|
|
Enabling boot_wait and changing other CFE defaults (WRT54G v.2.x)
Copyright (c) 2005 Oleg I. Vdovikin
IMPORTANT: This information provided AS IS, without any warranties. If in doubt leave this page now. This information applies to WRT54G hw rev 2.0, 2.2, 3.0. No other units were tested, but most likely WRT54GS units should be the same. WRT54G hw rev 1.x use different layout, so you need to adjust things accordingly.
The wrt54g v.2.2 unit was kindly donated to me by maxx, the member of the forum.chupa.nl forum. I would like to publically say thank you to him.
Extracting default values
Telnet/ssh to your router running your favorite firmware and type the following
dd if=/dev/mtdblock/0 bs=1 skip=4116 count=2048 | strings > /tmp/cfe.txt
dd if=/dev/mtdblock/0 of=/tmp/cfe.bin
Copy both cfe.bin and cfe.txt to your linux box (this is required). Check cfe.txt, it should look like this (this is from v.2.2):
boardtype=0x0708
boardnum=42
boardrev=0x10
boardflags=0x0118
boardflags2=0
sromrev=2
clkfreq=200
sdram_init=0x000b
sdram_config=0x0062
sdram_refresh=0x0000
sdram_ncdl=0x0
et0macaddr=00:90:4C:00:00:00
et0phyaddr=30
et0mdcport=0
gpio5=robo_reset
vlan0ports=1 2 3 4 5*
vlan0hwname=et0
vlan1ports=0 5
vlan1hwname=et0
wl0id=0x4320
il0macaddr=00:90:4C:00:00:00
aa0=3
ag0=255
pa0maxpwr=0x4e
pa0itssit=62
pa0b0=0x15eb
pa0b1=0xfa82
pa0b2=0xfe66
wl0gpio2=0
wl0gpio3=0
cctl=0
ccode=0
dl_ram_addr=a0001000
os_ram_addr=80001000
os_flash_addr=bfc40000
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
scratch=a0180000
boot_wait=off
watchdog=5000
bootnv_ver=2
Changing defaults
Open cfe.txt using text editor and change defaults in the way you like (but be extremelly careful, as some changes could prevent device from booting and you will need to use JTAG cable to bring it back to life). For me I've decided to enable both Afterburner (Speedbooster) and set boot_wait to on by default, so reset to default no longer messes the things, so I've applied this pseudo-patch (please note, that I've added bit 0x200 to boardflags to enable afterburner):
-boardflags=0x0118
-boot_wait=off
+boardflags=0x0318
+boot_wait=on
If you do not understand some things in this file, do not try to edit it. This is also applies to afterburner. I've also tried to change default lan_ipaddr, but this does not work in the way I expect: CFE started to answer to ping request to new lan_ipaddr, but it does not accept tftp transfers...
Creating new CFE image
You will need a nvserial utility which comes with several GPL tarballs. Linksys supplies it in the wrt54g.1.42.3, wrt54g.1.42.2, wap55ag.1.07, wap54gv2.2.06. Launch nvserial in the way like this on your x86 linux box:
nvserial -i cfe.bin -o cfe_new.bin -b 4096 -c 2048 cfe.txt
It works really slow, but it should finally create cfe_new.bin file for you, which has new embedded nvram.
Recompiling kernel with writable pmon partition
By default most firmwares has pmon partition write protected, i.e. you can't flash anything to this first 256k of flash. This is to prevent corrupting PMON/CFE. To remove this "lock" you will need to apply this patch to the kernel and recompile your firmware:
--- linux/arch/mips/brcm-boards/bcm947xx/setup.c.orig 2005-01-23 19:29:05.000000000 +0300
+++ linux/arch/mips/brcm-boards/bcm947xx/setup.c 2005-03-26 15:13:33.000000000 +0300
@@ -179,7 +179,7 @@
#ifdef CONFIG_MTD_PARTITIONS
static struct mtd_partition bcm947xx_parts[] = {
- { name: "pmon", offset: 0, size: 0, mask_flags: MTD_WRITEABLE, },
+ { name: "pmon", offset: 0, size: 0 /*, mask_flags: MTD_WRITEABLE,*/ },
{ name: "linux", offset: 0, size: 0, },
{ name: "rootfs", offset: 0, size: 0, mask_flags: MTD_WRITEABLE, },
{ name: "nvram", offset: 0, size: 0, },
Flashing new CFE image
So, once you've recompiled and flashed your new firmware you need yo upgrade CFE. This process is dangerous, as flash failure during it will prevent your unit from booting. Copy cfe_new.bin to your wrt54g and flash it. The exact commands are dependent on the firmware. With OpenWRT I've used the folowing:
mtd unlock pmon
mtd write /tmp/cfe_new.bin pmon
Checking it
Embedded nvram is only used, when real nvram is either corrupted or empty (CRC/magic checks fails), so you will need to erase nvram or to reset to defaults. With OpenWRT type this:
mtd erase nvram
Then cross your fingers and reboot your unit. And remember - I'm not responsible for any damage to your unit, as this information is provided AS IS for my own pleasure.
--------------------------------------------------------------------------------
oleg@cs.msu.su |
|
/1 
IP卡
狗仔卡
发表于 2007-10-28 12:12
置顶卡
沉默卡
喧嚣卡
顶贴卡
显身卡
,谢谢。