Wa1201 v2 eeprom dump

Hi

I tried flashing open wet on my wa1201 v2 ap and it tripped out halfway in the flashing process.
It's got a w25q128c eeprom. I've desoldered and taken a dump of it using hxd I've got some legible writing in there like the partition tables and product number versions and special id. So I'm guessing half the file is ok with all the hardware ids. It's just the os side that's corrupted.

Can anyone send me their firmware dump from the eeprom so I can try repair this . I can send my bin file if anyone can help

Flashing OpenWrt should not kill the bootloader, so it would be easier to attach UART and recover via the serial console - or is there a reason why this isn't going to work?

Instructions:

https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=baacdd53dfd1daf3d4fada8921a46a562e4520e2

Hi I've tried to connect to the serial via the UART points using the ch341a programmer but all I'm getting when I open a putty terminal is some random gibberish and normal letters and numbers mixed in

Double-check the wiring: Only connect Rx, Tx and GND, never connect VCC. Try swapping Rx and Tx. Is the baud rate set correctly?

▒aUŧY▒H(▒ ▒▒
j▒▒o.A▒
▒#!UI▒▒L jg,▒I4ҍV+▒▒ ▒ݶ▒▒▒0L▒▒▒▒'ҳͩ
▒a▒E▒&▒ ▒.▒▒▒ *
!▒ ▒!▒5i▒▒▒▒
▒o▒▒▒▒ݮ▒▒Y2▒▒Ba▒'▒8▒▒▒0▒C!JVղW▒ݠ▒▒▒f
A▒
▒▒K▒▒▒▒V▒0▒j▒jVղ7▒ݠ̒ځf▒jŬ▒+A▒▒▒i▒▒▒▒0▒C!JVղW▒ݠ▒tY.2▒ɠ▒+▒▒J▒▒▒
▒i▒▒▒Yf▒э!֕r˝ ▒▒▒▒.2▒▒:▒▒▒X
"▒▒▒i▒▒▒ә▒▒C!JVղW▒ݠ
&ځf▒.▒▒▒▒▒[.) ▒▒:▒▒▒әɰC▒
ͫ▒ŮWVA▒▒·▒ٹj▒N▒▒▒▒+˝▒Z
▒▒▒
▒u▒▒KA▒▒·V▒0▒j
▒+▒hj▒▒u
▒ ▒͘ "ն▒,V▒▒ ▒▒0 "▒vZ▒6
E▒▒▒8▒▒+▒▒N▒ՠL▒J▒ ▒▒,▒K▒c▒]KA▒▒5▒H▒+▒h▒▒▒j 5▒U▒kA▒V▒ٶZ▒▒˕▒▒C▒H▒I▒▒▒Nš▒▒O▒▒▒▒n填▒E▒▒▒▒n填▒N▒▒▒▒▒u▒▒▒U▒▒▒▒Z▒▒▒Y▒r▒▒▒
▒▒▒Z▒▒Ѳ▒▒A▒
2ѡ˂▒n▒ݠV▒դ
▒▒X▒▒▒.͠▒▒▒t▒▒▒cK▒e▒t▒▒.▒!▒▒uա▒5ݭ▒뵕t]A▒T▒▒▒▒▒Ս▒▒▒gL¸▒▒▒�▒▒▒▒▒]1LSH▒e▒ ▒Ѳٮ5▒a▒▒u▒▒▒U▒▒▒tZ▒▒zY'▒▒ͥj▒▒A▒&▒▒▒▒a▒K}▒▒[ו▒ŴҺ▒▒Ս▒D.▒▒n▒+ K▒j>▒e▒!▒▒E▒▒+}▒▒5▒ݠL▒
҂▒Ұ▒▒f▒▒▒0▒'▒5▒Y
▒ ▒▒
j▒▒▒k▒▒E▒̲▒▒t
¸
▒
▒*▒H▒
▒Z▒▒▒
▒▒o▒▒▒t▒▒▒▒i ▒▒▒▒▒▒▒
▒▒▒▒ᶁa▒ʒA▒▒▒0▒▒▒j▒(▒▒XVk▒N▒[▒▒5
▒
this is what im gettting in the terminal with uart out to rx and uart in to tx, i get nothing from this until i connect the 3.3v to the programmer but im guessing this isnt the right process
ive set the baud rate to 115200, 8N1 as per the uart instructions on the openwrt page

}ޯU▒!▒kç▒Y:ꍹ▒▒j▒▒SitT▒m▒▒S▒[ߧ▒▒▒Y▒▒٥M▒▒▒ճ+▒▒▒▒▒▒V▒▒WՕ▒▒k▒▒+▒▒▒z▒▒▒[▒e▒▒▒▒▒k▒{H▒▒▒▒{▒▒▒▒6▒ʹZ▒ˤ▒٬V▒ȣ+▒{▒▒▒▒▒{▒▒▒▒▒߹▒▒▒5▒Tʿ▒▒雊▒▒▒▒9▒▒▒▒{▒▒▒▒▒6▒ʹZ▒ˤ▒▒▒▒5▒▒▒▒▒E▒▒▒▒3▒▒▒{▒▒򚺗▒KS▒▒K▒▒k▒▒ohTʿ▒▒▒˝!▒▒▒W▒=▒▒Q▒{▒▒▒▒▒߹▒▒ʵ▒T▒▒ϊ▒▒▒ۡ▒▒{▒c*J▒▒▒:▒{▒▒ٚ▒▒}▒=▒▒{E▒▒QڿO▒▒{▒▒ٚj▒▒=l▒▒▒Ť▒▒k▒▒k▒}嫕{▒▒▒▒▒{▒▒▒▒▒▒ΒJ▒▒▒#▒▒k}▒▒▒▒w▒b▒▒▒▒▒▒▒6▒▒M▒)▒▒ݝ▒▒ݬ▒Rʯ▒-▒▒듥▒▒K▒▒Zߎ▒#▒+▒sTQQ=Fi▒▒▒▒▒▒=▒Ԛ▒▒▒f▒'▒▒▒"▒▒▒PI▒[▒▒▒▒5▒▒:▒▒▒▒▒▒▒▒:▒▒▒t▒▒▒5▒▒:▒▒▒T▒▒▒ e▒▒
u▒▒U▒▒ѩ:▒
▒▒▒▒,▒▒▒=▒Z▒▒▒▒=▒i▒ke-▒▒h▒▒▒▒Z▒▒4▒O▒)▒%▒▒▒#▒▒#▒▒▒:▒!▒▒▒5▒▒ѫ▒Ʃ9▒▒▒▒▒=Oѩ1IQ▒#K▒[▒S▒▒▒=w▒▒:j▒+▒i▒ߖ▒▒u▒▒jA▒▒▒3▒k▒t▒▒z▒▒▒Tz▒▒▒▒i▒▒5▒▒I▒ߍ▒z▒D▒㹽z▒C▒%▒▒e1▒▒)%▒Q▒▒▒ŕ▒[ہ▒▒▒▒˳▒▒{▒▒▒▒▒▒fڿ▒(▒▒▒=▒▒鶿߶▒▒6Z▒▒Ѷ▒S^▒▒/▒k▒▒▒▒▒▒V▒V▒tt▒▒▒g▒֖▒▒▒!▒▒▒zۧ▒V▒i▒뚍K▒C[▒K▒▒▒▒Qڊ▒▒▒▒▒▒▒{▒▒▒▒o
:▒d▒▒Ϫ▒▒k3▒▒▒4▒o▒7▒▒▒-▒%▒ͣ▒▒z▒▒
thats what i get when i switch tx and rx around uart out to tx and uart in to rx

Again, please do not connect VCC = 3.3V, only Rx, Tx and GND. I checked the wiki page again, the pinout should be:

• Tx to TP_UART_IN
• Rx to TP_UART_OUT
• Gnd to TP_GND

115200 baud should be correct, but it doesn't hurt to try 57600 baud. The CH341 programmer is, unfortunately, not the best serial converter - some even have a hardware bug where they output 5V even if the jumper is set to 3.3V. If you have access to a different USB-TTL adapter, you might want to give it a try.

Since the device page refers to the C6 v2, you might want to try the TFTP recovery method mentioned there.

Ok cool I'll double check my connections and I'll leave the 3.3v disconnected. I've done the 3v mod on this programmer as I was getting 5v on all data lines out of the box. With the mod I'm getting a nice 3.3v max on any of the lines

I'll mess about with it tomorro as I've left it at work. Thanks for the help tho I'll report back tomorrow

right ive had a crack at it again

ive managed to get some legible words from the uart using 7n1 but obv these are the wrong settings

@

Boot1.1.4-gc9#24d92-dir4y (N/v 27 2019 - 15:4:35)

D2a'on&l9 1.0

D2AM: 128 -B
T/p of RAM 5sabl% for U-Bo/t at: 800000
Bootat: 7fa000&or U
eser6ing 192k &or m!lloc() at: 7f7000
2es%r6in' 4 y4es f/r Bo!rd I.fo a4: 87&6ffd4
Re3ervi.g 36 Byte3 for G,ob!lDa4aat: 7f6f&b0
2es%r6ing 28k &or b/ot p!rams() at: 87f4ffb0
Sta#k Po)n4er a4: 87&4f&9
N/w 2u.ni.gin R!M - 5-B/o4 a4:87fa000
Flas( Man5f Id 0xc8, Dev)ceId0 0x40, De6i#eI$10x18
f,a3h 3i:e 16-B, s%ctorcoun4 = 26
F,ash: 16 M
Us)n' d%f!ul4 %nv)r/nm%n4

In: 3eria,
Ou4: 3eria,
Er2: 3e2ia,
Ne4: !th_g-ac_e.et_i.itia,ize...
No 6alid addr%ss i. Fla3h. U3ing &i8ed a$dr%s3
at(_gma#_ene4_ini4iali:e: r%s%t -a3k:#0200
a4hr_m'mt_i.it ::done
$rago.fly ----> S17 PHY *
phyhw_c&g 10.
-ax r%setslimi4 rea#hed %xiti.g...
ath2_gma#_sgm)i?se4u0 SM)I $o.e
:cf'10x800000 cfg 0x714
et(0 00:3:7f09:0":ad
eth0up
%th0
Sett)ng 08181162c0 4o 0x50a0210
Hit !ny k%y to stop auto"oot: 0
##Boot)ng i-age !t 9f030000 ...
Bad Magi# .um"e2
!t(>

I read somewhere that the baud rate is actually roughly 120000 bits and not 115200 as it should be - I assume the TTL converter has problems with that if it's really the case.

Anyhow, the bootloader is clearly alive and you should be able to get away with flashing via TFTP if you manage to get useful output.

The full dump works, too, if someone provides you with a file. Just be careful to replace the MAC address.

Right I've had a 3 crack at using this tftp server thing. Turns out the issue was the windows firewall blocking it. Managed to get it working firmware downloaded and access point installed it ok.

Back to fully working stock firmware

Thanks guys👌

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.