OpenWrt Forum Archive

Topic: Transcend WifiSD / PQI AirCard / FluCard Pro

The content of this topic has been archived between 29 Mar 2018 and 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

pixelk wrote:

I just received my PQI Aircard and I can confirm that its discovery method is horrible. The client launches ARP request for all /24 of your network (regardless of your netmask) then asks

GET /cgi-bin/get_config.pl HTTP/1.1

Which answers with the full configuration stored in wsd.conf (and passwords in plaintext).

The default firmware on the WifiSD is far from perfect, but it's better by any metric.

I did further research and was just going to post this. My research setup was to drag out an old unmanaged switch hub and a dlink  dwl-g730ap hotspot to attach to a port and a PC with wireshark on another. After that I realised the client was establishing with the following:

GET /cgi-bin/get_config.pl HTTP/1.1
User-Agent: My Phone Info
Host: X.X.X.X
Connection: Keep-Alive
Accept-Encoding: gzip

I was curious to see if they somehow figured out how to get around root for ARP on Android, so I did a little bit of work there too. They are not doing an AR request, they're just iterating over the full /24 with a 5 second timeout. From the logcat:

java.net.ConnectException: failed to connect to /X.X.X.X (port 80) after 5000ms: isConnected failed: ECONNREFUSED (Connection refused)

Anyone who has port 80 open will get the string above. If you give your wsd.conf info it will then ask for a list of the files as such:

GET /cgi-bin/wifi_filelist?fn=/mnt/sd/ HTTP/1.1
Host: X.X.X.X
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

In response, it's a simple XML listing of files and directories with attributes to differentiate each. Actually, you don't need to give the full wsd.conf, you can simply do the HTTP header response.

Basically this is the app's routine:

String str = ClientIpCheckService.b(this.a).substring(0, 1 + ClientIpCheckService.b(this.a).lastIndexOf(".")) + j;
   if (!str.equals(ClientIpCheckService.b(this.a).toString()))
      new Thread(new b(this, str)).start();

Wrapped inside an iterative while true loop that breaks off before 255.

So I guess if you want to add to your tool, you'll just open port 80 for listening when the PQI radio button is clicked and check who the inetaddr is that asks for the get_config.pl.

Other interesting tidbit is that kcard_cmd -w is the command to re-associate with the wifi network. It's kind of a pain in the a?? when you must issue the command to get it on the hotspot mode instead of AP mode.

(Last edited by smbgaiden on 24 Aug 2013, 20:10)

First Hello World working (statically compiled) helloworld
Compiled using sourcery lite 2011.09.70 (on win32 install arm-2011.09-70-arm-none-linux-gnueabi.exe ) following the explanations on this (translated) japanese webpage

cnovus : I got the same "output only" problem with the console

smbgaiden : so the ARP requests are just a by-product of the search for an open webserver if I understand your work ? In my tool I still would have to poll the whole subnet to find the AirCard hmm

(Last edited by pixelk on 24 Aug 2013, 20:28)

Yes you're correct. My suggestion to your tool was me having my head backwards and imitating the phone app, when really it is rightfully for discovery (said it wrong again...tired... imitating phone app is discovery and is spammy ont he network). I will use my router's webadmin to discover and/or use the router to assign this MAC a static address.

Putting /usr/bin/kcard_cmd -w in my autorun was useful for preventing reconnecting to the card as a hotspot all the time. Unknown is if it will fall back to hotspot mode if all the hotspots fail to get connected to.

I got someone's disk dump of the Transcend online, but my machine does not have enough space to expand it out. May wind up making a project of using the PQI as a Transcend to have a better discovery method and try out their Android app.

Q: I see you've endeavored to compile now. My compilation from my ARM chromebook using eabihf did not immediately run on the card. I see eabi works with the sourcery and static compilation, yet my Linux knowledge is lacking. Would it be possible to grab stuff off of these cards in order to create a toolchain for sourcery allowing creation of dynamically linking binaries which stay compatible with the cards?

(Last edited by smbgaiden on 24 Aug 2013, 20:44)

I also thought about using the transcend binary on the PQI card to get a better discovery mechanism, but it enters a shady area of copyright, and it needs updated tools to make a good use of it. My utility would have no problem with that, but the android/ios app are another story.

Here comes my dream of an OpenWRT release for all those cards, getting the best of all worlds. That's way beyond my knowledge and I created this topic to gather all the people that are smarter than (well, everybody smile.

We have most of the pieces of the puzzle to get to a dynamically linked binary, but I clearly lack the skill to put them together. So for the moment it's static only for me, which isn't really a problem as I've got lots of space available on /mnt/sd. my autorun.sh does the needed symbolic links at startup. Tried cgi too and it works a treat.

I think I have all the resources I need to create an auto-uploading script on the Transcend (the fact that curl is present  is a big help, lftp would be nice, but I'll try without it). It will be my next goal.

(Last edited by pixelk on 24 Aug 2013, 21:16)

Agree on the shady area of copyright, so I'd do what I usually do. Prove the concept, buy the card, and store it so I do not run two instances of the IP at the same time. I really like the swappable microSD, I've been operating like that on all full size SD receptacles for some years now.

If you want a shortcut to a auto-upload thing, I can pass a link along. If you're doing it for the discovery of it, then forget I said that sentence smile Nevermind, I see he already posted it on this forum. So many links from so many places, so losing track of here and there.

(Last edited by smbgaiden on 24 Aug 2013, 21:28)

Hmm, I think it's likely that this patent is relevant:
http://www.freepatentsonline.com/8386691.html
http://www.freepatentsonline.com/8386691.pdf

So the SD card is switched between the camera/whatever and the embedded system.
I had hoped that it would have 3 sd/mmc controllers, one for the SD, one for the host it is plugged in to and one for the WiFi,
but it seems it is only using 2 and this automatic switch mechanism (probably giving the camera priority on accesses and some 'the other host has accessed the card, invalidate your caches' notification).

SUCCESS !

http://stuff.knackes.com/dld/201308/ScreenCap-20130825-022450_828461F5.png

The "discovery" service (named idS by Transcend) is a dumb script outputing some data on every request on udp:55777. I just made my own.

I also imported curl and dcraw from the transcend firmware to the PQI. everything I played with is open source, I'll put the details tommorow. But now time for some sleep.

Next step, auto-upload.

(Last edited by pixelk on 25 Aug 2013, 01:28)

I've hacked together a toolchain that can build dynamically-linked executables that work with the version of uClibc that ships with the Transcend firmware.  I posted the instructions below if anyone else wants to try it, but be warned: this setup is probably not very reliable and will likely blow up in your face if you try anything too complicated.

From looking at the Japanese page that pixelk posted, it looks like he got dynamically linked executables to work by compiling normally with the CodeSourcery toolchain and then copying over all of the required libraries (and probably setting LD_LIBRARY_PATH or something).  Unfortunately, the CS toolchain appears to use glibc (instead of uClibc like the Transcend firmware does), and glibc takes up quite a bit of space - the Transcend card has only 32MB RAM, and glibc's libc-2.13.so is about 1.7MB, compared to 250kB for uClibc's libc.so.0.



Build Instructions:


Start in a clean directory for building the toolchain.  Obtain the following files and copy them into that build directory:

Also make sure you have development files for libmpc, libmpfr, and libgmp installed on your host system.  For Debian this is:

sudo apt-get install libmpc-dev libmpfr-dev libgmp-dev

We will create two directories, 'sysroot' and 'toolchain'.  'sysroot' will contain a copy of the device's root filesystem with the addition of some development files (headers, crt?.o).  'toolchain' will contain the binutils and gcc for use in cross-compiling.

Start by doing:

export BUILDDIR=$PWD
mkdir $BUILDDIR/sysroot $BUILDDIR/toolchain

Between sections, you should 'cd $BUILDDIR'.


Unpack initrd into sysroot:

cd sysroot
tail -c +9 ../initramfs3.gz | gunzip -c | cpio -i
chmod -R go-w .     # fix permissions

Install linux kernel headers:

tar -xf linux-2.6.32.28.tar.gz
cd linux-2.6.32.28
make mrproper
make ARCH=arm headers_check
make ARCH=arm INSTALL_HDR_PATH=$BUILDDIR/sysroot/usr headers_install

Build and install cross binutils:

tar -xf binutils-2.23.tar.gz
mkdir binutils-build
cd binutils-build
../binutils-2.23.2/configure \
    --target=armv5l-unknown-linux-uclibceabi \
    --prefix=$BUILDDIR/toolchain \
    --with-sysroot=$BUILDDIR/sysroot
make && make install

Install uClibc header files:

tar -xf uClibc-0.9.33.2.tar.xz 
cd uClibc-0.9.33.2/
make ARCH=arm defconfig
make ARCH=arm menuconfig
    # Set the following configuration options:
    # Target Architecture Features and Options ->
    #   Build for EABI = Y
    #   Target Processor Endianness = Little Endian
    #   Target CPU has a floating point unit = N
    # General Library Settings ->
    #   Thread Support = Native POSIX Threading (NPTL)
    # Development / Debugging Options ->
    #   Cross-compiling toolchain prefix = armv5l-unknown-linux-uclibceabi-
make ARCH=arm PREFIX=$BUILDDIR/sysroot DEVEL_PREFIX=/usr/ install_headers

Don't delete the uClibc-0.9.33.2/ directory yet - we need it for building the startfiles once we have compiled gcc.

Build and install cross GCC:

# make sure gcc can find the new binutils
export PATH=$PATH:$BUILDDIR/toolchain/bin

tar -xf gcc-4.8.1.tar.bz2
mkdir gcc-build
cd gcc-build
../gcc-4.8.1/configure \
    --target=armv5l-unknown-linux-uclibceabi \
    --prefix=$BUILDDIR/toolchain \
    --with-sysroot=$BUILDDIR/sysroot \
    --enable-languages=c \
    --enable-c99 \
    --with-abi=aapcs-linux \
    --with-arch=armv5te \
    --with-mode=arm \
    --with-float=soft \
    --disable-shared

make all-gcc all-target-libgcc && make install-gcc install-target-libgcc

Build and install startfiles:

cd uClibc-0.9.33.2
make lib/{crt1,crti,crtn,Scrt1}.o
cp -v lib/{crt1,crti,crtn,Scrt1}.o $BUILDDIR/sysroot/lib

Create symlinks:

cd sysroot/lib
for f in crypt c dl m nsl pthread resolv rt util; do
    ln -sfv lib$f.so.0 lib$f.so
done

Test the toolchain:

echo 'int main() { puts("hello"); }' > hello.c
armv5l-unknown-linux-uclibceabi-gcc hello.c -o hello
armv5l-unknown-linux-uclibceabi-readelf -a hello | grep 'Requesting program interpreter'
# Should output:
#   [Requesting program interpreter: /lib/ld-uClibc.so.0]

Now copy 'hello' to the SD card and run it.  It should print 'hello' with no errors.

I'll try this toolchain asap, thank you !

The tools package for the PQI AirCard. Decompress on root, replaces your autorun.sh

autorun.sh :

#!/bin/sh

echo Automatically connect to configured wifi network
/usr/bin/kcard_cmd -w

echo Install extended busybox symbolic links
/mnt/sd/MISC/busybox-install.sh

echo Install abbitional tools
ln -sf /mnt/sd/MISC/usr/bin/curl /usr/bin/curl
ln -sf /mnt/sd/MISC/usr/bin/jshon /usr/bin/jshon
ln -sf /mnt/sd/MISC/usr/bin/dcraw /usr/bin/dcraw

echo Install abbitional libraries
ln -sf /mnt/sd/MISC/lib/libjansson.so /lib/libjansson.so
ln -sf /mnt/sd/MISC/lib/libjansson.so.4 /lib/libjansson.so.4
ln -sf /mnt/sd/MISC/lib/libjansson.so.4.3.1 /lib/libjansson.so.4.3.1
ln -sf /mnt/sd/MISC/lib/libssl.so /lib/libssl.so
ln -sf /mnt/sd/MISC/lib/libssl.so.0.9.8 /lib/libssl.so.0.9.8
ln -sf /mnt/sd/MISC/lib/libcrypto.so.0.9.8 /lib/libcrypto.so.0.9.8

# Start Identity server. Answer any request on port 55777 with full network configuration
udpsvd 0 55777 /mnt/sd/MISC/usr/bin/idService &

echo Sync filesystem
sync

echo Done autorun.sh

All binaries are open-source.

(Last edited by pixelk on 25 Aug 2013, 09:22)

epdtry : fantastic job !
Just a few nitpicking :

- It's

tar -xf linux-2.6.32.28.tar.xz

not

tar -xf linux-2.6.32.28.tar.gz

- On a freshly installed ubuntu box (which I just setup for the occasion) you also need to

apt-get install build-essential libncurses5-dev libncursesw5-dev

So far, I'm stopped at a problem when compiling GCC :

make[1]: Leaving directory `/home/pk/Desktop/WifiSD/CrossComp/gcc-build/gcc'
Checking multilib configuration for libgcc...
mkdir -p -- armv5l-unknown-linux-uclibceabi/libgcc
Configuring in armv5l-unknown-linux-uclibceabi/libgcc
configure: creating cache ./config.cache
checking build system type... i686-pc-linux-gnu
checking host system type... armv5l-unknown-linux-uclibceabi
checking for --enable-version-specific-runtime-libs... no
checking for a BSD-compatible install... /usr/bin/install -c
checking for gawk... mawk
checking for armv5l-unknown-linux-uclibceabi-ar... armv5l-unknown-linux-uclibceabi-ar
checking for armv5l-unknown-linux-uclibceabi-lipo... armv5l-unknown-linux-uclibceabi-lipo
checking for armv5l-unknown-linux-uclibceabi-nm... /home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/nm
checking for armv5l-unknown-linux-uclibceabi-ranlib... armv5l-unknown-linux-uclibceabi-ranlib
checking for armv5l-unknown-linux-uclibceabi-strip... armv5l-unknown-linux-uclibceabi-strip
checking whether ln -s works... yeschecking for armv5l-unknown-linux-uclibceabi-gcc...  /home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/xgcc -B/home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/bin/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/lib/ -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/include -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/sys-include   checking for suffix of object files... configure: error: in `/home/pk/Desktop/WifiSD/CrossComp/gcc-build/armv5l-unknown-linux-uclibceabi/libgcc':
configure: error: cannot compute suffix of object files: cannot compile
See `config.log' for more details.
make: *** [configure-target-libgcc] Error 1

Any idea ? I don't know where to find the config.log

pixelk wrote:

Any idea ? I don't know where to find the config.log

The log you posted says:

Configuring in armv5l-unknown-linux-uclibceabi/libgcc

I checked my own gcc-build directory (with "find . -name config.log") and it found a file named armv5l-unknown-linux-uclibceabi/libgcc/config.log.  So that is probably the one you want.

config.log files are usually several thousand lines long and 99% uninteresting.  Search for the error message you got ("cannot compute suffix of object files") and look in that general area.  There should be some info above that line, which usually includes the error message from whatever commands the configure script used for that check, along with the compiler input if any (most configure checks are basically "try compiling this small program and see what happens").


Edit:

Has anyone had success building a custom kernel for any of these devices?  The standard one for the Transcend is pretty limited (no sysfs, for example).

I've tried building the sources from the Transcend GPL release with the CodeSourcery toolchain and either ka2000-defconfig or the PQI .config from kazu-zamasu, but none of them have worked.  I put the 1.7 program.bin and the compiled zImage (renamed to 'image3') on the card and restart it, but the files never disappear like they do when using the standard 1.7 image3.  (I've also tried using Image instead of zImage for the kernel, with no luck.)  I don't have a way to connect to the card's serial port, so it's hard to tell what's going wrong.

(Last edited by epdtry on 25 Aug 2013, 18:18)

Nice work so far!
I ordered a PQI Air Card the other day.  I'm looking forward to playing with it when it gets here this week.

Has anyone checked out the KeyASIC website?
It looks they offer a reference platform for developing new wifi sd cards.
http://www.keyasic.com/keyasic_sub.php? … mp;inid=24

I also found a listing for the PQI Air Card II model A201.  It will have a BCM43362 (Askey WLS6150) based wifi instead of the Atheros.
http://wikidevi.com/wiki/PQI_Air_Card_II_%28A201%29

There is more info on the FCC site with pictures of the new card.
https://fcc.io/A4S/-6W61

I've managed to compile a custom kernel that can boot the Transcend card, but for some reason the wifi doesn't work.  Here's what I've been doing:

  • Get the 2011.03-42 version of the CodeSourcery toolchain from here, and set up your $PATH to include its bin/ directory.

  • In the Linux_KA_2_6 directory from the Transcend GPL bundle, run:

make mrproper
make ARCH=arm ka2000_defconfig
make ARCH=arm CROSS_COMPILE=arm-none-eabi-
  • Copy arch/arm/boot/Image to the SD card and rename it to 'image3'.  Also copy the program.bin from one of the Transcend official firmware updates.

  • Put something like "cat /proc/version >/mnt/sd/it_works.txt" into your autorun.sh, so you can tell that the new kernel worked.  (Or watch the serial port, if you have that hooked up.)


My card will boot with a kernel compiled this way, but it will have no wifi connection.  If I try to set up wifi manually in autorun.sh (by insmod'ing ka2000-sdio.ko and ar6000.ko), it gives a nasty error in the kernel log, and 'mlan0' doesn't show up in iwconfig:

 == insmod /lib/ar6000.ko == 
AR6000: configuration opcode 7 is only used for RTOS systems, not Linux systems
ath6k/AR6003/hw2.1.1/athwlan.bin firmware will be loaded
AR6K: ** HIF layer does not support scatter requests (17) 
Unable to handle kernel NULL pointer dereference at virtual address 0000089c
pgd = c0204000
[0000089c] *pgd=00000000
Internal error: Oops: 817 [#1] PREEMPT
Modules linked in: ar6000 ka2000_sdio ka2000_sdhc(P)
CPU: 0    Tainted: P            (2.6.32.28 #1)
PC is at memcpy+0x50/0x330
LR is at 0x6
pc : [<c031b270>]    lr : [<00000006>]    psr: 80000013
sp : c1477f6c  ip : 02057630  fp : c1477fc4
r10: 0000089c  r9 : 00000001  r8 : 032938b0
r7 : 00000001  r6 : 310102bc  r5 : 00000000  r4 : 10010608
r3 : 001d0201  r2 : ffffffe0  r1 : c1200020  r0 : 0000089c
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 0005717f  Table: 011bc000  DAC: 00000017
Process AR6K Async (pid: 499, stack limit = 0xc1476270)
Stack: (0xc1477f6c to 0xc1478000)
7f60:                            c1476000 c1c0d000 00000080 00000000 0000089c
7f80: c1c0dc00 bf01f40c 00000000 c1200000 c1c0d008 00000001 c1477fc4 c11afd58
7fa0: bf01f118 c1c0d000 00000000 00000000 00000000 00000000 c1477ff4 c1477fc8
7fc0: c02464a4 bf01f128 00000000 00000000 c1477fd0 c1477fd0 00000000 00000000
7fe0: 00000000 00000000 00000000 c1477ff8 c0232eb8 c0246430 ebfffea1 e59f0128
Backtrace: 
[<bf01f118>] (async_task+0x0/0x3b8 [ar6000]) from [<c02464a4>] (kthread+0x84/0x8c)
[<c0246420>] (kthread+0x0/0x8c) from [<c0232eb8>] (do_exit+0x0/0x66c)
 r6:00000000 r5:00000000 r4:00000000
Code: f5d1f05c f5d1f07c e8b151f8 e2522020 (e8a051f8) 
---[ end trace 37ed059d57da270e ]---
ABI Version mismatch: Host(0x1), Target(0x0)
ar6000_avail: ar6000_init
Unable to handle kernel NULL pointer dereference at virtual address 0000021c
pgd = c0204000
[0000021c] *pgd=00000000
Internal error: Oops: 817 [#2] PREEMPT
Modules linked in: ar6000 ka2000_sdio ka2000_sdhc(P)
CPU: 0    Tainted: P      D     (2.6.32.28 #1)
PC is at wmi_allow_aggr_cmd+0x44/0x8c [ar6000]
LR is at wmi_allow_aggr_cmd+0x3c/0x8c [ar6000]
pc : [<bf0509b0>]    lr : [<bf0509a8>]    psr: 80000013
sp : c1209f28  ip : c1209f28  fp : c1209f44
r10: bf05add8  r9 : c1c60000  r8 : c12752c0
r7 : 00000000  r6 : c120b800  r5 : 00000001  r4 : c147a140
r3 : 00000000  r2 : 00000000  r1 : 00000004  r0 : 0000021c
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 0005717f  Table: 011bc000  DAC: 00000017
Process AR6K startup (pid: 500, stack limit = 0xc1208270)
Stack: (0xc1209f28 to 0xc120a000)
9f20:                   ffffffff bf05b72c c1c60000 00000000 c1209fa4 c1209f48
9f40: bf0351b8 bf05097c c1c0d000 c12752c0 bf05add8 bf05b72c c1c61a3c 00000000
9f60: c024b898 0000000c 30000582 00000003 c1c60000 bf030b0c c03fbe1c c11afd58
9f80: bf01e000 c1c0d000 00000000 00000000 00000000 00000000 c1209fb4 c1209fa8
9fa0: bf0543d8 bf034b4c c1209fc4 c1209fb8 bf01e01c bf0543d0 c1209ff4 c1209fc8
9fc0: c02464a4 bf01e010 00000000 00000000 c1209fd0 c1209fd0 00000000 00000000
9fe0: 00000000 00000000 00000000 c1209ff8 c0232eb8 c0246430 0006b11c 00032e6c
Backtrace: 
[<bf05096c>] (wmi_allow_aggr_cmd+0x0/0x8c [ar6000]) from [<bf0351b8>] (ar6000_avail_ev+0x67c/0xa80 [ar6000])
 r7:00000000 r6:c1c60000 r5:bf05b72c r4:ffffffff
[<bf034b3c>] (ar6000_avail_ev+0x0/0xa80 [ar6000]) from [<bf0543d8>] (ar6000_android_avail_ev+0x18/0x20 [ar6000])
[<bf0543c0>] (ar6000_android_avail_ev+0x0/0x20 [ar6000]) from [<bf01e01c>] (startup_task+0x1c/0x28 [ar6000])
[<bf01e000>] (startup_task+0x0/0x28 [ar6000]) from [<c02464a4>] (kthread+0x84/0x8c)
[<c0246420>] (kthread+0x0/0x8c) from [<c0232eb8>] (do_exit+0x0/0x66c)
 r6:00000000 r5:00000000 r4:00000000
Code: e1a00004 ebff9dad e1a02425 e1a03427 (e5c05000) 
---[ end trace 37ed059d57da270f ]---

ifconfig -a output:
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


iwconfig output:
lo        no wireless extensions.


loaded modules:

ar6000 302800 0 - Live 0xbf01e000
ka2000_sdio 8009 0 - Live 0xbf017000
ka2000_sdhc 62155 0 - Live 0xbf000000 (P)

I've tried using the modules that were actually built with the custom kernel, but there is no ar6000.ko module to be found - the only AR6000 driver is 'ath6kl' from the "staging drivers" section, which doesn't cause the error above, but also doesn't work (no mlan0).

epdtry  I found the config.log but I have no idea about what to do with the "relevant" part :

configure:3347:  /home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/xgcc -B/home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/bin/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/lib/ -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/include -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/sys-include    -V >&5
xgcc: error: unrecognized command line option '-V'
xgcc: fatal error: no input files
compilation terminated.
configure:3358: $? = 1
configure:3347:  /home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/xgcc -B/home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/bin/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/lib/ -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/include -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/sys-include    -qversion >&5
xgcc: error: unrecognized command line option '-qversion'
xgcc: fatal error: no input files
compilation terminated.
configure:3358: $? = 1
configure:3374:  /home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/xgcc -B/home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/bin/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/lib/ -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/include -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/sys-include    -o conftest -g -O2   conftest.c  >&5
/home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/as: 87: exec: -march=armv5te: not found
configure:3377: $? = 1
configure:3565: checking for suffix of object files
configure:3587:  /home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/xgcc -B/home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/bin/ -B/home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/lib/ -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/include -isystem /home/pk/Desktop/WifiSD/CrossComp/toolchain/armv5l-unknown-linux-uclibceabi/sys-include    -c -g -O2  conftest.c >&5
/home/pk/Desktop/WifiSD/CrossComp/gcc-build/./gcc/as: 87: exec: -march=armv5te: not found
configure:3591: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "GNU C Runtime Library"
| #define PACKAGE_TARNAME "libgcc"
| #define PACKAGE_VERSION "1.0"
| #define PACKAGE_STRING "GNU C Runtime Library 1.0"
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE_URL "http://www.gnu.org/software/libgcc/"
| /* end confdefs.h.  */
| 
| int
| main ()
| {
| 
|   ;
|   return 0;
| }
configure:3605: error: in `/home/pk/Desktop/WifiSD/CrossComp/gcc-build/armv5l-unknown-linux-uclibceabi/libgcc':
configure:3608: error: cannot compute suffix of object files: cannot compile
See `config.log' for more details.

have you tried getting all three modules (ar6000 ka2000_sdio ka2000_sdhc) from the original image or just ar6000 & ka2000_sdio ? your ka2000_sdhc works well or you wouldn't be able to write to the SD, but maybe ar6000 uses an obscure dependency in it.

deadhp1 The KeyAsic SDK is relevant, it's been cited before as the father of all the three cards of the topic. The version II of the PQI air really seems to bring nothing more than a different (cheaper ?) wifi module and a back-loading mechanism (more practical if it can be used within the reader)

I fucked up my PQI Aircard trying to flash a modified firmware (own work, so I don't complain). I was able to restore most of it's functionality by flashing the last firmware back but now it won't connect to my hotspots with kcard_cmd -w anymore hmm I'll focus my work on the WifiSD until I can figure it out (I will open the case, take photos and solder the console, it may help)

(Last edited by pixelk on 26 Aug 2013, 08:40)

i noticed the J10 "boot by OSC" (Operating System Command, character 9D in the Unicode character set, see UTF-EBCDIC)
and the "boot by PLL" Jumper on the Dev-board here: http://www.keyasic.com/keyasic_sub.php? … mp;inid=24
any chance someone found two points on the card that can be joined to allow standalone booting?
KeyASIC Dev Board

(Last edited by jrsmile on 28 Aug 2013, 14:51)

OSC and PLL rather mean Oscillator and Phased locked loop, two method of setting a reference frequency. Aka a method to change the frequency of the CPU.

pixelk wrote:

OSC and PLL rather mean Oscillator and Phased locked loop, two method of setting a reference frequency. Aka a method to change the frequency of the CPU.

Thanks for the clarification, i was afraid this would be the meaning as OSC is used in combination with a Frequency Rating on the picture as well....

So for using this device in standalone mode a external MC is needed to init the card in mci mode (spi does not work) or can it be solved in firmware?

Looks like u-boot can't initialize the SD card when it's not connected to a host:

KA Boot 04240806
scu: 11c33303,00000000,00040404,00009f00,1
Status 20200800

Hit to stop :  2 1 0
Wait m1 timeout - Status 20200800 RCA0 34, RCA1 12
(5)m1 not readyStatus 20200800
InitCard failed
** Can't read from device 1 **
** Can't read from device 1 **
reading program.bin
Error: reading boot sector
<49.rf 65280><48.rf 65280><47.rf 65280><46.rf 65280><45.rf 65280><44.rf 65280><43.rf 65280><42.rf 65280><41.rf 65280><40.rf 65280><39.rf 65280><38.rf 65280><37.rf 65280><36.rf 65280><35.rf 65280><34.rf 65280><33.rf 65280><32.rf 65280><31.rf 65280><30.rf 65280><29.rf 65280><28.rf 65280><27.rf 65280><26.rf 65280><25.rf 65280><24.rf 65280><23.rf 65280><22.rf 65280><21.rf 65280><20.rf 65280><19.rf 65280><18.rf 65280><17.rf 65280><16.rf 65280><15.rf 65280><14.rf 65280><13.rf 65280><12.rf 65280><11.rf 65280><10.rf 65280><9.rf 65280><8.rf 65280><7.rf 65280><6.rf 65280><5.rf 65280><4.rf 65280><3.rf 65280><2.rf 65280><1.rf 65280><0.rf 65280><49.rf 65288><48.rf 65288><47.rf 65288><46.rf 65288><45.rf 65288><44.rf 65288><43.rf 65288><42.rf 65288><41.rf 65288><40.rf 65288><39.rf 65288><38.rf 65288><37.rf 65288><36.rf 65288><35.rf 65288><34.rf 65288><33.rf 65288><32.rf 65288><31.rf 65288><30.rf 65288><29.rf 65288><28.rf 65288><27.rf 65288><26.rf 65288><25.rf 65288><24.rf 65288><23.rf 65288><22.rf 65288><21.rf 65288><20.rf 65288><19.rf 65288><18.rf 65288><17.rf 65288><16.rf 65288><15.rf 65288><14.rf 65288><13.rf 65288><12.rf 65288><11.rf 65288><10.rf 65288><9.rf 65288><8.rf 65288><7.rf 65288><6.rf 65288><5.rf 65288><4.rf 65288><3.rf 65288><2.rf 65288><1.rf 65288><0.rf 65288><49.rf 65296><48.rf 65296><47.rf 65296><46.rf 65296><45.rf 65296><44.rf 65296><43.rf 65296><42.rf 65296><41.rf 65296><40.rf 65296><39.rf 65296><38.rf 65296><37.rf 65296><36.rf 65296><35.rf 65296><34.rf 65296><33.rf 65296><32.rf 65296><31.rf 65296><30.rf 65296><29.rf 65296><28.rf 65296><27.rf 65296><26.rf 65296><25.rf 65296><24.rf 65296><23.rf 65296><22.rf 65296><21.rf 65296><20.rf 65296><19.rf 65296><18.rf 65296><17.rf 65296><16.rf 65296><15.rf 65296><14.rf 65296><13.rf 65296><12.rf 65296><11.rf 65296><10.rf 65296><9.rf 65296><8.rf 65296><7.rf 65296><6.rf 65296><5.rf 65296><4.rf 65296><3.rf 65296><2.rf 65296><1.rf 65296><0.rf 65296><49.rf 65304><48.rf 65304><47.rf 65304><46.rf 65304><45.rf 65304><44.rf 65304><43.rf 65304><42.rf 65304><41.rf 65304><40.rf 65304><39.rf 65304><38.rf 65304><37.rf 65304><36.rf 65304><35.rf 65304><34.rf 65304><33.rf 65304><32.rf 65304><31.rf 65304><30.rf 65304><29.rf 65304><28.rf 65304><27.rf 65304><26.rf 65304><25.rf 65304><24.rf 65304><23.rf 65304><22.rf 65304><21.rf 65304><20.rf 65304><19.rf 65304><18.rf 65304><17.rf 65304><16.rf 65304><15.rf 65304><14.rf 65304><13.rf 65304><12.rf 65304><11.rf 65304><10.rf 65304><9.rf 65304><8.rf 65304><7.rf 65304><6.rf 65304><5.rf 65304><4.rf 65304><3.rf 65304><2.rf 65304><1.rf 65304><0.rf 65304><49.rf 65312><48.rf 65312><47.rf 65312><46.rf 65312><45.rf 65312><44.rf 65312><43.rf 65312><42.rf 65312><41.rf 65312><40.rf 65312><39.rf 65312><38.rf 65312><37.rf 65312><36.rf 65312><35.rf 65312><34.rf 65312><33.rf 65312><32.rf 65312><31.rf 65312><30.rf 65312><29.rf 65312><28.rf 65312><27.rf 65312><26.rf 65312><25.rf 65312><24.rf 65312><23.rf 65312><22.rf 65312><21.rf 65312><20.rf 65312><19.rf 65312><18.rf 65312><17.rf 65312><16.rf 65312><15.rf 65312><14.rf 65312><13.rf 65312><12.rf 65312><11.rf 65312><10.rf 65312><9.rf 65312><8.rf 65312><7.rf 65312><6.rf 65312><5.rf 65312><4.rf 65312><3.rf 65312><2.rf 65312><1.rf 65312><0.rf 65312><49.rf 65320><48.rf 65320><47.rf 65320><46.rf 65320><45.rf 65320><44.rf 65320><43.rf 65320><42.rf 65320><41.rf 65320><40.rf 65320><39.rf 65320><38.rf 65320><37.rf 65320><36.rf 65320><35.rf 65320><34.rf 65320><33.rf 65320><32.rf 65320><31.rf 65320><30.rf 65320><29.rf 65320><28.rf 65320><27.rf 65320><26.rf 65320><25.rf 65320><24.rf 65320><23.rf 65320><22.rf 65320><21.rf 65320><20.rf 65320><19.rf 65320><18.rf 65320><17.rf 65320><16.rf 65320><15.rf 65320><14.rf 65320><13.rf 65320><12.rf 65320><11.rf 65320><10.rf 65320><9.rf 65320><8.rf 65320><7.rf 65320><6.rf 65320><5.rf 65320><4.rf 65320><3.rf 65320><2.rf 65320><1.rf 65320><0.rf 65320><49.rf 65328><48.rf 65328><47.rf 65328><46.rf 65328><45.rf 65328><44.rf 65328><43.rf 65328><42.rf 65328><41.rf 65328><40.rf 65328><39.rf 65328><38.rf 65328><37.rf 65328><36.rf 65328><35.rf 65328><34.rf 65328><33.rf 65328><32.rf 65328><31.rf 65328><30.rf 65328><29.rf 65328><28.rf 65328><27.rf 65328><26.rf 65328><25.rf 65328><24.rf 65328><23.rf 65328><22.rf 65328><21.rf 65328><20.rf 65328><19.rf 65328><18.rf 65328><17.rf 65328><16.rf 65328><15.rf 65328><14.rf 65328><13.rf 65328><12.rf 65328><11.rf 65328><10.rf 65328><9.rf 65328><8.rf 65328><7.rf 65328><6.rf 65328><5.rf 65328><4.rf 65328><3.rf 65328><2.rf 65328><1.rf 65328><0.rf 65328><49.rf 65336><48.rf 65336><47.rf 65336><46.rf 65336><45.rf 65336><44.rf 65336><43.rf 65336><42.rf 65336><41.rf 65336><40.rf 65336><39.rf 65336><38.rf 65336><37.rf 65336><36.rf 65336><35.rf 65336><34.rf 65336><33.rf 65336><32.rf 65336><31.rf 65336><30.rf 65336><29.rf 65336><28.rf 65336><27.rf 65336><26.rf 65336><25.rf 65336><24.rf 65336><23.rf 65336><22.rf 65336><21.rf 65336><20.rf 65336><19.rf 65336><18.rf 65336><17.rf 65336><16.rf 65336><15.rf 65336><14.rf 65336><13.rf 65336><12.rf 65336><11.rf 65336><10.rf 65336><9.rf 65336><8.rf 65336><7.rf 65336><6.rf 65336><5.rf 65336><4.rf 65336><3.rf 65336><2.rf 65336><1.rf 65336><0.rf 65336><49.rf 65344><48.rf 65344><47.rf 65344><46.rf 65344><45.rf 65344><44.rf 65344><43.rf 65344><42.rf 65344><41.rf 65344><40.rf 65344><39.rf 65344><38.rf 65344><37.rf 65344><36.rf 65344><35.rf 65344><34.rf 65344><33.rf 65344><32.rf 65344><31.rf 65344><30.rf 65344><29.rf 65344><28.rf 65344><27.rf 65344><26.rf 65344><25.rf 65344><24.rf 65344><23.rf 65344><22.rf 65344><21.rf 65344><20.rf 65344><19.rf 65344><18.rf 65344><17.rf 65344><16.rf 65344><15.rf 65344><14.rf 65344><13.rf 65344><12.rf 65344><11.rf 65344><10.rf 65344><9.rf 65344><8.rf 65344><7.rf 65344><6.rf 65344><5.rf 65344><4.rf 65344><3.rf 65344><2.rf 65344><1.rf 65344><0.rf 65344><49.rf 65352><48.rf 65352><47.rf 65352><46.rf 65352><45.rf 65352><44.rf 65352><43.rf 65352><42.rf 65352><41.rf 65352><40.rf 65352><39.rf 65352><38.rf 65352><37.rf 65352><36.rf 65352><35.rf 65352><34.rf 65352><33.rf 65352><32.rf 65352><31.rf 65352><30.rf 65352><29.rf 65352><28.rf 65352><27.rf 65352><26.rf 65352><25.rf 65352><24.rf 65352><23.rf 65352><22.rf 65352><21.rf 65352><20.rf 65352><19.rf 65352><18.rf 65352><17.rf 65352><16.rf 65352><15.rf 65352><14.rf 65352><13.rf 65352><12.rf 65352><11.rf 65352><10.rf 65352><9.rf 65352><8.rf 65352><7.rf 65352><6.rf 65352><5.rf 65352><4.rf 65352><3.rf 65352><2.rf 65352><1.rf 65352><0.rf 65352><49.rf 65360><48.rf 65360><47.rf 65360><46.rf 65360><45.rf 65360><44.rf 65360><43.rf 65360><42.rf 65360><41.rf 65360><40.rf 65360><39.rf 65360><38.rf 65360><37.rf 65360><36.rf 65360><35.rf 65360><34.rf 65360><33.rf 65360><32.rf 65360><31.rf 65360><30.rf 65360><29.rf 65360><28.rf 65360><27.rf 65360><26.rf 65360><25.rf 65360><24.rf 65360><23.rf 65360><22.rf 65360><21.rf 65360><20.rf 65360><19.rf 65360><18.rf 65360><17.rf 65360><16.rf 65360><15.rf 65360><14.rf 65360><13.rf 65360><12.rf 65360><11.rf 65360><10.rf 65360><9.rf 65360><8.rf 65360><7.rf 65360><6.rf 65360><5.rf 65360><4.rf 65360><3.rf 65360><2.rf 65360><1.rf 65360><0.rf 65360><49.rf 65368><48.rf 65368><47.rf 65368><46.rf 65368><45.rf 65368><44.rf 65368><43.rf 65368><42.rf 65368><41.rf 65368><40.rf 65368><39.rf 65368><38.rf 65368><37.rf 65368><36.rf 65368><35.rf 65368><34.rf 65368><33.rf 65368><32.rf 65368><31.rf 65368><30.rf 65368><29.rf 65368><28.rf 65368><27.rf 65368><26.rf 65368><25.rf 65368><24.rf 65368><23.rf 65368><22.rf 65368><21.rf 65368><20.rf 65368><19.rf 65368><18.rf 65368><17.rf 65368><16.rf 65368><15.rf 65368><14.rf 65368><13.rf 65368><12.rf 65368><11.rf 65368><10.rf 65368><9.rf 65368><8.rf 65368><7.rf 65368><6.rf 65368><5.rf 65368><4.rf 65368><3.rf 65368><2.rf 65368><1.rf 65368><0.rf 65368><49.rf 65376><48.rf 65376><47.rf 65376><46.rf 65376><45.rf 65376><44.rf 65376><43.rf 65376><42.rf 65376><41.rf 65376><40.rf 65376><39.rf 65376><38.rf 65376><37.rf 65376><36.rf 65376><35.rf 65376><34.rf 65376><33.rf 65376><32.rf 65376><31.rf 65376><30.rf 65376><29.rf 65376><28.rf 65376><27.rf 65376><26.rf 65376><25.rf 65376><24.rf 65376><23.rf 65376><22.rf 65376><21.rf 65376><20.rf 65376><19.rf 65376><18.rf 65376><17.rf 65376><16.rf 65376><15.rf 65376><14.rf 65376><13.rf 65376><12.rf 65376><11.rf 65376><10.rf 65376><9.rf 65376><8.rf 65376><7.rf 65376><6.rf 65376><5.rf 65376><4.rf 65376><3.rf 65376><2.rf 65376><1.rf 65376><0.rf 65376><49.rf 65384><48.rf 65384><47.rf 65384><46.rf 65384><45.rf 65384><44.rf 65384><43.rf 65384><42.rf 65384><41.rf 65384><40.rf 65384><39.rf 65384><38.rf 65384><37.rf 65384><36.rf 65384><35.rf 65384><34.rf 65384><33.rf 65384><32.rf 65384><31.rf 65384><30.rf 65384><29.rf 65384><28.rf 65384><27.rf 65384><26.rf 65384><25.rf 65384><24.rf 65384><23.rf 65384><22.rf 65384><21.rf 65384><20.rf 65384><19.rf 65384><18.rf 65384><17.rf 65384><16.rf 65384><15.rf 65384><14.rf 65384><13.rf 65384><12.rf 65384><11.rf 65384><10.rf 65384><9.rf 65384><8.rf 65384><7.rf 65384><6.rf 65384><5.rf 65384><4.rf 65384><3.rf 65384><2.rf 65384><1.rf 65384><0.rf 65384><49.rf 65392><48.rf 65392><47.rf 65392><46.rf 65392><45.rf 65392><44.rf 65392><43.rf 65392><42.rf 65392><41.rf 65392><40.rf 65392><39.rf 65392><38.rf 65392><37.rf 65392><36.rf 65392><35.rf 65392><34.rf 65392><33.rf 65392><32.rf 65392><31.rf 65392><30.rf 65392><29.rf 65392><28.rf 65392><27.rf 65392><26.rf 65392><25.rf 65392><24.rf 65392><23.rf 65392><22.rf 65392><21.rf 65392><20.rf 65392><19.rf 65392><18.rf 65392><17.rf 65392><16.rf 65392><15.rf 65392><14.rf 65392><13.rf 65392><12.rf 65392><11.rf 65392><10.rf 65392><9.rf 65392><8.rf 65392><7.rf 65392><6.rf 65392><5.rf 65392><4.rf 65392><3.rf 65392><2.rf 65392><1.rf 65392><0.rf 65392><49.rf 65400><48.rf 65400><47.rf 65400><46.rf 65400><45.rf 65400><44.rf 65400><43.rf 65400><42.rf 65400><41.rf 65400><40.rf 65400><39.rf 65400><38.rf 65400><37.rf 65400><36.rf 65400><35.rf 65400><34.rf 65400><33.rf 65400><32.rf 65400><31.rf 65400><30.rf 65400><29.rf 65400><28.rf 65400><27.rf 65400><26.rf 65400><25.rf 65400><24.rf 65400><23.rf 65400><22.rf 65400><21.rf 65400><20.rf 65400><19.rf 65400><18.rf 65400><17.rf 65400><16.rf 65400><15.rf 65400><14.rf 65400><13.rf 65400><12.rf 65400><11.rf 65400><10.rf 65400><9.rf 65400><8.rf 65400><7.rf 65400><6.rf 65400><5.rf 65400><4.rf 65400><3.rf 65400><2.rf 65400><1.rf 65400><0.rf 65400><49.rf 65408><48.rf 65408><47.rf 65408><46.rf 65408><45.rf 65408><44.rf 65408><43.rf 65408><42.rf 65408><41.rf 65408><40.rf 65408><39.rf 65408><38.rf 65408><37.rf 65408><36.rf 65408><35.rf 65408><34.rf 65408><33.rf 65408><32.rf 65408><31.rf 65408><30.rf 65408><29.rf 65408><28.rf 65408><27.rf 65408><26.rf 65408><25.rf 65408><24.rf 65408><23.rf 65408><22.rf 65408><21.rf 65408><20.rf 65408><19.rf 65408><18.rf 65408><17.rf 65408><16.rf 65408><15.rf 65408><14.rf 65408><13.rf 65408><12.rf 65408><11.rf 65408><10.rf 65408><9.rf 65408><8.rf 65408><7.rf 65408><6.rf 65408><5.rf 65408><4.rf 65408><3.rf 65408><2.rf 65408><1.rf 65408><0.rf 65408><49.rf 65416><48.rf 65416><47.rf 65416><46.rf 65416><45.rf 65416><44.rf 65416><43.rf 65416><42.rf 65416><41.rf 65416><40.rf 65416><39.rf 65416><38.rf 65416><37.rf 65416><36.rf 65416><35.rf 65416><34.rf 65416><33.rf 65416><32.rf 65416><31.rf 65416><30.rf 65416><29.rf 65416><28.rf 65416><27.rf 65416><26.rf 65416><25.rf 65416><24.rf 65416><23.rf 65416><22.rf 65416><21.rf 65416><20.rf 65416><19.rf 65416><18.rf 65416><17.rf 65416><16.rf 65416><15.rf 65416><14.rf 65416><13.rf 65416><12.rf 65416><11.rf 65416><10.rf 65416><9.rf 65416><8.rf 65416><7.rf 65416><6.rf 65416><5.rf 65416><4.rf 65416><3.rf 65416><2.rf 65416><1.rf 65416><0.rf 65416><49.rf 65424><48.rf 65424><47.rf 65424><46.rf 65424><45.rf 65424><44.rf 65424><43.rf 65424><42.rf 65424><41.rf 65424><40.rf 65424><39.rf 65424><38.rf 65424><37.rf 65424><36.rf 65424><35.rf 65424><34.rf 65424><33.rf 65424><32.rf 65424><31.rf 65424><30.rf 65424><29.rf 65424><28.rf 65424><27.rf 65424><26.rf 65424><25.rf 65424><24.rf 65424><23.rf 65424><22.rf 65424><21.rf 65424><20.rf 65424><19.rf 65424><18.rf 65424><17.rf 65424><16.rf 65424><15.rf 65424><14.rf 65424><13.rf 65424><12.rf 65424><11.rf 65424><10.rf 65424><9.rf 65424><8.rf 65424><7.rf 65424><6.rf 65424><5.rf 65424><4.rf 65424><3.rf 65424><2.rf 65424><1.rf 65424><0.rf 65424><49.rf 65432><48.rf 65432><47.rf 65432><46.rf 65432><45.rf 65432><44.rf 65432><43.rf 65432><42.rf 65432><41.rf 65432><40.rf 65432><39.rf 65432><38.rf 65432><37.rf 65432><36.rf 65432><35.rf 65432><34.rf 65432><33.rf 65432><32.rf 65432><31.rf 65432><30.rf 65432><29.rf 65432><28.rf 65432><27.rf 65432><26.rf 65432><25.rf 65432><24.rf 65432><23.rf 65432><22.rf 65432><21.rf 65432><20.rf 65432><19.rf 65432><18.rf 65432><17.rf 65432><16.rf 65432><15.rf 65432><14.rf 65432><13.rf 65432><12.rf 65432><11.rf 65432><10.rf 65432><9.rf 65432><8.rf 65432><7.rf 65432><6.rf 65432><5.rf 65432><4.rf 65432><3.rf 65432><2.rf 65432><1.rf 65432><0.rf 65432><49.rf 65440><48.rf 65440><47.rf 65440><46.rf 65440><45.rf 65440><44.rf 65440><43.rf 65440><42.rf 65440><41.rf 65440><40.rf 65440><39.rf 65440><38.rf 65440><37.rf 65440><36.rf 65440><35.rf 65440><34.rf 65440><33.rf 65440><32.rf 65440><31.rf 65440><30.rf 65440><29.rf 65440><28.rf 65440><27.rf 65440><26.rf 65440><25.rf 65440><24.rf 65440><23.rf 65440><22.rf 65440><21.rf 65440><20.rf 65440><19.rf 65440><18.rf 65440><17.rf 65440><16.rf 65440><15.rf 65440><14.rf 65440><13.rf 65440><12.rf 65440><11.rf 65440><10.rf 65440><9.rf 65440><8.rf 65440><7.rf 65440><6.rf 65440><5.rf 65440><4.rf 65440><3.rf 65440><2.rf 65440><1.rf 65440><0.rf 65440><49.rf 65448><48.rf 65448><47.rf 65448><46.rf 65448><45.rf 65448><44.rf 65448><43.rf 65448><42.rf 65448><41.rf 65448><40.rf 65448><39.rf 65448><38.rf 65448><37.rf 65448><36.rf 65448><35.rf 65448><34.rf 65448><33.rf 65448><32.rf 65448><31.rf 65448><30.rf 65448><29.rf 65448><28.rf 65448><27.rf 65448><26.rf 65448><25.rf 65448><24.rf 65448><23.rf 65448><22.rf 65448><21.rf 65448><20.rf 65448><19.rf 65448><18.rf 65448><17.rf 65448><16.rf 65448><15.rf 65448><14.rf 65448><13.rf 65448><12.rf 65448><11.rf 65448><10.rf 65448><9.rf 65448><8.rf 65448><7.rf 65448><6.rf 65448><5.rf 65448><4.rf 65448><3.rf 65448><2.rf 65448><1.rf 65448><0.rf 65448><49.rf 65456><48.rf 65456><47.rf 65456><46.rf 65456><45.rf 65456><44.rf 65456><43.rf 65456><42.rf 65456><41.rf 65456><40.rf 65456><39.rf 65456><38.rf 65456><37.rf 65456><36.rf 65456><35.rf 65456><34.rf 65456><33.rf 65456><32.rf 65456><31.rf 65456><30.rf 65456><29.rf 65456><28.rf 65456><27.rf 65456><26.rf 65456><25.rf 65456><24.rf 65456><23.rf 65456><22.rf 65456><21.rf 65456><20.rf 65456><19.rf 65456><18.rf 65456><17.rf 65456><16.rf 65456><15.rf 65456><14.rf 65456><13.rf 65456><12.rf 65456><11.rf 65456><10.rf 65456><9.rf 65456><8.rf 65456><7.rf 65456><6.rf 65456><5.rf 65456><4.rf 65456><3.rf 65456><2.rf 65456><1.rf 65456><0.rf 65456><49.rf 65464><48.rf 65464><47.rf 65464><46.rf 65464><45.rf 65464><44.rf 65464><43.rf 65464><42.rf 65464><41.rf 65464><40.rf 65464><39.rf 65464><38.rf 65464><37.rf 65464><36.rf 65464><35.rf 65464><34.rf 65464><33.rf 65464><32.rf 65464><31.rf 65464><30.rf 65464><29.rf 65464><28.rf 65464><27.rf 65464><26.rf 65464><25.rf 65464><24.rf 65464><23.rf 65464><22.rf 65464><21.rf 65464><20.rf 65464><19.rf 65464><18.rf 65464><17.rf 65464><16.rf 65464><15.rf 65464><14.rf 65464><13.rf 65464><12.rf 65464><11.rf 65464><10.rf 65464><9.rf 65464><8.rf 65464><7.rf 65464><6.rf 65464><5.rf 65464><4.rf 65464><3.rf 65464><2.rf 65464><1.rf 65464><0.rf 65464><49.rf 65472><48.rf 65472><47.rf 65472><46.rf 65472><45.rf 65472><44.rf 65472><43.rf 65472><42.rf 65472><41.rf 65472><40.rf 65472><39.rf 65472><38.rf 65472><37.rf 65472><36.rf 65472><35.rf 65472><34.rf 65472><33.rf 65472><32.rf 65472><31.rf 65472><30.rf 65472><29.rf 65472><28.rf 65472><27.rf 65472><26.rf 65472><25.rf 65472><24.rf 65472><23.rf 65472><22.rf 65472><21.rf 65472><20.rf 65472><19.rf 65472><18.rf 65472><17.rf 65472><16.rf 65472><15.rf 65472><14.rf 65472><13.rf 65472><12.rf 65472><11.rf 65472><10.rf 65472><9.rf 65472><8.rf 65472><7.rf 65472><6.rf 65472><5.rf 65472><4.rf 65472><3.rf 65472><2.rf 65472><1.rf 65472><0.rf 65472><49.rf 65480><48.rf 65480><47.rf 65480><46.rf 65480><45.rf 65480><44.rf 65480><43.rf 65480><42.rf 65480><41.rf 65480><40.rf 65480><39.rf 65480><38.rf 65480><37.rf 65480><36.rf 65480><35.rf 65480><34.rf 65480><33.rf 65480><32.rf 65480><31.rf 65480><30.rf 65480><29.rf 65480><28.rf 65480><27.rf 65480><26.rf 65480><25.rf 65480><24.rf 65480><23.rf 65480><22.rf 65480><21.rf 65480><20.rf 65480><19.rf 65480><18.rf 65480><17.rf 65480><16.rf 65480><15.rf 65480><14.rf 65480><13.rf 65480><12.rf 65480><11.rf 65480><10.rf 65480><9.rf 65480><8.rf 65480><7.rf 65480><6.rf 65480><5.rf 65480><4.rf 65480><3.rf 65480><2.rf 65480><1.rf 65480><0.rf 65480><49.rf 65488><48.rf 65488><47.rf 65488><46.rf 65488><45.rf 65488><44.rf 65488><43.rf 65488><42.rf 65488><41.rf 65488><40.rf 65488><39.rf 65488><38.rf 65488><37.rf 65488><36.rf 65488><35.rf 65488><34.rf 65488><33.rf 65488><32.rf 65488><31.rf 65488><30.rf 65488><29.rf 65488><28.rf 65488><27.rf 65488><26.rf 65488><25.rf 65488><24.rf 65488><23.rf 65488><22.rf 65488><21.rf 65488><20.rf 65488><19.rf 65488><18.rf 65488><17.rf 65488><16.rf 65488><15.rf 65488><14.rf 65488><13.rf 65488><12.rf 65488><11.rf 65488><10.rf 65488><9.rf 65488><8.rf 65488><7.rf 65488><6.rf 65488><5.rf 65488><4.rf 65488><3.rf 65488><2.rf 65488><1.rf 65488><0.rf 65488><49.rf 65496><48.rf 65496><47.rf 65496><46.rf 65496><45.rf 65496><44.rf 65496><43.rf 65496><42.rf 65496><41.rf 65496><40.rf 65496><39.rf 65496><38.rf 65496><37.rf 65496><36.rf 65496><35.rf 65496><34.rf 65496><33.rf 65496><32.rf 65496><31.rf 65496><30.rf 65496><29.rf 65496><28.rf 65496><27.rf 65496><26.rf 65496><25.rf 65496><24.rf 65496><23.rf 65496><22.rf 65496><21.rf 65496><20.rf 65496><19.rf 65496><18.rf 65496><17.rf 65496><16.rf 65496><15.rf 65496><14.rf 65496><13.rf 65496><12.rf 65496><11.rf 65496><10.rf 65496><9.rf 65496><8.rf 65496><7.rf 65496><6.rf 65496><5.rf 65496><4.rf 65496><3.rf 65496><2.rf 65496><1.rf 65496><0.rf 65496><49.rf 65504><48.rf 65504><47.rf 65504><46.rf 65504><45.rf 65504><44.rf 65504><43.rf 65504><42.rf 65504><41.rf 65504><40.rf 65504><39.rf 65504><38.rf 65504><37.rf 65504><36.rf 65504><35.rf 65504><34.rf 65504><33.rf 65504><32.rf 65504><31.rf 65504><30.rf 65504><29.rf 65504><28.rf 65504><27.rf 65504><26.rf 65504><25.rf 65504><24.rf 65504><23.rf 65504><22.rf 65504><21.rf 65504><20.rf 65504><19.rf 65504><18.rf 65504><17.rf 65504><16.rf 65504><15.rf 65504><14.rf 65504><13.rf 65504><12.rf 65504><11.rf 65504><10.rf 65504><9.rf 65504><8.rf 65504><7.rf 65504><6.rf 65504><5.rf 65504><4.rf 65504><3.rf 65504><2.rf 65504><1.rf 65504><0.rf 65504><49.rf 65512><48.rf 65512><47.rf 65512><46.rf 65512><45.rf 65512><44.rf 65512><43.rf 65512><42.rf 65512><41.rf 65512><40.rf 65512><39.rf 65512><38.rf 65512><37.rf 65512><36.rf 65512><35.rf 65512><34.rf 65512><33.rf 65512><32.rf 65512><31.rf 65512><30.rf 65512><29.rf 65512><28.rf 65512><27.rf 65512><26.rf 65512><25.rf 65512><24.rf 65512><23.rf 65512><22.rf 65512><21.rf 65512><20.rf 65512><19.rf 65512><18.rf 65512><17.rf 65512><16.rf 65512><15.rf 65512><14.rf 65512><13.rf 65512><12.rf 65512><11.rf 65512><10.rf 65512><9.rf 65512><8.rf 65512><7.rf 65512><6.rf 65512><5.rf 65512><4.rf 65512><3.rf 65512><2.rf 65512><1.rf 65512><0.rf 65512><49.rf 65520><48.rf 65520><47.rf 65520><46.rf 65520><45.rf 65520><44.rf 65520><43.rf 65520><42.rf 65520><41.rf 65520><40.rf 65520><39.rf 65520><38.rf 65520><37.rf 65520><36.rf 65520><35.rf 65520><34.rf 65520><33.rf 65520><32.rf 65520><31.rf 65520><30.rf 65520><29.rf 65520><28.rf 65520><27.rf 65520><26.rf 65520><25.rf 65520><24.rf 65520><23.rf 65520><22.rf 65520><21.rf 65520><20.rf 65520><19.rf 65520><18.rf 65520><17.rf 65520><16.rf 65520><15.rf 65520><14.rf 65520><13.rf 65520><12.rf 65520><11.rf 65520><10.rf 65520><9.rf 65520><8.rf 65520><7.rf 65520><6.rf 65520><5.rf 65520><4.rf 65520><3.rf 65520><2.rf 65520><1.rf 65520><0.rf 65520><49.rf 65528><48.rf 65528><47.rf 65528><46.rf 65528><45.rf 65528><44.rf 65528><43.rf 65528><42.rf 65528><41.rf 65528><40.rf 65528><39.rf 65528><38.rf 65528><37.rf 65528><36.rf 65528><35.rf 65528><34.rf 65528><33.rf 65528><32.rf 65528><31.rf 65528><30.rf 65528><29.rf 65528><28.rf 65528><27.rf 65528><26.rf 65528><25.rf 65528><24.rf 65528><23.rf 65528><22.rf 65528><21.rf 65528><20.rf 65528><19.rf 65528><18.rf 65528><17.rf 65528><16.rf 65528><15.rf 65528><14.rf 65528><13.rf 65528><12.rf 65528><11.rf 65528><10.rf 65528><9.rf 65528><8.rf 65528><7.rf 65528><6.rf 65528><5.rf 65528><4.rf 65528><3.rf 65528><2.rf 65528><1.rf 65528><0.rf 65528><mmc1>go 208000

Hangs at that point.

Messing around a bit in the bootloader:

KA Boot 04240806
scu: 11c33303,00000000,00040404,00009f00,1
Status 20200800

Hit to stop :  2 0
KA2000#000000      
KA2000#help
?       - alias for 'help'
base    - print or set address offset
bdinfo  - print Board Info structure
boot    - boot default, i.e., run 'bootcmd'
bootd   - boot default, i.e., run 'bootcmd'
bootm   - boot application image from memory
clk     - Clock Speed
cmp     - memory compare
coninfo - print console devices and information
cp      - memory copy
crc32   - checksum calculation
dcache  - enable or disable data cache
echo    - echo args to console
editenv - edit environment variable
fatinfo - print information about filesystem
fatload - load binary file from a dos filesystem
fatls   - list files in a directory (default /)
go      - start application at address 'addr'
help    - print command description/usage
icache  - enable or disable instruction cache
iminfo  - print header information for application image
imxtract- extract a part of a multi-image
itest   - return true/false on integer compare
loadb   - load binary file over serial line (kermit mode)
loads   - load S-Record file over serial line
loady   - load binary file over serial line (ymodem mode)
loop    - infinite loop on address range
md      - memory display
mm      - memory modify (auto-incrementing address)
mmc     - MMC sub-system
mtest   - simple RAM read/write test
mw      - memory write (fill)
nm      - memory modify (constant address)
printenv- print environment variables
reset   - Perform RESET of the CPU
run     - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv  - set environment variables
sf      - SPI flash sub-system
sleep   - delay execution for some time
source  - run script from memory
sspi    - SPI utility commands
version - print monitor version
KA2000#version

U-Boot 2010.06-rc1 (Jun 22 2012 - 14:34:53) on KeyAsic KA2000
KA2000#mmc
KA2000#
KA2000#fatls
usage: fatls <interface> <dev[:part]> [directory]
KA2000#
Unknown command '' - try 'help'
KA2000#printenv
bootargs=root=/dev/ram0 rw console=ttyS0,38400n8 mem=30M
bootcmd=run set_bootargs; run bootf
baudrate=38400
console_args=console=ttyS0,38400n8
root_args=root=/dev/ram0 rw
 initrd=0x800000,4M
misc_args=mem=30M
set_bootargs=setenv bootargs ${console_args} ${root_args} ${misc_args}
boot_sd=run set_bootargs; mmc init; fatload mmc 1 208000 image3; fatload mmc 1 500000 initramfs.gz; go 208000
bootcmd=run set_bootargs; run bootf
stdin=serial
stdout=serial
stderr=serial
bootf=mmc init; go 208000
bootdelay=2
ver=U-Boot 2010.06-rc1 (Jun 22 2012 - 14:34:53) on KeyAsic KA2000

Environment size: 571/32764 bytes
KA2000#mmc init
Wait m1 timeout - Status 20200800 RCA0 34, RCA1 12
(5)m1 not readyStatus 20200800
InitCard failed
** Can't read from device 1 **
** Can't read from device 1 **
reading program.bin
Error: reading boot sector
<49.rf 39083><48.rf 39083><47.rf 39083><46.rf 39083><45.rf 39083><44.rf 39083><43.rf 39083><42.rf 39083><41.rf 39083><40.rf 39083><39.rf 39083><38.rf 39083><37.rf 39083><36.rf 39083><35.rf 39083><34.rf 39083><33.rf 39083><32.rf 39083><31.rf 39083><30.rf 39083><29.rf 39083><28.rf 39083><27.rf 39083><26.rf 39083><25.rf 39083><24.rf 39083><23.rf 39083><22.rf 39083><21.rf 39083><20.rf 39083><19.rf 39083><18.rf 39083><17.rf 39083><16.rf 39083><15.rf 39083><14.rf 39083><13.rf 39083><12.rf 39083><11.rf 39083><10.rf 39083><9.rf 39083><8.rf 39083><7.rf 39083><6.rf 39083><5.rf 39083><4.rf 39083><3.rf 39083><2.rf 39083><1.rf 39083><0.rf 39083><mmc1>KA2000#KA boot

Power consumption is 90mA while it's in the bootloader, 30mA in the ~6 seconds until the bootloader comes up.

(Last edited by moroboshi on 29 Aug 2013, 00:51)

And here is what the firmware upgrade looks like:

KA Boot 04240806
scu: 11c33303,00000000,00040404,00009f00,1
Status 20200804

Hit to stop :  2^H^H 1^H^H 0
Status 20200804
RCA0 68, RCA1 b3
....reading program.bin
................................go E00000
clk: PLL (div=9f00)
scu: 11c33303,00000000,00040404,00009f00,1
Status 20200804
******          Program Mode (GEN3)              ******
Status 20200804
RCA0 68, RCA1 b3
..<mmc1>..<mmc1>reading autoload.tbl
...reading delchain.dis
...reading u-boot.bin
...reading image3
......reading preprog_chk.bin
...found image3, start program.
..reading image3
.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
2664833 bytes read
...........................................................................................................reading initramfs3.gz
......found initramfs3.gz, start program.
..reading initramfs3.gz
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
2959941 bytes read
...........................................................................................................reading mtd_jffs2.bin
......found mtd_jffs2.bin, start program.
..reading mtd_jffs2.bin
....................................................................................................................................................................................................................................................................
1048576 bytes read
....................................
Hit to stop :  2^H^H 1^H^H 0
go 208000
<4>(192-96-1)
console [ttyS0] enabled
Mount-cache hash table entries: 512
NET: Registered protocol family 16
bio: create slab <bio-0> at 0
[...]
moroboshi wrote:

And here is what the firmware upgrade looks like:

GREAT, now how did you do this? Do I have to open the card for u-boot changes?

moroboshi wrote:

Looks like u-boot can't initialize the SD card when it's not connected to a host

Hmm, interesting.  But SD card access at boot time is only really necessary for firmware updates, right?  (Since the Linux kernel and initrd are in separate 3MB flash regions.)  So it seems to me you could create a custom bootloader that tries to initialize the SD card and check for a firmware update, and if that fails, it goes ahead with the normal Linux boot process anyway - so you can run the card independently, but you need to connect it to a host machine if you want to update the firmware.

Has anyone requested the U-Boot sources and configs from Transcend/PQI/Trek yet?  I'm sure having a copy of their custom modifications to U-Boot would be useful in figuring out just what the bootloader is doing.  (Also, it would be nice to get a copy of the source for program.bin - I think someone said earlier that it's based on U-Boot as well.)

Success!  (Sort of.)  I now have a custom kernel with not-completely-broken wifi drivers:

> dmesg | head -n 1
[    0.000000] Linux version 2.6.32.28 (stuart@thunderlane) (gcc version 4.6.1 (Sourcery CodeBench Lite 2011.09-70) ) #8 PREEMPT Wed Aug 28 20:31:13 PDT 2013

> ifconfig -a
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr B0:38:29:03:30:76  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:7 (7.0 B)

The wifi can't actually connect to anything yet, because the driver doesn't seem to support the old 'iwconfig' suite of tools.  Tomorrow I will try compiling the newer 'iw' tools and see if I can get it connected to an actual network.  (I am definitely looking forward to having an interactive shell again :)

I will do a proper writeup by this weekend, but here is the short version for now:

  • Build the 2.6.32.28 KeyASIC kernel using ka2000_defconfig with the following changes:

    • CFG80211 = n

    • LIB80211 = n

    • MAC80211 = n

    • USB_SUPPORT = y

    • USB = y

    • SYSFS = y

    Copy the one compiled .ko file to the SD card, and flash the new arch/arm/boot/Image.

  • Download Backports.  Set ARCH=arm, CROSS_COMPILE=(toolchain prefix), KLIB_BUILD=(path to kernel sources).  Run 'make allnoconfig', then set the following options and compile:

    • CFG80211 = m

    • WLAN = y

    • ATH_CARDS = m

    • ATH6KL = m

    • ATH6KL_SDIO = m

    Copy all the .ko files to the SD card.  There should be four of them.

  • Clone the linux-firmware repository, and copy ath6kl/AR6003/hw2.1.1/* into /mnt/sd/firmware/ath6kl/AR6003/hw2.1.1/

  • Set up autorun.sh to do the following:

    • Mount sysfs on /sys

    • Copy a firmware loader script to /sbin/hotplug (I put a copy of mine below)

    • Copy or symlink /mnt/sd/firmware to /lib/firmware

    • Load the five modules from the sd card in order: ka2000-sdio.ko, compat.ko, cfg80211.ko, ath6kl_core.ko, ath6kl_sdio.ko.

    • At this point, ifconfig should show the presence of 'wlan0'.

And here is my /sbin/hotplug (because the forum doesn't let you nest a code block inside a list, for some reason):

#!/bin/sh
HOTPLUG_FW_DIR=/lib/firmware

if [ -z "$FIRMWARE" ] || [ "$ACTION" != "add" ]; then
    exit 0
fi

if [ -f "$HOTPLUG_FW_DIR/$FIRMWARE" ]; then
    # Load the firmware
    echo 1 > /sys/$DEVPATH/loading
    cat $HOTPLUG_FW_DIR/$FIRMWARE > /sys/$DEVPATH/data
    echo 0 > /sys/$DEVPATH/loading
else
    # Tell the kernel the firmware could not be found
    echo -1 > /sys/$DEVPATH/loading
fi

Hey guys, nice work on the card so far! It will be awesome when it can be upgraded to run a fully functional OpenWrt firmware smile


I've got an issue that some of you might have noticed and fixed already...

Card is in camera, wifi started, I am logged in via telnet to the card, the SD is mounted under /mnt/sd/

I try to delete an image from under the DCIM directory, afterwards I do a "ls" and it looks like it's gone, however it is not deleted and re-appears after a while or when running refresh_sd command.

How can I, from the telnet shell, delete images/files from the SD-card?

mrgreen123 wrote:

Hey guys, nice work on the card so far! It will be awesome when it can be upgraded to run a fully functional OpenWrt firmware smile


I've got an issue that some of you might have noticed and fixed already...

Card is in camera, wifi started, I am logged in via telnet to the card, the SD is mounted under /mnt/sd/

I try to delete an image from under the DCIM directory, afterwards I do a "ls" and it looks like it's gone, however it is not deleted and re-appears after a while or when running refresh_sd command.

How can I, from the telnet shell, delete images/files from the SD-card?


Here's the output from my trials:

# ls -la /mnt/sd/DCIM/PIC0001.JPG
-rwxr-xr-x    1 0        0          35536336 Aug 29  2013  /mnt/sd/DCIM/PIC0001.JPG

# rm -fr /mnt/sd/DCIM/PIC0001.JPG

# ls -la /mnt/sd/DCIM/PIC0001.JPG
ls: /mnt/sd/DCIM/PIC0001.JPG:  No such file or directory

# refresh_sd

# ls -la /mnt/sd/DCIM/PIC0001.JPG
-rwxr-xr-x    1 0        0          35536336 Aug 29  2013  /mnt/sd/DCIM/PIC0001.JPG



Also the bodyguard.sh script does a refresh_sd every 60 seconds which is why the file re-appears by itself after a while.

jrsmile wrote:
moroboshi wrote:

And here is what the firmware upgrade looks like:

GREAT, now how did you do this? Do I have to open the card for u-boot changes?

That's with the card plugged into a card reader to make it boot.
Then just copying the firmware update into the SD card root and powercycling the card reader, so it reboots and the firmware update is then handled by the bootloader (updated to the Transcend 1.8 firmware for testing).