[OpenWrt-Devel] TP-Link v3 header format description

Yousong Zhou yszhou4tech at gmail.com
Thu Aug 13 22:39:10 EDT 2015

On 14 August 2015 at 01:49, Mathias Kresin <openwrt at kresin.me> wrote:
> Hey Weijie Gao,
> 2015-08-05 20:07 GMT+02:00 Weijie Gao <hackpascal at gmail.com>:
>> This patch adds header version 2 option for mktplinkfw.
> As long as we talk about the same, the new header version is v3. The
> v2 header is already covered by mktplinkfw2.c.
> Currently, I'm working on the same topic. Everything that is known so
> far about the new v3 header is documented in Martins repository:
> https://github.com/xdarklight/mktplinkfw3/blob/master/README.md
> (please take care of the not yet merged pull request). Maybe you can
> confirm/deny what I figured out so far or add missing informations.
> It would be nice, if you (or anyone else) can extend your v3 header
> creation patch, using the provided informations. It should be possible
> the write the complete verification part (-i option). For the creation
> part, (only) the private key from tp-link is missing.


Never played with tplink's v3 header.  But I found on other devices
that the RSA2048-SHA1 implementation there was flawed in that it used
pubkeys from firmwares to verifying signatures.  Hmm, is it possible
that this v3 header from tplink also has such vulnerability?


>> The version 2 header is used for AR/QCA firmwares and is not the same as
>> the header generated by mktplinkfw2.
>> Instead, it is nearly the same as version 1 header except for the header
>> version and the RSA signature.
>> The header version 2 support is used for newer TP-Link routers which have
>> only a 64kb bootloader part, e.g. TL-WDR6500 v2.
>> ---
>>  tools/firmware-utils/src/mktplinkfw.c | 25 +++++++++++++++++++++----
>>  1 file changed, 21 insertions(+), 4 deletions(-)
> IMHO the v3 header is an extension of the v2 header, since TP-Link
> switched from v2 to v3 on already deployed devices like the
> TD-W8980v1. That's why *I* would prefer to either create a
> mktplinkfw3.c or add the required the changes to mktplinkfw2.c.
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list