Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
inbox:toh:zyxel:nbg7815_armor_g5 [2024/10/06 09:15] – wip pwnedinbox:toh:zyxel:nbg7815_armor_g5 [2024/10/31 16:08] – case pwned
Line 57: Line 57:
 ===== Limitations ===== ===== Limitations =====
  
-Currently (state of 2024) OpenWrt officially **__does not support__** the integrated FAN, the integrated LED and Bluetooth.+Currently (state of 2024) OpenWrt officially **__does not support__** the integrated FAN, the integrated LED.
   * LED: [[https://github.com/openwrt/openwrt/pull/15504|PR 15504]]   * LED: [[https://github.com/openwrt/openwrt/pull/15504|PR 15504]]
   * FAN: [[https://github.com/openwrt/openwrt/pull/14210|PR 14210]]   * FAN: [[https://github.com/openwrt/openwrt/pull/14210|PR 14210]]
Line 114: Line 114:
 ==== Backup ==== ==== Backup ====
  
-Before you modify your device it is always a good idea to make a backup of the flash drive(s) installed.\\ +Before you modify the device it is always a good idea to make a backup of the flash drive(s) installed. The generic process is described [[:docs:guide-user:installation:generic.backup|here]].\\
-The generic process is described [[:docs:guide-user:installation:generic.backup|here]].\\+
 We have one 8MB SPI NOR flash chip and one 4GB emmc flash chip. For both you can use dd. The partition layout of both chips is described [[#Flash-/Partition-Layout|here]].\\ We have one 8MB SPI NOR flash chip and one 4GB emmc flash chip. For both you can use dd. The partition layout of both chips is described [[#Flash-/Partition-Layout|here]].\\
-You can spare out the last partitions on the emmc chip. They are not important. Transfer the files either via USB or ssh/scp.\\+You can spare out the last two big partitions on the emmc chip if you want. They are not important. Transfer the files either via USB or ssh/scp.\\
 \\ \\
  
 ==== Installing OpenWrt ==== ==== Installing OpenWrt ====
  
-Basically the process is:+:!: **Do not power off the device during the process!**
  
   - Login as root via SSH.   - Login as root via SSH.
Line 129: Line 128:
   - Extract the firmware file.   - Extract the firmware file.
   - Determine the bootconfig of the device and flash OpenWrt to the currently not active kernel and rootfs partitions.   - Determine the bootconfig of the device and flash OpenWrt to the currently not active kernel and rootfs partitions.
-  - Mark the partitions to boot OpenWrt. :!: This is the most dangerous part of this process. Do not power off the router under any circumstances!+  - Mark the partitions to boot OpenWrt.
   - Reboot the device.   - Reboot the device.
  
-<tabbox semi-automatic (Step 2-7)><WRAP><code>+<tabbox Semi-automatic (Step 2-7)><WRAP><code>
 cd /tmp/ApplicationData cd /tmp/ApplicationData
 wget -O openwrt-ipq807x-generic-zyxel_nbg7815-squashfs-sysupgrade.bin https://downloads.openwrt.org/snapshots/targets/qualcommax/ipq807x/openwrt-qualcommax-ipq807x-zyxel_nbg7815-squashfs-sysupgrade.bin wget -O openwrt-ipq807x-generic-zyxel_nbg7815-squashfs-sysupgrade.bin https://downloads.openwrt.org/snapshots/targets/qualcommax/ipq807x/openwrt-qualcommax-ipq807x-zyxel_nbg7815-squashfs-sysupgrade.bin
Line 187: Line 186:
 echo 0 > /proc/mtd_writeable echo 0 > /proc/mtd_writeable
 sync sync
-</code></WRAP></tabbox>\\+</code></WRAP></tabbox>
  
 :!: For reference: [[https://github.com/openwrt/openwrt/commit/5dee5965012e788f06e4d095e8cfb73200d818cb|initial commit nbg7815]]\\ :!: For reference: [[https://github.com/openwrt/openwrt/commit/5dee5965012e788f06e4d095e8cfb73200d818cb|initial commit nbg7815]]\\
Line 194: Line 193:
 ===== Back to OEM firmware ===== ===== Back to OEM firmware =====
  
-OpenWrt is currently not using the dual partition layout writing the opposite/not active kernel/rootfs partitions during upgrade. So we can easy go back to OEM firmware by just setting the active kernel and rootfs partitions [[#Back to OEM firmware (1)|(1)]]. In case this changes in future or you have flashed the other partitions as well you can flash the OEM firmware with proper rootfs and kernel image too [[#Back to OEM firmware (2)|(2)]]. Another option would be using the [[#TFTP flash OEM firmware|TFTP flash OEM firmware]] process from section [[#Debricking|Debricking]].\\ +OpenWrt is currently not using the dual partition layout writing the opposite/not active kernel/rootfs partitions during upgrade. So we can easy go back to OEM firmware by just setting the active kernel and rootfs partitions [[#Back to OEM firmware (1)|Back to OEM firmware (1)]]. In case this changes in future or you have flashed the other partitions as well you can flash the OEM firmware with proper rootfs and kernel image too [[#Back to OEM firmware (2)|Back to OEM firmware (2)]]. Another option would be using the [[#TFTP flash OEM firmware|TFTP flash OEM firmware]] process from section [[#Debricking|Debricking]].\\ 
 \\ \\
  
 ==== Back to OEM firmware (1) ==== ==== Back to OEM firmware (1) ====
 +
 +Be carefull with this process. :!: **Do not power off the device during the process!**
  
   - Login via SSH to the router.   - Login via SSH to the router.
-  - :!: To use this method it is required to install kmod-mtd-rw first: ''**opkg update && opkg install kmod-mtd-rw**''+  - To use this method it is required to install kmod-mtd-rw first: ''**opkg update && opkg install kmod-mtd-rw**''.
   - Change directory to /tmp.   - Change directory to /tmp.
-  - Get script with ''**wget https://github.com/itorK/nbg7815_tools/blob/main/change_boot_partition.sh**'' to change active partition+  - Copy & paste the code from script ''**Step 4**'' below
-  - Execute the script with ''**sh change_boot_partition.sh**''+  - Execute the script with ''**sh change_boot_partition.sh**''.
   - Reboot the device.   - Reboot the device.
   - After reboot force a reflash of OEM firmware via WebGui using one of the provided [[#OEM firmware| OEM firmware files]] to purge OpenWrt entirely.   - After reboot force a reflash of OEM firmware via WebGui using one of the provided [[#OEM firmware| OEM firmware files]] to purge OpenWrt entirely.
  
-<hidden> +<tabbox Step 4><WRAP><code> 
-<tabbox script step 3><WRAP><code>+cat <<'EOF' > /tmp/change_boot_partition.sh
 # Script to changing active boot partitions  # Script to changing active boot partitions 
 # Author: Karol Przybylski <itor@o2.pl> # Author: Karol Przybylski <itor@o2.pl>
 +# Orginal script: https://github.com/itorK/nbg7815_tools/blob/main/change_boot_partition.sh // It lacks the insmod mtd-rw i_want_a_brick=1
  
 openwrt_type=$(cat /etc/openwrt_release|grep DISTRIB_TARGET|cut -f 2 -d "'") openwrt_type=$(cat /etc/openwrt_release|grep DISTRIB_TARGET|cut -f 2 -d "'")
Line 226: Line 228:
  
   fi   fi
 +  insmod mtd-rw i_want_a_brick=1
   mtd write boot.bin /dev/mtd2   mtd write boot.bin /dev/mtd2
   mtd write boot.bin /dev/mtd3   mtd write boot.bin /dev/mtd3
Line 248: Line 250:
   sync   sync
 fi fi
 +EOF
 </code></WRAP></tabbox> </code></WRAP></tabbox>
-</hidden> 
 \\ \\
  
 ==== Back to OEM firmware (2) ==== ==== Back to OEM firmware (2) ====
  
-To use this method it is required to install kmod-mtd-rw first.+:!: Be carefull with this processMake sure you write the correct images to the correct partitions! **Do not power off the device during the process!**
  
-:!: WIP! 
   - Download OEM firmware: [[#OEM firmware|see below]]   - Download OEM firmware: [[#OEM firmware|see below]]
   - Extract rootfs and kernel. Already extracted v8: [[https://mega.nz/file/Q1wWEBoL#W7LaCnTeFMCOaxP_TX65yGD2h13BmYGbJQ0xe5m2qYo|kernel]], [[https://mega.nz/file/Uh4gQRqa#QEEDJ5k1tFU4zBn9yGAEHqBmWDu6S9fMF4rQxXXv_MA|rootfs]]   - Extract rootfs and kernel. Already extracted v8: [[https://mega.nz/file/Q1wWEBoL#W7LaCnTeFMCOaxP_TX65yGD2h13BmYGbJQ0xe5m2qYo|kernel]], [[https://mega.nz/file/Uh4gQRqa#QEEDJ5k1tFU4zBn9yGAEHqBmWDu6S9fMF4rQxXXv_MA|rootfs]]
   - Login via SSH to the router.   - Login via SSH to the router.
-  - :!: To use this method it is required to install kmod-mtd-rw first: ''**opkg update && opkg install kmod-mtd-rw**'' +  - To use this method it is required to install kmod-mtd-rw first: ''**opkg update && opkg install kmod-mtd-rw**'' 
-  - Copy the files to the router to /tmp (e. g. using scp or an usb drive). +  - Copy the files to the router to /tmp (e. g. using scp or an usb drive). Rename them to ''**kernel**'' resp. ''**rootfs**''
-  - Flash the kernel and rootfs to the currently not active partitions. +  - Flash the kernel and rootfs to the currently not active partitions. Copy & paste the code from and execute the script with ''**sh flash_kernel_rootfs.sh**''.
-  - Get script with ''**wget https://github.com/itorK/nbg7815_tools/blob/main/change_boot_partition.sh**'' to change active partition+  - Copy & paste the code from [[#Back to OEM firmware (1)|script Step 4]] from [[#Back to OEM firmware (1)|Back to OEM firmware (1)]] and execute the script with ''**sh change_boot_partition.sh**''.
-  - Execute the script with ''**sh change_boot_partition.sh**''+
   - Reboot the device.   - Reboot the device.
   - After reboot force a reflash of OEM firmware via WebGui using one of the provided [[#OEM firmware| OEM firmware files]] to purge OpenWrt entirely.   - After reboot force a reflash of OEM firmware via WebGui using one of the provided [[#OEM firmware| OEM firmware files]] to purge OpenWrt entirely.
  
-<tabbox script step 6><WRAP><code>+<tabbox Step 6><WRAP><code> 
 +cat <<'EOF' > /tmp/flash_kernel_rootfs.sh 
 +# check files
  
-</code></WRAP></tabbox>+if [ ! -f "/tmp/rootfs" ]; then 
 +     echo "rootfs image" 
 +     exit 1 
 +fi
  
 +if [ ! -f "/tmp/kernel" ]; then
 +     echo "kernel image"
 +     exit 1
 +fi
 +
 +# get bootconfig
 +
 +mtd_part=$(grep -i "\"0:bootconfig"\" /proc/mtd | awk -F: '{print $1}')
 +bootconfig=$(hexdump -v -e '1/1 "%01x|"' -n 1 -s 168 -C /dev/"$mtd_part" | cut -f 1 -d "|" | head -n1)
 +
 +# write rootfs and kernel; mmcblk0p3=0/mmcblk0p4=0 mmcblk0p7=1/mmcblk0p8=1
 +
 +if [ "${bootconfig}" -eq 1 ]; then
 + dd if=/dev/zero of=/dev/mmcblk0p7
 + dd if=/tmp/kernel of=/dev/mmcblk0p7
 + dd if=/dev/zero of=/dev/mmcblk0p8
 + dd if=/tmp/root of=/dev/mmcblk0p8
 + sync
 +fi
 +if [ "${bootconfig}" -eq 0 ]; then
 + dd if=/dev/zero of=/dev/mmcblk0p3
 + dd if=/tmp/kernel of=/dev/mmcblk0p3
 + dd if=/dev/zero of=/dev/mmcblk0p4
 + dd if=/tmp/root of=/dev/mmcblk0p4
 + sync
 +fi
 +EOF
 +</code></WRAP></tabbox>\\
  
 ==== OEM firmware ==== ==== OEM firmware ====
Line 299: Line 332:
   - [[#Opening the case|Open the device case.]]   - [[#Opening the case|Open the device case.]]
   - Connect to the device via [[#serial|serial]] connection using a terminal application e. g. [[https://www.putty.org|putty]] and an USB to TTL/USB to Serial adapter.   - Connect to the device via [[#serial|serial]] connection using a terminal application e. g. [[https://www.putty.org|putty]] and an USB to TTL/USB to Serial adapter.
-  - [[#U-Boot access|Access the device via bootloader.]]+  - [[#Bootloader/U-Boot access|Access the device via bootloader.]]
   - [[#TFTP boot OpenWrt|TFTP boot OpenWrt]] to either reinstall or fix a broken installation | [[#TFTP flash OEM firmware|TFTP flash OEM firmware]] to purge OpenWrt.   - [[#TFTP boot OpenWrt|TFTP boot OpenWrt]] to either reinstall or fix a broken installation | [[#TFTP flash OEM firmware|TFTP flash OEM firmware]] to purge OpenWrt.
 \\ \\
Line 305: Line 338:
 ==== Opening the case ==== ==== Opening the case ====
  
-<WRAP BOX> +1. Remove the two rubber crosses from the device' bottom side. 
-FIXME //Describe what needs to be done to open the device, e.g. remove rubber feet, adhesive labels, screws, ...// +2. Unscrew the two screws appearing after step 1. 
-</WRAP>\\+3. Remove the socket. 
 +4. After step 3. another four screws appear. Remove them as well. 
 +5. Around the device' case there are six clips* on the bottom case part inside and five on the uppper shell inside. 
 +6Keep the device with bottom side up and pry it up carefully around the case to remove the bottom sideStart at the side where the connectors are lead out. 
 + 
 +*) You will likely break some of them. Especially those on the left or right side. The clips at the front's case are very tight clipped because of the case' shape and the fact that they are four of them
 +\\
  
 ==== Serial ==== ==== Serial ====
Line 352: Line 391:
   - Generate the password:\\ \\ :!: **Do not enter the code below it into the current shell!** We have to open a new terminal application. We have distinguish here between Windows and Linux users!\\ \\ **__Linux__**: Copy and paste the code from below into a **newly** opened terminal. First use **calc script** and then **generate password** executing the script using the seed/passcode generated in section 3.\\ \\ **__Windows__** you can use [[https://mega.nz/file/sgZnnYoT#WYuFCmvTETYVr6j8vIZuVHC9rWVykBIBXOOWB3MFhfs|ZynPass]] to calculate the password.\\ \\ <tabbox calc script>   - Generate the password:\\ \\ :!: **Do not enter the code below it into the current shell!** We have to open a new terminal application. We have distinguish here between Windows and Linux users!\\ \\ **__Linux__**: Copy and paste the code from below into a **newly** opened terminal. First use **calc script** and then **generate password** executing the script using the seed/passcode generated in section 3.\\ \\ **__Windows__** you can use [[https://mega.nz/file/sgZnnYoT#WYuFCmvTETYVr6j8vIZuVHC9rWVykBIBXOOWB3MFhfs|ZynPass]] to calculate the password.\\ \\ <tabbox calc script>
 <code> <code>
-cat <<EOF> tool.sh+cat <<'EOF> tool.sh
 ror32() { ror32() {
   echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))   echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
Line 366: Line 405:
 <tabbox password> <tabbox password>
 <code> <code>
-sh tool.sh **013D72FF0710**+sh tool.sh 013D72FF0710
 </code></tabbox> The resulting password looks like: ''**ATEN 1,10F0A563**'' </code></tabbox> The resulting password looks like: ''**ATEN 1,10F0A563**''
   - Put the output from paragraph 4. in the terminal and press enter:\\ \\ <code>   - Put the output from paragraph 4. in the terminal and press enter:\\ \\ <code>
Line 397: Line 436:
   - Connect your PC/Workstation via LAN cable to the router.   - Connect your PC/Workstation via LAN cable to the router.
   - Power up your router and get access to [[#Bootloader/U-Boot access|u-boot]] as describe above. Step 1-2 is enough (no need unlock).   - Power up your router and get access to [[#Bootloader/U-Boot access|u-boot]] as describe above. Step 1-2 is enough (no need unlock).
-  - Enter ''ATUR'' and the name of the downloaded firmware file e. g. ''ATUR V1.00(ABSK.8)C0.bin'': <code>NBG7815> ATUR V1.00(ABSK.8)C0.bin</code>\\+  - Enter ''ATUR'' and the name of the downloaded firmware file e. g. ''ATUR V1.00(ABSK.8)C0.bin'': <code>NBG7815> ATUR V1.00(ABSK.8)C0.bin</code> :!: **Do not power off the device during the process!**\\ 
  
 ===== Photos ===== ===== Photos =====
  • Last modified: 2024/12/13 12:10
  • by pwned