b_ignatov
DD-WRT Novice
Joined: 12 Jan 2012
Posts: 17
|
 Posted: Sat Feb 20, 2021 21:54 Post subject: |
 |
| kernel-panic69 wrote: | | The only other thing I can think of is figuring out how to break uboot process and see if there is anything available in the bootloader to do it. |
Hello again.
I think I managed to stop the bootloader by pressing the reset button on the router as soon as I turn it on. Now the router waiting for TFTP Server, and I think the only choice is to flash any firmware .... right? Obviously I won't be able to log in by serial connection because I don't know the password, which means that I can't do flash
dump.
| Code: |
U-Boot 1.1.3 (Apr 18 2012 - 16:14:09)
Board: Ralink APSoC DRAM: 32 MB
relocate_code Pointer at: 81800000
spi_wait_nsec: 4b
spi device id: c2 20 16 c2 20 (2016c220)
find flash: MX25L3205D
raspi_read: from:30000 len:1000
.*** Warning - bad CRC, using default environment
============================================
Ralink UBoot Version: 3.6.0.0
--------------------------------------------
ASIC 3052_MP2 (Port5<->None)
DRAM component: 256 Mbits SDR
DRAM bus: 16 bit
Total memory: 32 MBytes
Flash component: SPI Flash
Date:Apr 18 2012 Time:16:14:09
============================================
icache: sets:256, ways:4, linesz:32 ,total:32768
dcache: sets:128, ways:4, linesz:32 ,total:16384
##### The CPU freq = 320 MHZ ####
estimate memory size =32 Mbytes
Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
7: Load Boot Loader code then write to Flash via Serial.
8: Load Boot Loader code to SDRAM via TFTP.
9: Load Boot Loader code then write to Flash via TFTP.
raspi_read: from:40028 len:6
.
Init GPIO for EMG.
## Enter Rescue Mode ##
3: System Boot system code via TFTP.
NetTxPacket = 0x81833980
KSEG1ADDR(NetTxPacket) = 0xA1833980
NetLoop,call eth_halt !
NetLoop,call eth_init !
Trying Eth0 (10/100-M)
Waitting for RX_DMA_BUSY status Start... done
Header Payload scatter function is Disable !!
ETH_STATE_ACTIVE!!
Using Eth0 (10/100-M) device
Our IP address is:(192.168.1.1)
Wait for TFTP request...
T T T T T T T T T T |
|
|
kernel-panic69
DD-WRT Guru
Joined: 08 May 2018
Posts: 14208
Location: Texas, USA
|
| Posted: Sat Feb 20, 2021 22:17 Post subject: |
|
Looks like it's going to take some kind of bruteforce to figure out the username and password unless you can get the manufacturer or ISP to give you that information. I would have to have the device in hand to see if there was a way to break in.
EDIT: I have locked this post since people can't read the entire thread before posting comment. If you have not figured out anything to get the flash dump done and want to continue discussion, PM me to unlock it.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net |
|
