Switch to the normal tarball instead of the codeload generated one. The
latter has the potential to change hashes based on changes in the repo.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Asus looks for an extra data at the end of BCM4908 image, right before
the BCM4908 tail. It needs to be properly filled to make Asus accept
firmware image.
This tool constructs such a tail, writes it and updates CRC32 in BCM4908
tail accordingly.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Flashing image with BCM4908 CFE bootloader requires specific firmware
format. It needs 20 extra bytes with magic numbers and CRC32 appended.
This tools allows appending such a tail to the specified image and also
verifying CRC32 of existing BCM4908 image.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
BCM4908 CFE bootloader requires kernel to be prepended with a custom
header. This simple tool implements support for such headers.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It looks like GitHub changed the URL path for release tarballs, thus the
download for the zstd package was always falling back to the OpenWrt
sources mirror.
Fix the GitHub URL for one which works. The file hash remains unchanged.
Signed-off-by: David Bauer <mail@david-bauer.net>
Previously, ccache would end up using the system libzstd, which is not
supposed to be a build requirement.
Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
Instead of using an ancient qemu version in-tree the building machine
should just have qemu-utils installed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
cmake is a dependency of ccache, which means it is build before ccache
is available and hence must be build with non-ccache CC and CXX. It
currently works, because the cmake build system splits the compiler
variable and treats them as multiple compilers to check.
For "ccache gcc" it first tests for "ccache", which always fails,
because ccache is not a compiler by itself, even if it is available, and
then ends up calling "gcc" alone, effectively never using ccache.
Let's make this explicit by forcing the use of non-ccache CC and CXX.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
use PKG_FIXUP:=autoreconf to generate configure
200-hide-dlsym-error.patch deleted due to fixed upstream in another way
other patches refreshed to reflect latest changes
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Device hardware: https://deviwiki.com/wiki/TP-LINK_AD7200_(Talon)
The Talon AD7200 is basically an Archer C2600 with a third PCIe lane
and an 802.11ad radio. It looks like the Archers C2600/5400 but the
housing is slightly larger.
Specifications
--------------
- IPQ8064 dual-core 1400MHz
- QCA9988 2.4GHz WiFi
- QCA9990 5GHz WiFi
- QCA9500 60GHz WiFi
- 32MB SPI Flash
- 512MiB RAM
- 5 GBit Ports (QCA8337)
Installation
------------
Installation is possible from the OEM web interface.
Sysupgrade is possible.
TFTP recovery is possible.
- Image: AD7200_1.0_tp_recovery.bin
Notes
- This will be the first 802.11ad device supported by mainline.
Signed-off-by: Gary Cooper <gaco@bitmessage.de>
glibc started to return errors from dlerror() for dlsym() lookup failures which
results in a lot of messages from fakeroot like
dlsym(acl_get_fd): staging_dir/host/lib/libfakeroot.so: undefined symbol: acl_get_fd
dlsym(acl_get_file): staging_dir/host/lib/libfakeroot.so: undefined symbol: acl_get_file
dlsym(acl_set_fd): staging_dir/host/lib/libfakeroot.so: undefined symbol: acl_set_fd
when building OpenWrt using a recent glibc. Use the patch from the upstream
Debian package to silence these messages.
Link: https://bugs.debian.org/830912
Fixes: FS#3393
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Upstream switched to building with CMake. Adjust accordingly.
Reapplied patch as upstream changed the file format.
Added HOST_BUILD_PARALLEL for faster compilation.
Added cmake tool dependency and removed circular dependencies as a
result.
Adjusted dependent tools to use NOCACHE as they are needed to build
ccache.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This reverts commit b1952dc259 as it's
causing issues on the buildbot which uses some kind of ccache wrapper
and so the breakage needs to be investigated further:
bash: cmake: command not found
time: tools/ccache/compile#0.05#0.03#0.15
ERROR: tools/ccache failed to build.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Some Russian d-link routers require that their firmware be signed with a
salted md5 checksum followed by the bytes 0x00 0xc0 0xff 0xee. This tool
signs factory images the OEM's firmware accepts them.
Signed-off-by: Andrew Pikler <andrew.pikler@gmail.com>
The Ubiquiti Network airCube AC is a cube shaped device supporting
2.4 GHz and 5 GHz with internal 2x2 MIMO antennas.
It can be powered with either one of:
- 24v power supply with 3.0mm x 1.0mm barrel plug
- 24v passive PoE on first LAN port
There are four 10/100/1000 Mbps ports (1 * WAN + 3 * LAN).
First LAN port have optional PoE passthrough to the WAN port.
SoC: Qualcomm / Atheros AR9342
RAM: 64 MB DDR2
Flash: 16 MB SPI NOR
Ethernet: 4x 10/100/1000 Mbps (1 WAN + 3 LAN)
LEDS: 1x via a SPI controller (not yet supported)
Buttons: 1x Reset
Serial: 1x (only RX and TX); 115200 baud, 8N1
Missing features:
- LED control is not supported
Physical to internal switch port mapping:
- physical port #1 (poe in) = switchport 2
- physical port #2 = switchport 3
- physical port #3 = switchport 5
- physical port #4 (wan/poe out) = switchport 4
Factory update is tested and is the same as for Ubiquiti AirCube ISP
hence the shared configuration between that devices.
Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
Upstream switched to building with CMake. Adjust accordingly.
Reapplied patch as upstream changed the file format.
Added HOST_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This adds new strings for the v3.20 to the support list of the
already supported TP-Link CPE510 v3.
The underlying hardware appears to be the same, similar to the
situation with CPE210 v3.20 in 4a2380a1e7 ("tplink-safeloader:
expand support list for TP-Link CPE210 v3")
Signed-off-by: Gioacchino Mazzurco <gio@altermundi.net>
[extended commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Because some padding values in the TP-Link safeloader image generation
were hardcoded, different values were sometimes used throughout a
factory image. TP-Link's upgrade images use the same value everywhere,
so let's do the same here.
Although a lot of TP-Link's safeloader images have padded partition
payloads, images for the EAP-series of AC devices don't. This padding is
therefore also made optional.
By replacing the type of the padding value byte with a wider datatype,
new values outside of the previously valid range become available. Use
these new values to denote that padding should not be performed.
Because char might be signed, also replace the char literals by a
numeric literal. Otherwise '\xff' might be sign extended to 0xffff.
This results in factory images differing by 1 byte for:
* C2600
* ARCHER-C5-V2
* ARCHERC9
* TLWA850REV2
* TLWA855REV1
* TL-WPA8630P-V2-EU
* TL-WPA8630P-V2-INT
* TL-WPA8630P-V2.1-EU
* TLWR1043NDV4
* TL-WR902AC-V1
* TLWR942NV1
* RE200-V2
* RE200-V3
* RE220-V2
* RE305-V1
* RE350-V1
* RE350K-V1
* RE355
* RE450
* RE450-V2
* RE450-V3
* RE500-V1
* RE650-V1
The following factory images no longer have padding, shrinking the
factory images by a few bytes for:
* EAP225-OUTDOOR-V1
* EAP225-V3
* EAP225-WALL-V2
* EAP245-V1
* EAP245-V3
Signed-off-by: Sander Vanheule <sander@svanheule.net>
TP-Link safeloader firmware images contain a number of (small)
partitions with information about the device. These consist of:
* The data length as a 32-bit integer
* A 32-bit zero padding
* The partition data, with its length set in the first field
The OpenWrt factory image partitions that follow this structure are
soft-version, support-list, and extra-para. Refactor the code to put all
common logic into one allocation call, and let the rest of the data be
filled in by the original functions.
Due to the extra-para changes, this patch results in factory images that
change by 2 bytes (not counting the checksum) for three devices:
* ARCHER-A7-V5
* ARCHER-C7-V4
* ARCHER-C7-V5
These were the devices where the extra-para blob didn't match the common
format. The hardcoded data also didn't correspond to TP-Link's (recent)
upgrade images, which actually matches the meta-partition format.
A padding byte is also added to the extra-para partition for EAP245-V3.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
rules.mk always passes these as -I/-L to the toolchain.
Fixes rare errors like:
cc1: error: staging_dir/target-aarch64_cortex-a53_musl/usr/include: No such file or directory [-Werror=missing-include-dirs]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rosen Penev <rosenp@gmail.com>
Drop our local sstrip copy and use the current ELFKickers upstream
version.
Patch the original makefile in order to avoid building elftoc, since it
fails with musl's elf.h. This is fine, since we only need sstrip anyway.
Finally, add the possibility to pass additional arguments to sstrip and
pass -z (remove trailing zeros) by default, which matches the behaviour
of the previous version.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[shorten long commit msg lines]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Replace my o2.pl email address.
I'm still available at the old address.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rephrase commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
TP-Link EAP225 v3 is an AC1350 (802.11ac Wave-2) ceiling mount access
point. Serial port access for debricking requires fine soldering.
Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 3x3
* Wireless 5Ghz (QCA9886): a/n/ac, 2x2 MU-MINO
* Ethernet (AR8033): 1× 1GbE, 802.3at PoE
Flashing instructions:
* ssh into target device and run `cliclientd stopcs`
* Upgrade with factory image via web interface
Debricking:
* Serial port can be soldered on PCB J3 (1: TXD, 2: RXD, 3: GND, 4: VCC)
* Bridge unpopulated resistors R225 (TXD) and R237 (RXD).
Do NOT bridge R230.
* Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via LuCI web interface
setenv ipaddr 192.168.1.1 # default, change as required
setenv serverip 192.168.1.10 # default, change as required
tftp 0x80800000 initramfs.bin
bootelf $fileaddr
MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From OEM boot log:
Using interface ath0 with hwaddr b0:...:3e and ssid "..."
Using interface ath10 with hwaddr b0:...:3f and ssid "..."
Tested by forum user blinkstar88
Signed-off-by: Sander Vanheule <sander@svanheule.net>
TP-Link EAP225-Outdoor v1 is an AC1200 (802.11ac Wave-2) pole or wall
mount access point. Debricking requires access to the serial port, which
is non-trivial.
Device specifications:
* SoC: QCA9563 @ 775MHz
* Memory: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n 2x2
* Wireless 5GHz (QCA9886): a/n/ac 2x2 MU-MIMO
* Ethernet (AR8033): 1× 1GbE, PoE
Flashing instructions:
* ssh into target device with recent (>= v1.6.0) firmware
* run `cliclientd stopcs` on target device
* upload factory image via web interface
Debricking:
To recover the device, you need access to the serial port. This requires
fine soldering to test points, or the use of probe pins.
* Open the case and solder wires to the test points: RXD, TXD and TPGND4
* Use a 3.3V UART, 115200 baud, 8n1
* Interrupt bootloader by holding ctrl+B during boot
* upload initramfs via built-in tftp client and perform sysupgrade
setenv ipaddr 192.168.1.1 # default, change as required
setenv serverip 192.168.1.10 # default, change as required
tftp 0x80800000 initramfs.bin
bootelf $fileaddr
MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From stock ifconfig:
ath0 Link encap:Ethernet HWaddr D8:...:2E
ath10 Link encap:Ethernet HWaddr D8:...:2F
br0 Link encap:Ethernet HWaddr D8:...:2E
eth0 Link encap:Ethernet HWaddr D8:...:2E
Tested by forum user PolynomialDivision on firmware v1.7.0.
UART access tested by forum user arinc9.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
TP-Link EAP245 v1 is an AC1750 (802.11ac Wave-1) ceiling mount access point.
Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 3x3
* Wireless 5Ghz (QCA9880): a/n/ac, 3x3
* Ethernet (AR8033): 1× 1GbE, 802.3at PoE
Flashing instructions:
* Upgrade the device to firmware v1.4.0 if necessary
* Exploit the user management page in the web interface to start telnetd
by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`.
* Immediately change the malformed username back to something valid
(e.g. 'admin') to make ssh work again.
* Use the root shell via telnet to make /tmp world writeable (chmod 777)
* Extract /usr/bin/uclited from the device via ssh and apply the binary
patch listed below. The patch is required to prevent `uclited -u` in
the last step from crashing.
* Copy the patched uclited programme back to the device at /tmp/uclited
(via ssh)
* Upload the factory image to /tmp/upgrade.bin (via ssh)
* Run `chmod +x /tmp/uclited && /tmp/uclited -u` to install OpenWrt.
--- xxd uclited
+++ xxd uclited-patched
@@ -53796,7 +53796,7 @@
000d2240: 8c44 0000 0320 f809 0000 0000 8fbc 0010 .D... ..........
000d2250: 8fa6 0a4c 02c0 2821 8f82 87b8 0000 0000 ...L..(!........
-000d2260: 8c44 0000 0c13 45e0 27a7 0018 8fbc 0010 .D....E.'.......
+000d2260: 8c44 0000 2402 0000 0000 0000 8fbc 0010 .D..$...........
000d2270: 1040 001d 0000 1821 8f99 8374 3c04 0058 .@.....!...t<..X
000d2280: 3c05 0056 2484 a898 24a5 9a30 0320 f809 <..V$...$..0. ..
Debricking:
* Serial port can be soldered on PCB J3 (1: TXD, 2: RXD, 3: GND, 4: VCC)
* Bridge unpopulated resistors R225 (TXD) and R237 (RXD).
Do NOT bridge R230.
* Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via the LuCI web interface
setenv ipaddr 192.168.1.1 # default, change as required
setenv serverip 192.168.1.10 # default, change as required
tftp 0x80800000 initramfs.bin
bootelf $fileaddr
Tested on the EAP245 v1 running the latest firmware (v1.4.0). The binary
patch might not apply to uclited from other firmware versions.
EAP245 v1 device support was originally developed and maintained by
Julien Dusser out-of-tree. This patch and "ath79: prepare for 1-port
TP-Link EAP2x5 devices" are based on that work.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Update mpc to 1.2.1
http://www.multiprecision.org/mpc/
Bug fixes:
Fix an incompatibility problem with GMP 6.0 and before.
Fix an intermediate overflow in asin.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
this patch fixes/improves follows:
- PATTERN_LEN is defined as a macro but unused
- redundant logic in count-up for "ptn"
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Due to the use of LD_LIBRARY_PATH, the programs running in the fakeroot
environment may end up loading bundled SDK libraries using the system
ld.so.
Rework the relocatability patch to avoid meddling with LD_LIBRARY_PATH
and construct the paths to faked and libfakeroot.so directly.
Fixes: f93cb5c2c8 ("fakeroot: make fakeroot script relocatable")
Reviewed-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Patch the fakeroot script template to discover faked and libfakeroot.so
relative to the STAGING_DIR_HOST environment variable, similar to how it
is done for automake, libtool, quilt and autoconf already.
This avoids the need for passing the paths to faked and libfakeroot.so
manually every time we invoke fakeroot and subsequently allows us to
drop OS X specific logic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
TP-Link RE200 v4 is a wireless range extender with Ethernet and 2.4G and 5G
WiFi with internal antennas.
It's based on MediaTek MT7628AN+MT7610EN like the v2/v3.
Specifications
--------------
- MediaTek MT7628AN (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 1x 10/100 Mbps Ethernet
- 8x LED (GPIO-controlled), 2x button
- UART connection holes on PCB (57600 8n1)
There are 2.4G and 5G LEDs in red and green which are controlled
separately.
MAC addresses
-------------
The MAC address assignment matches stock firmware, i.e.:
LAN : *:8E
2.4G: *:8D
5G : *:8C
MAC address assignment has been done according to the RE200 v2.
The label MAC address matches the OpenWrt ethernet address.
Installation
------------
Web Interface
-------------
It is possible to upgrade to OpenWrt via the web interface. Simply flash
the -factory.bin from OEM. In contrast to a stock firmware, this will not
overwrite U-Boot.
Recovery
--------
Unfortunately, this devices does not offer a recovery mode or a tftp
installation method. If the web interface upgrade fails, you have to open
your device and attach serial console.
Instructions for serial console and recovery may be checked out in
commit 6d6f36ae78 ("ramips: add support for TP-Link RE200 v2") or on
the device's Wiki page.
Signed-off-by: Richard Fröhning <misanthropos@gmx.de>
[removed empty line, fix commit message formatting]
Signed-off-by: David Bauer <mail@david-bauer.net>
Since we have a v2.1 (EU) with different partitioning now, rename
the v2.0 to make the difference visible to the user more directly.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds support for the TP-Link TL-WPA8630P (EU) in its v2.1
version. The only unique aspect for the firmware compared to v2
layout is the partition layout.
Note that while the EU version has different partitioning for
v2.0 and v2.1, the v2.1 (AU) is supported by the v2-int image.
If you plan to use this device, make sure you have a look at
the Wiki page to check whether the device is supported and
which image needs to be taken.
Specifications
--------------
- QCA9563 750MHz, 2.4GHz WiFi
- QCA9888 5GHz WiFi
- 8MiB SPI Flash
- 128MiB RAM
- 3 GBit Ports (QCA8337)
- PLC (QCA7550)
Installation
------------
Installation is possible from the OEM web interface. Make sure to
install the latest OEM firmware first, so that the PLC firmware is
at the latest version. However, please also check the Wiki page
for hints according to altered partitioning between OEM firmware
revisions.
Notes
-----
The OEM firmware has 0x620000 to 0x680000 unassigned, so we leave
this empty as well. It is complicated enough already ...
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
[improve partitions, use v2 DTSI, add entry in 02_network, rewrite
and extend commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
libressl update to 3.2.1
Delete 001-dont-build-tests-man.patch
Add configure args :
--enable-static
--disable-tests
The patch (001-dont-build-tests-man.patch) no longer works with the current version.
Follow the patch notes:
Adding the --enable-static and --disable-tests parameters should replace the patch.
Signed-off-by: Yuan Tao <ty@wevs.org>
TP-Link EAP225-Wall v2 is an AC1200 (802.11ac Wave-2) wall plate access
point. UART access and debricking require fine soldering.
The device was kindly provided for porting by Stijn Segers.
Device specifications:
* SoC: QCA9561 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR (GD25Q127CSIG)
* Wireless 2.4GHz (SoC): b/g/n, 2x2
* Wireless 5Ghz (QCA9886): a/n/ac, 2x2 MU-MIMO
* Ethernet (SoC): 4× 100Mbps
* Eth0 (back): 802.3af/at PoE in
* Eth1, Eth2 (bottom)
* Eth3 (bottom): PoE out (can be toggled by GPIO)
* One status LED
* Two buttons (both work as failsafe)
* LED button, implemented as KEY_BRIGHTNESS_TOGGLE
* Reset button
Flashing instructions, requires recent firmware (tested on 1.20.0):
* ssh into target device and run `cliclientd stopcs`
* Upgrade with factory image via web interface
Debricking:
* Serial port can be soldered on PCB J4 (1: TXD, 2: RXD, 3: GND, 4: VCC)
* Bridge unpopulated resistors R162 (TXD) and R165 (RXD)
Do NOT bridge R164
* Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via sysupgrade or LuCI web interface
MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From OEM ifconfig:
br0 Link encap:Ethernet HWaddr 50:...:04
eth0 Link encap:Ethernet HWaddr 50:...:04
wifi0 Link encap:UNSPEC HWaddr 50-...-04-...
wifi1 Link encap:UNSPEC HWaddr 50-...-05-...
Signed-off-by: Sander Vanheule <sander@svanheule.net>
[fix IMAGE_SIZE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
TP-Link EAP245 v3 is an AC1750 (802.11ac Wave-2) ceiling mount access
point. UART access (for debricking) requires non-trivial soldering.
Specifications:
* SoC: QCA9563 (CPU/DDR/AHB @ 775/650/258 MHz)
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n 3x3
* Wireless 5GHz (QCA9982): a/n/ac 3x3 with MU-MIMO
* Ethernet (QCA8337N switch): 2× 1GbE, ETH1 (802.3at PoE) and ETH2
* Green and amber status LEDs
* Reset switch (GPIO, available for failsafe)
Flashing instructions:
All recent firmware versions (latest is 2.20.0), can disable firmware
signature verification and use a padded firmware file to flash OpenWrt:
* ssh into target device and run `cliclientd stopcs`
* upload factory image via web interface
The stopcs-method is supported from firmware version 2.3.0. Earlier
versions need to be upgraded to a newer stock version before flashing
OpenWrt.
Factory images for these devices are RSA signed by TP-Link. While the
signature verification can be disabled, the factory image still needs to
have a (fake) 1024 bit signature added to pass file checks.
Debricking instructions:
You can recover using u-boot via the serial port:
* Serial port is available from J3 (1:TX, 2:RX, 3:GND, 4:3.3V)
* Bridge R237 to connect RX, located next to J3
* Bridge R225 to connect TX, located inside can on back-side of board
* Serial port is 115200 baud, 8n1, interrupt u-boot by holding ctrl+B
* Upload initramfs with tftp and upgrade via OpenWrt
Device mac addresses:
Stock firmware has the same mac address for 2.4GHz wireless and
ethernet, 5GHz is incremented by one. The base mac address is stored in
the 'default-mac' partition (offset 0x90000) at an offset of 8 bytes.
ART blobs contain no mac addresses.
From OEM ifconfig:
ath0 Link encap:Ethernet HWaddr 74:..:E2
ath10 Link encap:Ethernet HWaddr 74:..:E3
br0 Link encap:Ethernet HWaddr 74:..:E2
eth0 Link encap:Ethernet HWaddr 74:..:E2
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
TP-Link has introduced a compatibility level to prevent certain
downgrades. This information is stored in the soft-version partition,
changing the data length from 0xc to 0x10.
The compatibility level doesn't change frequently. For example, it has
the following values for the EAP245v3 (released 2018-Q4):
* FW v2.2.0 (2019-05-30): compat_level=0
* FW v2.3.0 (2019-07-31): compat_level=0
* FW v2.3.1 (2019-10-29): compat_level=1
* FW v2.20.0 (2020-04-23): compat_level=1
Empty flash values (0xffffffff) are interpreted as compat_level=0.
If a firmware upgrade file has a soft-version block without
compatibility level (data length < 0x10), this is also interpreted as
compat_level=0.
By including a high enough compatibility level in factory images, stock
firmware can be convinced to accept the image. A compatibility level
aware firmware will keep the original value.
Example upgrade log of TP-Link EAP245v3 FWv2.3.0 to FWv2.20.0:
[NM_Debug](nm_fwup_verifyFwupFile) 02073: curSoftVer:2.3.0 Build
20190731 Rel. 51932,newSoftVer:2.20.0 Build 20200423 Rel. 36779
...
AddiHardwareVer check: NEW(0x1) >= CUR(0x0), Success.
...
[NM_NOTICE](updateDataToNvram) 00575: Restore old additionalHardVer:
0x0.(new 0x1)
[NM_NOTICE](updateDataToNvram) 00607: PTN 07: name = soft-version,
base = 0x00092000, size = 0x00000100 Bytes, upDataType = 1,
upDataStart = 7690604b, upDataLen = 00000018
[NM_Debug](updateDataToNvram) 00738: PTN 07: write bytes = 000002eb
Other firmware upgrades have been observed to modify the compabitility
stored level (e.g. TP-Link EAP225-Outdoor FWv1.4.1 to FWv1.7.0).
Therefore, it seems to be the safest option to set the OpenWrt
compatibility level to the highest known value instead of the highest
possible value (0xfffffffe), to ensure users do not get unexpectedly
refused firmware upgrades when using a device reverted back to stock.
To remain compatible with existing devices and not produce different
images, the image builder doesn't store a compatibility level if it is
zero.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The soft-version partition actually contains a header and trailing data:
* header: {data length, [zero]}
* data: {version, bcd encoded date, revision}
The data length is currently treated as a magic number, but should
contain the length of the partition data.
This header is also present the following partitions (non-exhaustive):
* string-based soft-version
* support-list
Signed-off-by: Sander Vanheule <sander@svanheule.net>