What are the failsafe modes?

The part I'm not getting is the initramfs. Is this a full image or just a boot image?
Based on the link you show, it looks like I can install a full imag eusing tftp then run that image on the device without overwriting the original. Once logged into the new image, I can extract the old image.

The loader says AR9330 while this link shows AR9331 so it's probably not this one.

Load the kernel in memory: tftpboot YourKernelName.bin
Boot the loaded kernel from memory: bootm

Does kernel mean a whole, complete firmware image or just some part, like a boot only or something.

And more importantly, how do I figure out what the proper repo build is for this device?
I know it's Chaos Calmer 15.05. I know it's Atheros AR9330.
I think it's got 32m ram and /64m storage.

What else do I need to know to find the correct repo?

[    0.000000] Linux version 3.18.84 (sean@ubuntu) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r49599) ) #1 Tue Jan 30 17:35:50 PST 2018
[    0.000000] CPU0 revision is: 00019374 (MIPS 24Kc)
[    0.000000] SoC: Atheros AR9330 rev 1
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 04000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x00000000-0x03ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x00000000-0x03ffffff]
[    0.000000] Initmem setup node 0 [mem 0x00000000-0x03ffffff]
[    0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 16256
[    0.000000] Kernel command line:  board=MINIBOX-V1  console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd
[    0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[    0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Writing ErrCtl register=00000000
[    0.000000] Readback ErrCtl register=00000000
[    0.000000] Memory: 60880K/65536K available (2526K kernel code, 147K rwdata, 540K rodata, 232K init, 188K bss, 4656K reserved, 0K cma-reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1

I deduced it might be this image.
minibox-v1-squashfs-sysupgrade.bin

So I gave it a try....

uboot> tftpboot
tftpboot

eth mode (duplex/speed): 1/100 Mbps
TFTP from IP: 192.168.1.2
      Our IP: 192.168.1.1
    Filename: 'firmware.bin'
Load address: 0x80800000
       Using: eth0
     Loading: *[08]T T T T T T T T T T 
## Error: retry count exceeded, starting again!
Link down: eth1


TFTP retrying out is usually because the firewall on the PC is preventing the TFTP server from seeing any incoming requests. Disable all firewalls on the PC.

Pay close attention to the partition table reported when the stock firmware boots up, it would be best if your OpenWrt initramfs uses the same table. Otherwise you'll need to rearrange the data in the files you dump to line up with how the stock firmware partitions the chip.

Another way to dump the flash is to use md commands in the bootloader, capture the hex text that results and use a script on your PC to convert it to a bin file. This will take some time to transfer on the serial port. The builds of uboot typically found in routers do not provide a way to export binary data over Ethernet.

The firewall is disabled on the laptop I'm using to work on this device.
I think I'm getting over my head again... tables? I don't care if I trash the device afterwards, I just want to get the current image saved.

But tftp doesn't seem to be allowing the transfer to happen so if I'm doing it ok, I guess I need to figure out why it's timing out.

[    0.000000] Kernel command line:  board=MINIBOX-V1  console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd
[    0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[    0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Writing ErrCtl register=00000000
[    0.000000] Readback ErrCtl register=00000000
[    0.000000] Memory: 60880K/65536K available (2526K kernel code, 147K rwdata, 540K rodata, 232K init, 188K bss, 4656K reserved, 0K cma-reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS:51
[    0.000000] Clocks: CPU:400.000MHz, DDR:400.000MHz, AHB:200.000MHz, Ref:25.000MHz
[    0.000000] Calibrating delay loop... 265.42 BogoMIPS (lpj=1327104)
[    0.080000] pid_max: default: 32768 minimum: 301
[    0.080000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.090000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.100000] NET: Registered protocol family 16
[    0.100000] MIPS: machine is MiniBox V1.0
[    0.590000] Switched to clocksource MIPS
[    0.590000] NET: Registered protocol family 2
[    0.600000] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.600000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[    0.600000] TCP: Hash tables configured (established 1024 bind 1024)
[    0.610000] TCP: reno registered
[    0.610000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.620000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.630000] NET: Registered protocol family 1
[    0.630000] futex hash table entries: 256 (order: -1, 3072 bytes)

I see why. tftpboot says it's using 192.168.1.1 but it's not even connecting to the laptop. I can't ping that IP from the laptop which is 192.168.1.2..

It helps if the tftp server is started too :).

The image seems to be on the device now. I suppose I need to write it to this correct table now?
I don't see any HEX text, just the transfer pound signs.

TFTP from IP: 192.168.1.2
      Our IP: 192.168.1.1
    Filename: 'firmware.bin'
Load address: 0x80800000
       Using: eth1

     Loading: *[08]T T T T T T ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ########################################
              ###############

TFTP transfer complete!

Bytes transferred: 16252928 (0xf80000)
uboot> help
help

This is odd, it's really too large for this sort of device. Typically the compressed kernel+initramfs is about 5 MB. OK I see you used a squashfs file, that is the wrong file. You need an initramfs.

In this case, tftpboot only transferred data to RAM. So you next have to boot the image manually.
bootm 0x80800000
This might fail because it is trying to uncompress the kernel into the same RAM space where the compressed kernel is loaded, clobbering the compressed data before it can be used (resulting in LZMA Error). So you may need to tftpboot to a non-default address farther up in RAM such as 0x81000000.

Definitely above my knowledge at this point. The only other file I see in the repo is minibox-openwrt-15.05.1-ar71xx-generic-minibox-v1-squashfs-sysupgrade.bin. I see no others.

I think I have to give up at this point unless someone is willing to walk me through the process.

That is correct

Initramfs boots and runs in RAM. Any files you change are also only in RAM. The whole thing goes away when the power is turned off. It's not "installed." However it is a full system that has drivers to read and write the flash chip if you wanted to.

1 Like

But my objective is to check out what is running on the current build, not one I would install or temporarily run. That's why I'm asking if someone can walk me through this at this point. It's a lot to learn quickly just to get at this build. However, being able to go through the motions would certainly teach me (and anyone reading this) something interesting and useful if I ever need this again.

The stock firmware doesn't let you log in in any way, so you need to get a copy of the filesystems in the flash and examine the files offline.

Hi,
I am a bit late to this thread, but does the box attempt to do modbus requests to the solar inverters?.
Connect to to the local network via a managed switch, and send all the traffic to wireshark.
Modbus traffic is not encrypted, so you can work out what registers are being read.

You’re doing the process correctly, just with the wrong file. You don’t need a 15.05 image to boot off. 19.07 or 21.02 will be fine.

But! Your device hasn’t been ported to 21.02, when initramfs images began being generated automatically. It’s just too old.

There are mini box images for 19.07, but you would have to compile an initramfs image yourself.

Using wireshark would show me what it's doing but not how it's doing it. That's the part I need. I need to know how it's polling, if it even is so I can see how I might be able to do it.

Besides, this has become interesting to go through the process but over my head and while I'm overwhelmed with lots of other work but trying to keep up.

I recall that 4mb/16mb images aren't easy to build anymore but this device seems to have more memory so maybe it can run a newer image.

Maybe I said it wrong or thought something changed but my understanding is that I'm trying to load an image so I can then copy the previous image to a file. Once I have it off the device and in a file, I can later mount/open that file and take a look at the image, files on it etc as if I was connected to it, just not running live.

However, forgive me but it is still not clear to me what the proper initramfs image is or how I generate one. I've only used image builder and while I'd like to try source soon, I simply don't have the time capacity to do it right now.

Booting from Initramfs is almost similar to live booting in linux distros, ie the firmware is expanded to ram and is running from it without writing anything to flash, what you need is the dump of ur old firmware written in the flash, so what you need to do is basically boot into a openwrt fw running from ram so that flash is intact with old firmware and dump ur flash to a ftp or sftp server u hosted. if u are building ur initramfs fw you may wanna include openssh-sftp-client package so that u can scp the file to ur computer for analysis.
Hope you can understand
grishnkr

1 Like

Just an update that I will get back to this as soon as I can and report my results.

You mentioned that it has a telnet port open in the running state right?, Before doing this the hard way, try to brute force the telnet. Usually successful telnet login gives you root access.

You mean like hydra or something? I had not thought about that.
I've not had the chance to get back to this, been so overwhelmed with work. I still would like to close this thread with something positive so will try again as soon as I can. In the meantime, maybe I can run something in the background thanks to this idea.