OpenWrt Forum Archive

Post #1

dabyd64

16 Sep 2012, 04:19

Last day I bricked my 740nv4 by upgrading openwrt.
The sysupgrade command went ok, but in the end it didn't reboot, and the router was totally freezed.
After 10 minutes, I rebooted it, and it was bricked in a u-boot loop due a corrupted flash image.

The big problem was that I hadn't any usb-serial adapter (it burned, it was from ebay, cheap quality... ), and my laptop (logically) doesn't have serial port, so I had to get the car and do a 20minute travel to my parents's house, just for fixing the router in my PC, 2 minutes with 3 u-boot commands.

Due this, I thought how to do fix it next time without having to buy another serial converter, or go back home.
After a bit of brainstorming, I came with the idea of using a small PIC, connecting it to the serial header and powering from it.

Its role is to parse the serial output of the console, and put the recovery commands.
The hardware is really small and cheap: a PIC12F1822. Small, but can run at 32MHz (8MIPS).Had it free from Microchip samples .

And almost nothing else is needed, just a small capacitor for giving a stable voltage to the pic, and the female header to connect it to the router.
This are the parsing strings it does search, and what it do after it find them:

"Autobooting in 1 seconds" -> Put "tpl" to enter the command line. Wait for "hornet>"
"hornet>" -> Put "tftpboot 0x81000000 firmware.bin" (the bin file you want to load should have this name)
"Bytes transferred = xxxxxxx (ssssss hex)" -> OK, download finished. Parse and save the "ssssss" (firmware size) for the erase command. Wait for "hornet>"
"hornet>" -> Put "erase 0x9f020000 +0xssssss"
"Erased nn sectors" -> OK, erase finished. Wait for "hornet>"
"hornet>" -> Put "cp.b 0x81000000 0x9f020000 0xssssss"
"done" -> OK, copy finished. Wait for "hornet>"
"hornet>" -> Put "reset" to restart the router, recovery finished
And always checking for:
"Uncompressing Kernel Image …" -> Oops, too late, it's already booting! Stop and do nothing!

And a small image of how it would be if I had done it in a good way:

The truth is that I will bend the pins and solder everything together without PCB, the dirty cheap way

As u-boot is used in lots of routers, and the syntax is the same, this little thing could be useful for them all.

You only need to configure your computer LAN IP (usually 192.168.1.100) and start your TFTP server with the "firmware.bin" file.
Then plug the PIC-Recovery (for calling it something) and power the router. 15 seconds later it will reboot and done!

Now the funny story is that I got the chips, the soldering iron and everything else at my parents's house, so I will have to go there again .
For now, I have simulated it and it works like a charm
If anybody likes this and want to do it himself, let me know and I will send the hex / source files (in C, Hi-Tech compiler).

(Last edited by dabyd64 on 17 Sep 2012, 13:55)

Post #2

mips

17 Sep 2012, 13:17

it burned, don't ask me why, it's chinese quality... the worst

Please don't cliam like this,you will hurt many guys in this forum.
I admit in current stage,many product from our country with poor quality.But time will change this,because there are also many smart guys in china.

Your project is cool and can be another way to recover the board.Some times we need another choice,that means good life and freedom.

(Last edited by mips on 17 Sep 2012, 13:18)

Post #3

dabyd64

17 Sep 2012, 13:53

Sorry if offended you, it wasn't my intention.
I don't say that all chinese products are bad quality. But 95% from ebay...yes.
Buy a led lamp, its says 9w but is will be 3.
Buy a charger that says it can ouput 3Amps but it will only 1 and get hot.
Buy a battery that claims to be 1800mah and will be 1200...
Almost everything is fake.
A seller said to me that even the factory tricked him, giving a real 9w led for testing, but 3w when he bought 500 for selling in ebay.
Of course, I'm sure that there are honest sellers.

(Last edited by dabyd64 on 17 Sep 2012, 13:56)