LeapFrog Pollux Platform: File Format CBF

From eLinux.org
Revision as of 14:39, 3 February 2012 by Jrspruitt (talk | contribs)
Jump to: navigation, search


The LeapFrog Leapster Explorer and LeapPad Explorer both use the CBF file format for the kernel firmware and Surgeon. This is a rather basic format, that contains some summary information about the kernel, size, load address, etc. This information is all rather easy to obtain out of the file, with a hex editor. You can also extract the zImage or Image of the kernel if desired or use the python script in the LeapFrog Sources.


A list of programs/scripts that deal with CBF



File Structure

There are three basic components of the CBF file, the summary, the kernel image, and padding. The Summary occupies the first 20 bytes of the file, which is followed by the summary CRC checksum. Directly after this starts the kernel image, which can vary in size depending on the options compiled in. It is then followed by the kernel image CRC checksum. This concludes the data portion, the file is then filled with 0xFF bytes until it is aligned to 16384 byte blocks of data.

Summary Summary CRC Kernel Kernel CRC Padding
[0:3] [4:7] [8:11] [12:15] [16:19] [20:23] [24:K end] [K end+1:+4] [..EOF]
Magic Number CBF Version Kernel Load Kernel Jump Kernel Size CRC32 Checksum Kernel Image CRC32 Checksum 0xFF

File Differences

Device File kernel_load kernel_jump compressed initramfs
LeapPad Kernel.cbf 0x00100000 0x00100000 False False
LeapPad Surgeon.cbf 0x00008000 0x00008000 True True
Explorer Kernel.cbf 0x00008000 0x00008000 True False
Explorer Surgeon.cbf 0x00008000 0x00008000 True True


Version 1

This version uses a compressed kernel (zImage) and it's kernel_boot and kernel_load addresses are 0x8000. This script, referenced in the latest make_surgeon.cbf as make_compressed_cbf.py (assuming, as its not in the sources) is used on the Explorer Surgeon and Kernel as well as the LeapPad Surgeon.

Version 2

This version uses an uncompressed kernel (Image) and it's kernel_boot and kernel_load addresses are 0x10000. The only CBF file this seems to be used on is the LeapPad kernel.


The script graps the zImage or Image file, depending on version from <kernel>/arch/arm/boot/[Image|zImage] and wraps iy with the CBF information, they use their own CRC routine in calculating the checksum. There is three options, of which only two look valid. -c deletes a previous kernel.cbf file, and -o specifies the output files name (default, kernel.cbf).