Hi ,
I tried flashing the modified image:
Before flashing:
- The uart pins connected to usb to uart - PBL messages were displayed on the minicom
- Backup of the entire flash taken (In-circuit)
- modified 15 00 04 00 01 to 15 00 04 00 00 on the flash image backup.
- flashed the new image into the flash using flashrom
$ sudo flashrom --programmer ch341a_spi -w mtik_cap_ac.bin
flashrom v1.2-4-gad08aef on Linux 4.15.0-62-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Winbond flash chip "W25Q128.V..M" (16384 kB, SPI) on ch341a_spi.
Reading old flash chip contents... done.
Erasing and writing flash chip... FAILED at 0x0007e282! Expected=0xff, Found=0xef, failed byte count from 0x0007e000-0x0007efff: 0x1
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
FAILED at 0x0005013c! Expected=0xff, Found=0xbf, failed byte count from 0x00050000-0x00057fff: 0x3
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
FAILED at 0x00290052! Expected=0xff, Found=0x7f, failed byte count from 0x00290000-0x0029ffff: 0x4
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
FAILED at 0x0015941d! Expected=0xff, Found=0xfd, failed byte count from 0x00000000-0x00ffffff: 0x75
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
FAILED at 0x00038001! Expected=0xff, Found=0xf0, failed byte count from 0x00000000-0x00ffffff: 0x32f
ERASE FAILED!
Reading current flash chip contents...
done. Looking for another erase function.
Looking for another erase function.
Looking for another erase function.
No usable erase functions left.
FAILED!
Uh oh. Erase/write failed. Checking if anything has changed.
Reading current flash chip contents... done.
Apparently at least some data has changed.
Your flash chip is in an unknown state.
Please report this on IRC at chat.freenode.net (channel #flashrom) or
mail flashrom@flashrom.org, thanks!
After flashing, the PBL output that were being displayed on the serial stopped. the device is not booting into routeros.
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.1-00096
S - IMAGE_VARIANT_STRING=DAABANAZA
S - OEM_IMAGE_VERSION_STRING=CRM
S - Boot Config, 0x00000021
S - Core 0 Frequency, 0 MHz
B - 262 - PBL, Start
B - 1342 - bootable_media_detect_entry, Start
B - 1683 - bootable_media_detect_success, Start
B - 1697 - elf_loader_entry, Start
B - 5104 - auth_hash_seg_entry, Start
B - 7271 - auth_hash_seg_exit, Start
B - 577868 - elf_segs_hash_verify_entry, Start
B - 694289 - PBL, End
B - 694313 - SBL1, Start
B - 782841 - pm_device_init, Start
D - 6 - pm_device_init, Delta
B - 784364 - boot_flash_init, Start
D - 45978 - boot_flash_init, Delta
B - 834540 - boot_config_data_table_init, Start
D - 3857 - boot_config_data_table_init, Delta - (419 Bytes)
B - 842012 - clock_init, Start
D - 7566 - clock_init, Delta
B - 853780 - CDT version:2,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0
B - 857269 - sbl1_ddr_set_params, Start
B - 862257 - cpr_init, Start
D - 2 - cpr_init, Delta
B - 866750 - Pre_DDR_clock_init, Start
D - 4 - Pre_DDR_clock_i.
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.1-00096
S - IMAGE_VARIANT_STRING=DAABANAZA
S - OEM_IMAGE_VERSION_STRING=CRM
S - Boot Config, 0x00000021
S - Core 0 Frequency, 0 MHz
B - 262 - PBL, Start
B - 1342 - bootable_media_detect_entry, Start
B - 1683 - bootable_media_detect_success, Start
B - 1697 - elf_loader_entry, Start
B - 5104 - auth_hash_seg_entry, Start
B - 7271 - auth_hash_seg_exit, Start
B - 577869 - elf_segs_hash_verify_entry, Start
B - 694290 - PBL, End
B - 694314 - SBL1, Start
B - 782842 - pm_device_init, Start
D - 6 - pm_device_init, Delta
B - 784365 - boot_flash_init, Start
B - 3115669 - Boot error ocuured!. Error code: 302a
Tried the stable version 1.1 of flashrom, with same results.
Was i supposed to take out the nor flash for read and write?