event:2014:hacksession
Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
Hacksessions
In short:
a project by exco&makefu for social interaction, hacking skills, doing stuff
Hacksessions #5
Any ideas? Just do it.
#2-4 minikrebs upgrading
exco, makefu, toerb, albi, alexander, namevergessen we learned/showed/helped each other
- different techniques how to de- resolder the chips (with old ram sticks).
- programming of the new soic-8 flash chips witha CH341A programmer (windows only, even after hack session)
- infrared soldering/hot air reflow soldering / manual smd soldering: 32MB → 64MB Ram, 4→ 16MB flash
- adding external SMA-connector for external antennas - simple and sweet hack
- dd/cat new images
- flashing openwrt
Code here - git repo
Hardware TP-Link WR703N / WR702N / MR3020
Hardware Platform is in most cases the TP-Link WR703N / WR702N / MR3020
Upgrades (all above mentioned devices):
- possible flash-upgrade (8MB) MX25L6445EM2I / this needs new uboot → (16MB) W25Q128
- SMA connector (not: RP SMA … as in reverse pin), these are astonishingly hard to get, we only got a 20-package: http://www.aliexpress.com/item/Wholesale-RP-SMA-female-antenna-cable-RG316-15cm-Free-shipping/602734040.html
Flasher
WCH CH341A
- seems not to be supported by flashrom:
- using windows software from: https://github.com/makefu/wr703_mod/tree/master/ext_documentation
- we have not made it working in a VM … with a broken usb cable as it turns out.
uboot
- you need to upgrade uboot to be able to use new 16MB flash chip and find ART partition and more … makefu go
crosscompiling
- get installer from: https://sourcery.mentor.com/GNUToolchain/release2640
- gcc for MIPS seems to be working as well
GUI
gui didn't seem to be working for me: as a user
./installer -console # click through...
install location: $HOME/sc_mips
add to path
echo "export $PATH=$PATH:$home/sc_mips/bin" >> ~/.zshrc
goto checked out project
cd u-boot_mod make tplink_wr703n make tplink_mr3020
booting u-boot_mod
Hold button for 3 seconds to get http-server at 192.168.1.1, the wr703 will blink every second and flash shortly if released at the correct time.
Image
We created the following image in the end:
- Boot-loader (mtd0) (128k)
- 64k u-boot (pepe2k)
cd u-boot_mod; make tplink_mr3020
- 64k data (copy from old image)
dd if=old_image.bin of=data.bin bs=1 skip=65536 count=65536
- openwrt-image (mtd1-mtd3) (rest space)
- we built one which provides maximum size (16mb) for building and with write-protection removed from mtd0 and mtd4
- in
target/linux/ar71xx/files/drivers/mtd/tplinkpart.c change parts[3].mask_flags=MTD_WRITABLE and parts[0].mask_flags=MTD_WRITABLE to 0
- ART (mtd4) (65k)
- 64k wifi config data (copy from old image)
dd if=old_image.bin of=art.bin bs=1 skip=$(($old_image_size - 65536))
Buy WR703N at:
WR702N
- TP-Link wr702n 2MB EN25QH16 flash
- You will need to replace both, RAM and flash and you will not have a working USB adapter. just buy a wr703
MR3020
pics
Lessons Learned
- don't pull traces off the pcb / roy bear (killed his wr702n)
- upgrading ram chips sucks donkey balls / one-two are fine … more … no fun
- 16MB flash requires a different u-boot / makefu
- computers just suck / makefu
- sometimes an easy task just isn't that easy - even if _the internet_ tells you otherwise /all
- a 150mil sop8 programming adapter won't fit a 200mil chip
- blinking led's are awesome / albi
- barbecue takes too much time away from your hacking session / albi
- rp SMA is not the plug you want
- completely read through (not skim) wifi and forum entries, i completely overlooked that the bootloader contains two parts: code AND config data /makefu
- Cross-Compiling (openWRT, u-boot) is not that hard /makefu
- the u-boot_mod by pepe2k (https://github.com/pepe2k/u-boot_mod) is absolutely great as it provides an extremely simple way to upgrade the router via http-failsafe. /makefu
#1: Soundflower
event/2014/hacksession.1498085285.txt.gz · Zuletzt geändert: 2017-06-22 00:48 von rixx