hi
im trying to hack an wrt55ag device
hw v.2.0
sw v 1.30
of course there is no such thnig as "ping" bug
i soldered COM port on it and can see system output
page http://wiki.openwrt.org/OpenWrtDocs/Har … wrt55ag%29
says that system prompts for user/pass to allow login similar to telnet or ssh but it actually does NOT!
all i can get is boot options that i can change
i forced this device to accept TFTP conections an got some info from it - 2 files APIMG1 an OS image that does not hel me wery much, and APCFG config file that show a lot ow interesting things..
i tried to change this file and upload it back but serial output shows :
Firmware check error
tftpdFileWrite: could not send "TFTP server" to client
it could be file checksum error
i need to get to shell but or at least change nvram settings
i have an idea:
bootmanager allows to boot from network
if i could point it to my PC to grab and openwrt image - it would probably boot and i could get a telnet conection
but i have no idea how does nework boot work
here is full options of boot manager:
[Boot]: ?
? - print this list
@ - boot (load and go)
p - print boot params
c - change boot params
e - print fatal exception
v - print version
B - change board data
S
n netif - print network interface device address
$dev(0,procnum)host:/file h=# e=# b=# g=# u=usr [pw=passwd] f=#
tn=targetname s=script o=other
boot device: tffs=drive,removable file name: /tffs0/vxWorks
Boot flags:
0x02 - load local system symbols
0x04 - don't autoboot
0x08 - quick autoboot (no countdown)
0x20 - disable login security
0x40 - use bootp to get boot parameters
0x80 - use tftp to get boot image
0x100 - use proxy arp
available boot devices:Enhanced Network Devices
ae0 ae1 tffs