LeapFrog Pollux Platform: File Format CBF

From eLinux.org
Revision as of 23:00, 14 October 2012 by Jrspruitt (talk | contribs) (File Differences)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


The LeapFrog Leapster Explorer and LeapPad Explorer both use the CBF file format for the kernel firmware and Surgeon. This is a rather basic format, that contains some summary information about the kernel, size, load address, etc. This information is all rather easy to obtain out of the file, with a hex editor. You can also extract the zImage or Image of the kernel if desired or use the python script in the LeapFrog Sources.


A list of programs/scripts that deal with CBF



File Structure

There are three basic components of the CBF file, the summary, the kernel image, and padding. The Summary occupies the first 20 bytes of the file, which is followed by the summary CRC checksum. Directly after this starts the kernel image, which can vary in size depending on the options compiled in. It is then followed by the kernel image CRC checksum. This concludes the data portion, the file is then filled with 0xFF bytes until it is aligned to 16384 byte blocks of data.

Summary Summary CRC Kernel Kernel CRC Padding
[0:3] [4:7] [8:11] [12:15] [16:19] [20:23] [24:K end] [K end+1:+4] [..EOF]
Magic Number(1) CBF Version Kernel Load Kernel Jump Kernel Size CRC Checksum(2) Kernel Image CRC Checksum(2) 0xFF


  • 0xF0 0xDE 0xBC 0x9A in actual file
  • -0x65432110 in make_cbf.py


  • This is calculated using their own routine.

File Differences

Device File kernel_load kernel_jump compressed initramfs Size Limit
LeapPad Kernel.cbf 0x00100000 0x00100000 False False ? Partition Limited
LeapPad Surgeon.cbf 0x00010000 0x00010000 True True 8MB Memory Limited
Explorer Kernel.cbf 0x00008000 0x00008000 True False 8MB Partition Limited
Explorer Surgeon.cbf 0x00008000 0x00008000 True True 8MB Memory Limited


Version 1

This version uses a compressed kernel (zImage) and it's kernel_boot and kernel_load addresses are 0x8000. This script, referenced in the latest make_surgeon.cbf as make_compressed_cbf.py (assuming, as its not in the sources) is used on the Explorer Surgeon and Kernel as well as the LeapPad Surgeon.

Version 2

This version uses an uncompressed kernel (Image) and it's kernel_boot and kernel_load addresses are 0x10000. The only CBF file this seems to be used on is the LeapPad kernel.


The script graps the zImage or Image file, depending on version from <kernel>/arch/arm/boot/[Image|zImage] and wraps iy with the CBF information, they use their own CRC routine in calculating the checksum. There is three options, of which only two look valid. -c deletes a previous kernel.cbf file, and -o specifies the output files name (default, kernel.cbf).