This is a continuation of the experiment with TL-WR703n (Starting from the The_TL-WR703N_piratebox_exploration post)

Image of the PCB

Just remembered I got Tera Terminal, and if I remember, it should support ymodem

Previously tried TFTP method:

hornet> tftpboot 0x81000000 openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin
hornet> erase 0x9f020000 +0x3c0000
hornet> cp.b 0x81000000 0x9f020000 0x3c0000
hornet> bootm 9f020000

Now crafting up a process in Uboot after tpl at the “autoboot at 1 sec” or something

hornet> erase 0x9f020000 +0x3c0000
hornet> loadb 0x81000000
hornet> cp.b 0x81000000 0x9f020000 0x3c0000
hornet> bootm 9f020000

My interpretation of above

hornet> erase from 0x9f020000 to +0x3c0000
hornet> loadb prepare to load to ram using kermit starting from 0x81000000
hornet> cp.b copy from ram startng at 0x81000000 to flash mem position 0x9f020000 to 0x3c0000
hornet> bootm start booting at 9f020000

Sooo in the bit inbetween for Kermit serial modem (According to ) once all is setup, in tera term, go to file>Transfer>Kermit>Send and send openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin

dammit… no kermit mode?

Well… lets try a different laptop (older XP)

Previously i used a usb to ethernet adaptor on windows 8, but that was bunk. What ended up working, was to do the same process of using tftp on an older laptop with windows XP (possibly because it has a crappier protection system) Well that was interesting… At least I am back to square 1 rather than -1 or 1/0

So lesson. Choose a laptop with embedded ethernet (or pick a good ethernet to usb adaptor). Or alternatively, learn linux lol. Or choose a board with a less stripped down uboot (or even better, with onboard web failsafe)

Sooo now to install piratebox again

yea ya I know it was annoying to recover from this error, but I did get it back to normal.

So I followed the previous attempt I did, of installing generic openwrt firmware, then the usb driver to mount the usb, before following the piratebox instruction more carefully.

Btw this method of installing usb support on generic unmodified openwrt firmware is recommeneded in . (But is rather outdated)

opkg update
opkg install kmod-usb-uhci
insmod usbcore ## may return: file exists
insmod uhci
opkg install kmod-usb-ohci ## may return: up to date.
insmod usb-ohci

As usual the piratebox image installed now, but somehow doesn’t run. Bah.

Just found & it has web based failsafe, this is definitely needed by me to avoid having to go though tftp again.

root@OpenWrt:/# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00020000 00010000 "u-boot"
mtd1: 000ecf04 00010000 "kernel"
mtd2: 002e30fc 00010000 "rootfs"
mtd3: 000e0000 00010000 "rootfs_data"
mtd4: 00010000 00010000 "art"
mtd5: 003d0000 00010000 "firmware"

So the uboot partition is at 0x20000 (128 KiB) and has size of 0x1000(64 KiB).

Soo lets craft a command to insert the modified firmware:

hornet> tftpboot 0x81000000 uboot_for_tl-wr703n.bin
hornet> erase 0x9F000000 +0x10000 
hornet> cp.b 0x81000000 0x9F000000 0x10000 
hornet> #bootm 9f020000

Check flash memory before rebooting

hornet> md 0x9F000000 #check flash
hornet> md 0x81000000 #check memory we copied from\

After that reboot and hope it all goes well. Well the answer is that it did. Now it’s harder to brick :D . And I have given up on running piratebox on this dammn thing. Ah well, at least until I understand embedded linux more.

So anyhow to access the web failsafe in this modified firmware, just go to the Uboot console, and then type ‘httpd’. It will then specify the IP address you have to connect to. Just connect to it at port 80, and you can take over from there :D (might need to set a static address e.g. )

Well for my use, here is what you run after installing a generic image to get at least usb and internet running for opkg etc… ( :

# Connect the ethernet to the internet first!
# /etc/config/network modification to connect to dhcp
# 'uci show network' will show what values can be changed
uci set network.lan.proto=dhcp
uci commit 
/etc/init.d/network reload
# Install latest squashfs-sysupgrade.bin 
# This updates BusyBox v1.19.4 & OpenWrt ATTITUDE ADJUSTMENT (12.09, r36088) 
# to BusyBox v1.22.1 &  BARRIER BREAKER (Bleeding Edge, r41391)
cd /tmp
sysupgrade openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin
# Install usb support
opkg update
opkg install kmod-usb-storage block-mount block-hotplug kmod-fs-ext4 kmod-fs-vfat kmod-nls-cp437 kmod-nls-iso8859-1
mkdir -p /mnt/usb
mount -t vfat /dev/sda1 /mnt/usb
#src luci
opkg update
opkg install luci

So now that would be my base system! Oh…. and I had to remove usb support if I wanted luci, 4 megs is not alot (remove all packages via ‘firstboot’ command).

So whats my IP?

root@OpenWrt:/# /sbin/ifconfig
br-lan    Link encap:Ethernet  HWaddr EC:17:2F:F0:7A:B4
		  inet addr:  Bcast:  Mask:
		  inet6 addr: fe80::ee17:2fff:fef0:7ab4/64 Scope:Link
		  inet6 addr: fd78:a0fe:50cd::1/60 Scope:Global
		  RX packets:685 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:119 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:0
		  RX bytes:77032 (75.2 KiB)  TX bytes:12528 (12.2 KiB)

eth0      Link encap:Ethernet  HWaddr EC:17:2F:F0:7A:B4
		  RX packets:4658 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:470 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:1000
		  RX bytes:550387 (537.4 KiB)  TX bytes:44507 (43.4 KiB)
... etc...

Well, its… hard to tell. So I went to /etc/config/network and remove the ‘type’ bridge line. However even then luci didn’t load. so thats when I realized that the daemon for uhttpd is not on.

These two commands took care of the rest.

/etc/init.d/uhttpd start # Start uhttpd that holds luci
/etc/init.d/uhttpd enable # Enable start on every reboot

Now the system works

User: root
password: password
Yea... very secure lol

So now that I got a pretty general router… I’ve no idea what I’m suppose to do with it now that I won’t install piratebox on it. Plus with luci, there is not a lot of flash memory to play with, so any future project will still need to done via CMD (or having an external flash drive). Sooo yea, it has luci GUI, and could potentially act as a remote serial access terminal over wifi, so that’s cool but I think that’s enough for me today. All this note will be of assistance to any of you guys who are still new to this, and may need some ideas on how to get started. (Plus is a good reference for me later on!)


(LUCI GUI) Status
	Hostname	OpenWrt
	Model	TP-LINK TL-WR703N v1
	Firmware Version	 OpenWrt Barrier Breaker r41391 / LuCI Trunk (svn-r10375)
	Kernel Version	3.10.44
	Local Time	Mon Jun 30 11:08:42 2014
	Uptime	0h 30m 49s
	Load Average	0.09, 0.18, 0.12
	Total Available	
		16260 kB / 28844 kB (56%)
		7952 kB / 28844 kB (27%)
		6716 kB / 28844 kB (23%)
		1592 kB / 28844 kB (5%)
	IPv4 WAN Status	
		eth0	Type: dhcp
		DNS 1:
		Connected: 0h 8m 31s ----- Just extra notes for myself:

According to

# Loading with the kermit protocol
bfin> loadb [load address] [baud rate]

# Loading with the y-modem protocol
bfin> loady [load address] [baud rate]

According to’Reilly%20-%20Building%20Embedded%20Linux%20Systems/belinuxsys-CHP-9-SECT-5.html

askenv  - get environment variables from stdin
autoscr - run script from memory
base    - print or set address offset
bdinfo  - print Board Info structure
bootm   - boot application image from memory
bootp   - boot image via network using BootP/TFTP protocol
bootd   - boot default, i.e., run 'bootcmd'
cmp     - memory compare
coninfo - print console devices and informations
cp      - memory copy
crc32   - checksum calculation
date    - get/set/reset date & time
dhcp    - invoke DHCP client to obtain IP/boot params
diskboot- boot from IDE device
echo    - echo args to console
erase   - erase FLASH memory
flinfo  - print FLASH memory information
go      - start application at address 'addr'
help    - print online help
ide     - IDE sub-system
iminfo  - print header information for application image
loadb   - load binary file over serial line (kermit mode)
loads   - load S-Record file over serial line
loop    - infinite loop on address range
md      - memory display
mm      - memory modify (auto-incrementing)
mtest   - simple RAM test
mw      - memory write (fill)
nm      - memory modify (constant address)
printenv- print environment variables
protect - enable or disable FLASH write protection
rarpboot- boot image via network using RARP/TFTP protocol
reset   - Perform RESET of the CPU
run     - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv  - set environment variables
sleep   - delay execution for some time
tftpboot- boot image via network using TFTP protocol
			   and env variables ipaddr and serverip
version - print monitor version
?       - alias for 'help'

Links to note - hash check from explorer, sounds useful - “Open Command Prompt” menu item to the context menus (right-click menus) in Windows Explorer… Very useful!