The content of this topic has been archived between 31 Aug 2014 and 5 May 2018. Unfortunately there are posts – most likely complete pages – missing.
Hi All,
I would like to bump up the question of Tolyan about the 16 bytes on the beginning of bin file for flashing Via TP-Link WEB gui.
I already noticed that first 4 bytes are the size of "source rom" file, but next 16 bytes looks as random. It would be some Checksum, but the MD5 is not matching...
Dear XSSA,
As You already have done some TP-Link WEB GUI Compatible bin files, could you share the hashing algorithm it uses?
Thanks for all your contribution!
Stanislaw Wawszczak
First of all you need to flash Redboot to first 64kB of your new 64Mbit chip and flash boardconfig from last 128 kB from old chip to last 128 kB of your new chip. Then solder your new chip onto bard and cross your fingers looking to serial console on booting. Meaning RedBoot will recognise your chip properly.
Thx! Well done!
My T-LINK TL-WR340GD ver 3.1 fullflash, original 16Mbits and new 64Mbits with RedBoot.
Two jumpers to enable UART (115200 8n1)
MicroRedBoot v1.4, (c) 2009 DD-WRT.COM (Mar 29 2010 REVISION 14131)
keep the reset button pushed to enter redboot!
CPU Type: Atheros AR2315/6/7/8
CPU Clock: 184Mhz
Found Flash device SIZE=0x00800000 SECTORSIZE=0x00010000 FLASHBASE=0xA8000000
no bootable image found, try default location 0xA8010000
Booting Linux
loading
data corrupted!
switching to recovery RedBoot
loading.....No board config data found!
+What's next?
(Last edited by Delfer on 5 Apr 2015, 11:44)
Linux from wr340v5_linux.bin loads
BusyBox v1.15.3 (2010-04-26 19:06:00 EEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
Backfire (10.03, r20974) --------------------------
* 1/3 shot Kahlua In a shot glass, layer Kahlua
* 1/3 shot Bailey's on the bottom, then Bailey's,
* 1/3 shot Vodka then Vodka.
---------------------------------------------------
root@(none):/#But MicroRedBoot recovery (with reset button) - not
MicroRedBoot v1.4, (c) 2009 DD-WRT.COM (Mar 29 2010 REVISION 14131)
keep the reset button pushed to enter redboot!
CPU Type: Atheros AR2315/6/7/8
CPU Clock: 184Mhz
Found Flash device SIZE=0x00800000 SECTORSIZE=0x00010000 FLASHBASE=0xA8000000
Reset Button triggered
Booting Recovery RedBoot
loading.....
юNo radio config data found!
+CPU 0 Unable to handle kernel paging request at virtual address c03e0000, epc == 8000f60c, ra == 800171c4
Oops[#1]:
Cpu 0
$ 0 : 00000000 00000010 ffffffff 807f0000
$ 4 : 807f0000 c03e0000 0000ffff c03e0000
$ 8 : 00000000 80020000 80020000 00000100
$12 : 8071101c 000000a0 00000001 94437da1
$16 : 80020000 8000f0f8 80020000 3ebcab7b
$20 : 7bdbff4f 00000001 fffffffd 7b0413eb
$24 : fcb3fb8b e355e1d3
$28 : 80026390 8001f3d0 4fd4f517 800171c4
Hi : 00000000
Lo : 00010000
epc : 8000f60c 0x8000f60c
Not tainted
ra : 800171c4 0x800171c4
Status: 10000002 KERNEL EXL
Cause : 50008008
BadVA : c03e0000
PrId : 00019064 (MIPS 4KEc)
CPU 0 Unable to handle kernel paging request at virtual address 0000100e, epc == 8013be80, ra == 8013cbfc
Oops[#2]:
Cpu 0
$ 0 : 00000000 10000000 00000000 0000100e
$ 4 : 0000100e ffffffff 0000100e 00000004
$ 8 : 00000020 00000030 0000002d ffffffff
$12 : ffffffff 000000a0 00000001 94437da1
$16 : 80372c86 0000100e ffffffff 00000000
$20 : 80373048 00000000 00000000 80373048
$24 : 00000010 80166ea8
$28 : 8001e000 8001f010 ffffffff 8013cbfc
Hi : 00000000
Lo : 0000005b
epc : 8013be80 0x8013be80
Not tainted
ra : 8013cbfc 0x8013cbfc
Status: 10000002 KERNEL EXL
Cause : 50008008
BadVA : 0000100e
PrId : 00019064 (MIPS 4KEc)
Modules linked iModules linked i paging request at virtual add iMo ules linked by a non-GPL module, which will not be allowed in the future
Process Board Data is already relocated(1)!
(pid: 1718183712, threadinfo= 8001e000, task= 8001aa38, tls=00000000)
Stack : 00000009 802240b8 00000021 80373048 8001f1f0 00000000 80372c86 8001f1ec
00000004 8013d7b8 00000020 00000021 00000004 00000004 00000000 ffffffff
0000000a ffffffff ffffffff 8001f220 00000004 00000000 ffffffff 0000000a
ffffffff ffffffff 80378bd4 801678f0 0000000a ffffffff ffffffff 0000000a
80378bd4 801678d0 80378bd4 801678f0 ffffffff ffffffff 00000011 80167de0
...
Call Trace:[< 0008013d7b8>] 0x000000000000000000000000000000000Now my router works with ESMT M12L64164-7 RAM (4 banks x 1M x 16 bits @ 143Mhz)
Can I swap it to Hynix HY5DU121622CTP-4 (4 banks x 8M x 16 bits @ 250Mhz)?
Atheros AR2317 datasheet
UPD. HY5DU121622CTP - no chance, not compitable by package.
Old chinese TWIN 133 724A120 (128 Mbit) also failed - router does't start.
(Last edited by Delfer on 24 Apr 2015, 19:02)
xssa, now I have router with 8Mb rom and 32Mb ram. redboot_ap61_32M_8M_marvell.rom loaded perfect, but ar8236... How to enable it?
MicroRedBoot v1.4, (c) 2009 DD-WRT.COM (Jul 8 2012 REVISION 18550M)
keep the reset button pushed to enter redboot!
CPU Type: Atheros AR2315/6/7/8
CPU Clock: 184Mhz
Found Flash device SIZE=0x00800000 SECTORSIZE=0x00010000 FLASHBASE=0xA8000000
Reset Button triggered
Booting Recovery RedBoot
loading.....
▒+Couldn't find valid MAC address for enet0. Using default!
Ethernet eth0: MAC address 00:03:7f:e0:02:bf
IP: 192.168.0.251, Default server: 192.168.0.3
RedBoot(tm) bootstrap and debug environment [RAM]
Non-certified release, version UNKNOWN - built 18:15:53, Jul 8 2012
Copyright (C) 2000, 2001, 2002, 2003, 2004 Red Hat, Inc.
Copyright (C) 2009 NewMedia-NET GmbH
Board: ap61
RAM: 0x80000000-0x82000000, [0x80031380-0x81fed000] available
FLASH: 0xa8000000 - 0xa87f0000, 128 blocks of 0x00010000 bytes each.
RedBoot>ar8236 is a quite undocumented chip so when time comes and Tp-link made new revision and change marvel switch to ar8236 i did some workarounds. There is Z-modem enabled MicroRedBoot and modified Linux phy driver which can correctly initialize this switch in tl-wr340 board.
I found U-Boot what support AR2317 + 88E6060, AR8236, ADM6996 here. u-boot-ar2317.bin on my Dropbox.
It pretty good. Work fine with my board, correctly detects RAM and FLASH and with Web console. I like it.
So, I combined it with barrier breaker kernel and rootfs. FIS edited manually.
It starts and works, detects switch:
[ 2.980000] eth0: Atheros AR231x: 0e:b2:6d:46:9f:dd, irq 4
[ 3.140000] switch0: Atheros AR8236 rev. 1 switch registered on 0
[ 3.290000] libphy: ar231x_eth_mii: probed
[ 4.470000] eth0: attached PHY driver [Atheros AR8216/AR8236/AR8316] (mii_bus:phy_addr=0:00)But still have no any connections over lan. What to do?
'swconfig dev switch0 show' - shows our switch, correct status of each port, but counters for port 0 (CPU) everytime are 0.
And I can 'bridge' LAN ports using commands:
root@OpenWrt:/# swconfig dev switch0 vlan 0 set ports '0 1 2 3 4 5'
root@OpenWrt:/# swconfig dev switch0 set applyBut I can not connect to router.
(Last edited by Delfer on 11 May 2015, 20:18)
It is difficult to figure out what goes wrong with ar8236 w/o documentation. The way this switch is initialized by the stock linux driver for this board is wrong. It needs another magic to be written to its config registers. I reversed this magic from stock tp-link firmware and it works for me. I think this is about MII - RMII , but without docs who knows? I will look to my modified sources to help you, i need few days to access it.
As i understand ar8236 works fine with this u-boot.
If you have sources for this u-boot it can give more light.
(Last edited by xssa on 11 May 2015, 20:59)
I have only AR8236 Six-Port Fast Ethernet Switch Data Sheet. I think it works as "5 port 10/100 UTP + 1 port MII MAC".
Can you share you magic? How to let this switch works? Just like a hub.
I do not have U-Boot sources, but I am trying to contact to its developer.
(Last edited by Delfer on 12 May 2015, 08:47)
The magic is:
priv->write(priv, 0x78, 0x1f0); // cpu port register, You can check this image wr340v3_linux.bin if it works for you.
priv->write(priv, 0x78, 0x1f0); // cpu port register, According AR2316 datasheet that's meens:
3:0 - reserved - no care
7:4 - MIRROR_PORT_NUM - no mirror port connected to switch
8 - CPU_PORT_EN - enable CPU port
In this chip CPU port disabled by default. Your code enables it.
I found some code in OpenWRT repo:
ar8216.h
#define AR8216_REG_GLOBAL_CPUPORT 0x0078
#define AR8216_GLOBAL_CPUPORT_MIRROR_PORT BITS(4, 4)
#define AR8216_GLOBAL_CPUPORT_MIRROR_PORT_S 4/* reset all mirror registers */
ar8xxx_rmw(priv, AR8216_REG_GLOBAL_CPUPORT,
AR8216_GLOBAL_CPUPORT_MIRROR_PORT,
(0xF << AR8216_GLOBAL_CPUPORT_MIRROR_PORT_S));
...
ar8xxx_rmw(priv, AR8216_REG_GLOBAL_CPUPORT,
AR8216_GLOBAL_CPUPORT_MIRROR_PORT,
(priv->monitor_port << AR8216_GLOBAL_CPUPORT_MIRROR_PORT_S));They uses this port, but only to enable mirroring, not to enable CPU port.
I think, following function can be updated
static void
ar8236_init_globals(struct ar8xxx_priv *priv)
{
/* enable jumbo frames */
ar8xxx_rmw(priv, AR8216_REG_GLOBAL_CTRL,
AR8316_GCTRL_MTU, 9018 + 8 + 2);
/* enable cpu port to receive arp frames */
ar8xxx_reg_set(priv, AR8216_REG_ATU_CTRL,
AR8236_ATU_CTRL_RES);
/* enable cpu port to receive multicast and broadcast frames */
ar8xxx_reg_set(priv, AR8216_REG_FLOOD_MASK,
AR8236_FM_CPU_BROADCAST_EN | AR8236_FM_CPU_BCAST_FWD_EN);
/* Enable MIB counters */
ar8xxx_rmw(priv, AR8216_REG_MIB_FUNC, AR8216_MIB_FUNC | AR8236_MIB_EN,
(AR8216_MIB_FUNC_NO_OP << AR8216_MIB_FUNC_S) |
AR8236_MIB_EN);
}Call ar8xxx_write(priv, 0x78, 0xc00001f0); would be enough. What do you think?
Like here:
static void
ar8216_init_globals(struct ar8xxx_priv *priv)
{
/* standard atheros magic */
ar8xxx_write(priv, 0x38, 0xc000050e);
ar8xxx_rmw(priv, AR8216_REG_GLOBAL_CTRL,
AR8216_GCTRL_MTU, 1518 + 8 + 2);
}(Last edited by Delfer on 16 May 2015, 09:47)
The magic is:
You can check this image wr340v3_linux.bin if it works for you.
I've got bootloop
loading.MicroRedBoot v1.4, (c) 2009 DD-WRT.COM (Jul 12 2011 REVISION 14131M)
keep the reset button pushed to enter redboot!
CPU Type: Atheros AR2315/6/7/8
CPU Clock: 184Mhz
Found Flash device SIZE=0x00800000 SECTORSIZE=0x00010000 FLASHBASE=0xA8000000
no bootable image found, try default location 0xA8010000
Booting Linux
loading.MicroRedBoot v1.4, (c) 2009 DD-WRT.COM (Jul 12 2011 REVISION 14131M)Recovery fails
MicroRedBoot v1.4, (c) 2009 DD-WRT.COM (Jul 12 2011 REVISION 14131M)
keep the reset button pushed to enter redboot!
CPU Type: Atheros AR2315/6/7/8
CPU Clock: 184Mhz
Found Flash device SIZE=0x00800000 SECTORSIZE=0x00010000 FLASHBASE=0xA8000000
Reset Button triggered
Booting Recovery RedBoot
loading.....
▒No board config data found!
+I've got it!
--- openwrt/target/linux/generic/files/drivers/net/phy/ar8216.h
2015-05-17 16:08:32.940737618 +0100
+++ openwrt-clean/target/linux/generic/files/drivers/net/phy/ar8216.h
2015-05-17 12:54:50.411390834 +0100
@@ -37,21 +37,9 @@
#define AR8216_CTRL_VERSION_S 8
#define AR8216_CTRL_RESET BIT(31)
-#define AR8236_REG_PORT0_PAD_MODE_CTRL 0x0004
-#define AR8236_PORT0_MII_MAC BIT(2)
-#define AR8236_PORT0_MII_MAC_S 2
-#define AR8236_PORT0_MII_PHY BIT(10)
-#define AR8236_PORT0_MII_PHY_S 10
-#define AR8236_PORT0_RMII BIT(17)
-#define AR8236_PORT0_RMII_S 17
-
#define AR8216_REG_FLOOD_MASK 0x002C
#define AR8216_FM_UNI_DEST_PORTS BITS(0, 6)
-#define AR8216_FM_UNI_DEST_PORTS_S 0
#define AR8216_FM_MULTI_DEST_PORTS BITS(16, 6)
-#define AR8216_FM_MULTI_DEST_PORTS_S 16
-#define AR8236_FM_BROAD_DEST_PORTS BITS(25, 6)
-#define AR8236_FM_BROAD_DEST_PORTS_S 25
#define AR8216_REG_GLOBAL_CTRL 0x0030
#define AR8216_GCTRL_MTU BITS(0, 11)
@@ -120,8 +108,6 @@
#define AR8216_REG_GLOBAL_CPUPORT 0x0078
#define AR8216_GLOBAL_CPUPORT_MIRROR_PORT BITS(4, 4)
#define AR8216_GLOBAL_CPUPORT_MIRROR_PORT_S 4
-#define AR8236_GLOBAL_CPUPORT_CPU_PORT_EN BIT(8)
-#define AR8236_GLOBAL_CPUPORT_CPU_PORT_EN_S 8
#define AR8216_PORT_OFFSET(_i) (0x0100 * (_i + 1))
#define AR8216_REG_PORT_STATUS(_i) (AR8216_PORT_OFFSET(_i) + 0x0000)
--- openwrt/target/linux/generic/files/drivers/net/phy/ar8216.c
2015-05-17 13:34:30.000000000 +0100
+++ openwrt-clean/target/linux/generic/files/drivers/net/phy/ar8216.c
2015-05-17 12:54:50.411390834 +0100
@@ -855,23 +855,6 @@ ar8236_hw_init(struct ar8xxx_priv *priv)
static void
ar8236_init_globals(struct ar8xxx_priv *priv)
{
- /* enable CPU port */
- ar8xxx_rmw(priv, AR8216_REG_GLOBAL_CPUPORT,
- AR8236_GLOBAL_CPUPORT_CPU_PORT_EN,
- (0b1 << AR8236_GLOBAL_CPUPORT_CPU_PORT_EN_S));
-
- /* set MII interface PHY mode on port 0 */
- ar8xxx_rmw(priv, AR8236_REG_PORT0_PAD_MODE_CTRL,
- AR8236_PORT0_MII_PHY,
- (0b1 << AR8236_PORT0_MII_PHY_S));
-
- /* transmit uni flood, multi flood, broadcast to all ports */
- ar8xxx_rmw(priv, AR8216_REG_FLOOD_MASK,
- AR8216_FM_UNI_DEST_PORTS | AR8216_FM_MULTI_DEST_PORTS |
AR8236_FM_BROAD_DEST_PORTS,
- (0b111111 << AR8216_FM_UNI_DEST_PORTS_S) |
- (0b111111 << AR8216_FM_MULTI_DEST_PORTS_S) |
- (0b111111 << AR8236_FM_BROAD_DEST_PORTS_S) );
-
/* enable jumbo frames */
ar8xxx_rmw(priv, AR8216_REG_GLOBAL_CTRL,
AR8316_GCTRL_MTU, 9018 + 8 + 2);(Last edited by Delfer on 17 May 2015, 17:48)
wow. this thread has been going for a while and I haven't read the whole thing (yet).
I've got a TP Link WA500G which I would like to flash with (minimal) OpenWrt.
Hardware version is v1 081530EF (as reported by the status page on the router's web interface)
Hardware inside is (apparantly the difference is the Flash & Ram):
Flash : Winbond 25X16AVSIG
Ram : EtronTech EM638165TS-6G
and the seemingly usual Atheros AR2317 + Realtek RTL8201CP
Are there any images around that should work via web interface upgrade?
Is VxKiller stiil the most promising route and would i follow the steps outlined on the wiki TL WR542G page?
Thanks in advance for any pointers.
Edit: when I say 'minimal OpenWrt:
I would like to have both ethernet and wifi working, no need for web interface, ideally ssh or at least telnet & tftp.
I do realise that the flash is too small to support much more than that.
(Last edited by daniel.boyles on 19 May 2015, 19:41)
There is no hardware to debug redboot on ar2317 + rtl8201cp
RTL8201CP is not a problem, I think. It can work as general phy. Real problem - memory. Minimal for OpenWrt Barrier Breaker is 16Mb RAM and 4Mb Flash. Your device have 8Mb RAM and 2Mb Flash. If you can upgrade you device hardware, you will can path OpenWrt to support your phy.
But network in bootloader... I don't know.
(Last edited by Delfer on 23 May 2015, 20:03)
Regards ...
I plan to set up three teams TL-WR340G V 2.2 AP mesh and openwrt want to do it, I've seen that because the issue is old equipment even forgotten the link to the wiki says that there is no longer that content.
I appreciate any advice to get information about the configuration of this equipment?
luisandresco, at first you must enlarge RAM and flash.
I've got it!
Hi!
I have a router TL-WR340G+ V4.0 (chinese version).
I upgraded it hardware and now it have:
CPU Atheros AR2317 rev 0
RAM 32MB SDRAM
Flash Winbond W25Q32 @ 23MHz (4MB)
Ethernet Atheros AR8236 rev 1
Clocks CPU: 184MHz, SDR: 184MHz, AMBA: 92MHz, Ref: 40MHz
I'm not smart enough to compile the OpenWRT firmware for it.
Can you help me and share ready firmware?
I upgraded it hardware
Have you flash it with u-boot?
(Last edited by Delfer on 7 Dec 2015, 11:09)
Have you flash it with u-boot?
Yes, I flashing u-boot from hackpascal.
Да, я залил загрузчик u-boot от hackpascal. Осталось дело за малым, найти рабочую прошивку. Я брал этот роутер в расчёте залить туда прошивку от ubiquiti nanostation, она в принципе залилась, но из-за другой микросхемы свича, сети нет.
when i try to flash the XSSA VxKiller i receive the following error message: "Upgrade unsuccessfully because the version of the upgraded file was incorrect. Please check the file name"
Today I connected the serial console to the pc, and i discovered that, when i try to flash the firmware from the webpage, on the serial console it is printed the following error:
r4xx: incorrect software version 0x0, should be 0x542a!
tftp: firmware version check failed
can you help me?
Now i will detail to you the important remaining details: the router is TP-Link TL-WR542G
I would like to flash openWrt on the TP-Link TL-WR542G . This device has the same hardware of the WR340G according to this page: http://wiki.openwrt.org/toh/tp-link/tl-wr542g
on the linked page i can read that the VxKiller firmware should work without problems.
the firmware actually loaded on the router is this one: http://tplink.com/resources/software/20 … 571818.zip
when i power on the device i can read on the serial console the following text:
AR2315 rev 0x00000090 startup...
Attached TCP/IP interface to ae unit 0
Attaching interface lo0...done
dsInit 1
wlanBridgeInit(): ucGetOpMode() 1
wireless access point starting...
Auto Channel Scan selected 2462 MHz, channel 11
wlan0 Ready
TDDP
Software Platform for ARM
Copyright(C) 2001-2004 by TP-LINK TECHNOLOGIES CO., LTD.
Creation date: Dec 3 2010, 11:44:18
Press CTRL-B to enter bootmenu...
Boot Menu:
1: Download application program
2: Modify Bootrom password
3: Exit the menu
4: Reboot
5: User commond line
Enter your choice(1-4):
Delfer wrote:Have you flash it with u-boot?
Yes, I flashing u-boot from hackpascal.
Share your fullflash and I will try to modify it with OpenWRT kernel and rootfs.
Any way to return to stock firmware?
Do you mean to return to vxworks? There is in this topic.
ESonya wrote:Delfer wrote:Have you flash it with u-boot?
Yes, I flashing u-boot from hackpascal.
Share your fullflash and I will try to modify it with OpenWRT kernel and rootfs.
Hi!
It seems you have run openwrt on ar2317 + ar8236 successfully?I have a router mercury MW54R, it has the same hardware with tl-wr340gd. I swaped the SPI flash to 64Mbit(8MB) W25Q64 too, and the RAM swaped to 32MB as well. Hackpascal's uboot has installed already. Could you share your binary firmware or source code?THX !
This forum can not send private message, you can contact me: xuexi8848@qq.com