Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Sun Aug 23, 2009 18:00 Post subject:
Red.. Great info... Thanks.. In regards to "serial flash".
I guess the correct terminology would be "flashing via serial console", not true "serial" hardware.
I finished my "micro mini adapter". Kinda ugly as I used hot glue after soldering the wires to give the connections some structure. Works though.. Where should I put it? _________________ [Moderator Deleted]
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Sun Aug 23, 2009 18:13 Post subject:
barryware wrote:
Red.. Great info... Thanks.. In regards to "serial flash".
I guess the correct terminology would be "flashing via serial console", not true "serial" hardware.
I finished my "micro mini adapter". Kinda ugly as I used hot glue after soldering the wires to give the connections some structure. Works though.. Where should I put it?
Maybe put a small access hole on the back of the unit where you can plug in without removing the case.
post some pics when you get it done
redhawk _________________ The only stupid question....is the unasked one.
So I understand this, is a serial flash done with the equipment pictured, and a program like putty? Do most/all routers that have a serial connection have the abilitiy to flash this way?
And, most importantly, as I understood SF builds, they could be used to flash unsupported hardware. Could this be used on the NL routers that are currently unsupported? (I take it that this would also require someone to compile a special sf build.) _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Sun Aug 23, 2009 22:56 Post subject:
Murrkf wrote:
So I understand this, is a serial flash done with the equipment pictured, and a program like putty? Do most/all routers that have a serial connection have the abilitiy to flash this way?
And, most importantly, as I understood SF builds, they could be used to flash unsupported hardware. Could this be used on the NL routers that are currently unsupported? (I take it that this would also require someone to compile a special sf build.)
Well...Serial Terminal is what we have been talking about...the term Serial Flash entered the conversation and I wanted to set it straight that there were 2 different things being discussed here.
The older builds that had SF in the name were special builds for routers that have a Serial Flash chip (like the WGR614L in the picture above)...it has nothing to do with flashing via serial terminal.
All routers with serial terminal can be flashed via serial but only if the CFE is capable of it. It is the CFE that is either "smart" enough....or "too dumb" to do it.
So the answer is yes and no.
As for the mtd command line to flash...this has to be from a working router with dd-wrt firmware already running...the mtd command is part of the kernel...not the cfe.
redhawk _________________ The only stupid question....is the unasked one.
The older builds that had SF in the name were special builds for routers that have a Serial Flash chip (like the WGR614L in the picture above)...it has nothing to do with flashing via serial terminal.
Thanks. That makes sense to me. Out of curiousity, how is a serial flash done then....what is the hookup to the router? Through an ethernet cable? _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Mon Aug 24, 2009 11:56 Post subject:
Murrkf wrote:
redhawk0 wrote:
The older builds that had SF in the name were special builds for routers that have a Serial Flash chip (like the WGR614L in the picture above)...it has nothing to do with flashing via serial terminal.
Thanks. That makes sense to me. Out of curiousity, how is a serial flash done then....what is the hookup to the router? Through an ethernet cable?
To be honest...the SF file creation was before I received my WGR614L unit....so I don't know how that SF file got flashed.
But...I can tell you that currently this router gets flashed with regular generic Firmware through the normal method just like any other router. The SF utility/process/method was later built into the Firmware so it is invisible to the end user flashing the router.
The Serial Flash units are also now detected with TJTAG so it can be erased/flashed/backup...etc using Tornado's TJTAG.
redhawk _________________ The only stupid question....is the unasked one.
Okay. I got a bricked wrt300n v.1.1 from ebay today. I decide I will try to unbrick it with serial, by killing the nvram. First of all...how to hook it up. There are five leads for the serial port. The square one is tcc.
1. vcc(3.3v) lead 1 on my unit
2. rx - goes to tx lead 3 on my unit
3. tx - goes to rx lead 4 on my unit
4. not used
5. Grd- lead 2 on my unit.
You have to be fast to get the control C in to break the boot cycle. If you wait too long you will miss it and have to power cycle the router again.
I did get to the CFE and issued nvram show and then nvram erase. After the nvram erase I got ttl-100 ping responses in my ping window, and the putty window returned a ***command = 0. I then entered reboot and the router rebooted, but when it did I still got request timeouts and now ttl=100.
I think I also needed to erase the kernel. Does anyone know how that is done in serial? Can it be?
Anyways, I pulled out my jtag cable erased the kernel, and erased the nvram, got fairly consistent ttl=100 responses, and after some struggles to get tftp timing JUST right, I did manage to load 12533 onto the router.
If anyone can enlighten me on how to erase the kernel, that would be appreciated. _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Thu Aug 27, 2009 13:26 Post subject:
Murrkf wrote:
Observations of a serial killer...
Okay. I got a bricked wrt300n v.1.1 from ebay today. I decide I will try to unbrick it with serial, by killing the nvram. First of all...how to hook it up. There are five leads for the serial port. The square one is tcc.
1. vcc(3.3v) lead 1 on my unit
2. rx - goes to tx lead 3 on my unit
3. tx - goes to rx lead 4 on my unit
4. not used
5. Grd- lead 2 on my unit.
You have to be fast to get the control C in to break the boot cycle. If you wait too long you will miss it and have to power cycle the router again.
I did get to the CFE and issued nvram show and then nvram erase. After the nvram erase I got ttl-100 ping responses in my ping window, and the putty window returned a ***command = 0. I then entered reboot and the router rebooted, but when it did I still got request timeouts and now ttl=100.
I think I also needed to erase the kernel. Does anyone know how that is done in serial? Can it be?
Anyways, I pulled out my jtag cable erased the kernel, and erased the nvram, got fairly consistent ttl=100 responses, and after some struggles to get tftp timing JUST right, I did manage to load 12533 onto the router.
If anyone can enlighten me on how to erase the kernel, that would be appreciated.
I know it can be done...but I've never done it...I think you need to know the exact memory addresses of the kernel partition in order to do it.
But...instead of issuing the reboot command, and hoping to hit the tftp window (if it exists)...try using the "go" command....it forces the router to restart but first check for tftp input.
redhawk _________________ The only stupid question....is the unasked one.
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Sun Aug 30, 2009 20:00 Post subject:
I'm dink'en with my 350..
Below is part of the boot and busting into the boot sequence to get to the "cfe" prompt, then a "help" command.
You can see that you can flash anything you want on the flash chip. You do need to know what you want to flash, where to put it, and the length of the flash. I'm working on it and at this point, my linux noob status is showing.
Code:
Boot version: v4.2
The boot is CFE
mac_init(): Find mac [00:1A:70:D3:16:8B] in location 0
Nothing...
eou_key_init(): Find key pair in location 4
The eou device id is same
The eou public key is same
The eou private key is same
CMD: [ifconfig eth0 -addr=192.168.1.1 -mask=255.255.255.0]
bcm5700: no firmware rendevous
eth0: Link speed: 1000BaseT FDX
Device eth0: hwaddr 00-1A-70-D3-16-8B, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Automatic startup canceled via Ctrl-C
CFE> ^C
CFE> help
CMD: [help]
Available commands:
et Broadcom Ethernet utility.
modify Modify flash data.
nvram NVRAM utility.
reboot Reboot.
flash Update a flash memory device
autoboot Automatic system bootstrap.
batch Load a batch file into memory and execute it
go Verify and boot OS image.
boot Load an executable file into memory and execute it
load Load an executable file into memory without executing it
save Save a region of memory to a remote file via TFTP
ping Ping a remote IP host.
arp Display or modify the ARP Table
ifconfig Configure the Ethernet interface
unsetenv Delete an environment variable.
printenv Display the environment variables
setenv Set an environment variable.
help Obtain help for CFE commands
For more information about a command, enter 'help command-name'
*** command status = 0
CFE> flash
CMD: [flash]
flash [options] filename [flashdevice]
Copies data from a source file name or device to a flash memory device.
The source device can be a disk file (FAT filesystem), a remote file
(TFTP) or a flash device. The destination device may be a flash or eeprom.
If the destination device is your boot flash (usually flash0), the flash
command will restart the firmware after the flash update is complete
-noerase Don't erase flash before writing
-offset=* Begin programming at this offset in the flash device
-size=* Size of source device when programming from flash to flash
-ctheader Check header of CyberTAN
-noheader Override header verification, flash binary without checking-mem;Use memory as source instead of a device
Try flashing a kernel.... _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
And always will be!....(BTW...watch your post count, bro! )
What specific commands did you use, including the address info? _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
)