====== Hacksessions ======
{{tag> event software hardware computing networking}}
In short: 

**a project by exco&makefu for social interaction, hacking skills, doing stuff**


===== Hacksessions #5 =====
 Any ideas? Just do it.

===== #2-4 minikrebs upgrading =====
exco, makefu, toerb, albi, alexander, namevergessen
we learned/showed/helped each other
  * different techniques how to de- resolder the chips (with old ram sticks).
  * programming of the new soic-8 flash chips witha CH341A programmer (windows only, even after hack session)
  * infrared soldering/hot air reflow soldering / manual smd soldering: 32MB → 64MB Ram, 4→ 16MB flash
  * adding external SMA-connector for external antennas - simple and sweet hack
  * dd/cat new images
  * flashing openwrt


Code here - [[https://github.com/makefu/wr703_mod/|git repo]]

===== Hardware TP-Link WR703N / WR702N / MR3020 =====
Hardware Platform is in most cases the TP-Link WR703N / WR702N / MR3020

Upgrades (all above mentioned devices):
  * possible flash-upgrade [[http://www.datasheetdir.com/MX25L6445EM2I-10G+download|(8MB) MX25L6445EM2I]] / this needs new uboot -> [[http://www.nexflash.com/NR/rdonlyres/A5B6C30B-C174-43CF-867E-E1A2F371A07C/0/W25Q128FV.pdf|(16MB) W25Q128]]
  * ram [[http://www.datasheetarchive.com/dlmain/Datasheets-13/DSA-254809.pdf|(64MB) HY5DU121622]]
  * SMA connector (not: RP SMA ... as in reverse pin), these are astonishingly hard to get, we only got a 20-package: http://www.aliexpress.com/item/Wholesale-RP-SMA-female-antenna-cable-RG316-15cm-Free-shipping/602734040.html


==== Flasher ====

WCH CH341A 
  * seems not to be supported by flashrom:
  * using windows software from: https://github.com/makefu/wr703_mod/tree/master/ext_documentation
  * we have not made it working in a VM ... with a broken usb cable as it turns out.

===== uboot =====

  * you need to upgrade uboot to be able to use new 16MB flash chip and find ART partition and more ... makefu go
https://github.com/pepe2k/u-boot_mod

==== crosscompiling ====

  * get installer from: https://sourcery.mentor.com/GNUToolchain/release2640
  * gcc for MIPS seems to be working as well

==== GUI ====
gui didn't seem to be working for me: as a user
<code>
./installer -console
# click through...
</code>
install location: $HOME/sc_mips
==== add to path ====
<code>
echo "export $PATH=$PATH:$home/sc_mips/bin" >> ~/.zshrc
</code>
==== goto  checked out project ====
<code>
cd u-boot_mod
make tplink_wr703n
make tplink_mr3020
</code>
==== booting u-boot_mod ====

Hold button for 3 seconds to get http-server at 192.168.1.1, the wr703 will blink every second and flash shortly if released at the correct time.

===== Image =====
We created the following image in the end:
    * Boot-loader (mtd0) (128k)
      * 64k u-boot (pepe2k)
        * <code>cd u-boot_mod; make tplink_mr3020 </code>
      * 64k data (copy from old image)
        * <code>dd if=old_image.bin of=data.bin bs=1 skip=65536 count=65536</code>
    * openwrt-image (mtd1-mtd3) (rest space)
      * we built one which provides maximum size (16mb) for building and with write-protection removed from mtd0 and mtd4
      * in <code>target/linux/ar71xx/files/drivers/mtd/tplinkpart.c
 change parts[3].mask_flags=MTD_WRITABLE and parts[0].mask_flags=MTD_WRITABLE to 0</code>
    * ART (mtd4) (65k)
      * 64k wifi config data (copy from old image)
      * <code>dd if=old_image.bin of=art.bin bs=1 skip=$(($old_image_size - 65536))</code>




Buy WR703N at: 
  * [[https://www.amazon.de/dp/B008UNA6FS/?tag=krebsco-21|Amazon de]]
  * [[http://www.amazon.com/dp/B0083Z54P0/?tag=krebsco-20|Amazon com]]
  * [[http://wiki.openwrt.org/_media/toh/tp-link/en25q32.pdf|4MB Eon EN25Q32B]]
  * [[http://wiki.openwrt.org/_media/toh/d-link/d-link.dir-615e4-a3s56d3040etp.pdf|32MB Zentel A3S56D40FTP ram]]
  * [[http://wiki.openwrt.org/toh/tp-link/tl-wr703n|openwrt page]]

WR702N
  * TP-Link wr702n [[ http://pdf1.alldatasheet.com/datasheet-pdf/view/458190/EON/EN25QH16-104HIP.html|2MB EN25QH16 flash]]
  * You will need to replace both, RAM and flash and you will not have a working USB adapter. just buy a wr703

  
MR3020
  * [[http://wiki.openwrt.org/toh/tp-link/tl-mr3020|openwrt page]]
  * [[http://www.amazon.de/dp/B00634PLTW/?tag=krebsco-21|buy at amazon.de]]
  * [[http://www.amazon.com/dp/B006DEBXD0/?tag=krebsco-20|buy at amazon.com]]



===== pics =====

... got lucky ... all pulled pads were not connected ;-)
  * {{https://lh3.googleusercontent.com/-fl2-sOyfYvo/UuOgoQm2UeI/AAAAAAAAaxU/Wa7l_cirPCc/s640/IMG_20140124_222731.jpg}}
  * {{https://lh5.googleusercontent.com/-QpsS7A8yJls/UuOgoQSYIcI/AAAAAAAAaxU/8bGWYbLgQvo/s640/IMG_20140124_205544.jpg}}
keeping everything in order
  * {{https://lh6.googleusercontent.com/-13w8xw7D6ng/UytThPema1I/AAAAAAAAdRE/TW2K1vvWBHc/s640/IMG_20140320_205504.jpg}}

===== Lessons Learned =====
  * don't pull traces off the pcb / roy bear (killed his wr702n)
  * upgrading ram chips sucks donkey balls / one-two are fine ... more ... no fun
  * 16MB flash requires a different u-boot / makefu
  * computers just suck / makefu
  * sometimes an easy task just isn't that easy - even if _the internet_ tells you otherwise /all
  * a 150mil sop8 programming adapter won't fit a 200mil chip
  * blinking led's are awesome / albi
  * barbecue takes too much time away from your hacking session / albi
  * rp SMA is not the plug you want
  * completely read through (not skim) wifi and forum entries, i completely overlooked that the bootloader contains two parts: code AND config data /makefu
  * Cross-Compiling (openWRT, u-boot) is not that hard /makefu
  * the u-boot_mod by pepe2k (https://github.com/pepe2k/u-boot_mod) is absolutely great as it provides an extremely simple way to upgrade the router via http-failsafe.  /makefu


===== #1: Soundflower =====
  * [[friedhof:soundflower#hacksession_1]]