b%llx
  47. # unknown 2
  48. >0x5c ubelong !0 \b, UNKNOWN2 0x%x
  49. # md5sum2[16]
  50. #>0x60 ubequad !0 \b, 2nd MD5 %llx
  51. #>>0x68 ubequad x \b%llx
  52. # unknown 3
  53. >0x70 ubelong !0 \b, UNKNOWN3 0x%x
  54. # kernel load address
  55. #>0x74 ubelong x \b, 0x%x load
  56. # kernel entry point
  57. #>0x78 ubelong x \b, 0x%x entry
  58. # kernel data offset. 200h means direct after header
  59. >0x80 ubelong x \b, at 0x%x
  60. # kernel data length and 1 space
  61. >0x84 ubelong x %u bytes
  62. # look for kernel type (gzip compressed vmlinux.bin by ./compress)
  63. >(0x80.L) indirect x
  64. # root file system data offset
  65. # WRONG in 5.35 with above indirect expression
  66. >0x88 ubelong x \b, at 0x%x
  67. # rootfs data length and 1 space
  68. >0x8C ubelong x %u bytes
  69. # in 5.32 only true for offset ~< FILE_BYTES_MAX=9 MB defined in ../../src/file.h
  70. >(0x88.L) indirect x
  71. # 'qshs' for wr940nv1_en_3_13_7_up(111228).bin
  72. #>(0x88.L) string x \b, file system '%.4s'
  73. #>(0x88.L) ubequad x \b, file system 0x%llx
  74. # bootloader data offset
  75. >0x90 ubelong !0 \b, at 0x%x
  76. # bootloader data length only resonable if bootloader offset not null
  77. >>0x94 ubelong !0 %u bytes
  78. # pad[354] should be 354 null bytes.
  79. #>0x9E ubequad !0 \b, padding 0x%llx
  80. # But at 0x120 18 non null bytes in examples like
  81. # wr940nv4_eu_3_16_9_up_boot(160620).bin
  82. # wr940nv6_us_3_18_1_up_boot(171030).bin
  83. #>0x120 ubequad !0 \b, other padding 0x%llx