Tuesday, September 18, 2018

Flashing Router via Serial Port:: This is the Preferred way to flash Firmware of any router

Flashing router got several ways.  But flashing through the serial port of the router is the preferred way.  As you are dealing directly via the cli(command line) you instantly know what is going on, if your flashing done successfully or not.

In the last two posts I have described how to do part of the work.  I will not go into it here in this post.

1. You will need a tftp server running in the computer that you are using to flash your router.  Please go through this post here to know how to setup tftpd,

http://router-mod.blogspot.com/2018/09/the-easy-way-out-easy-flashing-without.html

For Linux(that I use) you can use tftpd-hpa. It's config file is in the directory(arch/manjaro linux) is in /etc/conf.d/tftpd, mine looks like this,
TFTP_ADDRESS="0.0.0.0:69"
TFTPD_ARGS="-c -vvvv --secure /srv/gtftp/"

For windows above url details how to setup the tftp server.

2. You will also need to setup a serial/UART TTL Converter for serial input/output commands.  Previous document/post got the complete details about how to do that, link is here,

http://router-mod.blogspot.com/2018/09/router-serial-or-uart-port-how-to-find.html

Now connect your serial port just like the last two images(not posting here) in the above linked post.

For windows you use putty and for linux it's screen or minicom(i use this).  In the router boot process there are two types of software loading happens.  First the bootloader, for Atheros based router it's usually u-boot and for broadcom based routers it's CFE(Common Firmware Environment).  The bootloadar loads all the hardware parameters and passes it to the actual firmware that it loads.

We are replacing the firmware provided by the router vendor to custom firmware i.e. openwrt or dd-wrt or tomato. So we need our bootloader to halt booting the firmware and wait for our commands at it's cli interface that is only available via serial console/UART console.  For linux just open up a terminal, Connect your UART to Serial Adapter/Converter(cp210x etc) and start up minicom.  For windows you need to start and connect putty to serial port.  To halt booting existing vendor provided firmware we need to do the following,

1.Atheros/Qca-Atheros u-boot : For Atheros SOC based routers u-boot will likely be your bootloader.  To halt the boot loader at it's cli, We need to be alert as it will show a 1 second boot wait time, and if it's a tp-link router we shall have to write "tpl" and hit enter very fast.  for every 4 or 5 bootings I could do it probably once.  So, what I did, I programmed minicom to startup with "tpl" and hit enter(auto).  So, As soon as I power on the router, I start minicom and it initialize the router with 'tpl'.  This way, I get my boot loader prompt!! each time I switch on my router.


In above image, u-boot is awaiting commands after "tpl"...

Your boot prompt is likely different such as "ap143>" or "ap121>" etc for tp-link routers with default bootloader provided by the vendor.

Meanwhile You must download the router firmware i.e. if it's openwrt go here and download firmware image file for your router,


for dd-wrt go here,

In case You are not successful in your flash or wish to revert back to vendor firmware you should download firmware from vendor site, for tp-link it should be here,


Special Note:
Please backup your current Firmware Before you do new flashing. As it is not possible from cli, You must get a copy of your Latest firmware from vendor site, like mentioned above. If you got tp-link router and the firmware got "boot" mentioned in the downloaded file then You need to strip the file with dd in linux,
you will need to strip out the first 0x20200 bytes (131584 bytes),
dd if=orig.bin of=tplink.bin skip=257 bs=512 (dd is a linux command line tool) or
Download a stripped image from here,


Note : You can contact me or leave Message for me to get you a stripped image if required.

Now, Copy your desired firmware file, copy it into the tftpd directory in your computer i.e. in my case my tftpd server directory is /srv/gftpd and I copy the file into it.

Connect your router with your computer via a UTP cable directly into in any of the lan or the wan port.  One also must setup the router and the computer ip manually at this point. Please go into your ip settings and manually choose a subnet and set it up like this,
I choose subnet of 192.168.100.x so I choose my computer details as below,
IP: 192.168.100.100, subnet mask: 24 aka 255.255.255.0 and gateway to my router i.e. 192.168.100.10(my pre-determined router ip).

Notice, In above Image I have selected a subnet and setup ipv4 manually, look into method it's manual for "Network Manager" in linux, similar for windows, setup ip manually.

At this point If you got windows, turn off windows firewall in order to have the router access tftp server of your computer.  for Linux you have to turn of firewall like this,
Check  if firewall enabled, systemctl status ufw, if enabled and green!!, then
a. systemctl disable ufw,
b. systemctl stop ufw., this will disable ufw(linux firewall) completely.

Now Setup your router via cli in serial port with u-boot or cfe,
Old u-boot(default), 
(I'm using subnet x.x.100.x), 
set serverip 192.168.100.100 
set ipaddr 192.168.100.10 
If it's new u-boot from pepe's repo, then, 
setenv serverip 192.168.100.100 
setenv ipaddr 192.168.100.10 

 Now verify if ip addresses are correctly set with,
printenv

Now check if connection established bitween computer and router,
1. ping 192.168.100.10 (Check if server is live!!) 
If connected then will see something like this,

gfx:/etc/conf.d$ ping 192.168.100.10
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.368 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.265 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.282 ms
64 bytes from 192.168.100.10: icmp_seq=4 ttl=64 time=0.393 ms
^C

If not connected, then retry reconnecting the wires and try ping again

If it's connected then,

2. tftpboot 0xa0800000 tftp-boot-file(Yr dd-wrt/openwrt rom) 

Example,

ar7240> tftpboot 0x80000000 openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin
Using eth0 device
TFTP from server 192.168.1.100; our IP address is 192.168.1.111
Filename 'openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin'.
Load address: 0x80000000
Loading: checksum bad
#################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         ######################################################
done
Bytes transferred = 3932160 (3c0000 hex)
With above commands you have loaded your new router boot file/image into routers ram!!

Now erase your routers current firmware from flash rom,
3. erase 0x9f020000 +0x3c0000 

Please note that above "+0x3c0000" Memory location is mentioned after loading new rom image into routers ram i.e. "Bytes transferred = 3932160 (3c0000 hex)"

Now, Copy Ram content to flash
4. cp.b 0xa0800000 0x9f020000 0x3c0000

Now boot router with newly installed openwrt rom(in this case),
5. bootm 0x9f020000 

If booting successful you will be greeted with messages similar below(Serial Console or SSH),
====================================================


BusyBox v1.25.1 () built-in shell (ash)                                         



     _________                                                                  



    /        /\      _    ___ ___  ___                                          



   /  LE    /  \    | |  | __|   \| __|                                         



  /    DE  /    \   | |__| _|| |) | _|                                          



 /________/  LE  \  |____|___|___/|___|                      lede-project.org   



 \        \   DE /                                                              



  \    LE  \    /  -----------------------------------------------------------  



   \  DE    \  /    Reboot (17.01-SNAPSHOT, r3909-b6a1f43075)                   



    \________\/    -----------------------------------------------------------  



=== WARNING! =====================================                              



There is no root password defined on this device!                               



Use the "passwd" command to set up a new password                               



in order to prevent unauthorized SSH logins.                                    



--------------------------------------------------                              



root@LEDE:/# 
===================================================

If you find you are in boot loop or not booting new firmware, Please do not panic.  You can go back to your original firmware if you have done the backup mentioned previously or if you got a stripped original firmware file from vendor site.

Use above commands and reflash to get back to working original firmware,
1. ping 192.168.100.10 (Check if server is live!!) 
2. tftpboot 0xa0800000 wr841nv3-3169-160612.bin(Yr tp-link downloaded fimrware file)
3. erase 0x9f020000 +0x3c0000 (note the last 3c0000 address)
4. cp.b 0xa0800000 0x9f020000 0x3c0000 (Copy ram contant to flash chip)
5. bootm 0x9f020000 (Boot Router to new flashed image)

For Information about current boot environment variables you can do,

6. printenv
uboot will show all available commands in env. variable.

If you have uboot or cfe you can use,
7. help
It will show you all available commands for you to use.
For most u-boot/cfe using,
7a. help <command> i.e. help ifconfig, will show how to use that command!!

Note : In some routers u hv to note down yr Hardware or mac address as it may get changed, u hv to change it back to original. It is also printed in the back sticker of your router!!

If you have successfully flashed openwrt then the first thing you should do is make a backup of your current firmware i.e. openwrt and other tools i.e. u-boot and art partition like this,

cat /proc/mtd (Check which is art, u-boot and firmware),
cat /dev/mtd0 > /tmp/uboot_backup.bin
cat /dev/mtd4 > /tmp/art_backup.bin
cat /dev/mtd5 > /tmp/firmware_backup.bin

Another way(Online with firmwares with boot in it i.e with bootloader),
ls /dev/ (Verify if mtd4 is art and mtd0 is uboot)
dd if=/dev/mtd4 of=/tmp/art_back2.bin  (art back here)

Note : U need to copy above art backup i..e art_back2.bin to yr computer with scp...see below how to scp

After you have flashed you need to update openwrt,
1. ssh root@192.168.1.1 (whichever ip now i.e. openwrt starts with 192.168.1.1 or 192.168.0.1)
1b. change password first, issue passwd command and change password to yr liking.
1c.then reboot system...

Then copy upgrade file to tmp dir,
scp /srv/gtftp/lede-ar71xx-generic-tl-wr841-v12-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/

sysupgrade /tmp/lede-ar71xx-generic-tl-wr841-v12-squashfs-sysupgrade.bin

reboot system again
at this point you should be connected to internet, if not you will need to connect via web interface or command line, web preferred.

issue, opkg update
issue opkg install luci (if u have not added luci during compile time, or using pre-build images without luci)
issue, /etc/init.d/uhttpd enable
/etc/init.d/uhttpd start
then go into 192.168.1.1(from yr web browser) and change ip of router to 192.168.x.x(whatever subnet u prefer) and reboot.

2. Broadcom CFE : If the router got broadcom SOC(System on chip) then you will likely have CFE as boot loader.  You need to switch on the router and at the same time keep "Ctrl-C" i.e. Control C keys pressed and boot loader will stop booting existing firmware and will stop at it's cli/command prompt!!

Please note, all this broadcom routers use trx files with no extra headers, to flash from serial console I have used following sequence of commands,

NOTE : Press and hold Ctrl-C Right before switch on router to go into CFE!!!! 

I had setup a tftp server hpa-tftp in my arch linux box at ip 0.0.0.0:63(I use it for many other flashing!)

ifconfig eth0 -addr=192.168.1.11 -mask=255.255.255.0 -gw=192.168.1.4 -dns=192.168.1.4 

Connected router with my computer with any of the lan ports.

nvram erase 

flash -noheader 192.168.1.4:tomato-K26USB-1.28.9999MIPSR2RAF-TendaN6.trx flash1.trx 

then just do reboot on CFE command prompt.
after boot up,
use nvram erase again. and reboot to go into fresh and clean tomato install.

To backup cfe and flash files(From within cfe), I have instructions before, please find them, they are everywhere if u look close enough like,

save 192.168.1.4:fh305.cfe BC000000 20000 

cfe size total = Boot partition size = 131072(0x20000)
Rom total size is : 1048576 = 100000 Hex. ( 1 MB)
So total Rom,
save 192.168.1.4:fh305full.bin BC000000 100000 

Tenda fh305 only got id starting from vlan1 and tomato sets vlan1 as wan, which is incorrect for this router(It was expecting vlan0 for lan ports). All I did set vlan1 to Lan ports and vlan2 to wan with ofcourse adding cpu flags which is also different from most other routers.

To Configure the vlan for tenda fh305 in tomato Commands I have used,

nvram set vlan1ports="1 2 3 5" 
nvram set vlan2ports="0 5" 
nvram set vlan0ports="" 
nvram set manual_boot_nv=1 
nvram commit 
reboot

============================================================
My Profession : By trade I'm a Software Engineer.  But I Love trading currency or Forex markets and trade mostly eurusd markets.  So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP.  I trade with reputable International Forex brokers.

To know how to do Forex Trading go here : Forex Trading: My regular source of income

For signals on eurusd go here My Forex Trading Journal

Posted by at 7 comments:

Monday, September 10, 2018

Router Serial or UART Port: How to find and Configure

I received several e-mails regarding how to find out the serial port on the router motherboard or PCB.  It's actually very easy on most routers.

Disclaimer : Modification of Hardware or Software has a possibility of Bricking an Embedded Device, such as a router. Please do the Below Procedure(s) on your own risk...

Test Case Tp-link archer c50 AC1200 routers.

If you look close into the image, You will clearly see a 4 pin connector, most of the times all 4 pins connectors are serial risers.  In recent routers almost all routers got 4 pin serial connectors like this.
All you have to do is, find the Tx/Rx and Ground pins.  Vcc is not required but good to know which of the 4 pins is a vcc.  We shall note it and no connect any pins to it!!
You will need a multimeter to test to know which of the pins are tx/rx and ground/vcc.  

1. First try finding the ground pin of the UART.  Keep router powered off.  Get a Multimeter and get it into Diode test/Continuity test/Short test mode. Connect one pin of MM to one of the pins of the UART and Another(gnd/black) connect to one of the Antenna connector or Antenna connector solder point(whichever available for your router). In our archer c50 case there is Antenna connectors but not the cheaper antenna solder point.  Here we are using Antenna connector as the ground plain of the router.  If There is continuity from antenna connector to the UART pin that is connected to MM then that is our UART Ground point, if not test all of the pins one by one to find which is Gnd(ground), MM will provide a continuous Beep and Diode test light will light up depending on the MM, while MM connector is on the ground pin of the UART. This test is actually checking which pin is connected to the router boards ground plain. It's like connecting one single wire in two different points and MM starts to beep/light as these two points/pins are shorted to ground i.e. ground pin. 
2. Now Try find the Vcc pin.  We must know which pin got constant voltage of V3.3. Now Connect MM Black lead to the Antenna connector And another to one of the 3 remaining pins.  Now Connect the router to power and observe very carefully what happens. Keep an eye on the leds of the router.  As soon as Led shows power on...Very carefully observe if we are getting Voltage of 3.3 Consistently throughout the Entire boot process of the routers.  You will know your router, as soon as booting finish all the light starts to blink or some constantly lit. The pin that got consistent 3.3volt(or close), no change in voltage, is your UART VCC pin.
3. Now try finding the Tx or Transmit pin, this is the pin router sends data through the Serial UART.  Now again connect MM Black/Gnd Lead to Antenna point and Another to one of the 2 remaining pins of the UART.  Now, Power on the router. Observe very carefully, if you find voltage spikes throughout the boot process of the router, then that is your Tx pin of the UART.  As data passed through the Serial port, Voltage will go up and down and as such get voltage reading ranging from few milivolts to full 3.3 volt. After booting finish voltage should stabilize at somewhere around 2/3 of the full 3.3 volt. But as it's a router, as soon as connected to internet user programs starts to connect to net & voltage spiking may not stop. so common to have 0.5 volts to 2.xx to 3.3 volts. on Tx pin.
4. Remaining pin is very tricky.  Rx pin can have same voltage as Vcc or it can go short to ground or remain/hang in somewhere in between 0.5 to 3.3 volts.
But we already got the Gnd, Vcc and Tx pin. If Tx/Rx is wrong, no problem, You will get garble from the serial port to your Serial comm program.  If so just swich Tx/Rx and should get clear text while booting.

Problems in Soldering :: If u still get garbled text then may be ground pin of the serial UART not soldered properly.  Try resolder all pins. If You can see text clearly in the comm program but whatever is typed isn't shown, then probably poor soldering quality.  Either you shorted Rx pin to ground or Dirty solder at Rx pin!! Re-do your soldering.

Your Serial comm program should be in Baud rate of 115200 and 8-n-1. Do not turn on Hardware flow control, as we are not using DTS/RTS pins, not available, as it's not a real modem!!
Software flow control should also be turned off by default.

Test case 2 Tp link tl-wr802-v1

If you see the image on your left, it's a tiny  little older tplink router with USB ports.   Here is no clearly pointed out Serial UART port.  But It's more visual finding the correct serial pinout spread all over the tiny board.
There are 4 pins clearly marked. 
1. Tp_out, which is Rx pin, Tp_In, which is Tx pin of the router. There is Tp3v3, which is Vcc of 3.3volts.  There is another one which is TP3, Verify with MM whether it's connected to ground plain i.e. The Antenna connector and other exposed metal like the outer shell of the USB or UTP Connector(Network connector) port(outer shell only). If it passes continuity test then use TP3 AS your ground.
TP3V3 has to be measured while router is booting.  If as usual you find consistent 3.3 volt in TP3V3 then that is your Vcc. Try finding the other pins as outlined in the First router case.

Test case 3 Xiaomi mi router 3

This is a Mediatek router made by xiaomi.  Here the UART is clearly marked.  But as wise men say, always verify what is said is true or not!!  So, verify the pins as per test case 1 and 2, or else if u connect your Serial TTL converter to vcc, your router may burn out or to the least your serial converter will short out for sure.






Test Case 4 Tp-link Tl-wr840n-V4(EU)

As seen on Last case No 3, this tp-link router also have it's serial port UART marked clearly.  All pins are marked.  But as said before You must verify as what is marked on the router.  Verify all the pins i.e. Tx - Rx - Gnd -Vcc, as like test case No.1




Now I have my serial UART port figured out, What and how I'm going to use it.  It's a bit tricky and risky now.  First You need to solder a 3 pin riser to the Serial port you have seen so far.  It's same for all modem.  If you are unable to do soldering or are afraid, which is to be expected, You can go to a local Electronic repair shop and request to connect the pin header or some wires to the UART/Serial Interface, and you are done.

Now You will need a USB to Serial TTL Level shifter/converter.  You can order in your local electronic shop.  Best so far are CP2102 for Tp-link, Tenda or asus or any other router. There is also pl2303 which also will work.  Last but not the least is the ch341a which is a TTL Level shifter along with a SPI(Serial Programming Interface) programmer, that you can use to program the routers flash chip and all above are very very cheap around $2.50 to $3.00.  Here are the photos of them here,

Left is cp2102
Right is ch341a
Bottom pl2303

You will see pin header/connector in all of the above, just connect your router's UART or Serial Port Tx/Rx and Ground pin like this, Router Tx->Converter Rx, Router Rx->ConverterTx, Router Gnd->Converter Gnd.

WARNING!: Some people reported they fried their router connecting the voltage pins despite it isn't necessary. NEVER connect voltage pins when using USB adapters unless you know what are you doing. Unless you need to power the device, you don't have to connect the voltage pins. And you usually don't need to power it this way - use the router power supply.
Pls. Do not connect any pins or headers to the router or the Converter's  VCC connector. This is very very Important, otherwise Your converter or  router or both may be damaged/burned/shorted.




Please review the Image above, one is cp2102 another is ch341a used as a TTL Converter Instead of a Programmer

Now You need to Install a Communication program if in windows.  There is one Modem dialer but prefer Putty, Download and install from here,
https://www.putty.org/

Now After connecting the TTL Converter to Router and Computer, Pls. keep the router turned off.  Now Check in windows "Device Manager", In which port the TTL Converter connected, if nothing shown, then You will have to install the Driver for cp2102 or ch341a from internet.  Just search in google "ch2102 Driver download" or "ch341a Driver Download" and go to the First available link to download them, You have to install the driver and then Disconnect and reconnect the TTL Converter/adapter, while keep Device manager window open and you will see live the device connecting!! to virtual com port assigned to the serial adapter.

If you do not install driver it should be like above, not detected properly

If you install serial adapter driver it should look like above

For Linux if you got Latest 4.xx kernel then no worries it got drivers in the lib. and dmesg it to see in which port connected, usually ttyUSB0 or ttyACM0 etc. Like below,

Now you need to start putty and then setup serial connection to the converter port i.e. port com5 or so(whatever reported in device manager)...for linux just start minicom with ttyUSB0 etc.

After startup the Putty or Minicom now switch on the router, TTL Converters light will get lit and watch the router boot log live in the serial port window like below,

For Myself I Also use TL866 II plus programmer as seen here


































































If you need firmware for some Tp-link routers(popular) please visit this page.

===================================================================
My Profession : By trade I'm a Software Engineer.  But I Love trading currency or Forex markets and trade mostly eurusd markets.  So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP.  I trade with reputable International Forex brokers.

To know how to do Forex Trading go here : Forex Trading: My regular source of income

For signals on eurusd go here My Forex Trading Journal

Posted by at 5 comments:

Sunday, September 9, 2018

The Easy way out : Easy flashing without opening router!!

If u thing You can live with 4 mb flash/32 Mb ram, Or just want a stable router that do not hang or reboot unexpectedly, you can try Factory firmware recovery method.  In this method You do not have to even open up your router.  No need TTL adapter and as such.

But Be warned, with small flash and/or 32 Mb memory It's not possible to use the router other then for routing securely.

OK, here is the easy way....

If you have a tp-link router and it's 8xx series or 7xx series i.e. tl-wr840/841n or tl-wr-740/741 or tiny routers with USB port you can use factory recovery to install custom firmware such as openwrt or dd-wrt!!

Most people use windows, so I will go with windows installation steps here.

First download firmware from openwrt download page, use the latest version for your router.,
https://downloads.openwrt.org/
For DD-wrt go to their download page and search in beta folder here,
https://dd-wrt.com/support/other-downloads/
OR for actual recovery go to tp-link website to download firmware for your router..search for your router and if found go to download page for that router,
https://www.tp-link.com/en/

first of all, you need to set up a TFTP Server on your computer with IP 192.168.0.66/24. i.e. your computer address at 192.168.0.66, netmask 255.255.255.0 gateway to any address in subnet 192.168.0.x i.e. 192.168.0.86(your routers address!!, not important at this time). Please note that you are actually setting up your computer with tftpd server at static ip address of 192.168.0.66(Very Very Important).

Download tftpd32/64 (in same package) from below link and install in your windows. Setup a directory for your router to download your firmware file that you have downloaded from above sources of openwrt/dd-wrt or tplink website.
https://bitbucket.org/phjounin/tftpd64 or,
http://www.tftpd64.com/

1. Here comes the most important part,switch off your router and Connect a LAN port of your router to your TFTP Server machine(your computer).
2. Hold down the Reset button on the back of the router and switch it on till you could see the information below in the log viewer option.
3. Obviously, you have to press the log viewer at first, you can see the name was(requested by your router to your computers tftp server) :: routername_tp_recovery.bin. i.e. if it's tp-link tl-wr841n/nd ver 2 then file name should be wr841nv2_tp_recovery.bin.  Here are some more names your routers bootloader may request if it's different version of tplink 841 or other router,
wr841nv8_tp_recovery.bin (for v8.x); for v9 wr841nv9_tp_recovery.bin; for v10 wr841nv10_tp_recovery.bin; for v11 and v12 wr841nv11_tp_recovery.bin. Note: You can find the version number of your router, on the back sticker of the router.
4. You may need to try step 3 several times.

5. Rename the file you have downloaded from above openwrt or dd-wrt or tp-link suitable for your router to the name your router is requesting for download i.e. to flash the image to your router via the bootloader, It's actually bootloader u-boot requesting for the firmware image(binary) file. So, rename according to what has been requested by the routers bootloader..if it's tp-link tl-wr841n version 9.x then it should be renamed to wr841nv9_tp_recovery.bin. Other tp-link routers such as wdr4300 ver 1.0 file should be wdr4300v1_tp_recovery.bin.  For tplink tl-wr841hp ver3 it should be, wr841hpv3_tp_recovery.bin.  Now copy that renamed file to your tftp server download directory that you have set while setting up tftpd32/64. Also Browse to the download folder ensuring the download path and file name is correct.

6. Now Switch off your router.  Then hold down the reset button on the back of the router, while reset button keep pressed now switch on your router. After turning on the router keep it pressed until you see your router is requesting recovery file in the tfpd server log viewer window!! and a popup messag appears like below image,

7. Now wait for some time until router reboot itself, You will see router lights turning off and on again. If the flashing is successful you will be able to login to web interface of your router with your new firmware or recovered firmware. Pls. remember,  if openwrt or tp-link or dd-wrt installed, router will restart at address 192.168.1.1 or 192.168.0.1, will also try assigning your computer a DHCP address, so after reboot, do not forget to change to "automatic ip or DHCP" mode in windows instead of set static ip.

Important Notes/Notice:
1. Your routers bootloader may not support this tftpd recovery mode.  To make sure, you should try this method for some time, at least 10/15 times, giving 5 to 8 minutes time for each trial.
2. Some routers tftpd address may be different., i.e. Some tp-link router(u-boot bootloader) expects tftpd server at 192.168.1.66/24 which is a different subnet, so should configure your computer accordingly. So, In this case, Your computers ip should be 192.168.1.66, netmask 255.255.255.0 gateway 192.168.1.86 etc.
3. If the router's IP (192.168.1.1) doesn't respond to ping(after reboot), try clear ARP cache on your machine/computer, run in command prompt,
arp -d
4. After reboot if you have installed openwrt, login is, Login id: admin, password: none/empty.  If it's dd-wrt login is: root or admin, password is admin, for tp-link it's id/pass, admin/admin

Warning: If your router firmware image name got boot in it(that you have downloaded from tp-link website for your router), meaning it got bootloader appended at the beginning of the firmware. In such cases if it's successfully flashed, your router may be bricked completely.  Even serial console will not help in this case.  U will need J-tag or external programmer to reload bootloader with firmware into your flash chip!!!  If you wish to get a stripped of Bootloader firmware image i.e. firmware image/bin file without bootloader you can try downloading it from this website,

http://www.friedzombie.com/tplink-stripped-firmware/

But if you are using linux/unix variant i.e. freebsd, then it's a different ball game, u can easily strip the firmware of off it's bootloader with dd,
you will need to strip out the first 0x20200 bytes (131584 bytes),
dd if=orig.bin of=tplink.bin skip=257 bs=512 (dd is a linux command line tool)

But after flashed, if router not booting but light up(router leds) and system or power light flashes rapidly or any other led light flashes, that means not everything is lost.  You still got a functioning boot loader signalling you that you have flashed the wrong firmware.  In such case if you try going into 192.168.1.1 or 192.168.0.1  You may find web interface of your bootloader(Emergency web enabled) and you can flash another firmware carefully selected for your router by you!!.  Even if you do not get the web interface, no worries, you can still flash another firmware image/bin file with TFTPd method, explained in detail above.

====================================================================
My Profession : By trade I'm a Software Engineer.  But I Love trading currency or Forex markets and trade mostly eurusd markets.  So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP.  I trade with reputable International Forex brokers.

To know how to do Forex Trading go here : Forex Trading: My regular source of income

For signals on eurusd go here My Forex Trading Journal

Posted by at 1 comment:

Saturday, September 8, 2018

Many routers hardware slowdown overtime why ?

As we know many cheap routers slow down and start to falter over time.  I have seen routers starts to deteriorate within a year of usage.

Why o why this happens??  But this doesn't happens to expensive routers such as cisco, asus, linksys etc.!!, at least not within 2 to 3 years of usage.

There are two things matter in this ,

1. Hardware : Most cheap routers use cheap Electrolytic capacitors that degrade within a few months of usage!!  Also to cut costs they use small size ram chip and tiny flash chip.  Which is a constraint on the CPU and surrounding components. Also to cut cost they do not use heat dissipating elements over the tiny cpu's they got, as a result after a while dust build up and cpu gets really really hot and melts other parts, such a tiny VRM components such as SMD Mosfets and capacitors.  They use wifi amps but do not use proper antenna, this also puts pressure on the wifi modules and wifi part of the CPU.  Ovarall heat buildup really aggravates cpu and other component efficiency and router starts to slow down very quickly after power up.

2.  Software : Usually cheap router vendors do not use proper software along with the router hardware. The problem with cheap WiFi routers aimed at consumers is there is no need to write decent software. They only have to appear to work when first turned on so they don’t get returned to the shop. Over time they fill their internal tables, have memory leaks and other failures due to poorly written and tested code. The easy way to work around this is simply to power cycle the router but that sucks in a busy and active environment.

Anyone can buy high quality routers from Cisco and similar companies and they will run indefinitely without slowing down. While the hardware is sightly better quality the real difference is the software. It is properly written and tested so does not slow down.

But anyone can have the best of both worlds with OpenWRT or Tomato or DD-WRT. OpenWrt/DD-Wrt is Linux based open source software designed for routers that will run on some of the cheap routers, so is Tomato(for broadcom). Many cheap routers are not supported due to their lack of memory but some are supported. I have routers that I paid less than $20 for that can run OpenWRT and they are rock solid and will run as long as I want without slowing down. If you do your home work and find a router that supports OpenWRT you will not regret it and a decade later when you replace it get another that runs OpenWRT again and you find you already know how to use it because it has the same core design as the older one.

Router Placement and Interference : Placing a router also has negative effect on it's performance.  Always try placing router in the middle of the house or if not possible then add another as repeater.  Interference from other wifi routers do effect badly with wifi connection, but good software like Openwrt will help negate that effect!! i.e. very closeby router at the same channel of your wifi router, Openwrt can and do detect it and change channel, but tenda with it's crappy eCos will remain in that channel and Outcry that "Wifi gone", in the house among the children will be heard in the office over the phone!!


Posted by at 2 comments:

Tuesday, September 4, 2018

Why Needed to Investigate your routers Hardware!!

If router is a recent router with at least 4 mb flash chip, then It's possible to install openwrt or dd-wrt for it without any modification to it.

It depend on the router.  Now a days most cheaper router that are popular are tp-link routers.  But no matter what, You must know the hardware of your router.  It doen't matter what anyone says or whatever read over the net.  What I mean is even if you got a router that is well known, you still need to open up your router to find out exact SOC chip, flash chip and ram you have.  For example, if you have a tp-link 841n/nd router but the model is recent v13 or v13.xx It's most likely a mediatek device i.e. It got a mediatek SOC for sure.

So, if you got mediatek soc you cannot flash the openwrt or dd-wrt for tp link tl-wr841n/nd version 9 or 10 or 11 or 12 firmware for this router.  You must install the latest snapshot with clearly mentioning about mediatek soc, If one do not pay attention to this fact, then surely will brick there router and will have a device that do not boot/work.  This is the reason one must open up their router and investigate what SOC/FLASH/RAM it got.



Please review the images on your left and right.  This is a Tp Link tl-wr841n v-13.1 EU version, EU don't matter much but v-13 are with Mediatek SOC's



If anyone got above router.  Then they can use openwrt only, I don't thing dd-wrt supports it fully(as of yet), even then one must be careful as firmware might have beta stuff and may not work espacially the wifi module.  Also this router got 8 mb flash and 64mb ram, so It can be upgraded to openwrt or dd-wrt as they got tiny or small version that are less then 4 mb!!  Here is Another router of interested for Mediatek SOC,
Tp Link TL-Wr840n(RU)-V4

The Router on the Left is a Tl-Wr840n-V4, This can use the openwrt or dd-wrt made for above Tl-wr841-v13!!. Please see next example too...











Another fact that Most router manufacturer use similar hardware but a bit different board design. Here is one,                                     

 TP-LINK TL-WR841-V10



TP-LINK TL-840-V2.0/V3.x

As Can be seen in above 840v2 and v3 image they both same as 841v10, In fact V9, 10, 11 and 12 of 841 series of router got almost similar or same SOC( qca9533-al3a or qca9533-bl3a or qca9533 ).  I have tested Same version of openwrt on all of them(Mentioned above), they work...But Have a very small difference in V12 to others mentioned.

Tp link 840 and 841 are same/similar on some versions at least.  Looks Tp link used the same soc on almost all routers produced in a specific time frame!! This can be found in other routers made by Asus, Cisco, tenda etc.

So If anyone got a tp link Tl-wr840-v3 or 840v2 they can use the openwrt firmware for tp-link 841v-10, Same for the u-boot, U-boot for 841v10 can be used for 840v2 or 840v3, I have tested it and running openwrt and u-boot for 841v10 in 840v2 and 840v3.

Also as these routers got 4 mb flash chip they can be flashed with small/tiny version of dd-wrt or openwrt(openwrt got only tiny version for these routers).  But To use openvpn or use it as a vpn server or wish to use QOS, then need more ram, at least 64mb is required, soc processing power is adequate at 550/650 Mhz. But also should be noted that to use 840 series of router for 10/15 users for 24/7 will not be possible, if tried they may fail.  But with further mods like a heatsink and a fan, still possible!!! But again a lot more mod required, Also helps if u replace the cheap Electrolytic Capacitors with better once and It will surely work, I have done it, it's doeable.

=====================================================================

My Profession : By trade I'm a Software Engineer.  But I Love trading currency or Forex markets and trade mostly eurusd markets.  So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP.  I trade with reputable International Forex brokers.

To know how to do Forex Trading go here : Forex Trading: My regular source of income

For signals on eurusd go here My Forex Trading Journal

Posted by at 1 comment:

Monday, September 3, 2018

Minor Modification and you are in the realm of Custom firmware 1

Please, Don't be afraid, it's actually very easy to do the modding just for the firmware.  If u'r using routers produced on or after 2016, you are ok. I would recommend to get a tp-link router, notably tp-link tl-wr841n/nd.
Now, lets get into the business.  You will need the following items to do the modding.  You will need some wires with connectors, pins and a usb to serial/UART TTL converter circuit.  I would recommend to get a cp-2102 converter. There is another one, It's pl-2303 Serial to TTL Converter. It's also feasible to buy a cheap ch341a Bios programmer, that u can also use as a usb to serial TTL adapter, chip ch341 got UART to TTL conversion circuit inside.
 The Items in picture on the left are, 1. ch341a programmer. 2 Some pins to connect in the serial riser/port. 3. a cp-2102 USB to serial coverter/adapter. 4. Some wires. U can get either of the item 1 or 3 or both.

In the Image below(2nd. image/photo): Ram and Flash chip, You might need them in case u want to replace the flash chip and ram chip.  In recent routers might not be needed.

You will also need a soldering iron, some solder etc.  If u'r afraid to do soldering, Can get someone experienced in electronic work (in your local electronic shop) to do the job for you.

In some recent routers, serial port/riser are clearly marked, Please review the 3rd. image/photo.  Also the antenna point got a connector in this router.  Please review carefully.

In 4th. image Connection to serial converter to the computer and router shown.  Extra extension cord connected to a USB port at the back of my pc running linux.

To get the Bootloader prompt before loading of default firmware, There are some procedures needs to be followed.

For CFE(Common Firmware Environment) : In broadcom based routers CFE is the boot loader. To get the cfe prompt, All I do is, Just after switching on the router, I keep "Ctrl-C" Pressed, Until I get the cfe prompt. Remember, Keep Your Left Ctrl Key and c key pressed but must switch on router first. If u do not keep "Ctrl-C" pressed there is very little time and cfe

Will boot into the existing firmware/os in the flash chip.

For U-boot(For Atheros and Qualcomm Atheros Based Routers) : I think U-boot is more advanced then cfe.  If it's tp-link router with u-boot, Right after bootloader u-boot boots, It waits for 1 second and within this 1 second needed to write "tpl" and press enter to stop booting into existing firmware resident in the flash chip!!  I never could do this, guess I'm not fast enough to do all that typing and press enter within 1 second.  So What I did I programmed minicom to start with modem initialization code of "tpl" and enter(auto pressed) as soon as started.  So All I do is, switch on the router and as soon as the power light is on, I start minicom and it initialize the router with "tpl" and I get the boot loader prompt!!  Now I have also found out that there is u-boot modification by some one named pepe-2k and that u-boot if supported, can boot most tp-link and other routers.  Here is the URL to download the pepe-2k prebuild u-boot images,

https://github.com/pepe2k/u-boot_mod/tree/master/original_u-boot_images

Do not wish to compile from source ?, then above url got all the prebuild images i.e. for Atheros/QCA Atheros cpu other routers.  Please note that If your router is tl-wr840n v2/v3 with QCA9533-BL3A/AL3A or plain QCA9533, then u-boot for tl-wr841 v9/v10/v11 will work just fine as they share the same cpu/SOC!! i.e. both got qca9533-bl3a/al3a.

The reason I'm sharing above boot loader info:: The latest u-boot modification by above pepe2k user, made it much easier to get the bootloader prompt, You don't have to do 'tpl" enter, You can just start up your router and when it waits for a socond(1 second wait time) you just press "Esc" i.e. escape key on your keyboard, and walla u-boot stops booting existing firmware and yields a boot prompt.

Please also note that a tftp server needed to transfer custom image/rom from your computer to the routers memory.  For Windows Just download and use tftp32 or tftp64 depending on your windows version.  Setting it up is easy, Just select a directory anywhere even in yr desktop will do. For linux default for arch linux is tftp-hpa, and It needs a small config file.  My config is as below,
TFTP_ADDRESS="0.0.0.0:69"
TFTPD_ARGS="-c --secure /srv/gtftp/"
and Started with systemd i.e.
1. systemctl status tftpd  2.  systemctl enable tftpd 3. systemctl start tftpd.
systemd deamon response on command line/cli/terminal,

● tftpd.service - hpa's original TFTP daemon
   Loaded: loaded (/usr/lib/systemd/system/tftpd.service; enabled; vendor prese>
   Active: active (running) since Mon 2018-07-06 14:23:40 +06; xx-min ago
 Main PID: 456 (in.tftpd)
    Tasks: 1 (limit: 4915)
   Memory: 328.0K
   CGroup: /system.slice/tftpd.service
           └─456 /usr/bin/in.tftpd --listen -c --secure /srv/gtftp/


Posted by at No comments:

Sunday, September 2, 2018

Open source firmware for routers

After investigating further, I have found out that Millions of people like me are looking for custom firmware for routers they got.  There are Three firmware that I have found that are very advanced and can be installed on almost all routers. They are,
1. OpenWrt : Originally for Atheros based chips but also can be used in broadcom.
2. Tomato : This firmware were backed by broadcom and can be used in any router that got broadcom chip/soc/cpu in it.  It's current development is minimal, but it's a full brown os for routers.
3. Dd-wrt : It's similar to above but developed for all SOC's.

Currently there are routers with Boardcom and Atheros, which is bought by Qualcomm and they produce Qualcomm atheros based SOC/cpu's. There is also Mtk based cpu's that just started appearing into the main stream router market. There were some others but nothing new coming from them anymore.

Most widely used software is Openwrt, so decided to go to that path, not knowing a vital info., they lack support for broadcom based wifi driver!!

I have now got my serial interface wired and soldered in....


After Investigating about Serial TTL Adapters, I know how to find the pins.  All you need is a multimeter and a solder iron for the job.  First Find he ground plain, in any circuit is the usually the screw holes and other metal parts that are exposed.  Put your multimeter into Doide or Short detection mode or continuity test mode.  In routers Best ground is the Antenna connection solder point(see image). Ground pin is the pin, when connected to MM(One mm pin to Gnd one to Antenna solder Point) it beeps/lights lit when it finds short or connected directly with the body/ground plain. After power up the router, the Pin that got ful 3.3v, is the vcc pin, Nothing Must be connected to this pin or else your serial adapter or router may get damaged!!. Wait for router to boot if in entire boot process no voltage drop detected on this pin, then that is the Vcc(No change in voltage).  Tx(Transmit) pin is the Pin that gets voltage spikes right after power up while booting or os loading!!.  The rest of the pin is the Rx pin.  No worries though, if u get Tx/Rx wrong u will get garbled text through the serial port, All u have to do switch the tx/rx pins/wires of your serial adapter.  I have found out about this in this document published in the internet,
http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/

You have to use a serial tty software, for windows You can use putty, For linux I use minicom, Serial settings are Bps/Par/Bits       : 115200 8N1.  Hardware or Software flowControl is Off.  For windows U can detect serial interface from device manager, It will show u in what port the TTL Adapter is connected. For linux it's usually /dev/ttyUSB0  or /dev/ttyACM0.  If u do dmesg(Linux) right after connecting the TLL Converter to your computer it will show you in what port it is connected!! For windows You have to install the adapter(cp2102) Driver widely available in internet, just search for "cp 2102 adapter software" in google and the first one will do. For Linux Latest kernels got the driver built-in, at least that is what I hv found with Arch/Manjaro, Debian and Ubuntu.

Anyway, After serial TTL connected to computer, power up the router and Tenda fh305 log shows in the terminal/minicom,

CFE version 5.100.138.3 based on BBP 1.0.37 for BCM947XX (32bit,SP,LE)       
Build Date: 2011-05-26 10:33:50 4 (richard@aeteam.com)                       
Copyright (C) 2000-2008 Broadcom Corporation.                                 
                                                                             
Init Arena                                                                   
Init Devs.                                                                   
Boot partition size = 131072(0x20000)                                         
Found an ST compatible serial flash with 32 64KB blocks; total size 2MB       
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.100.138.3       
CPU type 0x19749: 300MHz                                                     
Tot mem: 16384 KBytes                                                         
                                                                             
CFE mem:    0x80700000 - 0x80798550 (623952)                                 
Data:       0x8072E3A0 - 0x807315C0 (12832)                                   
BSS:        0x807315C0 - 0x80732550 (3984)                                   
Heap:       0x80732550 - 0x80796550 (409600)                                 
Stack:      0x80796550 - 0x80798550 (8192)                                   
Text:       0x80700000 - 0x8072E39C (189340)                                 
                                                                             
Device eth0:  hwaddr C8-3A-35-5C-62-D0, ipaddr 192.168.0.1, mask 255.255.255.0
        gateway not set, nameserver not set                                   
Loader:raw Filesys:raw Dev:flash0.os File: Options:(null)                     
Loading: ..... 2839212 bytes read                                             
Entry at 0x80001000                                                           
Closing network.                                                             
Starting program at 0x80001000                                               
IP Filter: v3.4.35 initialized.  Default = pass all, Logging = disabled       
PCI: no core                                                                 
PCI: no core                                                                 
PCI: Fixing up bus 0                                                         
wl_pci_probe: find [14e4:4329] bus 0 slot 1 func 0 irq 1                     
                                                                             
eCos Router/AP V5.110.27.21 (Compiled at 19:53:25 on Sep  2 2013)             
sys_led_test_gpio=6                                                           
Using pin 6 for sys_led output                                               
wps_led_test_gpio=7                                                           
System start                                                                 
vlan1: VLAN interface created                                                 
vlan2: VLAN interface created                                                 
wlconf: PHYTYPE: 4                                                           
COEX: downgraded chanspec 0x2d07 to 0x2b05: channel 3 used by exiting BSSs   
EAPD task started                                                             
initWebs: lanip=[192.168.0.1]                                                 
NAS task started                                                             
CLI> COEX: downgraded chanspec 0x2d04 to 0x2b02: channel 1 used by exiting BSSs
COEX: downgraded chanspec 0x2d07 to 0x2b05: channel 2 used by exiting BSSs   
COEX: downgraded chanspec 0x2d04 to 0x2b02: channel 1 used by exiting BSSs   
CLI> help

Just doing help on the interface shows all commands, it's the Bootleader CFE(Common Firmware Environment) for Broadcom based routers. It is the default for all Broadcom soc based routers, developed by broadcom. It is similar to Linux Boot loader Lilo or Grub.


==================================================================

My Profession : By trade I'm a Software Engineer.  But I Love trading currency or Forex markets and trade mostly eurusd markets.  So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP.  I trade with reputable International Forex brokers.

To know how to do Forex Trading go here : Forex Trading: My regular source of income

For signals on eurusd go here My Forex Trading Journal

Posted by at 3 comments:
Subscribe to: Posts (Atom)