R32 is like the M32 part of the EAGLE PRO AI series from D-Link.
Specification:
- MT7622BV SoC with 2.4GHz wifi
- MT7975AN + MT7915AN for 5GHz
- MT7531BE Switch
- 512MB RAM
- 128 MB flash
- 2 LEDs (Status and Internet, both can be either orange or white)
- 2 buttons (WPS and Reset)
Compared to M32, the R32 has the following differences:
- 4 LAN ports instead of 2
- The recory image starts with DLK6E6015001 instaed of DLK6E6010001
- Individual LEDs for power and internet
- MAC address is stored at another offset in the ODM partition
MAC addresses:
- WAN MAC is stored in partition "Odm" at offset 0x81
- LAN (as printed on the device) is WAN MAC + 1
- WLAN MAC (2.4 GHz) is WAN MAC + 2
- WLAN MAC (5GHz) is WAN MAC + 3
Flashing via Recovery Web Interface:
- Set your IP address to 192.168.0.10, subnetmask 255.255.255.0
- Press the reset button while powering on the deivce
- Keep the reset button pressed until the internet LED blinks fast
- Open a Chromium based and goto http://192.168.0.1
- Download openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-a1-squashfs-recovery.bin
Flashing via uBoot:
- Open the case, connect to the UART console
- Set your IP address to 10.10.10.3, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-initramfs-kernel.bin.
- You can rename the file to iverson_uImage (no extension), then you don't have to enter the whole file name in uboot later.
- Power on the device and select "1. System Load Linux to SDRAM via TFTP." in the boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to RAM will start. After a few seconds OpenWrt initramfs should start
- The initramfs is accessible via 192.168.1.1, change your IP address accordingly (or use multiple IP addresses on your interface)
- Create a backup of the Kernel1 partition, this file is required if a revert to stock should be done later
- Perform a sysupgrade using openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-squashfs-sysupgrade.bin
- Reboot the device. OpenWrt should start from flash now
Revert back to stock using the Recovery Web Interface:
- Set your IP address to 192.168.0.10, subnetmask 255.255.255.0
- Press the reset button while powering on the deivce
- Keep the reset button pressed until the internet LED blinks fast
- Open a Chromium based and goto http://192.168.0.1
- Flash a decrypted firmware image from D-Link. Decrypting an firmware image is described below.
Decrypting a D-Link firmware image:
- Download https://github.com/RolandoMagico/firmware-utils/blob/M32/src/m32-firmware-util.c
- Compile a binary from the downloaded file, e.g. gcc m32-firmware-util.c -lcrypto -o m32-firmware-util
- Run ./m32-firmware-util R32 --DecryptFactoryImage <OriginalFirmware> <OutputFile>
- Example for firmware R32A1_FW103B01: ./m32-firmware-util R32 --DecryptFactoryImage R32A1_FW103B01.bin R32A1_FW103B01.decrypted.bin
Revert back to stock using uBoot:
- Open the case, connect to the UART console
- Set your IP address to 10.10.10.3, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides the previously created backup of the Kernel1 partition.
- You can rename the file to iverson_uImage (no extension), then you don't have to enter the whole file name in uboot later.
- Power on the device and select "2. System Load Linux Kernel then write to Flash via TFTP." in the boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to FLASH will start. After a few seconds the stock firmware should start again
There is also an image openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-a1-squashfs-tftp.bin which can directly be flashed via U-Boot and TFTP.
It can be used if no backup of the Kernel1 partition is reuqired.
Flahsing via OEM web interface is currently not possible, the OEM images are encrypted. Creating images is only possible manually at the moment.
The support for the M32/R32 already includes support for flashing from the OEM web interface:
- The device tree contains both partitions (Kernel1 and Kernel2) with conditions to select the correct one based on the kernel command line
- The U-Boot variable "boot_part" is set accordingly during startup to finish the partition swap after flashing from the OEM web interface
- OpenWrt sysupgrade flashing always uses the partition where it was initially flashed to (no partition swap)
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
(cherry picked from commit fdb87a91b4)
Link: https://github.com/openwrt/openwrt/pull/15776
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently, the build option to enable/disable engine support isn't
reflected in the final '/etc/ssl/openssl.cnf' config. It assumes `engines`
is always enabled, producing an error whenever running any
commands in openssl util or programs that explicitly use settings
from '/etc/ssl/openssl.cnf'.
```
➤ openssl version
FATAL: Startup failure (dev note: apps_startup()) for openssl
307D1EA97F000000:error:12800067:lib(37):dlfcn_load:reason(103):crypto/dso/dso_dlfcn.c:118:filename(libengines.so):
Error loading shared library libengines.so: No such file or directory
307D1EA97F000000:error:12800067:lib(37):DSO_load:reason(103):crypto/dso/dso_lib.c:152:
307D1EA97F000000:error:0700006E:lib(14):module_load_dso:reason(110):crypto/conf/conf_mod.c:321:module=engines, path=engines
307D1EA97F000000:error:07000071:lib(14):module_run:reason(113):crypto/conf/conf_mod.c:266:module=engines
```
Build should check for the `CONFIG_OPENSSL_ENGINE` option, and comment out `engines`
if not explicitly enabled.
Example:
```
[openssl_init]
providers = provider_sect
```
After this change, openssl util works correctly.
```
➤ openssl version
OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15661
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 31ec4515c3)
Link: https://github.com/openwrt/openwrt/pull/15873
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [04-Jun-2024]
* Fixed potential use after free after SSL_free_buffers() is called.
[CVE-2024-4741]
* Fixed checking excessively long DSA keys or parameters may be very slow.
[CVE-2024-4603]
* Fixed an issue where some non-default TLS server configurations can cause
unbounded memory growth when processing TLSv1.3 sessions. An attacker may
exploit certain server configurations to trigger unbounded memory growth that
would lead to a Denial of Service. [CVE-2024-2511]
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded. This can be used on platforms
where using atexit() from shared libraries causes crashes on exit
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
(cherry picked from commit bac2f1bed6)
Link: https://github.com/openwrt/openwrt/pull/15873
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
* [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
Zhang, Qingni Shen for the report (Peking University, The University
of Western Australia)."
* [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
Qingni Shen for the report (Peking University, The University of
Western Australia).
Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
(cherry picked from commit f475a44c03)
Link: https://github.com/openwrt/openwrt/pull/15872
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Comfast CF-E393AX is a dual-band Wi-Fi 6 POE ceiling mount access point.
Oem firmware is a custom openwrt 21.02 snapshot version.
We can gain access via ssh once we remove the root password.
Hardware specification:
SoC: MediaTek MT7981A 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB DDR3
Ethernet: 1x 10/100/1000 Mbps built-in PHY (WAN)
1x 10/100/1000/2500 Mbps MaxLinear GPY211C (LAN)
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976D
LEDS: 1x (Red, Blue and Green)
Button: Reset
UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | VCC GND TX RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface (http://apipaddress/computer/login.html),
and download the
configuration(http://apipaddress/computer/config.html).
2. Rename downloaded backup config - 'backup.file to backup.tar.gz',
Enter 'fakeroot' command then decompress the configuration:
tar -zxf backup.tar.gz
3. Edit 'etc/shadow', update (remove) root password:
With password =
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
to
Without password =
'root::0:99999:7:::'
'root::0:99999:7:::'
4. Repack 'etc' directory back to a new backup file:
tar -zcf backup-ssh.tar.gz etc/
5. Rename new config tar.gz file to 'backup-ssh.file'
Exit fakeroot - 'exit'
6. Upload new configuration via web interface, now you
can SSH with the following:
'ssh -vv -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa root@192.168.10.1'.
Backup the mtd partitions
- https://openwrt.org/docs/guide-user/installation/generic.backup
7. Copy openwrt factory firmware to the tmp folder to install via ssh:
'scp -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa \
*-mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin \
root@192.168.10.1:/tmp/'
'sysupgrade -n -F \
/tmp/*--mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin'
8. Once led has stopped flashing - Connect via ssh with the
default openwrt ip address - 'ssh root@192.168.1.1'
9. SSH copy the openwrt sysupgrade firmware and upgrade
as per the default instructions.
Signed-off-by: David Bentham <db260179@gmail.com>
(cherry picked from commit d8f4453bf2)
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 16MB NOR
RAM: 256MB
Ethernet: 2x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset
Power: DC 12V 1A, PoE 802.3af 48V
Flash instructions:
Option #1 - SSH
I was able to SSH into the stock firmware of my device.
1. Attach the router to the network
2. Use scp (-O) to copy the sysupgrade image
3. Connect using SSH and run `sysupgrade -n`
Option #2 - U-Boot
One way to use the bootloader for flashing is using TFTP:
1. Connect to the router using an ethernet cable
2 Spin up a TFTP server serving the sysupgrade file
3. Open the case and attach a UART
4. Attach power to the router and interrupt the countdown by pressing
any key
5. Select option #2 (Upgrade firmware)
6. Enter IP address information and image name
7. Wait patiently
Co-Authored-By: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
Co-Authored-By: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit b4086f44cd)
The Bonanza Peak series are a couple of MT7986-powered 2.5 GBit/s
Wi-Fi 6 residential gateway, access point and mesh router products.
All of them come with an eMMC to boot from, are powered via USB-C and
got a USB 3.0 type-A port. All of them got a Dialog (Renesas) DA14531
Bluetooth module connected via UART. If the device was previously
running stock firmware, the BT chip's internal flash has been loaded
with firmware and it can be attached using hciattach when using
OpenWrt.
SOC: MediaTek MT7986A
RAM: 2 GiB DDR4
eMMC: 8 GiB
Bluetooth: BLE5 (DA14531)
Serial: 3.3V level, 115200 8n1 on 4-pin connector
* SDG-8612 - Dual-band RJ-45 gateway
2x 2.5G MaxLinear PHY for WAN port
3x 1GE LAN ports via MT7531 switch
* SDG-8614 - Dual-band SFP gateway
1x SFP cage with up to 2.5G speed
1x 2.5G MaxLinear PHY for LAN port
3x 1GE LAN ports via MT7531 switch
* SDG-8622 - Tri-band mesh router
2x 2.5G MaxLinear PHY
The MT7986 2G and 5G are used as 2G and 5G high band.
There’s a MT7915 PCIe card for 5G low band.
* SDG-8632 - Tri-band mesh router with 6 GHz
2x 2.5G MaxLinear PHY
The MT7986 serves the 2G and 6G bands.
There’s a MT7915 PCIe card for 5G.
Installation via U-Boot serial console:
0. setup TFTP server with IP 192.168.1.10/24, place initramfs image
renamed to openwrt.XXX where XXX is the internal product number:
SDG-8612: XXX = 412
SDG-8614: XXX = 414
SDG-8622: XXX = 422
SDG-8632: XXX = 432
1. connect to the serial console and power on the device.
Interrupt the bootloader by pressing 'st'
2. setenv boot_mode openwrt ; saveenv
3. run boot1
Load firmware via TFTP and write to flash
4. run boot2
Now OpenWrt initramfs should boot
5. upload sysupgrade.bin via scp to /tmp
6. sysupgrade
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3aa686f8d4)
Openwrt supports hundreds of devices. These newly added LED colors
and functions can help developers better describe LED indicators.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 6c41c585e3)
Specifications:
SoC: MediaTek MT7981B
RAM: 256MiB
Flash: SPI-NAND 128 MiB
Switch: 1 WAN, 3 LAN (Gigabit)
Buttons: Reset, Mesh
Power: DC 12V 1A
WiFi: MT7976CN
UART: 115200n8
UART Layout:
VCC-RX-TX-GND
No. of Antennas: 6
Note: Upon opening the router, only 5 antennas were connected
to the mainboard.
Led Layout:
Power-Mesh-5gwifi-WAN-LAN3-LAN2-LAN1-2gWiFi
Buttons:
Reset-Mesh
Installation:
A. Through OpenWrt Dashboard:
If your router comes with OpenWrt preinstalled (modified by the seller),
you can easily upgrade by going to the dashboard (192.168.1.1) and then
navigate to System -> Backup/Flash firmware, then flash the firmware
B. Through TFTP
Standard installation via UART:
1. Connect USB Serial Adapter to the UART, (NOTE: Don't connect the VCC pin).
2. Power on the router. Make sure that you can access your router via UART.
3. Restart the router then repeatedly press ctrl + c to skip default boot.
4. Type > bootmenu
5. Press '2' to select upgrade firmware
6. Press 'Y' on 'Run image after upgrading?'
7. Press '0' and hit 'enter' to select TFTP client (default)
8. Fill the U-Boot's IP address and TFTP server's IP address.
9. Finally, enter the 'firmware' filename.
Signed-off-by: Ian Oderon <ianoderon@gmail.com>
(cherry picked from commit 4300bc6688)
This is mostly a cosmetic cleanup. The absence of
the return statement was not causing any problems.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
(cherry picked from commit 8cf4ac5195)
Similar to the *_get_mac_binary function, also split the common parts
off mtd_get_mac_ascii into new get_mac_ascii function and introduce
mmc_get_mac_ascii which uses it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 45c85c1827)
Include XHCI USB drivers on the ZBT-Z8102AX router, the drivers are
required to be able to use the USB-connected M.2 slots for 4G/5G modems.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 507ad4f078)
The EnGenius EAP1300 and EAP1300EXT use identical boards and firmware
(as flashed) from the vendor.
As with the EAP1300, the EAP1300EXT requires a specific firmware version
to flash OpenWRT. Unfortunately, the required firmware is truncated on
the vendor's website.
A working file can be created as follows:
```
curl \
https://www.engeniustech.com/wp_firmware/eap1300-all-v3.5.3.5_c1.9.04.bin \
| perl -pe 's/\x09EAP1300_A/\x0cEAP1300EXT_A/' \
> eap1300ext-all-v3.5.3.5_c1.9.04.bin
```
The file should have sha256:
`58a1197a426139a12b03fd432334e677124cbe3384349bd7337f2ee71f1dcfd4`.
Please see commit 2b4ac79 for further
details.
The vendor firmware must be decrypted before it can be flashed from
OpenWRT. A tool able to do that is available from:
https://github.com/ryancdotorg/enfringement/blob/main/decrypt.py
Signed-off-by: Ryan Castellucci <code@ryanc.org>
(cherry picked from commit 85f6f88223)
Don't ignore probe requests which contain an invalid DS parameter for the
current operating channel.
As the comment outlines, the drop shall only apply if
dot11RadioMeasurementActivated is set to 1.
However, it was observed Linux clients (Debian 12 / NixOS 23.11)
with an Intel 8265 NIC may generate a probe request frame with
dot11RadioMeasurementActivated set to false and an invalid DSSS
parameter.
These were also dropped even though they should not have been. They
however should not have contained this parameter in the first place.
Don't drop Probe Requests which contain such an invalid field. This may
lead to more probe responses being sent, however it does fix very
frequent connection issues for these clients on 2.4 GHz.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 68e4cc9be5)
Turns out the device got two buttons, while the currently listed on is
actually WPS, and the other (will hidden) button is intended as RESET.
Update DT accordingly.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 646ebbd32c)
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Per the CycloneDX 1.4 spec, the `metadata.timestamp` field contains
the date/time when the BOM was created [1].
Before the change, the value generated by the package-metadata.pl
script would look like this:
2024-06-03T15:51:10
CycloneDX 1.4 relies on the JSON Schema specification version draft-07,
which defines the `date-time` format [2] as derived from RFC 3339,
section 5.6 [3]. In this format, the `time-offset` component is required,
however in the original version of package-metadata.pl it is omitted.
This is causing problems with OWASP Dependency-Track version 4.11.0 or
newer, where it now validates submitted SBOMs against the JSON schema
by default [4]. SBOMs with incorrect timestamp values are rejected with
the following error:
{
"detail": "Schema validation failed",
"errors": [
"$.metadata.timestamp: 2024-06-03T15:51:10 is an invalid date-time"
],
"status": 400,
"title": "The uploaded BOM is invalid"
}
Add explicit `Z` (UTC) timezone offset in the `timestamp` field
to satisfy the CycloneDX schema.
[1]: https://github.com/CycloneDX/specification/blob/1.4/schema/bom-1.4.schema.json#L116-L121
[2]: https://json-schema.org/draft-07/draft-handrews-json-schema-validation-01#rfc.section.7.3.1
[3]: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6
[4]: https://github.com/DependencyTrack/dependency-track/pull/3522
Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
(cherry picked from commit 2ded629864)
Link: https://github.com/openwrt/openwrt/pull/15693
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
a903d3169193 wifi: mt76: mt7921: fix a potential association failure upon resuming
eb0d0ce344f3 wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform
841bf82e9958 wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177
ce7ccc540168 wifi: mt76: Remove redundant assignment to variable tidno
a238df940d6f wifi: mt76: mt7915: initialize rssi on adding stations
46c7d1849dbd wifi: mt76: replace skb_put with skb_put_zero
b5640b3153c7 wifi: mt76: fix tx packet loss when scanning on DBDC
7b054e5cb3af wifi: mt76: mt7915: fix mcu command format for mt7915 tx stats
3f27a64a8010 wifi: mt76: mt7915: fix bogus Tx/Rx airtime duration values
4f681a8fbc91 wifi: mt76: mt7915: fix HE PHY capabilities IE for station mode
8ede229eb8b5 wifi: mt76: mt7915: only set MT76_MCU_RESET for the main phy
2330781b8c5f wifi: mt76: mt7996: only set MT76_MCU_RESET for the main phy
e5fb6995e7eb wifi: mt76: mt7915: add support for disabling in-band discovery
b4a917417c85 wifi: mt76: mt7915: add mt7986, mt7916 and mt7981 pre-calibration
2135e201e7a9 mt76: mt7915: add fallback in case of missing precal data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 85ad6b9569)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The WS-AP3710i does not correctly expose its label-mac on eth0 anymore
since the change to simpleLoader.
Fix this by obtaining the label-mac from the U-Boot environment.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit e321e70ddc)
With the introduction of the simpleImage loader, the MAC address is not
set by the bootloader anymore.
Fix this by reading the MAC address from the U-Boot environment
partition.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 22f92cce22)
On master, the bootwrapper link-address for all simpleImage targets was
relocated to 0x15000000 due to growing kernel size.
This was not done on OpenWrt 23.05, as the decompressed kernel still
fits. However, with the wrapper for the WS-AP3710i, the bootloader
attempts execute in-place with the uImage load-address of 0x1000000. As
the image is compiled without the uImage header in mind, this naturally
fails.
In order to fix this, link the WS-AP3715i simpleImage at 0x15000000 as
done in master. This will force the bootloader to relocate the code to
the proper address and skip XIP.
Signed-off-by: David Bauer <mail@david-bauer.net>
All NETGEAR EX6150v2 validate the rootfs for which OpenWrt places a
fakeheader at the position, where the bootloader expects it.
Some EX6150v2 bootloaders do however make a broken assumption about
where the rootfs starts. This is due to them calculating the rootfs
start not based upon the kernel-length but the string-offset of the
FIT-image.
We have to be compatible with both this broken as well as the valid
calculation. So we do relocate the FDT string section to a
block-boundary and enlarge the FIT image to end at this boundary +
BLOCKSIZE / 2. This way, both the broken as well as correct calculations
do expect the rootfs-header at the same position.
It is worth noting, that this is a rare edge-case in which only happens
if the image-length as well as the start of the string-section are not
placed in the same erase-block. This is an edge-case which happens very
rarely (thus it was not spotted prior).
Affected:
- U-Boot 2012.07 (Jun 16 2016 - 11:59:37)
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit de59fc4540)
Hardware
--------
CPU: Freescale P1020 2xe500 PPC
RAM: 256M DDR3 (Micron MT41J64M16JT-15E:G "D9MNJ")
NAND: 128M (Micron 2CA1)
BTN: 1x Reset
LED: Power - ETH - Radio1 - Radio2
UART: RJ-45 Cisco Pinout - 115200 8N1
Installation
------------
NOTE: You can find a repo with up-to-date instructions as well as
the required files here:
https://github.com/blocktrron/msm460-flashing
Required files
==============
You need a command-files as well as a U-Boot image.
The command-file has the following content (padded to 131072 bytes).
If you copy paste these, remove the newlines!
```
U-BOOT setenv ethaddr 02:03:04:05:06:07; setenv ipaddr 192.168.1.1;
setenv serverip 192.168.1.66; tftpboot 0x3000000 msm460-uboot.bin;
nand device; nand erase 0 0xC0000; nand write 0x3000000 0x0 0xC0000; reset
```
You can download the required U-Boot from this repository:
https://github.com/blocktrron/u-boot-msm/releases
Preparation
===========
Prepare a TFTP server serving two files:
- U-Boot NAND image as `msm460-uboot.bin`.
- OpenWrt factory image as `msm460-factory.bin`
- Command-file names `commands.tftp`
You can start a TFTP server in the current directory using dnsmasq:
```bash
sudo dnsmasq --no-daemon --listen-address=0.0.0.0 \
--port=0 --enable-tftp=enxd0 --tftp-root="$(pwd)" \
--user=root --group=root
```
Replace `enxd0` with the name of your network interface.
Procedure
=========
1. Assign yourself the IP-Address 192.168.1.66/24.
3. Connect the Router to the PC while keeping the reset button
pressed.
4. The LEDs will eventually begin to flash.
They will start to flash faster after around 15 seconds.
5. Release the reset button.
6. Start a new shell
7. Make sure you are currently in the directory where the tftp server
is located.
8. Run the following command:
```bash
tftp 192.168.1.1 -m binary -c put commands.tftp nflashd.cccc9999
```
You get the message "Transfer timed out."
To find out if you have been successful, please check the
blinking LED Pattern.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit af329ec389)
Signed-off-by: David Bauer <mail@david-bauer.net>
On Fedora 40 system, some compile error happens when
building iconv-ostream.c. Linking to libiconv-full
fixes this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit 63dd14b906)
Link: https://github.com/openwrt/openwrt/pull/15627
Signed-off-by: Robert Marko <robimarko@gmail.com>
There is a custom LED controller between the 3 SoC GPIO outputs and
the red and blue LEDs of the device. It implements a strange mapping
that includes fixed, flashing, and breathing modes.
The current DTS configuration causes OpenWrt to flash the LEDs over
the controller's own flashing, resulting in chaotic output in boot,
failsafe, and upgrade modes.
This change fixes the LEDs in the best way possible as long as each
OpenWrt running state is limited to be signaled by a single led.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15440
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0868268c9f)
Hardware:
- SoC: MediaTek MT7981B
- CPU: 2x 1.3 GHz Cortex-A53
- Flash: 128 MiB SPI NAND
- RAM: 512 MiB
- WLAN: 2.4 GHz, 5 GHz (MediaTek MT7976CN, 802.11ax)
- Ethernet: 1x 10/100/1000/2500 Mbps RTL8221B WAN, 1x10/100/1000 Mbps MT7981 LAN
- USB 3.0 port
- Buttons: 1 Reset button, 1 slider button
- LEDs: 1x Red, 1x White
- Serial console: internal test points, 115200 8n1
- Power: 5 VDC, 3 A
MAC addresses:
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| WAN | 80:af:ca:xx:xx:x1 | label+1 |
| LAN | 80:af:ca:xx:xx:x0 | label |
| WLAN 2g | 80:af:ca:xx:xx:x0 | label |
| WLAN 5g | 82:af:ca:xx:xx:x0 | |
+---------+-------------------+-----------+
Installation:
The installation must be done via TFTP by disassembling the router. On other occasions Cudy has distributed intermediate firmware to make installation easier, and so I recommend checking the Wiki for this device if there is a more convenient solution than the one below.
To install using TFTP:
1. Connect to UART.
2. With the router off, press the RESET button. While the router is turning on, the button should continue to be pressed for at least 5 seconds.
3. A u-boot shell will automatically open.
4. Connect to LAN and set your IP to 192.168.1.88/24. Configure a TFTP server and an OpenWrt initramfs-kernel.bin firmware file.
5. Run these steps in u-boot using the name of your file.
setenv bootfile initramfs-kernel.bin
tftpboot
bootm
6. If you can reach LuCI or SSH now, just use the sysupgrade image with the 'Keep settings' option turned off.
Signed-off-by: Luis Mita <luis@luismita.com>
(cherry picked from commit 63b8d98dd0)
The NMBM-Enabled layout did not use fit image,
it just need default process. So it was been removed in platform.sh.
It will fix sysupgrade error for xiaomi,mi-router-wr30u-112m-nmbm.
Signed-off-by: Hank Moretti <mchank9999@gmail.com>
(cherry picked from commit 02214ab8dc)
This reverts commit dcdcfc1511.
This is a firmware for third-party u-boot mod, which should not
be carried here by us.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 1b7e62b20b)