I am trying my hardest to install OpenWrt on a Edimax BR-6478AC V2 which does NOT have the Realtek SoC, but a supported MediaTek MT7620A with 2.4ghz plus a MT7612EN 5ghz radio.
I have been able to hack a serial port connection, and have also been able to get the unit into tftp server mode and can upload original firmware ok. I am trying openwrt-15.05.1-ramips-mt7620-uImage.bin with a modified header to trick the device into thinking its an original "CSYS RN68" format file. I am stuck with a correct CRC value but with a 0x00000000 value I can trick the device into flashing openwrt but only the first 14 bytes are written to flash before reboot.
I have downloaded a copy of the full GPL source code for the stock 1.09 firmware and fedora 8 as required to mod the firmware.
Can anyone help with how to get a correct crc/len value for the Edimax CSYS format, the original seems to be file size minus 20 bytes but same format does not work on openwrt .bin's.
Some snippets below.
U-Boot 1.1.3 (Feb 24 2015 - 13:04:02)
Board: Ralink APSoC DRAM: 64 MB
relocate_code Pointer at: 83fb4000
enable ephy clock...done. rf reg 29 = 5
SSC disabled.
spi_wait_nsec: 29
spi device id: c2 20 17 c2 20 (2017c220)
find flash: MX25L6405D
raspi_read: from:30000 len:1000
*** Warning - bad CRC, using default environment
============================================
Ralink UBoot Version: 4.1.2.0
--------------------------------------------
ASIC 7620_MP (Port5<->GigaSW)
DRAM component: 512 Mbits DDR, width 16
DRAM bus: 16 bit
Total memory: 64 MBytes
Flash component: SPI Flash
Date:Feb 24 2015 Time:13:04:02
============================================
icache: sets:512, ways:4, linesz:32 ,total:65536
dcache: sets:256, ways:4, linesz:32 ,total:32768
##### The CPU freq = 580 MHZ ####
estimate memory size =64 Mbytes
#Reset_MT7530
Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
4: Entr boot command line interface.
5: Load ucos code to SDRAM via TFTP Client.
7: Load Boot Loader code then write to Flash via Serial.
9: Load Boot Loader code then write to Flash via TFTP.
You choosed 3
0
3: System Boot system code via Flash.
## Booting image at bc070000 ...
raspi_read: from:70000 len:40
Magic number at 0xBC070000
raspi_read: from:70014 len:40
Image Name: Linux Kernel Image
Image Type: MIPS Linux Kernel Image (lzma compressed)
Data Size: 6836140 Bytes = 6.5 MB
Load Address: 80000000
Entry Point: 8000c2f0
raspi_read: from:70054 len:684fac
Uncompressing Kernel Image ... OK
No initrd
## Transferring control to Linux (at address 8000c2f0) ...
## Giving linux memsize in MB, 64
Starting kernel ...
LINUX started...
THIS IS ASIC
Linux version 2.6.36 (root@localhost.localdomain) (gcc version 3.4.2) #1 Thu Sep 10 14:51:59 CST 2015
*******************
MX25L6405D(c2 2017c220) (8192 Kbytes)
mtd .name = raspi, .size = 0x00800000 (0M) .erasesize = 0x00000008 (0K) .numeraseregions = 65536
Creating 8 MTD partitions on "raspi":
0x000000000000-0x000000030000 : "Bootloader"
0x000000030000-0x000000040000 : "Config"
0x000000040000-0x000000050000 : "Factory"
0x000000050000-0x000000070000 : "Cimage"
0x000000070000-0x000000190000 : "Kernel"
0x000000190000-0x0000007e0000 : "RootFS"
0x000000070000-0x0000007e0000 : "Uimage"
0x0000007e0000-0x000000800000 : "FreeSpace"
***********************
init started: BusyBox v1.15.2 (2015-09-10 14:24:40 CST)
starting pid 24, tty '': '/etc/rc.sh'
cannot run '/etc/rc.sh': No such file or directory
starting pid 25, tty '': '-/bin/sh' console.
Algorithmics/MIPS FPU Emulator v1.5
BusyBox v1.15.2 (2015-09-10 14:24:40 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
************************
>>> Loading 2.4G Wireless Driver
>>> Loading rt2860v2_ap
rt2860v2_ap: module license 'unspecified' taints kernel.
******
>>> Loading 5G Wireless Driver
>>> Loading rlt_wifi
register rt2860
*********
U-Boot 1.1.3 (Feb 24 2015 - 13:04:02)
Board: Ralink APSoC DRAM: 64 MB
relocate_code Pointer at: 83fb4000
enable ephy clock...done. rf reg 29 = 5
SSC disabled.
spi_wait_nsec: 29
spi device id: c2 20 17 c2 20 (2017c220)
find flash: MX25L6405D
raspi_read: from:30000 len:1000
*** Warning - bad CRC, using default environment
============================================
Ralink UBoot Version: 4.1.2.0
--------------------------------------------
ASIC 7620_MP (Port5<->GigaSW)
DRAM component: 512 Mbits DDR, width 16
DRAM bus: 16 bit
Total memory: 64 MBytes
Flash component: SPI Flash
Date:Feb 24 2015 Time:13:04:02
============================================
icache: sets:512, ways:4, linesz:32 ,total:65536
dcache: sets:256, ways:4, linesz:32 ,total:32768
##### The CPU freq = 580 MHZ ####
estimate memory size =64 Mbytes
#Reset_MT7530
Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
4: Entr boot command line interface.
5: Load ucos code to SDRAM via TFTP Client.
7: Load Boot Loader code then write to Flash via Serial.
9: Load Boot Loader code then write to Flash via TFTP.
raspi_read: from:40028 len:6
5: System Load Boot Loader | F/W then write to Flash via TFTP Client.
Warning!! Erase Linux in Flash then burn new one. Are you sure?(Y/N)
Please Input new ones /or Ctrl-C to discard
Input device IP (192.168.2.81) Input server IP (192.168.2.89) Input Linux Kernel filename ()
netboot_common, argc= 3
NetTxPacket = 0x83FE6180
KSEG1ADDR(NetTxPacket) = 0xA3FE6180
NetLoop,call eth_halt !
NetLoop,call eth_init !
Trying Eth0 (10/100-M)
Waitting for RX_DMA_BUSY status Start... done
ETH_STATE_ACTIVE!!
(NetLoop 408) bd->bi_enetaddr = 00:00:aa:bb:cc:dd
(NetLoop 409) NetOurEther = 00:00:aa:bb:cc:dd
Select server or client model: 1/2
server model start
SERVER IP address : 192.168.1.6 port:69
Load address: 0x80a00000
Loading: checksum bad
Got ARP REQUEST, return our IP
Peer IP:192.168.1.220
Got ARP REPLY, set server/gtwy eth addr (bc:5f:f4:fa:03:8d)
Got it
Peer IP:192.168.1.220
#################################################################
#################################################################
#################################################################
####################################
done
Bytes transferred = 1177850 (11f8fa hex)
NetBootFileXferSize= 0011f8fa
****************Parse Head**************
signature=CSYS startAddr=0x01100000 burnAddr=0x00070000 nmodTag=RN68 len=0x00000000
****************CheckSume**************
CheckSum ok!
****************Start Upgrade Kernel**************
raspi_erase_write: offs:70000, count:14
raspi_read: from:70000 len:10000
raspi_erase: offs:70000 len:10000
.
raspi_write: to:70000 len:10000
.
raspi_read: from:70000 len:10000
Done!
## Booting image at bc070000 ...
raspi_read: from:70000 len:40
Magic number at 0xBC070000
raspi_read: from:70014 len:40
Image Name: Linux Kernel Image
Image Type: MIPS Linux Kernel Image (lzma compressed)
Data Size: 6836140 Bytes = 6.5 MB
Load Address: 80000000
Entry Point: 8000c2f0
raspi_read: from:70054 len:684fac
Uncompressing Kernel Image ... OK
No initrd
## Transferring control to Linux (at address 8000c2f0) ...
## Giving linux memsize in MB, 64
Starting kernel ...
LINUX started...
THIS IS ASIC
Linux version 2.6.36 (root@localhost.localdomain) (gcc version 3.4.2) #1 Thu Sep 10 14:51:59 CST 2015