Any hope for A series (A40/A60)? #5
Comments
|
Hi @zeroping, Do you have serial console access to this device? Are you able to provide flash dump? Cheers, |
|
I have physical access to the serial console, but it doesn't look like that does me much good - the That said, I have surface-mount soldering equipment, and there's an MX25L12835FMI SPI flash in a nice big 16-SOIC package on the board.... Edit: and yes, it asks for the .sig file over TFTP. |
Could you make a simple test, feed it with 128 MB size .sig file over TFTP and check how much data is loaded? I'm curious if A40/A60 has this fix: https://source.codeaurora.org/quic/qsdk/oss/boot/u-boot-1.1.4/commit/?h=1.1&id=335640eda6d920fe23534ce1db5d8f05d8b5014c |
|
First off, just to post more info on the behavior: And here's my attempt to use this unlocker tool (with the A60 bootloader): There's some notable differences vs your blog post. om5p: A60: Does that mean that I'm awfully close, and we just need a little tweaking for changed addresses? |
No, it seems they fixed bootloader and tftp upload is now limited: |
|
I hope to get a flash dump as soon as I get the correct JTAG hardware working, hopefully within a week. |
|
@zeroping Have you solved the problem about A60 series? |
|
I've managed to get my A60 messed up to the point that it doesn't make it to the bootloader, and I can't get back into it with JTAG. I'm not 100% sure what I've done, and there's a fair chance it's partly due to my JTAG setup being iffy, but it might be fatal. I had control of the bootloader before everything went sideways, and was working on getting an OpenWRT system image flashed to it. I've been putting off working on it, but I suspect I'll end up having to de-solder the flash and dump it to figure out what happened. I'm hoping to try some different JTAG hardware first (this weekend perhaps), in case there's any chance of not having to de-solder parts. |
|
OK. Hope you find out the reason.
Btw, the devices in my hand are A62 router. I thought it may be similar with A60, but actually they're different platforms.
And fortunately, I've already got a way to install a custom firmware on A62.
Regards,
Yongsheng
From: Scott G
Date: 2018-11-07 11:38
To: true-systems/om5p-ac-v2-unlocker
CC: LINZZG; Comment
Subject: Re: [true-systems/om5p-ac-v2-unlocker] Any hope for A series (A40/A60)? (#5)
I've managed to get my A60 messed up to the point that it doesn't make it to the bootloader, and I can't get back into it with JTAG. I'm not 100% sure what I've done, and there's a fair chance it's partly due to my JTAG setup being iffy, but it might be fatal. I had control of the bootloader before everything went sideways, and was working on getting an OpenWRT system image flashed to it.
I've been putting off working on it, but I suspect I'll end up having to de-solder the flash and dump it to figure out what happened. I'm hoping to try some different JTAG hardware first (this weekend perhaps), in case there's any chance of not having to de-solder parts.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
I found a way to flash openwrt without unlocking uboot. You have to open the device and short 2 pins on the flash memory chip at the right time. Chip select and data out. On my a60 it's pins 7-8 but check the data sheet for the memory chip to be sure. I stumbled on the idea here
|
|
thanks ack100 When you say 'get timing right' will there be any indications over serial? |
|
oh thanks again, but I have the Datto version and don't have the option to access the new dashboard and therefore no ssh access |
|
Just to leave the update here for others: I actually gave up on my A60 after I fried something during a swap of the flash IC. I eventually found happiness with the Edge-core ECW7210 with swapped-out mini-pcie wireless cards (a QCA9880 and an AR93xx). It has very similar specs to the A60, including the PoE and dual-ethernet, so it works just great as a home NAT router. I think the internal antenna design is nice too. Since it's otherwise abandoned hardware, they are occasionally cheap on eBay. My work getting it running openwrt (which I need to follow up on...): openwrt/openwrt#2660 |
|
HI! Any progress on this? On top of that I don't have the device on Cloudtax as it's been registered by someone else who disappeared. Any clue on what my options are now? |
Excellent! Worked fine on an A42:
Eeprom is a Winbond 25Q256JVFQ. Looking at the cli feedback it really is just a matter of shorting Data Out somewhere; it can't send the requests back to the flash tool then. Kept DO shorted while booting and connected to the flash tool. No issues with timing that way. Bought four of these used and original firmware was official 6.4.7 (or a bit later), flashed official latest 6.5.3 and finally OpenWrt 22.03.5. Desoldered the eeproms and made full dumps of the versions: OpenWrt has stock settings. Only logged in once to verify it was operational and kept root pw blank. |
This worked on my A62.
|
I notice that we have the source to build a uboot image for the A series devices.
true-systems/openmesh-gpl-u-boot@bfd80b8
Is there any hope for unlocking an A60? It appears to be locked down in the same way, but I wasn't able to get this unlocker to work.
The text was updated successfully, but these errors were encountered: