| Message ID | 20220813185152.1443331-1-nickfrench@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | Hauke Mehrtens |
| Headers | show |
| Series | tplink-safeloader: add TP-Link Deco S4 v2 support | expand |
Hi, On Sat, 2022-08-13 at 13:51 -0500, Nick French wrote: > Support creating images for TP-Link Deco S4R v2. > > Original partition layout from OEM image: > partition fs-uboot base 0x00000 size 0x80000 > partition product-info base 0x80000 size 0x05000 > partition default-mac base 0x85000 size 0x01000 > partition device-id base 0x86000 size 0x01000 > partition support-list base 0x87000 size 0x10000 > partition user-config base 0xa7000 size 0x10000 > partition device-config base 0xb7000 size 0x10000 > partition group-info base 0xc7000 size 0x10000 > partition partition-table base 0xd7000 size 0x02000 > partition soft-version base 0xd9000 size 0x10000 > partition profile base 0xe9000 size 0x10000 > partition default-config base 0xf9000 size 0x10000 > partition url-sig base 0x1e0000 size 0x10000 > partition radio base 0x1f0000 size 0x10000 > partition os-image base 0x200000 size 0x200000 > partition file-system base 0x400000 size 0xc00000 > > The 'os-image' and 'file-system' partitions were merged into 'firmware' > to make use of the automatic mtd split. > > Signed-off-by: Nick French <nickfrench@gmail.com> > --- > src/tplink-safeloader.c | 43 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 43 insertions(+) > > diff --git a/src/tplink-safeloader.c b/src/tplink-safeloader.c > index 7a31ac2..7f9081d 100644 > --- a/src/tplink-safeloader.c > +++ b/src/tplink-safeloader.c > @@ -1577,6 +1577,49 @@ static struct device_info boards[] = { > .last_sysupgrade_partition = "file-system", > }, > > + /** Firmware layout for the Deco S4 v2 */ > + { > + .id = "DECO-S4-V2", > + .vendor = "", > + .support_list = > + "SupportList:\n" > + "{product_name:S4,product_ver:1.0.0,special_id:5553000 > 0}\n" > + "{product_name:S4,product_ver:1.0.0,special_id:4555000 > 0}\n" > + "{product_name:S4,product_ver:1.0.0,special_id:4341000 > 0}\n" > + "{product_name:S4,product_ver:1.0.0,special_id:4A50000 > 0}\n" > + "{product_name:S4,product_ver:1.0.0,special_id:4155000 > 0}\n" > + "{product_name:S4,product_ver:1.0.0,special_id:4B52000 > 0}\n" > + "{product_name:S4,product_ver:2.0.0,special_id:5553000 > 0}\n" > + "{product_name:S4,product_ver:2.0.0,special_id:4555000 > 0}\n" > + "{product_name:S4,product_ver:2.0.0,special_id:4341000 > 0}\n" > + "{product_name:S4,product_ver:2.0.0,special_id:4A50000 > 0}\n" > + "{product_name:S4,product_ver:2.0.0,special_id:4155000 > 0}\n" > + "{product_name:S4,product_ver:2.0.0,special_id:4B52000 > 0}\n", Looking at the FW images that can be downloaded from TP-Link's website, the support-list partition appears to be a binary blob instead of a plaintext table. Any idea what's going on here? Best, Sander > + .part_trail = 0x00, > + .soft_ver = SOFT_VER_DEFAULT, > + > + .partitions = { > + {"fs-uboot", 0x00000, 0x80000}, > + {"product-info", 0x80000, 0x05000}, > + {"default-mac", 0x85000, 0x01000}, > + {"device-id", 0x86000, 0x01000}, > + {"support-list", 0x87000, 0x10000}, > + {"user-config", 0xa7000, 0x10000}, > + {"device-config", 0xb7000, 0x10000}, > + {"group-info", 0xc7000, 0x10000}, > + {"partition-table", 0xd7000, 0x02000}, > + {"soft-version", 0xd9000, 0x10000}, > + {"profile", 0xe9000, 0x10000}, > + {"default-config", 0xf9000, 0x10000}, > + {"url-sig", 0x1e0000, 0x10000}, > + {"radio", 0x1f0000, 0x10000}, > + {"firmware", 0x200000, 0xe00000}, > + {NULL, 0, 0} > + }, > + .first_sysupgrade_partition = "os-image", > + .last_sysupgrade_partition = "file-system", > + }, > + > /** Firmware layout for the EAP120 */ > { > .id = "EAP120",
On Sun, Aug 14, 2022 at 08:04:01AM +0200, Sander Vanheule wrote: > Hi, > > On Sat, 2022-08-13 at 13:51 -0500, Nick French wrote: > > Support creating images for TP-Link Deco S4R v2. > > > > Original partition layout from OEM image: > > partition fs-uboot base 0x00000 size 0x80000 > > partition product-info base 0x80000 size 0x05000 > > partition default-mac base 0x85000 size 0x01000 > > partition device-id base 0x86000 size 0x01000 > > partition support-list base 0x87000 size 0x10000 > > partition user-config base 0xa7000 size 0x10000 > > partition device-config base 0xb7000 size 0x10000 > > partition group-info base 0xc7000 size 0x10000 > > partition partition-table base 0xd7000 size 0x02000 > > partition soft-version base 0xd9000 size 0x10000 > > partition profile base 0xe9000 size 0x10000 > > partition default-config base 0xf9000 size 0x10000 > > partition url-sig base 0x1e0000 size 0x10000 > > partition radio base 0x1f0000 size 0x10000 > > partition os-image base 0x200000 size 0x200000 > > partition file-system base 0x400000 size 0xc00000 > > > > The 'os-image' and 'file-system' partitions were merged into 'firmware' > > to make use of the automatic mtd split. > > > > Signed-off-by: Nick French <nickfrench@gmail.com> > > --- > > src/tplink-safeloader.c | 43 +++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 43 insertions(+) > > > > diff --git a/src/tplink-safeloader.c b/src/tplink-safeloader.c > > index 7a31ac2..7f9081d 100644 > > --- a/src/tplink-safeloader.c > > +++ b/src/tplink-safeloader.c > > @@ -1577,6 +1577,49 @@ static struct device_info boards[] = { > > .last_sysupgrade_partition = "file-system", > > }, > > > > + /** Firmware layout for the Deco S4 v2 */ > > + { > > + .id = "DECO-S4-V2", > > + .vendor = "", > > + .support_list = > > + "SupportList:\n" > > + "{product_name:S4,product_ver:1.0.0,special_id:5553000 > > 0}\n" > > + "{product_name:S4,product_ver:1.0.0,special_id:4555000 > > 0}\n" > > + "{product_name:S4,product_ver:1.0.0,special_id:4341000 > > 0}\n" > > + "{product_name:S4,product_ver:1.0.0,special_id:4A50000 > > 0}\n" > > + "{product_name:S4,product_ver:1.0.0,special_id:4155000 > > 0}\n" > > + "{product_name:S4,product_ver:1.0.0,special_id:4B52000 > > 0}\n" > > + "{product_name:S4,product_ver:2.0.0,special_id:5553000 > > 0}\n" > > + "{product_name:S4,product_ver:2.0.0,special_id:4555000 > > 0}\n" > > + "{product_name:S4,product_ver:2.0.0,special_id:4341000 > > 0}\n" > > + "{product_name:S4,product_ver:2.0.0,special_id:4A50000 > > 0}\n" > > + "{product_name:S4,product_ver:2.0.0,special_id:4155000 > > 0}\n" > > + "{product_name:S4,product_ver:2.0.0,special_id:4B52000 > > 0}\n", > > Looking at the FW images that can be downloaded from TP-Link's website, the > support-list partition appears to be a binary blob instead of a plaintext table. > Any idea what's going on here? > > Best, > Sander > Yes, the firmware implements an encryption scheme for several of the config partitions. Decryption was reverse engineered and a tool was submitted separately via github: https://github.com/openwrt/openwrt/pull/10445 (tools: deco-decrypt: add package to decrypt Deco S4 config) As an example use of the tool, you can run it on the firmware file directly such as: $ deco_decrypt S4_1.5.1.bin $((0x1014 + 0x1000)) $((0x2d1)) SupportList: {product_name:S4,product_ver:1.0.0,special_id:55530000} {product_name:S4,product_ver:1.0.0,special_id:45550000} {product_name:S4,product_ver:1.0.0,special_id:43410000} {product_name:S4,product_ver:1.0.0,special_id:4A500000} {product_name:S4,product_ver:1.0.0,special_id:41550000} {product_name:S4,product_ver:1.0.0,special_id:4B520000} {product_name:S4,product_ver:2.0.0,special_id:55530000} {product_name:S4,product_ver:2.0.0,special_id:45550000} {product_name:S4,product_ver:2.0.0,special_id:43410000} {product_name:S4,product_ver:2.0.0,special_id:4A500000} {product_name:S4,product_ver:2.0.0,special_id:41550000} {product_name:S4,product_ver:2.0.0,special_id:4B520000} - Nick > > + .part_trail = 0x00, > > + .soft_ver = SOFT_VER_DEFAULT, > > + > > + .partitions = { > > + {"fs-uboot", 0x00000, 0x80000}, > > + {"product-info", 0x80000, 0x05000}, > > + {"default-mac", 0x85000, 0x01000}, > > + {"device-id", 0x86000, 0x01000}, > > + {"support-list", 0x87000, 0x10000}, > > + {"user-config", 0xa7000, 0x10000}, > > + {"device-config", 0xb7000, 0x10000}, > > + {"group-info", 0xc7000, 0x10000}, > > + {"partition-table", 0xd7000, 0x02000}, > > + {"soft-version", 0xd9000, 0x10000}, > > + {"profile", 0xe9000, 0x10000}, > > + {"default-config", 0xf9000, 0x10000}, > > + {"url-sig", 0x1e0000, 0x10000}, > > + {"radio", 0x1f0000, 0x10000}, > > + {"firmware", 0x200000, 0xe00000}, > > + {NULL, 0, 0} > > + }, > > + .first_sysupgrade_partition = "os-image", > > + .last_sysupgrade_partition = "file-system", > > + }, > > + > > /** Firmware layout for the EAP120 */ > > { > > .id = "EAP120", >
diff --git a/src/tplink-safeloader.c b/src/tplink-safeloader.c index 7a31ac2..7f9081d 100644 --- a/src/tplink-safeloader.c +++ b/src/tplink-safeloader.c @@ -1577,6 +1577,49 @@ static struct device_info boards[] = { .last_sysupgrade_partition = "file-system", }, + /** Firmware layout for the Deco S4 v2 */ + { + .id = "DECO-S4-V2", + .vendor = "", + .support_list = + "SupportList:\n" + "{product_name:S4,product_ver:1.0.0,special_id:55530000}\n" + "{product_name:S4,product_ver:1.0.0,special_id:45550000}\n" + "{product_name:S4,product_ver:1.0.0,special_id:43410000}\n" + "{product_name:S4,product_ver:1.0.0,special_id:4A500000}\n" + "{product_name:S4,product_ver:1.0.0,special_id:41550000}\n" + "{product_name:S4,product_ver:1.0.0,special_id:4B520000}\n" + "{product_name:S4,product_ver:2.0.0,special_id:55530000}\n" + "{product_name:S4,product_ver:2.0.0,special_id:45550000}\n" + "{product_name:S4,product_ver:2.0.0,special_id:43410000}\n" + "{product_name:S4,product_ver:2.0.0,special_id:4A500000}\n" + "{product_name:S4,product_ver:2.0.0,special_id:41550000}\n" + "{product_name:S4,product_ver:2.0.0,special_id:4B520000}\n", + .part_trail = 0x00, + .soft_ver = SOFT_VER_DEFAULT, + + .partitions = { + {"fs-uboot", 0x00000, 0x80000}, + {"product-info", 0x80000, 0x05000}, + {"default-mac", 0x85000, 0x01000}, + {"device-id", 0x86000, 0x01000}, + {"support-list", 0x87000, 0x10000}, + {"user-config", 0xa7000, 0x10000}, + {"device-config", 0xb7000, 0x10000}, + {"group-info", 0xc7000, 0x10000}, + {"partition-table", 0xd7000, 0x02000}, + {"soft-version", 0xd9000, 0x10000}, + {"profile", 0xe9000, 0x10000}, + {"default-config", 0xf9000, 0x10000}, + {"url-sig", 0x1e0000, 0x10000}, + {"radio", 0x1f0000, 0x10000}, + {"firmware", 0x200000, 0xe00000}, + {NULL, 0, 0} + }, + .first_sysupgrade_partition = "os-image", + .last_sysupgrade_partition = "file-system", + }, + /** Firmware layout for the EAP120 */ { .id = "EAP120",
Support creating images for TP-Link Deco S4R v2. Original partition layout from OEM image: partition fs-uboot base 0x00000 size 0x80000 partition product-info base 0x80000 size 0x05000 partition default-mac base 0x85000 size 0x01000 partition device-id base 0x86000 size 0x01000 partition support-list base 0x87000 size 0x10000 partition user-config base 0xa7000 size 0x10000 partition device-config base 0xb7000 size 0x10000 partition group-info base 0xc7000 size 0x10000 partition partition-table base 0xd7000 size 0x02000 partition soft-version base 0xd9000 size 0x10000 partition profile base 0xe9000 size 0x10000 partition default-config base 0xf9000 size 0x10000 partition url-sig base 0x1e0000 size 0x10000 partition radio base 0x1f0000 size 0x10000 partition os-image base 0x200000 size 0x200000 partition file-system base 0x400000 size 0xc00000 The 'os-image' and 'file-system' partitions were merged into 'firmware' to make use of the automatic mtd split. Signed-off-by: Nick French <nickfrench@gmail.com> --- src/tplink-safeloader.c | 43 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+)