gives, "File Format error"

Hi,

I bought fake Altera Usb Blaster. Pinout: http://www.digital-circuitry.com/IMAGES … pinout.jpg

And hg655d pinout : http://oi57.tinypic.com/28wovb8.jpg

which pin, which pin belongs to?

http://s2.postimg.org/5339kf4eh/drawing.jpg

nTRST sometimes is needed, others it doesn't, first probe without nTRST connected. If it doesn't work then connect nTRST

OK I soldered the Jtag.  Right now it's saving whole flash using

zjtag -backup:custom /window:18000000 /start:18000000 /length:800000

which is quite tedious.

How can I determine the right window, start and lengte parameters for the only the CFE.  Am i right to use

zjtag -backup:custom /window:18000000 /start:18000000 /length:20000

right

Thanks danitool ! I will try.

Flashing CFE_HG655b-OEM_nvr.bin using Jtag results in a working state.
Upgrading to OpenWRT within CFE is still not possible Not clear why.

I tried erasing CFE flash space, and that resulted in a non working brick.
Reflashed CFE and it's alive again. So I can conclude my cable thingy works.

Now I try to flash whole OpenWRT binfile using Jtag

zjtag -flash:custom /window:18000000 /start:18000000 /length:800000

edit: don't do this,  command doesn't work for firmware files

(Last edited by nederfox on 20 Feb 2015, 10:32)

Is the utility managing correctly the endianness?

zJTAG is aware of endiannes at least in v1.8, try using the flag /BE, when flashing. Check with the hex editor the backup, you should see some readable strings if the endianness is correct

Sometimes the previous loaded CFE decides to mess the jtag flashing. Erase CFE before flashing next CFE to avoid this problem.

Edit: ok I thought the fratzicu's CFE didn't work. It works but still doesn't flash, this has no sense. BTW that CFE is limited, AFAIK it only allows flashing via web  interface.

(Last edited by danitool on 20 Feb 2015, 01:53)

Yup I erased before submitting the flash command. Using zjtag 1.5
At the beginning of my CFE dump I found something readable like

192.168.1.1 h=192.168.1.100 g=r f=vmlinux i=bcm963xx_fs_kernel d=1 p=0

Use the CFE web interface for flashing, this CFE still has some limitations. Use firefox, with a clean cache, it should work.

Another possiblity is, the problem is at the end of the flash... so erase the end, but not the cal_data.

I have some problems nTRST is connected and not connected.

but quartus shows device :

(Last edited by vurulkan on 20 Feb 2015, 12:21)

To get rid of crap, I erased all flash using Jtag. This resulted in a temporary brick.
After that, I flashed again your  CFE_HG655b-OEM_nvr.bin file. And...guess now...the transplant CFE is working!
Edit: Yes I flashed using CFE web interface

I can boot OpenWRT BB now. Unfortunately Wifi is yet not functioning.

Reflashing stock FW results in working Wifi. Any ideas? Missing cal_data?

(Last edited by nederfox on 20 Feb 2015, 10:27)

Yes, you destroyed your cal_data partition. For restoring

- Generete a bin file with the cal_data. At your computer execute

echo '6230010072D15E0DAD6C623014180180000062301418000001006AFF0C00FFFFFFFFFFFFB092FFFFFFFFFFFFFFFFFFFFFFFFFFFF22082400FFFF1601FFFFD9FACC88FFFF0DFF0000030000000000FFFFFFFF0E0F0F0F10101010100F0F0F0F0F0C0C0C0C0C0C0C0C0C0B0B0B0B0BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF555588887777666666666666666666666666FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF068693' | xxd -r -p > eeprom.bin

- Now transfer the **eeprom.bin** file into your router and flash the **cal_data** partition

mtd write eeprom.bin cal_data

- **Restart** Openwrt and check if wifi works.

BTW, you should use your original cal data partition. Can you post your backup, I only want to check if the cal data lives in the same offset. Or do it yourself, just check if the you have similar bytes at offset 0x7C0000. You can cut these data from your backup (512 bytes length), and flash it either via JTAG or else in OpenWrt with mtd command.

(Last edited by danitool on 20 Feb 2015, 10:48)

Danitool Great! You are absolutely right cal-data was destroyed. I found back the cal-data at 7c0000 in my full flash backup.
I took data from 7c0000  to 7c01f0 (last line reads FF 06 86 93).

In OpenWRT:

cat /dev/mtd4|hexdump

is now starting with

6230 0100 ....

Ans the last 2 lines read:

FFFF FFFF ... FF06 8693
FFFF FFFF ... FFFF FFFF

Wifi is still not working. 
Shoud I cut the last this line, as shown in your example?

I'l try your latest BB build. Maybe I'm using the previous one without wifi support

Edit Hint; it seems like

 ieee80211 phy0: Selected rate control algorithm ...

is missing from dmesg.

Edit2: Wifi is working now! using latest build w/ Wifi support

(Last edited by nederfox on 20 Feb 2015, 12:13)

Nice to read it finally worked .

I've built a custom CFE for this router. It might be more friendly for firmware flashing.

CFE_HG655b-CUSTOM.bin

After flashing you need to set the board ID to HW65x, since it has no config in the nvram. Let me know if this bootloader works.

vurulkan: no idea about your problem, I never used an altera usb blaster jtag cable. Not sure if supported by zjtag/brjtag. But supported for sure by UrJTAG under linux. You can test if all is connected OK with UrJTAG. The wiki shows an example of working with UrJTAG and the USBLASTER adapter http://wiki.openwrt.org/toh/huawei/hg655d#urjtag
just replace the first line by

cable usbblaster

Thanks Danitool ! At least some Huawei 655D modems from Dutch ISP Online contain a heavily restricted CFE bootloader, which won't let you flash OpenWRT. I wanted to convert this thingy to a wireless access point which didn't work properly in OEM FW.

For reference to anybody who wants to flash OpenWRT:

Make a simple LPT Jtag cable: scheme and connect (solder) it to TDO, TDI, TMS, TCK and GND which are on the PCB. Find the Jtag header at J5. Photo showing those 5 little dots 1cm left to the text HG655... Use zjtag 1.5 mentioned in this forum and get zjtag here. Get CFE_HG655b-OEM_nvr.bin mentioned here. Important: make backup of existing cfe. This generates a CUSTOM.BIN.SAVED... file:

zjtag -backup:custom /window:18000000 /start:18000000 /length:20000

For safety, you could make a backup of whole flash: (took me about an hour which is quite a long time)

zjtag -backup:custom /window:18000000 /start:18000000 /length:800000

Erase cfe flash. Do not erase whole flash, or you lose your wifi calibration data.

zjtag -erase:custom /window:18000000 /start:18000000 /length:20000

Rename CFE_HG655b-OEM_nvr.bin to CUSTOM.BIN and Write to flash:

zjtag -flash:custom /window:18000000 /start:18000000 /length:20000

Flashing OpenWRT:
Power off the modem. Hold RESET down and power on. Keep holding RESET down until Power led turns off. Give your PC a fixed IP address, e.g. 192.168.1.10 netmask 255.255.255.0 and surf to 192.168.1.1. You should get the CFE web interface asking for new firmware. This image worked for me. Mentioned here. Adjust network interface MAC address to the to MAC you can find on the cabinet via Luci: Network, Interfaces, Edit, Advanced settings, Override MAC address. To turn LAN1 port into WAN port: see post 204.

Edit: Thanks Danitool and small typo

(Last edited by nederfox on 20 Feb 2015, 16:19)

Where does one do that? Also how does "infrared reflow" translate into romanian?

Hi,
It's nice to see you guys are still working on this device. What usb jtag cable and software do you reccommend for the flashing? I didn't do this until now, but I would like to learn how to do it.

Hi, what do you mean by the last words labeled as "edit2"; what does it mean w/ Wifi support? what packages did you select?
Regards

In my device that works I have the following lines:

[   11.596000] ieee80211 phy0: rt2x00lib_request_eeprom_file: Info - Loading EEPROM data from 'rt2x00.eeprom'.
[   11.604000] ieee80211 phy0: rt2x00_set_rt: Info - RT chipset 3572, rev 0223 detected
[   11.612000] ieee80211 phy0: rt2x00_set_rf: Info - RF chipset 0008 detected
[   11.624000] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
....
[   22.668000] ieee80211 phy0: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2860.bin'
[   22.896000] ieee80211 phy0: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.34

If you have a parallel port, i recommend a WIGGLER buffered cable, a custom made clone, since the original is too expensive. You can also use an unbuffered cable, the typical DLC5 for hairydairymaid, but you are limited to lenghts less than 15 cm. These cables are totally compatible with any software.

If you don't have a parallel port, well, the Altera USB blaster clone is ok, but some utilities didn't add support for it. This cable is fantastic and cheap, you can even flash SPI memories. But as I said it lacks support in some popular debricking utilities.

It's also possible to use a raspberry pi, there is somewhere in internet a ported Tjtag to rpi. It might be also possible to use another router as a JTAG adapter, but I guess nobody made any attempt in this way.

Hi, Danitool,
I tried to compile a new image from your github branch. Somehow in my kernel log it doesn't seem to try to detect the wifi chip. I tried in make menuconfig with the target profile broadcom wifi (default) and also with ralink wifi. In my working device it says that enables a pci device: rt2800pci and loads eeprom data from rt2x00.eeprom. After that it detects RT chipset 3572 rev 0223 and RF chipset 0008. So what do I need to select in make menuconfig in kernel modules? Also, in your instructions you write "make kernel_menuconfig". I didn't use that before. What entries are most important to be selected?
Kind regards.

Hmmm... I googled a little and I'll try with rt2x00-lib and debug output enabled and rt2800-pci... and rt61-pci... let's see...

Edit: of course... not working. I got in touch with a guy that repairs routers to check if the wifi chip is damaged

(Last edited by fratzicu on 22 Feb 2015, 00:09)

The ralink profile doesn't include the wifi chip of this router. You need to select manually kmod-rt2800-pci kernel module in the menuconfig, it's located under the kernel modules submenu, and wireless submenu.

You don't need to do anything in the kernel_menuconfig, you can customize your kernel by disabling some stuff, or enabling some features for your requerimentes, or do nothing, just exit.

Is there a reason why I'm missing packages from the software repo? I can't install lighttpd due to unsolvable dependencies.

EDIT: forgot to mention that I'm using the firmware posted by danitool here.

(Last edited by andoru on 22 Feb 2015, 00:52)

Hi fratzicu, Wifi was probably not working because I used an outdated OpenWRT build. After flashing this version, wifi works. And I'm a happy user of a cloned CFE from your device