HLK-RM08A-KIT-V2.5 upgrade options

manos · June 23, 2021, 10:02am

Hi everyone,

I have bought this dev-kit which has openwrt 14.07 and i was wondering if there is any chance to upgrade it to the latest version.

I have never worked with openwrt except for doing a few simple things like ssh connection, mjpeg_streamer stuff.

I basically want to use mjpeg_streamer or ffmpeg to stream 2x 1280x720px video streams from 2 usb cameras to one smart device like a tablet or smartphone.

The module in this kit has a MT7628 SOC.

I was able to access the webgui @ 192.168.16.254, login and change the root password.

I have a linux distro mint cinnamon 20.1 running inside a VM.

I created my pub & private keys with:
$ ssh-keygen -t rsa -b 4096

After doing so i added my pub key to the devkit (System->Administration->SSH keys).

So i tried SSHing to connect to the devkit.

Unfortunately i get the following error after running the command:
$ ssh root@192.168.16.254
Error:
Unable to negotiate with 192.168.16.254 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au

I googled it and i saw a few links suggesting that there is no common cipher between server & client (if i understand well).

So my question now is whether i can safely upgrade to the latest openwrt. Another thing that worries me if whether i have to upgrade uboot as well (no experience there).

I asked them and they did sent to me a doc regarding upgrade.
Can you pls have a look and tell me if the upgrade instructions make any sense?

https://drive.google.com/drive/folders/1zdtl_cL2drd7EYJIVBfWgPGvlAKj7j-W?usp=sharing

Regards
Manos

frollic · June 23, 2021, 10:56am

check if telnet's enabled....

I wouldn't attempt an upgrade without serial console up and running..

manos · June 23, 2021, 11:51am

Thanks frollic for the response.

Normally serials should be working but i do not have a cable with me right now. It has got two of them.

https://drive.google.com/file/d/1hHLo0pqQ2w5Z9HCT7-lNN-a8l5fKW6Df/view?usp=sharing

I tried nmap towards 192.168.16.254:

$ nmap 192.168.16.254
Starting Nmap 7.80 ( https://nmap.org ) at 2021-06-23 14:34 EEST
Nmap scan report for OpenWrt.lan (192.168.16.254)
Host is up (0.0016s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
53/tcp open domain
80/tcp open http

I tried telnet and i got this:

$ telnet 192.168.16.254
Trying 192.168.16.254...
Connected to 192.168.16.254.
Escape character is '^]'.
Connection closed by foreign host.

I tried again SSHing after deleting pub/private keys from my .ssh dir:

$ ssh root@192.168.16.254
Unable to negotiate with 192.168.16.254 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au

Seems like my only chance is using a serial cable to get access to a terminal.

What do you think?

Thanks in advance.
Manos

frollic · June 23, 2021, 11:55am

If the device is using a really old sshd, it might attempt to communicate with a version of SSH
generally abandoned due to vulnerabilities.

See if you can force your client to use SSH1.

https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-09.html

But yeah, serial is pretty fool proof

manos · June 23, 2021, 12:28pm

Thanks again frollic,

As you explicitly stated, i had to force my ssh client to use a crappy algorithm which i did and it worked.

$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 root@192.168.16.254

During my first attempt i had to confirm as per the following:

The authenticity of host '192.168.16.254 (192.168.16.254)' can't be established.
RSA key fingerprint is SHA256:PZKsKWyz9Eiofkkq2ymTOVAD+5CnQoGOG5oaVlqRhRY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.16.254' (RSA) to the list of known hosts.

and i was asked for the root's password since i had deleted my pub/pri keys at that point.

I later on re-created keys with:

$ ssh-keygen -t rsa -b 4096

Added the pub key in the webgui and then retried SSHing which also worked without the server asking me for the root's password as expected.

This off course means that i have to upgrade anyway.

Do you thing that i could safely do this via ssh or should i do the upgrade via serial?

Should i be worried about uboot? Will the upgrade be as simple as uploading a bin file via the webgui?

Should i be looking for anything specific now that i have access via ssh?

Regards
Manos

frollic · June 23, 2021, 12:42pm

There's no firmware for your device, so you'll have to get creative.

I definitely wouldn't start by flashing a random image, based on the same SoC,
but build an initramfs and boot it from within uboot.

Then start exploring the device, see what needs to be changed or added
for full openwrt support.

Don't use any of the 4 mb flash / 32mb RAM devices as source.

manos · June 23, 2021, 12:50pm

Hi frollic,

It sounds like a painfully slow process. I work as a hw engineer in a company and i was unlucky to buy this crap from a chinese supplier. We are on a deadline here and looking for something that simply works.

Do you know anyone that supplies similar SOC boards that have tiny footprint and reasonable price and off course latest openwrt pre-installed or upgradable to the latest ver?

The one i bought is 32/128MB

Regards
Manos

frollic · June 23, 2021, 12:58pm

Yes, it is painful

Depends on how tiny tiny should be
I'd probably go for the Raspberries, OrangePis or NanoPis.

When buying devices with preinstalled openwrt, assume it's going to be old.

The only manufacturer I can think of, that's keeping up with the openwrt releases is GL.iNet.
They run their own branch, but you can reflash (most, if not all) their boxes with vanilla Openwrt.

manos · June 23, 2021, 1:01pm

I did my first tests on a GL-MT300N i had bought a while ago and the ver was the latest!
However flash was 16MB and i could not install some packages i was willing to.
Unfortunately i wrongly assumed that this solution would suffice.

Thanks again
Manos

frollic · June 23, 2021, 1:08pm

16 MB is still quite a lot, did you try to install samba4, i know it's eats space

manos · June 23, 2021, 1:26pm

I suppose i could try to uninstall some packages in order to make space.
But the thing is the board i bought (the 32/128MB) has the perfect dimensions.
We are R&Ding here and the price of the GL-MT300N and its' dimensions, ports etc are a problem.
So i was hopping to find the board in the dimensions i want for the specific project in the expected price.
I know it is too much to ask!

Well i am considering a few options even dealing myself with uboot/customized tweeking of the old version already installed...

Not sure what the perfect solution is right now...

frollic · June 23, 2021, 1:41pm

That's not really doable, removing packages that came with the image doesn't free up space.

If you want to reduce the image foot print, build your own.

manos · June 23, 2021, 2:04pm

Can you pls tell me if there is a way to get repos running for this version?
I tried "$ opkg update" and i got the following:

Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7628/packages/base/Packages.gz.
wget: server returned error: HTTP/1.1 404 Not Found
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7628/packages/luci/Packages.gz.
wget: server returned error: HTTP/1.1 404 Not Found
.
.
.
.

opkg_download: Failed to download http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7628/packages/telephony/Packages.gz, wget returned 1.

Is there anything i can do to fix that?
If i will be able to download some packages maybe i will be able to do the work i want to but now i can't...

Manos

frollic · June 23, 2021, 2:24pm

there's no mt7628 in http://downloads.openwrt.org/barrier_breaker/14.07/ramips/
it exists in https://archive.openwrt.org/chaos_calmer/15.05/ and onward, so I guess
someone backported it, unofficially.

if you feel adventurous, you could try to flash the 15.05 image, but you should really
make sure serial console works 1st.

slh · June 23, 2021, 7:20pm

There will be no way around porting (current) OpenWrt to this device (XOR working within their SDK, but that's out of scope for this venue), everything else would just brick the device.

mk24 · June 24, 2021, 12:15am

It'd be interesting to see an MT7628 try to encode two video streams at once, though if your cameras have internal encoders it wouldn't need to.

manos · June 24, 2021, 5:16am

Hi mk24,

My task is to set-up mjpeg-streamer or ffmpeg.
I have done it for one camera with mjpeg-streamer with a reso of FHD and the bandwidth consumption was around 40MBits/s, 1280x720px consumed around 30MBits/s both at 30fps. I am talking about streaming the video instead of encoding it! The CPU on both cases was around 15-25% so i am guessing that 2 streams is doable.

Cameras provide MJPEG compression, no H264

Regards
Manos

manos · June 24, 2021, 5:19am

I have got 2 MT7628 boards and was thinking to try something like that but before doing that i will try to fix the broken repos and see if there are any possibilities to download packages and do what i want with the current openwrt.

Is there any straightforward way to fix the broken repos?

Manos

frollic · June 24, 2021, 5:31am

Since there's no official release for the specific SoC in 14.07, I'd say no.

manos · June 24, 2021, 7:22am

Can you pls point me to the right direction assuming i want to port openwrt to the MT7628 and eventually use the latest source code available?

I mean what are the steps involved? I don't need details but rather an idea of the actions to be taken.

Do you know anyone with experience that could do this?

Thanks
Manos