![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
介紹
CFE (Common Firmware Environment)
https://en.wikipedia.org/wiki/Common%20Firmware%20Environment
Hardware Info: ASUS_RT-AC66U
https://wikidevi.com/wiki/ASUS_RT-AC66U
Serial: yes, 3.3V TTL (115200)
FLA1: 128 MiB (Samsung K9F1G08U0D-SCB0)
FLA2: 2 MiB (Macronix MX25L1606EM2I-12G)
RAM1: 256 MiB (Samsung K4T1G164QF-BCF7 x 2)
TTL Converter Module
HW: USB to RS232 TTL Converter Module
Most routers come with an UART( computer hardware device that translates data between parallel and serial forms) integrated into the System-on-chip and its pins are routed on the Printed Circuit Board (PCB) to allow debugging, firmware replacement or serial device connection (like modems).
So in contrast to the JTAG-Port, the Serial Port needs some software running on the CPU so we can use it!
If the bootloader is damaged, or doesn't offer such a feature, the port is useless.
recovery methods <-- bootloader is responsible for listening on it
Your computer's TX should be connected to the device's RX, and your computer's RX should be connected to the device's TX.
The computer's GND should connect the the device's GND.
想知 HW support Serial
https://wikidevi.com/wiki/ASUS_RT-AC66U
Serial: yes, 3.3V TTL
Boot msg
CFE version 6.30.39.29 (r338244) based on BBP 1.0.37 for BCM947XX (32bit,SP,LE)
Build Date: 一 10月 15 10:41:41 CST 2012 (yau@wireless-pub2)
Copyright (C) 2000-2008 Broadcom Corporation.
Init Arena
Init Devs.
Boot partition size = 262144(0x40000)
Found an ST compatible serial flash with 32 64KB blocks; total size 2MB
Found a AMD NAND flash with 1024B pages or 128KB blocks; total size 128MB
bcm_robo_enable_switch: EEE is disabled
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.30.39.29 (r338244)
CPU type 0x19749: 600MHz
Tot mem: 131072 KBytes
CFE mem: 0x80700000 - 0x8094EDE0 (2420192)
Data: 0x80738B70 - 0x8073BE10 (12960)
BSS: 0x8073BE10 - 0x8074CDE0 (69584)
Heap: 0x8074CDE0 - 0x8094CDE0 (2097152)
Stack: 0x8094CDE0 - 0x8094EDE0 (8192)
Text: 0x80700000 - 0x80738B70 (232304)
Device eth0: hwaddr 10-C3-7B-??-??-??, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Null Rescue Flag.
boot the image...
I/O error
I/O error
Check 2 trx result: -4, -4
Hello!! Enter Rescue Mode: (Check error)
Reading :: TFTP Server.
Failed.: Timeout occured
Reading :: TFTP Server.
Failed.: Timeout occured
Help
CFE> help Available commands: show devices Display information about the installed devices. show clocks Show current values of the clocks. nvram NVRAM utility. reboot Reboot. flash Update a flash memory device batch Load a batch file into memory and execute it go Verify and boot OS image. boot Load an executable file into memory and execute it load Load an executable file into memory without executing it save Save a region of memory to a remote file via TFTP ping Ping a remote IP host. arp Display or modify the ARP Table ifconfig Configure the Ethernet interface help Obtain help for CFE commands For more information about a command, enter 'help command-name' *** command status = 0
show command
CFE> show clocks
Current clocks: 600/300/150/25 Mhz. *** command status = 0
CFE> show devices
Device Name Description ------------------- --------------------------------------------------------- uart0 NS16550 UART at 0x18000300 uart1 NS16550 UART at 0x18000400 flash0 ST Serial flash size 2048KB flash0.boot ST Serial flash offset 00000000 size 256KB flash0.trx ST Serial flash offset 00040000 size 1KB flash0.os ST Serial flash offset 0004001C size 1728KB flash0.nvram ST Serial flash offset 001F0000 size 64KB flash1.boot ST Serial flash offset 00000000 size 256KB flash1.trx ST Serial flash offset 00040000 size 1728KB flash1.nvram ST Serial flash offset 001F0000 size 64KB nflash0.trx Unknown type 146 NAND flash offset 00000000 size 1KB nflash0.os Unknown type 146 NAND flash offset 0000001C size 131072KB nflash1.trx Unknown type 146 NAND flash offset 00000000 size 32768KB nflash1.brcmnand Unknown type 146 NAND flash offset 02000000 size 98304KB nflash2.prefix Unknown type 146 NAND flash offset 00000000 size 65536KB nflash2.trx Unknown type 146 NAND flash offset 04000000 size 32768KB eth0 Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller *** command status = 0
nvram
CFE> nvram show
size: 3842 bytes (61694 left) *** command status = 0
CFE> nvram erase
*** command status = 0
CFE> nvram get bl_version
1.0.1.4 *** command status = 0
Config network
CFE> ifconfig -auto eth0
CFE> ifconfig -addr=192.168.29.128 -gw=192.168.29.1 -mask=255.255.255.0 eth0
tftp
window client
tftp [-i] [<Host>] [{get | put}] <Source> [<Destination>]
-i # Specifies binary image transfer mode (also called octet mode).
Example:
ping 192.168.1.1
tftp -i 192.168.1.1 put tomato-RT-AC66U_AT-RT-AC6x-3.1-134-AIO-64K.trx
output
順利傳輸: 13 秒內傳送 22175744 個位元組,每秒 1705826 個位元組
console
- last blk - Done. 22175744 bytes read Download of 0x1526000 bytes completed Write kernel and filesystem binary to FLASH Programming...copysize=22175744, amtcopy=-4 Failed.: I/O error
*** This is very important to pass [destination-device] argument or CFE will write to the flash0 device overwriting the CFE!
CFE tftp Client
flash -noheader 192.168.1.100:RT-AC66U_3.0.0.4_376_2524-g0013f52.trx flash1.trx
Programming...copysize=26234880, amtcopy=-4 Failed.: I/O error
-noheader Override header verification, flash binary without checking
-ctheader Check header of CyberTAN
CFE tftp Server
It's also possible to make flash start a TFTP server that will accept firmware for "few seconds"
flash : flash1.trx
flash -noheader : nflash1.trx
flash -ctheader : flash1.trx
