Have been watching this thread for some time. Have a RB-1132 myself which was recently "bricked" due to firmware upgrade. The inside looks like this...
Sorry, I'm a noob at this. I just want to change some scripts on the rootfs. Can someone explain how to unpack the files from the .bin file provided, and pack them again so I can upload the modified firmware through the web interface and have my changes there?
I would be really interested to see if this project could be resurrected. I bought a Sapido RB-1132 this summer. The few reviews I could find didn't have much technical info and the sapido website and pdf manual online is full of the company's weird jargon which makes its way into the stock firmware. Stock firmware also seemed to be pretty buggy and I lost all of my settings every time I changed 'modes' with the manual toggle on the device.
I kind of gave up on the thing but it still sits in my bag (since it is tiny) in case I need it for temporary, basic wifi. People have spoke about using the repeater function (one of the main reasons I bought the thing) through the stock firmware but I could never get it to connect which was pretty disappointing. Man, the form factor is so awesome, the software just sucks. Here's hoping DD-WRT can bring this thing up to a 10.
Joined: 06 Nov 2010 Posts: 42 Location: Harlem, GA
Posted: Tue Nov 15, 2011 9:11 Post subject:
merrykid,
That would be too easy- If you can get the TD-SCDMA PCI-E card to physically work with the BR183n; you already have the SDK; just use the toolchain to compile a kernel module for it; and drop it in the squashfs.. I'd say it would be much easier to strip a USB based one, and solder onto the unused USB bus; less pins to worry about.
I'm stuck at work, and can't wait to see this infamous Realtek SDK in it's entirety
Joined: 06 Nov 2010 Posts: 42 Location: Harlem, GA
Posted: Tue Nov 15, 2011 20:06 Post subject:
I've been running diff's to the linux-2.6.30 in the new realtek sdk and vanilla; and my eyes are already bleeding.. This is ALOT cleaner than the previous source tree; but I'm more of a cracker than a programmer- I can reverse engineer pretty decently; but putting it back together properly will take some time :/
I ordered another RB-1132 today; should be here in Kuwait in 2 weeks
Conjur, which version of the RB-1132 are you building this for? Will it make a difference? I currently have the RB-1132v2. Appreciate you working on this man!
Posted: Sun Dec 18, 2011 1:05 Post subject: What about Trendnet?
Hi folks,
Does anyone have any insight on the Trendnet TEW-652BRP V2.xR? I compiled and modified their GPL source to run the router in client mode, but it would be awesome to port dd-wrt to it. The default firmware is one of the weakest I have seen but the 330MHz CPU (8196B), 4M flash and 32M ram could make it a reasonable candidate for dd-wrt, especially since V1 hardware is Atheros based (I believe) and supported by dd-wrt.
I've been poking through the Trendnet source and the driver is binary. Other sources are available for the 818x chip, but compatibility may not be there.
I am not very strong with kernels, beyond compiling additional modules for various Linux distros, but this is a great opportunity to learn.
So, back to the original question, what do you think would be the safest and easiest way to approach porting this SoC?
Thank you.
Was able to get into the secret login page of the RB-1132. After reading this Hack. Can this be a start, to finally put DD-WRT on this Sapido, and reverse Engineer this router. Now you have root access.
Joined: 06 Nov 2010 Posts: 42 Location: Harlem, GA
Posted: Mon Jan 16, 2012 1:36 Post subject:
I've found a recovery method for bricks using the Realtek bootloader; as long as the first 5k of the flash has not been manipulated.
extract "webpages-gw.bin", "linux.bin", and "root.bin" from one of the firmware images
option 1:
connect a console cable to the serial headers
open a console to the device, and power it on
Hit ESC when booting, to get into the bootloader
you should now be at the <RealTek> prompt
option 2:
plug the device in
between 3 and 9 seconds (6 second window) of the "POWER" light coming on; briefly tap the RESET switch. This does the same as above, but you have no way of seeing the status of the uploads.
connect an ethernet cable from the LAN port to a computer
set the computer's ip to 192.168.1.1/255.255.255.0
use a tftp client to tftp PUT the 3 files to 192.168.1.6 (in binary mode). Make sure you do linux.bin (bootloader and kernel) last; as uploading linux.bin initiates a reboot.
wait for "Flash Write Successed!" between uploading each file (about 1 minute for webpages, 2-3 minutes for rootfs, and 6-8 minutes for linux.bin)
power-cycle the device.
I've un-bricked 4 of mine using this method.
Now, I can actually get somewhere
BTW, here is the source for my rtkcsum.c.
Works best when the last 2 bytes in the file are 0x0000; or the correct checksum.
get the 3 files from the current firmware:
# dd if=RB-1132_EN_v1.0.36.bin of=webpages-gw.bin ibs=1 count=293444 skip=32918
# dd if=RB-1132_EN_v1.0.36.bin of=linux.bin ibs=1 count=1116178 skip=326362
# dd if=RB-1132_EN_v1.0.36.bin of=root.bin ibs=1 count=5922834 skip=1442540