U-Boot 1.0.4 [spf3.0_csu2] (May 31 2018 - 02:50:17)
smem ram ptable found: ver: 0 len: 5
DRAM: 1003 MiB
setting 0x177d as machine type from smem
NAND: SF: Unsupported manufacturer 00
ipq_spi: SPI Flash not found (bus/cs/speed/mode) = (0/0/48000000/0)
512 MiB
MMC:
PCI0 Link Intialized
PCI1 Link Intialized
In: serial
Out: serial
Err: serial
MMC Device 0 not found
cdp: get part failed for 0:HLOS
Net: MAC0 addr:94:91:7f:fe:c4:5c
athrs17_reg_init: complete
athrs17_vlan_config ...done
S17c init done
MAC1 addr:94:91:7f:fe:c4:5d
eth0, eth1
Hit space key to stop autoboot: 0
(IPQ) #
(IPQ) #
smeminfo
flash_type: 0x2
flash_index: 0x0
flash_chip_select: 0x0
flash_block_size: 0x20000
partition table offset 0x0
No.: Name Attributes Start Size
0: 0:SBL1 0x0000ffff 0x0 0x40000
1: 0:MIBIB 0x0000ffff 0x40000 0x140000
2: 0:SBL2 0x0000ffff 0x180000 0x140000
3: 0:SBL3 0x0000ffff 0x2c0000 0x280000
4: 0:DDRCONFIG 0x0000ffff 0x540000 0x120000
5: 0:SSD 0x0000ffff 0x660000 0x120000
6: 0:TZ 0x0000ffff 0x780000 0x280000
7: 0:RPM 0x0000ffff 0xa00000 0x280000
8: 0:APPSBL 0x0000ffff 0xc80000 0x500000
9: 0:APPSBLENV 0x0000ffff 0x1180000 0x80000
10: 0:ART 0x0000ffff 0x1200000 0x140000
11: 0:BOOTCONFIG 0x0000ffff 0x1340000 0x60000
12: 0:SBL2_1 0x0000ffff 0x13a0000 0x140000
13: 0:SBL3_1 0x0000ffff 0x14e0000 0x280000
14: 0:DDRCONFIG_1 0x0000ffff 0x1760000 0x120000
15: 0:SSD_1 0x0000ffff 0x1880000 0x120000
16: 0:TZ_1 0x0000ffff 0x19a0000 0x280000
17: 0:RPM_1 0x0000ffff 0x1c20000 0x280000
18: 0:BOOTCONFIG1 0x0000ffff 0x1ea0000 0x60000
19: 0:APPSBL_1 0x0000ffff 0x1f00000 0x500000
20: rootfs 0x0000ffff 0x2400000 0x8000000
21: rootfs_1 0x0000ffff 0xa400000 0x8000000
22: ubifs 0x0000ffff 0x12400000 0xa000000
(IPQ) # nand read 0x44000000 0x0 0x40000
NAND read: device 0 offset 0x0, size 0x40000
NAND read from offset 0 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x40000 0x140000
NAND read: device 0 offset 0x40000, size 0x140000
NAND read from offset 40000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x180000 0x140000
NAND read: device 0 offset 0x180000, size 0x140000
NAND read from offset 180000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x2c0000 0x280000
NAND read: device 0 offset 0x2c0000, size 0x280000
NAND read from offset 2c0000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x540000 0x120000
NAND read: device 0 offset 0x540000, size 0x120000
NAND read from offset 540000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x660000 0x120000
NAND read: device 0 offset 0x660000, size 0x120000
1179648 bytes read: OK
(IPQ) # nand read 0x44000000 0x780000 0x280000
NAND read: device 0 offset 0x780000, size 0x280000
NAND read from offset 780000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0xa00000 0x280000
NAND read: device 0 offset 0xa00000, size 0x280000
NAND read from offset a00000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0xc80000 0x500000
NAND read: device 0 offset 0xc80000, size 0x500000
NAND read from offset c80000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x1180000 0x80000
NAND read: device 0 offset 0x1180000, size 0x80000
524288 bytes read: OK
(IPQ) # nand read 0x44000000 0x1200000 0x140000
NAND read: device 0 offset 0x1200000, size 0x140000
1310720 bytes read: OK
(IPQ) # nand read 0x44000000 0x1340000 0x60000
NAND read: device 0 offset 0x1340000, size 0x60000
393216 bytes read: OK
(IPQ) # nand read 0x44000000 0x13a0000 0x140000
NAND read: device 0 offset 0x13a0000, size 0x140000
NAND read from offset 13a0000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x14e0000 0x280000
NAND read: device 0 offset 0x14e0000, size 0x280000
NAND read from offset 14e0000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x1760000 0x120000
NAND read: device 0 offset 0x1760000, size 0x120000
NAND read from offset 1760000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x1880000 0x120000
NAND read: device 0 offset 0x1880000, size 0x120000
1179648 bytes read: OK
(IPQ) # nand read 0x44000000 0x19a0000 0x280000
NAND read: device 0 offset 0x19a0000, size 0x280000
NAND read from offset 19a0000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x1c20000 0x280000
NAND read: device 0 offset 0x1c20000, size 0x280000
NAND read from offset 1c20000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x1ea0000 0x60000
NAND read: device 0 offset 0x1ea0000, size 0x60000
393216 bytes read: OK
(IPQ) # nand read 0x44000000 0x1f00000 0x500000
NAND read: device 0 offset 0x1f00000, size 0x500000
NAND read from offset 1f00000 failed -74
0 bytes read: ERROR
(IPQ) # nand read 0x44000000 0x2400000 0x8000000
NAND read: device 0 offset 0x2400000, size 0x8000000
134217728 bytes read: OK
(IPQ) # nand read 0x44000000 0xa400000 0x8000000
NAND read: device 0 offset 0xa400000, size 0x8000000
134217728 bytes read: OK
(IPQ) # nand read 0x44000000 0x12400000 0xa000000
NAND read: device 0 offset 0x12400000, size 0xa000000
167772160 bytes read: OK
(IPQ) #
(IPQ) # help
? - alias for 'help'
ar8xxx_dump- Dump ar8xxx registers
base - print or set address offset
bootipq - bootipq from flash device
bootm - boot application image from memory
bootp - boot image via network using BOOTP/TFTP protocol
bootz - boot Linux zImage image from memory
chpart - change active partition
cmp - memory compare
cp - memory copy
crc32 - checksum calculation
dhcp - boot image via network using DHCP/TFTP protocol
dumpipq_data- dumpipq_data crashdump collection from memory
dumpipq_flash_data- dumpipq_flash_data crashdump collection and storing in flash
echo - echo args to console
env - environment handling commands
ethspeed- Force ethernet speed to 10/100/autoneg
exit - exit script
false - do nothing, unsuccessfully
fdt - flattened device tree utility commands
fuseipq - fuse QFPROM registers from memory
go - start application at address 'addr'
help - print command description/usage
i2c - I2C sub-system
iminfo - print header information for application image
imxtract- extract a part of a multi-image
ipq_nand- Switch between SBL and Linux kernel page layout.
loop - infinite loop on address range
md - memory display
mii - MII utility commands
mm - memory modify (auto-incrementing address)
mmc - MMC sub system
mmcinfo - display MMC info
mphyrd - qca8511 packet processor PHY register display
mphyrw - qca8511 packet processor PHY register write (fill)
mprd - qca8511 packet processor register display
mprw - qca8511 packet processor register write (fill)
mtdparts- define flash/nand partitions
mtest - simple RAM read/write test
mw - memory write (fill)
nand - NAND sub-system
nboot - boot from NAND device
nm - memory modify (constant address)
pci - list and access PCI Configuration Space
ping - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
reset - Perform RESET of the CPU
run - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv - set environment variables
sf - SPI flash sub-system
showvar - print local hushshell variables
smeminfo- print SMEM FLASH information
source - run script from memory
test - minimal test like /bin/sh
tftpboot- boot image via network using TFTP protocol
tftpput - TFTP put command, for uploading files to a server
true - do nothing, successfully
uartrd - uartrd from flash device
uartwr - uartwr from flash device
ubi - ubi commands
usb - USB sub-system
usbboot - boot from USB device
version - print monitor, compiler and linker version
(IPQ) # version
U-Boot 1.0.4 [spf3.0_csu2] (May 31 2018 - 02:50:17)
arm-openwrt-linux-uclibcgnueabi-gcc (OpenWrt GCC 5.2.0 r35193) 5.2.0
GNU ld (GNU Binutils) 2.24.0
(IPQ) #
??????????????????????????????????????????????????????
Try the bootcmd for SAC routers. It turns out that some RAC routers only have 256mb of flash but I originally thought the smaller flash was only for the SAC routers.
So, I got yet another one of these. Ok, so I have a problem. 
But I'm using them for access points. Now that I have some experience with them, I thought I'd document several things that might help someone else.
First, you need to make sure that you're really getting a RAC2V1K (or SAC2V1K). Ebay has many sellers that say they have a RAC2V1K when they really have one of the Broadcom based variants. These would be any similar model, but it ends with an "S". So this would include RAC2V1S, RAC2V2S and anything made by Sagemcom. I've found that if there isn't a clear picture of the lower back of the router, you can't trust it. I kind of prefer the made in Taiwan, Machine ID:3 versions. But I'm sure the made in China, Machine ID:2 versions are fine as well.
Second, if you need to get to the serial console, it sounds more difficult than it is. There is some work involved, though. The first thing to do is get it apart. Rather than remove the bottom feet, I use an X-acto knife to find the screw holes and cut a hole in each foot to give access to the four screws. Once that is done, you can get into it whenever you want. When you get the bottom off, you can easily disconnect the led connection to the motherboard. When you get into it, you should check out all the antennas. I've found that they sometimes aren't stuck where they should be. Now would be the time to fix that.
As far as connecting the console, by far the most daunting part is getting rid of the resistors on the other side of the board from the serial port. It's really not as bad as it looks, but you do have to be prepared to do fine work. I've found that the best way to get rid of the resistors is to cut them off with an X-acto knife. If you remove the four screws that hold the plastic frame to the motherboard, the board and the plastic can be separated enough to get at the resistors. But it does require fine work. You might have to kind of knock them out if they end up going inside. This is the toughest part.
Then you have to connect the usb-ttl adapter to the serial port. On the newer versions without a connector, I just solder some jumpers to the port. The older ones have a connector that can be connected with some creativity. But even if you just solder to it, you only have to do this once.
Once you have a console, you have control of it. The only other thing that I've run into is to disable the firewall in Windows on the ethernet port when trying to tftp. Windows is really bad about that.
So, that's about it. I do find these convenient for access points, but they seem pretty strong for a router as well.
1 Like
@StephenR0 -
your step by step is complete - and I agree, it's not difficult. for some, it might be even easier; there are some no-serial-access workarounds for those who have a rac1v1k if you look earlier in this long thread.
regarding access point / radio performance - these devices are excellent. i have had 3 of them in my home (large, old with chicken wire or thicker steel/iron mesh in every wall) for more than 6 months. they have performed extrmeely well an have eliminated nearly every wireless issue i previously had. i've been using @lmore377 builds or a local build adapted from his git. see https://github.com/lmore377/openwrt-rt4230w
i'll be interested to update my builds soon. thanks to all who have contributed here
Since you're using these devices in a similar manner to the way I am, I'd like to compare notes on a couple of things. I'm currently using the non-ct version of the ath10k firmware, board, and driver. Things seem to be somewhat more stable that way. The other thing that I've noticed is that I need to dial back the transmit power. Currently I'm only using 39mW on all the radios. If I try to use more, some devices try to find a more distant access point. But the signal strength on everything is good and everything works well. How is yours configured? Thanks.
@StephenR0 - excuse my ignorance - what do you mean by the non-ct version?
im building from the @lmore377 git:
|---|---|
|Model|Askey RT4230W REV6|
|Architecture|ARMv7 Processor rev 0 (v7l)|
|Firmware Version|OpenWrt SNAPSHOT r16204-ed5c94c09c / LuCI Master git-21.080.52349-023b632|
|Kernel Version|5.4.105|
|Local Time|2021-05-15 06:51:06|
default signal strength
how can i help?
upstream/ mainline ath10k (and corresponding firmware) versus CandelaTech ath10k-ct (and corresponding firmware), which is selected as default by OpenWrt.
Sorry to be late. What @slh said. It's easily installed from @lmore377's packages. I'm not suggesting that you change anything. Actually, you're answering my questions. Thanks. Do I understand correctly that you aren't running the latest version that @lmore377 hosts? If you're not and you decide to update, I'll be interested in your experience.
Just a heads up, I'm gonna build an updated image so it includes the patches for the Frag Attack vulnerability. I'll make another post when it's done.
@lmore377 - great news - I'll look for it and test
thanks
Will your image include support for the Ath10k non-ct driver? That's what I'm currently using on my access points.
1 Like
@lmore377 -
since your builds require a different mtd layout already, do you think a process like this
https://github.com/dangowrt/linksys-e8450-openwrt-installer#steps
might make it easier to get your builds installed for those who dont have serial access or a cracked config?
i'm not complaining - and i dont have th expertise to do this; seems like you might!
The firmware upgrades on this router are des3 encrypted so something like that wouldn't be possible without encrypting the update file first. It's really easy to get the encryption password but you need serial or SSH access for that so you might as well just flash the firmware manually. I would post the password but I don't want to somehow get into legal trouble or something like that.
The new firmware is up. The image is available here and I'll also put it on GitHub in a bit. If you still need to use the old firmware and packages for whatever reason, just edit distfeeds.conf and add .old to the end of snapshots so it's like /snapshots.old/. I haven't had a chance to test it so if anything is broken just send a message or post it here.
no, you dont want any legal trouble!
im fine with serial. i just sysupgraded your recent build over a few images i built from your last repo and aside from my customizations, all good. - will be testing more
.thank you!
5g wireess connectiivty seems good. but a problem that i have experience on old builds and new: the 5ghz
wirelss channel analysis does not work - only shows the local radio.
2.4ghz wireless channel anaysis does work -
i was hoping this would be fixed in with developmens in kernel, kmods, and packages, i'm not sure if this is restricted to your builds. i've noiticed devlopment in this feature over the past few months; may not be quite ready for prime time yet!
thanks
I've noticed that as well, but I thought it was an artifact of using the DFS channels. That's consistent with my experience, but I haven't tested it thoroughly.
To illustrate, here's what I get if I set the 5GHz radio to a non-DFS channel, in this case channel 40.
interesting. i had my channel set to auto, was on 52. when set manually to 40, i got the scan as you did.