Benutzer-Werkzeuge

Webseiten-Werkzeuge


event:2014:hacksession

Hacksessions

In short:

a project by exco&makefu for social interaction, hacking skills, doing stuff

Hacksessions #5

Any ideas? Just do it.

#2-4 minikrebs upgrading

exco, makefu, toerb, albi, alexander, namevergessen we learned/showed/helped each other

  • different techniques how to de- resolder the chips (with old ram sticks).
  • programming of the new soic-8 flash chips witha CH341A programmer (windows only, even after hack session)
  • infrared soldering/hot air reflow soldering / manual smd soldering: 32MB → 64MB Ram, 4→ 16MB flash
  • adding external SMA-connector for external antennas - simple and sweet hack
  • dd/cat new images
  • flashing openwrt

Code here - git repo

Hardware Platform is in most cases the TP-Link WR703N / WR702N / MR3020

Upgrades (all above mentioned devices):

Flasher

WCH CH341A

uboot

  • you need to upgrade uboot to be able to use new 16MB flash chip and find ART partition and more … makefu go

https://github.com/pepe2k/u-boot_mod

crosscompiling

GUI

gui didn't seem to be working for me: as a user

./installer -console
# click through...

install location: $HOME/sc_mips

add to path

echo "export $PATH=$PATH:$home/sc_mips/bin" >> ~/.zshrc

goto checked out project

cd u-boot_mod
make tplink_wr703n
make tplink_mr3020

booting u-boot_mod

Hold button for 3 seconds to get http-server at 192.168.1.1, the wr703 will blink every second and flash shortly if released at the correct time.

Image

We created the following image in the end:

  • Boot-loader (mtd0) (128k)
    • 64k u-boot (pepe2k)
      • cd u-boot_mod; make tplink_mr3020 
    • 64k data (copy from old image)
      • dd if=old_image.bin of=data.bin bs=1 skip=65536 count=65536
  • openwrt-image (mtd1-mtd3) (rest space)
    • we built one which provides maximum size (16mb) for building and with write-protection removed from mtd0 and mtd4
    • in
      target/linux/ar71xx/files/drivers/mtd/tplinkpart.c
       change parts[3].mask_flags=MTD_WRITABLE and parts[0].mask_flags=MTD_WRITABLE to 0
  • ART (mtd4) (65k)
    • 64k wifi config data (copy from old image)
    • dd if=old_image.bin of=art.bin bs=1 skip=$(($old_image_size - 65536))

Buy WR703N at:

WR702N

  • TP-Link wr702n 2MB EN25QH16 flash
  • You will need to replace both, RAM and flash and you will not have a working USB adapter. just buy a wr703

MR3020

pics

… got lucky … all pulled pads were not connected ;-)

  • img_20140124_222731.jpg
  • img_20140124_205544.jpg

keeping everything in order

  • img_20140320_205504.jpg

Lessons Learned

  • don't pull traces off the pcb / roy bear (killed his wr702n)
  • upgrading ram chips sucks donkey balls / one-two are fine … more … no fun
  • 16MB flash requires a different u-boot / makefu
  • computers just suck / makefu
  • sometimes an easy task just isn't that easy - even if _the internet_ tells you otherwise /all
  • a 150mil sop8 programming adapter won't fit a 200mil chip
  • blinking led's are awesome / albi
  • barbecue takes too much time away from your hacking session / albi
  • rp SMA is not the plug you want
  • completely read through (not skim) wifi and forum entries, i completely overlooked that the bootloader contains two parts: code AND config data /makefu
  • Cross-Compiling (openWRT, u-boot) is not that hard /makefu
  • the u-boot_mod by pepe2k (https://github.com/pepe2k/u-boot_mod) is absolutely great as it provides an extremely simple way to upgrade the router via http-failsafe. /makefu

#1: Soundflower

event/2014/hacksession.txt · Zuletzt geändert: 2017-06-22 00:48 von rixx