I have acquired a retired Aerohive BR100 which is an Atheros AR9331 based system that seems to be based on the AP121 standard with 16MB flash and 64MB RAM. See https://wikidevi.com/wiki/Aerohive_BR100 for additional details. Apparently Aerohive does not conform to the GPL license and no source is available. Uboot appears to be password locked. See log from console port below:
AP121-2MB (ar9330) U-boot
DRAM: 64 MB
Top of RAM usable for U-Boot at: 84000000
Reserving 210k for U-Boot at: 83fc8000
Reserving 136k for malloc() at: 83fa6000
Reserving 44 Bytes for Board Info at: 83fa5fd4
Reserving 36 Bytes for Global Data at: 83fa5fb0
Reserving 128k for boot params() at: 83f85fb0
Stack Pointer at: 83f85f98
relocating and jumping to code in DRAM
Now running in RAM - U-Boot at: 0x83fc8000
flash size 16777216, sector count = 256
ag7240_enet_initialize...
: cfg1 0xf cfg2 0x7114
eth0: 08:ea:44:05:b6:80
eth0 up
: cfg1 0xf cfg2 0x7214
eth1: 08:ea:44:05:b6:81
athrs26_reg_init_lan
ATHRS26: resetting s26
ATHRS26: s26 reset done
eth1 up
chip #0: First 0x6 last 0x6 sector size 0x10000
^H^H^H^H 6
Hit the space bar to stop the autoboot process: 0
Password:
I can get shell access using the default admin/aerohive credentials. However, the shell doesn't appear to be a busybox shell and appears to be locked down as I could not seem to identify any valid command. Anyone out there have any idea how to determine the Uboot password and/or how to get an actual usable shell? Wikidevi has dmesg output left by an anonymous user that appears to have originated in Germany. I assume from this that someone has determined a way to get shell access to the system.