This is a continuation of the experiment with TL-WR703n (Starting from the The_TL-WR703N_piratebox_exploration post) http://wiki.openwrt.org/toh/tp-link/tl-wr703n
Just remembered I got Tera Terminal, and if I remember, it should support ymodem
Previously tried TFTP method:
hornet> tftpboot 0x81000000 openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin hornet> erase 0x9f020000 +0x3c0000 hornet> cp.b 0x81000000 0x9f020000 0x3c0000 hornet> bootm 9f020000
Now crafting up a process in Uboot after
tpl at the “autoboot at 1 sec” or something
hornet> erase 0x9f020000 +0x3c0000 hornet> loadb 0x81000000 # # OVER HERE WE SEND VIA KERMIT # hornet> cp.b 0x81000000 0x9f020000 0x3c0000 hornet> bootm 9f020000
My interpretation of above
hornet> erase from 0x9f020000 to +0x3c0000 hornet> loadb prepare to load to ram using kermit starting from 0x81000000 # # OVER HERE WE SEND VIA KERMIT # hornet> cp.b copy from ram startng at 0x81000000 to flash mem position 0x9f020000 to 0x3c0000 hornet> bootm start booting at 9f020000
Sooo in the bit inbetween for Kermit serial modem (According to http://wiki.openwrt.org/doc/howto/generic.flashing.serial ) once all is setup, in tera term, go to file>Transfer>Kermit>Send and send openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin
dammit… no kermit mode?
Well… lets try a different laptop (older XP)
Previously i used a usb to ethernet adaptor on windows 8, but that was bunk. What ended up working, was to do the same process of using tftp on an older laptop with windows XP (possibly because it has a crappier protection system) Well that was interesting… At least I am back to square 1 rather than -1 or 1/0
So lesson. Choose a laptop with embedded ethernet (or pick a good ethernet to usb adaptor). Or alternatively, learn linux lol. Or choose a board with a less stripped down uboot (or even better, with onboard web failsafe)
Sooo now to install piratebox again
yea ya I know it was annoying to recover from this error, but I did get it back to normal.
So I followed the previous attempt I did, of installing generic openwrt firmware, then the usb driver to mount the usb, before following the piratebox instruction more carefully.
Btw this method of installing usb support on generic unmodified openwrt firmware is recommeneded in http://daviddarts.com/piratebox-diy-openwrt/ . (But is rather outdated)
opkg update opkg install kmod-usb-uhci insmod usbcore ## may return: file exists insmod uhci opkg install kmod-usb-ohci ## may return: up to date. insmod usb-ohci
As usual the piratebox image installed now, but somehow doesn’t run. Bah.
Just found https://github.com/pepe2k/u-boot_mod & https://forum.openwrt.org/viewtopic.php?id=43237 it has web based failsafe, this is definitely needed by me to avoid having to go though tftp again.
root@OpenWrt:/# cat /proc/mtd dev: size erasesize name mtd0: 00020000 00010000 "u-boot" mtd1: 000ecf04 00010000 "kernel" mtd2: 002e30fc 00010000 "rootfs" mtd3: 000e0000 00010000 "rootfs_data" mtd4: 00010000 00010000 "art" mtd5: 003d0000 00010000 "firmware" root@OpenWrt:/#
So the uboot partition is at 0x20000 (128 KiB) and has size of 0x1000(64 KiB).
Soo lets craft a command to insert the modified firmware:
hornet> tftpboot 0x81000000 uboot_for_tl-wr703n.bin hornet> erase 0x9F000000 +0x10000 hornet> cp.b 0x81000000 0x9F000000 0x10000 hornet> #bootm 9f020000
Check flash memory before rebooting
hornet> md 0x9F000000 #check flash hornet> md 0x81000000 #check memory we copied from\
reboot and hope it all goes well. Well the answer is that it did. Now it’s harder to brick :D . And I have given up on running piratebox on this dammn thing. Ah well, at least until I understand embedded linux more.
So anyhow to access the web failsafe in this modified firmware, just go to the Uboot console, and then type ‘httpd’. It will then specify the IP address you have to connect to. Just connect to it at port 80, and you can take over from there :D (might need to set a static address e.g. 192.168.1.100 )
Well for my use, here is what you run after installing a generic image to get at least usb and internet running for opkg etc… (http://wiki.openwrt.org/doc/uci) :
# Connect the ethernet to the internet first! # /etc/config/network modification to connect to dhcp # 'uci show network' will show what values can be changed uci set network.lan.proto=dhcp uci commit /etc/init.d/network reload # Install latest squashfs-sysupgrade.bin # This updates BusyBox v1.19.4 & OpenWrt ATTITUDE ADJUSTMENT (12.09, r36088) # to BusyBox v1.22.1 & BARRIER BREAKER (Bleeding Edge, r41391) cd /tmp wget http://downloads.openwrt.org/snapshots/trunk/ar71xx/openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin sysupgrade openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin reboot # Install usb support opkg update opkg install kmod-usb-storage block-mount block-hotplug kmod-fs-ext4 kmod-fs-vfat kmod-nls-cp437 kmod-nls-iso8859-1 mkdir -p /mnt/usb mount -t vfat /dev/sda1 /mnt/usb # #src luci http://downloads.openwrt.org/kamikaze/8.09.2/ar71xx/packages/ opkg update opkg install luci
So now that would be my base system! Oh…. and I had to remove usb support if I wanted luci, 4 megs is not alot (remove all packages via ‘firstboot’ command).
So whats my IP? http://www.cyberciti.biz/faq/how-to-find-out-the-ip-address-assigned-to-eth0-and-display-ip-only/
root@OpenWrt:/# /sbin/ifconfig br-lan Link encap:Ethernet HWaddr EC:17:2F:F0:7A:B4 inet addr:192.168.0.9 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::ee17:2fff:fef0:7ab4/64 Scope:Link inet6 addr: fd78:a0fe:50cd::1/60 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:685 errors:0 dropped:0 overruns:0 frame:0 TX packets:119 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:77032 (75.2 KiB) TX bytes:12528 (12.2 KiB) eth0 Link encap:Ethernet HWaddr EC:17:2F:F0:7A:B4 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4658 errors:0 dropped:0 overruns:0 frame:0 TX packets:470 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:550387 (537.4 KiB) TX bytes:44507 (43.4 KiB) Interrupt:4 ... etc...
Well, its… hard to tell. So I went to /etc/config/network and remove the ‘type’ bridge line. However even then luci didn’t load. so thats when I realized that the daemon for uhttpd is not on. http://wiki.openwrt.org/doc/howto/luci.essentials
These two commands took care of the rest.
/etc/init.d/uhttpd start # Start uhttpd that holds luci /etc/init.d/uhttpd enable # Enable start on every reboot
Now the system works
User: root password: password Yea... very secure lol
So now that I got a pretty general router… I’ve no idea what I’m suppose to do with it now that I won’t install piratebox on it. Plus with luci, there is not a lot of flash memory to play with, so any future project will still need to done via CMD (or having an external flash drive). Sooo yea, it has luci GUI, and could potentially act as a remote serial access terminal over wifi, so that’s cool but I think that’s enough for me today. All this note will be of assistance to any of you guys who are still new to this, and may need some ideas on how to get started. (Plus is a good reference for me later on!)
(LUCI GUI) Status System Hostname OpenWrt Model TP-LINK TL-WR703N v1 Firmware Version OpenWrt Barrier Breaker r41391 / LuCI Trunk (svn-r10375) Kernel Version 3.10.44 Local Time Mon Jun 30 11:08:42 2014 Uptime 0h 30m 49s Load Average 0.09, 0.18, 0.12 Memory Total Available 16260 kB / 28844 kB (56%) Free 7952 kB / 28844 kB (27%) Cached 6716 kB / 28844 kB (23%) Buffered 1592 kB / 28844 kB (5%) Network IPv4 WAN Status eth0 Type: dhcp Address: 192.168.0.9 Netmask: 255.255.255.0 Gateway: 192.168.0.1 DNS 1: 192.168.0.1 Connected: 0h 8m 31s ----- Just extra notes for myself:
According to http://blackfin.uclinux.org/doku.php?id=bootloaders:u-boot:serial_port_loading_files
# Loading with the kermit protocol bfin> loadb [load address] [baud rate] # Loading with the y-modem protocol bfin> loady [load address] [baud rate]
According to http://eduunix.ccut.edu.cn/index2/html/linux/O’Reilly%20-%20Building%20Embedded%20Linux%20Systems/belinuxsys-CHP-9-SECT-5.html
askenv - get environment variables from stdin autoscr - run script from memory base - print or set address offset bdinfo - print Board Info structure bootm - boot application image from memory bootp - boot image via network using BootP/TFTP protocol bootd - boot default, i.e., run 'bootcmd' cmp - memory compare coninfo - print console devices and informations cp - memory copy crc32 - checksum calculation date - get/set/reset date & time dhcp - invoke DHCP client to obtain IP/boot params diskboot- boot from IDE device echo - echo args to console erase - erase FLASH memory flinfo - print FLASH memory information go - start application at address 'addr' help - print online help ide - IDE sub-system iminfo - print header information for application image loadb - load binary file over serial line (kermit mode) loads - load S-Record file over serial line loop - infinite loop on address range md - memory display mm - memory modify (auto-incrementing) mtest - simple RAM test mw - memory write (fill) nm - memory modify (constant address) printenv- print environment variables protect - enable or disable FLASH write protection rarpboot- boot image via network using RARP/TFTP protocol reset - Perform RESET of the CPU run - run commands in an environment variable saveenv - save environment variables to persistent storage setenv - set environment variables sleep - delay execution for some time tftpboot- boot image via network using TFTP protocol and env variables ipaddr and serverip version - print monitor version ? - alias for 'help'
Links to note
http://code.kliu.org/hashcheck/ - hash check from explorer, sounds useful
http://code.kliu.org/cmdopen/ - “Open Command Prompt” menu item to the context menus (right-click menus) in Windows Explorer… Very useful!