I tried to short every pin on U26, none will interrupt the boot.
Good ideas on the U13 part but unfortunately I don't have a healthy donor to extract the data. 
Hi,
if you got the uBoot cli... erase the nand.part rootfs
It would be possible to erase the complete chip with nand erase.chip but the rootfs should be enough...
(APX120) # nand erase.part rootfs
NAND erase.part: device 1 whole chip
Erasing at 0xffe0000 -- 100% complete.
OK
(APX120) # ubi part rootfs
Creating 1 MTD partitions on "nand1":
0x000000000000-0x000010000000 : "mtd=0"
UBI: attaching mtd2 to ubi0
UBI: physical eraseblock size: 131072 bytes (128 KiB)
UBI: logical eraseblock size: 126976 bytes
UBI: smallest flash I/O unit: 2048
UBI: VID header offset: 2048 (aligned 2048)
UBI: data offset: 4096
UBI: empty MTD device detected
UBI: create volume table (copy #1)
UBI: create volume table (copy #2)
UBI: attached mtd2 to ubi0
UBI: MTD device name: "mtd=0"
UBI: MTD device size: 256 MiB
UBI: number of good PEBs: 2048
UBI: number of bad PEBs: 0
UBI: max. allowed volumes: 128
UBI: wear-leveling threshold: 4096
UBI: number of internal volumes: 1
UBI: number of user volumes: 0
UBI: available PEBs: 2024
UBI: total number of reserved PEBs: 24
UBI: number of PEBs reserved for bad PEB handling: 20
UBI: max/mean erase counter: 1/0
(APX120) # ubi create rootfs
No size specified -> Using max size (256999424)
Creating dynamic volume rootfs of size 256999424
(APX120) # tftpboot APX.v2.1.1-1.uimage
..
(APX120) # bootm 0x84000000#config@4
## Booting kernel from FIT Image at 84000000 ...
Using 'config@4' configuration
Trying 'kernel@1' kernel subimage
...
Here is one way to break the APX120 uBoot and enter the uBoot cli environment...
Connect your serial port to the 4 pin header, setup putty and grab a cable connected to GND..
Powerup the APX120 and right after you see the first boot messages, just before u-Boot 2012.07 ... comes up
pull the DO (IO1) from the SOIC 300-mil layout to GND.
it´s needs a good timing and maybe some tries.
uBoot will enter the default environment, from here you can try to change bootdelay..
one drawback ...
if you change the bootdelay and save the environment you lose all settings for a successfull APX boot.
But you could reset the APX120 now, enter u-Boot again and you will have a clean uBoot environment.
From here you could set the neccesary environment variables and load the apx.uimage later on.
more information
After entering the default environment for uBoot, the environment is set to default values and the NAND chip is not recogniced.
we now need to do the following
- set the required environment
- set autoboot delay to 5s
- repower APX120
- enter uBoot
- erase nand chip
- tftpload APX.uimage
- boot kernel
- wget desired firmware
- run update_image.sh script
- reboot
Sorry for warming up this topic ...
I have an APX120 with solid red.
I can see booting up with putty, autoboot is set to five seconds.
But: I am unable to interrupt it.
Changed TX/RX for hope, but of course, it did not work.
I tried two different adapters, but no success.
Should I short it too?
Thank you.
Edit: and I tried a different computer ...
Edit2: I played on the UART pins and I am able to interrupt autoboot. But even then, I am unable to type something.
Bridging RX/TX is working, my adapters are fine.
So, there is a short on the board of the APX?
I am not really familiar with such things.
Hi all,
sorry again for warm up the topic,
can every create a video to solve this issue ?
many thanks
You mean someone should soft brick one on purpose, so they can create a video of the recovery for you ?
What would you like to see in a video?
It´s all about timing and geting a NAND glitch, uBoot will crash and enter failsafe environment.
Hello,
I am too trying to unbrick two APX120. I have the serial cable and I can read the console output, I just don't understand this part:
"pull the DO (IO1) from the SOIC 300-mil layout to GND."
Can you be more specifc in what I should do?
Thanks!
Try to Short this pin with GND, it needs a good timing and several try´s.
With some luck, uBoot will enter emergency mode.
You need to set all uBoot env variable new!
1 Like
Hello,
Thanks for the input! I managed to enter emergency mode but saveenv (after set bootdelay to 5 with setenv bootdelay 5) return this message:
Saving Environment to NAND...
Erasing Nand...
Attempt to erase non page aligned data
Any other suggestion?
EDIT:
okay, after a few other atempt I managed to save the enviroment variables.
I formated the nand and TFTP booted with this image: https://d2apih4urmzzdu.cloudfront.net/v2.1.1-1/APX.uimage
The AP firmware start without problem, it get an IP from DHCP but I can't see from the XG to do the upgrade.
Trying to boot in failsafe get stuck after "login: plese reboot etc.."
Trying manual update after boot with the update_image.sh fail with this error:
libubi: error!: "/dev/null" has major:minor 1:3, but this does not correspond to any existing UBI device or volume
ubiupdatevol: error!: "/dev/null" is not an UBI volume node
Hello,
Can you post all the ENV variables that need to be set? I think i made some mistake there...
Hello girls and boys,
i have the problem, that i don't see the right terminal.
I see any symbols but no text or words
this i see with putty and have this options
I used terraterm but there is the same.
i used other baud rates. I switched the RX and TX. I used a normal COM-cable with port 2,3 and 5 but nothing works. What can i do or is the chip broken?
Can anywhere help me?
You mustn't use a normal COM-cable, but a so-called TTL-to-USB-cable.
The serial port on the SOC uses a voltage of 3,3V, but the normal COM (RS-232/V.24) uses up to +/- 15V. It might be possible that you have fried the serial port of the router with the wrong cable.
This text will give you the background.