1 (edited by nih 2007-01-01 08:57:53)

Topic: OpenWrt on a Netgear WGU624

**Update 12/7/06**

As a proof of concept, I successfully flashed the first segment (16k) of the flash chip (MX 29LV160BBTC) where the reset vector resides (0xBFC00000) using HairyDairyMaid's indispensable utility.  I used the following command line from a win32 machine -

wrt54g -flash:custom /skipdetect /instrlen:05 /window:be000000 /start:be000000 /length:4000 /fc:43 /wiggler

However, I needed to byte swap the backup that I had taken. See below.
___




These units are now available for $40 US (refurb) and can operate concurrently in both the 2.4 GHz (802.11b/g) and 5 GHz (802.11a) spectrum.

They sport an AR5312 CPU (dual baseband) and two radios (AR5112A, AR2112A). Operating in 5 GHz is a big plus for those of us who live in densely populated urban areas, where the 2.4 GHz spectrum is getting _very_ crowded.

Now the bad news - only 2M of flash and 8M of RAM.

Now the good news - it supports Bootp on power up (under vXWorks), so you can specifiy your image file(s) with a Bootp host and point the target to an image using a TFTP server, without having to do a serial console mod up front.

I am surprised that this model does not appear on the equipment list under Netgear. It's been around since Q4 '04.

Now that the Atheros AR531x code has been [nearly] ported to OpenWrt it may make sense to consider this unit.

You can find details and pics here - https://gullfoss2.fcc.gov/prod/oet/cf/eas/reports/ViewExhibitReport.cfm?mode=Exhibits&RequestTimeout=500&calledFromFrame=N&application_id=356086&fcc_id='PY3WGU624'.

-nih

Re: OpenWrt on a Netgear WGU624

I was looking at this unit earlier today.  I'll help.  The price is right.

Re: OpenWrt on a Netgear WGU624

Your offer to help is appreciated. Do we need buy-in from the core team?

Re: OpenWrt on a Netgear WGU624

Has there been any advancment with madwifi + Atheros SoC's?

5 (edited by nih 2006-10-03 03:04:50)

Re: OpenWrt on a Netgear WGU624

Madwifi support for Atheros SoCs has been available for some time. Check out these links to see what others have done using the underlying binary HAL -

http://www.netbsd.org/Ports/evbmips/ARIES2_HOWTO.txt

http://www.netbsd.org/Ports/evbmips/



-nih

Re: OpenWrt on a Netgear WGU624

nih wrote:

Now the bad news - only 2M of flash and 8M of RAM.

Now the good news - it supports Bootp on power up (under vXWorks), so you can specifiy your image file(s) with a Bootp host and point the target to an image using a TFTP server, without having to do a serial console mod up front.

Is Netgear WGU624 using VxWorks or this is recently (similar to LinkSys WRT54G scenario)?

Thanks,
~Peter

Re: OpenWrt on a Netgear WGU624

VxWorks.

Re: OpenWrt on a Netgear WGU624

Hi All,

I'll dip my oar into this thread.

There are a couple of issues with Atheros that are holding back the port.

Bootloader: For the WGT624 I have made a redboot image in the past which works and boots a linux kernel fine, sees the flash etc. However I managed to brick my unit, which means I cannot continue any more testing until JTAG is working.

Issue #1: JTAG is not working for writes. Bearing in mind that to get anything useful out of upgrading you have to change the bootloader not having JTAG is a real issue.

Wireless: The Hal as supplied uses the old version of the toolchain. As such does not link properly. You can hack things to use a different architecture than MIPS32, but that's not going to be a problem if we can use the HAL in the fon GPL sources when they release them.

There are patches in buildroot-ng but they are horrendously out of date.

So if one of you can get JTAG working on it, then most of the other bits should fall into place given a prevailing wind.

Re: OpenWrt on a Netgear WGU624

I'm not sure that I understand all of the impediments -

1) The target device is not a WGT624. It's a WGU624 - different animal.

2) For initial testing you should be able to TFTP a kernel and serve the root file system over NFS, as others have done.

3) Madwifi supports the AR5312 CPU and Atheros radios.

4) There is no reason to replace the boot loader. The VxWorks boot loader works just fine - (maybe)

5) JTAG may also work just fine with a WGU624. Let's find out.

A preliminary evaluation is in order here.

-nih

Re: OpenWrt on a Netgear WGU624

1. WGT and WGU 624's are pretty similar, only the radios are a bit different in the main and the cpu revision but nothing major. The wgu624 and wrt55agv2 are effectively identical except for ethernet switches.
2. Not in production you can't.
3. Try building the existing ar531x stuff in the tree without modification.
4. Ask db90h why he changed the bootloader on wrt54g v5's. It doesn't provide a sensible interface to flash for normal non-test cases.
5. Be my guest. I didn't get it to work for writing flash. Reading works ok.

Ok, about status. I submitted the patches a long long time ago, back in revision 2781 (25th December 2005) so you can disbelieve me if you like, but most of these issues have been around since then. Some are intrinsic and require the assistance of Atheros or other parties. Some are because we haven't found the right spell to make it all work. The patches do work and make buildable kernels which boot fine, and with a little modification can be made to include an initrd etc, but it's not good for a final solution.

11

Re: OpenWrt on a Netgear WGU624

malbon,

Looks like Atheros has come around on the ahb bus issues -

http://madwifi.org/ticket/886 - We are one step closer.

Do you or does anyone else have a handle on the JTAG problem? Does this affect all Atheros WiSoCs, or is it flash chip related?

-nih

12 (edited by nih 2006-10-12 18:35:47)

Re: OpenWrt on a Netgear WGU624

I just got the serial console up and running (receive only) - Here's the result of a cold boot -

Atheros AR5312 serial port testing1...                                      
Atheros AR5312 serial port testing2...                                      

Atheros AR5312 Post entry...                            
Atheros AR312 post code ver : V1.20                                   
FlashProtectCheck Ok...                       

Atheros AR5312 Jump to Normal code...                                     

Atheros AR5312 serial port testing8...                                      
Atheros AR5312 serial port testing9...                                      
N_INTERFACE : 7               
product_name: RP614v2                     
Product Version: V1.0.1.11EN                            
-->Static Turbo + Super[0]                          
Super Enable[1]               
wlan0 macaddress : 00-0f-b5-39-03-05                                    
apCfgRadioCheck               
wlan1 macaddress : 00-0f-b5-39-03-06                                    
apCfgRadioCheck               
wireless access point starting...                 
wlan0 Ready           
wireless access point starting...                                 
wlan1 Ready           
Ready     
wlan0 revisions: mac 5.7 phy 4.2 analog 3.6                                           

-----------------------                       
Country Code: US                
Operation Mode: Access Point                            
Wlan State: Enabled                   
Radio Frequency: 5760 MHz (IEEE 152)                                    
Auto Channel Select: Disabled                             
Data Rate: best               
Antenna: best             
RADIUS IP:          
SSID: whiteA            
SSID Sup. Mode: Enabled                       
Beacon: 100           
DTIM: 1       
Frag. Threshold: 2346                     
RTS/CTS Threshold: 2346                       
Tx Power: full              
Current Tx Output Power 20.0 dBm                                
Compression Scheme: 0                     
Compression Window Size: 4096                             
Group Key Update Interval: 300 seconds                                      
RADIUS IP: 0xa643205                    
Port: 1812          
LAN IP: 0a643201                
wlan1 revisions: mac 5.7 phy 4.2 analog 4.6                                           

-----------------------                       
Country Code: US                
Operation Mode: Access Point                            
Wlan State: Enabled                   
Radio Frequency: 2462 MHz (IEEE 11)                                   
Auto Channel Select: Disabled                             
Extended Channel Mode: Enabled                              
Data Rate: best
Antenna: best
RADIUS IP:
SSID: whiteG
SSID Sup. Mode: Enabled
Beacon: 100
DTIM: 1
Frag. Threshold: 2346
RTS/CTS Threshold: 2346
Short Preamble: Enabled
11g Only Allowed: Enabled
Basic 11g Rate Set: (1, 2, 5.5, 11, 6, 12, 24)
Tx Power: full
Current Tx Output Power 20.0 dBm
Compression Scheme: 0
Compression Window Size: 4096
Group Key Update Interval: 300 seconds
RADIUS IP: 0xa643205
Port: 1812
LAN IP: 0a643201
--->MBuff : 325, Heap: 516672

I havn't figured out how to interupt the autoboot countdown - yet.

-nih

13 (edited by nih 2007-01-01 09:39:27)

Re: OpenWrt on a Netgear WGU624

There are two 2x7 unpopulated pads for an EJTAG probe (located near the antenna) and serial console (located near the memory chips) ports. The serial console pinout appears to be as follows -



1 - nc    2- rxd  [serial in to the uart]
3 - txd   4 - nc
5 - gnd  6 - nc
7 - rts   8 - cts
9 - ?     10 - gnd
11 - Vcc 12 - gnd
13 - nc   14 - gnd

Console setup is 115.2,8,n,1

Pin-9 requires a resistor at the R227 pads to connect back to the cpu chip and its connected to GPIO_7 along with the System LED and configured as an output.
It's probably not required for most typical applications.

To sum, we should be good to go with GND, TXD, and RXD.

EJTAG pinout is as follows -

1 - trst    2 gnd
3 - tdi     4 gnd
5 - tdo    6 gnd
7 - tms   8  gnd
9 - tck    10 gnd
11 - rst   12 gnd
13 - dint   14 Vcc

TRST, TDI, TMS, and TCK have 10K pulldowns. Five 100 ohm resisters for HairyDairy Maid's debrick utility, or Macraigor's OCD Commander, are all that are needed to get JTAG working.

TRST needs to be tied high for debrick, and OCD C should be configured for MIPS/4Ke.
For flashing the base/window needs to be configured for BE000000, as the BFC00000 alias is read only.

I'm not sure what switch is on this unit -since a heat sink is sitting on top of it.

The wiSoc is the FREEDOM chip of 531x family, and its running at 220MHz.



-nih

Re: OpenWrt on a Netgear WGU624

Hi folks,

is possible to use BOOTP and TFTP to downgrade WGU624 with the original firmware 1.0.1.11 after an upgrade to version 2.0.1.1? Using the standard WEB management tool is impossible... How can I do it?

Best Regards

15 (edited by nih 2007-01-01 09:44:31)

Re: OpenWrt on a Netgear WGU624

Update: Downgrades work ok.

I have never tried to downgrade from the rev. 2.x firmware to rev. 1.x. Clearly, Netgear and your Regulatory Authority don't want you to revert back to a code base that is prone to abuse, and doesn't comply with the regs.

If anything, we need to encourage the vendors to work with us. That said -

1) When you power up the unit, it issues a broadcast bootp request on the lan ports using 00-40-33-00-00-01 as its mac address- you should confirm this with a protocol analyzer.

2) Have your bootp/dhcp server provide the target with an ip address for itself, the ip address of your tftp server, and image file name (any name will do) in the bootp response - notice that the target accepts the ipaddress and requests the image file name that was specified. This too should be confirmed with an analyzer.

3) The target will use its tftp client to download the image file and will flash it - all in one step.

4) Wait a few minutes for the status LED to continuously blink (yellow/green), signifying that the flashing has completed.

5) Recycle power and you should be good to go.

Caution: Anyone attempting to do this is doing it at their own risk - if you brick the router, you are SOL.

-nih

Re: OpenWrt on a Netgear WGU624

Thanks nih, your information is all right!!! I didn't try to downgrade using this method because I'm affraid the original firmware (got from netgear) is not in a raw format. I think will be a good idea to try it in a processor emulator before send it over TFTP. Does anyone know if there is a processor emulator for the processor used in WGU624? Where can I get the datasheet for this processor? I looked for it, but no luck.

Best regards

17

Re: OpenWrt on a Netgear WGU624

edulago wrote:

I didn't try to downgrade using this method because I'm affraid the original firmware (got from netgear) is not in a raw format. I think will be a good idea to try it in a processor emulator before send it over TFTP. Does anyone know if there is a processor emulator for the processor used in WGU624?
Best regards

edulago,

I assume that that you are posting to this forum because you either want to contribute to, or benefit from, the OpenWrt initiative. Am I correct?

If this is not the case, and you are just looking for technical info from the knowledgeable folks who hang out here that is also ok - subject to forum policy of course.

So, what exactly are you trying to accomplish and what is your budget?

-nih

Re: OpenWrt on a Netgear WGU624

Hi, nih,

I got interested in OpenWRT when I upgraded my router to Netgear' s firmware 2.0.1.1. I would like to help you with this port, but I really worried about brick my router. I was asking you about these technical details because I can't brick my only unit (and it is the router of my home office), so I think is a good idea to have a contingency plan.

How can I enroll this project? What are the next steps?

Best regards

19 (edited by nih 2006-11-11 22:28:46)

Re: OpenWrt on a Netgear WGU624

edulago,

If you want to help you can either

a) donate a WGU624 to the developers - http://forum.openwrt.org/viewtopic.php?id=2916.

b) get the console to work on your WGU624

c) get flash backup and restore working over JTAG.

Everything you need to know is out there on the Net. It's just not all in one place.

And of course, read through the OpenWrt documentation - http://wiki.openwrt.org/OpenWrtDocs

What is your technical background?

-nih

Re: OpenWrt on a Netgear WGU624

Hi nih,

I'm graduated in computing science with a good knowledge in hardware design and low level programming. Now I'm enrolled in a mastering degree in computing science. I have a good knowledge in linux, c/c++ and asm.

Best regards

21 (edited by nih 2006-11-16 14:33:47)

Re: OpenWrt on a Netgear WGU624

edulago wrote:

What are the next steps?

edulago,

You need to solder headers for the EJTAG and serial ports. With the EJTAG port you can connect to the MIPS 4Kc core and from there you can knock yourself out. You can use emulators and debuggers from MIPS, Wind River, and others.

Take a look at the eCos sources for the Atheros AP30 reference design as well as the recent netBSD port for the AR531x devices.

You will also need a probe - (buy or build). You can build an unbuffered wiggler cable and use it with Macraigor's OCD Commander (freeware). Read the system base registers and you will have a valid memory map for the board.

Pretty easy.

-nih

22

Re: OpenWrt on a Netgear WGU624

malbon wrote:

So if one of you can get JTAG working on it, then most of the other bits should fall into place given a prevailing wind.

JTAG seems to be working for me. However I needed to reorder the bytes of my backups.

Using HairyDairyMaid's de-brick utility (v4.8, win32 executable) I noticed that each word, B1,B2,B3,B4 would be backed up as B4,B3,B2,B1, but would be flashed as B3,B4,B1,B2.

So if you backed up and then flashed the first word at location 0xBE000000, which is 0x1000000F you would wind up with 0x000F1000.

After byte swapping, I was able to restore my bricked unit -

Command line: wrt54g -flash:custom /skipdetect /instrlen:05 /window:be000000 /start:be000000 /length:4000.

-nih

23

Re: OpenWrt on a Netgear WGU624

Still, I can't get a CLI. Anyone know why?

Is it common for the vendors to disable the cli in the software?

Can anyone help me with this?

-nih

Re: OpenWrt on a Netgear WGU624

Any development on the WGT624 or WGU624?

25 (edited by SoulDeaD 2007-01-12 11:04:22)

Re: OpenWrt on a Netgear WGU624

I am not good in embedded and system programming, but i have a desire to start, and i have a WGT624 too, so i started to search for information in internet and found that:
http://www.freewrt.org/trac/wiki/Documentation/Hardware/NetgearWgt634u
I hope it will help you, and i would like to ask, is there a way to help you find that CLI, and what is it.