xref: /freebsd/contrib/file/magic/Magdir/tplink (revision 02e9120893770924227138ba49df1edb3896112a) 
1
2#------------------------------------------------------------------------------
3# $File: tplink,v 1.8 2023/05/15 16:41:02 christos Exp $
4# tplink: File magic for openwrt firmware files
5
6# URL: https://wiki.openwrt.org/doc/techref/header
7# Reference: https://git.openwrt.org/?p=openwrt.git;a=blob;f=tools/firmware-utils/src/mktplinkfw.c
8#		http://mark0.net/download/triddefs_xml.7z/defs/b/bin-tplink-v1.trid.xml
9# Note:		called "TP-Link router firmware (v1)" by TrID
10# From: Joerg Jenderek
11# check for valid header version 1 or 2
120		ulelong		<3
13>0		ulelong		!0
14# test for header padding with nulls
15>>0x100		long		0
16# skip Norton Commander Cleanup Utility NCCLEAN.INI by looking for valid vendor name
17>>>4		ubelong		>0x1F000000
18# skip user.dbt by looking for positive hardware id
19>>>>0x40	ubeshort	>0
20# skip cversions.1.db cversions.2.db cversions.3.db inside
21# c:\ProgramData\Microsoft\Windows\Caches
22# with invalid vendor names \240\0\0\0 \140\0\0\0 \040\0\0\0
23>>>>>5		short		!0
24>>>>>>0		use		firmware-tplink
25
260		name		firmware-tplink
27>0		ubyte		x		firmware
28!:mime application/x-tplink-bin
29# like: TL-WR1043ND-V1-FW0.0.3-stripped.bin gluon-ffrefugee-0.9.2-tp-link-archer-c5-v1-sysupgrade.bin
30!:ext	bin
31# hardware id like 10430001 07410001 09410004 09410006
32>0x40		ubeshort	x		%x
33>0x42		ubeshort	x		v%x
34# hardware revision like 1
35>0x44		ubelong		!1		(revision %u)
36# vendor_name[24] like OpenWrt or TP-LINK Technologies
37>4		string		x		%.24s
38# fw_version[36] like r49389 or ver. 1.0
39>0x1c		string		x		%.36s
40# header version 1 or 2
41>0		ubyte		!1		V%X
42# ver_hi.ver_mid.ver_lo
43>0x98		long		!0		\b, version
44>>0x98		ubeshort	x		%u
45>>0x9A		ubeshort	x		\b.%u
46>>0x9C		ubeshort	x		\b.%u
47# region code 0~universal 1~US
48>0x48		ubelong		x
49#>>0x48		ubelong		0		(universal)
50>>0x48		ubelong		1		(US)
51>>0x48		ubelong		>1		(region %u)
52# total length of the firmware. not always true
53>0x7C		ubelong		x		\b, %u bytes or less
54# unknown 1
55>0x48		ubelong		!0		\b, UNKNOWN1 %#x
56# md5sum1[16]
57#>0x4c		ubequad		x		\b, MD5 %llx
58#>>0x54		ubequad		x		\b%llx
59# unknown 2
60>0x5c		ubelong		!0		\b, UNKNOWN2 %#x
61# md5sum2[16]
62#>0x60		ubequad		!0		\b, 2nd MD5 %llx
63#>>0x68		ubequad		x		\b%llx
64# unknown 3
65>0x70		ubelong		!0		\b, UNKNOWN3 %#x
66# kernel load address
67#>0x74		ubelong		x		\b, %#x load
68# kernel entry point
69#>0x78		ubelong		x		\b, %#x entry
70# kernel data offset. 200h means direct after header
71>0x80		ubelong		x		\b, at %#x
72# kernel data length and 1 space
73>0x84		ubelong		x		%u bytes
74# look for kernel type (gzip compressed vmlinux.bin by ./compress)
75>(0x80.L)	indirect	x
76# root file system data offset
77# WRONG in 5.35 with above indirect expression
78>0x88		ubelong		x		\b, at %#x
79# rootfs data length and 1 space
80>0x8C		ubelong		x		%u bytes
81# in 5.32 only true for offset ~< FILE_BYTES_MAX=9 MB defined in ../../src/file.h
82>(0x88.L)	indirect	x
83# 'qshs' for wr940nv1_en_3_13_7_up(111228).bin
84#>(0x88.L)	string		x		\b, file system '%.4s'
85#>(0x88.L)	ubequad		x		\b, file system %#llx
86# bootloader data offset
87>0x90		ubelong		!0		\b, at %#x
88# bootloader data length only reasonable if bootloader offset not null
89>>0x94		ubelong		!0		%u bytes
90# pad[354] should be 354 null bytes.
91#>0x9E		ubequad		!0		\b, padding %#llx
92# But at 0x120 18 non null bytes in examples like
93# wr940nv4_eu_3_16_9_up_boot(160620).bin
94# wr940nv6_us_3_18_1_up_boot(171030).bin
95#>0x120		ubequad		!0		\b, other padding %#llx
96