TJTAG - EJTAG De-Brick tool - IMPORTANT CHANGE:See 1st Post.

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> General Questions
Goto page Previous  1, 2, 3 ... 79, 80, 81, 82, 83, 84  Next
Author Message
andreiursan
DD-WRT Novice


Joined: 26 Aug 2011
Posts: 29

PostPosted: Sat Aug 27, 2011 13:10    Post subject: atheros+jtag Reply with quote
Hi.Thank you for reply. I am using tjtag3 and a home made wiggler cable.Are this the right tools to backup the flash , to erase nvram,etc ? Thank you.
Sponsor
RogFanther
DD-WRT User


Joined: 24 May 2008
Posts: 156

PostPosted: Sat Aug 27, 2011 14:43    Post subject: Reply with quote
If tjtag can correctly identify your processor, and the flash chip, you can either discover what are the sizes of the bootloader and configuration area and save them with the /custom parameter, or just backup the wholeflash. May be slow, but works.

What is the model of the router ?
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7647

PostPosted: Sat Aug 27, 2011 15:06    Post subject: Re: AR2313+jtag ? Reply with quote
andreiursan wrote:
Hello. I have a router with CPU: AR2313A and Flash : MX29LV800BTC-90. Can I use tjatg with paralel port to erase nvram, backup cfe,etc ?Today I made a test with a wiggler cable, it detects the CPU, I made a backup of cfe but when I looked inside the CFE it looks funny.Is this because of the tjtag or the CFE is corrupt? Thank you.


An MX29LV800 is a 1MByte flash chip and routers with such small flash space don't use standard boot loaders and they don't run Linux.
Most common is that they run VXWorks with the bootloader integrated into the operating system.
tjtag's preset definitionss "kernel" , "nvram", "cfe" does not apply to VXWorks so you'll have to know the flash address range and read/write using the custom parameter.
andreiursan
DD-WRT Novice


Joined: 26 Aug 2011
Posts: 29

PostPosted: Sun Aug 28, 2011 10:17    Post subject: Reply with quote
Hello. My router is WL-AP-2454 , the board is : GL2454AP-QA0-B10 VER:V1.0 . Using tjtag3 I can detect the CPU but not the flash : MX29LV800BTC-90 . I made a wholeflash backup using /fc:01 . When I read the file , looks empty.I want to write a bootloader on the flash but I do not know from where to take it.How can I discover what are the sizes of the bootloader and configuration area and save them with the /custom parameter ? This router is similar with WAP4000 H/W v2 from Planet. Thank you.
andreiursan
DD-WRT Novice


Joined: 26 Aug 2011
Posts: 29

PostPosted: Sun Aug 28, 2011 15:02    Post subject: photo Reply with quote
Hello. I made a picture with the board.Maybe somebody can help me to fix this board. Thank you.


100_7065.JPG
 Description:
 Filesize:  906.73 KB
 Viewed:  25596 Time(s)

100_7065.JPG


RogFanther
DD-WRT User


Joined: 24 May 2008
Posts: 156

PostPosted: Sun Aug 28, 2011 17:04    Post subject: Reply with quote
Well, it is an access point, not a router. Not much flexibility to do things with it.

It is similar to the D-Link DWL-800 / DWL-810+ .

You say fix the board. Which is the problem with it, ahd how was it caused ? Try to download the firmware from the manufacturer site, and take a look in the recognizable strings inside it to maybe discover if it is vxWorks based or not.

Have you hooked a serial console to it ? What are the messages ?

By the way, there are some difficulties recognizing flash ships in Atheros platform with tjtag. I believe Ramponis used openjtag or UrJtag in his work with the dwl-2100ap.
andreiursan
DD-WRT Novice


Joined: 26 Aug 2011
Posts: 29

PostPosted: Sun Aug 28, 2011 17:13    Post subject: Reply with quote
Hello.It was working before, I am guessing that somebody did a wrong firmware update. Before when was working I had the firmware from attachment installed on it .Now only the power LED is on, no Wlan, no Lan link.I did a jtag cable wiggler, I played with EJTAG Debrick Utility v3.0.1 Tornado-MOD, is detecting the cpu, the flash I have to select it manually /fc:01 . I do not have a serial cable made yet, I need more information about what parts I need exactly.The firmware is in the attachment. Thank you.


FW-WAP4K_HWv2_v198.bin
 Description:

Download
 Filename:  FW-WAP4K_HWv2_v198.bin
 Filesize:  896 KB
 Downloaded:  1035 Time(s)

NewLearner
DD-WRT Novice


Joined: 27 Aug 2011
Posts: 3

PostPosted: Sun Aug 28, 2011 19:09    Post subject: TJTAG Atheros AR531X/231X and flash AT49BV322A 2Mx16 BotB Reply with quote
Thank You in advance - I sure hope you more knowledgeable than I can help!

I have two D-Link DWL-2100AP Ver:A3 access points. One is working great and
updated with latest VxWorks/D-Link OEM firmware. The other is now completely
bricked. No led on at all.

The brick had the continuous boot problem but I was able to access the serial.
So with tftpd32.exe I loaded art, and apimg1 that I saved from the good AP.
But following every attempt the AP would just continually boot. Reading further
I found I needed to access the flash that is only accessible with JTAG.

Also after reading:
barryware’s statement:
I don't see the problem. processor as well as the flash chip is being recognized.
erase wholeflash (twice), flash a cfe.. done.. then tftp a micro build to the unit.

And LOM’s statement:
tjtag's preset definitions "kernel" , "nvram", "cfe" does not apply to VXWorks so
you'll have to know the flash address range and read/write using the custom parameter.

And others above, I then figured the best thing would be to erase wholeflash (twice)
and then flash wholeflash. So using TJTAG and a Wiggler for MIPS CPU as pictured in
tjtag3-0-1.zip (buffered 74HC244 chip, 2N3904, etc.) I sent command
tjtag3.exe -erase:wholeflash /wiggler Followed by tjtag3.exe -flash: wholeflash /wiggler

Here is a look at process tjtag3.exe -flash:wholeflash /wiggler /bypass
==============================================
EJTAG Debrick Utility v3.0.1 Tornado-MOD
==============================================
Probing bus ... Done
Instruction Length set to 5
CPU Chip ID: 00000000000000000000000000000001 (00000001)
*** Found a Atheros AR531X/231X CPU chip ***
- EJTAG IMPCODE ....... : 01000000010000000100000000000000 (40404000)
- EJTAG Version ....... : 2.6
- EJTAG DMA Support ... : No
- EJTAG Implementation flags: R4k ASID_8 NoDMA MIPS32
Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Skipped
Halting Processor ... <Processor Entered Debug Mode!> ... Done
Clearing Watchdog ... Done
Enabling Atheros Flash Read/Write ... Done
.RE-Probing Atheros processor....
Probing Flash at (Flash Window: 0x1fc00000) ...
Done

Flash Vendor ID: 00000000000000000000000000011111 (0000001F)
Flash Device ID: 00000000000000000000000011001000 (000000C8)
*** Found a AT49BV322A 2Mx16 BotB (4MB) Flash Chip ***
- Flash Chip Window Start .... : 1fc00000
- Flash Chip Window Length ... : 00400000
- Selected Area Start ........ : 1fc00000
- Selected Area Length ....... : 00400000
*** You Selected to Flash the WHOLEFLASH.BIN ***
=========================
Flashing Routine Started
=========================
Total Blocks to Erase: 71
Erasing block: 1 (addr = 1fc00000)...Done
Continuing To…..
Erasing block: 71 (addr = 1fff0000)...Done

Entered Unlock Bypass mode->

Loading WHOLEFLASH.BIN to Flash Memory...
[ 0% Flashed] 1fc00000: 4f010010 00000000 90010010 00000000
[ 0% Flashed] 1fc00010: 7d060010 00000000 7b060010 00000000
To end…………..Completing as if written.

And now, finally, here is the heart of my problem! TJTAG erases but will not write.
tjtag3.exe - flash:wholeflash /wiggler command alone will not even start to write.
So I tried these and they proceed happily along looking to be writing but do not write:
tjtag3.exe - flash:wholeflash /wiggler /bypass /
tjtag3.exe - flash:wholeflash /wiggler /bypass /nodma
tjtag3.exe - flash:wholeflash /wiggler /bypass /nodma /noreset
tjtag3.exe - flash:wholeflash /wiggler /bypass /nodma /noreset
tjtag3.exe - flash:wholeflash /wiggler /bypass /nodma /noreset /noemw

tjtag3.exe - flash:wholeflash /wiggler /bypass /nodma /noreset /nobreak Stops at Clearing Watchdog.

I checked my wiggler with a multimeter.
I even built another wiggler and checked it with a multimeter.
I checked my connections over and over.
I shortened my cable and even added more ground shields.
I tried tjtag302RC2-1.exe
All to no avail, nothing writes.

Here is a look at my current flash with tjtag3.exe -backup:cfe /wiggler
==============================================
EJTAG Debrick Utility v3.0.1 Tornado-MOD
==============================================
Probing bus ... Done
Instruction Length set to 5
CPU Chip ID: 00000000000000000000000000000001 (00000001)
*** Found a Atheros AR531X/231X CPU chip ***
- EJTAG IMPCODE ....... : 01000000010000000100000000000000 (40404000)
- EJTAG Version ....... : 2.6
- EJTAG DMA Support ... : No
- EJTAG Implementation flags: R4k ASID_8 NoDMA MIPS32
Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Skipped
Halting Processor ... <Processor Entered Debug Mode!> ... Done
Clearing Watchdog ... Done
Enabling Atheros Flash Read/Write ... Done
.RE-Probing Atheros processor....
Probing Flash at (Flash Window: 0x1fc00000) ...
Done
Flash Vendor ID: 00000000000000000000000000011111 (0000001F)
Flash Device ID: 00000000000000000000000011001000 (000000C8)
*** Found a AT49BV322A 2Mx16 BotB (4MB) Flash Chip ***

- Flash Chip Window Start .... : 1fc00000
- Flash Chip Window Length ... : 00400000
- Selected Area Start ........ : 1fc00000
- Selected Area Length ....... : 00040000

*** You Selected to Backup the CFE.BIN ***

=========================
Backup Routine Started
=========================

Saving CFE.BIN.SAVED_20110827_110720 to Disk...
[ 0% Backed Up] 1fc00000: 00ff00ff 00ff00ff 00ff00ff 00ff00ff
[ 0% Backed Up] 1fc00010: 00ff00ff 00ff00ff 00ff00ff 00ff00ff
To end…………..Completing showing nothing was written.

Is the problem TJTAG Skipped Enabling Memory Writes?
Is there a magical combination of optional TJTAG parameters which makes my router happy?
Or is TJTAG just not capable of writing to my flash and I will have to learn openjtag/UrJtag?

Can anyone help? Without writing back to the flash the AP now remains completely dead!
RogFanther
DD-WRT User


Joined: 24 May 2008
Posts: 156

PostPosted: Sun Aug 28, 2011 22:26    Post subject: Reply with quote
andreiursan, try pushing the reset button for about 10s when booting it. You can find plenty of information about the serial converter cable in this forum. Some links :
http://www.linux-mips.org/wiki/BR6104
http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_Serial-Cable-Port
http://www.dd-wrt.com/wiki/index.php/WRT54GL_MAX232_Serial&sa=U&ei=NrtaTo_XJJSjtgeh3cGRDA&ved=0CAwQFjAA&usg=AFQjCNEvApiyCcS1mSIqgLM42ntO4HlX_A
It seems your AP has vxWorks based firmware. Try booting it with the reset button pressed, and look if the LAN led is on. Then you could try to update firmware to some emergency web server inside the unit, if the case it is similar to the Planet and Dlink models.

Newlearner, the reply to most of your questions is no. Tjtag still doesn´t support 8 bit data bus for the flash, and that is what is used in the dwl2100. You can see , when making the backup , it reads one byte as 00, other as ff.
Your best bet is using the urjtag or openjtag. Look at Ramponis guide, he explains it very well, and even has a wholeflash from a working unit in his page.
andreiursan
DD-WRT Novice


Joined: 26 Aug 2011
Posts: 29

PostPosted: Mon Aug 29, 2011 6:42    Post subject: Reply with quote
Hello.Thank you for reply.Something funny is happening.Using tjtag3 both on my laptop and my pc ,when I make backup of wholeflash on my laptop I get empty flash, but when I backup using the pc I get some information from flash.What could be the reason? Are there some settings I have to make for parallel port? It is better to work with the parallel port from the pc ?? Today I will start to play with the jtag from Ramponis website. Thank you.
NewLearner
DD-WRT Novice


Joined: 27 Aug 2011
Posts: 3

PostPosted: Mon Aug 29, 2011 7:34    Post subject: Reply with quote
RogFanther - Man O Man thanks for letting me know Tjtag will not work for me. As you kindly point out Ramponis does have a very excellent guide. I had previously translated it to English and have read it. A very Huge Help in getting me this far!

I was just hoping to use Tjtag and Windows as I read it supported my CPU and Flash Chip. OK so now I will load up a spare box with Ubunto. Then start the Urjtag/openjtag learning process. Checking out: http://wiki.openwrt.org/toh/d-link/dwl-2100ap on the way. Lord All Mighty - So much to learn - LOL.

Also If I may query you for one more answer? As this DD-WRT Forum topic is about Tjtag which I will not be using after all, and I will be focusing on repairing my dwl2100, where would you suggest I submit my Questions/Answers?

Perhaps:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=14050&highlight=dwl2100
DD-WRT Forum Atheros WiSOC based Hardware
and:
https://forum.openwrt.org/viewtopic.php?id=6357&p=1
General Discussion » Bootloader/Image for a DLink DWL-2100AP
NewLearner
DD-WRT Novice


Joined: 27 Aug 2011
Posts: 3

PostPosted: Mon Aug 29, 2011 7:37    Post subject: Reply with quote
andreiursan along with RogFanther's excellent pointers you may want to take a look at this also. It is a very good tutorial to build a serial and helped me to access my AP. It is USB and I bought my CA-42 off eBay for $5US delivered. I loaded only the Win XP driver and using Terminal.exe and tftpd32.exe I was able to look into what ails my DWL2100AP. The guide says only the DKU-5 has the (red) wire to power the buffer chip but I found this was the case with my CA-42 also. I know this does not make since but check out the link, read it, and it will. good luck!
http://buffalo.nas-central.org/index.php/Use_a_Nokia_Serial_Cable_on_an_ARM9_Linkstation

Also in reading your post above about parallel ports please see:
http://www.dd-wrt.com/wiki/index.php/JTAG

"9. You might have to set the parallel port communications settings, but I have always found default settings work. If they don't please note that your rig needs to have a real printer port, not a usb to printer port adapter. The printer port should be set for ecp mode and standard io of 0x378. "


"Laptops don't normally have parallel ports anymore, and if your laptop doesn't you would be hooped. USB Jtag is expensive, and doesn't appear to work consistently well. The best option is to get a ExpressCard Parallel port adapter. Further information is in this thread: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=61256 "

Again, Good Luck!
RogFanther
DD-WRT User


Joined: 24 May 2008
Posts: 156

PostPosted: Mon Aug 29, 2011 22:37    Post subject: Reply with quote
Newlearner, you are right, use the Atheros forum for asking questions about the DWL-2100AP. I´ve seen cases where I had to swap the flash for another so that the firmware would stop rebooting.

andreiursan, use the pc. Parallel ports in notebook can have lower voltages than their pc counterparts, and that can cause erratic working. Also, you can use urjtag / openjtag / openwince, etc from inside a cygwin installation, so no need to install ubuntu or the like. But if you can spare the disk space, that may be easier.
andreiursan
DD-WRT Novice


Joined: 26 Aug 2011
Posts: 29

PostPosted: Tue Aug 30, 2011 6:54    Post subject: Reply with quote
Thank you. I have installed cygwin and I will follow the instructions from Ramponis web page.I will also make today the serial connection to see the boot messages.Thank you everybody for help.
andreiursan
DD-WRT Novice


Joined: 26 Aug 2011
Posts: 29

PostPosted: Tue Aug 30, 2011 7:46    Post subject: Reply with quote
Hello.I have installed cygwin and the jtag and I get this output from jtag :



a@a-cea3440d91d54 ~
$ jtag
JTAG Tools 0.6-cvs-20051228
Copyright (C) 2002, 2003 ETC s.r.o.
JTAG Tools is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain conditions.
There is absolutely no warranty for JTAG Tools.

Warning: JTAG Tools may damage your hardware! Type "quit" to exit!

Type "help" for help.

jtag> include athsw
Initializing Macraigor Wiggler JTAG Cable on parallel port at 0x378
IR length: 5
Chain length: 1
Device Id: 00000000000000000000000000000001
Manufacturer: Atheros
Part: ar2312
Stepping: 1
Filename: /usr/local/share/jtag/atheros/ar2312/ar2312
ImpCode=01000000010000000100000000000000
EJTAG version: 2.6
EJTAG Implementation flags: R4k ASID_8 NoDMA MIPS32
dev ID=005b man ID=00c2
Using CFI flash chip detection, not jedec
Flash not found!
No. Manufacturer Part Stepping Instruction
Register
--------------------------------------------------------------------------------
-------------
0 Atheros ar2312 1 EJTAG_DATA
EJDATA

Active bus:
*0: EJTAG compatible bus driver via PrAcc (JTAG part No. 0)
start: 0x00000000, length: 0x20000000, data width: 8 bit
start: 0x20000000, length: 0x20000000, data width: 16 bit
start: 0x40000000, length: 0x20000000, data width: 32 bit
jtag>

a@a-cea3440d91d54 ~
$

The flash is not detected. what could be the reason? Thank you.
Goto page Previous  1, 2, 3 ... 79, 80, 81, 82, 83, 84  Next Display posts from previous:    Page 80 of 84
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum