LeapFrog Pollux Platform: File Format CBF
The LeapFrog Leapster Explorer and LeapPad Explorer both use the CBF file format for the kernel firmware and Surgeon. This is a rather basic format, that contains some summary information about the kernel, size, load address, etc. This information is all rather easy to obtain out of the file, with a hex editor. You can also extract the zImage or Image of the kernel if desired or use the python script in the LeapFrog Sources.
A list of programs/scripts that deal with CBF
There are three basic components of the CBF file, the summary, the kernel image, and padding. The Summary occupies the first 20 bytes of the file, which is followed by the summary CRC checksum. Directly after this starts the kernel image, which can vary in size depending on the options compiled in. It is then followed by the kernel image CRC checksum. This concludes the data portion, the file is then filled with 0xFF bytes until it is aligned to 16384 byte blocks of data.
|Summary||Summary CRC||Kernel||Kernel CRC||Padding|
|[0:3]||[4:7]||[8:11]||[12:15]||[16:19]||[20:23]||[24:K end]||[K end+1:+4]||[..EOF]|
|Magic Number(1)||CBF Version||Kernel Load||Kernel Jump||Kernel Size||CRC Checksum(2)||Kernel Image||CRC Checksum(2)||0xFF|
- 0xF0 0xDE 0xBC 0x9A in actual file
- -0x65432110 in make_cbf.py
- This is calculated using their own routine.
|LeapPad||Kernel.cbf||0x00100000||0x00100000||False||False||? Partition Limited|
|LeapPad||Surgeon.cbf||0x00010000||0x00010000||True||True||8MB Memory Limited|
|Explorer||Kernel.cbf||0x00008000||0x00008000||True||False||8MB Partition Limited|
|Explorer||Surgeon.cbf||0x00008000||0x00008000||True||True||8MB Memory Limited|
This version uses a compressed kernel (zImage) and it's kernel_boot and kernel_load addresses are 0x8000. This script, referenced in the latest make_surgeon.cbf as make_compressed_cbf.py (assuming, as its not in the sources) is used on the Explorer Surgeon and Kernel as well as the LeapPad Surgeon.
This version uses an uncompressed kernel (Image) and it's kernel_boot and kernel_load addresses are 0x10000. The only CBF file this seems to be used on is the LeapPad kernel.
The script graps the zImage or Image file, depending on version from <kernel>/arch/arm/boot/[Image|zImage] and wraps iy with the CBF information, they use their own CRC routine in calculating the checksum. There is three options, of which only two look valid. -c deletes a previous kernel.cbf file, and -o specifies the output files name (default, kernel.cbf).