mirror of https://github.com/hak5/openwrt.git
This repository is a mirror of https://git.openwrt.org/openwrt/openwrt.git It is for reference only and is not active for check-ins or for reporting issues. We will continue to accept Pull Requests here. They will be merged via staging trees then into openwrt.git. All issues should be reported at: https://bugs.openwrt.org
99835e0999
Attention: Kernel partition size has been enlarged to 4MB. To switch, you must update to latest ar71xx-nand snapshort and flash the sysupgrade-4M-Kernel.bin: zcat openwrt-ath79-nand-zyxel_nbg6716-squashfs-sysupgrade-4M-Kernel.bin | mtd -r -e ubi write - firmware; reboot -f You will end up with a fresh config if you do not inject config into the image. The NBG6716 may come with 128MB or 256MB NAND. ar71xx was able to use all, but ath79 can only use the first 128MB. Therefore the complete NAND needs to be overwritten. If not, the old UBI may make problems and lead to reboot loop. Access the real u-boot shell: ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02" When the device is starting up, the user can enter the the loader shell by simply pressing a key within the 3 seconds once the following string appears on the serial console: | Hit any key to stop autoboot: 3 The user is then dropped to a locked shell. |NBG6716> HELP |ATEN x[,y] set BootExtension Debug Flag (y=password) |ATSE x show the seed of password generator |ATSH dump manufacturer related data in ROM |ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations) |ATGO boot up whole system |ATUR x upgrade RAS image (filename) |NBG6716> In order to escape/unlock a password challenge has to be passed. Note: the value is dynamic! you have to calculate your own! First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env) to get the challange value/seed. |NBG6716> ATSE NBG6716 |012345678901 This seed/value can be converted to the password with the help of this bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors): - tool.sh - ror32() { echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) )) } v="0x$1" a="0x${v:2:6}" b=$(( $a + 0x10F0A563)) c=$(( 0x${v:12:14} & 7 )) p=$(( $(ror32 $b $c) ^ $a )) printf "ATEN 1,%X\n" $p - end of tool.sh - |# bash ./tool.sh 012345678901 | |ATEN 1,879C711 copy and paste the result into the shell to unlock zloader. |NBG6716> ATEN 1,0046B0017430 If the entered code was correct the shell will change to use the ATGU command to enter the real u-boot shell. |NBG6716> ATGU |NBG6716# Signed-off-by: André Valentin <avalentin@marcant.net> |
||
---|---|---|
.github | ||
config | ||
include | ||
package | ||
scripts | ||
target | ||
toolchain | ||
tools | ||
.gitattributes | ||
.gitignore | ||
BSDmakefile | ||
Config.in | ||
LICENSE | ||
Makefile | ||
README | ||
feeds.conf.default | ||
rules.mk |
README
_______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- This is the buildsystem for the OpenWrt Linux distribution. To build your own firmware you need a Linux, BSD or MacOSX system (case sensitive filesystem required). Cygwin is unsupported because of the lack of a case sensitive file system. You need gcc, binutils, bzip2, flex, python3.5+, perl, make, find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers installed. 1. Run "./scripts/feeds update -a" to obtain all the latest package definitions defined in feeds.conf / feeds.conf.default 2. Run "./scripts/feeds install -a" to install symlinks for all obtained packages into package/feeds/ 3. Run "make menuconfig" to select your preferred configuration for the toolchain, target system & firmware packages. 4. Run "make" to build your firmware. This will download all sources, build the cross-compile toolchain and then cross-compile the Linux kernel & all chosen applications for your target system. Sunshine! Your OpenWrt Community http://www.openwrt.org