Adding support for Mikrotik Hap AX2

Hey, I tried using the decode_supout.py using Python version 3.10.6 on windows and Ubuntu but got the following errors:
First some indentation problems and slight syntax errors around line 55 and below, and the following exception

But when running the code:

python3 decode_supout.py 
Traceback (most recent call last):
  File "/mnt/c/Users/muehl/Desktop/microtik/decode_supout.py", line 37, in <module>
    raise Exception("Usage: "+sys.argv[0]+" <supout.rif> [output_folder]")
Exception: Usage: decode_supout.py <supout.rif> [output_folder]

I had the 2 files in one folder and was running the python file, do I need something else to make this work correctly?

I can use the "Supout.rif viewer" in my microtik account, but it seems like there is no option to download all files combined.

My router is already configured and in use, but if it makes it easier I could backup the system and make a clean OS

Thanks!
You will need to supply the name of the supout file copied from the router to your pc as a command line arg. example: python3 decode_supout.py supout.rif

Yes, this is worth a try.

No need, just do not share the 10_export file (number can change).

The _.proc and _.startup files are probably all we want to start with, but you should replace most bits of your MAC addresses in them before sharing.
Cheers

Ty for the reply,

now it looks like I have some problems decoding:

Traceback (most recent call last):
  File "C:\Users\muehl\Desktop\microtik\decode_supout.py", line 59, in <module>
    out = tribit(base64.b64decode(sect.replace("=","A")))
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.2800.0_x64__qbz5n2kfra8p0\lib\base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

Unfortunately, this is way beyond my understanding of python.

For now, I used the microtik supout viewer to extract the contents of the .proc file. But there is no .startup file to be found.

I removed the MAC addresses and serial from the .proc file by hand, if there is any sensitive information I should remove, lmk.

Where should I upload the file?

Okay. I did spot another Mikrotik supout decoder here: https://github.com/farseeker/go-mikrotik-rif

Great. I have not used that before. The startup file might just be called log or something similar. It has parts of dmesg in it, like Creating 2 MTD partitions

The MAC addresses (multiple, sequential) & serial are all that I know of, but they are there in a few different formats (mixed case, and both with and without : separators for MAC)

Anywhere that works for you. I would probably use https://gist.github.com/, or a generic pastebin service.

Cheers

Hi,
the second decoder was working. the content is in one file

right now I'm reading the openWRT docs to see what needs to be done to add device support, but still scratching the surface. I'm familiar with Linux but never build a kernel or did any low-level programming. Apologies if I ask questions that might seem obvious.

Best

From the dmesg in supout, looks like there is a boot NOR chip, spi-nor spi0.0: gd25lq32 (4096 Kbytes) 0x0000002c0000-0x000000340000 : RouterBoot, but they are running a YAFFS filesystem on NAND. This makes booting OpenWrt from NAND with RouterBOOT difficult, as no YAFFS support in OpenWrt, but there are paths around this, like binary patching, or (partially) replacing the bootloader, or using an intermediary booter. Booting from BOOTP/TFTP should still work fine for testing.

To get OpenWrt running, we would want ipq6018 platform support in OpenWrt (very similar to ipq807x). Looks like some work has been done to build a QSDK based source for a similar device here: GL-iNet AX1800 new router - OpenWrt support?

grep --binary-files=text -i -E '.*: \[.*\] .*(nor|nand|routerbo|routeros|gpio|yaffs|radio.*data|name)'
		 10.55@3: [    0.000000] Kernel command line: root=/dev/ram0 no-uart no-buzzer benand_no_swecc=2 yaffs.inband_tags=1 parts=1 boot_part_size=8388608 clk_ignore_unused arm64=Y board=c53-cp ver=7.7 bver=7.5 hw_opt=08290005 boot=1 mlc=11
		 10.55@3: [    0.017825] thermal_sys: Registered thermal governor 'step_wise'
		 10.55@3: [    0.066501] gpio gpiochip0: (1000000.pinctrl): added GPIO chardev (254:0)
		 10.55@3: [    0.066563] gpiochip_setup_dev: registered GPIOs 0 to 79 on device: gpiochip0 (1000000.pinctrl)
		 10.55@3: [    0.066580] gpio gpiochip0: (1000000.pinctrl): created GPIO range 0->79 ==> 1000000.pinctrl PIN 0->79
		 10.55@3: [    0.128058] jffs2: version 2.2. (NAND) (SUMMARY)  © 2001-2006 Red Hat, Inc.
		 10.55@3: [    0.128513] yaffs: yaffs Installing.
		 10.55@3: [    0.275168] nand: device found, Manufacturer ID: 0x98, Chip ID: 0xa1
		 10.55@3: [    0.275177] nand: Toshiba NAND 128MiB 1,8V 8-bit
		 10.55@3: [    0.275185] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
		 10.55@3: [    0.275247] 0x000000000000-0x000000800000 : "RouterBoard NAND 1 Boot"
		 10.55@3: [    0.288965] 0x000000800000-0x000008000000 : "RouterBoard NAND 1 Main"
		 10.55@3: [    0.484161] spi-nor spi0.0: found gd25lq32, expected m25p80
		 10.55@3: [    0.484805] spi-nor spi0.0: gd25lq32 (4096 Kbytes)
		 10.55@3: [    0.484844] 0x0000002c0000-0x000000340000 : "RouterBoot"
		 10.55@3: [    0.486731] mdio_bus fixed-0: GPIO lookup for consumer reset
		 10.55@3: [    0.486741] mdio_bus fixed-0: using lookup tables for GPIO lookup
		 10.55@3: [    0.486751] mdio_bus fixed-0: No GPIO consumer reset found
		 10.55@3: [    0.489120] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/wps-button[0]' - status (0)
		 10.55@3: [    0.489268] Registered gpio 0 as wps-button
		 10.55@3: [    0.489298] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/button[0]' - status (0)
		 10.55@3: [    0.489393] Registered gpio 16 as button
		 10.55@3: [    0.489423] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/mode-button[0]' - status (0)
		 10.55@3: [    0.489515] Registered gpio 9 as mode-button
		 10.55@3: [    0.489543] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/usb-power-off[0]' - status (0)
		 10.55@3: [    0.489634] Registered gpio 37 as usb-power-off
		 10.55@3: [    0.489756] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/system-led/red[0]' - status (0)
		 10.55@3: [    0.489852] Registered gpio 19 as system-led:red
		 10.55@3: [    0.489922] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/system-led/green[0]' - status (0)
		 10.55@3: [    0.490017] Registered gpio 20 as system-led:green
		 10.55@3: [    0.490089] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/system-led/blue[0]' - status (0)
		 10.55@3: [    0.490211] Registered gpio 18 as system-led:blue
		 10.55@3: [    0.490286] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/system-wlan-led[0]' - status (0)
		 10.55@3: [    0.490377] Registered gpio 22 as system-wlan-led
		 10.55@3: [    0.490469] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/system-eth-led[0]' - status (0)
		 10.55@3: [    0.490560] Registered gpio 21 as system-eth-led
		 10.55@3: [    0.490631] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/led1[0]' - status (0)
		 10.55@3: [    0.490721] Registered gpio 23 as led1
		 10.55@3: [    0.490792] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/led2[0]' - status (0)
		 10.55@3: [    0.490884] Registered gpio 24 as led2
		 10.55@3: [    0.490956] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/led3[0]' - status (0)
		 10.55@3: [    0.491046] Registered gpio 25 as led3
		 10.55@3: [    0.491118] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/led4[0]' - status (0)
		 10.55@3: [    0.491208] Registered gpio 26 as led4
		 10.55@3: [    0.491280] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/led5[0]' - status (0)
		 10.55@3: [    0.491369] Registered gpio 27 as led5
		 10.55@3: [    0.491444] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/poe-led[0]' - status (0)
		 10.55@3: [    0.491535] Registered gpio 29 as poe-led
		 10.55@3: [    0.491611] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/lte-ant-sw1[0]' - status (0)
		 10.55@3: [    0.491703] Registered gpio 33 as lte-ant-sw1
		 10.55@3: [    0.491779] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/lte-ant-sw2[0]' - status (0)
		 10.55@3: [    0.491870] Registered gpio 34 as lte-ant-sw2
		 10.55@3: [    0.491945] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/lte-reset[0]' - status (0)
		 10.55@3: [    0.492037] Registered gpio 60 as lte-reset
		 10.55@3: [    0.492112] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/mpcie-power-off[0]' - status (0)
		 10.55@3: [    0.492204] Registered gpio 35 as mpcie-power-off
		 10.55@3: [    0.535401] yaffs: dev is 32505857 name is "mtdblock1" rw
		 10.55@3: [    0.535407] yaffs: passed flags ""
		 10.55@3: [    0.535416] yaffs: yaffs: Attempting MTD mount of 31.1,"mtdblock1"
		 10.55@3: [    0.535421] yaffs: auto selecting yaffs2
		 10.55@3: [    1.625651] yaffs: block 705 is bad
		 10.55@3: [    1.823818] yaffs: 572 blocks to be sorted...
		 10.55@3: [    2.447209] yaffs: yaffs_read_super: is_checkpointed 0
		 10.55@3: [    2.449637] yaffs: dev is 32505856 name is "mtdblock0" rw
		 10.55@3: [    2.449642] yaffs: passed flags ""
		 10.55@3: [    2.449650] yaffs: yaffs: Attempting MTD mount of 31.0,"mtdblock0"
		 10.55@3: [    2.449655] yaffs: auto selecting yaffs2
		 10.55@3: [    2.454200] yaffs: yaffs_read_super: is_checkpointed 1
		 10.55@3: [   10.384364] board name = C53UiG+5HPaxD2HPaxD
		 10.55@3: [   10.384369] market name = hAP ax³
		 10.55@3: [   10.385582] radio data lz77 decompressed from 5124 to 11848
		 11.47@3: [   11.475478] nand id 1580a198 00000000
		 11.47@3: [   11.475629] uid->nand_id c81660c8
2023.02.18-04:29:14.48@1: [   12.619331] probe_er_radio_data chunkid 8001 caldataid -1
2023.02.18-04:29:14.48@1: [   12.619351] found extended radio data with id 32769
2023.02.18-04:29:14.48@1: [   12.619974] radio data rle decompressed from 11836 to 65536
2023.02.18-04:29:14.60@1: [   12.740917] qcom-pcie 20000000.pci: GPIO lookup for consumer booster
2023.02.18-04:29:14.60@1: [   12.740944] qcom-pcie 20000000.pci: using device tree for GPIO lookup
2023.02.18-04:29:14.60@1: [   12.740978] of_get_named_gpiod_flags: can't parse 'booster-gpios' property of node '/soc/pci@20000000[0]'
2023.02.18-04:29:14.60@1: [   12.741004] of_get_named_gpiod_flags: can't parse 'booster-gpio' property of node '/soc/pci@20000000[0]'
2023.02.18-04:29:14.60@1: [   12.741021] qcom-pcie 20000000.pci: using lookup tables for GPIO lookup
2023.02.18-04:29:14.60@1: [   12.741035] qcom-pcie 20000000.pci: No GPIO consumer booster found
2023.02.18-04:29:14.60@1: [   12.741047] qcom-pcie 20000000.pci: GPIO lookup for consumer pwr
2023.02.18-04:29:14.60@1: [   12.741059] qcom-pcie 20000000.pci: using device tree for GPIO lookup
2023.02.18-04:29:14.60@1: [   12.741082] of_get_named_gpiod_flags: can't parse 'pwr-gpios' property of node '/soc/pci@20000000[0]'
2023.02.18-04:29:14.60@1: [   12.741119] of_get_named_gpiod_flags: parsed 'pwr-gpio' property of node '/soc/pci@20000000[0]' - status (0)
2023.02.18-04:29:14.60@1: [   12.741134] gpio-35 (mpcie-power-off): gpiod_request: status -16
2023.02.18-04:29:14.62@1: [   12.764036] of_get_named_gpiod_flags: parsed 'perst-gpio' property of node '/soc/pci@20000000[0]' - status (0)
2023.02.18-04:29:14.62@1: [   12.764057] gpio-60 (lte-reset): gpiod_request: status -16
2023.02.18-04:29:14.88@3: [   13.025990] probe_er_radio_data chunkid 3 caldataid 3
2023.02.18-04:29:15.93@2: [   14.067625] dwc3-qcom 8af8800.usb30: GPIO lookup for consumer device-power
2023.02.18-04:29:15.93@2: [   14.067646] dwc3-qcom 8af8800.usb30: using device tree for GPIO lookup
2023.02.18-04:29:15.93@2: [   14.067666] of_get_named_gpiod_flags: can't parse 'device-power-gpios' property of node '/soc/usb30@8A00000[0]'
2023.02.18-04:29:15.93@2: [   14.067679] of_get_named_gpiod_flags: can't parse 'device-power-gpio' property of node '/soc/usb30@8A00000[0]'
2023.02.18-04:29:15.93@2: [   14.067688] dwc3-qcom 8af8800.usb30: using lookup tables for GPIO lookup
2023.02.18-04:29:15.93@2: [   14.067695] dwc3-qcom 8af8800.usb30: No GPIO consumer device-power found

Hi @johnth

Did you maybe had any time to take a look at the LZ77 decompression of the Wifi board and CAL files by any chance? If we want Hap ax2/ax3 support, we will definitely need that.

On the Chateau 12 side of things: with the help of Robi I managed to force the the board file of another device (Hap ac3) on the device, and everything seems to work now. So the last step is to resolve this LZ77 decompression thing.

I tried to disassemble the flash.ko and I found some relevant functions for this, but I was not able to reverse engineer it to a point where I can decompress the files even with an external lz77 decompressor. The prefix seems to be the same, and I have a feeling the reason my attempt fails is that they added some sort of a dictionary to LZ77 (which to my understanding is not part of the original LZ77/LZ2 standard), and that is that prefix part.

If you need any more input from me, please let me know. The mtd2 is uploaded in the Routerboot7 topic with my findings.

Hi, very nice seeing interest in getting this going.

So, how do we proceed from here? I have looked through the other Forum posts, and to me it not often very clear what steps to be taken to enable device support and how this is managed between different efforts for other devices using similar hardware.
Can someone give me a heads up on how it is done?

Best

My hAP ax lite arrives Monday.