This adds support for AR9331 based Hak5 penetration testing tools:
- WiFi Pineapple NANO
- LAN Turtle
- Packet Squirrel
WiFi Pineapple NANO specifications:
- SoC: Atheros AR9331 (400 MHz)
- RAM: 64 MB (DDR2)
- FLASH: 16 MB
- WiFi: 1T1R AR9331 (built-in), 1T1R AR9271 (built-in via USB bus)
- Ethernet: 1x FE over USB (ASIX AX88772A)
- Ports: 2x RP-SMA for antennas, 1x USB 2.0 (host), 1x micro SD
- Power: USB 5 V, 1.5 A
- Other: status LED, reset button
LAN Turtle specifications:
- SoC: Atheros AR9331 (400 MHz)
- RAM: 64 MB (DDR2)
- FLASH: 16 MB
- WiFi: none
- Ethernet: 1x FE (AR9331), 1x FE over USB (Realtek RTL8152B)
- Ports: 1x RJ45, version dependent: micro SD or 3G SIM slot
- Power: USB 5 V, 0.5 A
- Other: status LED, reset button (inside, on PCB)
Packet Squirrel specifications:
- SoC: Atheros AR9331 (400 MHz)
- RAM: 64 MB (DDR2)
- FLASH: 16 MB
- WiFi: none
- Ethernet: 2x FE (AR9331)
- Ports: 2x RJ45, 1x USB 2.0
- Power: USB 5 V, 0.12 A
- Other: status LED, reset button, 4-way switch
Flash instructions for all 3 devices:
Original firmware is based on OpenWrt.
Use sysupgrade via SSH to flash.
Signed-off-by: Sebastian Kinne <contact@sebkinne.com>
[squashed commits, combined and reworked mach files, aligned board
naming with general convention, fixed minor issues, tested on real
hardware, reworded commit subject and description]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Some NBG6716 do not have ath10k calibration data in flash, only in chip
OTP. To determine if flash has a valid calibration data, the first two
bytes telling the length of the calibration data are checked against the
requested length. If the lengths match, calibration data is valid and
read from flash.
Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
Vendor released new model (AP80Q) which is identical from hardware point
of view with already supported AP90Q. Include AP80Q in machine name.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
YunCore T830 is a simple N300 router with 5-port FE switch, detachable
antennas and USB 2.0 port.
Specification:
- 650/597/216 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 5x 10/100 Mbps Ethernet
- 2T2R 2.4 GHz (QCA9531), with ext. PA (SKY65174-21) and LNA
- two external, detachable antennas (RP-SMA)
- 1x USB 2.0
- 8x LED (7 driven by GPIO)
- 1x button (reset)
- DC jack for main power input (12 V)
- UART and JTAG headers on PCB
Flash instruction:
1. First, gain root access to the device, following below steps:
- Login into web gui (default password/IP: admin/192.168.188.253).
- Go to "Advanced" -> "Management" -> "System" and download backup of
configuration (bakfile.bin).
- Open the file as tar.gz archive, edit/update "shadow" file and change
hash of root password to something known.
- Repack the archive, rename it back to "bakfile.bin" and use to
restore configuration of the device.
- After that, device will reboot and can be accessed over SSH.
2. Then, install OpenWrt:
- Login over SSH and issue command:
fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
- Upload "sysupgrade" image and install it (only if previous command
succeeded) with command: "sysupgrade -n -F openwrt-...".
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Samsung WAM250 is a dual-band (selectable, not simultaneous) wireless
hub, dedicated for Samsung Shape Wireless Audio System. The device is
based on Atheros AR9344. FCC ID: A3LWAM250.
Specification:
- 560/450/225 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 2x 10/100 Mbps Ethernet
- 2T2R 2.4/5 GHz (AR9344), with ext. PA (SE2598L, SE5003L) and LNA
- 1x USB 2.0
- 4x LED (all are driven by GPIO)
- 2x button (reset, wps/speaker add)
- DC jack for main power input (14 V)
- UART header on PCB (J4, RX: 3, TX: 5)
Flash instruction:
This device uses dual-image (switched between upgrades) with a common
jffs2 config partition. Fortunately, there is a way to disable this mode
so that more flash space can be used by OpenWrt image.
You can easily access this device over telnet, using root/root
credentials (the same also work for serial console access).
1. Make sure that your device uses second (bootpart=2) image using
command: "fw_printenv bootpart".
2. If your device uses first image (bootpart=1), perform upgrade to the
latest vendor firmware (after the update, device should boot from
second partition) using web gui (default login: admin/1234567890).
3. Rename "sysupgrade" image to "firmware.bin", download it (you can use
wget, tftp or ftpget) to "/tmp" and issue below commands:
mtd_debug erase /dev/mtd3 0 $(wc -c /tmp/firmware.bin | awk -F' ' '{print $1}')
mtd_debug write /dev/mtd3 0 $(wc -c /tmp/firmware.bin)
fw_setenv bootpart
fw_setenv bootcmd "bootm 0x9f070000"
reboot
Revert to vendor firmware instruction:
1. Download vendor firmware to "/tmp" device and issue below commands:
fw_setenv bootpart 1
sysupgrade -n -F SS_BHUB_v2.2.05.bin
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
COMFAST CF-E385AC is an AC2200 ceiling mount AP with PoE support, based
on Qualcomm/Atheros QCA9558 + QCA9984 + QCA8337N.
Specification:
- 720/600/200 MHz (CPU/DDR/AHB)
- 256 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 2x 10/100/1000 Mbps Ethernet, with PoE support
- 3T3R 2.4 GHz (QCA9558), with external LNA and PA (SE2576L)
- 4T4R 5 GHz (QCA9984), with external FEM (SKY85728-11)
- 7x internal antennas
- 1x RGB LED (driven by GPIO)
- 1x button (reset)
- UART, LEDs/GPIO and USB headers on PCB
- external watchdog (Pericon Technology PT7A7514)
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
There are now supported two versions of the CF-E355AC board which differ
in 802.11ac radio chip. Include version number in board, model, image
filename, etc., also for the v1.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
COMFAST CF-E355AC v2 is a ceiling mount AP with PoE support, based on
Qualcomm/Atheros QCA9531 + QCA9886.
Short specification:
- 2x 10/100 Mbps Ethernet, with PoE support
- 128MB of RAM (DDR2)
- 16 MB of FLASH
- 2T2R 2.4 GHz, 802.11b/g/n
- 2T2R 5 GHz, 802.11ac/n/a, WAVE 2
- built-in 4x 3 dBi antennas
- output power (max): 500 mW (27 dBm)
- 1x RGB LED, 1x button
- built-in watchdog chipset
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Ding Tengfei <dtf@comfast.cn>
[updated kernel config for both boards]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The "QCA9531 v2.0 802.11n 2x2 2.4 GHz Premium SOC for WLAN Platforms"
datasheet (80-Y7991-1 Rev. C - October 2014) doesn't specify support for a
40 Mhz reference clock. The register description for "Bootstrap Options"
(page 31) defines following states for the bit 4 (REF_CLK):
* 0 - CLK25 (default)
* 1 - (reserved)
Devices like the TP-Link CPE210 v2 has this bit set to 1 but is using a 25
Mhz reference clock. OpenWrt is still interpreted this bit as 40 Mhz and
then break the bootup of the system due to this incorrect interpretation.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[refreshed patches]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
WHQX E1700AC v2 is based on Qualcomm QCA9563 + QCA9880 + QCA8334.
Specification:
- 750/400/250 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz (QCA9563) with external FEM (SKY85309-11)
- 3T3R 5 GHz (QCA9880) with external FEM (SKY85728-11)
- 2x 10/100/1000 Mbps Ethernet (one port with PoE support)
- 1x miniPCIe slot (USB 2.0 bus only)
- 1x microSIM slot
- 1x USB 2.0
- 5x LED (4 driven by GPIO)
- 1x button (reset)
- 1x 2-pos switch
- 1x DC jack for main power input (9-48 V)
- UART (J5) and LEDs (J13) headers on PCB
WHQX E600G is based on Qualcomm QCA9531.
Specification:
- 650/391/216 MHz (CPU/DDR/AHB)
- 64/128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz (QCA9531) with external PA (LXK-6601)
- 2x 10/100 Mbps Ethernet (one port with PoE support)
- 1x miniPCIe slot (with PCIe and USB 2.0 buses)
- 1x microSIM slot
- 5x LED (4 driven by GPIO)
- 1x button (reset)
- 1x DC jack for main power input (9-48 V)
- UART (J100), SIM (J34), JTAG (J5) and LEDs (J7) headers on PCB
WHQX E600GAC is based on Qualcomm QCA9531 + QCA9887.
Specification:
- 650/391/216 MHz (CPU/DDR/AHB)
- 64/128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz (QCA9531)
- 1T1R 5 GHz (QCA9887) with external FEM (SKY85703-11)
- 2x 10/100 Mbps Ethernet
- 6x LED (1x RGB, 5 driven by GPIO)
- 1x button (reset)
- 1x DC jack for main power input (9-12 V)
- UART (J100), USB (J102), JTAG (J5) and LEDs (J7) header on PCB
Important notice:
First version of these boards are using different mtd layout, with ART
data at the end. You should not use v2 images on v1 board because it
will result in lost of ART data!
Flash instruction (using U-Boot CLI and tftp server):
1. Configure PC with static IP 192.168.1.10 and tftp server.
2. Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
server directory.
3. Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
4. Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
1. Configure PC with static IP 192.168.1.xxx(2-254)/24.
2. Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
3. Open your browser and enter 192.168.1.1, select "sysupgrade" image
and click the upgrade button.
Signed-off-by: Peng Zhang <sd20@qxwlan.com>
[reworked: image generation code, mach-* files, commit description,
fixed minor code style issues, rebased on master]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
You should not define CFLAGS for the toolchain as this will also leak
into other targets if they share the same toolchain.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
The CN80XX Boot firmware uses an embedded FAT12 filesystem. For some reason
busybox can't mount this unless its enabled static in the kernel.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
When this target got updated to 4.14, this patch got removed to
re-evaluate if it was still needed.
Extensive testing now shows this issue is still present.
Let's re-add the patch to fix it for now.
As the uart bus is very low bandwidth .. performance impact is negligible.
Boot log:
[ 22.513051] imx-uart 2020000.serial: DMA transaction error.
[ 22.522721] imx-uart 2020000.serial: DMA transaction error.
As a sidenote:
The patch mentiones an issue with RS485, but the bootlog
errors above were recorded with the uart ports in standard RS232 mode.
Compile/Run-tested on imx6/GW5200
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The hardware emits some interrupts while initializing and handling them
can mess up the state or cause infinite loops.
Fix this by disabling IRQs during init and re-enabling them afterwards
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Tama Electric Axing W06 is a 2.4 GHz band 11n router, based on Mediatek
MT7688AN.
Specification:
- MT7688AN (575 MHz)
- 64 MB of RAM (DDR2 SDRAM)
- 16 MB of Flash (SPI)
- 1T1R 2.4 GHz
- 1x 10/100/1000 Mbps Ethernet
- 4x LEDs (GPIO connected: 3), 1x button
- 1x USB 2.0 Type-A (host)
- UART header on PCB (GND, RX, TX, Vcc from RJ45 side)
Flash instruction using sysupgrade image:
1. Connect micro-USB cable for power supply into W06 and turn on the
router
2. Connect to wifi with SSID "tama-*" with password. Complete SSID and
password are listed on the back of the router
3. Access to 192.168.1.1 and login with user name "admin" and password
empty
4. In firmware update(ファームウェア更新) page, click "参照" button
and click "ブラウザー" button to open file browser, select the
sysupgrade image and press OK button
5. Wait ~150 seconds to complete flashing
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Use the generic board detection for the GnuBee Personal Cloud Two
instead of the target specific one as all recent additions are doing.
Fixup the pinmux to set all pins used as GPIO to the function GPIO.
Request pins where used.
Drop the i2c from the dts. There is nothing connected. While at it fix an
indentation issue and use references instead of duplicating the whole
node path.
Use the same switch config as for the GB-PC1 and drop the led trigger for
the not supported IP1001 phy connected to second rgmii.
Fixes: c60a21532b ("ramips: Add support for the GnuBee Personal Cloud Two")
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use the generic board detection for the D-Link DAP-1522 A1 instead of the
target specific one as all recent additions are doing.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Updated the devicetree source files to make use of the following
upstreamed drivers:
- xrx200 ethernet phy
- reset controller unit
- dwc2
- fpi
Use our custom xrx200 ethernet phy compatible to support boards, which
have switched the vr9 revision during lifetime, with a single devicetree
source file.
By switching to the dwc2 driver + usb phy framework, we don't need to used
our custom gpio power patch and can use a fixed regulator instead.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Mathias Kresin <dev@kresin.me>
On danube the USB0 registers are at 1e101000 similar to all other lantiq
SoCs.
On Danube and AR9 the USB core is connected to the AHB bus, hence we need
to enable the AHB Bus as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Add a custom xrx200 ethernet phy compatible to load the firmware matching
the vr9 revision without specifing an expected revision.
We have quite a few boards in the tree were later produced ones are using
a more recent vr9. It is impossible to distinguish which revision of the
vr9 is used without opening the case and removing a heatsink for some of
them.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This reverts kernel commit 1eed40043579 ("MIPS: smp-mt: Use CPU interrupt
controller IPI IRQ domain support"). With the patch applied, the kernel
hangs during boot if SMP is active.
The Lantiq IRQ controller gets registered first and it directly handles
the MIPS native SW1/2 and HW0 - HW5 IRQs. It looks like this controller
already registers IRQ 0 - 7 and the generic driver only gets the following
IRQs starting later.
The upstream discussion can be found at
https://www.linux-mips.org/archives/linux-mips/2017-05/msg00059.html.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This just copies the patches, configuration and dts files into the
directories hich are used for kernel 4.14.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>