Posted: Fri Nov 28, 2008 14:57 Post subject: Trendnet TEW-652BRP, Atheros AR9130, DLink DIR-615 C1
Howdy,
I have seen no reference to the TEW-652BRP router. Trendnet has a GPL download set on their website with instructions on building the firmware on Fedora Linux.
The config file has this information:
#
# Model Setting
#
CONFIG_MODEL_NAME=TEW-652BRP
HARDWARE_ID=AP81-AR9130-RT-080609-05
Thanks for your information. I am hacking WR941N. They should be derived from the same reference design. With trendnet source code, I can save a lot of time
ok I found it has a firmware recovery mode; if you hold down the reset button for about 45 seconds while you connect power, it will have a http interface on 192.168.0.1. Note this is not the normal 192.168.10.1 the router defaults to.
identifies itself as
Firmware Upgrade System
-------- Version 1.0.0.1
------Date 2007/07/17
RoundSparrow, I'm not sure if you saw my post in this thread http://www.dd-wrt.com/phpBB2/viewtopic.php?t=37949&start=15 , but based on some comments in the TEW-652BRP gpl source, I'm thinking the DLink DIR-615 rev C1 and TEW-652BRP are the same hw. I will probably try to flash my TEW-652BRP with the DLink FW over the weekend to see if it will work.
I got a couple of the TEW-652BRP for $17 each ($25 buy.com - $8 cashback) so not much to loose anyway.
I would like to get dd-wrt running on it eventually
More progress. The http://www.bitsum.com/firmware_mod_kit.htm Firmware Mod Kit works fine on the firmware for this router. I was able to extract it and modify the www/ files and install it - and see my modifications in the output!
I'm trying to get a telnetd to start, but no luck so far.
I'm trying to get command to execute in /etc/rc.d/rcS file, but no luck. I've added "cp /www/file1.asp /www/file2.asp" but no results (file1.asp loads fine in browser, I created it in the www dir)
if /etc/rc.d/rcS isn't running - where is startup script? What starts httpd?
I wonder what (if any) the actual hw differences are between the TEW-632BRP and TEW-652BRP
I bet the radios differ. But maybe everything else is same.
Ok, here are the results with trying the D-Link DIR-615C firmware on Trendnet hardware and this was interesting.
The normal Trendnet firmware Tools page refused the D-Link firmware saying it was wrong model. I extracted the firmware files and it looked very similar...
Now the FUNNY THING is that the recovery (reset boot) flash program REFUSES to allow the TEW-652BRP firmware! But happily allowed me to feed it the D-Link DIR-615C firmware.
Now my router runs the D-Link firmware! The D-Link Firmware page refuses the Trendnet firmware, so does the recovery webpage. To get around this, changed the end of the Trendware bin file to DLink one and I am back on the original Trendware firmware (used the recovery flash page).
Last edited by RoundSparrow on Sat Dec 06, 2008 2:09; edited 2 times in total
0x000000: [compressed linux kernel image (lzma)] - currently linux 2.6.15
0x100000: [squashfs-lzma 3.2-r2 rootfs image] - squashfs-lzma 3.2-r2
-- padded and aligned to end of ROM --- to 0x3B0000
0x3B0000: [footer, image id] - "AP81-AR9130-RT-070614-00"
In other words, get the footer image id from the DLINK firmware and put that into the Trendnet firmware bin, then you should be able to flash the Trendnet firmware using the DLINK or boot recovery mode. (Edit using a hex editor of course)
busybox is already on the TEW-652BRP default firmware (according to the startup log). So I guess you just need to start telnetd (not sure if the telnetd link to busybox is there or not). Since you were having problems with the startup, perhaps you could just add a CGI to launch telnetd and then invoke that CGI from the web interface to start telnetd
Yha, I thought of the CGI trick... but from what I can tell, on these routers the cgi isn't external, it is all built into the httpd binary as static c code; it isn't external perl or whatever.
I ran strings on the httpd binary from the DLink and the Trednet, there are lots of references to the pages and to the specific features of that firmware.
I'm sure this issue is a lot easier for someone with experience with this limited environment (Busybox, etc). Chime in guys with more experience
Yha, I thought of the CGI trick... but from what I can tell, on these routers the cgi isn't external, it is all built into the httpd binary as static c code; it isn't external perl or whatever.
I ran strings on the httpd binary from the DLink and the Trednet, there are lots of references to the pages and to the specific features of that firmware.
I'm sure this issue is a lot easier for someone with experience with this limited environment (Busybox, etc). Chime in guys with more experience
What telnetd you use? Standalone one or another busybox binary?
I believe it is the same kernel, and it works for him as telnet. I created a symbolic link of telnetd to that busybox like he did in that firmware.
It might have worked, but I'm not sure.... I don't have a serial port to see if boot output is generating an error or what. I'm also not entirely sure that the /etc/rc.d/rcS is executing to start it. I tried adding:
Code:
echo test 123 >> /www/file1.asp
But on the webpage side it doesn't show up (only the existing content of my file1.asp shows, not the appended "test 123")... so perhaps the telned via busybox is fine, but I'm not finding a way to start it up.
I believe it is the same kernel, and it works for him as telnet. I created a symbolic link of telnetd to that busybox like he did in that firmware.
It might have worked, but I'm not sure.... I don't have a serial port to see if boot output is generating an error or what. I'm also not entirely sure that the /etc/rc.d/rcS is executing to start it. I tried adding:
Code:
echo test 123 >> /www/file1.asp
But on the webpage side it doesn't show up (only the existing content of my file1.asp shows, not the appended "test 123")... so perhaps the telned via busybox is fine, but I'm not finding a way to start it up.
There are some ways to overcome it.
For example, the kernel 99% has nfs support, then you can modify /etc/rc.d/rcS to
1. ifconfig ethX to access your network
2. mount -o nolock some_ip:/some/path
3. execute /some/path/extra.sh
Then you can put whatever useful things in this nfs mount, and with every boot, you can try something out, like executing certain command and dumping stdout/stderr to nfs mount.