WRT610N

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 19, 20, 21 ... 144, 145, 146  Next
Author Message
hardwarewizard
DD-WRT User


Joined: 15 Apr 2007
Posts: 200
Location: Buffalo, NY

PostPosted: Sun Sep 14, 2008 22:41    Post subject: Reply with quote
has any tried any of the new builds just for S&G??? on the 610??
Sponsor
reames
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 10

PostPosted: Mon Sep 15, 2008 2:22    Post subject: Console/TFTP/CFE, etc Reply with quote
the space between the pads on the second serial location is 0.1"; I soldered a right-angle header on the board. Since I don't have my serial level converter yet, I'm using it in read-only mode; DB25 pin 7 to pin 2 and DB25 pin 3 to pin 1.

DO NOT TRY TO USE ANY WIRING SCHEME BASED ON THE ABOVE FOR READ-WRITE CONSOLE ACCESS !!! You WILL FRY your hardware!

At any rate, the WRT610N pukes on TFTP-ing in the generic images, with the indication that the header does not match (it expects 610N).

Using a TRX with addheader still pukes, but its a less useful, more generic error.

It looks like (digging in the 610N and 350N code packaqges from Cisco) the 350N and 610N *may* share the same CFE. If the CFE was originally engineered for the 350N, which has less flash, this would explain the problem with TFTP uploads to CFE stopping at 4MB.
russg
DD-WRT User


Joined: 03 Aug 2008
Posts: 80

PostPosted: Mon Sep 15, 2008 2:49    Post subject: Re: Console/TFTP/CFE, etc Reply with quote
reames wrote:
the space between the pads on the second serial location is 0.1"; I soldered a right-angle header on the board. Since I don't have my serial level converter yet, I'm using it in read-only mode; DB25 pin 7 to pin 2 and DB25 pin 3 to pin 1.


reames,

This is great work! I hadn't even noticed those contacts before.

--russ
reames
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 10

PostPosted: Mon Sep 15, 2008 15:48    Post subject: Bootloader info? Reply with quote
I saw the following when attempting an "automatic" tftp:

CMD: [load -raw -addr=0x807a60b0 -max=0x3a0000 :]
Loader:raw Filesys:tftp Dev:eth0 File:: Options:(null)
Loading: .. 1802240 bytes read
Entry at 0x807a60b0
CMD: [flash -ctheader -mem -size=0x1b8000 0x807a60b0 flash1.trx]
Reading from 0x807a60b0: CODE Pattern is incorrect! (610N)

I noticed a few things:
"-max-0x3a0000" is 3,801,088 bytes...
"-size=0x1b8000" is 1,802,240 bytes (this matches the bytes read)

When I get my serial cable I'm going to try a:
load -raw -addr=0x807a60b0 -max=0x800000
to see if it pulls down the whole linksys image
I might have to adjust the memory location.

If that works then I will try a flash -mem -size etc...
for some reason CFE doesn't seem to like the bin files that are produced by DD-WRT (and the Cisco code!)...

Could there be some difference occuring with CRC calculations?
reames
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 10

PostPosted: Mon Sep 15, 2008 20:32    Post subject: It's second serial port Reply with quote
And it is fine with a hacked-off DKU-5!

I'll see what we can do about booting.

FYI, here's a printenv and a nvram show


CFE> printenv
CMD: [printenv]
Variable Name Value
----------------------------------------------------------------------
BOOT_CONSOLE uart0
CFE_VERSION 1.0.37
CFE_BOARDNAME BCM947XX
CFE_MEMORYSIZE 65536
NET_DEVICE eth0
NET_IPADDR 192.168.1.1
NET_NETMASK 255.255.255.0
NET_GATEWAY 0.0.0.0
NET_NAMESERVER 0.0.0.0
STARTUP go;
*** command status = 0

CFE> nvram show
CMD: [nvram show]
os_ram_addr=80001000
pci/1/2/bxa2g=0x3
pci/1/1/pa2gw1a0=0x1697
pci/1/1/stbcpo=0
pci/1/2/mcs5ghpo0=0x5555
pci/1/1/pa2gw1a1=0x16b5
pci/1/2/antswctl2g=0x0
pci/1/2/mcs5ghpo1=0x5555
pci/1/2/triso5g=0x3
pci/1/2/mcs5ghpo2=0x5555
pci/1/2/pa2gw1a0=0x1696
pci/1/2/mcs5gpo0=0x5555
pci/1/2/mcs5ghpo3=0x5555
boardrev=0x10
pci/1/2/pa2gw1a1=0x165d
pci/1/2/tri5gh=0xff
pci/1/2/mcs5gpo1=0x5555
pci/1/2/mcs5ghpo4=0
pci/1/2/mcs5gpo2=0x5555
pci/1/2/mcs5ghpo5=0
pci/1/2/mcs5gpo3=0x5555
pci/1/2/mcs5ghpo6=0
pci/1/2/antswitch=3
pci/1/2/mcs5gpo4=0
pci/1/2/mcs5ghpo7=0
pci/1/2/tri5gl=0xff
pci/1/2/mcs5gpo5=0
et0macaddr=00:21:29:BE:XX:XX
bootnv_ver=6
new_vlan1hwname=et0
pci/1/2/mcs5gpo6=0
pci/1/2/mcs5gpo7=0
boot_wait=on
watchdog=5000
et0mdcport=0
pci/1/2/regrev=0
pci/1/2/pa5ghw0a0=0xfea6
pci/1/2/pa5ghw0a1=0xfeac
reset_gpio=6
pmon_ver=CFE 4.175.64.12
pci/1/1/tri2g=0xff
vlan2ports=0 8
pci/1/2/venid=0x14e4
pci/1/2/rssismc2g=0xf
pci/1/1/ag0=2
gpio2=robo_reset
pci/1/1/ag1=2
pci/1/2/aa2g=7
pci/1/1/ag2=2
pci/1/2/rxpo5g=0xff
new_vlan2ports=0 8
pci/1/2/rssisav2g=0x7
gpio8=ses_button
pci/1/2/tri5g=0xff
pci/1/2/stbcpo=0
pci/1/2/pa5gw2a0=0xfaf1
pci/1/2/pa5gw2a1=0xfb1a
os_flash_addr=bfc40000
pci/1/2/macaddr=00:90:4C:D6:00:2A
pci/1/1/ccdpo=0
boardtype=0x478
pci/1/2/cck2gpo=0
pci/1/1/rxchain=3
lan_netmask=255.255.255.0
pci/1/2/maxp5ga0=0x3c
pci/1/2/maxp5ga1=0x3c
pci/1/1/pa2gw0a0=0xfec9
pci/1/1/pa2gw0a1=0xfeb4
pci/1/2/pa2gw0a0=0xfeb1
pci/1/2/tssipos5g=0x1
pci/1/2/pa2gw0a1=0xfe93
pci/1/1/bxa2g=0x3
pci/1/1/boardflags=0x200
vlan2hwname=et0
pci/1/2/pdetrange5g=0x0
pci/1/2/maxp5gla0=0x3c
wl0gpio0=8
pci/1/2/maxp5gla1=0x3c
pci/1/1/boardvendor=0x14e4
pci/1/2/rssismf2g=0xf
pci/1/2/bxa5g=0x3
boardflags2=0
pci/1/2/antswctl5g=0x0
pci/1/2/maxp5gha0=0x3c
pci/1/2/maxp5gha1=0x3c
pci/1/1/bw40po=0x4
pci/1/1/triso2g=0x3
pci/1/1/sromrev=8
wait_time=5
pci/1/1/extpagain2g=0x0
pci/1/1/venid=0x14e4
pci/1/2/boardvendor=0x14e4
pci/1/2/pa5glw2a0=0xfab8
pci/1/2/pa5glw2a1=0xfaf3
pci/1/2/pa5gw1a0=0x1543
pci/1/2/pa5gw1a1=0x148d
pci/1/1/boardrev=0x1202
tftpd_ipaddr=192.168.1.254
pci/1/2/leddc=0xFFFF
pci/1/2/extpagain2g=0x0
pci/1/1/itt2ga0=0x20
pci/1/2/boardrev=0x1202
pci/1/1/itt2ga1=0x20
pci/1/2/rxchain=3
pci/1/2/itt5ga0=0x3e
pci/1/2/itt5ga1=0x3e
pci/1/1/maxp2ga0=0x46
pci/1/1/maxp2ga1=0x46
pci/1/2/rssismc5g=0xf
pci/1/2/maxp2ga0=0x4a
pci/1/2/aa5g=7
pci/1/2/maxp2ga1=0x4a
pci/1/1/boardtype=0x04bc
lan_ifnames=vlan1 eth1 eth2 eth3
pci/1/2/rssisav5g=0x7
pci/1/1/boardflags2=0x0000
pci/1/1/tssipos2g=0x1
pci/1/2/pa5ghw2a0=0xfab3
pci/1/2/ccode=Q2
pci/1/2/pa5ghw2a1=0xfad5
pci/1/2/bw40po=0x4
wan_ifnames=vlan2
pci/1/1/ofdm2gpo=0x55555555
use_new_vlan=1
pci/1/1/ledbh0=02
pci/1/1/ledbh1=02
pci/1/1/ledbh2=11
pci/1/2/ofdm2gpo=0
pci/1/1/ledbh3=11
pci/1/1/ledbh4=11
lan_ipaddr=192.168.1.1
clkfreq=300,150,37
pci/1/1/ledbh5=11
vlan1hwname=et0
pci/1/2/boardflags2=0x0000
pci/1/1/mcs2gpo0=0x5555
pci/1/2/ag0=2
pci/1/1/mcs2gpo1=0x5555
pci/1/2/ag1=2
pci/1/1/mcs2gpo2=0x5555
pci/1/2/ag2=2
pci/1/1/rxpo2g=0xff
pci/1/1/mcs2gpo3=0x5555
pci/1/2/mcs2gpo0=0
sdram_config=0x0062
pci/1/1/antswctl2g=0x0
pci/1/1/mcs2gpo4=0
pci/1/2/mcs2gpo1=0
pci/1/1/mcs2gpo5=0
pci/1/2/mcs2gpo2=0
vlan1ports=1 2 3 4 8*
pci/1/1/mcs2gpo6=0
pci/1/2/mcs2gpo3=0
pci/1/1/mcs2gpo7=0
pci/1/2/mcs2gpo4=0
scratch=a0180000
pci/1/2/devid=0x432b
pci/1/2/mcs2gpo5=0
pci/1/2/mcs2gpo6=0
pci/1/2/mcs2gpo7=0
boot_hw_ver=1.0
pci/1/1/bwduppo=0
pci/1/1/txchain=3
pci/1/2/triso2g=0x3
pci/1/2/sromrev=8
pci/1/1/aa2g=7
pci/1/1/antswitch=3
new_vlan1ports=1 2 3 4 8*
boardflags=0x110
wandevs=vlan2
sdram_refresh=0x0000
pci/1/2/mcs5glpo0=0x5555
pci/1/2/boardflags=0xa00
pci/1/2/pa5glw1a0=0x158f
pci/1/2/mcs5glpo1=0x5555
pci/1/2/pa5glw1a1=0x14cc
pci/1/2/mcs5glpo2=0x5555
sdram_ncdl=0xfe0306
pci/1/2/mcs5glpo3=0x5555
pci/1/2/mcs5glpo4=0
pci/1/2/mcs5glpo5=0
pci/1/2/pa5gw0a0=0xfeac
pci/1/2/mcs5glpo6=0
safe_mode_upgrade=off
pci/1/2/pa5gw0a1=0xfeb5
pci/1/2/mcs5glpo7=0
pci/1/2/rssismf5g=0xf
pci/1/2/itt2ga0=0x20
pci/1/2/itt2ga1=0x20
pci/1/2/ledbh0=02
pci/1/2/ledbh1=11
pci/1/1/leddc=0xFFFF
pci/1/2/ledbh2=02
pci/1/1/pa2gw2a0=0xfad6
pci/1/2/ledbh3=11
pci/1/1/pa2gw2a1=0xfaaf
pci/1/2/ledbh4=11
new_vlan2hwname=et0
pci/1/2/ledbh5=11
pci/1/2/pa2gw2a0=0xfac7
pci/1/2/pa2gw2a1=0xfaba
pci/1/1/rssismc2g=0xf
mfg_wait=on
et0phyaddr=30
pci/1/2/rxpo2g=0xff
pci/1/1/rssisav2g=0x7
pci/1/2/tri2g=0xff
landevs=vlan1 wl0
pci/1/2/pa5ghw1a0=0x164b
boot_hw_model=WRT610N
pci/1/2/pa5ghw1a1=0x15e7
pci/1/2/extpagain5g=0x0
pci/1/1/ccode=US2
sdram_init=0x0549
dl_ram_addr=a0001000
pci/1/2/boardtype=0x04a6
pci/1/1/pdetrange2g=0x0
cardbus=0
pci/1/2/bwduppo=0
pci/1/1/regrev=0
pci/1/2/txchain=3
pci/1/2/ccdpo=0
pci/1/2/tssipos2g=0x1
pci/1/1/devid=0x432c
pci/1/1/macaddr=00:90:4C:EC:00:2A
pci/1/2/pa5glw0a0=0xfe97
pci/1/2/pa5glw0a1=0xfeab
boot_ver=v4.2
pci/1/2/pdetrange2g=0x0
boardnum=42
pci/1/1/cck2gpo=0
pci/1/1/rssismf2g=0xf
size: 4809 bytes (27959 left)
*** command status = 0
reames
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 10

PostPosted: Tue Sep 16, 2008 0:58    Post subject: Restored Linksys factory F/W without JTAG! (Serial Console) Reply with quote
Previously I identified an alternate Console port location on the underside of the board.

I soldered a 1 row x 5 pin right angle header to it (missing the 4th pin).

I have modified a DKU-5 and am using that for a serial console) (header receptacle to match the header on the WRT)

My wiring is (based on Nokia pop-port wiring diagram): (wiki:Pop-Port /Follow links)

Pop-Port/Pin WRT Pin
Gnd (2) 5
Vout (4) 1
FBus Rx(6) 3
FBus Tx(7) 2

For reference the pop-pot plug on the DKU-5 is missing Pin 1; it would be on the other side of the left lug. (as you'd plug it into the phone.)

Your cable may be using pin 8 for ground instead of or in addition to pin 2. Use 8 if 2 isn't there or both if they are both present.

There was a wire connected to pin 3 on the pop-port, just cut that one off.

With that done, I plugged in, powered up, opened a terminal at 115.2k/8n1/no flow control, and hit control-c several times to get to a "CFE>" prompt.

I used the following command to load the image into RAM, please note the ":" at the end of the command; the router will instantly reboot without it! When you hit enter on this command, immediately start your tftp push (as you normally would)

CFE> load -raw -addr=0x807a60b0 -max=0x800000 :
CMD: [load -raw -addr=0x807a60b0 -max=0x800000 :]
Loader:raw Filesys:tftp Dev:eth0 File:: Options:(null)
Loading: .. 7427072 bytes read
Entry at 0x807a60b0

(I converted 7427072 to hex and got 0x715400)

CFE> flash -ctheader -mem -size=0x715400 0x807a60b0 flash1.trx
CMD: [flash -ctheader -mem -size=0x715400 0x807a60b0 flash1.trx]
Reading from 0x807a60b0: CODE Pattern is correct! (610N)
Programming...CMD: [et -i=eth0 down]
CMD: [et -i=eth0 up]
done. 7427040 bytes written
*** command status = 0

Power Cycle/NVRAM reset and you are running Linksys firmware again.

For proof-of concept, I went and put v24-10328_NEWD_mega on it and repeated this process (using only the info above).

The device is (once again) running Linksys 1.00.018...

Hopefully this will save some grief!
hardwarewizard
DD-WRT User


Joined: 15 Apr 2007
Posts: 200
Location: Buffalo, NY

PostPosted: Tue Sep 16, 2008 1:06    Post subject: Reply with quote
why not just jtag the router?? it seems a whole lot easier. and it works just fine
lemonteh
DD-WRT Novice


Joined: 30 Dec 2006
Posts: 4

PostPosted: Tue Sep 16, 2008 3:51    Post subject: Reply with quote
Good job Reames! Very Happy Just so you know many of us are watching your progress in anticipation!
reames
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 10

PostPosted: Tue Sep 16, 2008 6:58    Post subject: Linksys Firmware build (FYI) Reply with quote
FYI, linksys firmware 1.00.018 won't build out of the box.

I've found the following so far:
-Make sure you have "gawk" (symlink "awk"->"gawk" if need be)
-Remove release/src/router/config/menubox.o (especially if you are on a 64 bit host!)
-Remove the reference to configure for ntfs-progs (in release/src/Makefile or release/src/router/Makefile) -- if you don't you MAY get compile errors that libfuse can't be found.
-create a file called ".model" containing the line "LINKSYS_MODEL=WRT610N". Place copies in release/src, release/src/router, release/image, and release/tools.

Use the toolchain from wrt350n (v.1x) for compilation. It needs to be put in /opt/brcm/hndtools-*. Make sure you have /opt/brcm/hndtools-mipsel-ulibc-3.2.3/bin and /opt/brcm/hndtools/mipsel-linux-3.2.3/bin as the first entries in your path.

Go into release/src/router and "make menuconfig". Save and exit. Save and exit again.

Go into release/src and "./select.sh". Pick WRT610N USA. "make" (and wait a while)...

BTW, using the serial port method a couple of posts up won't toast your CFE....
reames
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 10

PostPosted: Tue Sep 16, 2008 16:00    Post subject: NVRAM defaults/Linksys firmware/Switch chip config? Reply with quote
It appears that NVRAM is sanity-checked and (re)written by "rc" in the 610n. Any attempts to reconfigure the switch using nvram variables results in RC rewriting the values and forcing a reboot.

Digging into the variables, I'm thinking that the switch is an 8-port chip that does 802.1Q tagging (and DSCP?)

I think the 4705 "et0" is connected to the switch chip port "8" and is carrying both WAN and LAN.

I think the setup is:

VLAN | Description
------+-------------
1 | LAN
2 | WAN

Switch | Port | Access or | Port
Port | Mode | Native VLAN | Use
-------+--------+-------------+----------
0 | Access | 2 | WAN
1 | Access | 1 | LAN 1
2 | Access | 1 | LAN 2
3 | Access | 1 | LAN 3
4 | Access | 1 | LAN 4
8 | Trunk | Native 1 | BCM4705

VLAN 1 is untagged, so that the 4705 could run a normal station (non-trunking) driver and still get recognizable (lan-only) frames.

It also looks like the Linksys firmware sees "wl0" as "eth1" and "wl1" as "eth2".

If this is right it MAY be possible to abuse this device and have as many as 5 (or perhaps 6 or 7?) firewall zones, simply by placing one port in each zone (and wireless in its own zone).. and creating (or not) bridge groups.

I'd like to abuse the 610N as a WET on steroids: put the wireless in station mode in a bridge group with the WAN vlan, as an alternate WAN, and then use the 4 LAN ports as a firewalled 1GbE switch.

I'd have secure private networking (between multiple machines "inside" the firewall) and the ability to connect in places that only do wifi. (i.e. hotels)

This will not be possible with the linksys firmware!

BTW the serial port/tftp combo is 115,200kbps for your commands and 1 GbE for data transfers, so pushing an image across it takes seconds for any image that we would write into the thing.
hardwarewizard
DD-WRT User


Joined: 15 Apr 2007
Posts: 200
Location: Buffalo, NY

PostPosted: Tue Sep 16, 2008 16:28    Post subject: Reply with quote
is there a readme/ schmatic to build a serial cable??

can i just use a level convertor similar to a max232A.

i forget what the 3.3V part# is.

i assume that all i need is pins 2,3,5 from the serial port or do i need full control??
reames
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 10

PostPosted: Tue Sep 16, 2008 18:01    Post subject: Reply with quote
hardwarewizard wrote:
is there a readme/ schmatic to build a serial cable??

can i just use a level convertor similar to a max232A.

i forget what the 3.3V part# is.

i assume that all i need is pins 2,3,5 from the serial port or do i need full control??


Sure, that should work.

Since I did not have a serial port already, it was faster, easier and cheaper to modify a phone cable to do what I needed.
maddes.b
DD-WRT Novice


Joined: 27 Dec 2007
Posts: 36

PostPosted: Wed Sep 17, 2008 18:35    Post subject: WRT610N serial numbers Reply with quote
Just curious what serial numbers you have.
I checked a WRT610N at the german retailer Atelco and they have a WRT610N-DE with a serial number beginning with CTG01H.....
Maybe there is again a difference to the US ones, just like with the WRT350N.

Regards
Maddes
jetskijoe
DD-WRT Novice


Joined: 15 Aug 2008
Posts: 1

PostPosted: Wed Sep 17, 2008 18:58    Post subject: Glad everyone is looking into this Reply with quote
I would love to be able to boost the power on this router. I feel as if it is not tweaked out yet.
_Daniel
DD-WRT Novice


Joined: 10 Sep 2008
Posts: 1

PostPosted: Wed Sep 17, 2008 19:06    Post subject: Reply with quote
I'm in Canada and the serial start with CTG01H
Goto page Previous  1, 2, 3 ... 19, 20, 21 ... 144, 145, 146  Next Display posts from previous:    Page 20 of 146
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum