LeapFrog Pollux Platform: File Format CBF
The LeapFrog Leapster Explorer and LeapPad Explorer both use the CBF file format for the kernel firmware and Surgeon. This is a rather basic format, that contains some summary information about the kernel, size, load address, etc. This information is all rather easy to obtain out of the file, with a hex editor. You can also extract the zImage or Image of the kernel if desired. You can create your own cbf file a couple of ways.
OpenLFConnect can't create a cbf file, unwrap its contents, or give a summary of the cbf information.
LeapFrog includes the Python script to turn a kernel image into a cbf file <Sources>/scripts/make_cbf.py.
There are two versions of the make_cbf.py script, starting with source release 20110602 for the LeapPad, the cbf is built with an uncompressed kernel Image, instead of a gunzip compressed zImage. There is no indicator of this, other than a change to the Python script. There is a reference to a different version in this release's Surgeon script, referring to a make_compressed_cbf.py script. Which would seem to indicate Surgeon is built with the older version. This is also confirmed by the kernel_jump and kernel_load addresses, the lastest make_cbf.py script has the values 0x8000 while the older version has 0x10000, which is the value actually used in Surgeon Lpad and Explorer still.
There are three basic components of the CBF file, the summary, the kernel image, and padding. The Summary occupies the first 20 bytes of the file, which is followed by the summary CRC checksum. Directly after this starts the kernel image, which can vary in size depending on the options compiled in. It is then followed by the kernel image CRC checksum. This concludes the data portion, the file is then filled with 0xFF bytes until it is aligned to 16384 byte blocks of data.
|Summary||Summary CRC||Kernel||Kernel CRC||Padding|
|[0:3]||[4:7]||[8:11]||[12:15]||[16:19]||[20:23]||[24:K end]||[K end+1:+4]||[..EOF]|
|Magic Number||CBF Version||Kernel Load||Kernel Jump||Kernel Size||CRC32 Checksum||Kernel Image||CRC32 Checksum||0xFF|