OpenWRT/Belgacom Box2 (bbox2) OpenWRT workshop

From Hackerspace Brussels
Jump to: navigation, search


OpenWRT/Belgacom Box2 (bbox2) OpenWRT workshop
Fri 28 Oct 2011 20:00
till Sun 30 Oct 2011 20:00
Belgacom-bbox2.jpg
What:
Belgacom Box2 (bbox2) OpenWRT workshop
Tagline:
Belgacom Box2 (bbox2) OpenWRT workshop
Where:
HSB Brussels,Belgium
Cost:
0
Who:
URL:


Goal

  • Port openwrt to the bbox2
  • Create openwrt packages that can be installed on the stock belgacom firmware (similar to /optware)
  • JTAG access to the box
  • Reflash the bootloader with another one
  • Create an ikanos branch for openwrt (add Orange Livebox2, AliceGate, Sagem F@st 3464)

Attendees

Register on Doodle: http://www.doodle.com/eqscpn8ctepx352t

Sources

Links


no slacking, just hacking

of course some dudes left us, slackers, far behind : Go check http://foro.seguridadwireless.net/livebox-2/



HAY QUE TENER POCA VERGÜENZA PARA ENCIMA DE FALTAR AL RESPETO INTENTAR APROPIARSE DE LOS MERITOS DE OTROS. Y LO MAS RIDICULO, HOYGAN, ES QUE ESTO LLEVA MUERTO CUANTO... ¿ MAS DE 1 AÑO Y MEDIO ?

Here a google translate [g.translate]

an attempt for translation in english (g.translage > human editing -- Work in Progress)

README / Disclaimer

Hello.

What we will explain in the following threads, leave your router without network or wifi or ethernet. We are still working on it, but it is clear from the beginning. Also, if you follow your router cargais-good or evil, the instructions, we are not responsible.


Hi.

The stuff we are going to Explain in the Following threads, Will leave your router With No network. No wifi, no ethernet. We keep working on it, But we want this to be clear from the very beginning. Furthermore, if you brick your router or incorrectly following-CORRECTLY-the instructions, we take no Responsibility.


Topic: I - Connecting to the serial port Livebox2, How-to.

In this post I will detail the steps to make a connection to the serial port Livebox2, this is useful for many duties.

First dismantle the router, do we get if we take off the four rubber seat on the bottom of it, they have hidden behind Torx head screws, make them with a screwdriver and as such, and obviously unscrew.

Then I show once opened in the image below the pinout of the serial port:


You will see instead of pin holes lined up right next to the reset button.


You can solder pins if you are crafty or direct cable holes, not to reverse polarity as it can be fatal, if not so well confound TX with RX, but we will not go wrong.

I use a USB serial adapter, I hate to post links to sellers, but good in this case the adapter is very cheap and fit, so mostrároslo worth, is this:


What you can buy here:


If you become a full USB adapter such as that shown you only need to connect GND, TX and RX.

On the contrary if one become a full COM port-based adapter you are to use the MAX 3232 to work with 3v3 tension.

Now let's make the connection, I use Hyperterminal, sometimes gives problems with USB adapters, if the case used Putty.

The connection data are as follows:

Speed: 57600 Data bits: 8 Parity: none Stop bits: 1 Flow Control: XON / XOFF

Using the COM port which is recognized by your serial adapter.

And that's it, now you will have many opportunities to work with serial port connection.

A greeting.


Topic: II - Livebox2 BOOTP, loading into RAM recovery, downgrade

Hello.

I'll detail how to make a firm load into RAM Recovery by flashing method called BOOTP.


Obviously we want to download the version of Recovery FAST3yyy_MRA_69223E with which we can do downgrade on the latest update called FAST3yyy_MRA_691288 with all the advantages that entails, but not with the FAST3yyy_MRA_69224A with which you gift to Orange to get many users have their routers corseted in their settings.

First of all say that's not as easy as the method "load", let it.

First of all is very interesting to carry out the process with serial port connection, we will also see if everything goes normally, using serial connection you can watch the whole process clearly, something like this:

Code:

 SAGEM-boot v2.7 Secure 0.8 for ADI chipset boxer 
 CPU: ADI Fusiv 160 Family 
 DRAM: 64 MB 
 Flash: 32 MB 
 Using default environment 
 In: serial 
 Out: serial 
 Err: serial 
 voxEmac 
 Int boxer Sagem OK. 
 manual recovery 
 bootp tftp recovery force 
 BOOTP broadcast 1 
 BOOTP broadcast 2 
 BOOTP broadcast 3 
 *** Unhandled DHCP Option in OFFER / ACK: 46 
 DHCP client bound to address 192.168.1.1 
 Using device voxEmac 
 TFTP from server 192.168.1.10; our IP address is 192.168.1.1 
 Filename '0101A8C0. Img '. 
 Load address: 0x80800000 
 Loading: ################################################ ################# 
 ################################################## ############### 
 ################################################## ############### 
 ################################################## ############### 
 ################################################## ############### 
 ################################################## ############### 
 ################################################## ############### 
 ################################################## ############### 
 ################################################## ############### 
 ################################################## ############### 
 ################ 
 done 
 Bytes Transferred = 3407872 (340000 hex) 
 Launch code from ram recovery 
 partition not wiggle 
 80800130 bootm 
 # # Booting image at 80800130 ... 
 Image Name: FAST3yyy_MRA_69223E 
 Created: 2010-01-08 7:08:47 UTC 
 Image Type: MIPS Linux Kernel Image (gzip compressed) 
 Data Size: 3069766 Bytes = 2.9 MB 
 Load Address: 80010000 
 Entry Point: 801b6000 
 Verifying Checksum ...  OK 
 Uncompressing Kernel Image ...  OK 
 Starting kernel ... 


 .------------------------------------------------- ---------------. 
 | = 0x6836 CPU_ID | 
 `------------------------------------------------- ---------------' 


 .------------------------------------------------- ---------------. 
 | Dynamically DETECTED SDRAM_SIZE = 128 MB | 
 `------------------------------------------------- ---------------' 


 .------------------------------------------------- ---------------. 
 | Dynamically DETECTED FLASH_SIZE = 32 MB | 
 `------------------------------------------------- ---------------' 


Person is unable, unwilling or know to make the connection serial can also make the process but will be blind if something goes wrong and there is no firm load Recovery.

I will not extend into details on using DHCP or TFTP servers, Google is your friend.

Required:

DHCP Server-pc.

TFTP Server-pc.

Firmware Recovery-renowned FAST3yyy_MRA_69223E asks you what your Livebox2, this renaming is not the same for all routers, you can see the file name that you are asked by serial connection or using wireshark. (In my case 0101A8C0.img)

Preparation:

-Configured with IP 192.168.1.10 and netmask 255.255.255.0 our ethernet adapter.

-Enable DHCP server on Windows I use this:

http://www.dhcpserver.de/dhcpsrv.htm

My configuration file:

Code:

 [SETTINGS] 
 IPPOOL_1 = 192.168.1.1-254 
 IPBIND_1 = 192.168.1.10 
 AssociateBindsToPools = 1 
 DeleteOnRelease = 0 
 ExpiredLeaseTimeout = 3600 
 [GENERAL] 
 LEASETIME = 86400 
 NodeType = 8 
 SubNetMask = 255.255.255.0 
 BootFile = 0101A8C0.img 
 NEXTSERVER = 192.168.1.10 
 DNS_0 = 80.58.61.250 
 DNS_1 = 80.58.61.254 
 ROUTER_0 = 192.168.1.1 
 [DNS-Settings] 
 EnableDNS = 0 
 FORWARD = 80.58.61.250 
 [TFTP-SETTINGS] 
 EnableTFTP = 1 
 ROOT = C: \ LBV2BOOTFLASH \ wwwroot 
 WritePermission = 1 
 [HTTP-SETTINGS] 
 EnableHTTP = 0 
 ROOT = C: \ LBV2BOOTFLASH \ wwwroot 
 [00-30-DA-66-80-FB] 
 IPADDR = 192.168.1.1 
 AutoConfig = 12/06/2011 14:35:25 
 LeaseEnd = 1323264925 


We started our server-locating 0101A8C0.img TFTP TFTP directory.

Serial-connection if available or use wireshark to monitor if the router asks the same file name that you have prepared.

Process:

-Hold the reset button, turn on the router and then keep pressing until you see the blue light, this indicates the start of the recovery mode on the router.

-From there, if you are with serial will see the firmware loaded into RAM Recovery, if you have no serial connection you will have to wait and see if the same boat.


Note that if reiniciáis without performing the flash to be loaded into RAM this will not stand, you must copy or Image Recovery partition that allow the firmware to be superuser.

To flash the firmware 69127A (supports superuser) follow this tutorial:


To flash the firmware using the tutorial FAST3yyy_MRA_69223E recovery before the final command just changing and taking into account the Recovery FAST3yyy_MRA_69223E.img.sz have the TFTP folder:

Code:

 app1 192.168.1.10 FAST3yyy_MRA_69223E.img.sz loadapp 

Topic: III - Replacement of U-boot on Livebox2, utilities, pros and cons. (Read 54 times)

First of all say that this is a delicate process, although it is easy to perform any error or unexpected event can turn your Livebox2 in a beautiful brick, do not make me responsible if something goes wrong.

You can perform the process with the firmware loaded into RAM RECOVERY using BOOTP, RECOVERY FIRMS also with the 69127A and once they have started normally.

Replace the U-boot Sagem our Livebox2 by U-boot the router FUSIV-Italian DIALFACE AGIF other possibilities gives us completely different from those offered by the original bootloader, but also has its cons.

PROS:

-Basically the advantage is you can load other firmwares, now Open-wrt even though somewhat limited, this is thanks to the enormous work done by Acki, which has had to overcome numerous obstacles to running the firmware in the Livebox2.

CONS:

-Not able to load firmwares, not even the origin of this router's U-boot.

-Risk of brick, if you do everything right there should be no problem, but a power outage or other problem should end with a white brick, but to say that the flashing process actually takes just seconds, so the risk is minimal if you do everything correctly.

-BOOTP boot disappears.

-Ethernet does not work, so a file transfer via the U-boot AGIF limited to the use of Kermit on the RS232 standard, obviously with a data transmission rate much lower than ethernet.

Few and many CONS PROS right?

In short, this is only viable for people who want to leave the Orange firmware to help develop open-wrt images Acki and opens an unexplored field of modified firmwares.

Weigh if you want to continue with the theme really or better stop here, but also say that the process is completely reversible.

Let the subject:


From being super prompt the user with the active TFTP server the file in the default folder type the following:

Code:

 load-u tftp: / / 192.168.1.10/boot_agif.bin-s 00 


Reboot and see something like that if all goes well:

Successful process

Well now you can explore the possibilities offered by this U-boat.


I want to thank you for the assignment of a full flash dumpeo router user AGIF Italian Forum Kikko Zibri's Forum: http://forum.zibri.org/ because without we could not have carried out much of Acki work exposed.

Never you wear the original U-boot the router AGIF, this makes Livebox2 enter a constant reboot loop, always use the U-boat that we hang here due retouched.

Acki you have the U-boot AGIF "tamed" among other files:

http://newshell.bshellz.net/ ~ Acki /


Topic IV - The kernel: Modification, compilation, preparation and installation

Before going on, you must first download the kernel that provides Orange, our patch against it and the toolchain (compiler, libraries and utilities) to compile. Also the cpio to use it as initial root file system.

- The kernel can be downloaded here - The toolchain here - The patch with our modifications here - The file system here

NOTE: This file system was originally copied from the router. It is not. "National" from my first successful compile openwrt, more specifically the version Kamikaze.

The next step is to unpack the toolchain. My advice is that you use a site "neutral" as / opt for example. I created a directory called mips-linux-uClibc. We went into this directory and see the "root" of the toolchain: Code:

 bin include info lib libexec man mips-mips-linux linux-uClibc 


As you can see, there are directory bin, lib, include ... everything you need to compile anything, but in our case, only do the kernel, which has no complications.


MODIFICATION:

This is a kernel-bossed around because you can not use a better word. Apart from make make ARCH = mips or clean, little else can be done (well, yes. You can make make modules and make modules_install). Forget set interactively. There is not (make) xconfig, menuconfig, oldconfig, etc.. Anyone who wants to add options, modules, etc., must be added manually. Config that comes "factory". And of course you should bear in mind that the options often have dependencies, which in turn may have other dependencies, and so on. Anyone wishing to make any changes, will have to make must-see for kconfig files. Moreover, for some esoteric reason I do not know, sometimes even adding to. Config will suffice. From my own experience I have found some options DO NOT ADD at compile time to file include / linux / autoconf.h, which means that altogether ignored. You will have to be very careful with this.

As a general culturilla on this kernel, nothing but add that .... Missing files. Others about. Others are not where they should be. Still others are where they should not (hey, is not the same as above). Others are hideously ugly and (badly) modified. In short, a delight. Fortunately, our patch fixes some of these problems. To apply do: Code:

 # Patch-p0 <livebox2_kernel.patch 


After applying the patch, will need to file editeis. Config and seek and aim at making it CONFIG_INITRAMFS_SOURCE modifiqueis path where we copied the file system cpio.

For example: Code:

 CONFIG_INITRAMFS_SOURCE = "/ home / Acki / filesystem.cpio" 

NOTE: Do not change the file extension. The name can be changed if you want, but absolutely NO extension.

COMPILATION:

- First, update the path to point also to / bin toolchain (the one who does not know how to do this, you better not continue, seriously). Try not to make this change permanent, because otherwise you will have problems when compiling the OpenWRT. - We entered into the directory where we extracted the kernel, and just make do. For the purists, you would typically do: Code:

 # Make ARCH = mips CROSS_COMPILE = mips-linux-uClibc- 

Because, in fact, if you make any change. Config and you want to recompile cleanly (the classic clean), thou must use: Code:

 # Make ARCH = mips clean 

Because if you do so, try doing a clean x86 architecture, which is not what pretendiais do.

After compiling the kernel, which as you will see it take a few minutes, you will have a beautiful vmlinux in the root directory of the sources. As you can see is not a bzImage nor zImage to which we are accustomed, and also you will appreciate having a disproportionately large size. All quiet, nothing happens. It is a raw kernel with debug symbols and information and uncompressed. And also a small embedded filesystem. All this is discussed below.

PREPARATION:

After compiling the kernel, we have a very big vmlinux, as discussed earlier. Now let's leave it ready to be installed on the router. First, we need to have installed the u-boot-tools. For debian / ubuntu, do the following: Code:

 # Sudo apt-get install u-boot-tools 

For other distributions, as you know, yum, urpmi. zypper ... etc.

After installing the package, and will have mkimage utility, which uImage created us to use our u-boot. To do this we proceed as follows:

- We strip the kernel (EYE, a MIPS strip, the strip or the toolchain). Code:

 # Mips-linux-uClibc-strip vmlinux 

As you can see, the size is much smaller now.

- Now we get the point of entry (entry point) and load (load address) of the kernel. We will use readelf. Here we can use the toolchain or the standard of our linux. At the end of the day ELF format is the same for all architectures: Quote

  1. Readelf-l vmlinux

Elf file type is EXEC (Executable file) Entry point 0x802fa000 There are 1 program headers, starting at offset 52

Program Headers: Type Offset FileSize memsize VirtAddr Flg Align PhysAddr LOAD 0x303086 0x80010000 0x80010000 0x002000 RWE 0x2000 0x3ab020

  • * * * * * * *

Thus, as noted above in red, and have the charge and entry points.

- We still have one last step. We will convert the binary kernel. Let's just say ELF headers are removed. This is absolutely necessary, DO NOT skip this paso.Usaremos objcopy command of the toolchain: Code:

 # Mips-linux-uClibc-objcopy-O binary vmlinux vmlinux.bin 

Finally, we compress the kernel. Compression techniques can be used bzip2, gzip, lzma and lzo, and tell your mkimage. I have not tested other than gzip, and not know the capabilities that was compiled u-boot. Probably work, but you yourselves Smiley Code:

 # Gzip - best vmlinux.bin 

Well, we have the kernel binary, compressed, and also know the architecture and the load and entry points. We can run and create our uImage mkimage to stick it to the router.

Let's see: Code:

 # Mkimage-A mips-O linux-T kernel-C gzip-a 0x80010000-e 0x802fa000-n "Test"-d vmlinux.bin.gz uImage 

As you can see, all the parameters are clear. By the way, so out in support of the mkimage Code:

 -A ==> set architecture to 'arch' 
 -O ==> set operating system to 'os' 
 -T ==> set image type to 'type' 
 -C ==> set compression type 'comp' 
 -A ==> set load address to 'addr' (hex) 
 -E ==> set entry point to 'ep' (hex) 
 -N ==> set image name to 'name' 
 -D ==> use image data from 'datafile' 


INSTALLATION:

Now we can only install this uImage on the router. It's pretty simple, but special care must be put in some things.

First you have to climb the uImage. Unfortunately we have no network, so we have no choice but to use the old kermit. Also, take the opportunity to comment that I strongly recommend you use the putty as a terminal to connect to the router. Do not use the minicom. Not you wear the kermit own terminal at least as long as you send the file.

Well, proceed to install both programs: Code:

 # Sudo apt-get install putty ckermit 

NOTE: Used to better the gkermit ckermit though you have installed on your system. The other distributions, you know how to do well.

Once installed both programs, we create a configuration file for kermit, we call such kermit.cfg. Like this: Code:

 September line / dev/ttyUSB0 
 set speed 57600 
 carrier-watch off in September 
 September flow-control none 
 September prefixing all 
 September parity none 
 stop-bits 1 September 
 September modem none 
 set file type bin 
 set file name lit 


Now configure the putty like this:


Well. The router's connect with putty. Also with kermit like this: Code:

 # Kermit / <path> / kermit.cfg 


Now on the router prompt do: Code:

 # Loadb 

And in the kermit: Code:

 C-Kermit> send / <path> / uImage 

And to wait 6 or 7 minutes Grin

Once the transfer is complete you will see something like this in the router: Quote

  1. # Total Size = 2095467 Bytes = 0x001FF96B
  2. # Start Addr = 0x80400000

Well. The router has 16MB of flash, the u-boot from the address maps to 0xBFFFFFFF 0XBF000000. The original boot partition goes from router to 0xBF09FFFF 0xBF000000 (0xA0000 bytes), so it may not be used addresses in that range. The first direction would be the 0xBF0A0000 usable then. In addition, it should be noted that the sector size of this flash is 128k, that is, 128 * 1024 = 131072 = 0x20000. This implies that the kernel must be recorded in any direction that is a multiple of 0x20000 (although we will use 0xBF0A0000 for reasons that will later), since you can not start writing in the middle of a sector .. Make use of the calculator. Consider the first address free, 0xBF0A0000, then:

0xBF0A0000 = 3205103616 / 131072 = 24 453 ACCURATE. Therefore it is multiple and serve.

Another random:

0xBF57FB8A = 3210214282 / 131072 = 24491.9912872. You will not be. The most approximate 24 491 * 131072 and would be (24 491 +1) * 131 072, or 0xBF560000 and 0xBF580000

I hope you understood this, if only for general culture. GrinGrinGrin

Back to our router. The first thing you have to do is delete the part of the flash that we use. We will use, as I said before, the direction the direction 0xBF0A0000 (not repent cambiéis or later) and the size that we came out on the rise, in this case 0x001FF96B (do not forget the + sign because so automatically aligned to sector). Code:

 # Erase 0xBF0A0000 +0 x001FF96B 
 ................................................  done 
 Erased 16 Sectors 


Once deleted, proceed to the last step. Copy the kernel to flash (until now was in memory). Again, we look at the values ​​of the rise and we do (take a long time, patience): Code:

 Cp.b 0x80400000 # 0xBF0A0000 0x001FF96B 
 Copy to Flash ...  done 


Done, now run: Code:

 # Bootm 0xBF0A0000 


And we have a nice shell on the router.

V - OpenWRT: Modification, compilation and installation.

Now that we shell our router, we will install OpenWRT. Step by step.

First of all, downloads:

- OpenWRT 10.03 backfire here - Patch to include our OpenWRT router here

MODIFICATIONS:

Unpack the sources of OpenWRT. Then apply our patch: Code:

 # Patch-p0 <livebox2_backfire.patch 


COMPILATION OF OpenWRT:

First, make sure that we have in our $ PATH the toolchain we use to compile the kernel. Otherwise, do not compile. Warned you are.

If you prefer to add a few more packages that I included, you do: Code:

 # Make menuconfig 


And simply choose those distributions.

Apart from this, to compile just have to do: Code:

 # Make 

It should compile perfectly (after hours and a half or 2 hours, depending on your connection speed and CPU), but I advise you to do this: Code:

 # Make V = 99 

Thus, the compilation will not be silent. A lot of compilation messages, downloads, etc will appear in your terminal, but in case of error-hopefully not-be easier to detect where.

Once the compilation is complete, you will find the following in the bin / directory of the sources of OpenWRT: Code:

 # Ls-l 
 21,040 total 
 -Rw-rw-r - 1 11/18/2011 18:06 2,359,296 Acki Acki livebox2-root.jffs2-128k 
 -Rw-rw-r - 1 11/18/2011 18:06 2,359,296 Acki Acki livebox2-root.jffs2-64k 
 -Rw-rw-r - 1 1441792 Acki Acki livebox2-root.squashfs 11/18/2011 18:06 
 -Rwxrwxr-x 1 2012248 Acki Acki livebox2-vmlinux.elf 11/18/2011 18:06 
 -Rw-rw-r - 1 229 18.11.2011 18:06 Acki Acki md5sums 
 -Rw-rw-r - 1 11/18/2011 18:06 13,322,032 Acki Acki OpenWrt-ImageBuilder-livebox2-for-Linux-x86_64.tar.bz2 
 drwxrwxr-x 2 4096 11/18/2011 18:06 Acki Acki packages 
 # 


These files are: Two JFFS2 images (64k and 128k aligned) and a squashfs image, a kernel "ghost" that we can delete with confidence, because we will use "our", the ImageBuilder, we will create images without having to recompile, and a file with the md5 of the above. Also a directory with all the packages that you have chosen.

INSTALLING AND (DES) CONFIGURING OpenWRT:

Now we will install OpenWRT on your router. Technically, it should be done from the u-boot, but our attempts were wastelands. So we will do in a more unorthodox but functional prefect.

Turning on the router and pull up your shell. Consider this: Code:

 # Cat / proc / mtd 
 dev: size erasesize name 
 mtd0: 000a0000 00020000 "boot" 
 mtd1: 00200000 00020000 "kernel" 
 mtd2: 00d60000 00020000 "JFFS2" 
 # 


This we see are the partitions on the flash. One for the boot, one for the kernel and the other to dedicate to our image, as you can see mtd2 matches. Well, let's copy the file-root.jffs2-128k livebox2 a USB pen (or a disk, as prefirais). As you will see, when connected, the router will display messages recognizing the device as sda, and a partition (if you have one), sda1. We create a mount point and assemble: Code:

 # Mkdir / mnt 
 # Mount / dev/sda1 / mnt 

Now, go to "dump" file on the appropriate device, in our case / dev/mtdblock2 (EYE, not confused or you will have a beautiful brick): Code:

 # Dd if = / mnt/livebox2-root.jffs2-128k of = / dev/mtdblock2 

Easy, right?. Well, let's check that it worked. We will mount this partition, again creating a mount point before: Code:

 # Mkdir / JFFS2 
 # Mount-t JFFS2 / dev/mtdblock2 / JFFS2 

You will see that there is a warning, nothing happens, you can ignore it. Go to the directory and see the contents: Code:

 # Ls / JFFS2 
 bin etc lib sbin tmp var overlay rom 
 init dev proc mnt root sys usr www 
 # 


Now we're going to do is copy the / dev from the openwrt CRAMFS, ie FLASH SDRAM. Technically, this should not be needed as OpenWRT provides the 3 known forms of dynamic / dev, but I was not able to run any. If you get it, post it here, please.

I know I could use cp, but I'll use the old-fashioned tar: Code:

 # Tar cvf / tmp / devs.tar * 

Now just "de-tareamos" in / jffs2/dev Code:

 # Cd / jffs2/dev 
 # Tar xvf / tmp / devs.tar 


Well, from here, if you're an expert on OpenWRT do this you probably know better than me, but if not, this is how I did. For steps:

1 .- will delete the contents of / jffs2/etc/modules and / jffs2/lib/modules/2.6.15 (if any). Recall that we have compiled the kernel separately. This step is not strictly necessary to boot, but I advise you to do. 2 .- Rename / jffs2/lib/firewall/uci_firewall.sh. This prevents a lot of errors in console. Also, if you do not even have lan, so we need a firewall? 3 .- Edit / jffs2/etc/preinit and change and pi_init_suppress_stderr pi_suppress_stderr 'n' a 'and'. Again, this is not necessary to boot, but we will not delete messages from stderr in case there is a problem. 4 .- Go to / jffs2/lib/preinit and modify the scripts to keep the / dev is mounted dynamically ... or simply overwrite with my modifications . If you can do better, posteadlo here.

And nothing more. All that remains is to compile your kernel again, commenting or removing the line first. Config where we refer to the location of our CPIO: CONFIG_INITRAMFS_SOURCE. For this, compile and install new kernel (see the relevant thread if you do not remember).

(Optional) Change the partitioning of the FLASH:

You can change the partitioning of the flash if you like, or You find a good reason for it. Only a matter of going to the kernel sources and edit the file drivers/mtd/maps/livebox2.c. Particularly this part: Code:

 fusiv_mtd_partitions mtd_partition static struct [] = { 
 { 
 . Name = "boot" 
 . Offset = 0x00000000, 
 . Size = 0x000A0000, 
 . Mask_flags = MTD_WRITEABLE, / * read only * / 
 }, { 
 . Name = "kernel" 
 . Offset = MTDPART_OFS_APPEND, 
 . Size = 0x00200000, 
 . Mask_flags = MTD_WRITEABLE, 
 } 
 # If defined CONFIG_SAGEM_LBV2ULT | | defined CONFIG_SAGEM_BOXER 
 { 
 . Name = "JFFS2" 
 . Offset = MTDPART_OFS_APPEND, 
 . Size = 0x00d60000, 
 . Mask_flags = 0, 
 } 
 # Endif 

But only if you are very sure of what you do. Needless to say that there must be very careful

FINAL COMMENT:

Before embarking on this project, I had zero knowledge of OpenWRT Patatero (and not having much now either), and documentation is ... hmmm ... let it pass Wink

In any case, be understanding.

EPILOGUE:

To automate the startup completely, go to the u-boot prompt and type: Code:

 0x002a0000 setenv bootcmd 
 setenv BootDelay 5 
 saveenv 


Logically, the delay you choose you.


Topic VI - Modules, GPIO, kernel number.

«On: Today at 23:37» MODULES:

Now that you've installed OpenWRT on your router, why not load the original firmware modules and see what can be done?

First, thou must find (and copy) the original firmware modules. I will not explain here, it should be easy for anyone. That if, once copied should rename to. Or a. Ko. Then it can be loaded.

This is the descending order of loading: Quote kos_lib.ko kleds_mod.ko fusivlib_lkm.ko peri_ap_lkm.ko bmdriver_lkm.ko sysutil.ko timers_lkm.ko ethdriver_lkm.ko uart2.ko atmdriver_lkm.ko btn200.ko ----> This should not be here, is for different hardware! btn160.ko kstart_leds_lums_mod.ko wlan.ko wlan_acl.ko wlan_scan_ap.ko wlan_tkip.ko wlan_wep.ko wlan_xauth.ko wlan_ccmp.ko ath_hal.ko ath_dfs.ko ath_rate_atheros.ko ath_pci.ko ath_pktlog.ko log_chardev.ko rg_fastpath.ko ethsw200.ko ----> This should not be here, is for different hardware! ethsw160.ko ---> This is the key to all !!!!!! (See below) igmp_proxy_mod.ko rg_fastpath_bridge.ko rg_bridge.ko tcp_mss.ko mod_fuwredirect.ko frag_cache_mod.ko rg_dhcp_pktfil.ko rg_ipv4.ko pppoe_relay.ko be_pppoa_mod.ko hci_uart.ko qos_ingress.ko clip_mod.ko dspvoice.ko genVoice.ko relay.ko slash_proc_mod.ko sagem_dect_upper.ko extended_hid.ko sagem_dect_ctrl.ko ohci-hcd.ko -> It is not necessary as a module. It is included in the kernel ehci-hcd.ko -> "" "" "" "" hard_watchdog_module.ko

Well, as you can see, all the ethsw160.ko charge less. This is the driver Marvell 88E6061 switch to. If you look at the attempt to load, you will realize that says "CARD_ = 768" (right) and "Switch_A = 0xfff" (incorrect, should be 0x61). Do not know why this happens, and unfortunately I could not fix it. But most modern kernels HAVE a driver for this switch. Unload any kernel version higher than 2.6.27 and you will see in net / dsa: Code:

 mv88e6xxx.h mv88e6131.c dsa.c tag_dsa.c kconfig tag_trailer.c mv88e6060.c 
 slave.c mv88e6xxx.c mv88e6123_61_65.c dsa_priv.h tag_edsa.c Makefile 


These mv88e6xxx.c and. H promise, eh? Yes of course ... but try to make it work in our kernel 2.6.15 and you will see that it is practically impossible. The only solution would be to carry the architecture of the router to a more modern kernel (see below).

The bad news is that this driver can not upload, there is much we can do with our router.


GPIO:

You can control most of the buttons and LEDs on the router at will. Just took a look at / proc / driver / gpio / bits Code:

root @ OpenWrt: / proc / driver / gpio # cat bit 
 bit24 =- 1 () 
 bit23 =- 1 () 
 bit22 =- 1 () 
 bit21 =- 1 () 
 bit20 =- 1 () 
 bit1f = 1 (12: Reset USB Hub (active High) (out)) 
 Bit1 = 1 (30: Reboot gateway: short press = reboot, long press = On / Off (in)) 
 bit1d = 0 (29: Command Power Off (active low) (out)) 
 bit1c = 0 (28: Ethernet Switch Reset (active low) (out)) 
 bit1b = 0 (24: Default Config Button (Active low) (in)) 
 bit1 = 0 (26: wireless association button (in)) 
 bit19 = 0 (25: Power fail warning function for dying gasp (active low / in)) 
 bit18 = 1 (23: Dedicated MII2 Interface) 
 bit17 = 1 (22: Dedicated MII2 Interface) 
 bit16 = 1 (21: Dedicated MII2 Interface) 
 Bit15 = 1 (20: Dedicated MII2 Interface) 
 Bit14 = 1 (17: Overcurrent detection on VUSBH (in)) 
 Bit13 = 1 (16: AFE reset (active low) (out)) 
 bit12 = 1 (18: USB Host 2 Power Enable (Active High) (out)) 
 bit11 = 1 (15: USB Host Power Enable (Active High) (out)) 
 Bit10 = 1 (14: Line 2 relay (Active low) (out)) 
 BITF = 0 (19: Line 1 relay (Active low) (out)) 
 bite = 1 (13: Load command for CLIP (out)) 
 BITD = 0 (27: WAN LED Green (in / out)) 
 BITC = 0 (10: WAN LED Red (in / out)) 
 bitb = 0 (31: Update Blue Led (in / out)) 
 bita = 1 (11: Power On LED (in / out)) 
 Bit9 = 0 (9: Lan Led (in / out)) 
 bit8 = 0 (8: Phone Led (in / out)) 
 bit7 = 1 (7: Wifi LED (in / out)) 
 bit6 = 1 (6: Config Bit 3 (in)) 
 bit5 = 1 (5: Config Bit 2 (in)) 
 bit4 = 1 (4: Config Bit 1 (in)) 
 bit3 = 0 (2: FXO Chip Select (Active low) (out)) 
 bit2 = 0 (1: FXS SPI Chip Select (Active low) (out)) 
 bit1 = 0 (3: FXSs, FXO devices reset (active low) (out)) 
 bit0 =- 1 () 


Used the typical echo value> bits, for example: Code:

 root @ OpenWrt: / proc / driver / gpio # echo "bitb = 1"> bits 

Blue LED lights (which usually means a firmware update, but not in this case Smiley )

For more details, look at the sources in arch / mips / additional fusiv /.


KERNEL MISCELLANEOUS:

I have tried to carry the router architecture to a modern kernel. I could not. But if there are any brave with the necessary knowledge, this is the information that I can provide about the files to be copied / modified for this. Quote arch / mips / adi_fusiv / * include / asm-mips / mach-adi_fusiv / * include / vendor / * arch / mips / kernel / cpu-probe.c arch/mips/kernel/lx4189.c arch / mips / kernel / proc.c arch / mips / kernel / gdb-low.S arch / mips / kernel / gdb-stub.c arch / mips / kernel / process.c arch / mips / kernel / traps.c arch / mips / mm / cache.c arch/mips/mm/c-lx4189.c arch / mips / mm / tlbex.c include/uart2/uart2_wrapper.h drivers/uart2/uart2_wrapper.c drivers / usb / host / ehci-hcd.c drivers / usb / host / ohci-hcd.c drivers/usb/host/ehci-vox160.c drivers/usb/host/ohci-vox160.c drivers / usb / gadget / epautoconf.c drivers / usb / gadget / ether.c drivers / usb / gadget / gadget_chips.h include / linux / sbi_defs.h include / linux / sbi_ioctl.h include/linux/sbi_k_160.h include/linux/sbi_k_200.h include / linux / sbi_k.h include / linux / if_vlan.h include / linux / pci_ids.h include / main / sbi_u.h include / main / init_sbi_ioctl.h include / rg_os.h include / igmp_proxy_consts.h include / kos_chardev_id.h include / openssl / opensslv.h include / dyn_field.h include/adi6843.h include / timer.h include / asm-mips / cpu-features.h include / asm-mips / cpu.h include / asm-mips / isadep.h include / asm-mips / mmu_context.h include / asm-mips / module.h include/asm-mips/pgtable-32.h include / asm-mips / pgtable-bits.h include / asm-mips / pgtable.h include / asm-mips / stackframe.h include / asm-mips / string.h include / net / route.h include / openssl / opensslv.h net / core / dev.c net / core / skbuff.c net/ipv4/route.c

For that, all these plus the corresponding Kconfigs, Makefiles, etc. It seems an easy task, right? Moreover, these are what I found. Sure there are more GrinGrinGrin

Anyone dare?

Topic VI - Modules, GPIO, kernel miscellanea.

MODULES:

Now That We Have OpenWRT installed in our router, why do not we load the bundled modules from the original firmware and see what we can do?

Well, You Should locate the firmware modules in the original first. It Should be easy. Then, rename from Them. Or to. Ko. Now you are Able to load Them.

Alright, this is the descending order They Should be loaded. Quote kos_lib.ko kleds_mod.ko fusivlib_lkm.ko peri_ap_lkm.ko bmdriver_lkm.ko sysutil.ko timers_lkm.ko ethdriver_lkm.ko uart2.ko atmdriver_lkm.ko btn200.ko Even ----> This one Should not be here. It's for a different hardware! btn160.ko kstart_leds_lums_mod.ko wlan.ko wlan_acl.ko wlan_scan_ap.ko wlan_tkip.ko wlan_wep.ko wlan_xauth.ko wlan_ccmp.ko ath_hal.ko ath_dfs.ko ath_rate_atheros.ko ath_pci.ko ath_pktlog.ko log_chardev.ko rg_fastpath.ko ethsw200.ko Even ----> This one Should not be here. It's for a different hardware! ethsw160.ko ---> This one is the KEY !!!!!! (Read below) igmp_proxy_mod.ko rg_fastpath_bridge.ko rg_bridge.ko tcp_mss.ko mod_fuwredirect.ko frag_cache_mod.ko rg_dhcp_pktfil.ko rg_ipv4.ko pppoe_relay.ko be_pppoa_mod.ko hci_uart.ko qos_ingress.ko clip_mod.ko dspvoice.ko genVoice.ko relay.ko slash_proc_mod.ko sagem_dect_upper.ko extended_hid.ko sagem_dect_ctrl.ko ohci-hcd.ko -> Not NECESSARY, it's built in in the kernel. ehci-hcd.ko -> "" "" "" "" hard_watchdog_module.ko

Ok, As You Can See, But all of Them ethsw160.ko load. This is the driver for the Marvell 88E6061 switch. If you Have Looked at the load Attempt Carefully, You've Probably Noticed That It reports "CARD_ = 768" (correct) and Switch_A = 0xfff (incorrect, it Should be 0x61). I do not know Why this Happens, Could not fix it and Unfortunately. But it Happens That modern kernels DO Have A driver for this one. Download Any kernel 6.2.28 + and look into net / dsa. This is What You Will Find: Code:

 mv88e6xxx.h mv88e6131.c dsa.c tag_dsa.c kconfig tag_trailer.c mv88e6060.c 
 slave.c mv88e6xxx.c mv88e6123_61_65.c dsa_priv.h tag_edsa.c Makefile 


These mv88e6xxx.c and. H Promising look, do not they? Yes, They Do ... But try to make work on our kernel Them and you'll find out That is pretty much impossible. The only solution to port this Would Be router architecture to a newer kernel (more on That below).

The sad thing is That Without this module, we will not be Able to do much with Our router.


GPIO:

Can You Many of the control buttons and LEDs of This router at will. Just take a look at / proc / driver / gpio / bits Code:

 root @ OpenWrt: / proc / driver / gpio # cat bit 
 bit24 =- 1 () 
 bit23 =- 1 () 
 bit22 =- 1 () 
 bit21 =- 1 () 
 bit20 =- 1 () 
 bit1f = 1 (12: Reset USB Hub (active High) (out)) 
 Bit1 = 1 (30: Reboot gateway: short press = reboot, long press = On / Off (in)) 
 bit1d = 0 (29: Command Power Off (active low) (out)) 
 bit1c = 0 (28: Ethernet Switch Reset (active low) (out)) 
 bit1b = 0 (24: Default Config Button (Active low) (in)) 
 bit1 = 0 (26: wireless association button (in)) 
 bit19 = 0 (25: Power fail warning function for dying gasp (active low / in)) 
 bit18 = 1 (23: Dedicated MII2 Interface) 
 bit17 = 1 (22: Dedicated MII2 Interface) 
 bit16 = 1 (21: Dedicated MII2 Interface) 
 Bit15 = 1 (20: Dedicated MII2 Interface) 
 Bit14 = 1 (17: Overcurrent detection on VUSBH (in)) 
 Bit13 = 1 (16: AFE reset (active low) (out)) 
 bit12 = 1 (18: USB Host 2 Power Enable (Active High) (out)) 
 bit11 = 1 (15: USB Host Power Enable (Active High) (out)) 
 Bit10 = 1 (14: Line 2 relay (Active low) (out)) 
 BITF = 0 (19: Line 1 relay (Active low) (out)) 
 bite = 1 (13: Load command for CLIP (out)) 
 BITD = 0 (27: WAN LED Green (in / out)) 
 BITC = 0 (10: WAN LED Red (in / out)) 
 bitb = 0 (31: Update Blue Led (in / out)) 
 bita = 1 (11: Power On LED (in / out)) 
 Bit9 = 0 (9: Lan Led (in / out)) 
 bit8 = 0 (8: Phone Led (in / out)) 
 bit7 = 1 (7: Wifi LED (in / out)) 
 bit6 = 1 (6: Config Bit 3 (in)) 
 bit5 = 1 (5: Config Bit 2 (in)) 
 bit4 = 1 (4: Config Bit 1 (in)) 
 bit3 = 0 (2: FXO Chip Select (Active low) (out)) 
 bit2 = 0 (1: FXS SPI Chip Select (Active low) (out)) 
 bit1 = 0 (3: FXSs, FXO devices reset (active low) (out)) 
 bit0 =- 1 () 


Use the typical echo value> bits, for example: Code:

 root @ OpenWrt: / proc / driver / gpio # echo "bitb = 1"> bits 

Will turn on the blue LED (Meaning Usually firmware update, but not this Time Smiley ) If you need more details, dive Into yourself arch / mips / additional fusiv / and check the files in there,

KERNEL miscellanea:

I tried to port the whole architecture of our livebox 2 to a more modern kernel. I failed miserably. But if There Is Any knowledgeable person brave and linux, I'm going to post here the files I've found NECESSARY for the port. Quote arch / mips / adi_fusiv / * include / asm-mips / mach-adi_fusiv / * include / vendor / * arch / mips / kernel / cpu-probe.c arch/mips/kernel/lx4189.c arch / mips / kernel / proc.c arch / mips / kernel / gdb-low.S arch / mips / kernel / gdb-stub.c arch / mips / kernel / process.c arch / mips / kernel / traps.c arch / mips / mm / cache.c arch/mips/mm/c-lx4189.c arch / mips / mm / tlbex.c include/uart2/uart2_wrapper.h drivers/uart2/uart2_wrapper.c drivers / usb / host / ehci-hcd.c drivers / usb / host / ohci-hcd.c drivers/usb/host/ehci-vox160.c drivers/usb/host/ohci-vox160.c drivers / usb / gadget / epautoconf.c drivers / usb / gadget / ether.c drivers / usb / gadget / gadget_chips.h include / linux / sbi_defs.h include / linux / sbi_ioctl.h include/linux/sbi_k_160.h include/linux/sbi_k_200.h include / linux / sbi_k.h include / linux / if_vlan.h include / linux / pci_ids.h include / main / sbi_u.h include / main / init_sbi_ioctl.h include / rg_os.h include / igmp_proxy_consts.h include / kos_chardev_id.h include / openssl / opensslv.h include / dyn_field.h include/adi6843.h include / timer.h include / asm-mips / cpu-features.h include / asm-mips / cpu.h include / asm-mips / isadep.h include / asm-mips / mmu_context.h include / asm-mips / module.h include/asm-mips/pgtable-32.h include / asm-mips / pgtable-bits.h include / asm-mips / pgtable.h include / asm-mips / stackframe.h include / asm-mips / string.h include / net / route.h include / openssl / opensslv.h net / core / dev.c net / core / skbuff.c net/ipv4/route.c

All These, plus the Corresponding Kconfigs, Makefiles, etc. It does not look like an easy task, does it? Plus, These Are the ones I've found. There are Others I could not find Probably. GrinGrinGrin

Want to give it a shot?