Well I finally built a serial cable, as I found some old expansion cards with MAX232 chips and reused those for my cable.
But still can't get any output from the Wifibox. I tested the cable with other serial outputting device and it worked fine.
The box isn't competely dead as it goes through the led sequence on boot. Lan/wan port leds do light up when a cable is connected and flash when I ping whatever ip from computer. Just doesn't respond at any adress.
Please correct me if im wrong but istn the DIR-300 Rev A linux dist made for 16 RAM and 4 MB space?
As i boot it i can see the kernel params to set 16 RAM isnt this wastefull if not inefficient? i mean 4 more MB of space and double the ram makes a big difference. (i would have tried to make my own dd-wrt from the svn if the svn wasnt broken...)
Also the Calibration Data for wippies wifiboxes is located somewhere within the first 0x10000 not the last. (doesnt look standard in header either BEWAN magic special?, format info please?) You can regenerate a new at http://www.shadowandy.net/2009/02/generating-dir-300s-board-config.htm if you know your MAC but due note that this is a "DEFAULT" one not the one made for your specific device.
Each device has its own calibration and is unique to its board even if you have 2 identical boards calibration it will differ some.
Also if you'd ever like to restore Wippies Services (for unknown reasons) you will need you unique firmware as it contains login / password / keys to your account at saunalathi[/url]
and for people having trouble making the redboot jtag to work words of advice from experience tjtag -erase:wholeflash doesnt seem to work on these devices so a -erase:custom is needed to blank out all of the serial flash memory before programming it with redboot + calibration data.
Always remember to backup any original firmware in the Wippies box if you want to revert back and forth.
The bootloader is the correct one for the Wippies WIFI Box. But as you and I have discovered is that not all of the ram is used/detected by DDWRT ,only half. BrainSlayer is looking into It. But I have not pressed him for a fix on the ram issue .
Thanks for the link to the site that generates default calibrationdata. I have not tried it. I have also not put any effort in reversing the Bewan Calibration data so I do not know how to use the flash content in the wippies firmware to "patch" a default calibrationdata.
A generic calibrationdata works good enough for me but you are right in that it is probably not optimally "tuned" so "interesting stuff may happen" when multiple devices try to coexist. But it worked adequately when I downloaded a single torrent over WIFI.
The ram issue will probably be figured out eventually and I was happy with any thing but the Wippies firmware. Even a sub optimal DDWRT with only half of the ram used and a generic calibrationdata made my day.
I used the build in the router database. Try to use the latest build of Brainslayer DDWRT for a DIR-300 A to see if that fixes the ram issue.
Well since ive got around 100 wippes wifiboxes to my disposal ive got a window of room for error.
What ive learned so far is the following
The Micro Redboot included in the earlier post has 1 small issue its either crippled by accident or by making
It seem to boot a hardcoded os named "Linux" but when you press "reset" to enter recovery it boots a secondary redboot with its own config (no purpose to use it other then to init the fis and upload images and create fconfig area for linux to detect.) More on this at the end of this post.
The Bewan default calibrationdata doesnt seem to differ much but what ive learned you can save yourself some time and dont use it, once you pop up the top of the box you can se your intended MAC on a sticker.(no need to dump your firmware unless you might want to restore it for unknown reasons)
Unless you want tjtag to flash all of your flash and make you die from old age, i suggest that you flash with the following steps (its ALOT faster)
All Flashfiles need to be named CUSTOM.BIN before flashing!
(As someone probably noticed this syntax doesnt seem to be correct memory range but it does however erase the correct blocks unlike what happens if you call the correct memory location, bugg in TJTAG???)
You should now be able to reset your router and Redboot should boot.
IF all your LEDS light upp and nothing more seem to happen try sending a Probe signal or NVRAM erase (seem to cause a reset and boot like it should)
Redboot should now be operational and looping infinit due to failure to locate the Linux partition
Press the Reset button hidden on the backside of the pcb (should be a small hole)
Redboot now falls back to Failsafe
Type "fis init" to initialize all the rest of the flash memory
type "fconfig -i" to init Redboot Config (only needed for WRT releases to know where the partition is located and caldata)
Press enter (default) on all except server ip and client ip (select a suitable ip for redboot in your network span and the ip of the computer acting as tftp server, for windows i recommend "tftpd32" and for linux "tftpd")
type "reset"
push the resetbutton
now its time to upload your selected image (ive tried using the dir-300 but it has some issues the NVRAM seems to corrupt itself causing the device to RESET NVRAM om reboot, also the image doesnt probe for "free" space unlike openwrt images, other issues as pointed out are the failure to detect correct ram size)
for DD-WRT select your image file (should be 1 file)
type "load -r -b %{FREEMEMLO} imagename.bin"
type "fis create Linux" <-- important dont name it anything else or redboot will go INFINITY
for Openwrt (i recommend compiling your own as the default baud seem to be 9600 but the Router hardware uses 115200) youll need the vmlinux.lzma and root.squashfs images
type "load -r -b %{FREEMEMLO} whatever-vmlinux.lzma"
type "fis create Linux"
type "load -r -b %{FREEMEMLO} whatever-root.squashfs"
type "fis create rootfs"
(note that if you connect using remote connection and not local serial connection you will probably not see the "working" dots and the process seems to have hanged but dont worry its working but SLOWLY")
Now whatever your choice of WRT they are ready to boot type "reset" or cycle power to boot linux
About the Cal Data ive included one of mine cals with instructions on how to modify them
Use your favorite hex editor (mine is HxD under windows)
at offset 0x60 enter the MAC printed on the sticker and replace "00 0C C3 72 EF 82" this is your device MAC
at offset 0x66 enter your MAC +1 (if its "00 0C C3 72 EF 82" it will be "00 0C C3 72 EF 83" Last digit is +1 note for noobs after 9 comes A then B ..C.D.E.F use CALC and enter the last Hex digit "82" and add +1 to it to get the correct one if you dont know how to calculate yourself) <-- Failure in this will result in ODD behavior on WIFI if you have multiple SSID (perhaps on singel ones also)
at offset 0x6D inter your MAC's 2 first Digits "00 0C" (not sure what the purpose is but ive changed mine)
at offset 0x131 youll find your MAC in a little oddly reversed order Bytes 7-8, bytes 5-6, bytes 3-4, bytes 1-2 enter your MAC in the same manner "EF 82 C3 72 EF 00 0C 00"
Save the file and Flash it to Cal area.
ill post pics of the JTAG, SERIAL and GPIO (yes ive found them) pinouts once i get my hand on a good camera and manage to get a good snapshot of the PCB
working on a POE hack also
oh almost forgot if you want to erase your full flash memory syntax is
Nice that you have listed a step by step tutorial.
Have you managed to find a version of DDWRT that uses all of the RAM in the WIFI-box or are you using Openwrt.?
Thanks for the information on howto change the MAC in the calibrationdata.
On the GPIO, you are right, I see in the schematic that at least 3 of them are testpoints. Nice to see the Wippies WIFI box being perhaps used for other things than routing packets. SD-card mods,AC-loads and Alarms systems here we come!
i have not tried the latest version of dd-wrt as of yet but i will try once i get home tonight
(the DIR-300 version Meraki also seems equalish when it comes to hardware so ill try both),
Im currently using openwrt due to the fact that ddwrt caused NVRAM resets, due to the nature of my needs i hade to make a working prototype setup but if i manage to get a stable version of ddwrt ill probably rather use ddwrt over openwrt as im lazy and like webgui's.
im running 2 boxes box_a for internet and local port trafic + local wifi and a WDS connection to box_b and then distribute all ports and a wifi as a guest network at my Neighbour (for his laptops / wired equipment) still working on how to isolate the connections hence my learning curve is steep and ive only experimenting for about 1 weeks time. (work takes up shitloads of time not to meantion my 3d printer)
Still trying to workout how the VLAN's are configured to include WIFI under the SWITCH but in on my way.
pics of the PCB with pinouts for GPIO will follow tomorrow (gonna lend a coworkers camera)
i didnt seem to found a second INPUT besides the Reset as some bit are still unmapped it stands to reason that probably one of these bits might be a second INPUT
Now that was easy enough to follow guide for a router noob too, even I managed to get dd-wrt running now. Thank you pudrik!
The settings in dd-wrt indeed gets reset at reboot though, so its not quite perfect yet. I'm sure someone is able to figure this out as we've gotten this far already.
One dumb question: How do I get back to redboot (via telnet) after I've set up dd-wrt to run at boot? It would be easy to try different dd-wrt builds by tftp, web interface didn't allow downgrading.
Hold the reset button while you plugin the power connector and keep holding it for a second or so
this will boot "recovery redboot" where you did all the FIS stuff, good thing to remember is that if you configures a bootscript in the alternativt redboot you might need to press ctrl+c to abort it from booting, (if you on the other hand followed my instructions it should drop you in redboot awaiting you commands, telnet to it or serial connect)
Last edited by pudrik on Sun May 15, 2011 22:57; edited 1 time in total
7 wlan out (Not recommended as Atheros toggles this one itself when WIFI link is active)
6 reset in (no purpose other then Redboot Recovery)
5 Unknown
4 tp12 out
3 Unknown
2 tp9 out (inside RF House)
1 LED out (- on ds22/ds17 Not used on Wifibox but Internet indicator on Belkin)
0 tp10 out
See highres Pictures for Details (look for red rings)
Didnt mark GND as its almost everywhere. (for those that dont know how to find it use the WHITE area of the 2 pins for the Capacitor at EC183 its on the Right side of GPIO 1)
i was stuck flashing calibration data, but after i figured out that i was flashing redboot to calibration data everything worked fine. Yes DD-WRT doesn't save any settings yet _________________ 1X Unbranded Ralink SoC RT3052 based router (Dead)
1X Wippies Wifibox
1X TP-Link WR-1043ND
default version witch was on the dd-wrt download section (r13064) _________________ 1X Unbranded Ralink SoC RT3052 based router (Dead)
1X Wippies Wifibox
1X TP-Link WR-1043ND
i followed the instructions from pudrik and flashed a "tuned" version of the usr5463.
Tuned, because i have installed a 8MB flash and 16 MB ram chip onto the device.
Before the usr5463 had only 2MB and 8MB chips.
The flash chip is working correctly, since i can store and backup the redboot and calibration data successfully.
But now i have a big problem:
When the device starts, it runs through all lights and then turns them on and off.
Afterwards nothing happens.
There is no serial output from the redboot.
Connecting a serial cable and doing a clear nvram or probeonly with the wiggler cable does not improve the Situation.
There is also no signal on an oscilloscope, which i have connected to the serial ports.
Any advice would be helpful.
Is there a redboot rom image which does some DEBUG output on the serial console?
Or can i built/compile a redboot which has debug information?
As soon as i get the device working, i will post some pictures and also the corresponding steps.
P.S. This is a pure hacking device for me. I am doing this for fun in my spare time.
fogman
i myself did have this problem and it took some custom full erase of the flash to make it work this seems to be due to an error in tjtag with this router
try running full erase and then write "random" crap into the begining then read it to confirm that your cable does what it should.
i havent made it work under linux but it does work on win32 dont know why? (might be my parport thats malfunctioning)
Use redboot included earlier in this thread, also your router starts to "blink" like insane if you rename the image wrong due to the "mini" broken version overriding the "backup" redboot
