OpenWrt Forum Archive

Topic: Belkin F5D8232-4 N1 Vision

The content of this topic has been archived on 25 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
josephus
10 Oct 2009, 12:08

The firmware file itself is a zip binary with some extra headers, probably version and checksum.
After extracting the firmware upgrade file we get another bin, which is infact the contents of the bootloader(redboot), kernel(linux 2.6.15), squashfs(uclibc userland).
They use nvram for storing settings, and binary CGI files for applying settings and upgrading firmware.
There is a hidden page in the firmware: wukongjiuwo.html where you can execute any commands and activate the console. (If you do the latter you will lose the LCD)

According to this internal photo there is a very high chance that they have pin holes for serial at the top-left corner: http://www.smallnetbuilder.com/images/s … ng_425.jpg
I have yet to open up mine. The article says "It uses an Atheros AR7141 processor, with 16 MB of RAM, 8 MB of flash and Vitesse 7385 gigabit switch. Those of you looking for a draft 11n router that supports Jumbo Frames will be happy to know that the Vision does—up to 9K. "
Most of this I can confirm from the outputs below.

Linux version 2.6.15--LSDK-6.1.1.65 (asraul@localhost.localdomain) (gcc version 3.4.4) #1 Fri Apr 11 03:54:27 CST 2008
/dev/mtdblock3 on / type squashfs (ro)
/proc on /proc type proc (rw,nodiratime)
ramfs on /tmp type ramfs (rw)

dmeg buffer, whats left of it:

>802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (squashfs filesystem) readonly.
Freeing unused kernel memory: 108k freed
Algorithmics/MIPS FPU Emulator v1.5
ag7100_mod: module license 'unspecified' taints kernel.
/proc/eth_status created

params: tx_len_per_ds 1536
fifo_3 0x7801ffnetfilter PSD loaded - (c) astaro AG
ipt_random match loaded
lcd_init_module: sucess to create a netlink socket
cfg1 0xf cfg2 0x7014
unit 0 phy is up...RGMii 1000Mbps full duplex
pll reg 0x18050010: 0x110000  fifo_3: 0x7801ff
done cfg2 0x7215 ifctl 0x0 miictrl 0x22 
Writing 4
device eth1 entered promiscuous mode
br0: port 1(eth1) entering learning state
lock init kwsc_mod
create wsc_cfb entry
create wsc_cfb entry
create wsc_iechange entry
create wsc_userset entry
create wsc_pbc entry
ath_dfs: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_hal: 0.9.14.25 (AR5416, DEBUG, REGOPS_FUNC)
wlan: 0.8.4.2 (Atheros/multi-bss)
ath_rate_atheros: Version 2.0.1
Copyright (c) 2001-2004 Atheros Communications, Inc, All Rights Reserved
ath_pci: 0.9.4.5 (Atheros/multi-bss)
PCI: Enabling device 0000:00:00.0 (0000 -> 0002)
Chan  Freq  RegPwr  HT   CTL CTL_U CTL_L DFS
   1  2412n     20  HT20  1    0    1     N
   1  2412n     20  HT40  1    0    1     N
   2  2417n     20  HT40  1    0    1     N
   3  2422n     20  HT40  1    1    1     N
   4  2427n     20  HT40  1    1    1     N
   5  2432n     20  HT40  1    1    1     N
   6  2437n     20  HT40  1    1    1     N
   7  2442n     20  HT40  1    1    1     N
   8  2447n     20  HT40  1    1    1     N
   9  2452n     20  HT40  1    1    1     N
  10  2457n     20  HT40  1    1    1     N
  11  2462n     20  HT40  1    1    1     N
  12  2467n     20  HT40  1    1    0     N
  13  2472n     20  HT40  1    1    0     N
register_simple_config_callback called
wifi0: 11ng rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: 11ng MCS:  0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
wifi0: mac 13.2 phy 8.1 radio 13.0
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5416 PCI: mem=0x10000000, irq=48 hw_base=0xb0000000
wlan: mac acl policy registered
ar5416SetPowerPerRateTable() syn 2412 ctl 2412 ext 2412 is40 0
  6mb OFDM  15.0 dBm |  9mb OFDM  15.0 dBm | 12mb OFDM  15.0 dBm | 18mb OFDM  15.0 dBm
 24mb OFDM  15.0 dBm | 36mb OFDM  15.0 dBm | 48mb OFDM  14.0 dBm | 54mb OFDM  14.0 dBm
 1L   CCK   18.0 dBm | 2L   CCK   18.0 dBm | 2S   CCK   18.0 dBm | 5.5L CCK   18.0 dBm
 5.5S CCK   18.0 dBm | 11L  CCK   18.0 dBm | 11S  CCK   18.0 dBm | XR         15.0 dBm
 HT20mcs 0  11.0 dBm | HT20mcs 1  11.0 dBm | HT20mcs 2  11.0 dBm | HT20mcs 3  11.0 dBm
 HT20mcs 4  11.0 dBm | HT20mcs 5  11.0 dBm | HT20mcs 6  11.0 dBm | HT20mcs 7  11.0 dBm
 HT40mcs 0   0.0 dBm | HT40mcs 1   0.0 dBm | HT40mcs 2   0.0 dBm | HT40mcs 3   0.0 dBm
 HT40mcs 4   0.0 dBm | HT40mcs 5   0.0 dBm | HT40mcs 6   0.0 dBm | HT40mcs 7   0.0 dBm
 Dup CCK     0.0 dBm | Dup OFDM    0.0 dBm | Ext CCK     0.0 dBm | Ext OFDM    0.0 dBm
2xAntennaReduction: 0, 2xMaxRegulatory: 40, 2xPowerLimit: 60
2xMaxPowerLevel: 22 (HT20)
TPC Enabled 1 1 0
ar5416SetPowerPerRateTable() syn 2412 ctl 2412 ext 2412 is40 0
  6mb OFDM  15.0 dBm |  9mb OFDM  15.0 dBm | 12mb OFDM  15.0 dBm | 18mb OFDM  15.0 dBm
 24mb OFDM  15.0 dBm | 36mb OFDM  15.0 dBm | 48mb OFDM  14.0 dBm | 54mb OFDM  14.0 dBm
 1L   CCK   18.0 dBm | 2L   CCK   18.0 dBm | 2S   CCK   18.0 dBm | 5.5L CCK   18.0 dBm
 5.5S CCK   18.0 dBm | 11L  CCK   18.0 dBm | 11S  CCK   18.0 dBm | XR         15.0 dBm
 HT20mcs 0  11.0 dBm | HT20mcs 1  11.0 dBm | HT20mcs 2  11.0 dBm | HT20mcs 3  11.0 dBm
 HT20mcs 4  11.0 dBm | HT20mcs 5  11.0 dBm | HT20mcs 6  11.0 dBm | HT20mcs 7  11.0 dBm
 HT40mcs 0   0.0 dBm | HT40mcs 1   0.0 dBm | HT40mcs 2   0.0 dBm | HT40mcs 3   0.0 dBm
 HT40mcs 4   0.0 dBm | HT40mcs 5   0.0 dBm | HT40mcs 6   0.0 dBm | HT40mcs 7   0.0 dBm
 Dup CCK     0.0 dBm | Dup OFDM    0.0 dBm | Ext CCK     0.0 dBm | Ext OFDM    0.0 dBm
2xAntennaReduction: 0, 2xMaxRegulatory: 40, 2xPowerLimit: 60
2xMaxPowerLevel: 30 (LEG)
download uses obsolete (PF_INET,SOCK_PACKET)
device eth0 entered promiscuous mode
NO develop mode
ath0 (WE) : Driver using old /proc/net/wireless support, please fix driver !
device ath0 entered promiscuous mode
ar5416SetPowerPerRateTable() syn 2412 ctl 2412 ext 2412 is40 0
  6mb OFDM  15.0 dBm |  9mb OFDM  15.0 dBm | 12mb OFDM  15.0 dBm | 18mb OFDM  15.0 dBm
 24mb OFDM  15.0 dBm | 36mb OFDM  15.0 dBm | 48mb OFDM  14.0 dBm | 54mb OFDM  14.0 dBm
 1L   CCK   18.0 dBm | 2L   CCK   18.0 dBm | 2S   CCK   18.0 dBm | 5.5L CCK   18.0 dBm
 5.5S CCK   18.0 dBm | 11L  CCK   18.0 dBm | 11S  CCK   18.0 dBm | XR         15.0 dBm
 HT20mcs 0  11.0 dBm | HT20mcs 1  11.0 dBm | HT20mcs 2  11.0 dBm | HT20mcs 3  11.0 dBm
 HT20mcs 4  11.0 dBm | HT20mcs 5  11.0 dBm | HT20mcs 6  11.0 dBm | HT20mcs 7  11.0 dBm
 HT40mcs 0   0.0 dBm | HT40mcs 1   0.0 dBm | HT40mcs 2   0.0 dBm | HT40mcs 3   0.0 dBm
 HT40mcs 4   0.0 dBm | HT40mcs 5   0.0 dBm | HT40mcs 6   0.0 dBm | HT40mcs 7   0.0 dBm
 Dup CCK     0.0 dBm | Dup OFDM    0.0 dBm | Ext CCK     0.0 dBm | Ext OFDM    0.0 dBm
2xAntennaReduction: 0, 2xMaxRegulatory: 40, 2xPowerLimit: 60
2xMaxPowerLevel: 22 (HT20)
TPC Enabled 1 1 0
Force rf_pwd_icsyndiv to 1 on 2412 (1 2)
ath_newstate: Resetting VAP dfswait_run
ath_newstate: Resetting VAP dfswait_run
ar5416SetPowerPerRateTable() syn 2427 ctl 2437 ext 2417 is40 1
  6mb OFDM  15.0 dBm |  9mb OFDM  15.0 dBm | 12mb OFDM  15.0 dBm | 18mb OFDM  15.0 dBm
 24mb OFDM  15.0 dBm | 36mb OFDM  15.0 dBm | 48mb OFDM  14.0 dBm | 54mb OFDM  14.0 dBm
 1L   CCK   18.0 dBm | 2L   CCK   18.0 dBm | 2S   CCK   18.0 dBm | 5.5L CCK   18.0 dBm
 5.5S CCK   18.0 dBm | 11L  CCK   18.0 dBm | 11S  CCK   18.0 dBm | XR         15.0 dBm
 HT20mcs 0  11.0 dBm | HT20mcs 1  11.0 dBm | HT20mcs 2  11.0 dBm | HT20mcs 3  11.0 dBm
 HT20mcs 4  11.0 dBm | HT20mcs 5  11.0 dBm | HT20mcs 6  11.0 dBm | HT20mcs 7  11.0 dBm
 HT40mcs 0  10.0 dBm | HT40mcs 1  10.0 dBm | HT40mcs 2  10.0 dBm | HT40mcs 3  10.0 dBm
 HT40mcs 4  10.0 dBm | HT40mcs 5  10.0 dBm | HT40mcs 6  10.0 dBm | HT40mcs 7   9.0 dBm
 Dup CCK    10.0 dBm | Dup OFDM   10.0 dBm | Ext CCK    18.0 dBm | Ext OFDM   15.0 dBm
2xAntennaReduction: 0, 2xMaxRegulatory: 40, 2xPowerLimit: 60
2xMaxPowerLevel: 20 (HT40)
TPC Enabled 1 1 0
Force rf_pwd_icsyndiv to 2 on 2427 (1 2)
ath_chan_set: Changing to channel 2437, Flags 30080, PF 0
 make a wpa2 ie :

30    <1>18    <1>01    <1>00    <1>00    <1>0f    <1>ac    <1>02    <1>02    <1>00    <1>00    <1>0f    <1>ac    <1>04    <1>00    <1>0f    
ac    <1>02    <1>01    <1>00    <1>00    <1>0f    <1>ac    <1>02    <1>00    <1>00    <1>make a wpa ie :

dd    <1>1a    <1>00    <1>50    <1>f2    <1>01    <1>01    <1>00    <1>00    <1>50    <1>f2    <1>02    <1>02    <1>00    <1>00    <1>50    
f2    <1>04    <1>00    <1>50    <1>f2    <1>02    <1>01    <1>00    <1>00    <1>50    <1>f2    <1>02    <6>br0: port 2(ath0) entering learning state
br0: topology change detected, propagating
br0: port 1(eth1) entering forwarding state
br0: topology change detected, propagating
br0: port 2(ath0) entering forwarding state
NF calibrated [ctl] [chain 0] is -84
NF calibrated [ext] [chain 0] is -86
NF calibrated [ctl] [chain 1] is -87
NF calibrated [ext] [chain 1] is -88
NF calibrated [ctl] [chain 2] is -84
NF calibrated [ext] [chain 2] is -88
NF calibrated [ctl] [chain 0] is -84
NF calibrated [ext] [chain 0] is -86
NF calibrated [ctl] [chain 1] is -87
NF calibrated [ext] [chain 1] is -88
NF calibrated [ctl] [chain 2] is -84
NF calibrated [ext] [chain 2] is -88
erase addr: 0x20000
write flash, addr: 0x20000, size 0x10000
system type        : Atheros AR7100 (hydra)
processor        : 0
cpu model        : MIPS 24K V7.4
BogoMIPS        : 265.21
wait instruction    : yes
microsecond timers    : yes
tlb_entries        : 16
extra interrupt vector    : yes
hardware watchpoint    : yes
ASEs implemented    : mips16
VCED exceptions        : not available
VCEI exceptions        : not available
             total         used         free       shared      buffers
  Mem:        13616        12516         1100            0          680
 Swap:            0            0            0
Total:        13616        12516         1100
  PID  Uid     VmSize Stat Command
    1 root        324 S   init       
    2 root            SWN [ksoftirqd/0]
    3 root            SW< [events/0]
    4 root            SW< [khelper]
    5 root            SW< [kthread]
    9 root            SW< [kblockd/0]
   44 root            SW  [pdflush]
   45 root            SW  [pdflush]
   47 root            SW< [aio/0]
   46 root            SW  [kswapd0]
  641 root            SW  [mtdblockd]
  681 root        356 S   /sbin/lcd 
  693 root        268 S   /sbin/klogd 
  702 root        280 S   /sbin/syslogd -f /tmp/syslog.conf 
  738 root        336 S   /usr/sbin/udhcpd /var/udhcpd.conf 
  777 root        308 S   /usr/sbin/udhcpc -i eth0 -H Jos-PC -s /etc/udhcpc.scr
  782 root        320 S   /usr/sbin/ntp -z GMT+1:0:2 -h 129.132.2.21 -b 130.149
  783 root        264 S   /usr/sbin/crond 
  787 root        224 S   /usr/sbin/cmd_agent 
  804 root        292 S   /usr/sbin/mini_httpd -d /tmp/www -c *.cgi -t 600 
  830 root        296 S   /usr/sbin/ezinstall 
  831 root        256 S   /usr/sbin/download 
  832 root        312 S   /usr/sbin/network_status 
  833 root        292 S   /usr/sbin/pc_monitor 
  836 root        284 S   /usr/sbin/lld2 br0 ath0 
  868 root        368 S   /bin/sh 
  905 root        628 S   /sbin/hostapd -B /tmp/madwifi.conf 
  949 root        472 S   /usr/sbin/dnrd 
 1121 root        192 S   /usr/sbin/pbc_app 
 1203 root        712 S   /usr/sbin/wscupnpd br0 ath0 60 4 
 1208 root        712 S   /usr/sbin/wscupnpd br0 ath0 60 4 
 1209 root        712 S   /usr/sbin/wscupnpd br0 ath0 60 4 
 1211 root        712 S   /usr/sbin/wscupnpd br0 ath0 60 4 
 1213 root        712 S   /usr/sbin/wscupnpd br0 ath0 60 4 
 1232 root        364 S   /usr/sbin/upnp -D -L br0 -W eth0 -I 30 
 1242 root        712 S   /usr/sbin/wscupnpd br0 ath0 60 4 
 2529 root        712 S   /usr/sbin/wscupnpd br0 ath0 60 4 
 4834 root        372 R N setup.cgi 
 4836 root        120 S   /usr/sbin/mini_httpd -d /tmp/www -c *.cgi -t 600 
 4845 root        360 S   sh -c echo ps aux > /tmp/console_gui_input;ps aux > /
 4847 root        340 R   ps aux
wlan_xauth 1120 0 - Live 0xc006f000
wlan_ccmp 8096 0 - Live 0xc003d000
wlan_tkip 13120 2 - Live 0xc00ff000
pbc_module 2896 0 - Live 0xc0002000
wlan_scan_ap 8352 0 - Live 0xc00fb000
wlan_acl 4384 1 - Live 0xc006a000
ath_pci 150784 0 - Live 0xc012e000
ath_rate_atheros 29520 1 ath_pci, Live 0xc00f2000
wlan 238224 8 wlan_xauth,wlan_ccmp,wlan_tkip,wlan_scan_ap,wlan_acl,ath_pci,ath_rate_atheros, Live 0xc0085000
ath_hal 195056 3 ath_pci,ath_rate_atheros, Live 0xc00c1000
ath_dfs 27184 1 ath_pci, Live 0xc007d000
kwsc_mod 27872 2 wlan, Live 0xc0075000
lcd 4080 0 - Live 0xc0037000
ipt_random 1760 0 - Live 0xc0039000
ipt_psd 43760 2 - Live 0xc0058000
ag7100_mod 20960 0 - Live 0xc0051000
Character devices:
  1 mem
  2 pty
  3 ttyp
  4 /dev/vc/0
  4 tty
  4 ttyS
  5 /dev/tty
  5 /dev/console
  5 /dev/ptmx
  7 vcs
 10 misc
 13 input
 77 AR7100_GPIOC
 90 mtd
108 ppp
128 ptm
136 pts

Block devices:
 31 mtdblock
major minor  #blocks  name

  31     0        128 mtdblock0
  31     1         64 mtdblock1
  31     2       1024 mtdblock2
  31     3       2880 mtdblock3

(Last edited by josephus on 10 Oct 2009, 12:13)

Post #2
josephus
11 Oct 2009, 21:21

Serial console:
J31 header (you have to solder the pins)

[ ] o o o
1        4
Vcc Rx Tx GND

115200 8N1

RedBoot(tm) bootstrap and debug environment [ROMRAM]
Non-certified release, version UNKNOWN - built 18:05:46, Jun 21 2007
Compiled by root@localhost.localdomain

Copyright (C) 2000, 2001, 2002, 2003, 2004 Red Hat, Inc.

Board: pb42
RAM: 0x80000000-0x81000000, [0x80032d60-0x80ff4000] available
FLASH: 0xbf000000 - 0xbf400000, 64 blocks of 0x00010000 bytes each.
in Init LCD now.
Chance for pushing button, 2 seconds time out!
== Executing boot script in 2.000 seconds - enter ^C to abort
RedBoot> boot;exe
Now booting linux kernel:
 Base address 0x80050000 Entry 0x8024e000
Linux version 2.6.15--LSDK-6.1.1.65 (asraul@localhost.localdomain) (gcc version 3.4.4) #1 Fri Apr 11 03:54:27 CST 2008
flash_size passed from bootloader = 4
arg 1: console=ttyS0,115200 root=31:03 rootfstype=squashfs init=/sbin/init mem=16M
CPU revision is: 00019374
Determined physical RAM map:
 memory: 02000000 @ 00000000 (usable)
User-defined physical RAM map:
 memory: 01000000 @ 00000000 (usable)
Built 1 zonelists
Kernel command line: console=ttyS0,115200 root=31:03 rootfstype=squashfs init=/sbin/init mem=16M
Primary instruction cache 64kB, physically tagged, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, linesize 32 bytes.
Synthesized TLB refill handler (20 instructions).
Synthesized TLB load handler fastpath (32 instructions).
Synthesized TLB store handler fastpath (32 instructions).
Synthesized TLB modify handler fastpath (31 instructions).
Cache parity protection disabled
PID hash table entries: 128 (order: 7, 2048 bytes)
Using 200.000 MHz high precision timer.
Console: colour dummy device 80x25
Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)
Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)
Memory: 13508k/16384k available (1622k kernel code, 2876k reserved, 349k data, 108k init, 0k highmem)
Mount-cache hash table entries: 512
Checking for 'wait' instruction...  available.
NET: Registered protocol family 16
AR7100 GPIOC major 0
squashfs: version 3.1 (2006/08/19) Phillip Lougher
Initializing Cryptographic API
io scheduler noop registered
io scheduler deadline registered
Serial: 8250/16550 driver $Revision: #1 $ 4 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0x0 (irq = 19) is a 16550A
PPP generic driver version 2.4.2
PPP Deflate Compression module registered
PPP BSD Compression module registered
NET: Registered protocol family 24
SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256).
CSLIP: code copyright 1989 Regents of the University of California.
Add static partition for flash bank 0
Creating 4 MTD partitions on "ar7100-nor0":
0x00000000-0x00020000 : "RedBoot"
0x00020000-0x00030000 : "Nvram"
0x00030000-0x00130000 : "Kernel"
0x00130000-0x00400000 : "FileSystem"
Netfilter messages via NETLINK v0.30.
NET: Registered protocol family 2
IP route cache hash table entries: 256 (order: -2, 1024 bytes)
TCP established hash table entries: 1024 (order: 0, 4096 bytes)
TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
TCP: Hash tables configured (established 1024 bind 1024)
TCP reno registered
GRE over IPv4 tunneling driver
ip_conntrack version 2.4 (128 buckets, 1024 max) - 236 bytes per conntrack
ip_conntrack_pptp version 3.1 loaded
ip_nat_pptp version 3.0 loaded
ip_tables: (C) 2000-2002 Netfilter core team
TCP bic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (squashfs filesystem) readonly.
Freeing unused kernel memory: 108k freed
init started:  BusyBox v1.00 (2008.03.31-01:40+0000) multi-call binary
init started:  BusyBox v1.00 (2008.03.31-01:40+0000) multi-call binaryAlgorithmics/MIPS FPU Emulator v1.5

Starting pid 657, console /dev/ttyS0: '/etc/rcS'
ag7100_mod: module license 'unspecified' taints kernel.
/proc/eth_status created

params: tx_len_per_ds 1536
fifo_3 0x7801ffnetfilter PSD loaded - (c) astaro AG
ipt_random match loaded
lcd_init_module: sucess to create a netlink socket
00:1c:df:xx:yy:zzcreat_wsc_mac[619] creat/tmp/wsc_mac
start syslog...
syslog_cmd=
cfg1 0xf cfg2 0x7014
unit 0 phy is up...RGMii 1000Mbps full duplex
pll reg 0x18050010: 0x110000  fifo_3: 0x7801ff
done cfg2 0x7215 ifctl 0x0 miictrl 0x22
Writing 4
device eth1 entered promiscuous mode
br0: port 1(eth1) entering learning state
start dhcpd...
start wifi
lock init kwsc_mod
create wsc_cfb entry
create wsc_cfb entry
create wsc_iechange entry
create wsc_userset entry
create wsc_pbc entry
ath_dfs: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_hal: 0.9.14.25 (AR5416, DEBUG, REGOPS_FUNC)
wlan: 0.8.4.2 (Atheros/multi-bss)
ath_rate_atheros: Version 2.0.1
Copyright (c) 2001-2004 Atheros Communications, Inc, All Rights Reserved
ath_pci: 0.9.4.5 (Atheros/multi-bss)
PCI: Enabling device 0000:00:00.0 (0000 -> 0002)
Chan  Freq  RegPwr  HT   CTL CTL_U CTL_L DFS
   1  2412n     20  HT20  1    0    1     N
   1  2412n     20  HT40  1    0    1     N
   2  2417n     20  HT40  1    0    1     N
   3  2422n     20  HT40  1    1    1     N
   4  2427n     20  HT40  1    1    1     N
   5  2432n     20  HT40  1    1    1     N
   6  2437n     20  HT40  1    1    1     N
   7  2442n     20  HT40  1    1    1     N
   8  2447n     20  HT40  1    1    1     N
   9  2452n     20  HT40  1    1    1     N
  10  2457n     20  HT40  1    1    1     N
  11  2462n     20  HT40  1    1    1     N
  12  2467n     20  HT40  1    1    0     N
  13  2472n     20  HT40  1    1    0     N
register_simple_config_callback called
wifi0: 11ng rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: 11ng MCS:  0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
wifi0: mac 13.2 phy 8.1 radio 13.0
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5416 PCI: mem=0x10000000, irq=48 hw_base=0xb0000000
offset =0x404c.
Write 404c: 0000 = 0003
offset =0x4048.
Write 4048: fff8000 = fff8001
wlan: mac acl policy registered
ar5416SetPowerPerRateTable() syn 2412 ctl 2412 ext 2412 is40 0
  6mb OFDM  15.0 dBm |  9mb OFDM  15.0 dBm | 12mb OFDM  15.0 dBm | 18mb OFDM  15.0 dBm
 24mb OFDM  15.0 dBm | 36mb OFDM  15.0 dBm | 48mb OFDM  14.0 dBm | 54mb OFDM  14.0 dBm
 1L   CCK   18.0 dBm | 2L   CCK   18.0 dBm | 2S   CCK   18.0 dBm | 5.5L CCK   18.0 dBm
 5.5S CCK   18.0 dBm | 11L  CCK   18.0 dBm | 11S  CCK   18.0 dBm | XR         15.0 dBm
 HT20mcs 0  11.0 dBm | HT20mcs 1  11.0 dBm | HT20mcs 2  11.0 dBm | HT20mcs 3  11.0 dBm
 HT20mcs 4  11.0 dBm | HT20mcs 5  11.0 dBm | HT20mcs 6  11.0 dBm | HT20mcs 7  11.0 dBm
 HT40mcs 0   0.0 dBm | HT40mcs 1   0.0 dBm | HT40mcs 2   0.0 dBm | HT40mcs 3   0.0 dBm
 HT40mcs 4   0.0 dBm | HT40mcs 5   0.0 dBm | HT40mcs 6   0.0 dBm | HT40mcs 7   0.0 dBm
 Dup CCK     0.0 dBm | Dup OFDM    0.0 dBm | Ext CCK     0.0 dBm | Ext OFDM    0.0 dBm
2xAntennaReduction: 0, 2xMaxRegulatory: 40, 2xPowerLimit: 60
2xMaxPowerLevel: 22 (HT20)
TPC Enabled 1 1 0
ar5416SetPowerPerRateTable() syn 2412 ctl 2412 ext 2412 is40 0
  6mb OFDM  15.0 dBm |  9mb OFDM  15.0 dBm | 12mb OFDM  15.0 dBm | 18mb OFDM  15.0 dBm
 24mb OFDM  15.0 dBm | 36mb OFDM  15.0 dBm | 48mb OFDM  14.0 dBm | 54mb OFDM  14.0 dBm
 1L   CCK   18.0 dBm | 2L   CCK   18.0 dBm | 2S   CCK   18.0 dBm | 5.5L CCK   18.0 dBm
 5.5S CCK   18.0 dBm | 11L  CCK   18.0 dBm | 11S  CCK   18.0 dBm | XR         15.0 dBm
 HT20mcs 0  11.0 dBm | HT20mcs 1  11.0 dBm | HT20mcs 2  11.0 dBm | HT20mcs 3  11.0 dBm
 HT20mcs 4  11.0 dBm | HT20mcs 5  11.0 dBm | HT20mcs 6  11.0 dBm | HT20mcs 7  11.0 dBm
 HT40mcs 0   0.0 dBm | HT40mcs 1   0.0 dBm | HT40mcs 2   0.0 dBm | HT40mcs 3   0.0 dBm
 HT40mcs 4   0.0 dBm | HT40mcs 5   0.0 dBm | HT40mcs 6   0.0 dBm | HT40mcs 7   0.0 dBm
 Dup CCK     0.0 dBm | Dup OFDM    0.0 dBm | Ext CCK     0.0 dBm | Ext OFDM    0.0 dBm
2xAntennaReduction: 0, 2xMaxRegulatory: 40, 2xPowerLimit: 60
2xMaxPowerLevel: 30 (LEG)
start httpd...
ath0
ping: sendto: Network is unreachable
ping: sendto: Network is unreachable
download uses obsolete (PF_INET,SOCK_PACKET)
device eth0 entered promiscuous mode
develop mode
Starting pid 864, console /dev/ttyS0: '/bin/sh'


BusyBox v1.00 (2008.03.31-01:40+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

#

Note: you have enable console in the developer menu to spawn a shell on ttyS0

Rebuilding the firmware, bricking, unbricking:
Belkin GPL sources are quite usable, you can rebuild the factory firmware pretty easily including the modified redboot.
See their GPL site for more info

I made a firmware with TUN/TAP, IPv6, OpenVPN support, but the device failed to boot. As it turned the ar7100 causes kernel panic if IPv6 is compiled in.
There are 2 ways to upgrade the firmware using redboot:
- Generic ^C redboot console method, use it at your own risk, be aware that there are some parts of the flash you should never overwrite.
Detailed flash layout:

:redboot.rom        &00000000
#domain             &0001FF80(1 byte)
#country            &0001FF81(1 byte)
#SN                 &0001FF90(16 bytes)
#MAC                &0001FFA0(6 bytes)
#mac                &0001FF90
##pid               0001FFBA - 0001FFFF
#nvram             &00020000(64K)
:vmlinux.bin.gz     &00030050
:rootfs.squashfs        &0012FFF0
##pid2              003FFFF0 - 003FFFFF
%f5d8232-4.pid      &0001FFFF &003FFFF0
$SIZE               &1000

- SerComm firmware upgrade protocol:
Power on the router while pressing the reset button, so the device will hang in upgrade mode:
"Chance for pushing button, 2 seconds time out!"
You will not see anything after this line
Prepare your firmware file: Just use the unzipped .bin file that comes with the redistributable firmware binary. (details are in my first post)
Follow steps described on this page: http://www.nslu2-linux.org/wiki/Main/Se … areUpdater (I have only tested it with the W32 util, not upslug)

I am not sure if OpenWRT is allowed to create (license-wise or philosophy-wise) a firmware file with the sercomm/belkin binary tools that will allow anyone to flash openwrt via the web interface. As I don't have much freetime I will probably take the easier approach and modify the factory firmware according to my needs rather than porting openwrt from scratch. I also think the LCD feature is cool smile

Post #3
verg0
7 Dec 2009, 10:07

Hi, There is an interesting post by Podly on another forum and he has managed to get telnet working by recompileing the 1.00.16 firmware

I have tried this "patch" and it opens up the busybox console in telnet without loosing the functionality of the LCD screen, hope this helps with developing...


-----------

Could anyone post information, what is problem to port dd-wrt to Belkin N1 vision? It is nice pice of hardware, and many people asked about dd-wrt for it. LCD display is not mandatory for me - I prefer to use N1 with dd-wrt and without LCD if this is a problem.

All sources and tool-chain of orginal firmware are available on belkin www, I compiled it just for fun and added telnetd support via busybox without any problems, but I am not programmer, so porting dd-wrt is too hard for me.

So, what is status of developing right now, and why is it taking so long? What problems developer met?

Hope we will see dd-wrt on N1 vision soon,

Links to source and toolchain from this thread are old and wrong, here is actual link to latest source:

http://www.belkin.com/support/opensourc … GPL.tar.gz

I used it to compile firmware from scratch and added few options in busybox, it is working ok.

If someone can't compile it, here is binary image to put on your belkin n1 vision if you want to have telnet enabled:

http://rapidshare.com/files/304221953/f … telnet.bin

it is 1.00.16 (latest pre-build, ONLY for V1 devices !!!),
telnet access for root is disabled,
login: belkin, password: belkin
and you can su (just do su -l without password) to get root access.

Hope, that this will help with developing.

BTW, hacking LCD like this:
http://hackedexistence.com/project-belkin.html
is VERY EASY, you can do this using www or telnet. Just execute commands:

/bin/echo event > /tmp/lcd/lcd_action; /bin/echo info > /tmp/lcd/lcd_event; /bin/echo YourTextHere > /tmp/lcd/lcd_info;

/usr/bin/killall -SIGUSR1 lcd

and YourTextHere will appear in upper line.

After few minutes LCD will back to normal operation without any additional actions.

cheers


--------------



If you brick your belkin N1 vision when doing some firmware modifications and all you see on LCD is "Download mode..." it is easy to fix:

1. Download orginal firmware .bin
2. Extract it with winrar (there will be only one file inside .bin about 4megs)
3. Download http://www.everbesthk.com/8-download/se … 207_XP.zip
4. Run this tool to put extracted firmare to N1

More about this utility is here:

http://www.nslu2-linux.org/wiki/Main/Se … areUpdater

I checked it on XP 32bit in VmWare and it worked (VmWare network card in bridge mode!)

So, it is easy to mess with firmware image - you don't need JTAG or even RS232 to restore it if something goes wrong (of corse loader in N1 has to be working).

Post #4
adist
12 Jan 2010, 22:12

File access error - I get this message when selecting the firmware files to be updated with Sercomm Update Utility; the files are not set to be inaccessible.

Post #5
dzakic
7 Apr 2012, 01:11

> File access error - I get this message when selecting the firmware files to be updated with Sercomm Update Utility; the files are not set to be inaccessible.

I had this error when trying to upload the zip file. If you extract the .bin file from the zip, it will be accepted.

Post #6
youngfaisal
7 Apr 2012, 17:56

@ dzakic

can you tell me that how to use the firmware of Belkin N1 Vision F5D8232-4 Version 1XXX with the help of Sercomm Update Utility in "Download Mode" and which LAN Port (1,2,3 or 4) will do this whole process perfectly. Actually, I tried several time to use Upgrade Utility in "Download Mode" it was only showing me the LAN Mac Address left side and showing me the current firmware which is 1.0.0.15. If you have any solid solution of the Belkin N1 Vision router let us know and please tell us step by step...thanks in advance

In addition, I also get "File Access Error" so many times. Please tell me how to upgrade old, new or same firmware (which already installed in the Belkin N1 Vision) via Upgrade Utility?

Also let me know what do you mean by "If you extract the .bin file from the zip, it will be accepted." Actually, I don't get it. Please explain me.

thanks once again

(Last edited by youngfaisal on 10 Apr 2012, 08:07)

Post #7
youngfaisal
14 Apr 2012, 07:01

Nobody replied me...means no authentic method discovered yet...:(

The discussion might have continued from here.