TJTAG - EJTAG De-Brick tool - IMPORTANT CHANGE:See 1st Post.

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> General Questions
Goto page Previous  1, 2, 3 ... 27, 28, 29 ... 82, 83, 84  Next
Author Message
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Sun Oct 19, 2008 7:42    Post subject: Reply with quote
the 5352 doen not need /noreset, after eraseing the cfe, verify that it is erased by backing it up and looking at it with a hex editor. when flashing the cfe try using the switches

flash:cfe /noemw /bypass

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
Sponsor
myacct
DD-WRT Novice


Joined: 08 Oct 2008
Posts: 18

PostPosted: Sun Oct 19, 2008 7:47    Post subject: tjtagv2-1-4 unstable! Reply with quote
Hello Buddies,
It looks that tjtagv2-1-4 is very unstable. Each time I backup CFE (WRT54GL v1.1, upgraded to DD-WRT v24 aleady) by issuing (under windows):

tjtagv2.exe -backup:cfe /noemw

I can always find several bytes different from last backup (using UltraEdit for binary comparsion).

While using HairyDairyMaid's original one:

wrt54g.exe -backup:cfe /noemw /fc:05

Then it is fine, and the file has no differece compared with CFE.bin obtained from Web GUI:
http://192.168.1.1/CFE.bin
myacct
DD-WRT Novice


Joined: 08 Oct 2008
Posts: 18

PostPosted: Sun Oct 19, 2008 8:18    Post subject: Re: tjtagv2-1-4 unstable! Reply with quote
myacct wrote:
Hello Buddies,
It looks that tjtagv2-1-4 is very unstable. Each time I backup CFE (WRT54GL v1.1, upgraded to DD-WRT v24 aleady) by issuing (under windows):

tjtagv2.exe -backup:cfe /noemw

I can always find several bytes different from last backup (using UltraEdit for binary comparsion).

While using HairyDairyMaid's original one:

wrt54g.exe -backup:cfe /noemw /fc:05

Then it is fine, and the file has no differece compared with CFE.bin obtained from Web GUI:
http://192.168.1.1/CFE.bin


Oh, found the reason. The flash chip is EN29LV320B-70TCP, wrt54g.exe can not detect it and I have to add "/fc:05" which looks compatible. However, tjtagv2.exe does not prompt an error but I think it detects wrong chip. So I add "/fc:05" to tjtagv2.exe as well, and everything is fine.
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Sun Oct 19, 2008 8:31    Post subject: Reply with quote
What version of wrt54g are you using ? also, can you please provide the exact numbers on the flash chip ?

P.S. what chip does tjtag detect ?

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
myacct
DD-WRT Novice


Joined: 08 Oct 2008
Posts: 18

PostPosted: Sun Oct 19, 2008 11:35    Post subject: Re: tjtagv2-1-4 unstable! Reply with quote
myacct wrote:
myacct wrote:
Hello Buddies,
It looks that tjtagv2-1-4 is very unstable. Each time I backup CFE (WRT54GL v1.1, upgraded to DD-WRT v24 aleady) by issuing (under windows):

tjtagv2.exe -backup:cfe /noemw

I can always find several bytes different from last backup (using UltraEdit for binary comparsion).

While using HairyDairyMaid's original one:

wrt54g.exe -backup:cfe /noemw /fc:05

Then it is fine, and the file has no differece compared with CFE.bin obtained from Web GUI:
http://192.168.1.1/CFE.bin


Oh, found the reason. The flash chip is EN29LV320B-70TCP, wrt54g.exe can not detect it and I have to add "/fc:05" which looks compatible. However, tjtagv2.exe does not prompt an error but I think it detects wrong chip. So I add "/fc:05" to tjtagv2.exe as well, and everything is fine.


Sorry, for tjtagv2.exe, you should append "/fc:80" (not "/fc:05") to select the chip.
myacct
DD-WRT Novice


Joined: 08 Oct 2008
Posts: 18

PostPosted: Sun Oct 19, 2008 11:39    Post subject: Reply with quote
Tornado wrote:
What version of wrt54g are you using ? also, can you please provide the exact numbers on the flash chip ?

P.S. what chip does tjtag detect ?


Just have a detect again:
tjtagv2.exe -probeonly

And the output is:

==========================================
EJTAG Debrick Utility v2.1.4-Tornado-MOD
==========================================

Probing bus ... Done

Instruction Length set to 8

CPU Chip ID: 00000101001101010010000101111111 (0535217F)
*** Found a Broadcom BCM5352 Rev 1 CPU chip ***

- EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
- EJTAG Version ....... : 1 or 2.0
- EJTAG DMA Support ... : Yes
- EJTAG Implementation flags: R4k MIPS32

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Done
Halting Processor ... <Processor Entered Debug Mode!> ... Done
Clearing Watchdog ... Done
Probing Flash at (Flash Window: 0x1fc00000) ... Done

Flash Vendor ID: 00000000000000000000000001111111 (0000007F)
Flash Device ID: 00000000000000000010001011111001 (000022F9)
*** Found a EON EN29LV320 2Mx16 BotB (4MB) Flash Chip ***

- Flash Chip Window Start .... : 1fc00000
- Flash Chip Window Length ... : 00400000
- Selected Area Start ........ : 00000000
- Selected Area Length ....... : 00000000



*** REQUESTED OPERATION IS COMPLETE ***


Looks detection is correct. Strange?! Why "tjtagv2.exe -backup:cfe /noemw" just can not get a stable backup?!
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Sun Oct 19, 2008 11:59    Post subject: Reply with quote
Because the TopB and BotB definitions for that flash were swapped..

type tjtag alone, this will give you a list of all flash chips, find your flash chip:
*** Found a EON EN29LV320 2Mx16 BotB (4MB) Flash Chip ***

but choose the TopB chip /fc:81 instead of /fc:80...

That should take care of the problem, let me know if you test it ?


Thanks for the heads up, will be fixed in the next release

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
he6y3u
DD-WRT Novice


Joined: 19 Oct 2008
Posts: 3

PostPosted: Sun Oct 19, 2008 14:58    Post subject: Reply with quote
@Tornado
Sorry for my English.
In my device damaged CFE, but I can not update it again
C:\1\BCM>tjtagv2.exe -erase:cfe

==========================================
EJTAG Debrick Utility v2.1.4-Tornado-MOD
==========================================

Probing bus ... Done

Instruction Length set to 5

CPU Chip ID: 00000110001101001000000101111111 (0634817F)
*** Found a Broadcom BCM6348 Rev 1 CPU chip ***

- EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
- EJTAG Version ....... : 1 or 2.0
- EJTAG DMA Support ... : Yes
- EJTAG Implementation flags: R4k MIPS32

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Done
Halting Processor ... <Processor Entered Debug Mode!> ... Done
Clearing Watchdog ... Done
Probing Flash at (Flash Window: 0x1fc00000) ... Done

Flash Vendor ID: 00000000000000000000000101111110 (0000017E)
Flash Device ID: 00000000000000000001101000000000 (00001A00)
*** Found a Spansion S29GL032M BotB (4MB) Flash Chip ***

- Flash Chip Window Start .... : 1fc00000
- Flash Chip Window Length ... : 00400000
- Selected Area Start ........ : 1fc00000
- Selected Area Length ....... : 00040000

*** You Selected to Erase the CFE.BIN ***

=========================
Erasing Routine Started
=========================
Total Blocks to Erase: 11

Erasing block: 1 (addr = 1fc00000)...
>>>>> freeze >>>> Ctrl-C .....

noemw, noreset, nobreak and bypass is not working too...
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Sun Oct 19, 2008 16:59    Post subject: Reply with quote
@he6y3u

Can you read from this device ?

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
he6y3u
DD-WRT Novice


Joined: 19 Oct 2008
Posts: 3

PostPosted: Sun Oct 19, 2008 17:55    Post subject: Reply with quote
@Tornado
Yes, read fine.
I verified that it was not erased, only the first 2 blocks.
Flash chip is damaged?
myacct
DD-WRT Novice


Joined: 08 Oct 2008
Posts: 18

PostPosted: Mon Oct 20, 2008 6:49    Post subject: Reply with quote
Tornado wrote:
Because the TopB and BotB definitions for that flash were swapped..

type tjtag alone, this will give you a list of all flash chips, find your flash chip:
*** Found a EON EN29LV320 2Mx16 BotB (4MB) Flash Chip ***

but choose the TopB chip /fc:81 instead of /fc:80...

That should take care of the problem, let me know if you test it ?


Thanks for the heads up, will be fixed in the next release


Thanks Tornado. I will test after work today.
What is difference between top-boot and bottom-boot? Can BCM5352 only support BotB flash chips, or both TopB and BotB chips can be supported? I am considering to upgrade the flash.

Another question, I notice that CFE starting at address "0x1FC00000" when using JTAG. If I solder the flash chip and use a certain programmer to write CFE.bin into the chip directly, should I just start from "0x00000000" or offset to "0x1FC00000"?
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Mon Oct 20, 2008 7:18    Post subject: Reply with quote
myacct wrote:
Tornado wrote:
Because the TopB and BotB definitions for that flash were swapped..

type tjtag alone, this will give you a list of all flash chips, find your flash chip:
*** Found a EON EN29LV320 2Mx16 BotB (4MB) Flash Chip ***

but choose the TopB chip /fc:81 instead of /fc:80...

That should take care of the problem, let me know if you test it ?


Thanks for the heads up, will be fixed in the next release


Thanks Tornado. I will test after work today.
What is difference between top-boot and bottom-boot? Can BCM5352 only support BotB flash chips, or both TopB and BotB chips can be supported? I am considering to upgrade the flash.

Another question, I notice that CFE starting at address "0x1FC00000" when using JTAG. If I solder the flash chip and use a certain programmer to write CFE.bin into the chip directly, should I just start from "0x00000000" or offset to "0x1FC00000"?


1. the difference is where the smaller blocks are located, at the top or at the bottom:

8k blocks then 64k block for BotB
64k blocks then *k blocks for TopB

"EON EN29LV320 2Mx16 BotB (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 }, /* wrt54gl v1.1 */
"EON EN29LV320 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 }, /* bypass */

2. The flash base is where Broadcom has that paticular device mapped..0x1C000000 for 8mb flash and 0x1FC00000 for 4mb flash or less.

It depends on what size flash you will use. Hope that explains it ?

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
johnboi
DD-WRT Novice


Joined: 08 Aug 2008
Posts: 5

PostPosted: Mon Oct 20, 2008 8:25    Post subject: Reply with quote
Tornado wrote:
the 5352 doen not need /noreset, after eraseing the cfe, verify that it is erased by backing it up and looking at it with a hex editor. when flashing the cfe try using the switches

flash:cfe /noemw /bypass

The cfe is not erased and the data starts at address 2000 which is where it always stops at when trying to flash. So how do I get the data erased?
johnboi
DD-WRT Novice


Joined: 08 Aug 2008
Posts: 5

PostPosted: Mon Oct 20, 2008 12:09    Post subject: wrt54glv1.1 Reply with quote
Since my previous post a couple of hours ago I have now been able to erase the cfe by using /fc81 and have been able to flash the cfe. Thanks
myacct
DD-WRT Novice


Joined: 08 Oct 2008
Posts: 18

PostPosted: Mon Oct 20, 2008 14:06    Post subject: Reply with quote
Tornado wrote:
Because the TopB and BotB definitions for that flash were swapped..

type tjtag alone, this will give you a list of all flash chips, find your flash chip:
*** Found a EON EN29LV320 2Mx16 BotB (4MB) Flash Chip ***

but choose the TopB chip /fc:81 instead of /fc:80...

That should take care of the problem, let me know if you test it ?


Thanks for the heads up, will be fixed in the next release


I have made some more tests, and the result looks not determined by which command is used:
tjtagv2.exe -backup:cfe /noemw
tjtagv2.exe -backup:cfe /noemw /fc:80
tjtagv2.exe -backup:cfe /noemw /fc:81

It looks related to the status of the router (WRT54GL) itself. Sometimes when reading via JTAG, the power LED is always on (just like normal operation), and the backup result will be wrong (several bytes different). While sometimes the power LED is flashing (does it means that the router is reset?), and in this case the backup result is correct.
Goto page Previous  1, 2, 3 ... 27, 28, 29 ... 82, 83, 84  Next Display posts from previous:    Page 28 of 84
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum