git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: 832cf42db1
Branches Tags
file
/
magic
/
Magdir
/
tplink

tplink 2.9 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. 

  2. #------------------------------------------------------------------------------
    3. 

  3. # $File: tplink,v 1.5 2020/03/28 23:14:26 christos Exp $
    4. 

  4. # tplink: File magic for openwrt firmware files
    5. 

  5. 

  6. # URL: https://wiki.openwrt.org/doc/techref/header
    7. 

  7. # Reference: https://git.openwrt.org/?p=openwrt.git;a=blob;f=tools/firmware-utils/src/mktplinkfw.c
    8. 

  8. # From: Joerg Jenderek
    9. 

  9. # check for valid header version 1 or 2
    10. 

  10. 0		ulelong		<3
    11. 

  11. >0		ulelong		!0
    12. 

  12. # test for header padding with nulls
    13. 

  13. >>0x100		long		0
    14. 

  14. # skip Norton Commander Cleanup Utility NCCLEAN.INI by looking for valid vendor
    15. 

  15. >>>4		ubelong		>0x1F000000
    16. 

  16. # skip user.dbt by looking for positive hardware id
    17. 

  17. >>>>0x40	ubeshort	>0
    18. 

  18. >>>>>0		use		firmware-tplink
    19. 

  19. 

  20. 0		name		firmware-tplink
    21. 

  21. >0		ubyte		x		firmware
    22. 

  22. !:mime application/x-tplink-bin
    23. 

  23. !:ext	bin
    24. 

  24. # hardware id like 10430001 07410001 09410004 09410006
    25. 

  25. >0x40		ubeshort	x		%x
    26. 

  26. >0x42		ubeshort	x		v%x
    27. 

  27. # hardware revision like 1
    28. 

  28. >0x44		ubelong		!1		(revision %u)
    29. 

  29. # vendor_name[24] like OpenWrt or TP-LINK Technologies
    30. 

  30. >4		string		x		%.24s
    31. 

  31. # fw_version[36] like r49389 or ver. 1.0
    32. 

  32. >0x1c		string		x		%.36s
    33. 

  33. # header version 1 or 2
    34. 

  34. >0		ubyte		!1		V%X
    35. 

  35. # ver_hi.ver_mid.ver_lo
    36. 

  36. >0x98		long		!0		\b, version
    37. 

  37. >>0x98		ubeshort	x		%u
    38. 

  38. >>0x9A		ubeshort	x		\b.%u
    39. 

  39. >>0x9C		ubeshort	x		\b.%u
    40. 

  40. # region code 0~universal 1~US
    41. 

  41. >0x48		ubelong		x
    42. 

  42. #>>0x48		ubelong		0		(universal)
    43. 

  43. >>0x48		ubelong		1		(US)
    44. 

  44. >>0x48		ubelong		>1		(region %u)
    45. 

  45. # total length of the firmware. not always true
    46. 

  46. >0x7C		ubelong		x		\b, %u bytes or less
    47. 

  47. # unknown 1
    48. 

  48. >0x48		ubelong		!0		\b, UNKNOWN1 0x%x
    49. 

  49. # md5sum1[16]
    50. 

  50. #>0x4c		ubequad		x		\b, MD5 %llx
    51. 

  51. #>>0x54		ubequad		x		\b%llx
    52. 

  52. # unknown 2
    53. 

  53. >0x5c		ubelong		!0		\b, UNKNOWN2 0x%x
    54. 

  54. # md5sum2[16]
    55. 

  55. #>0x60		ubequad		!0		\b, 2nd MD5 %llx
    56. 

  56. #>>0x68		ubequad		x		\b%llx
    57. 

  57. # unknown 3
    58. 

  58. >0x70		ubelong		!0		\b, UNKNOWN3 0x%x
    59. 

  59. # kernel load address
    60. 

  60. #>0x74		ubelong		x		\b, 0x%x load
    61. 

  61. # kernel entry point
    62. 

  62. #>0x78		ubelong		x		\b, 0x%x entry
    63. 

  63. # kernel data offset. 200h means direct after header
    64. 

  64. >0x80		ubelong		x		\b, at 0x%x
    65. 

  65. # kernel data length and 1 space
    66. 

  66. >0x84		ubelong		x		%u bytes 
    67. 

  67. # look for kernel type (gzip compressed vmlinux.bin by ./compress)
    68. 

  68. >(0x80.L)	indirect	x
    69. 

  69. # root file system data offset
    70. 

  70. # WRONG in 5.35 with above indirect expression
    71. 

  71. >0x88		ubelong		x		\b, at 0x%x
    72. 

  72. # rootfs data length and 1 space
    73. 

  73. >0x8C		ubelong		x		%u bytes 
    74. 

  74. # in 5.32 only true for offset ~< FILE_BYTES_MAX=9 MB defined in ../../src/file.h 
    75. 

  75. >(0x88.L)	indirect	x
    76. 

  76. # 'qshs' for wr940nv1_en_3_13_7_up(111228).bin
    77. 

  77. #>(0x88.L)	string		x		\b, file system '%.4s'
    78. 

  78. #>(0x88.L)	ubequad		x		\b, file system 0x%llx
    79. 

  79. # bootloader data offset
    80. 

  80. >0x90		ubelong		!0		\b, at 0x%x
    81. 

  81. # bootloader data length only resonable if bootloader offset not null
    82. 

  82. >>0x94		ubelong		!0		%u bytes
    83. 

  83. # pad[354] should be 354 null bytes.
    84. 

  84. #>0x9E		ubequad		!0		\b, padding 0x%llx
    85. 

  85. # But at 0x120 18 non null bytes in examples like
    86. 

  86. # wr940nv4_eu_3_16_9_up_boot(160620).bin
    87. 

  87. # wr940nv6_us_3_18_1_up_boot(171030).bin
    88. 

  88. #>0x120		ubequad		!0		\b, other padding 0x%llx
    89.