Skip to content

Instantly share code, notes, and snippets.

@leewp14

leewp14/r619ac_flash.md

Last active December 20, 2020 16:09
Show Gist options
  • Save leewp14/68ff3452680d5071618f448d5cff7f55 to your computer and use it in GitHub Desktop.
Save leewp14/68ff3452680d5071618f448d5cff7f55 to your computer and use it in GitHub Desktop.
Download ZIP
竟斗云2.0刷机 / G-DOCK 2.0 (IPQ40xx R619AC) Flashing
Raw
r619ac_flash.md

use nginx to spoof update traffic, wan connection to pc. adapt install.sh use phone connect to gdock wifi and attempt update

update 20201220: this is how it works from firmware 2.0 stock

  1. attempt official system upgrade to 2.5. If not possible, use json spoof method (aka openwrt host method)
  2. for openwrt host method for system upgrade, use nginx+php. Probably apache2 could work too. Just remember to run the iptables hack inside install.sh to redirect all port 80 traffic to localhost. Then, run the update_time function (adapt from install.sh) to ensure the timestamp inside json is correct all the time, or else system upgrade won't work. Then use a phone to connect to router and perform the upgrade. No openwrt required, profit.
  3. Stock 2.5 allows unsigned flashing. After update to official openwrt (aka stock 2.5), flash the -unlock- version of openwrt inside webui. My guess is that this -unlock- version includes an unlocked bootloader. It is a nand-factory file so can't really inspect it.
  4. Next reboot router, scp send the opboot/pbboot file to /tmp and ssh inside router, use mtd write to flash the bootloader to 'Bootloader'. For opboot, flash the -flash- version, for pbboot flash the -nor- version. To reboot after flash, use -r flag.
  5. Reboot into recovery mode (bootloader) by holding reset button while power on. Wait until the LAN light all flows done. For opboot, the light keep flashing when in bootloader and lan light wont turn on, for pbboot the light will be steady with the lan light turned on. (?)
  6. For first time, backup the ART partition (so it's advisable to flash opboot nomatter how). ART partition is something like EFS partition on samsung, it is unique per device, contains wifi cal data.
  7. Perform a data wipe from the menus. Reboot into bootloader again.
  8. Now flash custom roms. For pbboot, probably pandorabox can boot only. For opboot, literally anything can boot. But for first flash, better to use opboot flash a 128M ubi. UBI is something like a complete image, so it cleans everything on flash.
  9. Subsequently, you should only flash files that can be identified as a Tar archive in linux, which usually will be the sysupgrade files. nand-factory files are still unknown when to use. Probably only for stock use. Those nand-factory files won't work at all when flashed (it just won't able to flash although there's no warning or error). Normally when flash, it took time to write the data instead of straight reboot after upload the image to router.

Side notes:

opboot requires client at 192.168.1.2 (?), but pbboot can use dhcp.

For the record, working VLAN is for those able to set eth0 to tagged and has WAN available for tagging. For working ipv6, go to interfaces and see whether there's DHCPv6 option. Default password for all those chinese images are 'password', pandora is 'admin'. For the base image (openwrt stock variant image), VLAN not working. Probably a kernel change will do. That is a nice variant, except for the non-working VLAN (cannot tag WAN). Remember when using those chinese images, remember to uninstall the package mwan3. It causes conflict with ipv6, causing ipv6 not working system wide.

Currently working best firmware with ipv6 and vlan tested ok, 100MBPS on 2.4GHz no problem smooth - 20.02.29竞斗云2.0全功能128M.ubi (originated from 竞斗云2.0刷op基于固件.rar)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment