v19.07.3_mercusys_ac12_duma
master
${ noResults }
4 Commits (9fac9168c6471b743dbaac5cd038593f9f807e9d)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Tom Brouwer
|
2090b8af0a |
ipq40xx: add support for EZVIZ CS-W3-WD1200G EUP
Hardware:
SOC: Qualcomm IPQ4018
RAM: 128 MB Nanya NT5CC64M16GP-DI
FLASH: 16 MB Macronix MX25L12805D
ETH: Qualcomm QCA8075 (4 Gigabit ports, 3xLAN, 1xWAN)
WLAN: Qualcomm IPQ4018 (2.4 & 5 Ghz)
BUTTON: Shared WPS/Reset button
LED: RGB Status/Power LED
SERIAL: Header J8 (UART, Left side of board). Numbered from
top to bottom:
(1) GND, (2) TX, (3) RX, (4) VCC (White triangle
next to it).
3.3v, 115200, 8N1
Tested/Working:
* Ethernet
* WiFi (2.4 and 5GHz)
* Status LED
* Reset Button (See note below)
Implementation notes:
* The shared WPS/Reset button is implemented as a Reset button
* I could not find a original firmware image to reverse engineer, meaning
currently it's not possible to flash OpenWrt through the Web GUI.
Installation (Through Serial console & TFTP):
1. Set your PC to fixed IP 192.168.1.12, Netmask 255.255.255.0, and connect to
one of the LAN ports
2. Rename the initramfs image to 'C0A8010B.img' and enable a TFTP server on
your pc, to serve the image
2. Connect to the router through serial (See connection properties above)
3. Hit a key during startup, to pause startup
4. type `setenv serverip 192.168.1.12`, to set the tftp server address
5. type `tftpboot`, to load the image from the laptop through tftp
6. type `bootm` to run the loaded image from memory
6. (If you want to return to stock firmware later, create an full MTD backup,
e.g. using instructions here https://openwrt.org/docs/guide-user/installation/generic.backup#create_full_mtd_backup)
7. Transfer the 'sysupgrade' OpenWrt firmware image from PC to router, e.g.:
`scp xxx-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/upgrade.bin`
8. Run sysupgrade to permanently install OpenWrt to flash: `sysupgrade -n /tmp/upgrade.bin`
Revert to stock:
To revert to stock, you need the MTD backup from step 6 above:
1. Unpack the MTD backup archive
2. Transfer the 'firmware' partition image to the router (e.g. mtd8_firmware.backup)
3. On the router, do `mtd write mtd8_firmware.backup firmware`
Signed-off-by: Tom Brouwer <tombrouwer@outlook.com>
[removed BOARD_NAME, OpenWRT->OpenWrt, changed LED device name to board name]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
5 years ago |
David Bauer
|
102c8c55f2 |
ipq40xx: add support for Aruba AP-303
Hardware
--------
SoC: Qualcomm IPQ4029
RAM: 512M DDR3
FLASH: - 128MB NAND (Macronix MX30LF1G18AC)
- 4MB SPI-NOR (Macronix MX25R3235F)
TPM: Atmel AT97SC3203
BLE: Texas Instruments CC2540T
attached to ttyMSM0
ETH: Atheros AR8035
LED: WiFi (amber / green)
System (red / green)
BTN: Reset
To connect to the serial console, you can solder to the labled pads next
to the USB port or use your Aruba supplied UARt adapter.
Do NOT plug a standard USB cable into the Console labled USB-port!
Aruba/HPE simply put UART on the micro-USB pins. You can solder yourself
an adapter cable:
VCC - NC
D+ - TX
D- - RX
GND - GND
The console setting in bootloader and OS is 9600 8N1. Voltage level is
3.3V.
To enable a full list of commands in the U-Boot "help" command, execute
the literal "diag" command.
Installation
------------
1. Get the OpenWrt initramfs image. Rename it to ipq40xx.ari and put it
into the TFTP server root directory. Configure the TFTP server to
be reachable at 192.168.1.75/24. Connect the machine running the TFTP
server to the ethernet port of the access point.
2. Connect to the serial console. Interrupt autobooting by pressing
Enter when prompted.
3. Configure the bootargs and bootcmd for OpenWrt.
$ setenv bootargs_openwrt "setenv bootargs console=ttyMSM1,9600n8"
$ setenv nandboot_openwrt "run bootargs_openwrt; ubi part aos1;
ubi read 0x85000000 kernel; bootm 0x85000000"
$ setenv ramboot_openwrt "run bootargs_openwrt;
setenv ipaddr 192.168.1.105; setenv serverip 192.168.1.75;
netget; set fdt_high 0x87000000; bootm"
$ setenv bootcmd "run nandboot_openwrt"
$ saveenv
4. Load OpenWrt into RAM:
$ run ramboot_openwrt
5. After OpenWrt booted, transfer the OpenWrt sysupgrade image to the
/tmp folder on the device.
6. Flash OpenWrt:
$ ubidetach -p /dev/mtd1
$ ubiformat /dev/mtd1
$ sysupgrade -n /tmp/openwrt-sysupgrade.bin
To go back to the stock firmware, simply reset the bootcmd in the
bootloader to the original value:
$ setenv bootcmd "boot"
$ saveenv
Signed-off-by: David Bauer <mail@david-bauer.net>
|
5 years ago |
Jeff Kletsky
|
819e7946b0 |
ipq40xx: Add support for Linksys EA8300 (Dallas)
The Linksys EA8300 is based on QCA4019 and QCA9888 and provides three,
independent radios. NAND provides two, alternate kernel/firmware
images with fail-over provided by the OEM U-Boot.
Installation:
"Factory" images may be installed directly through the OEM GUI.
Hardware Highlights:
* IPQ4019 at 717 MHz (4 CPUs)
* 256 MB NAND (Winbond W29N02GV, 8-bit parallel)
* 256 MB RAM
* Three, fully-functional radios; `iw phy` reports (FCC/US, -CT):
* 2.4 GHz radio at 30 dBm
* 5 GHz radio on ch. 36-64 at 23 dBm
* 5 GHz radio on ch. 100-144 at 23 dBm (DFS), 149-165 at 30 dBm
#{ managed } <= 16, #{ AP, mesh point } <= 16, #{ IBSS } <= 1
* All two-stream, MCS 0-9
* 4x GigE LAN, 1x GigE Internet Ethernet jacks with port lights
* USB3, single port on rear with LED
* WPS and reset buttons
* Four status lights on top
* Serial pads internal (unpopulated)
"Linksys Dallas WiFi AP router based on Qualcomm AP DK07.1-c1"
Implementation Notes:
The OEM flash layout is preserved at this time with 3 MB kernel and
~69 MB UBIFS for each firmware version. The sysdiag (1 MB) and
syscfg (56 MB) partitions are untouched, available as read-only.
Serial Connectivity:
Serial connectivity is *not* required to flash.
Serial may be accessed by opening the device and connecting
a 3.3-V adapter using 115200, 8n1. U-Boot access is good,
including the ability to load images over TFTP and
either run or flash them.
Looking at the top of the board, from the front of the unit,
J3 can be found on the right edge of the board, near the rear
|
J3 |
|-| |
|O| | (3.3V seen, open-circuit)
|O| | TXD
|O| | RXD
|O| |
|O| | GND
|-| |
|
Unimplemented:
* serial1 "ttyQHS0" (serial0 works as console)
* Bluetooth; Qualcomm CSR8811 (potentially conected to serial1)
Other Notes:
https://wikidevi.com/wiki/Linksys_EA8300 states
FCC docs also cover the Linksys EA8250. According to the
RF Test Report BT BR+EDR, "All models are identical except
for the EA8300 supports 256QAM and the EA8250 disable 256QAM."
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
|
5 years ago |
Christian Lamparter
|
82618062cf |
ipq40xx: add support for the ZyXEL NBG6617
This patch adds support for ZyXEL NBG6617
Hardware highlights:
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB DDR3L-1600/1866 Nanya NT5CC128M16IP-DI @ 537 MHz
NOR: 32 MiB Macronix MX25L25635F
ETH: Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: RESET Button, WIFI/Rfkill Togglebutton, WPS Button
LEDS: Power, WAN, LAN 1-4, WLAN 2.4GHz, WLAN 5GHz, USB, WPS
Serial:
WARNING: The serial port needs a TTL/RS-232 3.3v level converter!
The Serial setting is 115200-8-N-1. The 1x4 .1" header comes
pre-soldered. Pinout:
1. 3v3 (Label printed on the PCB), 2. RX, 3. GND, 4. TX
first install / debricking / restore stock:
0. Have a PC running a tftp-server @ 192.168.1.99/24
1. connect the PC to any LAN-Ports
2. put the openwrt...-factory.bin (or V1.00(ABCT.X).bin for stock) file
into the tftp-server root directory and rename it to just "ras.bin".
3. power-cycle the router and hold down the the WPS button (for 30sek)
4. Wait (for a long time - the serial console provides some progress
reports. The u-boot says it best: "Please be patient".
5. Once the power LED starts to flashes slowly and the USB + WPS LEDs
flashes fast at the same time. You have to reboot the device and
it should then come right up.
Installation via Web-UI:
0. Connect a PC to the powered-on router. It will assign your PC a
IP-address via DHCP
1. Access the Web-UI at 192.168.1.1 (Default Passwort: 1234)
2. Go to the "Expert Mode"
3. Under "Maintenance", select "Firmware-Upgrade"
4. Upload the OpenWRT factory image
5. Wait for the Device to finish.
It will reboot into OpenWRT without any additional actions needed.
To open the ZyXEL NBG6617:
0. remove the four rubber feet glued on the backside
1. remove the four philips screws and pry open the top cover
(by applying force between the plastic top housing from the
backside/lan-port side)
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6617> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6617>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6617> ATSE NBG6617
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6617> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6617> ATGU
|NBG6617#
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
|
6 years ago |