tplink 2.9 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. #------------------------------------------------------------------------------
  2. # $File: tplink,v 1.5 2020/03/28 23:14:26 christos Exp $
  3. # tplink: File magic for openwrt firmware files
  4. # URL: https://wiki.openwrt.org/doc/techref/header
  5. # Reference: https://git.openwrt.org/?p=openwrt.git;a=blob;f=tools/firmware-utils/src/mktplinkfw.c
  6. # From: Joerg Jenderek
  7. # check for valid header version 1 or 2
  8. 0 ulelong <3
  9. >0 ulelong !0
  10. # test for header padding with nulls
  11. >>0x100 long 0
  12. # skip Norton Commander Cleanup Utility NCCLEAN.INI by looking for valid vendor
  13. >>>4 ubelong >0x1F000000
  14. # skip user.dbt by looking for positive hardware id
  15. >>>>0x40 ubeshort >0
  16. >>>>>0 use firmware-tplink
  17. 0 name firmware-tplink
  18. >0 ubyte x firmware
  19. !:mime application/x-tplink-bin
  20. !:ext bin
  21. # hardware id like 10430001 07410001 09410004 09410006
  22. >0x40 ubeshort x %x
  23. >0x42 ubeshort x v%x
  24. # hardware revision like 1
  25. >0x44 ubelong !1 (revision %u)
  26. # vendor_name[24] like OpenWrt or TP-LINK Technologies
  27. >4 string x %.24s
  28. # fw_version[36] like r49389 or ver. 1.0
  29. >0x1c string x %.36s
  30. # header version 1 or 2
  31. >0 ubyte !1 V%X
  32. # ver_hi.ver_mid.ver_lo
  33. >0x98 long !0 \b, version
  34. >>0x98 ubeshort x %u
  35. >>0x9A ubeshort x \b.%u
  36. >>0x9C ubeshort x \b.%u
  37. # region code 0~universal 1~US
  38. >0x48 ubelong x
  39. #>>0x48 ubelong 0 (universal)
  40. >>0x48 ubelong 1 (US)
  41. >>0x48 ubelong >1 (region %u)
  42. # total length of the firmware. not always true
  43. >0x7C ubelong x \b, %u bytes or less
  44. # unknown 1
  45. >0x48 ubelong !0 \b, UNKNOWN1 0x%x
  46. # md5sum1[16]
  47. #>0x4c ubequad x \b, MD5 %llx
  48. #>>0x54 ubequad x \b%llx
  49. # unknown 2
  50. >0x5c ubelong !0 \b, UNKNOWN2 0x%x
  51. # md5sum2[16]
  52. #>0x60 ubequad !0 \b, 2nd MD5 %llx
  53. #>>0x68 ubequad x \b%llx
  54. # unknown 3
  55. >0x70 ubelong !0 \b, UNKNOWN3 0x%x
  56. # kernel load address
  57. #>0x74 ubelong x \b, 0x%x load
  58. # kernel entry point
  59. #>0x78 ubelong x \b, 0x%x entry
  60. # kernel data offset. 200h means direct after header
  61. >0x80 ubelong x \b, at 0x%x
  62. # kernel data length and 1 space
  63. >0x84 ubelong x %u bytes
  64. # look for kernel type (gzip compressed vmlinux.bin by ./compress)
  65. >(0x80.L) indirect x
  66. # root file system data offset
  67. # WRONG in 5.35 with above indirect expression
  68. >0x88 ubelong x \b, at 0x%x
  69. # rootfs data length and 1 space
  70. >0x8C ubelong x %u bytes
  71. # in 5.32 only true for offset ~< FILE_BYTES_MAX=9 MB defined in ../../src/file.h
  72. >(0x88.L) indirect x
  73. # 'qshs' for wr940nv1_en_3_13_7_up(111228).bin
  74. #>(0x88.L) string x \b, file system '%.4s'
  75. #>(0x88.L) ubequad x \b, file system 0x%llx
  76. # bootloader data offset
  77. >0x90 ubelong !0 \b, at 0x%x
  78. # bootloader data length only resonable if bootloader offset not null
  79. >>0x94 ubelong !0 %u bytes
  80. # pad[354] should be 354 null bytes.
  81. #>0x9E ubequad !0 \b, padding 0x%llx
  82. # But at 0x120 18 non null bytes in examples like
  83. # wr940nv4_eu_3_16_9_up_boot(160620).bin
  84. # wr940nv6_us_3_18_1_up_boot(171030).bin
  85. #>0x120 ubequad !0 \b, other padding 0x%llx