ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
|
|
|
|
/dts-v1/;
|
|
|
|
|
|
|
|
#include <dt-bindings/gpio/gpio.h>
|
|
|
|
#include <dt-bindings/input/input.h>
|
|
|
|
|
2020-04-17 00:05:23 +00:00
|
|
|
#include "qca955x.dtsi"
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
|
|
|
|
/ {
|
|
|
|
compatible = "zyxel,nbg6716", "qca,qca9558";
|
|
|
|
model = "ZyXEL NBG6716";
|
|
|
|
|
|
|
|
aliases {
|
2019-11-05 18:23:33 +00:00
|
|
|
led-boot = &led_power;
|
|
|
|
led-failsafe = &led_power;
|
|
|
|
led-running = &led_power;
|
|
|
|
led-upgrade = &led_power;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
leds {
|
|
|
|
compatible = "gpio-leds";
|
|
|
|
|
2019-11-05 18:23:33 +00:00
|
|
|
led_power: power {
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
label = "nbg6716:white:power";
|
|
|
|
gpios = <&gpio 15 GPIO_ACTIVE_LOW>;
|
|
|
|
};
|
|
|
|
|
2020-04-08 12:43:04 +00:00
|
|
|
internet {
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
label = "nbg6716:white:internet";
|
|
|
|
gpios = <&gpio 18 GPIO_ACTIVE_LOW>;
|
|
|
|
};
|
|
|
|
|
|
|
|
usb1 {
|
|
|
|
label = "nbg6716:white:usb1";
|
|
|
|
gpios = <&gpio 4 GPIO_ACTIVE_LOW>;
|
|
|
|
linux,default-trigger = "usbport";
|
2020-04-12 19:57:41 +00:00
|
|
|
trigger-sources = <&hub_port1>;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
usb2 {
|
|
|
|
label = "nbg6716:white:usb2";
|
|
|
|
gpios = <&gpio 13 GPIO_ACTIVE_LOW>;
|
|
|
|
linux,default-trigger = "usbport";
|
2020-04-12 19:57:41 +00:00
|
|
|
trigger-sources = <&hub_port0>;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
};
|
|
|
|
|
2020-04-08 12:43:04 +00:00
|
|
|
wifi2g {
|
|
|
|
label = "nbg6716:white:wifi2g";
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
gpios = <&gpio 19 GPIO_ACTIVE_LOW>;
|
|
|
|
linux,default-trigger = "phy1tpt";
|
|
|
|
};
|
|
|
|
|
2020-04-08 12:43:04 +00:00
|
|
|
wifi5g {
|
|
|
|
label = "nbg6716:white:wifi5g";
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
gpios = <&gpio 17 GPIO_ACTIVE_LOW>;
|
|
|
|
linux,default-trigger = "phy0tpt";
|
|
|
|
};
|
|
|
|
|
|
|
|
wps {
|
|
|
|
label = "nbg6716:white:wps";
|
2020-04-08 12:43:04 +00:00
|
|
|
gpios = <&gpio 21 GPIO_ACTIVE_LOW>;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
keys {
|
|
|
|
compatible = "gpio-keys";
|
|
|
|
|
|
|
|
reset {
|
|
|
|
label = "reset";
|
|
|
|
linux,code = <KEY_RESTART>;
|
|
|
|
gpios = <&gpio 23 GPIO_ACTIVE_LOW>;
|
|
|
|
debounce-interval = <60>;
|
|
|
|
};
|
|
|
|
|
2019-11-07 16:03:50 +00:00
|
|
|
wifi {
|
2019-10-27 23:30:51 +00:00
|
|
|
label = "WiFi button";
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
linux,code = <KEY_RFKILL>;
|
2020-04-08 12:43:04 +00:00
|
|
|
linux,input-type = <EV_SW>;
|
|
|
|
gpios = <&gpio 1 GPIO_ACTIVE_HIGH>;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
debounce-interval = <60>;
|
|
|
|
};
|
|
|
|
|
2019-10-27 23:30:51 +00:00
|
|
|
usb1 {
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
label = "USB1 eject button";
|
2020-04-08 12:43:04 +00:00
|
|
|
linux,code = <BTN_1>;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
gpios = <&gpio 0 GPIO_ACTIVE_LOW>;
|
|
|
|
debounce-interval = <60>;
|
|
|
|
};
|
|
|
|
|
2019-10-27 23:30:51 +00:00
|
|
|
usb2 {
|
|
|
|
label = "USB2 eject button";
|
2020-04-08 12:43:04 +00:00
|
|
|
linux,code = <BTN_2>;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
gpios = <&gpio 14 GPIO_ACTIVE_LOW>;
|
|
|
|
debounce-interval = <60>;
|
|
|
|
};
|
|
|
|
|
|
|
|
wps {
|
|
|
|
label = "WPS button";
|
|
|
|
linux,code = <KEY_WPS_BUTTON>;
|
|
|
|
gpios = <&gpio 22 GPIO_ACTIVE_LOW>;
|
|
|
|
debounce-interval = <60>;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&gpio {
|
2019-10-27 23:30:51 +00:00
|
|
|
usb_power {
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
gpio-hog;
|
|
|
|
gpios = <16 0>;
|
|
|
|
output-high;
|
|
|
|
line-name = "nbg6716:power:usb";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&uart {
|
|
|
|
status = "okay";
|
|
|
|
};
|
|
|
|
|
|
|
|
&spi {
|
|
|
|
status = "okay";
|
2019-11-05 18:23:33 +00:00
|
|
|
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
num-cs = <1>;
|
|
|
|
|
|
|
|
flash@0 {
|
|
|
|
compatible = "jedec,spi-nor";
|
|
|
|
reg = <0>;
|
|
|
|
spi-max-frequency = <25000000>;
|
|
|
|
|
|
|
|
partitions {
|
|
|
|
compatible = "fixed-partitions";
|
|
|
|
#address-cells = <1>;
|
|
|
|
#size-cells = <1>;
|
|
|
|
|
|
|
|
uboot: partition@0 {
|
|
|
|
label = "u-boot";
|
|
|
|
reg = <0x000000 0x040000>;
|
|
|
|
read-only;
|
|
|
|
};
|
|
|
|
|
|
|
|
uboot_env: partition@40000 {
|
|
|
|
label = "u-boot-env";
|
|
|
|
reg = <0x040000 0x010000>;
|
|
|
|
};
|
|
|
|
|
|
|
|
art: partition@50000 {
|
|
|
|
label = "art";
|
|
|
|
reg = <0x050000 0x010000>;
|
|
|
|
read-only;
|
|
|
|
};
|
|
|
|
|
|
|
|
partition@60000 {
|
|
|
|
label = "nbu";
|
|
|
|
reg = <0x060000 0xfa0000>;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&nand {
|
|
|
|
status = "okay";
|
|
|
|
|
|
|
|
partitions {
|
|
|
|
compatible = "fixed-partitions";
|
|
|
|
#address-cells = <1>;
|
|
|
|
#size-cells = <1>;
|
|
|
|
|
|
|
|
partition@0 {
|
|
|
|
label = "zyxel_rfsd";
|
|
|
|
reg = <0x0 0x200000>;
|
|
|
|
};
|
|
|
|
|
|
|
|
partition@200000 {
|
|
|
|
label = "romd";
|
|
|
|
reg = <0x200000 0x200000>;
|
|
|
|
};
|
|
|
|
|
|
|
|
partition@400000 {
|
|
|
|
label = "header";
|
|
|
|
reg = <0x400000 0x100000>;
|
|
|
|
};
|
|
|
|
|
|
|
|
firmware@500000 {
|
|
|
|
label = "firmware";
|
|
|
|
reg = <0x500000 0x7b00000>;
|
|
|
|
};
|
|
|
|
|
|
|
|
partition@500000 {
|
|
|
|
label = "kernel";
|
|
|
|
reg = <0x500000 0x400000>;
|
|
|
|
};
|
|
|
|
|
|
|
|
partition@900000 {
|
|
|
|
label = "ubi";
|
|
|
|
reg = <0x900000 0x7700000>;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&mdio0 {
|
|
|
|
status = "okay";
|
|
|
|
|
2020-01-27 13:15:56 +00:00
|
|
|
phy17: ethernet-phy@11 {
|
|
|
|
reg = <0x11>;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
phy-mode = "rgmii-id";
|
|
|
|
};
|
|
|
|
|
|
|
|
switch0@1f {
|
|
|
|
compatible = "qca,ar8327";
|
|
|
|
reg = <0x1f>;
|
|
|
|
qca,ar8327-initvals = <
|
|
|
|
0x04 0x87600000 /* PORT0 PAD MODE CTRL */
|
|
|
|
0x0c 0x00080080 /* PORT6 PAD MODE CTRL */
|
|
|
|
0x10 0x81000080 /* POWER_ON_STRIP */
|
|
|
|
0x50 0xffb7ffb7 /* LED_CTRL0 */
|
|
|
|
0x54 0xffb7ffb7 /* LED_CTRL1 */
|
|
|
|
0x58 0xffb7ffb7 /* LED_CTRL2 */
|
|
|
|
0x5c 0x03ffff00 /* LED_CTRL3 */
|
|
|
|
0x7c 0x0000007e /* PORT0_STATUS */
|
|
|
|
0x94 0x0000007e /* PORT6 STATUS */
|
|
|
|
>;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&mdio1 {
|
|
|
|
status = "okay";
|
|
|
|
|
|
|
|
phy1: ethernet-phy@1 {
|
|
|
|
reg = <1>;
|
|
|
|
phy-mode = "sgmii";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
ð0 {
|
|
|
|
status = "okay";
|
|
|
|
|
|
|
|
pll-data = <0xa6000000 0x00000101 0x00001616>;
|
2020-01-27 13:15:56 +00:00
|
|
|
phy-handle = <&phy17>;
|
|
|
|
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
fixed-link {
|
|
|
|
speed = <1000>;
|
|
|
|
full-duplex;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
ð1 {
|
|
|
|
status = "okay";
|
|
|
|
|
|
|
|
pll-data = <0x03000101 0x00000101 0x00001616>;
|
|
|
|
phy-handle = <&phy1>;
|
2020-01-27 13:15:56 +00:00
|
|
|
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
fixed-link {
|
|
|
|
speed = <1000>;
|
|
|
|
full-duplex;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&wmac {
|
|
|
|
status = "okay";
|
2019-12-20 23:21:32 +00:00
|
|
|
|
|
|
|
mtd-cal-data = <&art 0x1000>;
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
&pcie1 {
|
2019-10-27 23:30:51 +00:00
|
|
|
status = "okay";
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
|
|
|
|
wifi@0,0 {
|
|
|
|
compatible = "qcom,ath10k";
|
|
|
|
reg = <0 0 0 0 0>;
|
|
|
|
qcom,ath10k-calibration-variant = "ZyXEL-NBG6716";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&usb_phy0 {
|
2019-10-27 23:30:51 +00:00
|
|
|
status = "okay";
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
&usb_phy1 {
|
2019-10-27 23:30:51 +00:00
|
|
|
status = "okay";
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
&usb0 {
|
2019-10-27 23:30:51 +00:00
|
|
|
status = "okay";
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
|
|
|
|
hub_port0: port@1 {
|
|
|
|
reg = <1>;
|
|
|
|
#trigger-source-cells = <0>;
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
&usb1 {
|
2019-10-27 23:30:51 +00:00
|
|
|
status = "okay";
|
ath79: add support for ZyXEL NBG6716
Attention: Kernel partition size has been enlarged to 4MB.
To switch, you must update to latest ar71xx-nand snapshort and flash the
sysupgrade-4M-Kernel.bin:
zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f
You will end up with a fresh config if you do not inject config into the image.
The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but
ath79 can only use the first 128MB. Therefore the complete NAND needs to be
overwritten. If not, the old UBI may make problems and lead to reboot loop.
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6716> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6716>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6716> ATSE NBG6716
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6716> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6716> ATGU
|NBG6716#
Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-23 09:30:30 +00:00
|
|
|
|
|
|
|
hub_port1: port@1 {
|
|
|
|
reg = <1>;
|
|
|
|
#trigger-source-cells = <0>;
|
|
|
|
};
|
|
|
|
};
|