Hi everyone

I've got a D-Link DSL-502T AU, this is just a guide to de-bricking it and restoring the default DLink firmware, you should probably read this before you attempt to flash the router with Openwrt. If your router stops working use the recovery procedures outlined by D-Link first of all. Before flashing please get a JTAG cable and (optionally) a Serial cable. The JTAG will allow you to talk directly to the routers AR7 processor and restore the firmware. The serial cable will give you DMESG / debug information and is useful when trying to see why OpenWRT won't start

Another thing to check before flashing or attempting to flash to openwrt is that your flash memory chip is supported by HairyDairyMaids debrick utility, otherwise you are stuck

Get it here: http://downloads.openwrt.org/utils/ and run ./wrt54g and check if your flash chip is listed.

Inside the unit you will find: a 14 pin JTAG connector (soldered on mine), 14 pin GPIO (unsoldered), 5 pin Serial (soldered), 10 pin serial (unsoldered), my flash chip was Samsung K8D3216UBC (It's next to the JTAG connector).

If you have erased the bootloader or the config file you will have a dead router and need to recover using the JTAG method. This cannot happen when flashing with the default D-Link utilities! You can use the software recovery methods outlined on their site.

The only way to recover from this point is to use a JTAG cable to connect ot the router and talk directly to the AR7 MIPS based processor.

It's pretty simple, there are schematics here available for the poor mans JTAG, this is a cable with 4 or 5 resistors and no data buffer chip.

The WRT54G uses EJTAG 2.0 and a 12pin JTAG. You can buy one of these JTAG cables from ebay and then mod it to be used on your AR7 router, or you can build your own. The AR7 uses EJTAG 2.6 and has a 14pin JTAG. The difference? The WRT54G doesn't need pin 1 TRST set to high, the AR7 does. To do this you just get a 100ohm resistor and connect pin 1 to pin 8 via this resistor (note my pin numbering may be different to yours).

Pin schematics are here:
http://wiki.openwrt.org/AR7Port
http://wiki.openwrt.org/OpenWrtDocs/Cus … JTAG_Cable

My pins are numbered as so:

1 (TRST) - 14
2 - 13
3 - 12
4 - 11
5 - 10
6 - 9
7 - 8 (VIO/VCCC/VREF)

Now, my BIOS settings for my printer port were: ECP+EPP, 0x378.

Once you do this you can use HairyDairyMaids debrick utility 4.8

Under Windows: load giveio.sys by running loaddrv.exe and adding 'giveio.sys' to the end of the line and clicking install+start.

Under Linux (Ubuntu): Get the build essentials package, compile the binary using 'make' from the folder you extracted the files to, then you need to do this to read the parallel port: rmmod lp, modprobe parport, mknod /dev/parport0 c 99 0

You can now do ./wrt54g -probeonly to test if the unit can be detected

I will keep this simple, first of all flash the ADAM2 bootloader (64k):

root@ZPC:~/HairyDairyMaid_WRT54G_Debrick_Utility_v48# ./wrt54g -flash:custom  /noerase /nobreak /nodma /window:0x90000000 /start:0x90000000 /length:0x10000  /nocwd

====================================
WRT54G/GS EJTAG Debrick Utility v4.8
====================================

Probing bus ... Done

Instruction Length set to 5

CPU Chip ID: 00000000000000000001000000001111 (0000100F)
*** Found a TI AR7WRD TNETD7300GDU Rev 1 CPU chip ***

    - EJTAG IMPCODE ....... : 01000001010000000100000000000000 (41404000)
    - EJTAG Version ....... : 2.6
    - EJTAG DMA Support ... : No
    *** DMA Mode Forced Off ***

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Skipped
Halting Processor ... Skipped
Clearing Watchdog ... Skipped

Probing Flash at (Flash Window: 0x90000000) ... Done

Flash Vendor ID: 00000000000000000000000011101100 (000000EC)
Flash Device ID: 00000000000000000010001010100010 (000022A2)
*** Found a K8D3216UBC  2Mx16 BotB     (4MB) Flash Chip ***

    - Flash Chip Window Start .... : 90000000
    - Flash Chip Window Length ... : 00200000
    - Selected Area Start ........ : 90000000
    - Selected Area Length ....... : 00010000

*** You Selected to Flash the CUSTOM.BIN ***

=========================
Flashing Routine Started
=========================

Loading CUSTOM.BIN to Flash Memory...
[  0% Flashed]   90000000: 40809000 40809800 401a6000 241bfffe
[  0% Flashed]   90000010: 035bd024 3c1b0040 035bd025 409a6000

etc...

Done  (CUSTOM.BIN loaded into Flash Memory OK)

=========================
Flashing Routine Complete
=========================
elapsed time: 1522 seconds

*** REQUESTED OPERATION IS COMPLETE ***

if you find the flash gets stuck at a certain percentage, use -erase:custom first to erase that area.

(Erase of config)

=========================
Erasing Routine Started
=========================
Total Blocks to Erase: 8

Erasing block: 1 (addr = 903f0000)...Done
Erasing block: 2 (addr = 903f2000)...Done
Erasing block: 3 (addr = 903f4000)...Done
Erasing block: 4 (addr = 903f6000)...Done
Erasing block: 5 (addr = 903f8000)...Done
Erasing block: 6 (addr = 903fa000)...Done
Erasing block: 7 (addr = 903fc000)...Done
Erasing block: 8 (addr = 903fe000)...Done
=========================
Erasing Routine Complete
=========================
elapsed time: 5 seconds

It takes about 20 mins to upload 64k and about 5 seconds to erase it

Once you have done this now you need to flash a configuration using window:0x903f0000 start:0x903f0000 length:0x10000

Get this MTD3 configuration file: http://mcmcc.bat.ru/dlinkt/restore_mtd3_50xT.rar

Once this is done, set you lan IP as 10.8.8.1 subnet 255.0.0.0 (on Linux u need to do ifconfig eth0 10.8.8.1 to set your IP) and then reboot the router, ftp into 10.8.8.8 21 using the command prompt FTP (not anything else) and you will see an adam2 prompt (gratz!).

root@ZPC:~/HairyDairyMaid_WRT54G_Debrick_Utility_v48# ping 10.8.8.8
PING 10.8.8.8 (10.8.8.8) 56(84) bytes of data.
From 10.8.8.10 icmp_seq=1 Destination Host Unreachable
From 10.8.8.10 icmp_seq=2 Destination Host Unreachable
From 10.8.8.10 icmp_seq=3 Destination Host Unreachable
From 10.8.8.10 icmp_seq=4 Destination Host Unreachable
From 10.8.8.10 icmp_seq=5 Destination Host Unreachable
From 10.8.8.10 icmp_seq=6 Destination Host Unreachable
64 bytes from 10.8.8.8: icmp_seq=7 ttl=250 time=2006 ms
64 bytes from 10.8.8.8: icmp_seq=9 ttl=250 time=5.17 ms
64 bytes from 10.8.8.8: icmp_seq=10 ttl=250 time=5.16 ms
64 bytes from 10.8.8.8: icmp_seq=11 ttl=250 time=5.09 ms
64 bytes from 10.8.8.8: icmp_seq=12 ttl=250 time=5.09 ms
64 bytes from 10.8.8.8: icmp_seq=13 ttl=250 time=5.09 ms
64 bytes from 10.8.8.8: icmp_seq=14 ttl=250 time=5.14 ms
64 bytes from 10.8.8.8: icmp_seq=15 ttl=250 time=5.16 ms
64 bytes from 10.8.8.8: icmp_seq=16 ttl=250 time=5.09 ms
64 bytes from 10.8.8.8: icmp_seq=17 ttl=250 time=5.09 ms
64 bytes from 10.8.8.8: icmp_seq=18 ttl=250 time=5.09 ms
64 bytes from 10.8.8.8: icmp_seq=19 ttl=250 time=5.14 ms

This is the glorious moment when my router started working again.

I found that all the adam2 bootloaders on the internet work fine, I ended up using olegs compiled version as this has a default IP hard coded into it. http://star.oai.pp.ru/jtag/adam2-oleg.zip

Now on to some instructions about how to restore the firmware from this stage,

First we need the firmware, just get the .bin from D-Link and rename it fw or fw.bin or something short

ftp://files.dlink.com.au/products/DSL-5 … 060808.bin

Now, you can upload the firmware (see below for an example)

root@ZPC:~# ifconfig eth0 10.8.8.7
root@ZPC:~# ftp 10.8.8.8 21
ftp: connect: No route to host
ftp>
ftp> o
(to) 10.8.8.8 21
Connected to 10.8.8.8.
220 ADAM2 FTP Server ready.
Name (10.8.8.8:z): adam2
331 Password required for adam2.
Password:
230 adam2 logged in.
ftp> quote MEDIA FLSH
200 media set to FLASH
ftp> binary
200 Type set to I.
ftp> hash
Hash mark printing on (1024 bytes/hash mark).
ftp> debug
Debugging on (debug=1).
ftp> put "fw" "fs mtd4"
local: fw remote: fs mtd4
---> PORT 10,8,8,7,170,251
200 Port command successful.
---> STOR fs mtd4
150 Opening BINARY mode.
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#############################################################################################################################################################
#################################################################
226 Transfer complete.
1996699 bytes sent in 27.36 secs (71.3 kB/s)
ftp> quote REBOOT
---> REBOOT
221 Goodbye.
ftp>

But let me guess... you didn't get the firmware to upload?

Did you get 550 can not erase or 550 flash erase failed

I think I know why!!

This is because the configuration file we just uploaded had the old firmware version 1 memory map and we are trying to upload a firmware version 2 which has a different memory mapping.

You can solve this by issuing SETENV commands with the correct memory mappings before uploading the firmware

quote "SETENV mtd0,0x90091000,0x903f0000" - filesystem
quote "SETENV mtd1,0x90010090,0x90090000" - kernel
quote "SETENV mtd2,0x90000000,0x90010000" - bootloader (adam2 mostly)
quote "SETENV mtd3,0x903f0000,0x90400000" - configuration
quote "SETENV mtd4,0x90010090,0x903f0000" - this just covers filesystem/kernel

(p.s. the extra , is no mistake, I think it's needed)

Another way to set these environment variables and upload the firwmare is to use CICLAMAB 3.7.9 (NOT 3.8.0 or 3.8.1 both crash), it does the same thing but has a nice GUI, you need to have your LAN IP as 10.8.8.1, router off and then run CICLAMAB, click no, click no, click on partitions, go to D-Link DSL-50xT v2, click setup, click cancel to return to previous screen, select your firmware, click on connection, power on modem, if your bootloader is detected you can click on 'execute' and you should see the following:

00:57:26  - Connection to "BootLoader" in progress...
00:57:27 x- < 220 ADAM2 FTP Server ready.
00:57:27  - 220 ADAM2 FTP Server ready.
00:57:27  - Connection to "BootLoader" done!
00:57:27  - USER adam2
00:57:27 x- < 331 Password required for adam2.
00:57:27  - 331 Password required for adam2.
00:57:27  - PASS adam2
00:57:27 x- < 230 adam2 logged in.
00:57:27  - 230 adam2 logged in.
00:57:27  -
00:57:27  - ---------------------------------------------------------
00:57:27  - modem/router info:
00:57:27 x- GETENV flashsize
00:57:27 x- < flashsize             0x00400000
200 GETENV successful
00:57:27  - bootloaderType         ADAM2
00:57:27 x- GETENV bootloaderVersion
00:57:27 x- < bootloaderVersion     0.22.02
200 GETENV successful
00:57:27  - bootloaderVersion     0.22.02
00:57:27  - flashsize             0x00400000 (4 Mb)
00:57:27 x- GETENV usb_prod
00:57:27 x- < usb_prod              N/A
200 GETENV successful
00:57:27  - usb_prod              N/A
00:57:27 x- GETENV mtd0
00:57:27 x- < mtd0                  0x90091000,0x903f0000
200 GETENV successful
00:57:27  - mtd0                  0x90091000,0x903f0000
00:57:27 x- GETENV mtd1
00:57:27 x- < mtd1                  0x90010090,0x90090000
200 GETENV successful
00:57:27  - mtd1                  0x90010090,0x90090000
00:57:27 x- GETENV mtd2
00:57:27 x- < mtd2                  0x90000000,0x90010000
200 GETENV successful
00:57:27  - mtd2                  0x90000000,0x90010000
00:57:27 x- GETENV mtd3
00:57:27 x- < mtd3                  0x903f0000,0x90400000
200 GETENV successful
00:57:27  - mtd3                  0x903f0000,0x90400000
00:57:27 x- GETENV mtd4
00:57:27 x- < mtd4                  0x90010000,0x903f0000
200 GETENV successful
00:57:27  - mtd4                  0x90010000,0x903f0000
00:57:37 x- Transferring file:
00:57:37 x-       Firmware: D:\FTP\software\ckz_XZ7X\DLinkAU_DSL-502T_singleimage_kernel_fs_V2.00B06.AU_20060808
Inputted parameters:
   - Autoload on
   - Partitioning mtd0, mtd1 and mtd3 for D-Link DSL-50xT/604T/G604T v2
   To start the session:
00:57:45  - ---------------------------------------------------------
00:57:45  - The partitions are already of the required size.
00:57:45  - SETENV autoload,1
00:57:45 x- < 200 SETENV successful
00:57:45  - 200 SETENV successful
00:57:45  - TYPE I
00:57:45 x- < 200 Type set to I.
00:57:45  - 200 Type set to I.
00:57:45  - MEDIA FLSH
00:57:45 x- < 200 media set to FLASH
00:57:45  - 200 media set to FLASH
00:57:45  - Creating "mtd4" variable.
00:57:45  - SETENV mtd4,0x90010000,0x903f0000
00:57:45 x- < 200 SETENV successful
00:57:45  - 200 SETENV successful
00:57:45  - PASV
00:57:45 x- < 227 Entering Passive Mode (192,168,0,1,243,72).
00:57:45  - 227 Entering Passive Mode (192,168,0,1,243,72).
00:57:46  - Deleting partition "mtd4" in progress...
00:57:46 x- STOR single mtd4
00:58:18 x- < 150 Opening BINARY mode.
00:58:18 x- Erase time: 00' 32.27"
00:58:18 x- Nr. of blocks to send: 527
00:58:44 x- Transfer time: 00' 26.01"
00:58:44 x- < 226 Transfer complete.
00:58:44  - 226 Transfer complete.
00:58:44  - REBOOT

Ok so, power cycle the router and it should now work... lights should come on after 30 secs or so.

THE END!

Some extraneous information:

If you want to upload a custom OpenWRT firmware you will need to have a deeper understanding on the way the router works.

The single combined firmware is divided as so:

HEX
0-90 header
90-80FFF kernel with padded 0s at the end
81000-20EFFF filesystem with padded 0s
20F000-20F007 checksum for the entire file made with TICHKSUM (8 Bytes)

Please remember that a hex number is 4 bits, so each byte contains 2 hex numbers, this means 8 bytes = 16 hex numbers.

The TICHKSUM is not a standard 4 Byte CRC32 or 8 Byte CRC64, it is firstly a fixed set of 8 hex numbers 23DE53C4 (magic numbers) and then an 8 hex checksum such as:

23DE53C4 07D74626

Ok so.. what am I getting at here?

Well, if you compile the openwrt trunk and examine the ar7 firmware with a hex editor you will see that the squashfs.bin uses totally different mappings, openwrt does not waste space by padding to boundaries with extra 0s.

Openwrt is usually
0-x kernel
x-eof squashfs

so for this file system to boot, you will need to find the hex values of the start of the squashfs filesystem (use ghex under linux or XVI under windows) and search for 'hsq' this signifies the start of the squashfs. Now adjust mtd0 and mtd1 variables accordingly.

You also need to add a checksum to the end of the file by running ./tichksum under Linux or by compiling tichksum under windows.

TICHKSUM can be found in the DSL-502T source code.

--------

Note, if you compile your firmware and upload it and the DMZ lights stays on, this means your kernel has died You need a serial cable to work out how to fix it... as for me... I have no serial cable and no urge to work it out, so back to the default fw for me as SVN trunk 5109 wouldn't compile

(For anyone who tries to use ndbs march ar7 firmware, no lights go on at all for me with this)

(Last edited by Z3r0 on 15 Oct 2006, 16:54)

I have a few question.

I have checked out the whilte russian and also kamekaze. The whiterussian has no mention of compiiling for AR7 processor, so I supposed compiling for DLINK AR7 is only starting at Kamekaze ?

The second question I have is I have checked out Kamekaze r5157 and compiiled for AR7 processor, I got knocked out at this point :-

    make[6] -C target/linux/ar7-2.4 modules
   Build failed. Please re-run make with V=99 to see what's going on

After debugging then I hacked  ~/trunk/target/linux/ar7-2.4/Makefile to remove the extra '-' at the back of the TAR_OPTIONS, is it as expected ?

Next I managed to proceed with everything and finally produced ~trunk/bin/openwrt-ar7-2.4-squashfs.bin. However, when I proceed to look for hsq string,  I don't understand the part adjusting the mtd0 and mtd1, because I could not find anything looks like mtd0 and mtd1, and also I don't know what to set even if I could find it.

Finally, regarding t1chksum source code, it's meantioned that I could find it "in the DSL-502T source code". Where it is supposed to be ?

Sorry this should probably be posted to Kamekaze, but I have to replly to the original post, so I am posting here to catch the original poster's attention.

Thank you for making these information available.

Best regards.

edit: You may need to do quote "SETENV MAC_PORT,1" or mac_port,1 to get the ethernet connection to work correctly! for more info see this: https://dev.openwrt.org/ticket/763

Firstly I will just post this log then reply to your question, luckily for me the firmware was fixed between rev 5109 and 5174, I think it was due to DHCP not working properly as mentioned by a dg834 user in trac

root@ZPC:/home/z/trunk/bin# dhclient eth0
There is already a pid file /var/run/dhclient.pid with pid 25053
killed old client process, removed PID file
Internet Systems Consortium DHCP Client V3.0.4
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

wmaster0: unknown hardware address type 801
wmaster0: unknown hardware address type 801
Listening on LPF/eth0/00:01:6c:a6:05:93
Sending on   LPF/eth0/00:01:6c:a6:05:93
Sending on   Socket/fallback
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 18
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 18
DHCPOFFER from 192.168.1.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
bound to 192.168.1.111 -- renewal in 16800 seconds.
root@ZPC:/home/z/trunk/bin# telnet 192.168.1.111
Trying 192.168.1.111...
telnet: Unable to connect to remote host: Connection refused
root@ZPC:/home/z/trunk/bin# telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
=== IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
------------------------------------------

BusyBox v1.2.1 (2006.10.17-01:23+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
|       |.-----.-----.-----.|  |  |  |.----.|  |_
|   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
|_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
KAMIKAZE (bleeding edge, r5174) -------------------
  * 10 oz Vodka       Shake well with ice and strain
  * 10 oz Triple sec  mixture into 10 shot glasses.
  * 10 oz lime juice  Salute!
---------------------------------------------------
root@OpenWrt:/#

(Last edited by Z3r0 on 19 Oct 2006, 09:33)

White Russian does not have AR7 support, Kamikaze can be downloaded from the svn trunk folder

svn co https://svn.openwrt.org/openwrt/trunk

or you can get a specific revision with

svn -r 5174 co https://svn.openwrt.org/openwrt/trunk

with the compile error, go into rules.mk and go to the second tar options and remove the -

then continue compiling and when it stops again, then go back into rules.mk and add the - again

then continue compiling

ok, now, when you are trying to upload the firmware you need to remember this.

this explanation regarding the memory mapping of the firmware could get confusing so bear with me

when you flash with the d-link singleimage.bin firmware you are flashing mtd4 and avoiding mtd2 and mtd3.

mtd4 covers mtd0 and mtd1 (fs and kernel)

with the dlink firmware they always pad the extra space between the kernel and filesystem to the existing mtd0/mtd1 boundaries, but with openwrt it removes the extra space between the fs and kernel so you need to adjust your mtd0/1 boundaries.

get ghex2 and open up openwrt-ar7-2.4-squashfs.bin the kernel starts from the beginning of the file and by searching for the string hsqs or hex 68 73 71 73 I can find that the squashfs filesystem starts from (in my case) 0x900750E0

now I just adjust my memory mappings by using the adam2 ftp so that I have

mtd0,0x900850E0,0x9003f0000 (fs)
mtd1,0x90010000,0x900850E0 (note I added 10000) (kernel)
mtd2,0x90000000,0x90010000 (adam2 unchanged)
mtd3,0x9003f000,0x90040000 (config) (unused by openwrt now, only used by adam2)
mtd4,0x90010000,0x9003f000)

You need to add a checksum to the end of the bin file for it to upload correctly.

You need to get the source code from dlink for the 502T and then find the tichksum probably in the scripts folder and compile

Here is some more info

<4>CPU revision is: 00018448
<4>Primary instruction cache 16kB, physically tagged, 4-way, linesize 16 bytes.
<4>Primary data cache 16kB, 4-way, linesize 16 bytes.
<4>Linux version 2.4.32 (root@ZPC) (gcc version 3.4.6 (OpenWrt-2.0)) #2 Tue Oct 17 11:29:52 EST 2006
<4>Determined physical RAM map:
<4> memory: 00020000 @ 14000000 (ROM data)
<4> memory: 00fe0000 @ 14020000 (usable)
<4>On node 0 totalpages: 4096
<4>zone(0): 4096 pages.
<4>zone(1): 0 pages.
<4>zone(2): 0 pages.
<4>Kernel command line: root=/dev/mtdblock2 rootfstype=squashfs,jffs2 init=/etc/preinit noinitrd console=ttyS0,38400
<7>set_except_vector: using long jump via k0 to reach 94025200
<4>the pacing pre-scalar has been set as 600.
<7>set_except_vector: using long jump via k0 to reach 94151f40
<4>Using 75.000 MHz high precision timer.
<4>Calibrating delay loop... 149.91 BogoMIPS
<6>Memory: 14292k/16384k available (1346k kernel code, 2092k reserved, 92k data, 72k init, 0k highmem)
<6>Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
<6>Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
<6>Mount cache hash table entries: 512 (order: 0, 4096 bytes)
<6>Buffer cache hash table entries: 1024 (order: 0, 4096 bytes)
<4>Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
<4>Checking for 'wait' instruction...  available.
<4>POSIX conformance testing by UNIFIX
<6>Linux NET4.0 for Linux 2.4
<6>Based upon Swansea University Computer Society NET3.039
<4>Initializing RT netlink socket
<4>Starting kswapd
<6>devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
<6>devfs: boot_options: 0x1
<5>JFFS2 version 2.1. (C) 2001 Red Hat, Inc., designed by Axis Communications AB.
<6>squashfs: version 3.0 (2006/03/15) Phillip Lougher
<4>pty: 256 Unix98 ptys configured
<6>Serial driver version 5.05c (2001-07-08) with no serial options enabled
<6>ttyS00 at 0xa8610e00 (irq = 15) is a 16550A
<6>ttyS01 at 0xa8610f00 (irq = 16) is a 16550A
<4>VLYNQ INIT FAILED: Please try cold reboot.
<4>Vlynq CONFIG_AR7_VLYNQ_PORTS=2
<4>Vlynq Device vlynq0 registered with minor no 63 as misc device. Result=0
<4>VLYNQ 0 : init failed
<4>Vlynq Device vlynq1 registered with minor no 62 as misc device. Result=0
<4>VLYNQ 1 : init failed
<6>ar7_wdt: last system reset initiated by hardware reset
<7>ar7_wdt: disabling watchdog timer
<6>ar7_wdt: timer margin 59 seconds (prescale 65535, change 57180, freq 62500000)
<5>ar7 flash device: 0x400000 at 0x10000000.
<5> Amd/Fujitsu Extended Query Table v3.3 at 0x0040
<5>number of CFI chips: 1
<5>cfi_cmdset_0002: Disabling fast programming due to code brokenness.
<4>Parsing ADAM2 partition map...
<4>Looking for mtd device :mtd0:
<4>Found a mtd0 image (0x850e0), with size (0x36af20).
<4>Assuming default rootfs offset of 0x850e0
<4>Looking for mtd device :mtd1:
<4>Found a mtd1 image (0x10000), with size (0x750e0).
<4>Looking for mtd device :mtd2:
<4>Found a mtd2 image (0x0), with size (0x10000).
<4>Assuming adam2 size of 0x10000
<4>Looking for mtd device :mtd3:
<4>Found a mtd3 image (0x3f0000), with size (0x10000).
<4>Looking for mtd device :mtd4:
<4>Found a mtd4 image (0x10000), with size (0x3e0000).
<4>Setting new rootfs offset to 000850e0
<4>Squashfs detected (size = 0xb0085154)
<5>Creating 5 MTD partitions on "Physically mapped flash":
<5>0x00000000-0x00010000 : "adam2"
<5>0x00010000-0x003f0000 : "linux"
<5>0x000850e0-0x00180000 : "rootfs"
<4>mtd: partition "rootfs" doesn't start on an erase block boundary -- force read-only
<5>0x003f0000-0x00400000 : "config"
<5>0x00180000-0x003f0000 : "OpenWrt"
<6>Initializing Cryptographic API
<6>NET4: Linux TCP/IP 1.0 for NET4.0
<6>IP Protocols: ICMP, UDP, TCP, IGMP
<6>IP: routing cache hash table of 512 buckets, 4Kbytes
<6>TCP: Hash tables configured (established 1024 bind 2048)
<4>ip_conntrack version 2.1 (5953 buckets, 5953 max) - 360 bytes per conntrack
<4>ip_tables: (C) 2000-2002 Netfilter core team
<6>NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
<6>NET4: Ethernet Bridge 008 for NET4.0
<6>802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
<6>All bugs added by David S. Miller <davem@redhat.com>
<4>VFS: Mounted root (squashfs filesystem) readonly.
<6>Mounted devfs on /dev
<4>Preserving ADAM2 memory.
<6>Freeing unused kernel memory: 72k freed
<4>Algorithmics/MIPS FPU Emulator v1.5
<4>jffs2.bbc: SIZE compression mode activated.
<4>Using the MAC with internal PHY
<4>Cpmac driver is allocating buffer memory at init time.
<4>Using the MAC with internal PHY
<4>Cpmac driver Disable TX complete interrupt setting threshold to 20.
<4>registered device TI Avalanche SAR
<4>Initializing DSL interface
<4>size=27008
<4>size=26144
<4>size=26624
<4>size=24704
<4>size=21152
<4>dsl modulation = GLITE
<4>Texas Instruments ATM driver: version:[4.02.04.00]

cat /proc/cpuinfo
system type             : Texas Instruments AR7
processor               : 0
cpu model               : MIPS 4KEc V4.8
BogoMIPS                : 149.91
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 16
extra interrupt vector  : yes
hardware watchpoint     : yes
VCED exceptions         : not available
VCEI exceptions         : not available
root@OpenWrt:~#

cat /proc/meminfo
Mem:  14708736  7778304  6930432        0   872448  2486272
Swap:        0        0        0
MemTotal:        14364 kB
MemFree:          6768 kB
MemShared:           0 kB
Buffers:           852 kB
Cached:           2428 kB
SwapCached:          0 kB
Active:           1988 kB
Inactive:         1304 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:        14364 kB
LowFree:          6768 kB
SwapTotal:           0 kB
SwapFree:            0 kB

cat /proc/modules
tiatm                 113524   0 (unused)
atm                    35928   0 [tiatm]
avalanche_cpmac        67768   1

Okay I think I understand what you are talking about now. Right now I am working on getting tichksum and I will come back to the flashing portion later.

I am actually interested to flash a DSL-500T. If you were to make an "educated guess" on it, do you think DSL-500T will work the same as 502T ( in respect of the flashing portion ) ?

Again, thanks for making this info available.

Cheers.

should work fine

If you want to know what your memory mappings are... download the 500T firmware.exe and execute it.. go to c:\documents and settings\myname\local settings\temp and find where it extracted, then open up the tiupgrade.scp

Also check that your flash chip is listed on the wrt54g utility in case you need to recover the unit

http://wiki.openwrt.org/OpenWrtDocs/Har … k/DSL-502T

For some more concise and clearer information

(Last edited by Z3r0 on 17 Oct 2006, 08:12)

I did all those things but I could not find any file with the name tiupgrade.scp.
By the way this is where I got the firmware :-

         http://www.dlink.com.ph/products/suppor … 0#firmware

Since I am in Malaysia, I tested only the MA version. Also I don't have a hardware yet ( I am checking if all these are going to work first before I am purchasing it ), so I only run the program  'DSL-500T_MAupgrade.exe' up to the point where it prompts me for device IP and password.

By the way I have compiled the program tichksum. So now sorting out the memory map is the only thing in the way of me doing an upgrade.

Regards

You are right, here is the simpler way of getting the mtd mappings lol

Just plug your router into your PC and do this

power off the router
change your IP to 10.8.8.1

ftp 10.8.8.8 21
quote "PRINTENV"

or you can try

quote "GETENV mtd0"

also: I can't get the adsl interface up atm only ethernet

see here on how to get ADSL to work with PPPoE (it's a similar process for PPPoA with this router)
http://forum.openwrt.org/viewtopic.php?pid=35563#p35563

(Last edited by Z3r0 on 17 Oct 2006, 16:54)

Urh thank you so much. Doing these will boost up my confidence. I really don't want
to mess up my hardware and then having to get into JTAG stuff since I am not very much a hardware person.

Looks like the only thing in the way now is the hardware.

Cheers.

Sorry to seem endless in this topic but I am looking through the Kamikaze distribution, there is a file called scripts/adam2flash.pl; perhaps someone might want to check if it has automated all these things mentioned here.

Regards.

Yeah I know about adam2flash

I tried it but it doesn't work as I think it looks for a UDP packet on port 5035? when adam2 comes up and it says it can't detect mine... I did find that if I manually set the IP in the file it would connect and then die... I don't know enough to get it working unfortunately

If you read the source code you'll see it does basically the same thing you can do manually

Ok understandable. Perl is not my cup of tea too. My wishing thinking was that if the script works, then it will save me the trouble and getting into mistakes with numbers.

There is this additional info I found after searching the web :-

       http://seattlewireless.net/?ADAM2

Cheers.

Hi Z3r0,
can you give the pin out of second serial port on Dlink dsl-xxxT.

I'm not too sure, but it could be a Vlynq interface?

http://www.xilinx.com/bvdocs/ipcenter/d … _ds324.pdf

(Last edited by Z3r0 on 6 Dec 2006, 08:48)

I downloaded the file it says:

An external VLYNQ serial interface may have as few as 3 pins (1 Tx, 1 Rx,
and 1 clock) and as many as 10 pins (4 Tx, 4 Rx, 1 clock, and 1 power management) for maximum
bandwidth.

but as i discovered out of 10 pins there are 2 pins connected to 3.3v and 0v respectively, 2 pins are not connected anywhere and the rest pins carrying the signal.

any more clu out there?

UPDATES

Checked all the pins by sending very long file to the /dev/tts/1 and checked for any voltage level change but not get succeeded in finding the TX pin. So I assume that 2nd serial port will not be available at all.

(Last edited by santosh0705 on 7 Jan 2007, 03:25)

i had found this from this thread
http://ftp.iasi.roedu.net/mirrors/openwrt.org/utils/
my question is now, where the heck is the skynet 4 linux?  i really dont want to wine it and would rather have native support for generating cfe images.  i see that he flashes a coustom cfe, but where the heck did he get it from?

sorry for diging up such an old thread, i only felt that the subject was related.