Its typical Indian OEM brand with no specific model no but the board is manufactured in china. Actually the device is manufactured by Indian OEM and supplied to local ISPs and so the firmware is also proprietary.

I was able to find a similar predecessor model data sheet from the OEM website, link below. https://yadi.sk/i/XLPHAHxO359LHz

And also a quick research gave me a link to the list of models of similar SoC and I'm hoping there should be a way.
https://wiki.openwrt.org/toh/tp-link/tl-wr740n

My model has following hardware,

- Atheros AR9331-AL3A (400Mhz CPU )
- Etrontech EM6AA160TSC-5G (SDRAM 16Mx16 200MHz)
- Macronix MX25L6406E (64M-BIT) 8MB CMOS SERIAL FLASH

My hardware pic https://yadi.sk/i/ka9EzIku359dp8

I have a feeling that builds that work for TPLink WR740N may work with some tweaks.I'm gonna try the TFTP method and see what I can get from it.

Edit: I have found another model which is also closer, https://wiki.openwrt.org/toh/alfa.network/hornet-ub .

I've followed 2 guides below with openwrt-15.05.1-ar71xx-generic-hornet-ub-squashfs-sysupgrade.bin

https://www.youtube.com/watch?v=wCwBvoueBG4

https://wiki.openwrt.org/toh/alfa.network/hornet-ub

But trying those wiki and video guides didn't quite help as I'm now getting this BAD MAGIC NUMBER 1 error and I guess something wrong with Uboot as well as memory address calculations. I'm a noob in doing memory calculations so I better read myself or get some pro help before going for next attempt.

I also suspect I'm facing similar issue like this guy in the post

https://forum.openwrt.org/viewtopic.php … 80#p250080

And below is the UBoot log which I saved it when I had working OEM firmware

https://codeshare.io/G6vWgG

Please advise.

Thanks

Anyone please help?

Sorry for bad English.

OpenWrt is not going to work.
16 MB of RAM replace on 32 or 64 MB. Little space in RAM to work with OpenWrt.

Thanks for the reply. But AFAIK the min hardware requirements for OpenWRT is 4/8 or 8/16. So it should work as long as I use a build with bare min packages. I only need this to work as WiFi Repeater/AP and nothing more. As I've another OpenWRT router to use in combination.

(Last edited by i0s on 2 Jan 2017, 21:17)

I guess it has 32MB: 16Mx16 = 16Mx16bit = 16Mx2B = 32MB
BTW, the codeshare page doesn't show anything.

Yes you're right. I just found the datasheet http://www.etron.com/manager/uploads/EM … rev1.3.pdf

Not sure why codeshare is not showing up on your end but I can here. Anyway, try this pasted link http://pasted.co/4ea3c269

BTW, the actual log is bit long I've cut short to the ones required and if you think you need full log then please let me know.

(Last edited by i0s on 2 Jan 2017, 22:29)

@ios

before I am starting, I dint know about memory calculation but I know few about this device.

it a telenet cpe device with ar9331 chip

its ip is 192.168.0.254

we can telnet it to 192.168.0.254 with user : root pass : 5up

it has busybox installed and have got user pass for the gui mode with the command cd /tmp   and cat .apcfg

In the file find WUSERNAME for user and pass

it has in build function to work as a ap but it was disabled in firmware gui web mode but we can enable it in unix telnet

if can please let me know how to activate the ap mode in telnet

I think you can use it as you have mentioned above by enabling this ap mode.

Hi,

Sorry, can't help you and think its too late now as I've messed up with the boot image. So my device is not booting as expected and the only access I've now is serial. I've tried telnet and ssh and both gave me operation timed out.

Unless I fix my boot image and make it work I can't access the telnet. However I can still get all the important user and password details from serial log.

All I need now is someone expert in bootloader and firmware of AR9331. I've contacted one expert via email before xmas but havent't got any reply till now.

BTW, this is my short serial log and when I gave the TFTP command it shows the IP assigned.

http://pastebin.com/JZCJ1EK0

All we can do is wait and watch for some expert advice

thanks for the reply!

As I have worked on this yesterday I have came accross the atheros command line

link
rallion.bitbucket.io/commands/ap_command/documentation/user/apcommand_command_line.html

rallion.bitbucket.io/commands/ap_command/documentation/user/atheros_files/apcfg.html

where cfg -a <settings> command have worked to set AP_MODE as a dual, standard, or repeater

for eg: cfg -a AP_MODE=standard (this give me Access point configuration)
           cfg -c (after any settings done have to commit it)

and every thing worked as per requirement.

but unfortunately I have also messed up my device!,

after showing the ssid in my mobile It cant optain ip for it so I changed my router from static to dhcp and thats all I cant telnet or use web interface to work with it.

I know this will happen after selecting DHCP but I was thinking reset will be the option, but unfortunately reset not working tried 30-30-30 reset also but no use

can you tell me how to get the ip assigned to it by tftp or any method to get telnet work

OR

can you suggest any other method to reset this device. or any method to backup firmware and re flash it.

______________________________________________________

EDIT 1:

Its not AP_MODE its AP_STARTMODE

(Last edited by shankar4kv on 25 Jan 2017, 12:47)

Ubiquiti airgateway has the similar Ram etrontech, if possible try flashing it!

wiki.openwrt.org/toh/hwdata/ubiquiti/ubiquiti_airgateway
wikidevi.com/wiki/Ubiquiti_Networks_airGateway

Nice
You've got something to progress!. I'm not pro in these linux based firmwares but I'll try advice what I learned. I've a strong feeling that If some expert here in forums join you then you're off to go well

Could you tell me how you changed the protocol from static to dhcp?

Nice fine and thanks for that

The problem here is we've to figure out correct memory location to flash the firmware or else we will blindly wipe off other critical partitions and end up with no where. Thats what I did I belive but not confirmed and I need some pr to take a look at my serial log.

It's good idea to backup the firmware but I didn't take it serious so I'm lost. But, I strongly advice you to make a wise move without messing up the firmware as you got at least something to work out. But,If you mess up with memories then no one can help I guess. So better be careful.

Also, If possible please post your problem in DD-Wrt and LEDE forums and other atheros hardware forums where I believe you can get good response than here. OpenWrt communiy is not as active as it was before.

I logged in to the web UI to change static to dhcp in network.

I think that I have changed the network mode from bridge to router so only I cant connect to router.

is there any option to factory reset the device with tftp method?

and

is there way to backup firmware, because there is no option to backup firmware in the web UI

and

is there a way to get the ip assigned to the router

(Last edited by shankar4kv on 24 Jan 2017, 10:12)

As you have told to make a post in ddwrt

dd-wrt.com/phpBB2/viewtopic.php?p=1042634

I have already made a post aug month of 2016

since then I was lonely with this device, no one helping out, suddenly I found you so only asking to many questions to you.

Hehe, I understand but still you're alone as you only joined another noob and thats me

Anyway, try setting up a Static IP from the device you're doing telnet and see If you can access. If in case it works then use the following commands in telnet to reset.

erase nvram
reboot

or

mtd -r erase nvram

PS: I'm not sure whether there is command for TFTP to factory reset AFAIK we can only flash a bin file and reset the firmware.

(Last edited by i0s on 24 Jan 2017, 10:51)

Ok thats not bad and think you've to go further and narrow down the question because you're question is broad to answer. As of now you've some progress and know some things and from now on its better to breakdown the questions and post them. The main reason is its not a popular router and so we've to post the questions based on the internal hardware.

Posting specific to hardware will be more helpful in times when you're posting the forums dedicated to particular brand.
So, as you said there is Ubi device, I would pretty much try posting it there by mentioning the SoC and RAM rather the model no. Also, you may have to face some No's as they don't support thirdparty firmwares like OpenWRT and at that time you've to ask them If they can help you get airOS and see what they say a u turn is likely!

(Last edited by i0s on 24 Jan 2017, 11:10)

Good news the device is up and now running with stock firmware as rootap (WDS Mode AP).

If needed I may give you the firmware or the boot image, to boot your device. searched for the busybox command to backup but cant find any.

Great Work!!!

Well,I could have the firmware but not really sure If I can flash it via TFTP correctly unless you can guide me.

give me full log, will try to figure out what is the problem.

(Last edited by shankar4kv on 2 Feb 2017, 07:49)

I can only get you 2 logs form serial console which I saved before and after TFTP firmware flashing. So,I hope those 2 can give you an idea and If you know any other way to pull the log then do let me know I'll try and get it for you.

Here are the 2 logs
http://pasted.co/55707fbf
http://pasted.co/30ca2819

Thanks

I am not a pro in this but, I think I have some loop to boot the device.

and my assumption is that I think you have done something wrong when flashing device because finally it shows telenet in the log.

the problem is the root file system (rootfs) has the wrong checksum inside so it cant find the nand flash,

possible solution from my side is,

using putty (the one it shows in the video)

give command

reset

once it says Hit any key to stop autoboot

hit any key and give command

nand read 0x9f6f0000 kernel

if you find something like this

NAND read: device 0 offset 212992, size 2097152 ...  2097152 bytes read: OK

then give command

bootm 0x9f6f0000

if you dint find nand read then give command

nand read 0x47f4850b 0x47f4850b.

nand read 0x9f310000 kernel

nand read 0x9f6f0000 kernel

nand read 0xcf3dd921 0x33cc33cc

boot or not boot give me all command log.

@ios did you got any update?

(Last edited by shankar4kv on 8 Feb 2017, 16:41)

Hi,I found the chip like you say(ar9331),But I don't have you use it. Can anyone help us?