If you like BoxMatrix and its services please consider to contribute Supportdata-Probes and/or Hardware-Probes (get in touch).

FIT-Image

From BoxMatrix

BoxMatrix >> Software >> FIT-Image @ BoxMatrix   -   IRC-Chat   -   Translate: de es fr it nl pl
News Selectors Models Accessories Components Environment Config Commands System Webif Software Develop Lexicon Community Project Gallery

Smartphone Open-Source AVM-Drivers Windows TODO TODO TODO TODO Research

Introduction[edit]

Some new models do not contain kernel.image and filesystem.image in their firmware image any more but use a new fit-image instead.

FIT stands for Flattened Image Tree and is a container which can store multiple kernels, filesystems and device trees. FIT is also supported by the Uboot bootloader[1], but AVM uses an own derivative of the format, which so far has been a blackbox.

After analyzing the format I coded fitimg which permits to list, test, extract and recompose fit-image files.

Initally intended to just extract fit-images for the BoxMatrix Firmware-Scanner the Replace command opens the door to modifications of the Fritzbox 5530, 7530ax and Repeater 6000 models, if it works.

Download[edit]

Latest version of fitimg could be found here:

Requirements[edit]

  • Perl 5.6 or newer and the modules Getopt::Std (comes with Perl[2]) and String::CRC32
  • If you get an error Can't locate String/CRC32.pm ... install this module from CPAN (no need to be root, works for all systems):
cpan install String::CRC32

Depending on your system you can also install as root by one of these methods:

apt-get install libstring-crc32-perl
yum install perl-String-CRC32

Usage[edit]

Here a list of fitimg commands and options, including some usage examples:

List[edit]

The list command -l shows the memory region, size and name of each file in the fit-image.

Usage:

  fitimg -l <infile> [-f] [-q]
    List all binaries contained in fit-image <infile>.
    Option -f (freetz mode) uses filesystem/kernel.image etc instead of the stored names.
    Option -q could be used to silently test the image structure.

List in normal mode:

$ fitimg -l 6000.fit
41208000-41527046  3272774 qcaarmv8_HW253_kernel
41c30000-41c33cdd    15581 qcaarmv8_HW253_flat_dt_0
41c30000-41c33d0e    15630 qcaarmv8_HW253_flat_dt_2
43000000-44000000 16777216 qcaarmv8_HW253_squashFS_filesystem

$ fitimg -l 5530.fit
88000000-88122c69  1191017 prxB_HW0257_kernel
884e2000-884e2444     1092 prxB_HW0257_flat_dt_0
8b000000-8b19f361  1700705 prxB_HW0257_ramdisk
70000000-703216dc  3282652 prxI_HW257_kernel
70fe4000-70fe5eed     7917 prxI_HW257_flat_dt_0_aon
70fe4000-70fe5ecc     7884 prxI_HW257_flat_dt_0_pon
90000000-921d0c2d 35458093 prxI_HW257_ramdisk

$ fitimg -l 7530ax.fit
10800000-1082ef13   192275 brcma9TZ_HW256_kernel
10000000-10000257      599 brcma9TZ_HW256_flat_dt_0
c0008000-c0294542  2671938 brcma9_HW256_kernel
c07ab000-c07abee7     3815 brcma9_HW256_flat_dt_1
c07ab000-c07abee9     3817 brcma9_HW256_flat_dt_0
19c00000-1ba62000 31858688 brcma9_HW256_squashFS_filesystem

List in freetz mode:

$ fitimg -l 6000.fit -f
41208000-41527046  3272774 kernel.image
41c30000-41c33cdd    15581 flatdt_0.image
41c30000-41c33d0e    15630 flatdt_2.image
43000000-44000000 16777216 filesystem.image

$ fitimg -l 5530.fit -f
88000000-88122c69  1191017 kernel2.image
884e2000-884e2444     1092 flatdt2_0.image
8b000000-8b19f361  1700705 filesystem2.image
70000000-703216dc  3282652 kernel.image
70fe4000-70fe5eed     7917 flatdt_0_aon.image
70fe4000-70fe5ecc     7884 flatdt_0_pon.image
90000000-921d0c2d 35458093 filesystem.image

$ fitimg -l 7530ax.fit -f
10800000-1082ef13   192275 kernel2.image
10000000-10000257      599 flatdt2_0.image
c0008000-c0294542  2671938 kernel.image
c07ab000-c07abee7     3815 flatdt_1.image
c07ab000-c07abee9     3817 flatdt_0.image
19c00000-1ba62000 31858688 filesystem.image

Test[edit]

The test command -t lists and validates the stored and computed CRC32 checksums of each file in the fit-image.

Usage:

  fitimg -t <infile> [-f] [-q]
    Test the integrity of all binaries contained in fit-image <infile>. Performs CRC32 validation.
    Option -f (freetz mode) uses filesystem/kernel.image etc instead of the stored names.
    Option -q could be used to silently test the image structure and checksum integrity.

Test in normal mode:

$ fitimg -t 5530.fit
OK: b4761fdd b4761fdd  1191017 prxB_HW0257_kernel
OK: 3c53ca34 3c53ca34     1092 prxB_HW0257_flat_dt_0
OK: 0ef19ad8 0ef19ad8  1700705 prxB_HW0257_ramdisk
OK: aa110233 aa110233  3282652 prxI_HW257_kernel
OK: cf9e37b4 cf9e37b4     7917 prxI_HW257_flat_dt_0_aon
OK: b9298e1b b9298e1b     7884 prxI_HW257_flat_dt_0_pon
OK: 9b59e2d4 9b59e2d4 35458093 prxI_HW257_ramdisk
no errors in 7 files

Test in freetz mode:

$ fitimg -t 5530.fit -f
OK: b4761fdd b4761fdd  1191017 kernel2.image
OK: 3c53ca34 3c53ca34     1092 flatdt2_0.image
OK: 0ef19ad8 0ef19ad8  1700705 filesystem2.image
OK: aa110233 aa110233  3282652 kernel.image
OK: cf9e37b4 cf9e37b4     7917 flatdt_0_aon.image
OK: b9298e1b b9298e1b     7884 flatdt_0_pon.image
OK: 9b59e2d4 9b59e2d4 35458093 filesystem.image
no errors in 7 files

Extract[edit]

The extract command -x extracts files from the fit-image.

Usage:

  fitimg -x <infile> [-d <dir>] [-n] [-f] [-q]
    Extract all contents of fit-image <infile> or just <file> to current directory or <dir>.
    Option -n suppresses extracting device tree files.
    Option -f (freetz mode) uses filesystem/kernel.image etc instead of the stored names.
    Option -q suppresses listing which files were extracted.

Extract in normal mode:

$ fitimg -x 5530.fit -d temp 
OK: b4761fdd b4761fdd  1191017 prxB_HW0257_kernel
OK: 3c53ca34 3c53ca34     1092 prxB_HW0257_flat_dt_0
OK: 0ef19ad8 0ef19ad8  1700705 prxB_HW0257_ramdisk
OK: aa110233 aa110233  3282652 prxI_HW257_kernel
OK: cf9e37b4 cf9e37b4     7917 prxI_HW257_flat_dt_0_aon
OK: b9298e1b b9298e1b     7884 prxI_HW257_flat_dt_0_pon
OK: 9b59e2d4 9b59e2d4 35458093 prxI_HW257_ramdisk
extracted 7 files

Extract in freetz mode:

$ fitimg -x 5530.fit -d temp -f
OK: b4761fdd b4761fdd  1191017 kernel2.image
OK: 3c53ca34 3c53ca34     1092 flatdt2_0.image
OK: 0ef19ad8 0ef19ad8  1700705 filesystem2.image
OK: aa110233 aa110233  3282652 kernel.image
OK: cf9e37b4 cf9e37b4     7917 flatdt_0_aon.image
OK: b9298e1b b9298e1b     7884 flatdt_0_pon.image
OK: 9b59e2d4 9b59e2d4 35458093 filesystem.image
extracted 7 files

Extract in freetz mode, no device tree files:

$ fitimg -x 5530.fit -d temp -n -f
OK: b4761fdd b4761fdd  1191017 kernel2.image
OK: 0ef19ad8 0ef19ad8  1700705 filesystem2.image
OK: aa110233 aa110233  3282652 kernel.image
OK: 9b59e2d4 9b59e2d4 35458093 filesystem.image
extracted 4 files

Replace[edit]

The replace command -r creates a new image from the fit-image, replacing files in it.

Usage:

  fitimg -r <infile> -o <outfile> [-d <dir>] [-f] [-q]
    Replace all contens of fit-image <infile> which exist in current directory or <dir> and write it to <outfile>.
    Files which do not exist in current directory or <dir> will not be replaced.
    Option -f (freetz mode) uses filesystem/kernel.image etc instead of the stored names.
    This is just an abstraction, the fit-image always stores the original names.
    Option -q suppresses listing which files were replaced.

Replacing with the original files extracted above:

$ fitimg -r 5530.fit -o temp/5530.fit -d temp -f
Replacing:  1191017-> 1191017 kernel2.image
Replacing:     1092->    1092 flatdt2_0.image
Replacing:  1700705-> 1700705 filesystem2.image
Replacing:  3282652-> 3282652 kernel.image
Replacing:     7917->    7917 flatdt_0_aon.image
Replacing:     7884->    7884 flatdt_0_pon.image
Replacing: 35458093->35458093 filesystem.image
replaced 7 files

$ md5sum 5530.fit temp/5530.fit
91952d629306e88791399a868c4491d9  5530.fit
91952d629306e88791399a868c4491d9  temp/5530.fit

Replacing with a modified filesystem.image:

$ dd if=/dev/zero of=temp/filesystem.image bs=1024 count=16
16+0 records in
16+0 records out
16384 bytes (16 kB) copied, 0.0249391 s, 657 kB/s

$ fitimg -r 5530.fit -o temp/5530.fit -d temp -f
Replacing:  1191017-> 1191017 kernel2.image
Replacing:     1092->    1092 flatdt2_0.image
Replacing:  1700705-> 1700705 filesystem2.image
Replacing:  3282652-> 3282652 kernel.image
Replacing:     7917->    7917 flatdt_0_aon.image
Replacing:     7884->    7884 flatdt_0_pon.image
Replacing: 35458093->   16384 filesystem.image
replaced 7 files

$ md5sum 5530.fit temp/5530.fit
91952d629306e88791399a868c4491d9  5530.fit
4dfbe2a3f91037e7fed4832a93ef814c  temp/5530.fit

$ fitimg -l temp/5530.fit -f
88000000-88122c69  1191017 kernel2.image
884e2000-884e2444     1092 flatdt2_0.image
8b000000-8b19f361  1700705 filesystem2.image
70000000-703216dc  3282652 kernel.image
70fe4000-70fe5eed     7917 flatdt_0_aon.image
70fe4000-70fe5ecc     7884 flatdt_0_pon.image
90000000-90004000    16384 filesystem.image

$ fitimg -t temp/5530.fit -f
OK: b4761fdd b4761fdd  1191017 kernel2.image
OK: 3c53ca34 3c53ca34     1092 flatdt2_0.image
OK: 0ef19ad8 0ef19ad8  1700705 filesystem2.image
OK: aa110233 aa110233  3282652 kernel.image
OK: cf9e37b4 cf9e37b4     7917 flatdt_0_aon.image
OK: b9298e1b b9298e1b     7884 flatdt_0_pon.image
OK: ab54d286 ab54d286    16384 filesystem.image
no errors in 7 files

Copy[edit]

The copy command -c creates a new unaltered image from the fit-image and tests it. (fitimg 0.2+)
This is mainly useful to extract and validate a fit-image from a recovery.exe or firmware.image.

Usage:

  fitimg -c <infile> -o <outfile> [-f] [-q]
    Copy an unaltered fit-image from <infile> to <outfile> while testing its integrity.
    This is mainly useful to extract and validate a fit-image from a recovery.exe or firmware.image.
    Option -f (freetz mode) lists filesystem/kernel.image etc instead of the stored names.
    This is just an abstraction, the fit-image always stores the original names.
    Option -q suppresses listing which files were copied and tested.

Copy and test a fit-image file:

$ fitimg -c 7530ax.fit -o temp/7530ax.fit -f
OK: f653ffe8 f653ffe8   192275 kernel2.image
OK: 2040d9dd 2040d9dd      599 flatdt2_0.image
OK: 34ac9b5e 34ac9b5e  2671938 kernel.image
OK: 5edb6c64 5edb6c64     3815 flatdt_1.image
OK: a7ded150 a7ded150     3817 flatdt_0.image
OK: 29c318fc 29c318fc 31858688 filesystem.image
no errors copying fit image containing 6 files

$ md5sum 7530ax.fit temp/7530ax.fit
e41eafa4dc0c4ee6e46f5313dfce737f  7530ax.fit
e41eafa4dc0c4ee6e46f5313dfce737f  temp/7530ax.fit

Copy and test a fit-image from a firmware.image file:

$ fitimg -c 7530ax.image -o temp/7530ax.fit -f
OK: f653ffe8 f653ffe8   192275 kernel2.image
OK: 2040d9dd 2040d9dd      599 flatdt2_0.image
OK: 34ac9b5e 34ac9b5e  2671938 kernel.image
OK: 5edb6c64 5edb6c64     3815 flatdt_1.image
OK: a7ded150 a7ded150     3817 flatdt_0.image
OK: 29c318fc 29c318fc 31858688 filesystem.image
no errors copying fit image containing 6 files

$ md5sum 7530ax.fit temp/7530ax.fit
e41eafa4dc0c4ee6e46f5313dfce737f  7530ax.fit
e41eafa4dc0c4ee6e46f5313dfce737f  temp/7530ax.fit

Copy and test a fit-image from a recovery.exe file:

$ fitimg -c 7530ax.exe -o temp/7530ax.fit -f
OK: f653ffe8 f653ffe8   192275 kernel2.image
OK: 2040d9dd 2040d9dd      599 flatdt2_0.image
OK: 34ac9b5e 34ac9b5e  2671938 kernel.image
OK: 5edb6c64 5edb6c64     3815 flatdt_1.image
OK: a7ded150 a7ded150     3817 flatdt_0.image
OK: 29c318fc 29c318fc 31858688 filesystem.image
no errors copying fit image containing 6 files

$ md5sum 7530ax.fit temp/7530ax.fit
e41eafa4dc0c4ee6e46f5313dfce737f  7530ax.fit
e41eafa4dc0c4ee6e46f5313dfce737f  temp/7530ax.fit

Show[edit]

The show command -s shows the hunk structure of a fit-image, including hex offsets in the file. (fitimg 0.2+)
Hunks are given names as far as they are known, otherwise 'todo'. So far all hunknames of the 7530ax, 5530 and 6000 are known.
This command is useful to read metatada of all stored files and to understand the fit-format to improve this program.

Usage:

  fitimg -s <infile> [-h] [-q] (fitimg 0.2+)
    Show the complete hunk structure of the fit-image <infile>.
    Option -h adds a hexdump of all hunks, binaries clipped to 64 bytes
    Option -q could be used to silently test the image structure

Hunk structure of a 7530ax fit-image:

$ fitimg -s 7530ax.fit

00000080  hunk 1 [8] - string = ''
00000088  hunk 3 #0 [14] - info = 'FIT for HW256'
000000a4  hunk 3 #12 [4] - timestamp = 0x5fa13e4a
000000b4  hunk 3 #22 [4] - avm,gu-version = 0x0001451a

000000c4  hunk 1 [12] - string = 'images'

000000d0  hunk 1 [28] - string = 'brcma9TZ_HW256_kernel'
000000ec  hunk 3 #0 [26] - info = 'Kernel for brcma9TZ_HW256'
00000114  hunk 3 #37 [1] - avm,variants = 0x0badc0de
00000124  hunk 3 #50 [4] - #address-cells = 0x00000001
00000134  hunk 3 #65 [192275] - data = <binary blob>
0002f054  hunk 3 #70 [7] - type = 'kernel'
0002f068  hunk 3 #75 [4] - arch = 'arm'
0002f078  hunk 3 #80 [6] - os = 'linux'
0002f08c  hunk 3 #83 [5] - compression = 'lzma'
0002f0a0  hunk 3 #95 [4] - loadaddr = 0x10800000
0002f0b0  hunk 3 #100 [4] - entryaddr = 0x10800000
0002f0c0  hunk 1 [12] - string = 'hash_0'
0002f0cc  hunk 3 #106 [6] - hashalgo = 'crc32'
0002f0e0  hunk 3 #111 [4] - hashvalue = 0xf653ffe8

0002f0f0  hunk 2 [40] - string = 'brcma9TZ_HW256_flat_dt_0'
0002f118  hunk 3 #0 [33] - info = 'Device Tree for brcma9TZ_HW256_0'
0002f148  hunk 3 #50 [4] - #address-cells = 0x00000001
0002f158  hunk 3 #65 [599] - data = <binary blob>
0002f3bc  hunk 3 #70 [8] - type = 'flat_dt'
0002f3d0  hunk 3 #75 [4] - arch = 'arm'
0002f3e0  hunk 3 #83 [5] - compression = 'lzma'
0002f3f4  hunk 3 #95 [4] - loadaddr = 0x10000000
0002f404  hunk 3 #117 [1] - avm,kernel-args = ''
0002f414  hunk 1 [12] - string = 'hash_0'
0002f420  hunk 3 #106 [6] - hashalgo = 'crc32'
0002f434  hunk 3 #111 [4] - hashvalue = 0x2040d9dd

0002f444  hunk 2 [32] - string = 'brcma9_HW256_kernel'
0002f464  hunk 3 #0 [24] - info = 'Kernel for brcma9_HW256'
0002f488  hunk 3 #37 [1] - avm,variants = 0x0badc0de
0002f498  hunk 3 #50 [4] - #address-cells = 0x00000001
0002f4a8  hunk 3 #65 [2671938] - data = <binary blob>
002bb9f8  hunk 3 #70 [7] - type = 'kernel'
002bba0c  hunk 3 #75 [4] - arch = 'arm'
002bba1c  hunk 3 #80 [6] - os = 'linux'
002bba30  hunk 3 #83 [5] - compression = 'lzma'
002bba44  hunk 3 #95 [4] - loadaddr = 0xc0008000
002bba54  hunk 3 #100 [4] - entryaddr = 0xc0008000
002bba64  hunk 1 [12] - string = 'hash_0'
002bba70  hunk 3 #106 [6] - hashalgo = 'crc32'
002bba84  hunk 3 #111 [4] - hashvalue = 0x34ac9b5e

002bba94  hunk 2 [24] - string = 'avm,kallsyms'
002bbaac  hunk 3 #133 [3] - avm,endianess = 'LE'
002bbabc  hunk 3 #147 [4] - avm,kernel_text_start = 0xc0008000
002bbacc  hunk 3 #169 [4] - avm,names = 0xc0520920
002bbadc  hunk 3 #179 [4] - avm,token_table = 0xc058c9c0
002bbaec  hunk 3 #195 [4] - avm,token_index = 0xc058cd40
002bbafc  hunk 3 #211 [4] - avm,num_syms = 0xc0520910
002bbb0c  hunk 3 #224 [4] - avm,addresses = 0xc04fb9d0
002bbb1c  hunk 3 #238 [0] - avm,relative_base = 0x0badc0de
002bbb28  hunk 3 #256 [0] - avm,offsets = 0x0badc0de

002bbb34  hunk 2 [36] - string = 'brcma9_HW256_flat_dt_1'
002bbb58  hunk 3 #0 [31] - info = 'Device Tree for brcma9_HW256_1'
002bbb84  hunk 3 #50 [4] - #address-cells = 0x00000001
002bbb94  hunk 3 #65 [3815] - data = <binary blob>
002bca88  hunk 3 #70 [8] - type = 'flat_dt'
002bca9c  hunk 3 #75 [4] - arch = 'arm'
002bcaac  hunk 3 #83 [5] - compression = 'lzma'
002bcac0  hunk 3 #95 [4] - loadaddr = 0xc07ab000
002bcad0  hunk 1 [12] - string = 'hash_0'
002bcadc  hunk 3 #106 [6] - hashalgo = 'crc32'
002bcaf0  hunk 3 #111 [4] - hashvalue = 0x5edb6c64

002bcb00  hunk 2 [36] - string = 'brcma9_HW256_flat_dt_0'
002bcb24  hunk 3 #0 [31] - info = 'Device Tree for brcma9_HW256_0'
002bcb50  hunk 3 #50 [4] - #address-cells = 0x00000001
002bcb60  hunk 3 #65 [3817] - data = <binary blob>
002bda58  hunk 3 #70 [8] - type = 'flat_dt'
002bda6c  hunk 3 #75 [4] - arch = 'arm'
002bda7c  hunk 3 #83 [5] - compression = 'lzma'
002bda90  hunk 3 #95 [4] - loadaddr = 0xc07ab000
002bdaa0  hunk 1 [12] - string = 'hash_0'
002bdaac  hunk 3 #106 [6] - hashalgo = 'crc32'
002bdac0  hunk 3 #111 [4] - hashvalue = 0xa7ded150

002bdad0  hunk 2 [48] - string = 'brcma9_HW256_squashFS_filesystem'
002bdb00  hunk 3 #0 [26] - info = 'squashFS for brcma9_HW256'
002bdb28  hunk 3 #50 [4] - #address-cells = 0x00000001
002bdb38  hunk 3 #268 [4] - avm,data-align = 0x00001000
002bdb48  hunk 3 #65 [31858688] - data = <binary blob>
0211fb54  hunk 3 #70 [11] - type = 'filesystem'
0211fb6c  hunk 3 #83 [5] - compression = 'none'
0211fb80  hunk 3 #95 [4] - loadaddr = 0x19c00000
0211fb90  hunk 3 #117 [97] - avm,kernel-args = 'mtdram=ram-filesystem,0x19c00000,0x1bb00000 mtdparts_ext=ram-filesystem:31858688@0x0(rootfs_ram)'
0211fc00  hunk 1 [12] - string = 'hash_0'
0211fc0c  hunk 3 #106 [6] - hashalgo = 'crc32'
0211fc20  hunk 3 #111 [4] - hashvalue = 0x29c318fc

0211fc30  hunk 2 [32] - string = 'configurations'

0211fc50  hunk 1 [28] - string = 'brcma9TZ_HW256_config_0'
0211fc6c  hunk 3 #283 [22] - kernel = 'brcma9TZ_HW256_kernel'
0211fc90  hunk 3 #290 [25] - flatdt = 'brcma9TZ_HW256_flat_dt_0'

0211fcb8  hunk 2 [32] - string = 'brcma9_HW256_config_1'
0211fcd8  hunk 3 #283 [20] - kernel = 'brcma9_HW256_kernel'
0211fcf8  hunk 3 #290 [23] - flatdt = 'brcma9_HW256_flat_dt_1'
0211fd1c  hunk 3 #294 [33] - squashfs = 'brcma9_HW256_squashFS_filesystem'

0211fd4c  hunk 2 [32] - string = 'brcma9_HW256_config_0'
0211fd6c  hunk 3 #283 [20] - kernel = 'brcma9_HW256_kernel'
0211fd8c  hunk 3 #290 [23] - flatdt = 'brcma9_HW256_flat_dt_0'
0211fdb0  hunk 3 #294 [33] - squashfs = 'brcma9_HW256_squashFS_filesystem'

0211fde0  hunk 2 [28] - string = 'description'

0211fdfc  hunk -> [10] - array[] = 'timestamp'
0211fe06  hunk -> [15] - array[] = 'avm,gu-version'
0211fe15  hunk -> [13] - array[] = 'avm,variants'
0211fe22  hunk -> [15] - array[] = '#address-cells'
0211fe31  hunk -> [5] - array[] = 'data'
0211fe36  hunk -> [5] - array[] = 'type'
0211fe3b  hunk -> [5] - array[] = 'arch'
0211fe40  hunk -> [3] - array[] = 'os'
0211fe43  hunk -> [12] - array[] = 'compression'
0211fe4f  hunk -> [5] - array[] = 'load'
0211fe54  hunk -> [6] - array[] = 'entry'
0211fe5a  hunk -> [5] - array[] = 'algo'
0211fe5f  hunk -> [6] - array[] = 'value'
0211fe65  hunk -> [16] - array[] = 'avm,kernel-args'
0211fe75  hunk -> [14] - array[] = 'avm,endianess'
0211fe83  hunk -> [22] - array[] = 'avm,kernel_text_start'
0211fe99  hunk -> [10] - array[] = 'avm,names'
0211fea3  hunk -> [16] - array[] = 'avm,token_table'
0211feb3  hunk -> [16] - array[] = 'avm,token_index'
0211fec3  hunk -> [13] - array[] = 'avm,num_syms'
0211fed0  hunk -> [14] - array[] = 'avm,addresses'
0211fede  hunk -> [18] - array[] = 'avm,relative_base'
0211fef0  hunk -> [12] - array[] = 'avm,offsets'
0211fefc  hunk -> [15] - array[] = 'avm,data-align'
0211ff0b  hunk -> [7] - array[] = 'kernel'
0211ff12  hunk -> [4] - array[] = 'fdt'
0211ff16  hunk -> [9] - array[] = 'squashFS'

0211ff1f  hunk 0 [8] - hunk end

Help[edit]

The help command --help prints a short help text and terminates.

$ fitimg --help
fitimg version 0.2 - (C) 2021 Ralf Steines aka Hippie2000 - <metamonk@yahoo.com>
Handle and manipulate firmware images in AVM /var/tmp/fit-image format.
Docs and latest version can be found at https://boxmatrix.info/wiki/FIT-Image

Usage:
  fitimg -l <infile> [-f] [-q]
    List all binaries contained in fit-image <infile>.
    Option -q could be used to silently test the image structure.

  fitimg -t <infile> [-f] [-q]
    Test the integrity of all binaries contained in fit-image <infile>. Performs CRC32 validation.
    Option -q could be used to silently test the image structure and checksum integrity.

  fitimg -x <infile> [-d <dir>] [<file>] [-n] [-f] [-q]
    Extract all contents of fit-image <infile> or just <file> to current directory or <dir>.
    Option -n suppresses extracting device tree files.
    Option -q suppresses listing which files were extracted.

  fitimg -r <infile> -o <outfile> [-d <dir>] [-f] [-q]
    Replace all contens of fit-image <infile> which exist in current directory or <dir> and write it to <outfile>.
    Files which do not exist in current directory or <dir> will not be replaced.
    Option -q suppresses listing which files were replaced.

  fitimg -c <infile> -o <outfile> [-f] [-q] (fitimg 0.2+)
    Copy an unaltered fit-image from <infile> to <outfile> while testing its integrity.
    This is mainly useful to extract and validate a fit-image from a recovery.exe or firmware.image.
    Option -q could be used to silently copy and test the image structure and checksum integrity.

  fitimg -s <infile> [-h] [-q] (fitimg 0.2+)
    Show the complete hunk structure of the fit-image <infile>.
    Option -h adds a hexdump of all hunks, binaries clipped to 64 bytes
    Option -q could be used to silently test the image structure

Options:
  <infile> can be a fit-image, a firmware.image or a recovery.exe.  (fitimg 0.2+)
  -f activates Freetz mode using filesystem[2].image and kernel[2].image etc instead of the fit names.

  -? (fitimg 0.2+) or --help print this help text and terminates.
  -v (fitimg 0.2+) or --version print this program's version and terminates.

Result:
	Returns 1 on error, otherwise 0.

Version[edit]

The version command --version prints the program version and terminates.

$ fitimg --version
fitimg version 0.2 - (C) 2021 Ralf Steines aka Hippie2000 - <metamonk@yahoo.com>
Handle and manipulate firmware images in AVM /var/tmp/fit-image format.
Latest version can be found at https://boxmatrix.info/wiki/FIT-Image

Feedback[edit]

For bugreports or feature requests please get in touch or use this forum thread (german or english language please):

History[edit]

fitimg-0.3 - work in progress

- TODO: Fix and activate the hexdump mode of the show command (-s)

fitimg-0.2 - released 2021-01-02

- Added: The show command (-s) now knows all hunknames of the 7530ax, 5360 and 6000.
- Added: A new show command (-s) can show the hunk structure of a fit-image. Useful for development.
- Added: A new copy command (-c) can extract a fit-image from a fit-image, firmware.image or recovery.exe.
- Changed: All commands now work on fit-image, firmware.image and recovery.exe files for the <infile>.
- Fixed: A nasty bug calculated wrong offsets in Replace (-r) when the fit-image filesize changes.
- Fixed: Removed wrong info in docs and help text which showed a [<file>] filter for the -x command. 
- Fixed: Bug which reported "Use of uninitialized value" if called without arguments.
- Fixed: The release archive now contains a versioned subfolder (in favour of the prior bin folder).

fitimg-0.1 - released 2021-01-02

Initial release.

References