More Exploration Of The TL-WR703N
This is a continuation of the experiment with TL-WR703n (Starting from the The_TL-WR703N_piratebox_exploration post) http://wiki.openwrt.org/toh/tp-link/tl-wr703n
Just remembered I got Tera Terminal, and if I remember, it should support ymodem
Previously tried TFTP method:
hornet> tftpboot 0x81000000 openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin
hornet> erase 0x9f020000 +0x3c0000
hornet> cp.b 0x81000000 0x9f020000 0x3c0000
hornet> bootm 9f020000
Now crafting up a process in Uboot after tpl at the “autoboot at 1 sec” or something
hornet> erase 0x9f020000 +0x3c0000
hornet> loadb 0x81000000
#
# OVER HERE WE SEND VIA KERMIT
#
hornet> cp.b 0x81000000 0x9f020000 0x3c0000
hornet> bootm 9f020000
My interpretation of above
hornet> erase from 0x9f020000 to +0x3c0000
hornet> loadb prepare to load to ram using kermit starting from 0x81000000
#
# OVER HERE WE SEND VIA KERMIT
#
hornet> cp.b copy from ram startng at 0x81000000 to flash mem position 0x9f020000 to 0x3c0000
hornet> bootm start booting at 9f020000
Sooo in the bit inbetween for Kermit serial modem (According to http://wiki.openwrt.org/doc/howto/generic.flashing.serial ) once all is setup, in tera term, go to file>Transfer>Kermit>Send and send openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin
dammit… no kermit mode?
Well… lets try a different laptop (older XP)
Previously i used a usb to ethernet adaptor on windows 8, but that was bunk. What ended up working, was to do the same process of using tftp on an older laptop with windows XP (possibly because it has a crappier protection system) Well that was interesting… At least I am back to square 1 rather than -1 or 1/0
So lesson. Choose a laptop with embedded ethernet (or pick a good ethernet to usb adaptor). Or alternatively, learn linux lol. Or choose a board with a less stripped down uboot (or even better, with onboard web failsafe)
Sooo now to install piratebox again
yea ya I know it was annoying to recover from this error, but I did get it back to normal.
So I followed the previous attempt I did, of installing generic openwrt firmware, then the usb driver to mount the usb, before following the piratebox instruction more carefully.
Btw this method of installing usb support on generic unmodified openwrt firmware is recommeneded in http://daviddarts.com/piratebox-diy-openwrt/ . (But is rather outdated)
opkg update
opkg install kmod-usb-uhci
insmod usbcore ## may return: file exists
insmod uhci
opkg install kmod-usb-ohci ## may return: up to date.
insmod usb-ohci
As usual the piratebox image installed now, but somehow doesn’t run. Bah.
Just found https://github.com/pepe2k/u-boot_mod & https://forum.openwrt.org/viewtopic.php?id=43237 it has web based failsafe, this is definitely needed by me to avoid having to go though tftp again.
root@OpenWrt:/# cat /proc/mtd
dev: size erasesize name
mtd0: 00020000 00010000 "u-boot"
mtd1: 000ecf04 00010000 "kernel"
mtd2: 002e30fc 00010000 "rootfs"
mtd3: 000e0000 00010000 "rootfs_data"
mtd4: 00010000 00010000 "art"
mtd5: 003d0000 00010000 "firmware"
root@OpenWrt:/#
So the uboot partition is at 0x20000 (128 KiB) and has size of 0x1000(64 KiB).
Soo lets craft a command to insert the modified firmware:
hornet> tftpboot 0x81000000 uboot_for_tl-wr703n.bin
hornet> erase 0x9F000000 +0x10000
hornet> cp.b 0x81000000 0x9F000000 0x10000
hornet> #bootm 9f020000
Check flash memory before rebooting
hornet> md 0x9F000000 #check flash
hornet> md 0x81000000 #check memory we copied from\
After that reboot and hope it all goes well. Well the answer is that it did. Now it’s harder to brick :D . And I have given up on running piratebox on this dammn thing. Ah well, at least until I understand embedded linux more.
So anyhow to access the web failsafe in this modified firmware, just go to the Uboot console, and then type ‘httpd’. It will then specify the IP address you have to connect to. Just connect to it at port 80, and you can take over from there :D (might need to set a static address e.g. 192.168.1.100 )
Well for my use, here is what you run after installing a generic image to get at least usb and internet running for opkg etc… (http://wiki.openwrt.org/doc/uci) :
# Connect the ethernet to the internet first!
# /etc/config/network modification to connect to dhcp
# 'uci show network' will show what values can be changed
uci set network.lan.proto=dhcp
uci commit
/etc/init.d/network reload
# Install latest squashfs-sysupgrade.bin
# This updates BusyBox v1.19.4 & OpenWrt ATTITUDE ADJUSTMENT (12.09, r36088)
# to BusyBox v1.22.1 & BARRIER BREAKER (Bleeding Edge, r41391)
cd /tmp
wget http://downloads.openwrt.org/snapshots/trunk/ar71xx/openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin
sysupgrade openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin
reboot
# Install usb support
opkg update
opkg install kmod-usb-storage block-mount block-hotplug kmod-fs-ext4 kmod-fs-vfat kmod-nls-cp437 kmod-nls-iso8859-1
mkdir -p /mnt/usb
mount -t vfat /dev/sda1 /mnt/usb
#
#src luci http://downloads.openwrt.org/kamikaze/8.09.2/ar71xx/packages/
opkg update
opkg install luci
So now that would be my base system! Oh…. and I had to remove usb support if I wanted luci, 4 megs is not alot (remove all packages via ‘firstboot’ command).
So whats my IP? http://www.cyberciti.biz/faq/how-to-find-out-the-ip-address-assigned-to-eth0-and-display-ip-only/
root@OpenWrt:/# /sbin/ifconfig
br-lan Link encap:Ethernet HWaddr EC:17:2F:F0:7A:B4
inet addr:192.168.0.9 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::ee17:2fff:fef0:7ab4/64 Scope:Link
inet6 addr: fd78:a0fe:50cd::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:685 errors:0 dropped:0 overruns:0 frame:0
TX packets:119 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:77032 (75.2 KiB) TX bytes:12528 (12.2 KiB)
eth0 Link encap:Ethernet HWaddr EC:17:2F:F0:7A:B4
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4658 errors:0 dropped:0 overruns:0 frame:0
TX packets:470 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:550387 (537.4 KiB) TX bytes:44507 (43.4 KiB)
Interrupt:4
... etc...
Well, its… hard to tell. So I went to /etc/config/network and remove the ‘type’ bridge line. However even then luci didn’t load. so thats when I realized that the daemon for uhttpd is not on. http://wiki.openwrt.org/doc/howto/luci.essentials
These two commands took care of the rest.
/etc/init.d/uhttpd start # Start uhttpd that holds luci
/etc/init.d/uhttpd enable # Enable start on every reboot
Now the system works
User: root
password: password
Yea... very secure lol
So now that I got a pretty general router… I’ve no idea what I’m suppose to do with it now that I won’t install piratebox on it. Plus with luci, there is not a lot of flash memory to play with, so any future project will still need to done via CMD (or having an external flash drive). Sooo yea, it has luci GUI, and could potentially act as a remote serial access terminal over wifi, so that’s cool but I think that’s enough for me today. All this note will be of assistance to any of you guys who are still new to this, and may need some ideas on how to get started. (Plus is a good reference for me later on!)
Cheers.
(LUCI GUI) Status
System
Hostname OpenWrt
Model TP-LINK TL-WR703N v1
Firmware Version OpenWrt Barrier Breaker r41391 / LuCI Trunk (svn-r10375)
Kernel Version 3.10.44
Local Time Mon Jun 30 11:08:42 2014
Uptime 0h 30m 49s
Load Average 0.09, 0.18, 0.12
Memory
Total Available
16260 kB / 28844 kB (56%)
Free
7952 kB / 28844 kB (27%)
Cached
6716 kB / 28844 kB (23%)
Buffered
1592 kB / 28844 kB (5%)
Network
IPv4 WAN Status
eth0 Type: dhcp
Address: 192.168.0.9
Netmask: 255.255.255.0
Gateway: 192.168.0.1
DNS 1: 192.168.0.1
Connected: 0h 8m 31s ----- Just extra notes for myself:
According to http://blackfin.uclinux.org/doku.php?id=bootloaders:u-boot:serial_port_loading_files
# Loading with the kermit protocol
bfin> loadb [load address] [baud rate]
# Loading with the y-modem protocol
bfin> loady [load address] [baud rate]
According to http://eduunix.ccut.edu.cn/index2/html/linux/O’Reilly%20-%20Building%20Embedded%20Linux%20Systems/belinuxsys-CHP-9-SECT-5.html
askenv - get environment variables from stdin
autoscr - run script from memory
base - print or set address offset
bdinfo - print Board Info structure
bootm - boot application image from memory
bootp - boot image via network using BootP/TFTP protocol
bootd - boot default, i.e., run 'bootcmd'
cmp - memory compare
coninfo - print console devices and informations
cp - memory copy
crc32 - checksum calculation
date - get/set/reset date & time
dhcp - invoke DHCP client to obtain IP/boot params
diskboot- boot from IDE device
echo - echo args to console
erase - erase FLASH memory
flinfo - print FLASH memory information
go - start application at address 'addr'
help - print online help
ide - IDE sub-system
iminfo - print header information for application image
loadb - load binary file over serial line (kermit mode)
loads - load S-Record file over serial line
loop - infinite loop on address range
md - memory display
mm - memory modify (auto-incrementing)
mtest - simple RAM test
mw - memory write (fill)
nm - memory modify (constant address)
printenv- print environment variables
protect - enable or disable FLASH write protection
rarpboot- boot image via network using RARP/TFTP protocol
reset - Perform RESET of the CPU
run - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv - set environment variables
sleep - delay execution for some time
tftpboot- boot image via network using TFTP protocol
and env variables ipaddr and serverip
version - print monitor version
? - alias for 'help'
Links to note
http://code.kliu.org/hashcheck/ - hash check from explorer, sounds useful
http://code.kliu.org/cmdopen/ - “Open Command Prompt” menu item to the context menus (right-click menus) in Windows Explorer… Very useful!