Hello,
i have root access to the isp supplied router, which is based on openwrt, but runs lot of customized scripts.
i need help in installing openwrt on this device.
But please read up on the situation thoroughly and not keep any settings your ISP made. Let the installation procedure reset configuration to default and re-enter your credentials manually. Your ISP might have used a configuration that is not compatible with stock OpenWRT and prevents your router from even spinning up a network.
I didn't mean to suggest any specific firmware.
I only wanted to point him towards where to find and how to use the upgrade CLI and the UI package name by urging him not to keep any settings.
There are tons of devices named "AX6000" and I started typing before any information about his board was known. But since he didn't ask for the "how-to on my device" explanation but merely a starting point for further read-up, I thought that's where he wanted to take it from himself.
So (especially directed @lazarus) if you don't find your router on the supported list pointing to a firmware file you trust, there's a real chance you're aiming for your device ending up a brick.
Thank you, @frollic, for pointing out that I wasn't clear in my previous post.
Turns out thats not the one.
Device mediatek,mt7986a-spim-snand-rfb not supported by this image.
Need something for mediatek,mt7986a-rfb-snand.
Also i found out the firmware is signed. i got below message as well.
jcrypt[22624]: Image Signature of MODEL_NO : LALU6909 Verification - FAILED
Validation Failed!!
Image check failed.
How would one guage the amount of effort required to make this device supported?
Month to year, and now you need serial port to rig device to boot (unsigned) openwrt from the network without modifying flash.
Do you have firmware upgrade file from OEM that upgrades to same version?
In the meantime scan partition backup for MAC address on label, and binwalk -e -M partitions and try to figure out like kernel conf left behind etc specialties.
I was able to binwalk the original firmware, which came out as sysupgrade-mt7986a-ax6000-spim-nand-rfb-sb.zip
there is file bull.config which looks manufacturer specific.
**# Configuration file for fw_(printenv/saveenv) utility.**
**# Up to two entries are valid, in this case the redundant**
**# environment sector is assumed present.**
**# NAND example**
**# MTD device name Device offset Env. size Flash sector size Number of sectors**
**/dev/mtd8 0x0 0x20000 0x40000 2**
and there is this file bullinit.sh which is as below.
#!/bin/sh /etc/rc.common
START=12
function number_to_mac () {
printf "%012x" $1 | sed 's/../&:/g;s/:$//'
}
mac_wan=""
mac_lan=""
mac_24g=""
mac_5g=""
updateMACaddr() {
mac_wan=$(number_to_mac $(($1 + 0)))
echo mac_wan $mac_wan >> /dev/console
mac_lan=$(number_to_mac $(($1 + 1)))
echo mac_lan $mac_lan >> /dev/console
mac_24g=$(number_to_mac $(($1 + 2)))
echo mac_24g $mac_24g >> /dev/console
mac_5g=$(number_to_mac $(($1 + 3)))
echo mac_5g $mac_5g >> /dev/console
}
function hex_to_acsii () {
echo -n $1 | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo ''
}
boot() {
######## Read factory data and device information #############################
deviceSerialFilePath="/tmp/deviceSerial"
deviceSerial="000000000000000"
deviceHWRevisionFilePath="/tmp/hwVersion"
deviceHWRevision="0000"
firmVersionFilePath="/tmp/firmVersion"
firmVersion=""
productTypeFilePath="/tmp/productType"
productType="IDU"
brlan_addressFilePath="/tmp/br-lan"
wanMACaddressFilePath="/tmp/wanMAC"
wanMACaddress=""
mfgNamePath="/tmp/mfgName"
mfgName=""
wifiSSID24G=""
wifiSSID5G=""
wifiKey24G=""
wifiKey5G=""
wifi24gMACaddressFilePath="/tmp/phy0"
wifi5gMACaddressFilePath="/tmp/phy1"
modelInfoFilePath="/tmp/deviceModel"
modelName=""
acsPrePasswordFilePath="/tmp/acsPrePasswd"
acsPrePassword=""
consumerFilePath="/tmp/consumer"
consumer=""
firmVersion=`awk -F "\"" '/VERSION=/ { print $2 }' /rom/etc/os-release`
if [ -n $firmVersion ]; then
/bin/echo $firmVersion > $firmVersionFilePath
fi
deviceSerial=`bull_factory_data.sh rsn`
deviceHWRevision=`bull_factory_data.sh hwversion`
wanMACaddress=`bull_factory_data.sh wanmacaddr`
acsPrePassword=`bull_factory_data.sh acsPrePassword`
wifiSSID24G=`bull_factory_data.sh ssid2G`
wifiSSID5G=`bull_factory_data.sh ssid5G`
wifiKey24G=`bull_factory_data.sh key2G`
wifiKey5G=`bull_factory_data.sh key5G`
mfgName=`awk -F "'" '/DEVICE_MANUFACTURER=/ {print $2}' /etc/device_info`
#translate the base mac env to a number
base=0x$(echo $wanMACaddress | cut -d= -f2 | tr -d ':')
#
updateMACaddr $base
brlanMACaddr=`uci -q get network.brlan.macaddr`
wanMACaddr=`uci -q get network.eth1.macaddr`
wifi2gMACaddr=`uci -q get wireless.PRIMARY_2G.macaddr`
wifi5gMACaddr=`uci -q get wireless.PRIMARY_5G.macaddr`
# config ethernet
if [ $brlanMACaddr != $mac_lan ]; then
uci -q set network.brlan.macaddr=$mac_lan
uci commit
fi
if [ -z "$wanMACaddr" ] || [ $wanMACaddr != $mac_wan ]; then
uci -q set network.eth1.macaddr=$mac_wan
uci commit
fi
if [ $wifi2gMACaddr != $mac_24g ]; then
uci -q set wireless.PRIMARY_2G.macaddr=$mac_24g
uci commit
fi
if [ $wifi5gMACaddr != $mac_5g ]; then
uci -q set wireless.PRIMARY_5G.macaddr=$mac_5g
uci commit
fi
ifconfig eth0 down
ifconfig eth0 hw ether $mac_lan
ifconfig eth0 up
/bin/echo $mac_lan > $brlan_addressFilePath
if [ -n $deviceSerial ]; then
/bin/echo $deviceSerial > $deviceSerialFilePath
fi
if [ -n $acsPrePassword ]; then
if grep -qF "LALU6909" /etc/device_info ;then
acsPrePassword=`hex_to_acsii $acsPrePassword`
fi
/bin/echo $acsPrePassword > $acsPrePasswordFilePath
fi
if [ -n $deviceHWRevision ]; then
/bin/echo $deviceHWRevision > $deviceHWRevisionFilePath
fi
/bin/echo $productType > $productTypeFilePath
if [ -n "$wanMACaddress" ]; then
/bin/echo $wanMACaddress > $wanMACaddressFilePath
fi
if [ -n "$mac_24g" ]; then
/bin/echo $mac_24g > $wifi24gMACaddressFilePath
fi
if [ -n "$mac_5g" ]; then
/bin/echo $mac_5g > $wifi5gMACaddressFilePath
fi
modelName=`awk -F "'" '/DEVICE_PRODUCT=/ {print $2}' /etc/device_info`
if [ -n $modelName ]; then
/bin/echo $modelName > $modelInfoFilePath
fi
if [ -n $mfgName ]; then
/bin/echo $mfgName > $mfgNamePath
fi
if [ $(uci get ui_defaults.frstatus.wifi_factoryreset) -eq 1 ]; then
wifiEncryption24GValue="psk2+ccmp"
wifiEncryption5GValue="psk2+ccmp"
if [ -n "$wifiSSID24G" ] && [ -n "$wifiSSID5G" ]; then
uci set wireless.PRIMARY_2G.ssid=$wifiSSID24G
uci set wireless.PRIMARY_2G.key=$wifiKey24G
uci set wireless.PRIMARY_2G.encryption=$wifiEncryption24GValue
uci set wireless.PRIMARY_5G.ssid=$wifiSSID5G
uci set wireless.PRIMARY_5G.key=$wifiKey5G
uci set wireless.PRIMARY_5G.encryption=$wifiEncryption5GValue
uci commit wireless
fi
uci set ui_defaults.frstatus.wifi_factoryreset='0'
uci commit ui_defaults
fi
######## Set wanmode flag to bull-reserved if not present ###################
wanmode=`bull_factory_data.sh get wanmode`
wanmode_reset=`bull_factory_data.sh get wanmode_reset`
if [ -z "$wanmode" ] || [ -z "$wanmode_reset" ] || [ "$wanmode_reset" = "0" ]; then
wanmode="mod"
bull_factory_data.sh set wanmode $wanmode
bull_factory_data.sh set wanmode_reset 1
fi
uci_wanmode=`uci get ui_defaults.mode.wan`
if [ "$uci_wanmode" != "$wanmode" ]; then
uci set ui_defaults.mode.wan=$wanmode
uci commit ui_defaults
fi
############################################################################
######## Set Plume Status flag to bull-reserved if not present ##############
#PlumeEnabled=`bull_factory_data.sh get PlumeEnabled`
PlumeEnabled="0"
if [ -f "/usr/opensync/bin/dm" ]; then
PlumeEnabled="1"
######## Disable virtual interface creation through uci when plume is enbaled ########
if [ $(uci get wireless.PRIMARY_2G.disabled) -eq 0 ]; then
uci set wireless.PRIMARY_2G.disabled='1'
flag="1"
fi
if [ $(uci get wireless.PRIMARY_5G.disabled) -eq 0 ]; then
uci set wireless.PRIMARY_5G.disabled='1'
flag="1"
fi
if [ "$flag" == "1" ]; then
uci commit wireless
fi
touch /tmp/update_ntptime_required
fi
bull_factory_data.sh set PlumeEnabled $PlumeEnabled
###########Set led default value #################################################
uci set led.status.wifi='0'
uci set led.status.ipv6='0'
uci set led.status.currentled='redon'
uci set led.status.ipv4='0'
uci commit led
old_firmware=`awk -F "'" '/option software_version / { print$2 }' /etc/config/tr069`
if [ "$firmVersion" != "$old_firmware" ]; then
rm -rf /usr/opensync/data
fi
# Run bull ntpd in the background
if [ -f "/sbin/ntpd_time.sh" ]; then
/sbin/ntpd_time.sh 120 &
fi
#remove files from /overlay/upper/sbin
if [ -e "/overlay/upper/sbin/mfg_led.sh" ]; then
rm -f /overlay/upper/sbin/mfg_led.sh
fi
if [ -e "/overlay/upper/sbin/mfg_button.sh" ]; then
rm -f /overlay/upper/sbin/mfg_button.sh
fi
if [ -e "/overlay/upper/sbin/init_ubi2.sh" ]; then
rm -f /overlay/upper/sbin/init_ubi2.sh
fi
#Check if filesystem recovery has taken place and reboot
if [ -s "/tmp/copy_files.txt" ] || [ -s "/tmp/opensync_copy_files.txt" ]; then
echo "Filesystem recovery has taken place, performing a reboot." > /dev/kmsg
reboot_file="/etc/recovery_reboots.txt"
# Check if the reboot file exists
if [ ! -f "$reboot_file" ]; then
# If not, initialize the file with 0 reboots
echo "0" > "$reboot_file"
fi
# Read the current number of reboots from the file
reboot_count=$(cat "$reboot_file")
# Check if the reboot count is less than 3
if [ $reboot_count -lt 3 ]; then
# Increment the reboot count
reboot_count=$(($reboot_count+1))
# echo $reboot_count > /dev/console
# Update the reboot count in the file
echo "$reboot_count" > "$reboot_file"
rm -f /tmp/copy_files.txt
reboot
else
echo "Reached maximum reboots (3)." > /dev/kmsg
fi
else
echo "Recovery file is empty." > /dev/kmsg
# Delete reboot count file if recovery is no longer required
if [ -s "/tmp/recovery_reboots.txt" ]; then
rm -f /etc/recovery_reboots.txt
fi
fi
#Check the consumer flag
consumer=`bull_factory_data.sh get consumer`
if [ -n "$consumer" ] && [ "$wanmode" = "ont" ] && [ "$consumer" = "retail" ]; then
echo $consumer > $consumerFilePath
fi
}