From ba730d61af3b860e5d5a086a318a6c2a84e68c9c Mon Sep 17 00:00:00 2001 From: Roger Pueyo Centelles Date: Thu, 28 Nov 2019 13:23:34 +0100 Subject: rbextract: add package This utility extracts the radio calibration data, as well as other board-related information (model, serial number, etc.), from MikroTik Routerboard devices' flash. Signed-off-by: Roger Pueyo Centelles Acked-by: Koen Vandeputte --- package/utils/rbextract/Makefile | 37 +++ package/utils/rbextract/src/CMakeLists.txt | 14 + package/utils/rbextract/src/rbextract.c | 457 +++++++++++++++++++++++++++++ package/utils/rbextract/src/rle.c | 80 +++++ package/utils/rbextract/src/rle.h | 8 + package/utils/rbextract/src/routerboot.h | 258 ++++++++++++++++ 6 files changed, 854 insertions(+) create mode 100644 package/utils/rbextract/Makefile create mode 100644 package/utils/rbextract/src/CMakeLists.txt create mode 100644 package/utils/rbextract/src/rbextract.c create mode 100644 package/utils/rbextract/src/rle.c create mode 100644 package/utils/rbextract/src/rle.h create mode 100644 package/utils/rbextract/src/routerboot.h (limited to 'package/utils') diff --git a/package/utils/rbextract/Makefile b/package/utils/rbextract/Makefile new file mode 100644 index 0000000000..b055a615cf --- /dev/null +++ b/package/utils/rbextract/Makefile @@ -0,0 +1,37 @@ +# +# Copyright (C) 2010 Gabor Juhos +# Copyright (C) 2018 Chris Schimp +# Copyright (C) 2019 Robert Marko +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=rbextract +PKG_RELEASE:=1 +CMAKE_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/rbextract + SECTION:=utils + CATEGORY:=Utilities + SUBMENU:=Boot Loaders + TITLE:=RouterBOOT ART Extractor + DEPENDS:=@TARGET_ath79 +liblzo +endef + +define Package/rbextract/description + This utility is for extracting the WLAN radio calibration data from Mikrotik + Routerboards. +endef + +define Package/rbextract/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/rbextract $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,rbextract)) diff --git a/package/utils/rbextract/src/CMakeLists.txt b/package/utils/rbextract/src/CMakeLists.txt new file mode 100644 index 0000000000..0ed5168fb0 --- /dev/null +++ b/package/utils/rbextract/src/CMakeLists.txt @@ -0,0 +1,14 @@ +cmake_minimum_required(VERSION 2.6) + +PROJECT(rbextract C) +ADD_DEFINITIONS(-Wall --std=gnu99 -Wmissing-declarations) + +SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") + +FIND_PATH(lzo_include_dir lzo/lzo1x.h) +INCLUDE_DIRECTORIES(${lzo_include_dir}) + +ADD_EXECUTABLE(rbextract rbextract.c rle.c) +TARGET_LINK_LIBRARIES(rbextract lzo2) + +INSTALL(TARGETS rbextract RUNTIME DESTINATION sbin) diff --git a/package/utils/rbextract/src/rbextract.c b/package/utils/rbextract/src/rbextract.c new file mode 100644 index 0000000000..0985497f3f --- /dev/null +++ b/package/utils/rbextract/src/rbextract.c @@ -0,0 +1,457 @@ +/* + * RouterBoot helper routines + * + * Copyright (C) 2012 Gabor Juhos + * Copyright (C) 2018 Chris Schimp + * Copyright (C) 2019 Robert Marko + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "rle.h" +#include "routerboot.h" + +inline uint32_t +get_u32(const void *buf) +{ +#if __BYTE_ORDER == __LITTLE_ENDIAN + return *(uint32_t *)buf; +#elif __BYTE_ORDER == __BIG_ENDIAN + const uint8_t *p = buf; + return ((uint32_t) p[3] + ((uint32_t) p[2] << 8) + + ((uint32_t) p[1] << 16) + ((uint32_t) p[0] << 24)); +#else +#error "Unknown byte order!" +#endif +} + +int +routerboot_find_tag(uint8_t *buf, unsigned int buflen, uint16_t tag_id, + uint8_t **tag_data, uint16_t *tag_len) +{ + uint16_t id; + uint16_t len; + uint32_t magic; + bool align = false; + int ret; + + if (buflen < 4) + return 1; + + magic = get_u32(buf); + + switch (magic) { + case RB_MAGIC_LZOR: + buf += 4; + buflen -= 4; + break; + case RB_MAGIC_ERD: + align = true; + /* fall trough */ + case RB_MAGIC_HARD: + /* skip magic value */ + buf += 4; + buflen -= 4; + break; + + case RB_MAGIC_SOFT: + if (buflen < 8) + return 1; + + /* skip magic and CRC value */ + buf += 8; + buflen -= 8; + + break; + + default: + return 1; + } + + ret = 1; + while (buflen > 4){ + uint32_t id_and_len = get_u32(buf); + buf += 4; + buflen -= 4; + id = id_and_len & 0xFFFF; + len = id_and_len >> 16; + + if (align) + len += (4 - len % 4) % 4; + + if (id == RB_ID_TERMINATOR) { + break; + } + + if (buflen < len) + break; + + if (id == tag_id) { + *tag_len = len; + *tag_data = buf; + ret = 0; + break; + } + + buf += len; + buflen -= len; + } + + return ret; +} + +inline int +rb_find_hard_cfg_tag(uint16_t tag_id, uint8_t **tag_data, uint16_t *tag_len) +{ + if (!rb_hardconfig || + !rb_hardconfig_len) + return 1; + + return routerboot_find_tag(rb_hardconfig, + rb_hardconfig_len, + tag_id, tag_data, tag_len); +} + +const uint8_t * +rb_get_board_product_code(void) +{ + uint16_t tag_len; + uint8_t *tag; + int err; + + err = rb_find_hard_cfg_tag(RB_ID_BOARD_PRODUCT_CODE, &tag, &tag_len); + if (err) + return NULL; + + return tag; +} + +uint32_t +rb_get_board_mac(void) +{ + uint16_t tag_len; + uint8_t *tag; + int err; + + err = rb_find_hard_cfg_tag(RB_ID_MAC_ADDRESS_PACK, &tag, &tag_len); + if (err) + return 0; + + return htonl(get_u32(tag)); +} + +const uint8_t * +rb_get_board_serial(void) +{ + uint16_t tag_len; + uint8_t *tag; + int err; + + err = rb_find_hard_cfg_tag(RB_ID_SERIAL_NUMBER, &tag, &tag_len); + if (err) + return NULL; + + return tag; +} + +const uint8_t * +rb_get_board_identifier(void) +{ + uint16_t tag_len; + uint8_t *tag; + int err; + + err = rb_find_hard_cfg_tag(RB_ID_BOARD_IDENTIFIER, &tag, &tag_len); + if (err) + return NULL; + + return tag; +} + +const uint8_t * +rb_get_board_name(void) +{ + uint16_t tag_len; + uint8_t *tag; + int err; + + err = rb_find_hard_cfg_tag(RB_ID_BOARD_NAME, &tag, &tag_len); + if (err) + return NULL; + + return tag; +} + +const uint8_t * +rb_get_factory_booter_version(void) +{ + uint16_t tag_len; + uint8_t *tag; + int err; + + err = rb_find_hard_cfg_tag(RB_ID_BIOS_VERSION, &tag, &tag_len); + if (err) + return NULL; + + return tag; +} + +uint32_t +rb_get_flash_info(void) +{ + uint16_t tag_len; + uint8_t *tag; + int err; + + err = rb_find_hard_cfg_tag(RB_ID_FLASH_INFO, &tag, &tag_len); + if (err) + return 0; + + return htonl(get_u32(tag)); +} + +uint32_t +rb_get_hw_options(void) +{ + uint16_t tag_len; + uint8_t *tag; + int err; + + err = rb_find_hard_cfg_tag(RB_ID_HW_OPTIONS, &tag, &tag_len); + if (err) + return 0; + + return htonl(get_u32(tag)); +} + +uint8_t * +__rb_get_wlan_data(void) +{ + uint16_t tag_len; + uint8_t *tag; + uint16_t erd_tag_len; + uint8_t *erd_tag; + uint8_t *buf_lzo_in; + uint8_t *buf_lzo_out; + uint8_t *buf_rle_out; + int err; + uint32_t magic; + uint32_t erd_magic; + uint32_t erd_offset; + size_t lzo_out_len; + + err = rb_find_hard_cfg_tag(RB_ID_WLAN_DATA, &tag, &tag_len); + if (err) { + printf("no calibration data found\n"); + goto err; + } + + buf_lzo_in = malloc(RB_ART_SIZE); + if (buf_lzo_in == NULL) { + printf("no memory for calibration data\n"); + goto err; + } + + buf_rle_out = malloc(RB_ART_SIZE); + if (buf_rle_out == NULL) { + printf("no memory for calibration data\n"); + goto err_free_lzo_out; + } + + buf_lzo_out = malloc(RB_ART_SIZE); + if (buf_lzo_out == NULL) { + printf("no memory for calibration data\n"); + goto err_free_lzo_in; + } + + magic = get_u32(tag); + if (magic == RB_MAGIC_LZOR) { + tag += 4; + tag_len -= 4; + if (tag_len + sizeof(lzo_prefix) > RB_ART_SIZE) { + printf("Calibration data too large\n"); + goto err_free_lzo_in; + } + printf("Copying fixed LZO prefix (size: %d)\n", sizeof(lzo_prefix)); + memcpy(buf_lzo_in, lzo_prefix, sizeof(lzo_prefix)); + + printf("Copying input data (size: %d)\n", tag_len); + memcpy(buf_lzo_in + sizeof(lzo_prefix), tag, tag_len); + + printf("Decompressing with LZO\n"); + lzo_out_len = RB_ART_SIZE; + err = lzo1x_decompress_safe(buf_lzo_in, tag_len + sizeof(lzo_prefix), + buf_lzo_out, &lzo_out_len, NULL); + /* For some reason, I get this "input not consumed" error + * even though the output is correct, so ignore it. */ + if (err && err != LZO_E_INPUT_NOT_CONSUMED) { + printf("unable to decompress calibration data: %d\n", + err); + goto err_free_lzo_out; + } + + printf("Looking for ERD data in decompressed output\n"); + erd_magic = 0; + for (erd_offset = 0; erd_offset < lzo_out_len; erd_offset++) { + erd_magic = get_u32(buf_lzo_out + erd_offset); + if (erd_magic == RB_MAGIC_ERD) + break; + } + if (erd_magic != RB_MAGIC_ERD) { + printf("no ERD data found\n"); + goto err_free_lzo_out; + } + printf("Found ERD magic at offset %d\n", erd_offset); + + err = routerboot_find_tag(buf_lzo_out + erd_offset, + lzo_out_len - erd_offset, + 0x1, &erd_tag, &erd_tag_len); + if (err) { + printf("No ERD chunk found\n"); + goto err_free_lzo_out; + } + + printf("Decompress ERD data with RLE\n"); + err = rle_decode(erd_tag, erd_tag_len, buf_rle_out, RB_ART_SIZE, + NULL, NULL); + if (err) { + printf("unable to decode ERD data\n"); + goto err_free_rle_out; + } + } + + return buf_rle_out; + +err_free_rle_out: + free(buf_rle_out); +err_free_lzo_out: + free(buf_lzo_out); +err_free_lzo_in: + free(buf_lzo_in); +err: + return NULL; +} + +int +main(int argc, char **argv) +{ + FILE *infile; + FILE *outfile; + uint8_t *buf; + uint32_t magic; + uint32_t i; + + if(argc < 2){ + printf("Not enough arguments\n"); + printf("Use -h for help\n"); + exit(1); + } + + if(strcmp(argv[1], "-h") == 0){ + printf("This program can extract various data from MikroTik devices hard_config partition\n"); + printf("Usage: rbextract (Optional)\n"); + printf("Options:\n"); + printf("-a Prints all possible info\n"); + printf("-n Prints board name\n"); + printf("-p Prints board product code\n"); + printf("-i Prints board identifier\n"); + printf("-s Prints board serial number\n"); + printf("-m Prints board MAC\n"); + printf("-o Prints board HW options\n"); + printf("-r Prints board RouterBoot factory version\n"); + printf("-f Prints board flash identifier\n"); + printf("-e Extract board radio calibration\n"); + printf("hard_config_location: Path to hard_config partiton\n"); + printf("output_file: Path to where caldata will be output\n"); + } else { + infile = fopen(argv[2], "r"); + + if(infile == NULL){ + printf("Cant open given path\n"); + return 1; + } + + fseek(infile, 0L, SEEK_END); + rb_hardconfig_len = ftell(infile); + + fseek(infile, 0L, SEEK_SET); + + rb_hardconfig = (uint8_t*)calloc(rb_hardconfig_len, sizeof(uint8_t)); + if(rb_hardconfig == NULL) + return 1; + + fread(rb_hardconfig, sizeof(uint8_t), rb_hardconfig_len, infile); + fclose(infile); + + magic = get_u32(rb_hardconfig); + if(magic != RB_MAGIC_HARD){ + printf("Routerboot Hard Config not found\n"); + exit(1); + } + + if(strcmp(argv[1], "-a") == 0){ + printf("Board name: %s\n", rb_get_board_name()); + printf("Board product code: %s\n", rb_get_board_product_code()); + printf("Board identifier: %s\n", rb_get_board_identifier()); + printf("Board serial: %s\n", rb_get_board_serial()); + printf("Board MAC: %X\n", rb_get_board_mac()); + printf("HW Options %x\n", rb_get_hw_options()); + printf("Factory RouterBoot version: %s\n", rb_get_factory_booter_version()); + printf("Flash identifier: %x\n", rb_get_flash_info()); + } else if(strcmp(argv[1], "-n") == 0){ + printf("%s\n", rb_get_board_name()); + } else if(strcmp(argv[1], "-p") == 0){ + printf("%s\n", rb_get_board_product_code()); + } else if(strcmp(argv[1], "-i") == 0){ + printf("%s\n", rb_get_board_identifier()); + } else if(strcmp(argv[1], "-s") == 0){ + printf("%s\n", rb_get_board_serial()); + } else if(strcmp(argv[1], "-m") == 0){ + printf("%x\n", rb_get_board_mac()); + } else if(strcmp(argv[1], "-o") == 0){ + printf("%x\n", rb_get_hw_options()); + } else if(strcmp(argv[1], "-r") == 0){ + printf("%s\n", rb_get_factory_booter_version()); + } else if(strcmp(argv[1], "-f") == 0){ + printf("%x\n", rb_get_flash_info()); + } else if(strcmp(argv[1], "-e") == 0){ + buf = __rb_get_wlan_data(); + if (buf == NULL) { + printf("Could not extract calibration data\n"); + return 1; + } + + if(argv[3] == NULL){ + printf("Missing output file argument\n"); + return 1; + } + + outfile = fopen(argv[3], "wb"); + if(outfile == NULL){ + printf("Cant open given path\n"); + return 1; + } + + /* Write 65536 bytes of caldata */ + for(i = 0; i + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include +#include +#include +#include +#include + +#include "rle.h" + +int rle_decode(const unsigned char *src, size_t srclen, + unsigned char *dst, size_t dstlen, + size_t *src_done, size_t *dst_done) +{ + size_t srcpos, dstpos; + int ret; + + srcpos = 0; + dstpos = 0; + ret = 1; + + /* sanity checks */ + if (!src || !srclen || !dst || !dstlen) + goto out; + + while (1) { + signed char count; + + if (srcpos >= srclen) + break; + + count = (signed char) src[srcpos++]; + if (count == 0) { + ret = 0; + break; + } + + if (count > 0) { + unsigned char c; + + if (srcpos >= srclen) + break; + + c = src[srcpos++]; + + while (count--) { + if (dstpos >= dstlen) + break; + + dst[dstpos++] = c; + } + } else { + count *= -1; + + while (count--) { + if (srcpos >= srclen) + break; + if (dstpos >= dstlen) + break; + dst[dstpos++] = src[srcpos++]; + } + } + } + +out: + if (src_done) + *src_done = srcpos; + if (dst_done) + *dst_done = dstpos; + + return ret; +} diff --git a/package/utils/rbextract/src/rle.h b/package/utils/rbextract/src/rle.h new file mode 100644 index 0000000000..21cf66c993 --- /dev/null +++ b/package/utils/rbextract/src/rle.h @@ -0,0 +1,8 @@ +#ifndef _RLE_H_ +#define _RLE_H_ + +int rle_decode(const unsigned char *src, size_t srclen, + unsigned char *dst, size_t dstlen, + size_t *src_done, size_t *dst_done); + +#endif /* _RLE_H_ */ diff --git a/package/utils/rbextract/src/routerboot.h b/package/utils/rbextract/src/routerboot.h new file mode 100644 index 0000000000..13809d97fc --- /dev/null +++ b/package/utils/rbextract/src/routerboot.h @@ -0,0 +1,258 @@ +/* + * RouterBoot/RBextract definitions + * + * Copyright (C) 2012 Gabor Juhos + * Copyright (C) 2019 Robert Marko + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#ifndef _RBEXTRACT_H +#define _RBEXTRACT_H + +/* Used on some newer boards (ipq40xx). This fixed data is concatenated + with data extracted from the hard_config partition, then decompressed + with LZO. There may also be a second decoding step with RLE. */ +uint8_t lzo_prefix[] = { + 0x00, 0x05, 0x4c, 0x4c, 0x44, 0x00, 0x34, 0xfe, + 0xfe, 0x34, 0x11, 0x3c, 0x1e, 0x3c, 0x2e, 0x3c, + 0x4c, 0x34, 0x00, 0x52, 0x62, 0x92, 0xa2, 0xb2, + 0xc3, 0x2a, 0x14, 0x00, 0x00, 0x05, 0xfe, 0x6a, + 0x3c, 0x16, 0x32, 0x16, 0x11, 0x1e, 0x12, 0x46, + 0x32, 0x46, 0x11, 0x4e, 0x12, 0x36, 0x32, 0x36, + 0x11, 0x3e, 0x12, 0x5a, 0x9a, 0x64, 0x00, 0x04, + 0xfe, 0x10, 0x3c, 0x00, 0x01, 0x00, 0x00, 0x28, + 0x0c, 0x00, 0x0f, 0xfe, 0x14, 0x00, 0x24, 0x24, + 0x23, 0x24, 0x24, 0x23, 0x25, 0x22, 0x21, 0x21, + 0x23, 0x22, 0x21, 0x22, 0x21, 0x2d, 0x38, 0x00, + 0x0c, 0x25, 0x25, 0x24, 0x25, 0x25, 0x24, 0x23, + 0x22, 0x21, 0x20, 0x23, 0x21, 0x21, 0x22, 0x21, + 0x2d, 0x38, 0x00, 0x28, 0xb0, 0x00, 0x00, 0x22, + 0x00, 0x00, 0xc0, 0xfe, 0x03, 0x00, 0xc0, 0x00, + 0x62, 0xff, 0x62, 0xff, 0xfe, 0x06, 0x00, 0xbb, + 0xff, 0xba, 0xff, 0xfe, 0x08, 0x00, 0x9e, 0xff, + 0xfe, 0x0a, 0x00, 0x53, 0xff, 0xfe, 0x02, 0x00, + 0x20, 0xff, 0xb1, 0xfe, 0xfe, 0xb2, 0xfe, 0xfe, + 0xed, 0xfe, 0xfe, 0xfe, 0x04, 0x00, 0x3a, 0xff, + 0x3a, 0xff, 0xde, 0xfd, 0x5f, 0x04, 0x33, 0xff, + 0x4c, 0x74, 0x03, 0x05, 0x05, 0xff, 0x6d, 0xfe, + 0xfe, 0x6d, 0xfe, 0xfe, 0xaf, 0x08, 0x63, 0xff, + 0x64, 0x6f, 0x08, 0xac, 0xff, 0xbf, 0x6d, 0x08, + 0x7a, 0x6d, 0x08, 0x96, 0x74, 0x04, 0x00, 0x08, + 0x79, 0xff, 0xda, 0xfe, 0xfe, 0xdb, 0xfe, 0xfe, + 0x56, 0xff, 0xfe, 0x04, 0x00, 0x5e, 0xff, 0x5e, + 0xff, 0x6c, 0xfe, 0xfe, 0xfe, 0x06, 0x00, 0x41, + 0xff, 0x7f, 0x74, 0x03, 0x00, 0x11, 0x44, 0xff, + 0xa9, 0xfe, 0xfe, 0xa9, 0xfe, 0xfe, 0xa5, 0x8f, + 0x01, 0x00, 0x08, 0x01, 0x01, 0x02, 0x04, 0x08, + 0x02, 0x04, 0x08, 0x08, 0x01, 0x01, 0xfe, 0x22, + 0x00, 0x4c, 0x60, 0x64, 0x8c, 0x90, 0xd0, 0xd4, + 0xd8, 0x5c, 0x10, 0x09, 0xd8, 0xff, 0xb0, 0xff, + 0x00, 0x00, 0xba, 0xff, 0x14, 0x00, 0xba, 0xff, + 0x64, 0x00, 0x00, 0x08, 0xfe, 0x06, 0x00, 0x74, + 0xff, 0x42, 0xff, 0xce, 0xff, 0x60, 0xff, 0x0a, + 0x00, 0xb4, 0x00, 0xa0, 0x00, 0xa0, 0xfe, 0x07, + 0x00, 0x0a, 0x00, 0xb0, 0xff, 0x96, 0x4d, 0x00, + 0x56, 0x57, 0x18, 0xa6, 0xff, 0x92, 0x70, 0x11, + 0x00, 0x12, 0x90, 0x90, 0x76, 0x5a, 0x54, 0x54, + 0x4c, 0x46, 0x38, 0x00, 0x10, 0x10, 0x08, 0xfe, + 0x05, 0x00, 0x38, 0x29, 0x25, 0x23, 0x22, 0x22, + 0x1f, 0x00, 0x00, 0x00, 0xf6, 0xe1, 0xdd, 0xf8, + 0xfe, 0x00, 0xfe, 0x15, 0x00, 0x00, 0xd0, 0x02, + 0x74, 0x02, 0x08, 0xf8, 0xe5, 0xde, 0x02, 0x04, + 0x04, 0xfd, 0x00, 0x00, 0x00, 0x07, 0x50, 0x2d, + 0x01, 0x90, 0x90, 0x76, 0x60, 0xb0, 0x07, 0x07, + 0x0c, 0x0c, 0x04, 0xfe, 0x05, 0x00, 0x66, 0x66, + 0x5a, 0x56, 0xbc, 0x01, 0x06, 0xfc, 0xfc, 0xf1, + 0xfe, 0x07, 0x00, 0x24, 0x95, 0x70, 0x64, 0x18, + 0x06, 0x2c, 0xff, 0xb5, 0xfe, 0xfe, 0xb5, 0xfe, + 0xfe, 0xe2, 0x8c, 0x24, 0x02, 0x2f, 0xff, 0x2f, + 0xff, 0xb4, 0x78, 0x02, 0x05, 0x73, 0xff, 0xed, + 0xfe, 0xfe, 0x4f, 0xff, 0x36, 0x74, 0x1e, 0x09, + 0x4f, 0xff, 0x50, 0xff, 0xfe, 0x16, 0x00, 0x70, + 0xac, 0x70, 0x8e, 0xac, 0x40, 0x0e, 0x01, 0x70, + 0x7f, 0x8e, 0xac, 0x6c, 0x00, 0x0b, 0xfe, 0x02, + 0x00, 0xfe, 0x0a, 0x2c, 0x2a, 0x2a, 0x28, 0x26, + 0x1e, 0x1e, 0xfe, 0x02, 0x20, 0x65, 0x20, 0x00, + 0x00, 0x05, 0x12, 0x00, 0x11, 0x1e, 0x11, 0x11, + 0x41, 0x1e, 0x41, 0x11, 0x31, 0x1e, 0x31, 0x11, + 0x70, 0x75, 0x7a, 0x7f, 0x84, 0x89, 0x8e, 0x93, + 0x98, 0x30, 0x20, 0x00, 0x02, 0x00, 0xfe, 0x06, + 0x3c, 0xbc, 0x32, 0x0c, 0x00, 0x00, 0x2a, 0x12, + 0x1e, 0x12, 0x2e, 0x12, 0xcc, 0x12, 0x11, 0x1a, + 0x1e, 0x1a, 0x2e, 0x1a, 0x4c, 0x10, 0x1e, 0x10, + 0x11, 0x18, 0x1e, 0x42, 0x1e, 0x42, 0x2e, 0x42, + 0xcc, 0x42, 0x11, 0x4a, 0x1e, 0x4a, 0x2e, 0x4a, + 0x4c, 0x40, 0x1e, 0x40, 0x11, 0x48, 0x1e, 0x32, + 0x1e, 0x32, 0x2e, 0x32, 0xcc, 0x32, 0x11, 0x3a, + 0x1e, 0x3a, 0x2e, 0x3a, 0x4c, 0x30, 0x1e, 0x30, + 0x11, 0x38, 0x1e, 0x27, 0x9a, 0x01, 0x9d, 0xa2, + 0x2f, 0x28, 0x00, 0x00, 0x46, 0xde, 0xc4, 0xbf, + 0xa6, 0x9d, 0x81, 0x7b, 0x5c, 0x61, 0x40, 0xc7, + 0xc0, 0xae, 0xa9, 0x8c, 0x83, 0x6a, 0x62, 0x50, + 0x3e, 0xce, 0xc2, 0xae, 0xa3, 0x8c, 0x7b, 0x6a, + 0x5a, 0x50, 0x35, 0xd7, 0xc2, 0xb7, 0xa4, 0x95, + 0x7e, 0x72, 0x5a, 0x59, 0x37, 0xfe, 0x02, 0xf8, + 0x8c, 0x95, 0x90, 0x8f, 0x00, 0xd7, 0xc0, 0xb7, + 0xa2, 0x95, 0x7b, 0x72, 0x56, 0x59, 0x32, 0xc7, + 0xc3, 0xae, 0xad, 0x8c, 0x85, 0x6a, 0x63, 0x50, + 0x3e, 0xce, 0xc3, 0xae, 0xa4, 0x8c, 0x7c, 0x6a, + 0x59, 0x50, 0x34, 0xd7, 0xc2, 0xb7, 0xa5, 0x95, + 0x7e, 0x72, 0x59, 0x59, 0x36, 0xfc, 0x05, 0x00, + 0x02, 0xce, 0xc5, 0xae, 0xa5, 0x95, 0x83, 0x72, + 0x5c, 0x59, 0x36, 0xbf, 0xc6, 0xa5, 0xab, 0x8c, + 0x8c, 0x6a, 0x67, 0x50, 0x41, 0x64, 0x07, 0x00, + 0x02, 0x95, 0x8c, 0x72, 0x65, 0x59, 0x3f, 0xce, + 0xc7, 0xae, 0xa8, 0x95, 0x86, 0x72, 0x5f, 0x59, + 0x39, 0xfe, 0x02, 0xf8, 0x8b, 0x7c, 0x0b, 0x09, + 0xb7, 0xc2, 0x9d, 0xa4, 0x83, 0x85, 0x6a, 0x6b, + 0x50, 0x44, 0xb7, 0xc1, 0x64, 0x01, 0x00, 0x06, + 0x61, 0x5d, 0x48, 0x3d, 0xae, 0xc4, 0x9d, 0xad, + 0x7b, 0x85, 0x61, 0x66, 0x48, 0x46, 0xae, 0xc3, + 0x95, 0xa3, 0x72, 0x7c, 0x59, 0x56, 0x38, 0x31, + 0x7c, 0x0b, 0x00, 0x0c, 0x96, 0x91, 0x8f, 0x00, + 0xb7, 0xc0, 0xa5, 0xab, 0x8c, 0x8a, 0x6a, 0x64, + 0x50, 0x3c, 0xb7, 0xc0, 0x9d, 0xa0, 0x83, 0x80, + 0x6a, 0x64, 0x50, 0x3d, 0xb7, 0xc5, 0x9d, 0xa5, + 0x83, 0x87, 0x6c, 0x08, 0x07, 0xae, 0xc0, 0x9d, + 0xa8, 0x83, 0x88, 0x6a, 0x6d, 0x50, 0x46, 0xfc, + 0x05, 0x00, 0x16, 0xbf, 0xc0, 0xa5, 0xa2, 0x8c, + 0x7f, 0x6a, 0x57, 0x50, 0x2f, 0xb7, 0xc7, 0xa5, + 0xb1, 0x8c, 0x8e, 0x72, 0x6d, 0x59, 0x45, 0xbf, + 0xc6, 0xa5, 0xa8, 0x8c, 0x87, 0x6a, 0x5f, 0x50, + 0x37, 0xbf, 0xc2, 0xa5, 0xa4, 0x8c, 0x83, 0x6a, + 0x5c, 0x50, 0x34, 0xbc, 0x05, 0x00, 0x0e, 0x90, + 0x00, 0xc7, 0xc2, 0xae, 0xaa, 0x95, 0x82, 0x7b, + 0x60, 0x61, 0x3f, 0xb7, 0xc6, 0xa5, 0xb1, 0x8c, + 0x8d, 0x72, 0x6b, 0x61, 0x51, 0xbf, 0xc4, 0xa5, + 0xa5, 0x8c, 0x82, 0x72, 0x61, 0x59, 0x39, 0x6c, + 0x26, 0x03, 0x95, 0x82, 0x7b, 0x61, 0x61, 0x40, + 0xfc, 0x05, 0x00, 0x00, 0x7e, 0xd7, 0xc3, 0xb7, + 0xa8, 0x9d, 0x80, 0x83, 0x5d, 0x6a, 0x3f, 0xbf, + 0xc7, 0xa5, 0xa8, 0x8c, 0x84, 0x72, 0x60, 0x61, + 0x46, 0xbf, 0xc2, 0xae, 0xb0, 0x9d, 0x92, 0x83, + 0x6f, 0x6a, 0x50, 0xd7, 0xc3, 0xb7, 0xa7, 0x9d, + 0x80, 0x83, 0x5e, 0x6a, 0x40, 0xfe, 0x02, 0xf8, + 0x8d, 0x96, 0x90, 0x90, 0xfe, 0x05, 0x00, 0x8a, + 0xc4, 0x63, 0xb8, 0x3c, 0xa6, 0x29, 0x97, 0x16, + 0x81, 0x84, 0xb7, 0x5b, 0xa9, 0x33, 0x94, 0x1e, + 0x83, 0x11, 0x70, 0xb8, 0xc2, 0x70, 0xb1, 0x4d, + 0xa3, 0x2a, 0x8d, 0x1b, 0x7b, 0xa8, 0xbc, 0x68, + 0xab, 0x47, 0x9d, 0x27, 0x87, 0x18, 0x75, 0xae, + 0xc6, 0x7d, 0xbb, 0x4d, 0xaa, 0x1c, 0x84, 0x11, + 0x72, 0xa3, 0xbb, 0x6e, 0xad, 0x3c, 0x97, 0x24, + 0x85, 0x16, 0x71, 0x80, 0xb2, 0x57, 0xa4, 0x30, + 0x8e, 0x1c, 0x7c, 0x10, 0x68, 0xbb, 0xbd, 0x75, + 0xac, 0x4f, 0x9e, 0x2b, 0x87, 0x1a, 0x76, 0x96, + 0xc5, 0x5e, 0xb5, 0x3e, 0xa5, 0x1f, 0x8c, 0x12, + 0x7a, 0xc1, 0xc6, 0x42, 0x9f, 0x27, 0x8c, 0x16, + 0x77, 0x0f, 0x67, 0x9d, 0xbc, 0x68, 0xad, 0x36, + 0x95, 0x20, 0x83, 0x11, 0x6d, 0x9b, 0xb8, 0x67, + 0xa8, 0x34, 0x90, 0x1f, 0x7c, 0x10, 0x67, 0x9e, + 0xc9, 0x6a, 0xbb, 0x37, 0xa4, 0x20, 0x90, 0x11, + 0x7b, 0xc6, 0xc8, 0x47, 0xa4, 0x2a, 0x90, 0x18, + 0x7b, 0x10, 0x6c, 0xae, 0xc4, 0x5d, 0xad, 0x37, + 0x9a, 0x1f, 0x85, 0x13, 0x75, 0x70, 0xad, 0x42, + 0x99, 0x25, 0x84, 0x17, 0x74, 0x0b, 0x56, 0x87, + 0xc8, 0x57, 0xb8, 0x2b, 0x9e, 0x19, 0x8a, 0x0d, + 0x74, 0xa7, 0xc8, 0x6e, 0xb9, 0x36, 0xa0, 0x1f, + 0x8b, 0x11, 0x75, 0x94, 0xbe, 0x4b, 0xa5, 0x2a, + 0x92, 0x18, 0x7c, 0x0f, 0x6b, 0xaf, 0xc0, 0x58, + 0xa8, 0x34, 0x94, 0x1d, 0x7d, 0x12, 0x6d, 0x82, + 0xc0, 0x52, 0xb0, 0x25, 0x94, 0x14, 0x7f, 0x0c, + 0x68, 0x84, 0xbf, 0x3e, 0xa4, 0x22, 0x8e, 0x10, + 0x76, 0x0b, 0x65, 0x88, 0xb6, 0x42, 0x9b, 0x26, + 0x87, 0x14, 0x70, 0x0c, 0x5f, 0xc5, 0xc2, 0x3e, + 0x97, 0x23, 0x83, 0x13, 0x6c, 0x0c, 0x5c, 0xb1, + 0xc9, 0x76, 0xbc, 0x4a, 0xaa, 0x20, 0x8d, 0x12, + 0x78, 0x93, 0xbf, 0x46, 0xa3, 0x26, 0x8d, 0x14, + 0x74, 0x0c, 0x62, 0xc8, 0xc4, 0x3b, 0x97, 0x21, + 0x82, 0x11, 0x6a, 0x0a, 0x59, 0xa3, 0xb9, 0x68, + 0xa9, 0x30, 0x8d, 0x1a, 0x78, 0x0f, 0x61, 0xa0, + 0xc9, 0x73, 0xbe, 0x50, 0xb1, 0x30, 0x9f, 0x14, + 0x80, 0x83, 0xb7, 0x3c, 0x9a, 0x20, 0x84, 0x0e, + 0x6a, 0x0a, 0x57, 0xac, 0xc2, 0x68, 0xb0, 0x2e, + 0x92, 0x19, 0x7c, 0x0d, 0x63, 0x93, 0xbe, 0x62, + 0xb0, 0x3c, 0x9e, 0x1a, 0x80, 0x0e, 0x6b, 0xbb, + 0x02, 0xa0, 0x02, 0xa0, 0x02, 0x6f, 0x00, 0x75, + 0x00, 0x75, 0x00, 0x00, 0x00, 0xad, 0x02, 0xb3, + 0x02, 0x6f, 0x00, 0x87, 0x00, 0x85, 0xfe, 0x03, + 0x00, 0xc2, 0x02, 0x82, 0x4d, 0x92, 0x6e, 0x4d, + 0xb1, 0xa8, 0x84, 0x01, 0x00, 0x07, 0x7e, 0x00, + 0xa8, 0x02, 0xa4, 0x02, 0xa4, 0x02, 0xa2, 0x00, + 0xa6, 0x00, 0xa6, 0x00, 0x00, 0x00, 0xb4, 0x02, + 0xb4, 0x02, 0x92, 0x00, 0x96, 0x00, 0x96, 0x46, + 0x04, 0xb0, 0x02, 0x64, 0x02, 0x0a, 0x8c, 0x00, + 0x90, 0x02, 0x98, 0x02, 0x98, 0x02, 0x0e, 0x01, + 0x11, 0x01, 0x11, 0x50, 0xc3, 0x08, 0x88, 0x02, + 0x88, 0x02, 0x19, 0x01, 0x02, 0x01, 0x02, 0x01, + 0xf3, 0x2d, 0x00, 0x00 +}; + +uint8_t *rb_hardconfig; +long rb_hardconfig_len; + +static inline uint32_t get_u32(const void *buf); + +int routerboot_find_tag(uint8_t *buf, unsigned int buflen, uint16_t tag_id, + uint8_t **tag_data, uint16_t *tag_len); + +static inline int +rb_find_hard_cfg_tag(uint16_t tag_id, uint8_t **tag_data, uint16_t *tag_len); + +const uint8_t * rb_get_board_product_code(void); + +uint32_t rb_get_board_mac(void); + +const uint8_t * rb_get_board_serial(void); + +const uint8_t * rb_get_board_identifier(void); + +const uint8_t * rb_get_board_name(void); + +const uint8_t * rb_get_factory_booter_version(void); + +uint32_t rb_get_flash_info(void); + +uint32_t rb_get_hw_options(void); + +int routerboot_find_magic(uint8_t *buf, unsigned int buflen, uint32_t *offset, bool hard); + +uint8_t * __rb_get_wlan_data(void); + +/* + * Magic numbers + */ +#define RB_ART_SIZE 0x10000 +#define RB_MAGIC_HARD 0x64726148 /* "Hard" */ +#define RB_MAGIC_SOFT 0x74666F53 /* "Soft" */ +#define RB_MAGIC_ERD 0x00455244 /* extended radio data */ +#define RB_MAGIC_LZOR 0x524F5A4C + +#define RB_ID_TERMINATOR 0 + +/* + * ID values for Hardware settings + */ +#define RB_ID_HARD_01 1 +#define RB_ID_HARD_02 2 +#define RB_ID_FLASH_INFO 3 +#define RB_ID_MAC_ADDRESS_PACK 4 +#define RB_ID_BOARD_PRODUCT_CODE 5 +#define RB_ID_BIOS_VERSION 6 +#define RB_ID_HARD_07 7 +#define RB_ID_SDRAM_TIMINGS 8 +#define RB_ID_DEVICE_TIMINGS 9 +#define RB_ID_SOFTWARE_ID 10 +#define RB_ID_SERIAL_NUMBER 11 +#define RB_ID_HARD_12 12 +#define RB_ID_MEMORY_SIZE 13 +#define RB_ID_MAC_ADDRESS_COUNT 14 +#define RB_ID_HW_OPTIONS 21 +#define RB_ID_WLAN_DATA 22 +#define RB_ID_BOARD_IDENTIFIER 23 +#define RB_ID_BOARD_NAME 33 + +#endif /* _RBEXTRACT_H */ -- cgit v1.2.3