Posted: Mon Dec 08, 2008 16:45 Post subject: Atheros AP81/AP83 platform, u-boot, list of known routers
Several Atheros AR81 platform routers have been identified. All use u-boot, have 4MB of FLASH, 32MB of RAM. Models: AR9130/AR9132, AR9102/AR9103/AR9104/AR9106. The AP81 is single band, the AP83 is dual-band (2.4 and 5.8Ghz).
Known Atheros AP81 based Routers
1) Trendnet TEW-632BRP, AP81-AR9130-RT-070614-00, ar9102 2x2 MIMO, root telnet firmware available
2) Trendnet TEW-652BRP, AP81-AR9130-RT-080609-05, ar9102 2x2 MIMO, root telnet firmware from TEW-632BRP confirmed working
3) DLink DIR-615 revision C1, AP81-AR9130-RT-080609-05, ar9102 2x2 MIMO, root telnet firmware from TEW-632BRP confirmed working
4) Netgear WNR2000, unknown hardware ID, ar9103 3x3 MIMO, runs OpenWRT-based firmware root telnet native in firmware
5) TP-Link TL-WR941N or TL-WR941ND, unknown hardware ID, ar9103 3x3 MIMO, details: http://network.pconline.com.cn/pingce/0803/1252528_5.html
6) Planex mzk-w300nh, unknown hardware ID, OpenWRT booting via u-boot tftpboot confirmed
7) Netgear WN802T version 2, suggested on this page http://blog.chinaunix.net/u2/83623/showart_1353786.html
8 ) Planex MZK-W04NU, ar9103 3x3 MIMO, 1 USB port included - and believed to have 8MB of FLASH based on firmware download size
9) Atlantiland A02-RB-W300N
10) Cameo Communications WLN2206, FCC id same as Trendnet TEW-632BRP according to SmallNetBuilder website
11) Mercury MWR300T+, ar9103 3x3 MIMO, details: http://bbs.whbear.com/thread-62276-1-1.html - probably a clone of the TL-WR941ND, because it uses the same firmware.
12) Zyxel models NBG460N, X550N, x550nh, 401764. they run ZyOS (not Linux) but the bootloader seems flexible. Info: http://en.network01.net/modules/newbb/viewtopic.php?topic_id=15&forum=2
Known AP83 routers
I'm not really sure what the difference is on AP81 vs AP83.
1) Unex RNRA-83, http://www.unex.com.tw/spec/rnra-83
2) Unex RNEA-81: AP83 AR9130+AR9104
3) ARADA SoC Econo Series 2
4) Linksys WAP-4410N, if you read the release notes for the firmware on this router you will clearly see AP83 reference.
So far, I don't think we have identified a way to gain access to u-boot via Ethernet like is possible with redboot. So far only u-boot on some routers via rs232 serial port.
My goal here is to figure out a way to load what we want on these systems without hardware serial port addition. We have managed to get root telnet access on several of these routers.
So how about we use that root telnet access to rework the u-boot environment partition? Here is off my Netgear wnr2000:
Code:
/ # dd if=/dev/mtdblock1 of=/tmp/mtd1
128+0 records in
128+0 records out
/ #
/ # cat /tmp/mtd1
v¹bootdelay=4baudrate=115200ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xeeethact=eth0 stdin=serialstdout=serialstderr=serialfilesize=334f4fileaddr=80060000 ipaddr=192.168.1.10serverip=192.168.1.12bootcmd=bootm 0xbf2a0000bootargs=console=ttyS0,115200 root=31:02 init=/sbin/init mtdparts=ar7100-nor0:256k(u-boot),64k(u-boot-env),2304k(rootfs),64k(user-config),1152k(uImage),128k(language_table),64k(rootfs_checksum),64k(ART)/ #
ok, this looks damn promising to me! If we can edit and dd in the appropriate values, shouldn't we be able to boot whatever we want from mtd partitions or tftp or nfs?
I found an example of how you set automatic u-boot startup commands, look at the bottom of this page:
http://wiki.emqbit.com/u-boot-root-over-nfs.en
Just add what we want to the bootcmd= line.
For those with serial port access and can gain u-boot prompt: you can modify the u-boot environment right within u-boot command prompt. example:
Now for those of us only with telnet rootaccess to the router, it seems to me we need to get uboot-utils with the programs fw_printenv fw_setenv onto the router compatible with the proessor and kernel 2.6.15.
Last edited by RoundSparrow on Thu Dec 11, 2008 16:53; edited 1 time in total
The Netgear WNR2000 is an AP81 router with stock firmware based on OpenWRT. I downloaded the Netgear GPL package and it is the first one of these AP81 kits that has built for me on a modern Ubuntu!
I built it on Ubuntu 8.04, 32bit. Follow the included WNR2000-V1.1.3.9-build_instructions.txt - I also had to add a few Ubuntu packages.
This is the same kernel 2.6.15 that all these routers seem to use on their current firmware. So if you are looking to build modules/apps for the factory firmware environment, I recommend the Netgear WNR2000 GPL kit.
BAD NEWS: My ubuntu-built firmware fired up, but the web service returns 404 on any pages. The telnet root still works. Anyway, I found no way to flash it from telnet... so I'm soldering up a rs232 serial port on the WNR2000 to get into u-boot.
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Mon Dec 15, 2008 18:03 Post subject:
i have ap81 and ap83 devices since a long time, but the chipsets are very buggy. this is one of the major reasons why i tried to stay away until atheros fixed these issues. the drivers provided by atheros for example are just doing 2 mbit/s in client mode and issues like that _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
i have ap81 and ap83 devices since a long time, but the chipsets are very buggy. this is one of the major reasons why i tried to stay away until atheros fixed these issues. the drivers provided by atheros for example are just doing 2 mbit/s in client mode and issues like that
I get high throughput and stability from my Trendnet TEW-652BRP. Maybe things are better now.
i have ap81 and ap83 devices since a long time, but the chipsets are very buggy. this is one of the major reasons why i tried to stay away until atheros fixed these issues. the drivers provided by atheros for example are just doing 2 mbit/s in client mode and issues like that
Brainslayer, do you actually have device id's and/or source code for these drivers?
On the Trendnet GPL download for this router, all I find is a binary driver for 2.6.15 kernel. If you have some source for this driver, please speak up.
Right I haven't managed to get lspci working on the device to even know the ID of the chip.
The wireless drivers are still a big sticking point. The ath9k developers don't seem interested and point to the OpenWRT guys as the place to develop drivers.
Shows some tuning to be done.