OpenWrt Forum Archive

Topic: GL-AR300M 300M Smart Router

The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
keyboardgnome
27 Sep 2017, 19:29

Howdy folks,

I've been able to flash my own firmware onto the GL-AR300M 300M Smart Router platform for quite some time without issue. I bought some more, and something has changed. When I load my firmware (just added features in normal openwrt), the device reboots and never comes back with 192.168.1.1. I can hold down the reset button, and it'll trigger a tftp pull from 192.168.1.2, for which I reloaded the vendors previous firmware onto it. It comes back online at the default 192.168.8.1, but when it reboots, it *always* does a tftp pull request first.

So, my first question is, has anyone noticed a change in the NAND that might cause default openwrt to no longer work, or even custom images...

Second question is, any suggestions on how to have it not constantly pull new firmware on boot up?

Post #2
ulmwind
28 Sep 2017, 11:42

It is interesting, how do you update firmware?

Post #4
keyboardgnome
29 Sep 2017, 18:42

I've done firmware updates in a couple different ways: tar.gz on the default UI that it comes with (subsequent loads are rejected), tftp (img), and the 5 second reset button web ui on 192.168.1.1(img)....

I've tried reloading lede, openwrt and GL images...

This weekend, I plan on UART'ing it and seeing what may come out of that. I recall finding a reference that they've may have changed their NAND.

More or less, I'm wondering if anyone else has ordered some recently and have experienced this yet... I guess I have some homework this weekend.

Post #5
keyboardgnome
29 Sep 2017, 18:44
RangerZ wrote:

Not sure why you are building this, but I believe the patches are not in released CC.

There is a LEDE version you can try
http://downloads.lede-project.org/relea … x/generic/


I'm doing builds to include some specific things I wanted in a default firmware package...

Post #6
g000444555
1 Oct 2017, 09:18

Something to bare in mind is that the router has two memories.

  • Nor memory 16M. The rooter boots from this memory for recovery purposes and is accessible at 192.168.8.1.

  • NAND memory 128M. This is the memory that it normally should boot from and is accessible at whatever you've configured.

I own two GL-AR300M routers and I have noticed that only in the latest one it sometimes boots from the Nor memory without any particular reason. That is despite the fact the two routers are the exact same model and running the exact same firmware (Version 2.261 updated through the original UI). However, in my case a reboot is usually sufficient to boot it back from the NAND.

In order to verify from the UI which memory you booted from go to 'App repo' and if you see something like 'flash usage 100M free (total 128M)' that means it booted from NAND, otherwise it would report total 16M.

I'm kind of loosing my trust to the device, because I have observed some odd things lately. In addition to the above concern, I have also noticed this rule inside '/etc/config/firewall':

config rule 'btservice_rule'
    option name 'btservice'
    option dest_port '6911'
    option proto 'tcp udp'
    option src 'wan'
    option target 'ACCEPT'

I have ordered the particular device from amazon.co.uk and my other device, which I ordered from elsewhere, does not have the above rule. Without investigating too much yet, the above looks like a backdoor to me.

In regards to the UART, let me know if you figure it out, as my router does not seem to have UART connector as shown in this picture at dropbox: dropbox.com/s/rly01zei9kv9380/IMG_7327.JPG?dl=0 (The forum doesn't allow to post the complete URL, also, the heat sink is my own addition).

Post #7
keyboardgnome
10 Oct 2017, 19:45

I had some time to mess with this some more. The latest web UI prevents external firmware to load (2.26), at least on the devices I have. It reports "Error: Firmware not for this hardware."

When I use uboot and upload the img, it takes it just fine, then it bombs out and loads the NOR flash.

Here's the log after a flash load, where it fails, and loads the NOR flash

U-Boot 1.1.4-g36de7573-dirty (Jun  1 2017 - 09:14:12)

DRAM:  128 MB
Nor Flash:  16 MB, sector count = 256
*** Warning *** : PCIe WLAN Module not found !!!
manu id A1E1
NAND Flash:  128 MB, page size = 0x800 block size = 0x20000 oob size = 0x80
Protect off 9F040000 ... 9F04FFFF
Un-Protecting sectors 4..4 in bank 1
Un-Protected 1 sectors
Erasing Flash...Erasing flash... 
First 0x4 last 0x4 sector size 0x10000
   4
Erased 1 sectors
Writing to Flash... write addr: 9f040000
done
Protecting sectors 4..4 in bank 1
Protected 1 sectors
Press reset button for at least:
- 5 sec. to run web failsafe mode
Reset button is pressed for:  5 

Button was pressed for 5 sec...
HTTP server is starting for firmware update...

Trying eth0
eth0 link down
FAIL
Trying eth1
enet1 port0 up
dup 1 speed 1000
HTTP server is starting at IP: 192.168.1.1
HTTP server is ready!

Request for----: /
we are here 1 
open file: /index.html--finished reading file---
Request for----: /style.css
we are here 2 
open file: /style.css--finished reading file---
Data will be downloaded at 0x80800000 in RAM
Upgrade type: nand_firmware
Upload file size: 7602176 bytes
Loading: #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         #######################################
         ################################

open file: /flashing.html
stop eth interface!!
HTTP upload is done! Upgrading...


****************************
*    FIRMWARE UPGRADING    *
* DO NOT POWER OFF DEVICE! *
****************************

Executing: nand erase; nand write 0x80800000 0 0x740000


NAND erase: device 0 offset 0x0, size 0x8000000 
OK

NAND write: device 0 offset 0x0, size 7602176 ...  7602176 bytes written: OK
HTTP ugrade is done! Rebooting...



U-Boot 1.1.4-g36de7573-dirty (Jun  1 2017 - 09:14:12)

DRAM:  128 MB
Nor Flash:  16 MB, sector count = 256
*** Warning *** : PCIe WLAN Module not found !!!
manu id A1E1
NAND Flash:  128 MB, page size = 0x800 block size = 0x20000 oob size = 0x80
Protect off 9F040000 ... 9F04FFFF
Un-Protecting sectors 4..4 in bank 1
Un-Protected 1 sectors
Erasing Flash...Erasing flash... 
First 0x4 last 0x4 sector size 0x10000
   4
Erased 1 sectors
Writing to Flash... write addr: 9f040000
done
Protecting sectors 4..4 in bank 1
Protected 1 sectors
Warning: Bootlimit (3) exceeded. Using altbootcmd.
Un-Protect Flash Bank # 1
Hit any key to stop autoboot: -99 

Device 0 bad blocks:
  07fa0000
  07fc0000
  07fe0000
Found ART,Checking calibration status...
Device have calibrated,Checking device test status...
Device have tested,Checking MAC address...
Device have MAC address,Checking device flash status...
Device have nor and nand flash,Booting standard firmware from nor flash...
Booting image at: 0x9F050000
Trying eth0
eth0 link down
FAIL
Trying eth1
enet1 port0 up
dup 1 speed 1000
Using eth1 device
ping failed; host 192.168.1.2 is not alive
## Booting image at 9f050000 ...
   Image Name:   MIPS OpenWrt Linux-3.18.27
   Created:      2017-06-19   6:28:41 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    1207607 Bytes =  1.2 MB
   Load Address: 80060000
   Entry Point:  80060000
   Verifying Checksum at 0x9f050040 ...OK
   Uncompressing Kernel Image ... OK
No initrd
## Transferring control to Linux (at address 80060000) ...
## Giving linux memsize in bytes, 134217728

Starting kernel ...
Post #8
keyboardgnome
10 Oct 2017, 19:51

Not that this is for debugging LEDE, but here is what happens when you load their firmware

U-Boot 1.1.4-g36de7573-dirty (Jun  1 2017 - 09:14:12)

DRAM:  128 MB
Nor Flash:  16 MB, sector count = 256
*** Warning *** : PCIe WLAN Module not found !!!
manu id A1E1
NAND Flash:  128 MB, page size = 0x800 block size = 0x20000 oob size = 0x80
Protect off 9F040000 ... 9F04FFFF
Un-Protecting sectors 4..4 in bank 1
Un-Protected 1 sectors
Erasing Flash...Erasing flash... 
First 0x4 last 0x4 sector size 0x10000
   4
Erased 1 sectors
Writing to Flash... write addr: 9f040000
done
Protecting sectors 4..4 in bank 1
Protected 1 sectors
Un-Protect Flash Bank # 1
Hit any key to stop autoboot: -99 

Device 0 bad blocks:
  07fa0000
  07fc0000
  07fe0000
Found ART,Checking calibration status...
Device have calibrated,Checking device test status...
Device have tested,Checking MAC address...
Device have MAC address,Checking device flash status...
Device have nor and nand flash,Booting standard firmware from nand flash...
Booting image at: 0x81000000
Trying eth0
eth0 link down
FAIL
Trying eth1
enet1 port0 up
dup 1 speed 1000
Using eth1 device
ping failed; host 192.168.1.2 is not alive

Device 0 bad blocks:
  07fa0000
  07fc0000
  07fe0000

Loading from device 0: ath-spi-nand (offset 0x0)
   Image Name:   MIPS OpenWrt Linux-3.18.27
   Created:      2017-09-27  17:08:28 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    1256276 Bytes =  1.2 MB
   Load Address: 80060000
   Entry Point:  80060000
## Booting image at 81000000 ...
   Image Name:   MIPS OpenWrt Linux-3.18.27
   Created:      2017-09-27  17:08:28 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    1256276 Bytes =  1.2 MB
   Load Address: 80060000
   Entry Point:  80060000
   Verifying Checksum at 0x81000040 ...OK
   Uncompressing Kernel Image ... OK
No initrd
## Transferring control to Linux (at address 80060000) ...
## Giving linux memsize in bytes, 134217728

Starting kernel ...

[    0.000000] Linux version 3.18.27 (me@openwrt) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r47065) ) #7 Wed Sep 27 13:08:18 EDT 2017
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019374 (MIPS 24Kc)
[    0.000000] SoC: Qualcomm Atheros QCA9533 ver 2 rev 0
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 08000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x00000000-0x07ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x00000000-0x07ffffff]
[    0.000000] Initmem setup node 0 [mem 0x00000000-0x07ffffff]
[    0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 32512
[    0.000000] Kernel command line:  board=GL-AR300M console=ttyS0,115200 mtdparts=spi0.0:256k(u-boot)ro,64k(u-boot-env),16000k(reserved),64k(art);spi0.1:2048k(kernel),-(ubi) rootfstype=squashfs noinitrd
[    0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[    0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Writing ErrCtl register=00000000
[    0.000000] Readback ErrCtl register=00000000
[    0.000000] Memory: 125604K/131072K available (2792K kernel code, 127K rwdata, 584K rodata, 200K init, 187K bss, 5468K reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS:51
[    0.000000] Clocks: CPU:650.000MHz, DDR:597.485MHz, AHB:216.666MHz, Ref:25.000MHz
[    0.000000] Calibrating delay loop... 432.53 BogoMIPS (lpj=2162688)
[    0.060000] pid_max: default: 32768 minimum: 301
[    0.060000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.070000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.070000] NET: Registered protocol family 16
[    0.080000] MIPS: machine is GL-AR300M
[    0.530000] Switched to clocksource MIPS
[    0.530000] NET: Registered protocol family 2
[    0.540000] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.540000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[    0.550000] TCP: Hash tables configured (established 1024 bind 1024)
[    0.550000] TCP: reno registered
[    0.560000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.560000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.570000] NET: Registered protocol family 1
[    0.570000] futex hash table entries: 256 (order: -1, 3072 bytes)
[    0.590000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.590000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.600000] msgmni has been set to 245
[    0.610000] io scheduler noop registered
[    0.620000] io scheduler deadline registered (default)
[    0.620000] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
�[    0.650000] serial8250.0: ttyS0 at MMIO 0x18020000 (irq = 11, base_baud = 1562500) is a 16550A
[    0.660000] console [ttyS0] enabled
[    0.660000] console [ttyS0] enabled
[    0.670000] bootconsole [early0] disabled
[    0.670000] bootconsole [early0] disabled
[    0.680000] m25p80 spi0.0: found mx25l12805d, expected m25p80
[    0.690000] m25p80 spi0.0: mx25l12805d (16384 Kbytes)
[    0.690000] 4 cmdlinepart partitions found on MTD device spi0.0
[    0.700000] Creating 4 MTD partitions on "spi0.0":
[    0.700000] 0x000000000000-0x000000040000 : "u-boot"
[    0.710000] 0x000000040000-0x000000050000 : "u-boot-env"
[    0.710000] 0x000000050000-0x000000ff0000 : "reserved"
[    0.720000] 0x000000ff0000-0x000001000000 : "art"
[    0.730000] nand: device found, Manufacturer ID: 0x00, Chip ID: 0xa1
[    0.740000] nand: Unknown NAND 128MiB 1,8V 8-bit
[    0.740000] nand: 128MiB, MLC, page size: 2048, OOB size: 128
[    0.750000] Scanning device for bad blocks
[    0.750000] Bad eraseblock 0 at 0x000000000000
[    0.760000] Bad eraseblock 1 at 0x000000020000
[    0.760000] Bad eraseblock 2 at 0x000000040000
[    0.770000] Bad eraseblock 3 at 0x000000060000
[    0.770000] Bad eraseblock 4 at 0x000000080000
[    0.780000] Bad eraseblock 5 at 0x0000000a0000
[    0.780000] Bad eraseblock 6 at 0x0000000c0000
[    0.790000] Bad eraseblock 7 at 0x0000000e0000
[    0.790000] Bad eraseblock 8 at 0x000000100000
[    0.800000] Bad eraseblock 9 at 0x000000120000
[    0.800000] Bad eraseblock 10 at 0x000000140000
[    0.810000] Bad eraseblock 11 at 0x000000160000
[    0.810000] Bad eraseblock 12 at 0x000000180000
[    0.820000] Bad eraseblock 13 at 0x0000001a0000
[    0.820000] Bad eraseblock 14 at 0x0000001c0000
[    0.830000] Bad eraseblock 15 at 0x0000001e0000
[    0.830000] Bad eraseblock 16 at 0x000000200000
[    0.840000] Bad eraseblock 17 at 0x000000220000
[    0.840000] Bad eraseblock 18 at 0x000000240000
[    0.850000] Bad eraseblock 19 at 0x000000260000
[    0.850000] Bad eraseblock 20 at 0x000000280000
[    0.860000] Bad eraseblock 21 at 0x0000002a0000
[    0.860000] Bad eraseblock 22 at 0x0000002c0000
[    0.870000] Bad eraseblock 23 at 0x0000002e0000
[    0.870000] Bad eraseblock 24 at 0x000000300000
[    0.880000] Bad eraseblock 25 at 0x000000320000
[    0.880000] Bad eraseblock 26 at 0x000000340000
[    0.890000] Bad eraseblock 27 at 0x000000360000
[    0.890000] Bad eraseblock 28 at 0x000000380000
[    0.900000] Bad eraseblock 29 at 0x0000003a0000
[    0.900000] Bad eraseblock 30 at 0x0000003c0000
[    0.910000] Bad eraseblock 31 at 0x0000003e0000
[    0.910000] Bad eraseblock 32 at 0x000000400000
[    0.920000] Bad eraseblock 33 at 0x000000420000
[    0.920000] Bad eraseblock 34 at 0x000000440000
[    0.930000] Bad eraseblock 35 at 0x000000460000
[    0.930000] Bad eraseblock 36 at 0x000000480000
[    0.940000] Bad eraseblock 37 at 0x0000004a0000
[    0.940000] Bad eraseblock 38 at 0x0000004c0000
[    0.950000] Bad eraseblock 39 at 0x0000004e0000
[    0.950000] Bad eraseblock 40 at 0x000000500000
[    0.960000] Bad eraseblock 41 at 0x000000520000
[    0.960000] Bad eraseblock 42 at 0x000000540000
[    0.970000] Bad eraseblock 43 at 0x000000560000
[    0.970000] Bad eraseblock 44 at 0x000000580000
[    0.980000] Bad eraseblock 45 at 0x0000005a0000
[    0.980000] Bad eraseblock 46 at 0x0000005c0000
[    0.990000] Bad eraseblock 47 at 0x0000005e0000
[    0.990000] Bad eraseblock 48 at 0x000000600000
[    1.000000] Bad eraseblock 49 at 0x000000620000
[    1.000000] Bad eraseblock 50 at 0x000000640000
[    1.010000] Bad eraseblock 51 at 0x000000660000
[    1.010000] Bad eraseblock 52 at 0x000000680000
[    1.020000] Bad eraseblock 53 at 0x0000006a0000
[    1.020000] Bad eraseblock 54 at 0x0000006c0000
[    1.030000] Bad eraseblock 55 at 0x0000006e0000
[    1.030000] Bad eraseblock 56 at 0x000000700000
[    1.040000] Bad eraseblock 57 at 0x000000720000
[    1.330000] Bad eraseblock 1021 at 0x000007fa0000
[    1.340000] Bad eraseblock 1022 at 0x000007fc0000
[    1.340000] Bad eraseblock 1023 at 0x000007fe0000
[    1.350000] 2 cmdlinepart partitions found on MTD device spi0.1
[    1.350000] Creating 2 MTD partitions on "spi0.1":
[    1.360000] 0x000000000000-0x000000200000 : "kernel"
[    1.360000] 0x000000200000-0x000008000000 : "ubi"
[    1.380000] libphy: ag71xx_mdio: probed
[    1.980000] ag71xx ag71xx.0: connected to PHY at ag71xx-mdio.1:04 [uid=004dd042, driver=Generic PHY]
[    1.990000] eth0: Atheros AG71xx at 0xb9000000, irq 4, mode:MII
[    2.580000] ag71xx-mdio.1: Found an AR934X built-in switch
[    2.620000] eth1: Atheros AG71xx at 0xba000000, irq 5, mode:GMII
[    2.630000] TCP: cubic registered
[    2.630000] NET: Registered protocol family 17
[    2.640000] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    2.650000] 8021q: 802.1Q VLAN Support v1.8
[    2.660000] UBI: auto-attach mtd5
[    2.660000] UBI: attaching mtd5 to ubi0
[    4.790000] UBI: scanning is finished
[    4.800000] UBI: empty MTD device detected
[    4.920000] UBI warning: ubi_calculate_reserved: number of bad PEBs (45) is above the expected limit (20), not reserving any PEBs for bad PEB handling, will use available PEBs (if any)
[    4.940000] UBI: attached mtd5 (name "ubi", size 126 MiB) to ubi0
[    4.950000] UBI: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[    4.960000] UBI: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[    4.960000] UBI: VID header offset: 2048 (aligned 2048), data offset: 4096
[    4.970000] UBI: good PEBs: 963, bad PEBs: 45, corrupted PEBs: 0
[    4.980000] UBI: user volume: 0, internal volumes: 1, max. volumes count: 128
[    4.980000] UBI: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 39014793
[    4.990000] UBI: available PEBs: 959, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[    5.000000] UBI: background thread "ubi_bgt0d" started, PID 245
[    5.010000] UBIFS error (pid 1): ubifs_mount: cannot open "ubi0:rootfs", error -19
[    5.020000] VFS: Cannot open root device "(null)" or unknown-block(0,0): error -6
[    5.020000] Please append a correct "root=" boot option; here are the available partitions:
[    5.030000] 1f00             256 mtdblock0  (driver?)
[    5.040000] 1f01              64 mtdblock1  (driver?)
[    5.040000] 1f02           16000 mtdblock2  (driver?)
[    5.050000] 1f03              64 mtdblock3  (driver?)
[    5.050000] 1f04            2048 mtdblock4  (driver?)
[    5.060000] 1f05          129024 mtdblock5  (driver?)
[    5.060000] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[    5.060000] ---[ end Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)

(Last edited by keyboardgnome on 10 Oct 2017, 19:58)

The discussion might have continued from here.