I'm trying to port Openwrt to a Sercomm FD1018 router and I achieved compiling an Openwrt image. Now comes the test process. Apparently, the procedure is to stop the CFE bootloader and boot the Openwrt image from its command line, but unfortunately it seems to be locked.
Reading the OpenWRT pages of similar devices from the same manufacturer, AD1018 and H500-s, I have found this lines in their bootlog:
*** Press any key to stop auto run (1 seconds) ***
Auto run second count down: 0
The device I'm trying to port doesn't output these lines, it boots directly. I've tried pressing random keys or Ctrl+C during booting but it does nothing, the boot process continues anyway.
So, how can I boot an Openwrt image in this router for testing? I have Linux shell access in the stock firmware, if it can be helpful. If more info is needed, just ask for it.
In the wiki page of the AD1018 it seems the bootloader has a recovery mode triggered by pressing the reset button https://openwrt.org/toh/sercomm/ad1018#recovery
that should allow to send over a firmware image
Did you try if your device has that? Would be much safer than other options suggested, as if you flash a broken firmware you can still reboot and send another.
My device also has this mode, but I don't know exactly what it flashes and where. I don't know if it overwrites all the flash including the bootloader, or if it just overwrites the operating system partition.
Do you have any idea or guess about how it works? Would you recommend me trying sending directly yhe Openwrt image using this recovery mode?
The embedded OS has cat and dd commands, but not mtd. I have read that cat nor dd are good for writing directly to NAND flash as they don't manage bad blocks, but if there is not other option, this may work.
I have no idea, I suggest to ask the developer of the sercomm-recovery tool used in that article, as he probably knows at least how it works on the original device https://github.com/danitool/sercomm-recovery
mtd is only on OpenWrt I think? The "generic" commands to manipulate NAND (also in busybox upstream) are nanddump and nandwrite. You still probably don't have those.