Have not gotten Ethernet up. Chopped up my extra cable wiring up the rj-45
to db9 serial cable.
I need to cut open another rj-45 and grab the POE pairs and make a ghetto
injector that also allows for Ethernet. This board will only take power
over PoE. later this weekend maybe when i get more free time.
I did get serial access though the management port and here is a log. Does
this ring any bells? (I noticed the radio is an atheros 1960 over PCI)
Also the bootloader dumped some FLASH address/data info
FLASH MEM @ 0xBF000000= 4088F800
FLASH MEM @ 0xBFC00000= 4088F800
Do these look familiar to anyone?
I was hoping for something standard but it looks like these guys
are running some custom boot-loader and OS.
Here is the serial log of the device booting to some sort of command prompt.
holding a key down and rebooting did not kick me into something like
redboot or uboot.
acamilo@happy:~$ picocom /dev/ttyUSB0 -b115200
picocom v1.4
port is : /dev/ttyUSB0
flowcontrol : none
baudrate is : 115200
parity is : none
databits are : 8
escape is : C-a
noinit is : no
noreset is : no
nolock is : no
send_cmd is : ascii_xfr -s -v -l10
receive_cmd is : rz -vv
Terminal ready
CPU_PLL_CONFIG= C0140080
SEC_PLL_CONFIG= 400050C0
CPU_CLOCK_CONTROL= 00000000
FLASH MEM @ 0xBF000000= 4088F800
FLASH MEM @ 0xBFC00000= 4088F800
Trapeze Networks AP Bootstrap 3.0.5 (04/xx/2009)
GO 1 entry_addr 80200000 ….
serial_io_init(): success!
PCI: Found Primary [168c/0027] 000280 00
PCI: Found Primary [168c/0027] 000280 00
Found 0 unit 0:0 phy_addr: 0 id: 00070421
PHY is Vitesse VSC8601 Rev B
AES Known Answer Tests(KAT) & AES CCMP Encryption/Decryption Algorithms
Verified.
SHA1 Algorithms Verified.
HMACSHA1 Algorithms Verified.
RSA Public/Private Key Encryption & Decryption Algorithms Verified.
AP Boot Loader version 38
Stage 1 boot code build REL_7.6.1.3.0_103111
access point startup
[ I hit ENTER here and get a ap_mon: prompt ]
ap_mon: hello
ap_mon: help
ap_mon: reboot
Command not understood.
ap_mon: reboot
Command not understood.
ap_mon:
AP Reset: Ethernet Phy timeout
3.935 agent: Radio 1: atheros 9160
3.935 agent: Radio 2: atheros 9160
50.902 agent: AP Reset: Ethernet Phy timeout
finish_crash_pad: length = 124, crc = e1a5ab35
board_reset: Rebooting…
ethernet_shutdown: shutdown eth 0
CPU_PLL_CONFIG= C0140080
SEC_PLL_CONFIG= 400050C0
CPU_CLOCK_CONTROL= 00000000
FLASH MEM @ 0xBF000000= 4088F800
FLASH MEM @ 0xBFC00000= 4088F800
Trapeze Networks AP Bootstrap 3.0.5 (04/xx/2009)
FYI. the “reboot” did nothing. after more poking i’ve noticed that there
some sort of timeout triggering. they reboot when just sitting there.
On Wed, Mar 7, 2012 at 8:28 AM, Christian Gagneraud <ch...@techworks.ie>wrote:
> Hi Alex,
>
> What about scanning the device with nmap to see if there's any open ports?
> Maybe you could login via telnet? Are they running Linux? Any web admin
> interface? Any default login/password written somewhere?
>
> I would say that the next step would be to have a better picture about the
> bootloader and the Flash layout, and see how they compare with what's
> existing in the buildroot.
>
> just in case:
> http://wiki.openwrt.org/doc/**devel/hw.hacking.first.steps<http://wiki.openwrt.org/doc/devel/hw.hacking.first.steps>
> http://wiki.openwrt.org/doc/**devel/add.new.device<http://wiki.openwrt.org/doc/devel/add.new.device>
>
> Good luck!
> Chris
>
>
>
>
>
>
> On 07/03/12 05:21, Alex Camilo wrote:
>
>> Hello, I'm a bit new at this stuff so i've been trying to figure out how
>> to get openwrt working on some routers i've managed to get my hands on.
>>
>>
>> I'm affiliated with an organization who is organizing "up-cycling"
>> hacking sessions with a local middle school. We maintain close ties with
>> the local UNI (my Alma mater) and got permission from the sysadmin to go
>> through the tech waste disposal and take whatever we wanted. After
>> loading up on broken ink-jets and other neat electro-mechanical junk i
>> noticed a decent sized bin full of APs.
>>
>> Apparently the Network Operations guys are upgrading the campus wireless
>> network and just dumping the APs. I grabbed two on the off chance that
>> we might be able to do something with em, at the very least crack it
>> open and talk about board layout a little or pull out some LEDs or LDOs
>> or something. So, When i got a chance I cracked two of the routers open
>> and was a little surprised.
>>
>> There are two models of routers, Large Square ones (Trapeze MP-82s) and
>> small puck-shaped round ones (Nortel 2330).
>> The Square had an Atheros AR7161 and two 66 pin TSSOP DDR SDRAMS with a
>> serial-flash. In addition to this, There where pads for a USB Host port
>> that wasn't populated. There was a rj-45 connector labeled
>> "management interface" that sat behind a rs232 level shiftier so i
>> think that's a serial port. There was also a 14 pin connector in the
>> vicinity of the CPU that looks a lot like a MIPS-EJTAG-2.5 14-pin
>> interface. Grounds in all the right places. I did a search and it looks
>> like this SOC is quite popular but no openwrt port for this router.
>>
>> The puck had a Atheros AR5312A one TSSOP DDR SDRAM and a parallel NAND
>> Flash. I powered the thing on via a "POE injector" and started poking
>> around, I found what looks like a MIPS-EJTAG-2.5 connector with the
>> grounds in the right places and a reset pin that resets the router when
>> pulled low. And i found a 3.3v serial port that informs me that the
>> device is quite confused and upset because the Ethernet link is not up
>> and it can't phone home for firmware but it doesn't look like u-boot and
>> has no prompt.
>>
>> pics of me bringing up the puck and pics of the square's PCB here.
>> http://acamilo.tumblr.com/**post/18833966874/wireless-**router-fun-time<http://acamilo.tumblr.com/post/18833966874/wireless-router-fun-time>
>>
>> So, me and some friends went back and took a whole bunch of both kinds
>> and i'm going to try to get openwrt running on them 'cause it might be
>> kind of fun to make a robot out of these.
>>
>> I've installed buildroot in a VM using the instructions on
>> (http://wiki.openwrt.org/doc/**howto/buildroot.exigence<http://wiki.openwrt.org/doc/howto/buildroot.exigence>
>> )
>> got make menuconvig going. selected "Target System (Atheros
>> AR7xxx/AR9xxx) ---> "
>> and i have my box chugging away running make -j 5
>>
>> Since both of these boards and their supported cousins probably descent
>> from the same reference designs How hard would it be to get these guys
>> running. I've never done that before. Would you recommend trying to JTAG
>> them with a similar router's u-boot and trying to boot over tftp?
>>
>> Do you have any pointers, tips?
>>
>>
>> ______________________________**_________________
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.**org <openwrt-devel@lists.openwrt.org>
>> https://lists.openwrt.org/**mailman/listinfo/openwrt-devel<https://lists.openwrt.org/mailman/listinfo/openwrt-devel>
>>
>
>
> --
> Christian Gagneraud,
> Embedded systems engineer.
> Techworks Marine
> 1 Harbour road
> Dun Laoghaire
> Co. Dublin
> Ireland
> Tel: + 353 (0) 1 236 5990
> Web: http://www.techworks.ie/
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
