aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/flashing
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/flashing')
-rwxr-xr-xscripts/flashing/adam2flash-502T.pl342
-rwxr-xr-xscripts/flashing/adam2flash-fritzbox.pl209
-rwxr-xr-xscripts/flashing/adam2flash.pl174
-rwxr-xr-xscripts/flashing/adsl2mue_flash.pl170
-rwxr-xr-xscripts/flashing/flash.sh66
-rwxr-xr-xscripts/flashing/jungo-image.py283
6 files changed, 1244 insertions, 0 deletions
diff --git a/scripts/flashing/adam2flash-502T.pl b/scripts/flashing/adam2flash-502T.pl
new file mode 100755
index 0000000..0c4c9d7
--- /dev/null
+++ b/scripts/flashing/adam2flash-502T.pl
@@ -0,0 +1,342 @@
+#!/usr/bin/env perl
+#
+# D-Link DSL-502T flash utility
+#
+# Copyright (c) 2007 Oliver Jowett <oliver@opencloud.com>
+#
+# Based on adam2flash.pl for the D-Link DSL-G6x4T, which is:
+# Copyright (C) 2005 Felix Fietkau <mailto@nbd.name>
+# based on fbox recovery util by Enrik Berkhan
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+# The default DSL-502T mtd map looks like this:
+#
+# mtd0 0x90091000,0x903f0000 # filesystem
+# mtd1 0x90010090,0x90091000 # kernel
+# mtd2 0x90000000,0x90010000 # bootloader - DO NOT MODIFY
+# mtd3 0x903f0000,0x90400000 # config space - DO NOT MODIFY
+# mtd4 0x90010000,0x903f0000 # firmware signature + kernel + filesystem, used to flash new firmware
+#
+# i.e. the flash layout is:
+#
+# 90000000-9000FFFF mtd2 bootloader
+# 90010000-9001008F ---- firmware signature )
+# 90010090-90090FFF mtd1 kernel ) mtd4 spans these three regions
+# 90091000-903EFFFF mtd0 filesystem )
+# 903F0000-903FFFFF mtd3 config space
+#
+# The ADAM2 bootloader uses the mtd1 settings to find the start of the image to boot.
+# The image to load contains information about the loadable size of the image. If ADAM2 sees
+# that the image appears to extend beyond the end of mtd1, it will refuse to load it. On
+# the DSL-502T, this manifests as the USB light blinking rapidly on boot.
+#
+# The OpenWRT kernel does not follow quite the same layout:
+# (a) it does not have a 0x90-byte firmware signature prefix
+# (b) it is larger than the default mtd1 size
+#
+# (a) would be avoidable (build a custom image with a 0x90-byte prefix) but (b) is unavoidable.
+# So we *have* to change mtd1. The simplest thing to do seems to make it span all of
+# the flashable area, producing this layout:
+#
+# mtd0 0x90091000,0x903f0000 # filesystem
+# mtd1 0x90010000,0x903f0000 # kernel (CHANGED)
+# mtd2 0x90000000,0x90010000 # bootloader - DO NOT MODIFY
+# mtd3 0x903f0000,0x90400000 # config space - DO NOT MODIFY
+# mtd4 0x90010000,0x903f0000 # kernel + filesystem, used to flash new firmware
+#
+# *** NOTE NOTE NOTE NOTE ***
+#
+# /dev/mtd0 .. /dev/mtd4 when using OpenWRT do **NOT** correspond to the ADAM2 mtd0-4 settings!
+# Instead, OpenWRT scans the MTD itself and determines its own boundaries which are arranged
+# quite differently to ADAM2. It will look something like this, see dmsg on boot:
+#
+# (/dev/mtd0) 0x00000000-0x00010000 : "loader" # Bootloader, read-only
+# (/dev/mtd1) 0x003f0000-0x00400000 : "config" # Config space
+# (/dev/mtd2) 0x00010000-0x003f0000 : "linux" # Firmware area (kernel + root fs + JFFS area)
+# (/dev/mtd3) 0x000d0d58-0x003f0000 : "rootfs" # Root FS, starts immediately after kernel
+# (/dev/mtd4) 0x00280000-0x003f0000 : "rootfs_data" # If rootfs is squashfs, start of JFFS area.
+#
+# All of those boundaries are autodetected by examining the data in flash.
+#
+# *** NOTE NOTE NOTE NOTE ***
+
+use IO::Socket::INET;
+use Socket;
+use strict;
+use warnings;
+
+sub usage() {
+ print STDERR "Usage: $0 <ip> [-setmtd1] [-noflash] [firmware.bin]\n\n";
+ print STDERR "Acquires the ADAM2 bootloader of a D-Link DSL-504T at <ip>\n";
+ print STDERR "Power off the device, start this script, then power it on.\n";
+ print STDERR "<ip> may be any spare address on the local subnet.\n\n";
+ print STDERR "If a firmware file is specified, MTD settings are verified and\n";
+ print STDERR "then the firmware is written to the router's flash.\n";
+ print STDERR "The firmware type (D-Link or OpenWRT) is automatically detected.\n\n";
+ print STDERR " -setmtd1 update mtd1 if it is not the appropriate value for this firmware\n";
+ print STDERR " -noflash does normal checks, updates mtd1 if requested, but does not actually write firmware\n\n";
+ exit 0;
+}
+
+my $ip = shift @ARGV;
+$ip and $ip =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/ or usage();
+
+my $probe = IO::Socket::INET->new(Proto => 'udp',
+ Broadcast => 1,
+ LocalPort => 5035) or die "socket: $!";
+my $setip = unpack("N", inet_aton($ip));
+$setip > 0 or usage();
+
+my @packets;
+foreach my $ver ([18, 1], [22, 2]) {
+ push @packets, pack("vCCVNV", 0, @$ver, 1, $setip, 0);
+}
+print STDERR "Looking for device: ";
+my $broadcast = sockaddr_in(5035, INADDR_BROADCAST);
+my $scanning;
+my $box;
+
+$SIG{"ALRM"} = sub {
+ return if --$scanning <= 0;
+ foreach my $packet (@packets) {
+ $probe->send($packet, 0, $broadcast);
+ }
+ print STDERR ".";
+};
+
+$scanning = 15;
+foreach my $packet (@packets) {
+ $probe->send($packet, 0, $broadcast);
+}
+print STDERR ".";
+
+while($scanning) {
+ my $reply;
+
+ alarm(1);
+ if (my $peer = $probe->recv($reply, 16)) {
+ next if (length($reply) < 16);
+ my ($port, $addr) = sockaddr_in($peer);
+ my ($major, $minor1, $minor2, $code, $addr2) = unpack("vCCVV", $reply);
+ $addr2 = pack("N", $addr2);
+ if ($code == 2) {
+ $scanning = 0;
+ printf STDERR " found!\nADAM2 version $major.$minor1.$minor2 at %s (%s)\n", inet_ntoa($addr), inet_ntoa($addr2);
+ $box = inet_ntoa($addr);
+ }
+ }
+}
+
+$box or die " not found!\n";
+
+alarm(0);
+
+{
+ package ADAM2FTP;
+ use base qw(Net::FTP);
+
+ # ADAM2 requires upper case commands, some brain dead firewall doesn't ;-)
+ sub _USER {
+ shift->command("USER",@_)->response()
+ }
+
+ sub _GETENV {
+ my $ftp = shift;
+ my ($ok, $name, $value);
+
+ $ftp->command("GETENV",@_);
+ while(length($ok = $ftp->response()) < 1) {
+ my $line = $ftp->getline();
+ unless (defined($value)) {
+ chomp($line);
+ ($name, $value) = split(/\s+/, $line, 2);
+ }
+ }
+ $ftp->debug_print(0, "getenv: $value\n")
+ if $ftp->debug();
+ return $value;
+ }
+
+ sub getenv {
+ my $ftp = shift;
+ my $name = shift;
+ return $ftp->_GETENV($name);
+ }
+
+ sub _REBOOT {
+ shift->command("REBOOT")->response() == Net::FTP::CMD_OK
+ }
+
+ sub reboot {
+ my $ftp = shift;
+ $ftp->_REBOOT;
+ $ftp->close;
+ }
+}
+
+my $file;
+my $arg;
+my $noflash = 0;
+my $setmtd1 = 0;
+while ($arg = shift @ARGV) {
+ if ($arg eq "-noflash") { $noflash = 1; }
+ elsif ($arg eq "-setmtd1") { $setmtd1 = 1; }
+ else { $file = $arg; }
+}
+
+if (!$file) {
+ print STDERR "No firmware file specified, exiting.\n";
+ exit 0;
+}
+
+#
+# Firmware checks
+#
+
+open FILE, "<$file" or die "can't open firmware file\n";
+
+# D-Link firmware starts with "MTD4" little-endian, then has an image header at 0x90
+# OpenWRT firmware just starts with an image header at 0x00
+
+my $signature;
+my $sbytes = read FILE, $signature, 4;
+($sbytes == 4) or die "can't read firmware signature: $!";
+
+my $expectedmtd4 = "0x90010000,0x903f0000";
+my $fwtype;
+my $expectedmtd1;
+
+if ($signature eq "4DTM") {
+ seek FILE, 0x90, 0 or die "can't read firmware signature: $!";
+ $sbytes = read FILE, $signature, 4;
+ ($sbytes == 4) or die "can't read firmware signature: $!";
+ if ($signature eq "\x42\xfa\xed\xfe") {
+ $fwtype = "D-Link (little-endian)";
+ $expectedmtd1 = "0x90010090,0x90091000";
+ } elsif ($signature eq "\xde\xad\xbe\x42") {
+ $fwtype = "D-Link (big-endian)";
+ $expectedmtd1 = "0x90010090,0x90091000";
+ }
+} elsif ($signature eq "\x42\xfa\xed\xfe") {
+ $fwtype = "OpenWRT (little-endian)";
+ $expectedmtd1 = "0x90010000,0x903f0000";
+} elsif ($signature eq "\xde\xad\xbe\x42") {
+ $fwtype = "OpenWRT (big-endian)";
+ $expectedmtd1 = "0x90010000,0x903f0000";
+}
+
+$fwtype or die "Unknown firmware signature (are you sure that's the right firmware?)";
+print STDERR "Firmware type: $fwtype\n";
+
+#
+# Bootloader login
+#
+
+print STDERR "logging into ADAM2 bootloader.. ";
+my $ftp = ADAM2FTP->new($box, Debug => 0, Timeout => 600) or die "can't open control connection\n";
+$ftp->login("adam2", "adam2") or die "can't login\n";
+print STDERR "ok.\n";
+
+#
+# Hardware checks
+#
+
+print STDERR "checking hardware.. ";
+my $prd = $ftp->getenv("ProductID");
+my $usb = $ftp->getenv("usb_prod");
+print STDERR "$prd / $usb.\n";
+($prd eq "AR7RD" || $prd eq "AR7DB") or die "doesn't look like a DSL-502T?";
+($usb eq "DSL-502T") or die "doesn't look like a DSL-502T?";
+
+#
+# MTD checks and update
+#
+
+print STDERR "checking MTD settings.. ";
+
+my $mtd4 = $ftp->getenv("mtd4");
+($mtd4 eq $expectedmtd4) or die "MTD4 was not as expected (should be '$expectedmtd4', was '$mtd4'). Cowardly refusing to do anything about it!";
+
+# check MTD1 setting and update if needed
+my $mtd1 = $ftp->getenv("mtd1");
+if ($mtd1 ne $expectedmtd1) {
+ die "MTD1 was not as expected (should be '$expectedmtd1', was '$mtd1'). Run with -setmtd1 to reset mtd1" unless ($setmtd1);
+ print STDERR "Setting mtd1.. ";
+ ($ftp->command("SETENV","mtd1,$expectedmtd1")->response() == Net::FTP::CMD_OK) or die "can't set mtd1";
+ $file = shift @ARGV;
+}
+
+print STDERR "ok.\n";
+
+#
+# Firmware size check
+#
+
+my $fwsize = (stat(FILE))[7];
+printf STDERR "Firmware size: 0x%08x\n", $fwsize;
+my $flashsize;
+$mtd4 =~ /^(0x\w+),(0x\w+)$/ and $flashsize = hex($2) - hex($1);
+printf STDERR "Available flash space: 0x%08x\n", $flashsize;
+die "firmware is too large" if ($flashsize < $fwsize);
+
+#
+# Flash it!
+#
+
+if ($noflash) {
+ print STDERR "Not flashing firmware as -noflash was specified.\n";
+ exit 0;
+}
+
+seek FILE, 0, 0, or die "can't seek in firmware: $!";
+
+print STDERR "Preparing to flash.. ";
+($ftp->command("MEDIA FLSH")->response() == Net::FTP::CMD_OK) or die "can't set MEDIA FLSH";
+$ftp->binary() or die "can't set binary mode";
+print STDERR "ok.\n";
+print STDERR "Erasing flash and establishing data connection (this may take a while): ";
+
+my $dc = $ftp->stor("fs mtd4");
+$dc or die "can't open data connection: $!\n";
+print STDERR "ok.\n";
+
+print STDERR "Writing firmware: ";
+while ($fwsize > 0) {
+ my $buffer;
+ my $len = ($fwsize > 1024 ? 1024 : $fwsize);
+
+ my $rbytes = read FILE, $buffer, $len;
+ ($rbytes < 0) and die "read error on firmware file: $!";
+ ($rbytes == $len) or die "short read on firmware file ($rbytes < $len)";
+
+ my $wbytes = $dc->write($buffer, $len, 600);
+ ($wbytes < 0) and die "write error on FTP data connection: $!";
+ ($rbytes == $wbytes) or die "short write on FTP data connection ($wbytes < $rbytes)";
+
+ $fwsize -= $len;
+ print STDERR ".";
+}
+
+$dc->close();
+print STDERR " done.\n";
+
+#
+# Reboot
+#
+
+print STDERR "Rebooting device.\n";
+$ftp->reboot();
diff --git a/scripts/flashing/adam2flash-fritzbox.pl b/scripts/flashing/adam2flash-fritzbox.pl
new file mode 100755
index 0000000..f8d745f
--- /dev/null
+++ b/scripts/flashing/adam2flash-fritzbox.pl
@@ -0,0 +1,209 @@
+#!/usr/bin/env perl
+#
+# D-Link DSL-G6x4T flash utility
+#
+# Copyright (C) 2005 Felix Fietkau <mailto@nbd.name>
+# based on fbox recovery util by Enrik Berkhan
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+use IO::Socket::INET;
+use IO::Select;
+use Socket;
+use strict;
+use warnings;
+
+sub usage() {
+ print STDERR "Usage: $0 <ip> [firmware.bin]\n\n";
+ exit 0;
+}
+
+my $ip = shift @ARGV;
+$ip and $ip =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/ or usage();
+
+my $setip = unpack("N", inet_aton($ip));
+$setip > 0 or usage();
+
+my @packets;
+foreach my $ver ([18, 1], [22, 2]) {
+ push @packets, pack("vCCVNV", 0, @$ver, 1, $setip, 0);
+}
+print STDERR "Looking for device: ";
+my $scanning;
+my $box;
+
+my $probe = IO::Socket::INET->new(Proto => 'udp',
+ Broadcast => 1,
+ LocalAddr => $ip,
+ LocalPort => 5035) or die "socket: $!";
+my $sel = IO::Select->new($probe);
+my $packet = pack("vCCVNV", 0, 18, 1, 1, 0, 0);
+my $broadcast = sockaddr_in(5035, INADDR_BROADCAST);
+
+$probe->send($packet, 0, $broadcast);
+
+
+scan_again:
+print "Looking for Fritz!Box ";
+my @boxes = ();
+my $peer;
+$scanning = 100;
+print "o";
+while($scanning) {
+ my $reply;
+ my @ready;
+
+ if (@ready = $sel->can_read(0.2)) {
+ $peer = $probe->recv($reply, 16);
+ next if (length($reply) < 16);
+ my ($port, $addr) = sockaddr_in($peer);
+ my ($major, $minor1, $minor2, $code, $addr2) = unpack("vCCVV", $reply);
+ $addr2 = pack("N", $addr2);
+ if ($code == 2) {
+ print "O";
+ push @boxes, [$major, $minor1, $minor2, $addr, $addr2];
+ $scanning = 2 if ($scanning > 2);
+ }
+ } else {
+ $scanning--;
+ if (scalar @boxes == 0) {
+ $probe->send($packet, 0, $broadcast);
+ print "o";
+ } else {
+ print ".";
+ }
+ }
+}
+
+if (scalar @boxes == 0) {
+ print " none found, giving up.\n";
+ exit 1;
+} else {
+ print " found!\n";
+}
+
+{
+ package ADAM2FTP;
+ use base qw(Net::FTP);
+ # ADAM2 requires upper case commands, some brain dead firewall doesn't ;-)
+ sub _USER { shift->command("USER",@_)->response() }
+ sub _PASV { shift->command("P\@SW")->response() == Net::FTP::CMD_OK }
+ sub _GETENV {
+ my $ftp = shift;
+ my ($ok, $name, $value);
+
+ $ftp->command("GETENV",@_);
+ while(length($ok = $ftp->response()) < 1) {
+ my $line = $ftp->getline();
+ unless (defined($value)) {
+ chomp($line);
+ ($name, $value) = split(/\s+/, $line, 2);
+ }
+ }
+ $ftp->debug_print(0, "getenv: $value\n")
+ if $ftp->debug();
+ return $value;
+ }
+ sub getenv {
+ my $ftp = shift;
+ my $name = shift;
+ return $ftp->_GETENV($name);
+ }
+ sub _REBOOT { shift->command("REBOOT")->response() == Net::FTP::CMD_OK }
+ sub reboot {
+ my $ftp = shift;
+ $ftp->_REBOOT;
+ $ftp->close;
+ }
+ sub check {
+ my $ftp = shift;
+
+ delete ${*$ftp}{'net_ftp_port'};
+ delete ${*$ftp}{'net_ftp_pasv'};
+
+ my $data = $ftp->_data_cmd('CHECK' ,@_) or return undef;
+ my $sum;
+ if (${${*$ftp}{'net_cmd_resp'}}[0] =~ /^Flash check 0x([0-9A-F]{8})/) {
+ $sum = hex($1);
+ }
+ $data->_close();
+ return $sum;
+ }
+}
+
+# passive mode geht mit Net::FTP nicht, connected zu spaet fuer ADAM2!
+my $ftp = ADAM2FTP->new($ip, Passive => 0, Debug => 0, Timeout => 600)
+ or die "can't FTP ADAM2";
+$ftp->login("adam2", "adam2") or die "can't login adam2";
+$ftp->binary();
+my $pid = $ftp->getenv('ProductID');
+my $hwrev = $ftp->getenv('HWRevision');
+my $fwrev = $ftp->getenv('firmware_info');
+my $ulrev = $ftp->getenv('urlader-version');
+
+print "Product ID: $pid\n";
+print "Hardware Revision: $hwrev\n";
+print "Urlader Revision: $ulrev\n";
+print "Firmware Revision: $fwrev\n";
+
+$ftp->hash(\*STDOUT, 64 * 1024);
+
+my $file = shift @ARGV;
+$file || exit 0;
+
+open FILE, "<$file" or die "can't open firmware file\n";
+
+my $mtd0 = $ftp->getenv("mtd0");
+my $mtd1 = $ftp->getenv("mtd1");
+my ($ksize, $fssize);
+
+$mtd1 =~ /^(0x\w+),(0x\w+)$/ and $ksize = hex($2) - hex($1);
+$mtd0 =~ /^(0x\w+),(0x\w+)$/ and $fssize = hex($2) - hex($1);
+$ksize and $fssize or die 'cannot read partition offsets';
+printf STDERR "Available flash space: 0x%08x (0x%08x + 0x%08x)\n", $ksize + $fssize, $ksize, $fssize;
+
+$ftp->command("MEDIA FLSH")->response();
+$ftp->binary();
+print STDERR "Writing to mtd1...\n";
+
+my $dc = $ftp->stor("fs mtd1");
+$dc or die "can't open data connection\n";
+my $rbytes = 1;
+
+while (($ksize > 0) and ($rbytes > 0)) {
+ my $buffer;
+ my $len = ($ksize > 1024 ? 1024 : $ksize);
+ $rbytes = read FILE, $buffer, $len;
+ $rbytes and $ksize -= $dc->write($buffer, $rbytes, 600);
+}
+
+$dc->close();
+$rbytes or die "no more data left to write\n";
+
+print STDERR "Writing to mtd0...\n";
+
+$dc = $ftp->stor("fs mtd0");
+$dc or die "can't open data connection\n";
+
+while (($fssize > 0) and ($rbytes > 0)) {
+ my $buffer;
+ my $len = ($fssize > 1024 ? 1024 : $fssize);
+ $rbytes = read FILE, $buffer, $len;
+ $rbytes and $fssize -= $dc->write($buffer, $rbytes, 600);
+}
+
+$dc->close();
+$ftp->reboot();
diff --git a/scripts/flashing/adam2flash.pl b/scripts/flashing/adam2flash.pl
new file mode 100755
index 0000000..8550f80
--- /dev/null
+++ b/scripts/flashing/adam2flash.pl
@@ -0,0 +1,174 @@
+#!/usr/bin/env perl
+#
+# D-Link DSL-G6x4T flash utility
+#
+# Copyright (C) 2005 Felix Fietkau <mailto@nbd.name>
+# based on fbox recovery util by Enrik Berkhan
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+use IO::Socket::INET;
+use Socket;
+use strict;
+use warnings;
+
+sub usage() {
+ print STDERR "Usage: $0 <ip> [firmware.bin]\n\n";
+ exit 0;
+}
+
+my $ip = shift @ARGV;
+$ip and $ip =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/ or usage();
+
+my $probe = IO::Socket::INET->new(Proto => 'udp',
+ Broadcast => 1,
+ LocalPort => 5035) or die "socket: $!";
+my $setip = unpack("N", inet_aton($ip));
+$setip > 0 or usage();
+
+my @packets;
+foreach my $ver ([18, 1], [22, 2]) {
+ push @packets, pack("vCCVNV", 0, @$ver, 1, $setip, 0);
+}
+print STDERR "Looking for device: ";
+my $broadcast = sockaddr_in(5035, INADDR_BROADCAST);
+my $scanning;
+my $box;
+
+$SIG{"ALRM"} = sub {
+ return if --$scanning <= 0;
+ foreach my $packet (@packets) {
+ $probe->send($packet, 0, $broadcast);
+ }
+ print STDERR ".";
+};
+
+$scanning = 10;
+foreach my $packet (@packets) {
+ $probe->send($packet, 0, $broadcast);
+}
+print STDERR ".";
+
+while($scanning) {
+ my $reply;
+
+ alarm(1);
+ if (my $peer = $probe->recv($reply, 16)) {
+ next if (length($reply) < 16);
+ my ($port, $addr) = sockaddr_in($peer);
+ my ($major, $minor1, $minor2, $code, $addr2) = unpack("vCCVV", $reply);
+ $addr2 = pack("N", $addr2);
+ if ($code == 2) {
+ $scanning = 0;
+ printf STDERR " found!\nADAM2 version $major.$minor1.$minor2 at %s (%s)\n", inet_ntoa($addr), inet_ntoa($addr2);
+ $box = inet_ntoa($addr);
+ }
+ }
+}
+
+$box or die " not found!\n";
+
+{
+ package ADAM2FTP;
+ use base qw(Net::FTP);
+
+ # ADAM2 requires upper case commands, some brain dead firewall doesn't ;-)
+ sub _USER {
+ shift->command("USER",@_)->response()
+ }
+
+ sub _GETENV {
+ my $ftp = shift;
+ my ($ok, $name, $value);
+
+ $ftp->command("GETENV",@_);
+ while(length($ok = $ftp->response()) < 1) {
+ my $line = $ftp->getline();
+ unless (defined($value)) {
+ chomp($line);
+ ($name, $value) = split(/\s+/, $line, 2);
+ }
+ }
+ $ftp->debug_print(0, "getenv: $value\n")
+ if $ftp->debug();
+ return $value;
+ }
+
+ sub getenv {
+ my $ftp = shift;
+ my $name = shift;
+ return $ftp->_GETENV($name);
+ }
+
+ sub _REBOOT {
+ shift->command("REBOOT")->response() == Net::FTP::CMD_OK
+ }
+
+ sub reboot {
+ my $ftp = shift;
+ $ftp->_REBOOT;
+ $ftp->close;
+ }
+}
+
+my $file = shift @ARGV;
+$file || exit 0;
+
+open FILE, "<$file" or die "can't open firmware file\n";
+my $ftp = ADAM2FTP->new($box, Debug => 0, Timeout => 600) or die "can't open control connection\n";
+$ftp->login("adam2", "adam2") or die "can't login\n";
+
+my $mtd0 = $ftp->getenv("mtd0");
+my $mtd1 = $ftp->getenv("mtd1");
+my ($ksize, $fssize);
+
+$mtd1 =~ /^(0x\w+),(0x\w+)$/ and $ksize = hex($2) - hex($1);
+$mtd0 =~ /^(0x\w+),(0x\w+)$/ and $fssize = hex($2) - hex($1);
+$ksize and $fssize or die 'cannot read partition offsets';
+printf STDERR "Available flash space: 0x%08x (0x%08x + 0x%08x)\n", $ksize + $fssize, $ksize, $fssize;
+
+$ftp->command("MEDIA FLSH")->response();
+$ftp->binary();
+print STDERR "Writing to mtd1...\n";
+
+my $dc = $ftp->stor("fs mtd1");
+$dc or die "can't open data connection\n";
+my $rbytes = 1;
+
+while (($ksize > 0) and ($rbytes > 0)) {
+ my $buffer;
+ my $len = ($ksize > 1024 ? 1024 : $ksize);
+ $rbytes = read FILE, $buffer, $len;
+ $rbytes and $ksize -= $dc->write($buffer, $rbytes, 600);
+}
+
+$dc->close();
+$rbytes or die "no more data left to write\n";
+
+print STDERR "Writing to mtd0...\n";
+
+$dc = $ftp->stor("fs mtd0");
+$dc or die "can't open data connection\n";
+
+while (($fssize > 0) and ($rbytes > 0)) {
+ my $buffer;
+ my $len = ($fssize > 1024 ? 1024 : $fssize);
+ $rbytes = read FILE, $buffer, $len;
+ $rbytes and $fssize -= $dc->write($buffer, $rbytes, 600);
+}
+
+$dc->close();
+$ftp->reboot();
diff --git a/scripts/flashing/adsl2mue_flash.pl b/scripts/flashing/adsl2mue_flash.pl
new file mode 100755
index 0000000..c206c47
--- /dev/null
+++ b/scripts/flashing/adsl2mue_flash.pl
@@ -0,0 +1,170 @@
+#!/usr/bin/perl
+#
+# Linksys ADSL2MUE Flash utility.
+#
+# Copyright (C) 2008 Alexandre Lissy <alexandrelissy@free.fr>
+# based on D-Link DSL-G6x4T flash utility by Felix Fietkau <mailto@nbd.name>
+# based on fbox recovery util by Enrik Berkhan
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+use IO::Socket::INET;
+use Socket;
+use strict;
+use warnings;
+
+sub usage() {
+ print STDERR "Usage: $0 <ip> [firmware.bin] [partition]\n\n";
+ exit 0;
+}
+
+my $ip = shift @ARGV;
+$ip and $ip =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/ or usage();
+
+my $probe = IO::Socket::INET->new(Proto => 'udp',
+ Broadcast => 1,
+ LocalPort => 5035) or die "socket: $!";
+my $setip = unpack("N", inet_aton($ip));
+$setip > 0 or usage();
+
+my @packets;
+foreach my $ver ([18, 1], [22, 2]) {
+ push @packets, pack("vCCVNV", 0, @$ver, 1, $setip, 0);
+}
+print STDERR "Looking for device: ";
+my $broadcast = sockaddr_in(5035, INADDR_BROADCAST);
+my $scanning;
+my $box;
+
+$SIG{"ALRM"} = sub {
+ return if --$scanning <= 0;
+ foreach my $packet (@packets) {
+ $probe->send($packet, 0, $broadcast);
+ }
+ print STDERR ".";
+};
+
+$scanning = 10;
+foreach my $packet (@packets) {
+ $probe->send($packet, 0, $broadcast);
+}
+print STDERR ".";
+
+while($scanning) {
+ my $reply;
+
+ alarm(1);
+ if (my $peer = $probe->recv($reply, 16)) {
+ next if (length($reply) < 16);
+ my ($port, $addr) = sockaddr_in($peer);
+ my ($major, $minor1, $minor2, $code, $addr2) = unpack("vCCVN", $reply);
+ $addr2 = pack("N", $addr2);
+ if ($code == 1) {
+ $scanning = 0;
+ printf STDERR " found!\nADAM2 version $major.$minor1.$minor2 at %s (%s)\n", inet_ntoa($addr2), inet_ntoa($addr);
+ $box = inet_ntoa($addr2);
+ }
+ }
+}
+
+$box or die " not found!\n";
+
+{
+ package ADAM2FTP;
+ use base qw(Net::FTP);
+
+ # ADAM2 requires upper case commands, some brain dead firewall doesn't ;-)
+ sub _USER {
+ shift->command("USER",@_)->response()
+ }
+
+ sub _GETENV {
+ my $ftp = shift;
+ my ($ok, $name, $value);
+
+ $ftp->command("GETENV",@_);
+ while(length($ok = $ftp->response()) < 1) {
+ my $line = $ftp->getline();
+ unless (defined($value)) {
+ chomp($line);
+ ($name, $value) = split(/\s+/, $line, 2);
+ }
+ }
+ $ftp->debug_print(0, "getenv: $value\n")
+ if $ftp->debug();
+ return $value;
+ }
+
+ sub getenv {
+ my $ftp = shift;
+ my $name = shift;
+ return $ftp->_GETENV($name);
+ }
+
+ sub _REBOOT {
+ shift->command("REBOOT")->response() == Net::FTP::CMD_OK
+ }
+
+ sub reboot {
+ my $ftp = shift;
+ $ftp->_REBOOT;
+ $ftp->close;
+ }
+}
+
+my $file = shift @ARGV;
+my $part = shift @ARGV;
+$file || exit 0;
+$part || exit 0;
+
+open FILE, "<$file" or die "can't open firmware file\n";
+my $ftp = ADAM2FTP->new($box, Debug => 0, Timeout => 600) or die "can't open control connection\n";
+$ftp->login("adam2", "adam2") or die "can't login\n";
+
+# my $mtd0 = $ftp->getenv("mtd0");
+# my $mtd1 = $ftp->getenv("mtd1");
+my $mtd4 = $ftp->getenv($part);
+# my ($ksize, $fssize);
+my ($ossize, $mtd_start, $mtd_end);
+
+# $mtd1 =~ /^(0x\w+),(0x\w+)$/ and $ksize = hex($2) - hex($1);
+# $mtd0 =~ /^(0x\w+),(0x\w+)$/ and $fssize = hex($2) - hex($1);
+$mtd4 =~ /^(0x\w+),(0x\w+)$/;
+$ossize = hex($2) - hex($1);
+$mtd_start = hex($1);
+$mtd_end = hex($2);
+$ossize and $mtd_start and $mtd_end or die 'cannot read partition offsets';
+printf STDERR "Available flash space: 0x%08x ($part: 0x%08x to 0x%08x)\n", $ossize, $mtd_start, $mtd_end;
+
+$ftp->command("MEDIA FLSH")->response();
+$ftp->binary();
+
+print STDERR "Writing to $part ...\n";
+my $dc = $ftp->stor("data $part");
+$dc or die "can't open data connection\n";
+my $rbytes = 1;
+
+while (($ossize > 0) and ($rbytes > 0)) {
+ my $buffer;
+ my $len = ($ossize > 1024 ? 1024 : $ossize);
+ $rbytes = read FILE, $buffer, $len;
+ printf STDERR ".";
+ $rbytes and $ossize -= $dc->write($buffer, $rbytes, 600);
+}
+
+printf STDERR "\nDone.\n";
+
+$dc->close();
diff --git a/scripts/flashing/flash.sh b/scripts/flashing/flash.sh
new file mode 100755
index 0000000..3499581
--- /dev/null
+++ b/scripts/flashing/flash.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+#
+# tftp flash script for wireless routers
+#
+# Copyright (C) 2004 by Oleg I. Vdovikin <oleg@cs.msu.su>
+# Copyright (C) 2005 by Waldemar Brodkorb <wbx@openwrt.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+if [ -z "$1" ] || [ ! -f $1 ] || [ -z $2 ]; then
+ echo Usage: $0 firmware vendor
+cat << EOF
+IMPORTANT:
+Notes for Linksys / Asus WL500gx router:
+ be sure you have set boot_wait to yes. Power on your router
+ after executing this script.
+
+Notes for Asus WL500g router:
+ be sure POWER led is flashing (If this is not the case
+ poweroff the device, push the reset button & power on
+ it again, then release button)
+
+1) connect your pc to the LAN port
+2) be sure your link is up and has an address in the
+ 192.168.1.0/24 address range (and not the 192.168.1.1)
+
+Notes for Toshiba router:
+ boot_wait is enabled by default on these units.
+
+1) connect your pc to any of the four LAN ports
+2) be sure your link is up and has an address in the
+ 192.168.10.1/24 address range (and not the 192.168.10.1)
+3) run this script (unit will only accept .trx images)
+4) Turn unit power on.
+
+EOF
+ exit 0
+fi
+if [ "$2" = "asus" ]; then
+echo Confirming IP address setting...
+echo -en "get ASUSSPACELINK\x01\x01\xa8\xc0 /dev/null\nquit\n" | tftp 192.168.1.1
+echo Flashing 192.168.1.1 using $1...
+echo -en "binary\nput $1 ASUSSPACELINK\nquit\n" | tftp 192.168.1.1
+echo Please wait until leds stops flashing.
+elif [ "$2" = "linksys" ]; then
+echo Flashing 192.168.1.1 using $1...
+echo -en "rexmt 1\ntrace\nbinary\nput $1\nquit\n" | tftp 192.168.1.1
+echo Please wait until power led stops flashing. Do not poweroff! Then you can login via telnet 192.168.1.1.
+elif [ "$2" = "toshiba" ]; then
+echo Flashing 192.168.10.1 using $1...
+echo -en "rexmt 1\ntrace\nbinary\nput $1\nquit\n" | tftp 192.168.10.1
+echo Unit will automatically reboot within 5 minutes. Do not power off. Then you can login via telnet 192.168.10.1.
+fi
diff --git a/scripts/flashing/jungo-image.py b/scripts/flashing/jungo-image.py
new file mode 100755
index 0000000..9947e7c
--- /dev/null
+++ b/scripts/flashing/jungo-image.py
@@ -0,0 +1,283 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, 2009 (C) Jose Vasconcellos <jvasco@verizon.net>
+#
+# A script that can communicate with jungo-based routers
+# (such as MI424-WR, USR8200 and WRV54G) to backup the installed
+# firmware and replace the boot loader.
+#
+# Tested with Python 2.5 on Linux and Windows
+#
+"""Usage: %s [options] <IP_address> [image.bin | url]
+Valid options:
+\t-h | --help: usage statement
+\t-d | --dump: create a flash dump
+\t-f | --file: use <filename> to store dump contents
+\t-u | --user: provide username (default admin)
+\t-p | --pass: provide password (default password1)
+\t --port: set port for http (default 8080)
+\t-q | --quiet: don't display unnecessary information
+\t-r | --reboot: reboot target on successful transfer
+\t-V | --version: display version information
+
+If no image (or url) is given, a flash dump is created.
+A built-in http server is used when an image file is provided.
+"""
+
+import os
+import sys
+import getopt
+import getpass
+import telnetlib
+import string
+import binascii
+import socket
+import thread
+import SocketServer
+import SimpleHTTPServer
+
+reboot = 0
+HOST = "192.168.1.1"
+PORT = 8080
+user = "admin"
+#password = getpass.getpass()
+password = "password1"
+proto = "http"
+url = ""
+imagefile = ""
+dumpfile = ""
+verbose = 1
+do_dump = 0
+dumplen = 0x10000
+flashsize=4*1024*1024
+#device="br0"
+device="ixp0"
+
+####################
+
+def start_server(server):
+ httpd = SocketServer.TCPServer((server,PORT),SimpleHTTPServer.SimpleHTTPRequestHandler)
+ thread.start_new_thread(httpd.serve_forever,())
+
+####################
+
+def get_flash_size():
+ # make sure we don't have an A0 stepping
+ tn.write("cat /proc/cpuinfo\n")
+ buf = tn.read_until("Returned 0", 3)
+ if not buf:
+ print "Unable to obtain CPU information; make sure to not use A0 stepping!"
+ elif buf.find('rev 0') > 0:
+ print "Warning: IXP42x stepping A0 detected!"
+ if imagefile or url:
+ print "Error: No linux support for A0 stepping!"
+ sys.exit(2)
+
+ # now get flash size
+ tn.write("cat /proc/mtd\n")
+ buf = tn.read_until("Returned 0", 3)
+ if buf:
+ i = buf.find('mtd0:')
+ if i > 0:
+ return int(buf[i+6:].split()[0],16)
+ # use different command
+ tn.write("flash_layout\n")
+ buf = tn.read_until("Returned 0", 3)
+ i = buf.rfind('Range ')
+ if i > 0:
+ return int(buf[i+17:].split()[0],16)
+ print "Can't determine flash size!"
+ else:
+ print "Unable to obtain flash size!"
+ sys.exit(2)
+
+def image_dump(tn, dumpfile):
+ if not dumpfile:
+ tn.write("ver\n");
+ buf = tn.read_until("Returned 0",2)
+ i = buf.find("Platform:")
+ if i < 0:
+ platform="jungo"
+ else:
+ line=buf[i+9:]
+ i=line.find('\n')
+ platform=line[:i].split()[-1]
+
+ tn.write("rg_conf_print /dev/%s/mac\n" % device);
+ buf = tn.read_until("Returned 0",3)
+
+ i = buf.find("mac(")
+ if i > 0:
+ i += 4
+ else:
+ print "No MAC address found! (use -f option)"
+ sys.exit(1)
+ dumpfile = "%s-%s.bin" % (platform, buf[i:i+17].replace(':',''))
+ else:
+ tn.write("\n")
+
+ print "Dumping flash contents (%dMB) to %s" % (flashsize/1048576, dumpfile)
+ f = open(dumpfile, "wb")
+
+ t=flashsize/dumplen
+ for addr in range(t):
+ if verbose:
+ sys.stdout.write('\r%d%%'%(100*addr/t))
+ sys.stdout.flush()
+
+ tn.write("flash_dump -r 0x%x -l %d -4\n" % (addr*dumplen, dumplen))
+ tn.read_until("\n")
+
+ count = addr*dumplen
+ while 1:
+ buf = tn.read_until("\n")
+ if buf.strip() == "Returned 0":
+ break
+ s = buf.split()
+ if s and s[0][-1] == ':':
+ a=int(s[0][:-1],16)
+ if a != count:
+ print "Format error: %x != %x"%(a,count)
+ sys.exit(2)
+ count += 16
+ f.write(binascii.a2b_hex(string.join(s[1:],'')))
+ tn.read_until(">",1)
+
+ f.close()
+ if verbose:
+ print ""
+
+def telnet_option(sock,cmd,option):
+ #print "Option: %d %d" % (ord(cmd), ord(option))
+ if cmd == telnetlib.DO:
+ c=telnetlib.WILL
+ elif cmd == telnetlib.WILL:
+ c=telnetlib.DO
+ sock.sendall(telnetlib.IAC + c + option)
+
+def telnet_timeout():
+ print "Fatal error: telnet timeout!"
+ sys.exit(1)
+
+def usage():
+ print __doc__ % os.path.basename(sys.argv[0])
+
+####################
+
+try:
+ opts, args = getopt.getopt(sys.argv[1:], "hdf:qp:P:rvV", \
+ ["help", "dump", "file=", "user=", "pass=", "port=",
+ "quiet=", "reboot", "verbose", "version"])
+except getopt.GetoptError:
+ # print help information and exit:
+ usage()
+ sys.exit(1)
+
+for o, a in opts:
+ if o in ("-h", "--help"):
+ usage()
+ sys.exit(1)
+ elif o in ("-V", "--version"):
+ print "%s: 0.11" % sys.argv[0]
+ sys.exit(1)
+ elif o in ("-d", "--no-dump"):
+ do_dump = 1
+ elif o in ("-f", "--file"):
+ dumpfile = a
+ elif o in ("-u", "--user"):
+ user = a
+ elif o in ("-p", "--pass"):
+ password = a
+ elif o == "--port":
+ PORT = int(a)
+ elif o in ("-q", "--quiet"):
+ verbose = 0
+ elif o in ("-r", "--reboot"):
+ reboot = 1
+ elif o in ("-v", "--verbose"):
+ verbose = 1
+
+# make sure we have enough arguments
+if len(args) > 0:
+ HOST = args[0]
+
+if len(args) == 2:
+ if args[1].split(':')[0] in ("tftp", "http", "ftp"):
+ url = args[1]
+ else:
+ imagefile = args[1]
+else:
+ do_dump = 1;
+
+####################
+# create a telnet session to the router
+try:
+ tn = telnetlib.Telnet(HOST)
+except socket.error, msg:
+ print "Unable to establish telnet session to %s: %s" % (HOST, msg)
+ sys.exit(1)
+
+tn.set_option_negotiation_callback(telnet_option)
+
+buf = tn.read_until("Username: ", 3)
+if not buf:
+ telnet_timeout()
+tn.write(user+"\n")
+if password:
+ buf = tn.read_until("Password: ", 3)
+ if not buf:
+ telnet_timeout()
+ tn.write(password+"\n")
+
+# wait for prompt
+buf = tn.read_until("> ", 3)
+if not buf:
+ telnet_timeout()
+
+flashsize = get_flash_size()
+
+if do_dump:
+ image_dump(tn, dumpfile)
+
+if imagefile or url:
+ splitpath = os.path.split(imagefile)
+
+ # create load command
+ if url:
+ cmd = "load -u %s -r 0\n" % (url)
+ else:
+ server = tn.get_socket().getsockname()[0]
+ cmd = "load -u http://%s:%d/%s -r 0\n" % (server, PORT, splitpath[1])
+
+ if not os.access(imagefile, os.R_OK):
+ print "File access error: %s" % (imagefile)
+ sys.exit(3)
+
+ # make sure we're in the directory where the image is located
+ if splitpath[0]:
+ os.chdir(splitpath[0])
+
+ start_server(server)
+
+ if verbose:
+ print "Unlocking flash..."
+ tn.write("unlock 0 0x%x\n" % flashsize)
+ buf = tn.read_until("Returned 0",5)
+
+ if verbose:
+ print "Writing new image..."
+ print cmd,
+ tn.write(cmd)
+ buf = tn.read_until("Returned 0",10)
+
+ # wait till the transfer completed
+ buf = tn.read_until("Download completed successfully",20)
+ if buf:
+ print "Flash update complete!"
+ if reboot:
+ tn.write("reboot\n")
+ print "Rebooting..."
+
+tn.write("exit\n")
+tn.close()
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 23:24:22 +0000