Skip to content

Instantly share code, notes, and snippets.

@hkwi

hkwi/airstation_info.md

Last active December 22, 2015 17:18
Show Gist options
  • Save hkwi/6504815 to your computer and use it in GitHub Desktop.
Save hkwi/6504815 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
airstation_info.md

debug.html

Open http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/55debug.html with username="bufpy" and password="otdpopy{ROOT_PASSWORD}".

yes

  • WZR-300HP Ver.1.93

no debug.html

  • WHR-300HP2

WZR-300HP

region=JP

"A0 A2" model

First of all, I recommend you to backup flash partitions. Transfer the files to safe storage.

cat /dev/mtd0ro > /tmp/mtd0.backup
cat /dev/mtd1ro > /tmp/mtd1.backup
cat /dev/mtd2ro > /tmp/mtd2.backup
cat /dev/mtd3ro > /tmp/mtd3.backup
cat /dev/mtd4ro > /tmp/mtd4.backup
cat /dev/mtd5ro > /tmp/mtd5.backup
cat /dev/mtd6ro > /tmp/mtd6.backup

installing dd-wrt

  • tftp flash "killer" image
  • You must flash second no-killer image via web interface

dd-wrt image overwrites "ART" area on flash.

root@DD-WRT:~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00050000 00010000 "RedBoot"
mtd1: 01f80000 00010000 "linux"
mtd2: 010e0000 00010000 "rootfs"
mtd3: 00d80000 00010000 "ddwrt"
mtd4: 00010000 00010000 "nvram"
mtd5: 00010000 00010000 "FIS directory"
mtd6: 00010000 00010000 "board_config"
mtd7: 02000000 00010000 "fullflash"
mtd8: 00010000 00010000 "uboot-env"

To revert to stock firmware, I've created a custom openwrt firmware that has following mtd layout. Flashing openwrt, I used tftp with openwrt-ar71xx-generic-wzr-hp-g300nh2-squashfs-tftp.bin.

[    0.550000] m25p80 spi0.0: found mx25l12805d, expected m25p80
[    0.550000] m25p80 spi0.0: mx25l12805d (16384 Kbytes)
[    0.560000] m25p80 spi0.1: found mx25l12805d, expected m25p80
[    0.570000] m25p80 spi0.1: mx25l12805d (16384 Kbytes)
[    0.570000] Concatenating MTD devices:
[    0.580000] (0): "spi0.0"
[    0.580000] (1): "spi0.1"
[    0.580000] into device "flash"
[    0.590000] Creating 5 MTD partitions on "flash":
[    0.600000] 0x000000000000-0x000000040000 : "u-boot"
[    0.600000] 0x000000040000-0x000000050000 : "u-boot-env"
[    0.610000] 0x000000050000-0x000000060000 : "art"
[    0.620000] 0x000000060000-0x000001fc0000 : "firmware"
[    0.630000] 0x000000160000-0x000001fc0000 : "rootfs"
[    0.630000] mtd: partition "rootfs" set to be root filesystem
[    0.640000] mtd: partition "rootfs_data" created automatically, ofs=0x310000, len=0x1cb0000
[    0.650000] 0x000000310000-0x000001fc0000 : "rootfs_data"
[    0.650000] 0x000001fc0000-0x000002000000 : "user_property"

root@OpenWrt:/# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 01000000 00010000 "spi0.0"
mtd1: 01000000 00010000 "spi0.1"
mtd2: 00040000 00010000 "u-boot"
mtd3: 00010000 00010000 "u-boot-env"
mtd4: 00010000 00010000 "art"
mtd5: 01f60000 00010000 "firmware"
mtd6: 01e60000 00010000 "rootfs"
mtd7: 01cb0000 00010000 "rootfs_data"
mtd8: 00040000 00010000 "user_property"

Write backup mtd image to flash.

cat mtd2.backup | ssh root@192.168.1.1 mtd write - art
cat mtd6.backup | ssh root@192.168.1.1 mtd write - firmware
cat mtd5.backup | ssh root@192.168.1.1 mtd write - user_property
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment