Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:troubleshooting:generic.debrick [2018/09/15 15:15] – [by Vavasik] Fixed broken list numbering jw0914v2 | docs:guide-user:troubleshooting:generic.debrick [2018/12/19 12:54] – old revision restored (2018/09/14 19:51) per @tmomas' view jw0914 | ||
|---|---|---|---|
| Line 8: | Line 8: | ||
| - or desolder the flash chip, connect it to some device, that does give you write access to it and restore the bootloader. You did perform a [[docs: | - or desolder the flash chip, connect it to some device, that does give you write access to it and restore the bootloader. You did perform a [[docs: | ||
| - | * If you need help **[[docs: | + | If you need to solder, you can find some help here: |
| - | * [[docs: | + | * -> **[[docs: |
| - | * [[docs: | + | |
| ---- | ---- | ||
| - | * [[https:// | + | * [[https:// |
| - | ===== Ways to Recover ===== | + | ==== As for the proper ways to recover a " |
| - | ==== boot_wait | + | === boot_wait === |
| The single best thing you can do is have boot_wait set, meaning that all you have to do is TFTP a new firmware. At one time the reflashing instructions included a an exploit for the Linksys firmware that set the boot_wait variable; as time progressed and Linksys eventually fixed the bug (after several failed attempts) we found that people were flashing to other firmwares for the sole purpose of setting boot_wait so they could reflash to OpenWrt. We figured this was somewhat pointless and altered the instructions to indicate that you could safely reflash to OpenWrt without setting boot_wait. | The single best thing you can do is have boot_wait set, meaning that all you have to do is TFTP a new firmware. At one time the reflashing instructions included a an exploit for the Linksys firmware that set the boot_wait variable; as time progressed and Linksys eventually fixed the bug (after several failed attempts) we found that people were flashing to other firmwares for the sole purpose of setting boot_wait so they could reflash to OpenWrt. We figured this was somewhat pointless and altered the instructions to indicate that you could safely reflash to OpenWrt without setting boot_wait. | ||
| - | ==== JTAG ==== | + | === JTAG === |
| It's one of those amazingly useful things that allows you to recover from pretty much anything that doesn' | It's one of those amazingly useful things that allows you to recover from pretty much anything that doesn' | ||
| Line 30: | Line 29: | ||
| FIXME: OK, you have told us what NOT TO DO, now please tell us what TO DO! Let us take the most usual case where someone has installed a bad image on their router. The usual recovery methods have failed, forceing the user to to go to JTAG. The user has used to good OpenWrt Documentation to set up the cables and hardware and software. The user is now sitting at an OPENOCD, URJTAG, or Hairydairymaid prompt. The user has never used a JTAG tool before. What should he do now? What backup commands should he issue, before trying his fix? Some say that by erasing some partitions it will cause the system to start working, well enough to use the other recovery methods. OK, but what exactly is the correct procedure? If this does not work, is there a way to install a good openwrt image directly using JTAG? | FIXME: OK, you have told us what NOT TO DO, now please tell us what TO DO! Let us take the most usual case where someone has installed a bad image on their router. The usual recovery methods have failed, forceing the user to to go to JTAG. The user has used to good OpenWrt Documentation to set up the cables and hardware and software. The user is now sitting at an OPENOCD, URJTAG, or Hairydairymaid prompt. The user has never used a JTAG tool before. What should he do now? What backup commands should he issue, before trying his fix? Some say that by erasing some partitions it will cause the system to start working, well enough to use the other recovery methods. OK, but what exactly is the correct procedure? If this does not work, is there a way to install a good openwrt image directly using JTAG? | ||
| - | ==== SBC ==== | + | === Serial |
| + | Serial consoles are great, there' | ||
| + | |||
| + | Serial console allows you to interact with the CFE command line, watch the kernel boot and console access to linux. This is probably the only way you'll every get any meaningful feedback about the device boot up. | ||
| + | |||
| + | == Serial modes == | ||
| + | |||
| + | Some [[docs: | ||
| === Arduino === | === Arduino === | ||
| Line 40: | Line 46: | ||
| If you don't have a USB serial ttl but have a Raspberry Pi, you can use it to connect to the router' | If you don't have a USB serial ttl but have a Raspberry Pi, you can use it to connect to the router' | ||
| - | ==== Serial ==== | + | === WIFI === |
| - | Serial consoles are great, there' | + | |
| - | + | ||
| - | Serial console allows you to interact with the CFE command line, watch the kernel boot and console access to linux. This is probably the only way you'll every get any meaningful feedback about the device boot up. | + | |
| - | + | ||
| - | === Modes === | + | |
| - | + | ||
| - | Some [[docs: | + | |
| - | + | ||
| - | ==== WIFI ==== | + | |
| If by chance the lan bridge is not working after flashing and the router is inaccessible, | If by chance the lan bridge is not working after flashing and the router is inaccessible, | ||
| Line 61: | Line 58: | ||
| - | ===== Warnings | + | ===== Stupid things people do ===== |
| - | ==== Pin shorting | + | Pin shorting |
| In the past we used to suggest that people shorted a few pins of the flash; when CFE booted and attempted to perform the CRC32 there would be a flash read error which would change the outcome of the CRC and the resulting failure would force CFE into recovery mode. It's a great trick, but over the years we've learned that people are idiots and will take that as an invitation to poke mangle and short just about every pin on the device based on some irrational belief that if they find the right pin everything will magically work again. You do not want someone paranoid at the thought of breaking the device scraping up every single electrical connection on the device -- it never ends well, and generally results in the flash chip or the router being damaged in the process. | In the past we used to suggest that people shorted a few pins of the flash; when CFE booted and attempted to perform the CRC32 there would be a flash read error which would change the outcome of the CRC and the resulting failure would force CFE into recovery mode. It's a great trick, but over the years we've learned that people are idiots and will take that as an invitation to poke mangle and short just about every pin on the device based on some irrational belief that if they find the right pin everything will magically work again. You do not want someone paranoid at the thought of breaking the device scraping up every single electrical connection on the device -- it never ends well, and generally results in the flash chip or the router being damaged in the process. | ||
| Line 75: | Line 72: | ||
| Depending on which pins are shorted/ | Depending on which pins are shorted/ | ||
| - | ==== Wrong CFE ==== | + | Wrong CFE version - |
| Loading the wrong CFE version can also lead to devices which boot into CFE but are unable to write to the flash, or are unable to initialize the networking. | Loading the wrong CFE version can also lead to devices which boot into CFE but are unable to write to the flash, or are unable to initialize the networking. | ||
| And yes, there are actually a few obscure versions that require the firmware to be named " | And yes, there are actually a few obscure versions that require the firmware to be named " | ||
| - | This article is based on: [[https:// | + | This article is based on: [[https:// |
| ---- | ---- | ||
| - | * [[https:// | + | * [[https:// |
| Line 90: | Line 87: | ||
| In this case, someone manage to wipe out the [[docs: | In this case, someone manage to wipe out the [[docs: | ||
| - | The full originals by vavasik can be found [[http:// | + | The full originals by vavasik can be found at: |
| + | * [[http:// | ||
| - | ==== SPI FlashROM ==== | + | |
| - | + | ||
| - | === Supported === | + | |
| - | * **ST Microelectronic: | + | |
| - | * **M25P10** // | + | |
| - | + | ||
| - | ==== Flashing ==== | + | |
| - | | + | |
| - Find an IC SPI Flash SPANSION S25FL064A (Package SO3 016 wide), it is located on the backside of the router PCB. | - Find an IC SPI Flash SPANSION S25FL064A (Package SO3 016 wide), it is located on the backside of the router PCB. | ||
| - | - There are some variations regarding the IC used by D-LINK. | + | - There are some variations regarding the IC used by D-LINK. In my particular case, the IC is from a different player. It is a ST Microelectronics chip labeled 5P64V6P 7B469 VS, but the pin outs are exactly the same. |
| - | * In my particular case, the IC is from a different player. It is a ST Microelectronics chip labeled 5P64V6P 7B469 VS, but the pin outs are exactly the same.\\ \\ | + | - To record to flash chip it is necessary to build a simple cable that is connected in one side, to PARALEL PORT of your computer, and on other side you have to SOLDERING THE WIRES DIRECTLY INTO IC PINS. |
| - | - To record to flash chip it is necessary to build a simple cable that is connected in one side, to PARALEL PORT of your computer, and on other side you have to SOLDERING THE WIRES DIRECTLY INTO IC PINS. < | + | |
| + | < | ||
| DB25 # PIN---------------RESISTOR---------------FLASH IC # PIN | DB25 # PIN---------------RESISTOR---------------FLASH IC # PIN | ||
| Line 114: | Line 106: | ||
| |----------- {recommended cable length = 120 mm} ------------| | |----------- {recommended cable length = 120 mm} ------------| | ||
| </ | </ | ||
| - | - It is also necessary to provide some external power supply (during the flashing process the router’s power adapter connector should be NOT INSERTED). So, in my case I decided to use a simple 3 x AAA 1.2 Volt NiMH battery holder that I assembled together with the cable itself. | + | |
| - | | + | It is also necessary to provide some external power supply (during the flashing process the router’s power adapter connector should be NOT INSERTED). So, in my case I decided to use a simple 3 x AAA 1.2 Volt NiMH battery holder that I assembled together with the cable itself. |
| + | |||
| + | Since the batteries are placed in a serial arrange, the final voltage of the set is 3.6 Volt. | ||
| + | |||
| + | < | ||
| FLASH IC # PIN--------------------BATTERY ARRAY--------------------FLASH IC # PIN | FLASH IC # PIN--------------------BATTERY ARRAY--------------------FLASH IC # PIN | ||
| 10 ----------------[ - 1.2 Volt +]----[ - 1.2 Volt +]----[ - 1.2 Volt +]--------------- 2 | 10 ----------------[ - 1.2 Volt +]----[ - 1.2 Volt +]----[ - 1.2 Volt +]--------------- 2 | ||
| </ | </ | ||
| - | | + | |
| + | | ||
| + | |||
| + | < | ||
| DIR 825 SERIAL PINOUTS (connector JP1) is: | DIR 825 SERIAL PINOUTS (connector JP1) is: | ||
| Line 128: | Line 127: | ||
| PIN 4 -> GND | PIN 4 -> GND | ||
| </ | </ | ||
| - | | + | |
| - | | + | |
| - | * It is quite easy and the web is plenty of guides that teach how to do that. | + | |
| - | | + | Since you have the cable all you have to do is to cut off the Phone connector side and to identify the GROUND; TX and RX wires. It is quite easy and the web is plenty of guides that teach how to do that. |
| - | * **Speed (baud):** 115200 | + | |
| - | * **Data Bits:** 8 | + | Use a terminal emulator software (I like PuTTY) configured as follow: |
| - | * **Stop Bits:** 1 | + | |
| - | * **Parity:** None | + | Speed (baud) 115200 |
| - | * **Flow Control:** XON / XOFF \\ \\ | + | Data Bits 8 |
| - | | + | Stop Bits 1 |
| - | * You should | + | Parity None |
| - | | + | Flow Control XON / XOFF |
| - | - Check if the chip is correctly identified: '' | + | |
| - | * In my particular case, the software shows the ST Microelectronics chip id. | + | |
| - | * If you see “unknown chip” there is a problem with LPT cable connection, //check connections and try again//! | + | |
| - | * Program should show: < | + | |
| + | SPIPGMW.EXE /i | ||
| + | |||
| + | Program should show: | ||
| + | < | ||
| SPI connected to LPT port at I / O base address: 378h, SCK pulse width: t 0us FlashROM JEDEC ID, type: 010216h Spansion S25FL064A (8MB) | SPI connected to LPT port at I / O base address: 378h, SCK pulse width: t 0us FlashROM JEDEC ID, type: 010216h Spansion S25FL064A (8MB) | ||
| </ | </ | ||
| - | - Download and save the appropriated image toDIR-825. | ||
| - | - Before flashing the image it is necessary to allow recording in chip with: '' | ||
| - | - Prior to recording it is good to make a cleanup. Erase chip with: '' | ||
| - | - Now it is time to program chip: '' | ||
| - | - Dump chip content to a file with: '' | ||
| - | - Check the success of recording operation by comparing recorded file and recently dumped file: '' | ||
| - | * Files must have exactly the //same// content.\\ \\ | ||
| - | - Disconnect LPT cable and external power supply, then try to boot. | ||
| - | * Look at the serial console terminal program and follow the boot process. Luckily everything will work fine. | ||
| - | ===== Write via USB ===== | + | In my particular case, the software shows the ST Microelectronics chip id. If you see “unknown chip” there is a problem with LPT cable connection, check connections and try again! |
| + | |||
| + | * 8 - Download and save the appropriated image toDIR-825. | ||
| + | * 9 - Before flashing the image it is necessary to allow recording in chip with the key “u” SPIPGMW.EXE /u | ||
| + | * 10 – Prior to recording it is good to make a cleanup. Erase chip with the key “e” SPIPGMW.EXE /e | ||
| + | * 11 – Now it is time to program chip with key “p” | ||
| + | * 12 - Dump chip content to a file with key file “d” | ||
| + | * 13 - Check the success of recording operation by comparing recorded file and recently dumped file fc / b filename_1 filename_2. Files must have exactly the same content. | ||
| + | * 14 - Disconnect LPT cable and external power supply, try to boot. Look at the serial console terminal program and follow the boot process. Luckily everything will work fine. | ||
| + | |||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | |||
| + | * http:// | ||
| + | * http:// | ||
| + | |||
| + | ^SPI FlashROM supported^ | ||
| + | | ST Microelectronic: | ||
| + | | M25P10 (128kB) | | ||
| + | | M25P20 (256kB)| | ||
| + | | M25P40 (512kB)| | ||
| + | | M25P80 (1MB)| | ||
| + | | M25P16 (2MB)| | ||
| + | | M25P32 (4MB)| | ||
| + | | M25P64 (8MB)| | ||
| + | | M25P128 (16MB)| | ||
| + | |||
| + | * [[http:// | ||
| + | |||
| + | |||
| + | ===== Write flash chip by USB ===== | ||
| This is the probably easiest way to " | This is the probably easiest way to " | ||
| Line 194: | Line 228: | ||
| Warning: If you use a FTDI cable for [[docs: | Warning: If you use a FTDI cable for [[docs: | ||
| - | < | + | < |
| --- tmp/ | --- tmp/ | ||
| +++ / | +++ / | ||