Would someone care to update the openwrt wiki and maybe upload some essential fullimage files (that work with recovery) and document the u-boot flashing process a bit?
I would love to work on my 904 but it seems it is quite easy to brick the device...

Me too

I know it´s not very constructive in the openwrt development but quiet some ppl are still looking in the matter of changing the APN, for example i was surprised that it wasn´t possible even if you want to use web.vodafone.de which is still vodafone...
i don´t see a pm function but saw that there is a firmware mod kit and would like to know if it´s possible to just change the apn with that easily, in the long run openwrt would be perfect.

thx

Yaku

I tried to make a runnable firmware with OpenSource Code, but doesn't work (maybe missing files/repositories).

How did you do that exactly? I tried but failed because of the signature.

Best regards

Hi,

I want to use 904LTE with locked APN. Could any of you send me TXT file with my configuration that I can import to my device ?
I will use it with polish sim card in Poland for LTE 1800.
I tried to update firmware with: http://dl.hald.pw/904lte-01.07.tar.gz from http://wiki.openwrt.org/toh/arcadyan/easybox_904_lte but it says that "Die ausgewählte Datei ist keine gültige Firmware" (Update is not valid).

For those who want to change APN(and other settings, get their pppoe user/pass or sip user/pass) look here https://piratenpad.de/p/GWryBbvQqV

EDIT:
Ok, if you want UART mode, just shortcut R148.

I was able to compile gpl sources from http://www.astorianetworks.com/astoria/ … 310.tar.gz

Generated fullimage.img can be flashed via rescue tftp mode but i got kernel panic.

Also, generated u-boot binaries are good to some point, i tested only u-boot.asc which i uploaded over UART because i played too much with uboot env and now i cant load kernel.

I will try to mess with u-boot source to disable password prompt and preboot(because preboot command is f**ked in my env) but i am no coder at all so help is welcomed.

Also, is there any tip how to erase uboot env from flash? I saw on some routers one can shortcut some pins on tsop flash chip to get env corrupted, but it wont work on this model, or i did not used right pins.

Here is bootlog with uart mode(shortcut R148)

ROM VER: 1.1.4
CFG 06
NAND
NAND Read OK
nand_read_page - 00000008
DDR autotuning Rev 0.3c
DDR size from 0xa0000000 - 0xa7ffffff
DDR check ok... start booting...



U-Boot 2010.06-Lv2.0.40-A0.5   (Nov 22 2012 - 15:40:12)

CLOCK CPU 500M RAM 250M
DRAM:  128 MiB
NAND:  NAND device: Manufacturer ID: 0xec, Chip ID: 0xdc (Samsung NAND 512MiB 3,3V 8-bit)
512 MiB
Bad block table found at page 262080, version 0x01
Bad block table found at page 262016, version 0x01
In:    serial
Out:   serial
Err:   serial
Net:   
ROM VER: 1.1.4
CFG 02
UART

ROM VER: 1.1.4
CFG 02
UART
**********************************************************************************************************************

U-Boot 2010.06-Lv2.0.40-A0.5 (Jan 25 2015 - 22:44:39)

CLOCK CPU 500M RAM 250M
DRAM:  128 MiB
NAND:  NAND device: Manufacturer ID: 0xec, Chip ID: 0xdc (Samsung NAND 512MiB 3,3V 8-bit)
512 MiB
Bad block table found at page 262080, version 0x01
Bad block table found at page 262016, version 0x01
In:    serial
Out:   serial
Err:   serial
Net:   bad image magic number
cannnot find gphy firmware!
Internal phy(GE) firmware version: 0xffff
vr9 Switch
## Ready for binary (ymodem) download to 0x80800000 at 115200 bps...

(Last edited by angrybb on 26 Jan 2015, 14:59)

@angrybb
What happens if you don't start to the UART Mode ? (bootlog)
have you done anything with the partition layout on your box ?
Is it the LTE OR the DSL Version ?

(Last edited by marcohald on 28 Jan 2015, 20:41)

If i dont start in uart mod it boots normaly to vodafone fw, i think i did not understand what you mean.
I didn't done anything, just compiled uboot that does not read preboot env so i could repair my prebot value.
I tried to disable password promt on uboot but i dont know how. I see that someone on wiki page has posted bootlog with modified uboot that does not reboot after entering wrong password but there is no link to that uboot and no info how to compile one like that.
I guess one should change "run_command" line in main.c file from "reset" to something else, but i dont know with what. I think i tried with "help" or something but it runs given command but after that still does not give me the uboot prompt.

ctrlc_lcd_Init:
// Arcadyan Begin , check password
pass_mode = 1;
len = readline("\n\nplease input password : ");
if (verify_password(console_buffer) != 0) {
int i = 5;
printf("\n\nwrong password, rebooting ... ");
while (i >= 0) {
printf("\b%d", i--);
udelay(1000000);
}
run_command("reset", 0);
while(1);

I am willing to donate unit, it is 904 xDSL, and did contacted blogic today but did not get response.

I have compiled this uboot where the bootlog is from.
But at the moment I cannot access my patched source code. I can post it later here.
What is wrong with your preboot env ? You can still boot to the normal Vodafone Image ?
Have you tried to fix the env with the uboot_env tool witch is included in the original image ?

I was trying to bypass uboot password by changing some uboot env values. I saw in source code that uboot checks for preboot env which is not defined by vodafone. So while i had access to ssh on the router i used uboot_env and added something like "preboot=myenv" and "myenv=help". What this does is it runs anything that is defined in preboot env before anything, before delay and password prompt. But i added "loady" as preboot command so my boot was stoped at that point and i could not boot kernel. That is not the problem anymore, as i said i recompiled new uboot that dont check preboot env and sent it in UART mode, it booted vodavone fw and i used uboot_env to clear preboot. Now i am ok, with all back to stock.

I want to say that preboot comes in handy here, one can use say loady to reflash bootloader or kernel from stock bootloader without need for a uboot password, but since we have source code it is better just to recompile and enhance uboot. I dont know why is uboot for this device so huge, almost twice as big as for infinion/danube devices. .asc file is 478Kb and it takes more than 5 minutes to upload it over UART.

EDIT:
Just to be clear, now with access to UART mode and working uboot.asc file device is almost unbrickable. Just be sure to have backup of all partitions before trying anything.

Also, can someone with LTE version confirm if UART is activated the same way as on xDSL version (shortcut R148 while powering the device)?

(Last edited by angrybb on 29 Jan 2015, 12:13)

OK now i habe understand what you meant with the preboot variable.
How did you found the pin for the UART Mode ?
Can you post a picture of it where it is on the PCB ?

Interesting story, i also asked this question myself:"How those people find those "hidden" triggers for various modes? Especially when there is no datasheets and other docs. Maybe by trial and error?"
So i startet first by googling for this:

ROM VER: 1.1.4 CFG 06

And having a bit of experiance with another arcasyan router, arv4518pw i knew that CFG 06 part should be 01,02,03,04... So i googled for that and came across http://wiki.openwrt.org/toh/arcadyan/ar … puart_mode and interesting enough those two resistors are missing on 904 xdsl too. The difference is that on 904 xdsl uart is activated just by shortcuting R148 and by shortcuting R148 and R155 we got some other mode but i dont remember which CFG is that.

Here is the picture with marked pins

One small info also, you can detach display board while messing with bootloader, router will function normaly.

(Last edited by angrybb on 29 Jan 2015, 21:44)

where can i find stock fullimage.img for restore  easybox 409lte - someone can sahre ?

reg

@angrybb maybe you should take a look at the verify_password() function in file "sha1dgst.c"

Official source code location is build_dir/linux-platform_vr9/u-boot-2010.06/board/vr9/sha1dgst.c
try to replace

if (memcmp(hashValue, dgst, sizeof(dgst)) == 0)    return 0;
return -1;

with

if (memcmp(hashValue, dgst, sizeof(dgst)) == 0)    return 0;
return 0;

I have also bricked my device with wrong bootenv settings.
@angrybb is it possible that you can upload your bootloader

Is it possible to flash only the bootloader?

@Morpheu5
Thx! I will try that.

@BigDee
I will upload it, but keep in mind this is the same stock bootloader, it just does not read the "preboot" from uboot env. and it is still password protected. I will try to compile new uboot with info that @Morpheu5 provided and upload that too.

"skip preboot env uboot" - https://www.mediafire.com/?xdfxw9bsukk8805

EDIT:
Ok i compiled uboot with tip from @Morpheu5 but i did not tested it, it is late here. Maybe tomorrow. It should accept anything as a password i guess.

Oh @Morpheu5 i changed the file in package/infineon-utilities/feeds/ifx_feeds_uboot/open_uboot/src.904dsl/board/vr9/sha1dgst.c

So here it is, 904xdsl uboot with nopasswd? - https://www.mediafire.com/?pmnq0y8x1ixr1pk - please test and report

(Last edited by angrybb on 12 Feb 2015, 23:12)

@angrybb: Many thanks for your work! But...
Has someone an idea how to flash only the bootloader with TFTP?
I have just assembled my 904. I left only the wire for serial connection outside. It was horrible to open the case. Last time one of the plastic fitting was broken...

(Last edited by BigDee on 13 Feb 2015, 09:41)

@BigDee you may look at uboot env here - http://pastebin.com/AyHujYsm
you can see that in order to flash u-boot only you need to "run update_uboot from" u-boot comand line, which is not possible from stock bootloader without password. You maybe can set preboot to "run update_uboot" but i am not sure if this will work. Will try later if i have time.

@angrybb:Is the bootloader a part of the firmware package? Then I will integrate him. Can you also upload a backup from the boot env? I think I change something in the kernel parameter but don't know what. It is 4 month ago...

(Last edited by BigDee on 13 Feb 2015, 11:43)

@BigDee
I think u-boot is not part of fw package. With binwalk i see only squashfs rootfs image and kernel. I know on older arcadyan models one could build u-boot as 2nd stage bootloader and replace kernel in fw with that u-boot but i dont see that uboot compiled with this sources.
That on pastebin is the default u-boot env, but here is the dd dump of my mtd6 (uboot configuration partition, removed SN, MAC and WPA Key, please correct that first with hex editor before trying anything) - https://www.mediafire.com/?zqk28brd2t8m688

EDIT:
I checked uboot from https://www.mediafire.com/?pmnq0y8x1ixr1pk and it is working. Accepts any password (Thx @Morpheu5!) and lan is working. I used tftp to reflash u-boot.lq from zip and now i have permanent "custom" uboot on flash.

(Last edited by angrybb on 13 Feb 2015, 18:50)

Hi, I have a 904 xDSL router HW: R01 and FW: AT904X-MFR.01: t16. I have not had contact with firmware for routers but now I have to unlock this router because I need to access the internet via 3g sim card. There are currently firmware version AT904X-02.05 (Linux 2.6.32.32 # 2 Sun May 3 11:21:02 CST 2013) and have U-Boot 2010.06-Lv2.0.40-A0.5 (Nov 22 2012 - 15:40:12).

After reading this thread I try to find 3.10 firmware but can find it anywhere. Angrybb state that there is usable uboot but I realy dont know what that realy means. If someone can give me instruction it will be great. Thanks

@angrybb For my understanding, you need the UART mode to flash the boot loader with TFTP?

@Pera.Kojot.Supergenije
I think you will have to enable telnet/ssh acces to router first and then use ccfg_cli to manualy edit config options. I dont think there is "unlocked" web gui yet avaliable. take a look here for more info https://piratenpad.de/p/GWryBbvQqV

@BigDee
No. UART mode is almost as JTAG in this case. Routers CPU write everything you send to it over serial(UART) port directly to RAM and then execute it. In this case you need u-boot.asc file, content from that file to be more accurate. So you are then running "live" uboot. If you dont write anything to flash memory, after reset all is back as before uart mode.
But in this "live" uboot you can flash anything over tftp, just use the right command.

I will try to dump my unlocked bootloader from ssh in vodafone fw and then write it back, all using dd command. If that works than all what you need to reflash uboot is ssh acces to the router and good u-boot file.

@angrybb Many thanks for your fast reply. But my box is bricked and won't boot. It show a kernel panic and run into a boot loop. I made some changes at the kernel boot parameter.

@BigDee
Then you must enable UART mode and correct that. And when you are doing so, it is better to reflash modified "nopasswd" uboot so you dont have to open the router case anymore.