No prompt on serial console - AR7516 (EE BrightBox 1)

I got an Arcadyan AR7516 off Ebay for cheap, and I've been trying to OpenWrt on it since I got it.

I was unable to use the CFE HTTP web server method of OpenWRT installation as the CFE environment requires a username and password, and I don't know what it is (I've tried variations of root/root, root/admin, admin/admin, etc.).

So I got a USB-TTL adapter, got a soldering iron and soldered some pins onto the serial header. I managed to get access to the serial console but then discovered that there is no prompt - whether I stop the boot in the bootloader by pressing "any key" (tried Esc, Ctrl+C, and various other keys), nor if I let the router boot up.

I have no idea what to try next. This router has no JTAG access, only serial, but that's a bit useless if I can't get a console prompt.

Once the router finishes doing its thing, you can now telnet in using the user name root and the password password (on some firmware versions this might be admin:password instead).

What about this combinations mentioned in the wiki?

Beside that the wiki is telling you that the router has jtag but no header/pinout. Also SPI flashing looks more complicated to me than usually. I would try the CFE approach first instead messing arround with:

but the chip's VCC is connected to the rest of the board so you run the risk of drawing too much power and/or flashing while the CPU is awake; consider fitting an isolation jumper. You may find the chip gets enough power parasitically that it flashes OK without its VCC connected. Don't let any other pins float unless they're NC though.

Where did you find this? I can't see it anywhere. I'll try them, though.

At the End of Section: "'Manufactory' Mode/Telnet"

Ah I did see that - but I can't even log into manufactory mode. It requires a username and password and no matter what I try, the page simply refreshes and I'm back to square one.

Did you make a reset? So old passwords of the previous owner got wiped.

1 Like

Yep, I've reset multiple times to no avail.

Apparently, the page which gets access to manufactory mode is now locked out. I've tried various little hacks to try to get around it - turns out it uses a couple stupid insecure hidden form fields to stop you accessing the actual page.

STILL couldn't get in. I'm not really sure where to go from here.

So with even a reset you cannot normally login into web interface and call after login?

If so then I cannot help further with this device.
The only thing left I can suggest is trying a different browser and/or delete browser cache.

The only workarround I would have is to save configuration in a file (if possible or you have made before working on this device). There is often the password included. Maybe plain or with an md5 hash on older devices. You could try to bruteforce it if there is no salt. I did that in the past with an older FritzBox already. But be aware ... The longer the password is ... You can also buy such services online nowdays it seems: oO ... I didn't find a better link fast asking google.

Maybe there is a TR-069 service interface with a standard password on the device also? As it is an ISP box.

This thread could help also (didn't read through):

You can check if login/password from Installing OpenWrt on Bright Box (R) Wireless Router EE is ok. Double check processor type before changing bootloader because two versions of BrightBox 1 have different types and wrong bootloader will brick your device.