ciao,
ho seguito guida per accedere in telnet e poi ho cercato un po' di capire come funziona (per almeno rendere permanenti le modifiche che si possono fare via command line, ad es. al firewall come descritto nella guida di julian
Riporto qui un po' di info sperando che poi qualcuno che ne sa più di me possa darmi qualche dritta:
Partiamo dal boot:
HELO
CPU0
PMCM
PMCS
PMCD
CODE
L1CD
MMUI
ZBBS
MAIN
4.1605-1.0.38-118.3
DRAM
NVRAM memcfg 0x407
MCB chksum 0xf64e52b4
DDR3-1600 CL11 256MBx2
Changed Byte Lane LDE
Changed Byte Lane LDE
PASS
FPS0
BT03
0001
BT02
1976
NAN3
RFS2
NAN5
Base: 4.16_05
CFE version 1.0.38-118.3 for BCM963138 (32bit,SP,LE)
Build Date: Tue Nov 1 23:00:13 CST 2016 (charles@charles-All-Series)
Copyright (C) 2000-2015 Broadcom Corporation.
Bootloader version: CFEROM : 2.5.2Nr1820 CFERAM : 2.5.2Nr1820
Boot Strap Register: 0x7dfffc2f
Chip ID: BCM63136B0, ARM Cortex A9 Dual Core: 1000MHz
Total Memory: 536870912 bytes (512MB)
NAND ECC BCH-4, page size 0x800 bytes, spare size used 64 bytes
NAND flash device: , id 0xc2dc block 128KB size 524288KB
pmc_init:PMC using DQM mode
Board IP address : 192.168.1.1:ffffff00
Host IP address : 192.168.1.100
Gateway IP address :
Run from flash/host/tftp (f/h/c) : f
Default host run file name : vmlinux
Default host flash file name : bcm963xx_fs_kernel
Boot delay (0-9 seconds) : 1
Boot image (0=latest, 1=previous) : 1
Default host ramdisk file name :
Default ramdisk store address :
Board Id (0-31) : RTV1907VWC3
Number of MAC Addresses (1-32) : 16
Base MAC Address : e8:d1:1b:40:7a:c8
PSI Size (1-128) KBytes : 48
Enable Backup PSI [0|1] : 0
System Log Size (0-256) KBytes : 0
Auxillary File System Size Percent: 0
MC memory allocation (MB) : 4
TM memory allocation (MB) : 44
DHD 0 memory allocation (MB) : 14
DHD 1 memory allocation (MB) : 0
DHD 2 memory allocation (MB) : 0
WLan Feature : 0x00
Voice Board Configuration (0-1) : LE9642_ZSI_BB
Partition 1 Size (MB) : 8M
Partition 2 Size (MB) : 1M
Partition 3 Size (MB) : 4M
Partition 4 Size (MB) (Data) : 4M
*** Press any key to stop auto run (1 seconds) ***
Auto run second count down: 1
[charles dbg] waiting for (key1=33, key2=34, key3=36, rst=32) key1=1 key2=1 key3=1 rst=1
0
Booting from previous image (address 0x0f700000, flash offset 0x0f700000) ...
Decompression LZMA Image OK!
Entry at 0x00008000
Starting program at 0x00008000
Booting Linux on physical CPU 0
...
...
...
da qui si può accedere al prompt CFE>, di seguito i comandi possibili
CFE> help
Available commands:
x Change extra partitions size
find Find string in NAND
comp Compare NAND blocks
fb Find NAND bad blocks
dn Dump NAND contents along with spare area
mtest Simple RAM read/write test
fcread read board finial check value
fc set board finial check value
phy Set memory or registers.
otpr Read btrm otp bits
sm Set memory or registers.
db Dump bytes.
dh Dump half-words.
dw Dump words.
w Write the whole image start from beginning of the flash
e Erase NAND flash
wp Write pmc (previously loaded through JTAG to flash block 0.
ws Write whole image (priviously loaded by kermit or JTAG) to flash .
go goto and execute from specefic address.
r Run program from flash image or from host depend on [f/h] flag
p Print boot line and board parameter info
c Change booline parameters
i Erase persistent storage data
ddr Change board DDR config
a Change board AFE ID
b Change board parameters
reset Reset the board
pmdio Pseudo MDIO access for external switches.
spi Legacy SPI access of external switch.
closeavs pmc close avs cmd
cpufreq set CPU frequency
force override chipid check for images.
help Obtain help for CFE commands
For more information about a command, enter 'help command-name'
*** command status = 0
qui ho capito che si può scegliere la flash con cui partire (latest o previous) anche perchè facendo un po' di prove non so come mi sono già fumato quella latest (non mi fa più il boot, se riesco allego boot completi sotto ho allegati ed altre opzioni ma non capisco come allegare, forse server altro browser)
una volta fatto il boot e loggatomi queste un po' di info:
# mount
rootfs on / type rootfs (rw)
ubi:rootfs_ubifs on / type ubifs (ro,relatime)
proc on /proc type proc (rw,relatime)
tmpfs on /var type tmpfs (rw,relatime,size=420k)
tmpfs on /mnt type tmpfs (ro,relatime,size=16k)
sysfs on /sys type sysfs (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
mtd:data on /data type jffs2 (rw,relatime)
mtd:bootfs on /bootfs type jffs2 (ro,relatime)
tmpfs on /etc type tmpfs (rw,relatime)
tmpfs on /dev type tmpfs (rw,relatime)
tmpfs on /web type tmpfs (rw,relatime)
usbfs on /proc/bus/usb type usbfs (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=000)
cgroup on /sys/fs/cgroup type tmpfs (rw,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
tmpfs on /lib/lxc/rootfs type tmpfs (rw,relatime)
# df
Filesystem 1024-blocks Used Available Use% Mounted on
ubi:rootfs_ubifs 218132 44760 173372 21% /
mtd:data 4096 936 3160 23% /data
mtd:bootfs 4096 3032 1064 74% /bootfs
# ls /bin
WiFi-alliancelogo_3D.png memaccess
acs_cli mkdir
acsd mknod
adsl more
adslctl mount
ash mount.sh
aspmd mtd_debug
bash mtdinfo
bcm_boot_launcher mv
bcm_flasher nanddump
bcmmserver nandtest
bdmf_shell nandwrite
bftpd nas
bpm nas4not
bpmctl nfct
brctl nice
bs ntfs-3g
bsd nvram
busybox nvramUpdate
cat openl2tpd
chmod openssl
conntrack periodicstat
conntrackd ping
consoled ping6
cp pppd
date ps
dd psictl
ddnsd pspctl
deluser pwd
df pwr
dhcp6c pwrctl
dhcp6s qrctl
dhcpc radvd
dhcpd rastatus6
dhd rawSocketTest
dhdctl ripd
dmesg rm
dnsdomainname runner
dnsproxy scratchpadctl
dnsspoof send_cms_msg
doc_loadbios setmem
dropbearconvert sh
dry simcard_sample
dsldiagd sleep
dumpmem smbd
eapd smbpasswd
ebtables smd
echo sntp
eid.sh sqlite3
epi_ttcp ssd
ethctl sshd
ethswctl ssk
eventd st_shell
false stress
fc stty
fcctl switch.sh
flash_erase swmdk
flash_otp_dump sync
flash_otp_info tar
flashcp tc
ftl_format tcpdump
grep telnetd
gunzip tmctl
gzip tmsctl
hostname toad
hotplug toast
hspotap tr143DownloadDiag
httpd tr143EchoCfgServer
icon_blue_eng.png tr143UploadDiag
icon_blue_zxx.png tr64c
icon_green_eng.png tr69c
icon_green_zxx.png true
icon_orange_eng.png ubiattach
icon_orange_zxx.png ubicrc32
icon_red_eng.png ubidetach
icon_red_zxx.png ubiformat
ip ubimkvol
ip6tables ubinfo
iperf ubirename
ippd ubirmvol
iptables ubirsvol
iptables-restore ubiupdatevol
iptables-save udhcpd
kill umount
lld2d upnp
ln urlfilterd
ls usleep
lxc-attach vi
lxc-autostart vlanctl
lxc-cgroup vodsl
lxc-checkconfig vpmstats
lxc-clone web.sh
lxc-config websockd
lxc-console wifi-abgn-logo_270x73.png
lxc-create wl
lxc-destroy wl_server
lxc-execute wl_server_socket
lxc-freeze wlconf
lxc-info wlctl
lxc-ls wlevt
lxc-monitor wlevt2
lxc-snapshot wlmngr
lxc-start wlmngr2
lxc-stop wps_monitor
lxc-unfreeze xdslctl
lxc-unshare xmppc
lxc-usernsexec xtables-multi
lxc-wait xtm
mcp xtmctl
mcpctl zcat
mcpd zebra
mdkshell
# ls /sbin
depmod hotplug init.lxc logread modprobe rmmod syslogd
ethctl ifconfig insmod lsmod poweroff route vconfig
halt init klogd mdev reboot sysinfo
# ls /usr/bin/
[ free lsusb sar traceroute6
[[ ftpget mpstat sendarp traffic.sh
awk iostat nc taskset traffic_ds.sh
chrt isc_dhclient pidstat test traffic_us.sh
cut isc_dhcpd pmacctd tftp tty
dirname killall renice tftpd uptime
expr logger riptool top wget
find lspci sadf traceroute
# ls /usr/sbin/
BulkData miniupnpd
UDPechoServer monitor_ip_conntrack
WiFiDiagnostic mt_cmd
at_cmd nbnsd
backup_dongle.sh nbtscan
backup_dongle_udhcpc_script nbtscan.sh
bd_svr nmbd
boost_util.sh ntfs-3g
chat p910nd
cmd_agent_ap pdbedit
curl pingq
cwmp pingqx
daylightadjust.sh port_mirror.sh
dnrd portmirror
downloaddiag pppd
dropbear pppoe.so
dropbearkey qos.sh
firewall.sh qos_selected.sh
flash_eraseall radvd
fw_upgrade rc_task
gpio_util scan_cmd.sh
guestwifi.sh send_event_bulkdata
hotplug-call send_event_tr69
hotplug2 smbd
hotspot.sh sniproxy
hotspot_probe speedtest
hotspot_wanduck stenvram
hswebd stnvram
htpasswd stshell
i2cdump system_probe
i2cget traffic.sh
i2cset uploaddiag
ipping_tr69 upnpc_tr69
lanscan usb-devices
led_util usb_modeswitch
led_util_log usb_print_server
linkrate_util wps_cmd
mini_httpd
# cat /proc/mtd
dev: size erasesize name
mtd0: 0f2e0000 00020000 "rootfs"
mtd1: 0f6e0000 00020000 "rootfs_update"
mtd2: 00400000 00020000 "data"
mtd3: 00020000 00020000 "nvram"
mtd4: 0f6e0000 00020000 "image"
mtd5: 0f6e0000 00020000 "image_update"
mtd6: 00400000 00020000 "bootfs"
mtd7: 20000000 00020000 "dummy2"
mtd8: 00400000 00020000 "misc3"
mtd9: 00100000 00020000 "misc2"
mtd10: 00800000 00020000 "misc1"
mtd11: 0e861000 0001f000 "rootfs_ubifs"
mtd12: 00100000 00020000 "STNVRAM"
mtd13: 00040000 00020000 "STENVRAM"
mtd14: 00100000 00020000 "STNVRAMBKP"
mtd15: 00040000 00020000 "STENVRAMBKP"
# mtdinfo
Count of MTD devices: 16
Present MTD devices: mtd0, mtd1, mtd2, mtd3, mtd4, mtd5, mtd6, mtd7, mtd8, mtd9, mtd10, mtd11, mtd12, mtd13, mtd14, mtd15
Sysfs interface supported: yes
come detto essendomi già "fumato" la flash principale, se qualcuno sa darmi qualche dritta posso ancora "giocarmi" la seconda...
Più tardi invio altre info e allego boot completi se ce la faccio
Grazie in anticipo a chi potrà aiutarmi
Enrico
