[PATCH] tplink-safeloader: fix C7v5 factory flashing from vendor fw > v1.1.x

Luiz Angelo Daros de Luca luizluca at gmail.com
Sat Apr 10 03:19:48 BST 2021 

> Currently it's not possible to flash factory images on devices shipped
> with vendor firmware versions 1.1.0 Build 20201120 rel. 50406 (published
> 2020-12-22):
>
>  (curFw_ver, newFw_ver) == (1.1, 1.0) [NM_Error](nm_checkSoftVer) 00848: Firmwave not supports, check failed.
>  [NM_Error](nm_checkUpdateContent) 01084: software version dismatched
>  [NM_Error](nm_buildUpgradeStruct) 01188: checkUpdateContent failed.
>
> They've even following note in release notes:
>
>  Note: You will be unable to downgrade to the previous firmware version after updating this firmware.
>
> This version check is in vendor firmware is implemented in
> /usr/bin/nvrammanager binary as following code[1]:
>
>  sscanf(buf, "%d.%d.%*s",&upd_fw_major, &upd_fw_minor);
>  ...
>  if (((int)upd_fw_major < (int)cur_fw_major) ||
>      ((ret = 1, cur_fw_major == upd_fw_major && (upd_fw_minor < (int)cur_fw_minor)))) {
>        ret = 0;
>        printf("[NM_Error](%s) %05d: Firmwave not supports, check failed.\r\n\r\n","nm_checkSoftVer" ,0x350);
>  }
>  ...
>  return ret;
>
> So in order to fix this and make it future proof it should be enough to
> ship our factory firmware images with major version 7 (lucky number).
>
> Tested on latest firmware version 1.1.2 Build 20210125 rel.37999:
>
>  Firmwave supports, check OK.
>   (curFw_ver, newFw_ver) == (1.1, 7.0) check firmware ok!
>  chekc firmware file success!
>
> 1. https://gist.github.com/ynezz/2e0583647d863386a66c3d231541b6d1
>
> Signed-off-by: Petr Štetiar <ynezz at true.cz>
> ---
>  tools/firmware-utils/src/tplink-safeloader.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
> index da73e1bf307e..ac71b3305ee6 100644
> --- a/tools/firmware-utils/src/tplink-safeloader.c
> +++ b/tools/firmware-utils/src/tplink-safeloader.c
> @@ -1262,7 +1262,7 @@ static struct device_info boards[] = {
>                         "{product_name:Archer C7,product_ver:5.0.0,special_id:4B520000}\n",
>
>                 .part_trail = 0x00,
> -               .soft_ver = "soft_ver:1.0.0\n",
> +               .soft_ver = "soft_ver:7.0.0\n",


Why not something bigger? Maybe 126 instead of 7? It is still safe
even if the version is stored as an unsigned char.

>
> Currently it's not possible to flash factory images on devices shipped
> with vendor firmware versions 1.1.0 Build 20201120 rel. 50406 (published
> 2020-12-22):
>
>  (curFw_ver, newFw_ver) == (1.1, 1.0) [NM_Error](nm_checkSoftVer) 00848: Firmwave not supports, check failed.
>  [NM_Error](nm_checkUpdateContent) 01084: software version dismatched
>  [NM_Error](nm_buildUpgradeStruct) 01188: checkUpdateContent failed.
>
> They've even following note in release notes:
>
>  Note: You will be unable to downgrade to the previous firmware version after updating this firmware.
>
> This version check is in vendor firmware is implemented in
> /usr/bin/nvrammanager binary as following code[1]:
>
>  sscanf(buf, "%d.%d.%*s",&upd_fw_major, &upd_fw_minor);
>  ...
>  if (((int)upd_fw_major < (int)cur_fw_major) ||
>      ((ret = 1, cur_fw_major == upd_fw_major && (upd_fw_minor < (int)cur_fw_minor)))) {
>        ret = 0;
>        printf("[NM_Error](%s) %05d: Firmwave not supports, check failed.\r\n\r\n","nm_checkSoftVer" ,0x350);
>  }
>  ...
>  return ret;
>
> So in order to fix this and make it future proof it should be enough to
> ship our factory firmware images with major version 7 (lucky number).
>
> Tested on latest firmware version 1.1.2 Build 20210125 rel.37999:
>
>  Firmwave supports, check OK.
>   (curFw_ver, newFw_ver) == (1.1, 7.0) check firmware ok!
>  chekc firmware file success!
>
> 1. https://gist.github.com/ynezz/2e0583647d863386a66c3d231541b6d1
>
> Signed-off-by: Petr Štetiar <ynezz at true.cz>
> ---
>  tools/firmware-utils/src/tplink-safeloader.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
> index da73e1bf307e..ac71b3305ee6 100644
> --- a/tools/firmware-utils/src/tplink-safeloader.c
> +++ b/tools/firmware-utils/src/tplink-safeloader.c
> @@ -1262,7 +1262,7 @@ static struct device_info boards[] = {
>                         "{product_name:Archer C7,product_ver:5.0.0,special_id:4B520000}\n",
>
>                 .part_trail = 0x00,
> -               .soft_ver = "soft_ver:1.0.0\n",
> +               .soft_ver = "soft_ver:7.0.0\n",
>
>                 /* We're using a dynamic kernel/rootfs split here */
>                 .partitions = {
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

---
     Luiz Angelo Daros de Luca
            luizluca at gmail.com

More information about the openwrt-devel mailing list