Yeah,
I provided 2 serial nr of 2 boards.
According to Mikrotik there is not a single change to the SoC or WLAN hardware here.
So the only delta (next to some enw SPI chip) is the bootloader.
The kernel cmdline shows a different in GPIO config.
Unfortunately, I dont have a R1 board anymore to upgrade the bootloader to the same version as the R2 ..
I asked:
to compare dumps spi flash revisions.
How will we proceed?
it will not help us in any way?
I'll try to provide that tomorrow.
I didn't want to provide them earlier as the working board had bootloader 3.x while the r2 has 6.x ..
spi cut information with 0xс000 size 0x1000:
dd if=951_1 of=hc951 skip=49152 count=4096 bs=1
compiled https://github.com/robimarko/openwrt/tree/BaseBox2/package/utils/rbextract/src
I see
root@OpenWrt:~# rbextract -a /tmp/hc951
Board name:
Board product code: 951Ui-2HnD
Board identifier: 951HnD
Board serial: B8570AAB8420
Board MAC: 744D28C0
HW Options 290005
Factory RouterBoot version: 6.43.2
Flash identifier: c21020c2
also checked this file using a script
python3 parse-routerboot.py ~/old_work/ch341prog/hc951
Unknown magic: 0x48617264
Trying again in big-endian mode
RB_MAGIC_HARD
DATA type=26 len=4 data-offset=0x0008 00 00 00 00 |....|
DATA type=4 len=8 data-offset=0x0010 74 4d 28 c0 a0 73 00 00 |tM(..s..|
DATA type=14 len=4 data-offset=0x001c 00 00 00 06 |....|
DATA type=10 len=4 data-offset=0x0024 0a ab 84 20 |... |
DATA type=13 len=4 data-offset=0x002c 08 00 00 00 |....|
DATA type=19 len=4 data-offset=0x0034 00 00 00 00 |....|
DATA type=18 len=4 data-offset=0x003c 00 00 f0 00 |....|
DATA type=20 len=4 data-offset=0x0044 08 21 d1 51 |.!.Q|
DATA type=21 len=4 data-offset=0x004c 00 29 00 05 |.)..|
DATA type=27 len=4 data-offset=0x0054 00 00 13 88 |....|
DATA type=11 len=16 data-offset=0x005c 42 38 35 37 30 41 41 42 38 34 32 30 00 00 00 00 |B8570AAB8420....|
DATA type=5 len=20 data-offset=0x0070 39 35 31 55 69 2d 32 48 6e 44 00 00 00 00 00 00 00 00 00 00 |951Ui-2HnD..........|
DATA type=33 len=4 data-offset=0x0088 00 00 00 00 |....|
DATA type=6 len=8 data-offset=0x0090 36 2e 34 33 2e 32 00 00 |6.43.2..|
DATA type=25 len=20 data-offset=0x009c ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |....................|
DATA type=3 len=20 data-offset=0x00b4 c2 10 20 c2 00 00 00 0c 00 00 00 10 02 00 00 33 02 01 04 00 |.. ............3....|
DATA type=1 len=4 data-offset=0x00cc 01 7d 78 40 |.}x@|
DATA type=23 len=12 data-offset=0x00d4 39 35 31 48 6e 44 00 00 00 00 00 00 |951HnD......|
DATA type=8 len=48 data-offset=0x00e4 00 00 01 f4 40 08 1a 00 00 00 02 26 40 02 15 80 00 00 02 58 40 02 16 00 00 |....@......&@......X@....+
DATA type=28 len=636 data-offset=0x0118 00 00 00 c8 40 81 80 00 00 00 00 17 b8 00 00 b8 00 00 0e 59 b8 00 00 10 00 |....@..............Y.....+
DATA type=22 len=816 data-offset=0x0398 00 45 52 44 03 24 00 01 02 ff ff ff ff ff 20 00 00 00 00 00 00 00 00 00 00 |.ERD.$........ ..........+
Trying to recursively decode ERD partition
RB_MAGIC_ERD
DATA type=1 len=201 data-offset=0x0008 02 ff ff ff ff ff 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e9 00 00 |...... ..................+
DATA type=13312 len=335 data-offset=0x00d5 00 02 11 12 15 17 41 42 45 47 31 32 35 37 70 75 9d a2 70 75 a2 ff 6c 00 05 |......ABEG1257pu..pu..l..+
DATA type=48131 len=4885 data-offset=0x0228 40 01 90 03 90 00 88 02 4c 04 72 01 3c 7c 20 00 00 00 00 00 00 00 00 00 00 |@.......L.r.<| ..........+
Done decoding ERD
DATA type=30 len=24 data-offset=0x06cc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |........................|
DATA type=39 len=4 data-offset=0x06e8 72 32 00 00 |r2..|
DATA type=37 len=4 data-offset=0x06f0 06 2b 66 02 |.+f.|
Zero-length record with type 0, ending now
Does this give us any steps forward?
This is rb951ui-2hnd (r2) board.
P.S. Sorry for my English.
Found a router where Wi-Fi works (951ui-2hnd)
Dump spi from worked and not worked radio: https://yadi.sk/d/YdjK7UniRK4mQg
It seems that where the radio works, the lzo compression is not used in the calibration section.
I was able to extract them with rbexract -e.
Can anybody help? The problem is likely common to all new versions of Mikrotik.
P.S. I also soldered spi from a working router to a non-working one, after that the radio worked there. This suggests that I made the right conclusions that the data format is different.
I also received a 912 board back today with an older bootloader and still containing routerOS.
Ill do some testing with it using ramfs next week.
also @rogerpueyo posted something that could aid this.
Hi @Lipton2kirov,
I've just posted a pull request to add support for the RouterBOARD 922UAGS-5HPacD on the ath79 target. It has a different SoC (QCA9558) but you might find it useful, since it has things in common (both SPI NOR and NAND flash, USB, etc.). Please find it at https://github.com/openwrt/openwrt/pull/2733 .
Besides that, the rbextract package (with ath79) supports the newest LZOR-compressed caldata, the former ERD-tagged and there is a PR for supporting older devices which had the caldata encoded right there with RLE (https://github.com/openwrt/openwrt/pull/2731). The code is much clearer there than in the ar71xx target, so I'd strongly encourage you to give it a try.
I received a Mikrotik hAP AC2 USr2 revision, and saw that the radio calibration chunk id has been changed.
It appears instead of Chunk ID of 0x1, they moved it to 0x8201 and 0x8001
Try the following ( change in either rbextract, or for ar71xx/ath79 the rb_get_wlan_data function ):
/* No Radio Calibration Data Found
err = routerboot_find_tag(buf_lzo_out + erd_offset,
lzo_out_len - erd_offset,
0x1, &erd_tag, &erd_tag_len);
*/
// This finds 5.8GHz radio calibration data
err = routerboot_find_tag(buf_lzo_out + erd_offset,
lzo_out_len - erd_offset,
0x8201, &erd_tag, &erd_tag_len);The Mikrotik hAP AC2 is little endian, so you may have to convert to big endian ( not sure ) for the rb912.
You can do a hexdump on the hard_config and look for the ERD magic number. The first chunk is directly after the ERD magic ( atleast on the hAP AC2 ).
Hope this helps.
I have a big box full (20+) of RB951Ui-2HnD, but WiFi is not getting detected on any of them.
Please do let me know if any information from the devices is required for further debugging.
None of them have RouterOS as all of them are already flashed with OpenWrt 18.06.2.
after a few very busy weeks I should be able to go indepth next week.
fingers crossed.
i provided 2 serials to MikroTik and they confirmed the hardware is really identical.
The only difference was the brand of SPI chip and bootloader firmware.
They were honestly also surprised that wifi didn't work using OpenWrt
Thanks for your response.
https://github.com/openwrt/openwrt/pull/2729/commits/3bf97ac9d66dfc373c4f637b0bed2e81e4463290 It worked with this pull request, which I tried on 19.07.
My results are specific to RB951Ui-2HnD.
Ok,
currently searching for the issue in detail.
I have 2x rb912-5HPnD, one is R1, one is R2
Both were given this treatment:
Compared following partitions (Bold = differences found):
mtd0: 0000c000 00001000 "routerboot"
mtd1: 00001000 00001000 "hard_config"
mtd2: 00001000 00001000 "bios"
mtd3: 00001000 00001000 "soft_config"
mtd4: 00040000 00020000 "booter"
Update: I flashed mtd partitions 0, 1, 2 & 3 to the bad board and still no wifi ..
GPIO delta:
Notice that GPIO 16 & 17 are low in the non-working board.
Update: exporting 16 & 17 and driving them high doesnt help. They also remain low no matter what I set
All details can be downloaded here
update:
Well .. haste is a bad thing.
above patch fixes it!
Ill clean it up for submission
Hello, Is there a chance that you be so kind and send me your images? So I can run/test it on my ones. Maybe a download link. Or if your answer is yes than I will give you a mail-address.
I have the same router board but the file you send me is a bit different. How to use it? I mean I usually boot it via tftp. The same way here? And i really appreciate it. Thank you.
Boot your router with TFTP, ssh this file to the router and install using sysupgrade. If your router already has OpenWrt, then you can directly sysupgrade with this file.
I have flashed it. No reaction anymore from the router. Is there no dhcp activated or has it anpther ip than 192.168.1.1 ?
@codemarauder @xback
Hello! Do I understand correctly that the fix didn't make it into the master branch? So then how do I apply the patch to the current code? Or better yet, can you please share the compiled image?
Hello,
Here is the link to the patched firmware - tested on RB951Ui-2HnD
Port configuration are as below:
Port 1: Not in use
Port 2: WAN (DHCP)
Port 3: WAN2 (DHCP)
Port 4,5: LAN
Please note that since this is a custom image, it creates a VPN tunnel to my server as soon as Internet is available. You may want to disable it in /etc/config/openvpn.
I haven't yet tried 19.07.4 or patched that source code yet, but should be able to do it next week.
Hello,
I have been attempting to get 19.07.7 running on several RB912UAG-2HPnD r2 revision boards, but on all of them I am seeing a bootloop issue after the sysupgrade using the stock images. Below is the serial output of the vmlinux boot which also does not exhibit any issues with UART output, and the serial output right after sysupgrade which triggers the continuous rebooting as well as somehow immediately causing UART output issues as seen in the sysupgrade log.
Can anyone take a look at the logs and give any feedback on what I can do to track this issue down? I was able to build an image from the same branch, and at least did not see a bootloop issue, but USB/Mini-PCIe was not detected at minimum with WiFi untested.
Thank you in advance for any help provided!
RB912UAG_2HPnD_r2_vmlinux_boot_19.07.7
[ 0.000000] Linux version 4.14.221 (builder@buildhost) (gcc version 7.5.0 (OpenWrt GCC 7.5.0 r11306-c4a6851c72)) #0 Mon Feb 15 15:22:37 2021
[ 0.000000] bootconsole [early0] enabled
[ 0.000000] CPU0 revision is: 0001974c (MIPS 74Kc)
[ 0.000000] SoC: Atheros AR9342 rev 3
[ 0.000000] Determined physical RAM map:
[ 0.000000] memory: 04000000 @ 00000000 (usable)
[ 0.000000] User-defined physical RAM map:
[ 0.000000] memory: 04000000 @ 00000000 (usable)
[ 0.000000] Initrd not found or empty - disabling initrd
[ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[ 0.000000] Zone ranges:
[ 0.000000] Normal [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] random: get_random_bytes called from 0x80529740 with crng_init=0
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 16256
[ 0.000000] Kernel command line: benand_no_swecc=2 parts=1 boot_part_size=4194304 gpio=97855 HZ=300000000 mem=64M kmac=48:8F:5A:8E:C7:CE board=711Gr100 board=711Gr100 board_rev=r2 bver=6.44.6 hw_opt=02640005 boot=0 mlc=11 console=ttyS0,115200 rootfstype=squashfs noinitrd
[ 0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[ 0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[ 0.000000] Writing ErrCtl register=00000000
[ 0.000000] Readback ErrCtl register=00000000
[ 0.000000] Memory: 56888K/65536K available (4195K kernel code, 173K rwdata, 524K rodata, 2524K init, 213K bss, 8648K reserved, 0K cma-reserved)
[ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] NR_IRQS: 51
[ 0.000000] Clocks: CPU:600.000MHz, DDR:350.000MHz, AHB:350.000MHz, Ref:25.000MHz
[ 0.000000] clocksource: MIPS: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6370868154 ns
[ 0.000010] sched_clock: 32 bits at 300MHz, resolution 3ns, wraps every 7158278654ns
[ 0.008895] Calibrating delay loop... 299.82 BogoMIPS (lpj=1499136)
[ 0.086005] pid_max: default: 32768 minimum: 301
[ 0.091491] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.099011] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.109838] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.121067] futex hash table entries: 256 (order: -1, 3072 bytes)
[ 0.129648] NET: Registered protocol family 16
[ 0.138932] MIPS: machine is Mikrotik RouterBOARD RB912UAG-2HPnD
[ 0.407026] clocksource: Switched to clocksource MIPS
[ 0.413985] NET: Registered protocol family 2
[ 0.420019] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.428014] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.435244] TCP: Hash tables configured (established 1024 bind 1024)
[ 0.442642] UDP hash table entries: 256 (order: 0, 4096 bytes)
[ 0.449353] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[ 0.456768] NET: Registered protocol family 1
[ 2.577043] random: fast init done
[ 4.062525] Crashlog allocated RAM at address 0x3f00000
[ 4.070283] workingset: timestamp_bits=30 max_order=14 bucket_order=0
[ 4.083227] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 4.089918] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[ 4.260268] io scheduler noop registered
[ 4.264726] io scheduler deadline registered (default)
[ 4.271115] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[ 4.280784] console [ttyS0] disabled
[ 4.305039] serial8250.0: ttyS0 at MMIO 0x18020000 (irq = 11, base_baud = 1562500) is a 16550A
[ 4.314854] console [ttyS0] enabled
[ 4.314854] console [ttyS0] enabled
[ 4.322423] bootconsole [early0] disabled
[ 4.322423] bootconsole [early0] disabled
[ 4.341674] m25p80 spi0.0: found gd25d05, expected m25p80
[ 4.348981] m25p80 spi0.0: gd25d05 (64 Kbytes)
[ 4.402746] Creating 4 MTD partitions on "spi0.0":
[ 4.407787] 0x000000000000-0x00000000c000 : "routerboot"
[ 4.439766] 0x00000000c000-0x00000000d000 : "hard_config"
[ 4.471573] 0x00000000d000-0x00000000e000 : "bios"
[ 4.502862] 0x00000000e000-0x00000000f000 : "soft_config"
[ 4.535192] NAND flash driver for the RouterBOARD 91x series
[ 4.543425] nand: device found, Manufacturer ID: 0xef, Chip ID: 0xf1
[ 4.550065] nand: Winbond W29N01HV
[ 4.553586] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[ 4.561436] Scanning device for bad blocks
[ 4.680114] Creating 3 MTD partitions on "W29N01HV":
[ 4.685280] 0x000000000000-0x000000040000 : "booter"
[ 4.716572] 0x000000040000-0x000000400000 : "kernel"
[ 4.748040] 0x000000400000-0x000008000000 : "ubi"
[ 4.783221] libphy: Fixed MDIO Bus: probed
[ 4.822803] libphy: ag71xx_mdio: probed
[ 5.547905] ag71xx ag71xx.0: connected to PHY at ag71xx-mdio.0:00 [uid=004dd074, driver=Atheros 8031 ethernet]
[ 5.558926] eth0: Atheros AG71xx at 0xb9000000, irq 4, mode: rgmii
[ 5.571418] MikroTik RouterBOARD hardware configuration sysfs driver v0.03
[ 5.579800] NET: Registered protocol family 10
[ 5.589220] Segment Routing with IPv6
[ 5.593116] NET: Registered protocol family 17
[ 5.597840] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[ 5.611243] 8021q: 802.1Q VLAN Support v1.8
[ 5.620087] UBI: auto-attach mtd6
[ 5.623558] ubi0: attaching mtd6
[ 5.901123] ubi0: scanning is finished
[ 5.922472] ubi0: attached mtd6 (name "ubi", size 124 MiB)
[ 5.928219] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[ 5.935315] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[ 5.942337] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
[ 5.949540] ubi0: good PEBs: 992, bad PEBs: 0, corrupted PEBs: 0
[ 5.955744] ubi0: user volume: 3, internal volumes: 1, max. volumes count: 128
[ 5.963216] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1989761632
[ 5.972657] ubi0: available PEBs: 0, total reserved PEBs: 992, PEBs reserved for bad PEB handling: 20
[ 5.982282] ubi0: background thread "ubi_bgt0d" started, PID 346
[ 5.990265] block ubiblock0_1: created from ubi0:1(rootfs)
[ 5.995949] ubiblock: device ubiblock0_1 (rootfs) set to be root filesystem
[ 6.021988] Freeing unused kernel memory: 2524K
[ 6.026679] This architecture does not have kernel memory protection.
[ 6.051775] init: Console is alive
[ 6.055596] init: - watchdog -
[ 6.083942] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[ 6.093420] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[ 6.111697] init: - preinit -
[ 6.316852] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 6.349084] random: procd: uninitialized urandom read (4 bytes read)
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[ 8.418553] eth0: link up (100Mbps/Full duplex)
[ 8.423279] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 9.523755] eth0: link down
[ 9.540599] procd: - early -
[ 9.543715] procd: - watchdog -
[ 10.149156] procd: - watchdog -
[ 10.152812] procd: - ubus -
[ 10.164027] random: ubusd: uninitialized urandom read (4 bytes read)
[ 10.206683] random: ubusd: uninitialized urandom read (4 bytes read)
[ 10.213883] random: ubusd: uninitialized urandom read (4 bytes read)
[ 10.221796] procd: - init -
Please press Enter to activate this console.
[ 10.761223] kmodloader: loading kernel modules from /etc/modules.d/*
[ 10.790262] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 10.815694] Loading modules backported from Linux version v4.19.161-0-gdaefdc9eb24b
[ 10.823690] Backport generated by backports.git v4.19.161-1-0-g4bb568fe
[ 10.849826] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 10.876915] nf_conntrack version 0.5.0 (1024 buckets, 4096 max)
[ 11.019454] xt_time: kernel timezone is -0000
[ 11.146266] urngd: v1.0.2 started.
[ 11.160188] PPP generic driver version 2.4.2
[ 11.178026] NET: Registered protocol family 24
[ 11.289432] ieee80211 phy0: Atheros AR9340 Rev:3 mem=0xb8100000, irq=47
[ 11.387500] kmodloader: done loading kernel modules from /etc/modules.d/*
[ 11.498706] random: crng init done
[ 11.502245] random: 6 urandom warning(s) missed due to ratelimiting
[ 29.057340] br-lan: port 1(eth0) entered blocking state
[ 29.062756] br-lan: port 1(eth0) entered disabled state
[ 29.068556] device eth0 entered promiscuous mode
[ 29.111986] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[ 31.138619] eth0: link up (100Mbps/Full duplex)
[ 31.143363] br-lan: port 1(eth0) entered blocking state
[ 31.148807] br-lan: port 1(eth0) entered forwarding state
[ 31.177126] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[ 179.858535] eth0: link up (100Mbps/Full duplex)
[ 179.863274] br-lan: port 1(eth0) entered blocking state
[ 179.868720] br-lan: port 1(eth0) entered forwarding state