ok so I restored my EA8500 from a working EA8500 by saving the MTD partitions and loading them manually to NAND in U-Boot environment. This would be necessary if you are certain you accidentally erased and flashed data to the wrong address / size by doing stupid things. Also If you have both bootable kernels that don't work any more at the same time. If you can boot to one still, as long as it is OpenWrt or DDwrt, you can go to command line SSH and load either backup MTD partition images or get from someone else and load them easily to the MTD partition names. This is easiest and will not require you to enter memory address start and size which can be subject to typo or bad information causing further erasing data / damage.
For me, I corrupted both root FS and maybe syscfg. By the time I learned to write the partitions to NAND, I just loaded all partitions from 10-17 to be sure.
- Default working U-Boot environment variables. In case there is any doubt. If you have extras, take note and edit to fit this default. To delete an environment variable in U-Boot use command "setenv variable" where variable is the variable to remove as it will have no value.
altkern=3780000
auto_recovery=yes
baudrate=115200
boot_part=2
boot_part_ready=3
boot_ver=1.0.9
bootargs=console=ttyHSL1,115200n8
bootcmd=bootipq
bootdelay=2
ethact=eth0
ethaddr=00:06:3b:01:41:00
flashimg=tftp $loadaddr $image;nand erase $prikern $filesize;nand write $loadaddr $prikern $filesize
flashimg2=tftp $loadaddr $image;nand erase $altkern $filesize;nand write $loadaddr $altkern $filesize
image=wraith.bin
ipaddr=192.168.1.1
loadaddr=42000000
machid=1260
netmask=255.255.255.0
partbootargs=console=ttyHSL1,115200n8 init=/sbin/init rootfstype=squashfs root=31:14
partbootargs2=console=ttyHSL1,115200n8 init=/sbin/init rootfstype=squashfs root=31:16
prikern=f80000
serverip=192.168.1.254
stderr=serial
stdin=serial
stdout=serial
- OpenWrt allows you to save mtd from the LUCI GUI page for flashing updates. You can only download mtd 5,8,10,11,12,13,14,15,16,17 so it seems. all others fail with zero byte size. From command line you can do dd if=/dev/mdtblock14 of=/mnt/sda/mtdblock14 you also can use cat command so i have read to write the mtd to a file. To load a saved partition back From openwrt command line you can use mtd erase and write command and the partition name. From U-Boot if you cannot boot any partition of the router you need to flash saved partitions with some crafted environment variables edited for your file names and for your router memory address and size values.
EA8500CA memory map for my router. Found in U-Boot by running command to show SMEM partition table.
smem: SMEM_PARTITION_TABLE_OFFSET failed
flash_type: 0x2
flash_index: 0x0
flash_chip_select: 0x0
flash_block_size: 0x20000
partition table offset 0x0
No.: Name Attributes Start Size
0: 0:SBL1 0x0000ffff 0x0 0x40000
1: 0:MIBIB 0x0000ffff 0x40000 0x140000
2: 0:SBL2 0x0000ffff 0x180000 0x140000
3: 0:SBL3 0x0000ffff 0x2c0000 0x280000
4: 0:DDRCONFIG 0x0000ffff 0x540000 0x120000
5: 0:SSD 0x0000ffff 0x660000 0x120000
6: 0:TZ 0x0000ffff 0x780000 0x280000
7: 0:RPM 0x0000ffff 0xa00000 0x280000
8: 0:ART 0x0000ffff 0xc80000 0x140000
9: 0:APPSBL 0x0000ffff 0xdc0000 0x100000
10: u_env 0x0000ffff 0xec0000 0x40000
11: s_env 0x0000ffff 0xf00000 0x40000
12: devinfo 0x0000ffff 0xf40000 0x40000
13: kernel 0x0000ffff 0xf80000 0x300000
14: rootfs 0x0000ffff 0x1280000 0x2500000
15: alt_kernel 0x0000ffff 0x3780000 0x300000
16: alt_rootfs 0x0000ffff 0x3a80000 0x2500000
17: syscfg 0x0000ffff 0x5f80000 0x2080000
To restore partitions, I stole some of the basic parameters in the "flashimg" command variable. I recommend only restoring partitions you sure that have been corrupt or overridden by mistake. devinfo or MTD12 will change your router name, password, WPS key, and Mac address to whatever device you got the data from. This can be edited at a later time if you were required to load this partition due to damage. You need to use Putty and TFTP to load them. Read here http://mrjcd.com/EA8500_DD-WRT/ which tells you how to load the firmware by TTL Putty and Tftp. If you know how this works. Put your MTD partition images in the root folder of your TFTP server. Warning: this will still likely erase the memort block if your TFTP failed to get the file. To test if TFTP will fetch the file execute the command "tftp $loadaddr mtdblock10" and it will load the file to ram, If that worked then the rest will work.
This was my last resort restore process that I went through. I Don't claim that this is to be successful for you. It definitely is only good memory addressing for at least my EA8500. Memory address for other routers obviously will not be the same, so don't run the commands.
setenv u_env_1 'tftp $loadaddr mtdblock10;nand erase ec0000 40000;nand write $loadaddr ec0000 40000'
setenv s_env_1 'tftp $loadaddr mtdblock11;nand erase f00000 40000;nand write $loadaddr f00000 40000'
setenv devinfo_1 'tftp $loadaddr mtdblock12;nand erase f40000 40000;nand write $loadaddr f40000 40000'
setenv kernel_1 'tftp $loadaddr mtdblock13;nand erase f80000 300000;nand write $loadaddr f80000 300000'
setenv rootfs_1 'tftp $loadaddr mtdblock14;nand erase clean 1280000 2500000;nand write $loadaddr 1280000 2500000'
setenv kernel_2 'tftp $loadaddr mtdblock15;nand erase 3780000 300000;nand write $loadaddr 3780000 300000'
setenv rootfs_2 'tftp $loadaddr mtdblock16;nand erase clean 3a80000 2500000;nand write $loadaddr 3a80000 2500000'
setenv syscfg_1 'tftp $loadaddr mtdblock17;nand erase 5f80000 2080000;nand write $loadaddr 5f80000 2080000'
You would have to use the command "run variable" such as "run kernel_2" to run one of these new command strings
- Lastly, if you have overriden your deviceinfo with some other router data, you can at least change your SSID, Wifi password, WPS key, and MAC address to the sticker values on your router
Ok, so I have found the information I need finally. Here is how anyone can permanently modify their deviceinfo. It even appears you can change your router country of origin. If you change this data you need to factory reset apparently to take the data to the running firmware.
I found the info in this link. One method can be done in linux but be careful you know what MTD part holds the data. The other method is in U-Boot
https://community.linksys.com/t5/Wireless-Routers/How-to-restore-the-data-device-ID/td-p/958652/page/2
From TTL Putty connection at U-Boot
[quote]devinfo - devinfo handling commands
Usage:
devinfo get [name] - gets the value of the specified variable
devinfo set [name=value] - sets the value of the specified variable
devinfo unset [name] - deletes the specified variable
devinfo update [args...] - update devinfo from the specified file
devinfo commit - commit variables to flash
devinfo erase - erase all devinfo
devinfo show - shows all variables[/quote]
I changed the following to match my sticker again.
[quote]
cert_region=US
default_passphrase=xxxxxxxxxx
default_ssid=Linksys99999
hw_mac_addr=B4:75:0E:5A:xx:xx
serial_number=xxxxxxxxxxxxx
wps_device_pin=xxxxxxxxxx
(I don't know what the TC passphrase or TC SSID are for so I have not changed them as I don't know where these original values would be)
tc_passphrase=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
tc_ssid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
uuid_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx