Unencrypted factory firmware to flash SiteCom WLR-5100

Hello everybody,

I need some help from you guys. My Sitecom WLR-5100 v1 002 is bricked (after a factory firmware upgrade), but i can communicate to him by serial port (U-boot).

Baud Rate: 115200
Data Bits: 8
Parity : No
Stop Bits: 1

I want to flash the router with the factory firmware,

but the factory firm is a .dlf file and after studying the next topic:

https://openwrt.org/toh/sitecom/wlr-6000

i figured out that i need to decode the factory .dlf file, but i don't know how to do it.

Can someone please teach me how to do this (or post here the unencrypted factory firmware )?

Thanks in advance.

Anyone? Please.

Could you please post some pictures of the PCB and maybe the log of the bootloader?
I can't find any information about the WLR-5100 online and I'm curious which chipset's it uses.

Do you want to keep using the factory firmware or will OpenWRT (if possible) also fit your needs?

First of all, thank you for your reply.

Here's the pictures of the Sitecom WLR - 5100:

And here's the bootloader:
"

U-boot Ver:1.0.0.1 2013/05/23 14:35:41


Board: Ralink APSoC DRAM:  64 MB
******************************
Software System Reset Occurred
******************************
spi_wait_nsec: 28
spi device id: c2 20 17 c2 20 (2017c220)
find flash: MX25L6405D
Flash size 8MB, sector count = 128
============================================
ASIC 7620_MP (Port5<->GigaSW)
Product Name: WLR-5100v1002

Please choose the operation:
   2: Load system code then write to Flash via TFTP.
   3: Boot system code via Flash (default).
   9: Load Boot Loader code then write to Flash via TFTP.                     0

3: System Boot system code via Flash.
## Booting image at bc060000 ...
   Image Name:   Linux Kernel Image
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    1834741 Bytes =  1.7 MB
   Load Address: 80000000
   Entry Point:  8000c110
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK

Starting kernel ...


LINUX started...

 THIS IS ASIC
init started: BusyBox v1.13.3 (2015-12-14 17:20:49 CST)
starting pid 758, tty '/dev/console': '/sbin/config_init'
mknod: /dev/ttyS0: File exists
mknod: /dev/ttyS1: File exists
Config Init version: 1.4.0.1 date: 2015/12/14
Thu Jan  1 00:00:00 UTC 2015
ln: /lib/./modules: File exists
starting pid 807, tty '/dev/ttyS1': '/sbin/config_term'
************************************************************************
*                            WLR-5100v1003                             *
************************************************************************

KernelApp/Ramdisk Ver:1.4.0.1                    Date:2015/12/14
password:

"

I want to keep using the factory firmware.

Thanks again.

The password is lin17.

Someone knows the speed of this chipset?

From your bootloader I read WLR-5100v1003 firmware loaded on v1002 hardware.
I have the WLR-4100v1002 having the very same PCB, but without the 5GHz. module soldered on it.
We may have the same SW since I read in mine:
bootfile=uImageWLR-5100v1002
I suppose the factory SW is similar among other routers, therefore the WLR-8100 Factory firmware firmware recovery:
https://openwrt.org/toh/sitecom/wlr-8100
may works for WLR-5100 as well

Ah Sitecom DLF firmwares. Use mksenaofw to decrypt them. That tool is included as binary in the OpenWRT SDK.

Here is the decrypted firmware.

$ binwalk WLR-5100v1002-firmware-v14.bin

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             uImage header, header size: 64 bytes, header CRC: 0xA4C05DEE, created: 2015-12-14 09:27:57, image size: 1834741 bytes, Data Address: 0x80000000, Entry Point: 0x8000C110, data CRC: 0x7523A1A1, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "Linux Kernel Image"
64            0x40            LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 4708892 bytes
1835008       0x1C0000        Squashfs filesystem, little endian, version 4.0, compression:xz, size: 3640004 bytes, 353 inodes, blocksize: 131072 bytes, created: 2015-12-14 09:27:41

Edit: Why are you kicking a 2 year old topic back to life @Sirpolex? I could drink an additional beer instead of spending my time decrypting a firmware file for a question asked 2 years ago lol.

Before proceeding with the burning of Flash memory of my WLR-4100 I would like to know a revert procedure. I found this post and I preferred to resurrect it instead of a new one.
Thank you for your reply.

Haha ah you needed the stock unencrypted firmware too. I'm glad I could help you providing the unencrypted firmware, so the effort was not in vain .

I try to execute the firmware without contaminating the Flash.
Nevertheless, I understood that we have several Flash Area containing Router specific piece of information like MAC addresses and clibration parameters. Like in the WLR-2100:

I did not saved yet.

Regarding saving and using cat or dd for backup:

Also cat /proc/mtd shows the parititions with name, should gives some hint what is stored in the partitions.

Here it is:

# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00030000 00001000 "Bootloader"
mtd1: 00010000 00001000 "Config "
mtd2: 00010000 00001000 "Factory"
mtd3: 00790000 00001000 "Kernel"
mtd4: 005d2000 00001000 "app"
mtd5: 00010000 00001000 "backup"
mtd6: 00010000 00001000 "storage"

I am not able to establish a network connection with the router (Factory firmware does not allow ssh).

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.