Joined: 31 Aug 2009 Posts: 2448 Location: Third Rock from the Sun
Posted: Fri Jan 13, 2012 20:08 Post subject:
Well the router was given to me, sooooooooo, Looks like more fun with TJTAG tonight. I will edit the board data file and TJTAG it back on the router and see if that solves the problem of flashing the OEM firmware unedited.
I am not worried if I trash the router. I am purely having fun and trying to learn me somethin and maybe help others along the way. _________________ Peacock Thread-FAQ -- dd-wrt Wiki
Joined: 31 Aug 2009 Posts: 2448 Location: Third Rock from the Sun
Posted: Fri Jan 13, 2012 20:18 Post subject:
fggs wrote:
Unless I'm seeing it the wrong way, the permanent fix I see is:
1- Extract board_data somehow (in the other thread tsanga used Tomato)
2- Edit board_data to match the stock firmware unedited
3- Flash the edited board_data
4- Flash stock firmware unedited (tsanga had to flash it twice I think)
5- From there you can flash anything you want
I can do that, just have to get ~T to byte swap the file, this router is just like the E1000 concerning flash. _________________ Peacock Thread-FAQ -- dd-wrt Wiki
Joined: 31 Aug 2009 Posts: 2448 Location: Third Rock from the Sun
Posted: Fri Jan 13, 2012 21:11 Post subject:
I have done this
LOM wrote:
You can't dump the partition from within a dd-wrt shell because it doesn't exist as a partition in dd-wrt, you'll have to do it from the bootloader via the save memory command, ie
"save [-options] host:filename startaddr length" where startaddr is 0xbc3e0000 and length is 0x20000.
host is the ipaddress of your tftp server and no options needed.
Issued "mtd erase linux" through ssh, rebooted.
I edited it to 00 from 70, now how do i get it back on there through serial (don't have JTAG adapter here at work) and will it take in consideration the the data on this flash chip is byte swapped? _________________ Peacock Thread-FAQ -- dd-wrt Wiki
Joined: 31 Aug 2009 Posts: 2448 Location: Third Rock from the Sun
Posted: Fri Jan 13, 2012 21:22 Post subject:
Dark_Shadow wrote:
I have done this
LOM wrote:
You can't dump the partition from within a dd-wrt shell because it doesn't exist as a partition in dd-wrt, you'll have to do it from the bootloader via the save memory command, ie
"save [-options] host:filename startaddr length" where startaddr is 0xbc3e0000 and length is 0x20000.
host is the ipaddress of your tftp server and no options needed.
Issued "mtd erase linux" through ssh, rebooted.
I edited it to 00 from 70, now how do i get it back on there through serial (don't have JTAG adapter here at work) and will it take in consideration the the data on this flash chip is byte swapped?
I have tryed using tftp2.exe and results
Code:
CFE> flash -offset=0xbc3e0000 -size=0x20000 : bd_00.bin
bd_00.bin: Device not found
*** command status = -6
CFE> flash -offset=0xbc3e0000 -size=0x20000 : flash1.trx
Reading :: Done. 131072 bytes read
Reading ::
saved that offset and length again and its still the same 70 not 00 like i edited. _________________ Peacock Thread-FAQ -- dd-wrt Wiki
Joined: 31 Aug 2009 Posts: 2448 Location: Third Rock from the Sun
Posted: Fri Jan 13, 2012 23:17 Post subject:
fggs wrote:
Are you running Tomato?
LOM explains in the other thread to use flash file:your_tftp_server flash1.board_data
I think this is it.. but I guess it will only work when you have Tomato because dd-wrt doesn't have board_data partition.
No i have not attempt to put tomato on he, too many people report bricking LOL
EDIT: oh yea, with the command in ssh "mtd erase linux" means there is no dd-wrt on there ether hehehe _________________ Peacock Thread-FAQ -- dd-wrt Wiki
That other thread was only one and a half year ago and I had completely forgotten about it, evidence that I've lost another marble to Dr Alzheimer.
The router identifier in the boarddata partition gets updated under certain circumstances, I'll see if I can find out what they are.
I remember that the whole length of the identifier is usually checked but there is a condition where only the 7 first bytes are checked and then the identifier is rewritten. _________________ Kernel panic: Aiee, killing interrupt handler!
LOM explains in the other thread to use flash file:your_tftp_server flash1.board_data
I think this is it.. but I guess it will only work when you have Tomato because dd-wrt doesn't have board_data partition.
That is not firmware dependent since it is done through the cfe, flash1.trx and flash1.board_data are cfe device names. _________________ Kernel panic: Aiee, killing interrupt handler!