Downloads
release
dev builds
extras
themes
Documentation
manual
wiki
device status
Support
forums
mailing lists
IRC
Development
bugs
patches
dev guide
Search



Donate

Search | Go
Wiki > Main > RKWFileFormat (r7)

Introduction

Rockchip rk27xx based players use firmware file in RKW format.

RKLD section

Header

The header is 0x2C bytes long and consists of such fields:
offset size (bytes) name comment
0x00 4 ImagicNumber Magic number. 0x4C44524B
0x04 4 Size Size of the header
0x08 4 ImageBase Base address of the firmware image
0x0C 4 ImageLoadBase Load address
0x10 4 ImageLoadLimit End of the firmware image
0x14 4 ImageZiBase this is the start of .bss section of the firmware I suppose
0x18 4 ImageReserved0 reserved - I've seen only zeros in this field so far
0x1C 4 ImageReserved1 reserved - I've seen only zeros in this field so far
0x20 4 ImageEntry Entry point address
0x24 4 ImageLoadOptions 0x80000000 - setup flag (I don't know what it means but is present in every RKW I saw), 0x40000000 - check header crc, 0x20000000 - check firmware crc
0x28 4 CRC32 crc32 of the header (excluding crc32 field itself)

Firmware image

The firmware is regular arm, little-endian code image. Usually the very first instruction is a branch - beautiful gift for us as this makes easy to inject our code.

CRC32

Optionally(?), last 4 bytes of the RKW are CRC32 of the firmware part (and loader seems to check this if 0x20000000 flag is present in ImageLoadOptions field of the header.

The crc32 routine is known and seems to be standard crc32 with polynomial 0x04c10db7. There is a tool for manipulating RKWs (thanks to alemaxx) it's crc32 routine is based on lengthy lookup table so I will not document it here. Go read rkwpatch sources instead. There is also file genrkcrc.c floating around which uses the same algorithm to calculate crc32 of rockchip firmware as far as I can tell and is used on rk28xx based android tablets to calculate checksum for boot.img.

RKRS section

Header

offset size (bytes) name comment
0x00 4 Size Size of the header
0x04 4 Magic 0x53524B52
0x08 4 Property ?
0x0C 4 DateTimeStamp ?
0x10 4 AllignedSize ?
0x14 4 FileByteSize ?
0x18 2 SizeOfNameDir ?
0x1A 2 SizeOfIdDir ?
0x1C 2 NumberOfNamedEntries ?
0x1E 2 NumberOfIdEntries ?
0x20 4 OffsetOfNamedEntries Offset to structs describing named entries (counting from the beginning of the section)
0x24 4 OffsetOfIdEntries ?

Named Entries Struct
offset size (bytes) name comment
0x00 4 Size  
0x04 4 Characteristics  
0x08 4 OffsetToData  
0x0C 4 SizeOfBytes  
0x10 16 Name  

RKTS section

Edit | Attach | Print version | History: r10 | r8 < r7 < r6 < r5 | Backlinks | View wiki text | More topic actions...
r7 - 31 Jan 2011 - 22:33:41 - MarcinBukat
Copyright © by the contributing authors.