CFE version 1.0.37 for BCM947XX (32bit,SP,LE)
Build Date: Wed Sep 24 02:39:52 EDT 2008 (tornado@dd-wrt.com)
Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.
****************************
So.. There is no help available for [-options] and the old cfe documentation I have doesn't give too much info for the save command.
Can anybody give me a hand?
The router I am using for this is a TM with a dd-wrt cfe running dd-wrt. This is to get it figured out.. Incase I trash this router, I can recover it.. I need this procedure for another device that has no jtag.
I've tried it every which way.. leaving out the proceding 0x~, no space before or after the colon ":".. I crashing and burning.. _________________ [Moderator Deleted]
ra = returnaddress ie pointing back to the routine calling the code that crashed.
try to use 0xbc000000 instead of 0x1c000000.
tftp.exe and tftp2.exe can only send, you need to install tftpd32 or Solarwinds tftp server which both can receive. _________________ Kernel panic: Aiee, killing interrupt handler!
ra = returnaddress ie pointing back to the routine calling the code that crashed.
try to use 0xbc000000 instead of 0x1c000000.
tftp.exe and tftp2.exe can only send, you need to install tftpd32 or Solarwinds tftp server which both can receive.
I have a tftp server running.. It makes the file, but it is zero bytes big..
Where does 0xbc000000 come from?
Thanks..
No crash this time?
0xbc000000 is the same address but in cached kseg1 instead of uncached kseg0.
user space vs system space to simplify the explanation.
You can also try 0x9c000000 which is uncached kseg1.
Another test is to try to save from ram to see if there's some problem with the save command reading from flash, 0x80300000 or 0x80700000 for instance.
Zero byte filelength, it may be the 0 in 0x for the length, try to use decimal value for length. _________________ Kernel panic: Aiee, killing interrupt handler!
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Tue Jun 22, 2010 12:59 Post subject:
LOM wrote:
Checked the documentation for the save command, values are hexadecimal but without a 0x in front of them.
CFE> save host:file_name 80000000 1000
4096 bytes written to host:filename
*** command status = 0
Edit:
Tried it, works on my "E2000"
save 192.168.1.131:wholeflash.bin bc000000 800000
Thanks.. I'll give it another go when I get home. Wasn't able to get back at it last night.. The power went out. Still out.. _________________ [Moderator Deleted]
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Tue Jun 22, 2010 15:11 Post subject:
LOM wrote:
No spaces (as in your example above) in host:filename
I tried it different ways.. Looks like my problem was the beginning address.. How do you know these things?
I read the broadcom cfe documentation I have which is also on the tftp server under information library.. When ever I run across something of use to the forum like chip data sheets, hard to find docs, etc, I put it there.
Anyway.. I read that from cover to cover. It does say to specify a hex address by using 0x. It is an old doc (2003) and is mainly for the 12xx processors.
It also says to see the LOAD command for the options as they are the same but I don't think those options would apply to a SAVE (-elf, -raw, etc)
I spent a couple of hours looking for a newer doc but came up empty. _________________ [Moderator Deleted]
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Tue Jun 22, 2010 23:56 Post subject:
@LOM... Very cool.. Thank you very much..
Still wanna know how you derived that starting address..
I used a GL this time.. The TM does not have a stock cfe so I was thinking maybe something may have been missing.
***********************************************
CFE version 1.0.37 for BCM947XX (32bit,SP,LE)
Build Date: Tue Jun 20 16:22:41 CST 2006 (root@localhost.localdomain)
Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.
Initializing Arena
Initializing Devices.
No DPN
et0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.37.0
CPU type 0x29008: 200MHz
Total memory: 16384 KBytes
Total memory used by CFE: 0x80300000 - 0x803A39C0 (670144)
Initialized Data: 0x803398D0 - 0x8033BFE0 (10000)
BSS Area: 0x8033BFE0 - 0x8033D9C0 (6624)
Local Heap: 0x8033D9C0 - 0x803A19C0 (409600)
Stack Area: 0x803A19C0 - 0x803A39C0 (8192)
Text (code) segment: 0x80300000 - 0x803398D0 (235728)
Boot area (physical): 0x003A4000 - 0x003E4000
Relocation Factor: I:00000000 - D:00000000
Boot version: v3.7
The boot is CFE
mac_init(): Find mac [00:21:29:C3:34:B9] in location 0
Nothing...
eou_key_init(): Find key pair in location 4
The eou device id is same
The eou public key is same
The eou private key is same
Device eth0: hwaddr 00-21-29-C3-34-B9, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Automatic startup canceled via Ctrl-C
Still wanna know how you derived that starting address..
Me too!
And is the starting address different for each router?
Ehh? Ok guys, don't blame me, you asked for it...
The flash resides at the physical address 1c000000, that is known from before, right?
The address space of the mips cpu is divided into segments, kseg0 from address 0 to 7fffffff and kseg1 from 80000000 to ffffffff.
Everything in kseg0 is also present in kseg1 but there are different access rights between these segments.
kseg0 is system space and kseg1 is user space and user programs running in kseg1 are prevented from accessing kseg0 directly.
The segments are then further split into cached and non-cached addresses and the split point is after 0x20000000.
So 1c000000 in un-cached kseg0 is also available at 3c000000 in cached kseg0 and at 9c000000 in uncached kseg1 and at bc000000 in cached kseg1.
See the mips programming manual for further references..
And yes, all our Broadcom based routers are using those addresses so what barryware now succeded with can be used for dumping cfe's, nvram data, or wholeflash on all of them.
There may be some cfe's with a broken or removed save command though.
Serial connection rulez!! _________________ Kernel panic: Aiee, killing interrupt handler!