Skip to content

dkmgt-fwutil: New tool to manipulate TP-Link Omada firmware files #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
oskirby wants to merge 5 commits into
base: master
Choose a base branch
from
Open

dkmgt-fwutil: New tool to manipulate TP-Link Omada firmware files #53

oskirby wants to merge 5 commits into from

Conversation

@oskirby
Copy link

@oskirby oskirby commented Oct 3, 2025

This adds a new tool to create TP-Link Omada firmware files. This was created mostly by reverse engineering the firmware and bootloader on an ER8411. It also seems to be compatible with the firmware for the ER605 and possibly other models too.

Although the firmware contains an RSA signature, the bootloader's recovery mode doesn't seem to verify it, meaning that this can be used to create factory installation images through the recovery bootloader.

It's probably worth calling out that this adds the cJSON library to the project, which was used to parse/manipulate JSON partitions embedded in the firmware file. This library is licensed under the MIT license, which I believe is compatible with this project. If that's not the case, I can probably rewrite the JSON handling to use some other library that is more appropriate.

@oskirby
dkmgt-fwutil: New tool to manipulate TP-Link Omada firmware files
14298c2 
This adds a new tool to create and manipulate TP-Link Omada firmware
files. This was created mostly by reverse engineering the firmware
and bootloader on an the TP-Link ER8411. It also seems to be
compatible with the firmware for the ER605 and possibly other models
too.

Although the firmware contains an RSA signature, the bootloader doesn't
seem to verify it, meaning that this can be used to create factory
installation images via the bootloader's recovery mode.

Signed-off-by: Naomi Kirby <[email protected]>
@dangowrt
Copy link
Member

dangowrt commented Oct 4, 2025
edited
Loading

Imho it would be better to add cJSON as tools library (ie. a dedicated package building the shared library, similar to eg. tools/libdeflate). This would prevent us from duplicating the code, and make maintenance easier in the long run (eg. automated tools we are using would point out the library being outdated, and all we'd have to do in this case would be to edit the version and hash in tools/cjson/Makefile).
Other than that the dkmgt tool itself looks fine in a quick scroll-over. Maybe the commenting style could be improved a bit, ie. no need for those whole lines of **********, and I'd say either use // comments or use /* */ style. But many of the tools in this repo look much worse, so I wouldn't hesitate to just merge it once cJSON is properly (tools-) packaged instead of embedding a copy of it.

@oskirby
Copy link
Author

oskirby commented Oct 6, 2025

Okay, I can get started packaging cJSON as a library instead.

In the meantime, is there a file or two that you would recommend as the canonical commenting style for this project that I should try to replicate? I wasn't sure which one to follow, because there are all so different.

@dangowrt
Copy link
Member

dangowrt commented Oct 6, 2025

In the meantime, is there a file or two that you would recommend as the canonical commenting style for this project that I should try to replicate?

Linux kernel style if the preferred commenting and formatting style.

@oskirby oskirby mentioned this pull request Oct 7, 2025
Open
oskirby added 3 commits October 7, 2025 10:43
@oskirby
Refine the default action handling
6084ddb 
By moving the default action handling to the end of the program, we
can ensure that an explicitly specified action (eg: '--print') always
takes precedence over an implicit one (eg: writing the firmware after
an update to some partition).

Signed-off-by: Naomi Kirby <[email protected]>
@oskirby
Update comment style to match Linux kernel
ec1a89b 
Some PR feedback was to try and match the Linux kernel commenting style
which means we should eliminate the full-line '*****' separators and
the use of C++ style comments.

Signed-off-by: Naomi Kirby <[email protected]>
@oskirby
Add dkmgt_ptn_parse_json helper function
473b4df 
This eliminates some duplicated code in handling JSON content embedded
in partitions, and suppresses some bogus error messages when extracting
firmware files.

Signed-off-by: Naomi Kirby <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oskirby @dangowrt