Hi there,
this is my first post so please bear with me... I am a seasoned systems administrator, but quite new to MIPS/ARM world. That means that CFE & U-boot are specially harsh for me.
I already cloned openwrt github, and tore the router apart and took photos & part numbers for all the ICs.
Even extracted DTB and converted to DTS from the latest available firmware for this router, which is OpenWRT/LEDE based.
The point where I am now is trying to figure out the right DTS, which seems to be quite different from Cudy and OpenWRT approaches.
As far as I saw, OpenWRT focuses on repeatability, and tries to relate to other hw, i.e. &cpuintc instead of direct hex value 0x02 referred on Cudy's fw.
I've opened the extracted full DTB/DTS and I am (kind of) comparing with openwrt mt7628an.dtsi to pinpoint what is already there, and what ONLY needs to be added to the cudy's final DTS.
Is this the only possible approach? I have the feeling that I am running in circles here, and that I am doing things a lot more difficult than it needs to be.
Also, if this post belongs to hacking subforum please move it or let me know how can I fix the situation.
Thanks in advance,
Drag00n
1 Like
Anyone knows what does the cudy forums admins mean by this?
We need the OpenWrt forum official support the router at first, then we can release a middle firmware for you, then you can use and upgrade to the OpenWrt firmware.
So if I understood it right, they need someone to hack a device for them to deliver an intermediate fw that allows to load unsigned fw?
What's the rationale behind that? I thought that they delivered the fw to disable signing, then we'd be able to keep developing...
Thanks in advance,
Drag00n
There's no point for them to their work, if "we" won't do ours.
Nothing stops you from developing, only easy flashing.
That's what I meant, but as far as I know I can't try the created fw if I can't flash it... Maybe I am not viewing the whole picture. After all, as I said it's the first time I am trying this on u-Boot, DTB and MIPS.
Wouldn't it make sense to just disable (cudy) through that intermediate fw the code signing? Not sure what they need a development on "our" side, they'll just unlock BL for everybody, or are they unlocking only for OpenWRT images?
I am on holidays now, but I expect to be able to build next week and if it works via TFTP loading then I hope I'll be able to debug further. Otherwise, not sure how further will I be able to go on my own.
Thanks for the quick answer, Frollic.
Drag00n
You can, via serial and an initramfs.
It's how flashing Cudy works until they release their unsigned interim image.
Example: https://github.com/openwrt/openwrt/pull/15214
Well yes, that's one of the other ways other than TFTP that I was willing to try fro the whole list on the wiki, but as I say I am stll figuring out the differences between openwrt/LEDE 17 on cudy latest fw and adapting to 25.12 (or latest), specially regarding DTB which is a pain in the ass for me right now.
I had a usb serial which suspect is 5v only, and I ordered another which is also 3V3 (just to make sure i won't burn anything on the board) that arrived the day before I left, so will be waiting for me ;).
So I think I'll be able to load via serial the new kernel/initramfs...
Thanks
BR
Drag00n
Well, I tried the USB to serial on the PGRT pins, which "should" be the one valid for bootlog, but so far no luck. P is VCC, G is ground, and R / T are 3V so they should be good, but I think will try to unsolder the 4 pins and try just GND + TX just in case I shorted something on the way to the soldering phase. But I wanted to just ask, as probably a lot of you faced this already: Is there any chance that the serial is for the Quebec 4G or any other purpose?
A visual recon supposes that the lines come from the MT7628AN, but will have to use the microscope later...
BTW, I used the new USB FT232 on other routers/devices successfully so I think it's not the issue here
Thanks in advance...
Drag00n
I'm sorry for the noise, but I think it's worth it just in case anyone else wonders why UART is not working on this router. TX & RX pins are shorted in a very small place, so I didnt even notice... I still dont get how did I get 3V3 on the pins, but that's another story...
I will try to short them but I'm pretty sure I'll mess up with the iron, so ... maybe my last post.
If that's the case, it has been a short trip which I wanted to initiate.
Pic added, mind the 2 small vertical red linesabove TX pin. Pls notice the 4 pin connector has been soldered too, so this will differ from stock.
(edit typo)
