loadb - load binary file over serial line (kermit mode)
How exactly do you use loadb? I've tried many manuals and tutorials I found online, including the generic tutorial on the wiki and I just can't even.
I recently found a fully working Netgear EX6110 Range Extender while dumpster diving and since I wanted to try to compile OpenWrt myself anyway, I thought I'd try my luck with this device.
It's based on the Mediatek mt7628 SoC, which generally has good mainline linux support, but this device specifically is not supported by OpenWrt, probably because of it's low flash and memory size (8MB and 64MB respectively).
I am well aware of the constraints of devices with such specs, but that's not the issue I'm having, at least not yet.
I have managed to compile something and I wanted to try and copy the binary file to memory and boot it to see if it works but no matter how I try it, it always seems to fail.
With the device connected through a FT231X USB to TTY adapter to my laptop I am able to interface with both the bootloader and the fully booted operating system. In the bootloader, help reveals the following options:
Available Commands
? - alias for 'help'
base - print or set address offset
booth - boot kernel from host
bootm - boot application image from memory
cmp - memory compare
cp - memory copy
crc32 - checksum calculation
erase - erase FLASH memory
flinfo - print FLASH memory information
go - start application at address 'addr'
help - print online help
loadb - load binary file over serial line (kermit mode)
loop - infinite loop on address range
md - memory display
mdio - Ralink PHY register R/W command !!
mm - memory modify (auto-incrementing)
modify_sysc - sysc modify
mtest - simple RAM test
mw - memory write (fill)
nm - memory modify (constant address)
protect - enable or disable FLASH write protection
reset - Perform RESET of the CPU
saveb - download BIN image via network using TFTP protocol and save it to flash
saves - save image file over serial line (kermit mode)
savet - download IMG image via network using TFTP protocol and save it to flash
tftp - download image via network using TFTP protocol
unlzma - decompress code with LZMADecoder
version - print monitor version
Usually I'd use tftp to load an image but this device does not have a physical ethernet port, which is why I've been trying for a while now to use loadb in different ways:
- Using minicom's built-in file sending functions accessible through
Ctrl-a s, tried with all options (ymodem, zmodem, xmodem, kermit). - Using picocom
picocom --baud 115200 --send-cmd "gkermit -iXvs" /dev/ttyUSB0to prompt for a filename uponCtrl-a Ctrl-s. - Using
szdirectly:sz -vv -b fw.bin > /dev/ttyUSB0 < /dev/ttyUSB0andsz --ymodem -w 8 -vv fw.bin - Starting kermit, configuring all the options and then sending the file:
kermit -C "SET LINE /dev/ttyUSB0, SET CARRIER-WATCH OFF, SET SPEED 115200, set flow-control none, set reliable on, set delay 1, set retry 4, set window 2, set receive packet-length 90, set send packet-length 90"
None of those things have worked and I can't wrap my head around this 80s technology. I'm guessing there is something obvious I've missed along the way but I have a habit of missing things so I thought I'd ask here, I'm sure there are some people here that have flashed devices over serial before.
With kermit I get:
SEND-class command failed.
Packets sent: 2
Retransmissions: 5
Timeouts: 0
Damaged packets: 0
Fatal Kermit Protocol Error: Too many retries
With minicom and ymodem:
Retry 0: Timeout on pathname
Transfer incomplete
READY: press any key to continue...
With minicom and kermit:
Carrier required but not detected
So I set carrier-watch off for kermit within minicom and got the same error.
If anyone has any ideas please do share them, even if it's just a vague idea pointing me in the right direction.
The device boots into a linux shell with busybox, is there maybe a way I can load the kernel into memory from there while the system is already running?