00:15
gamiee has quit [Ping timeout: 246 seconds]
00:21
gamiee has joined #openocd
01:43
joconor has joined #openocd
02:52
tsal has joined #openocd
02:53
tsal_ has quit [Ping timeout: 252 seconds]
03:30
Guest68 has joined #openocd
03:44
Guest68 has quit [Quit: Client closed]
04:40
akaWolf has quit [Ping timeout: 272 seconds]
04:45
akaWolf has joined #openocd
04:57
akaWolf has quit [Ping timeout: 255 seconds]
05:22
akaWolf has joined #openocd
05:45
akaWolf has quit [Ping timeout: 252 seconds]
06:02
akaWolf has joined #openocd
06:12
pengi3 has joined #openocd
06:24
akaWolf has quit [Ping timeout: 252 seconds]
06:26
akaWolf has joined #openocd
07:02
nerozero has joined #openocd
11:02
slobodan has joined #openocd
11:23
pengi37 has joined #openocd
11:24
pengi3 has quit [Ping timeout: 248 seconds]
11:24
pengi37 is now known as pengi3
11:30
ScottBakula has joined #openocd
11:46
<
gamiee >
ScottBakula: I recommend using Quassel instead of ZNC, much better experience (at least for me)
11:53
<
ScottBakula >
@PaulFertser, flash info 0 is not a valid command :)
11:53
<
ScottBakula >
i put my openocd in debug mode to see more things
11:53
<
PaulFertser >
ScottBakula: how so, you do not have flash defined by the board config?
11:54
<
ScottBakula >
i used /usr/share/openocd/scripts/target/bcm5352e.cfg and in my cmsis-dap.cfg i have this
11:55
<
ScottBakula >
adapter driver cmsis-dap \n transport select jtag \n gdb_port 3333
11:55
<
ScottBakula >
please be advised that bcm5352e.cfg is the last one
11:56
<
ScottBakula >
i tried with firmware-recovery.tcl before but same issue with this command, i am a newbie sorry :D
11:58
rkta has left #openocd [#openocd]
12:00
<
ScottBakula >
in bcm5352e.cfg nothing is mentionned about the flash and in firmware-recovery.tcl
12:00
<
PaulFertser >
ScottBakula: you said you had wrt54gl board, is this a different ne?
12:01
<
PaulFertser >
The SoC itself doesn't have that flash obviously.
12:01
<
ScottBakula >
@PaulFertser, i think to be more precised it's a wrt54g
12:02
<
PaulFertser >
ScottBakula: so you use the
_board_ config
12:03
<
PaulFertser >
I think GL should be similar enough but not sure.
12:04
<
PaulFertser >
IDK how wide its connection to the flash, is it 16 bits or 8 bits?
12:04
<
PaulFertser >
No harm trying both.
12:04
<
PaulFertser >
(asus-rt-n16.cfg is an example)
12:35
<
ScottBakula >
yeah Paul : > flash info 0
12:35
<
ScottBakula >
Could not probe bank: no QRY
12:35
<
ScottBakula >
Try workaround w/0x555 instead of 0x55 to get QRY.
12:35
<
ScottBakula >
Flash Manufacturer/Device: 0xfc01 0xfc01
12:35
<
ScottBakula >
Could not probe bank: no QRY
12:35
<
ScottBakula >
auto_probe failed
12:37
<
ScottBakula >
the flash on the board has been identified as a MX29LV160C by myself :)
12:38
<
ScottBakula >
@PaulFertser, 16M-BIT [2Mx8/1Mx16] CMOS SINGLE VOLTAGE
12:44
slobodan has quit [Read error: Connection reset by peer]
12:44
slobodan has joined #openocd
12:47
<
PaulFertser >
ScottBakula: no QRY is bad, means something is wrong, no communication with the flash working.
13:05
<
PaulFertser >
ScottBakula: is it not working both in 16-bit and 8-bit modes?
14:02
<
ScottBakula >
idk how to change this @PaulFertser
14:03
vampirefrog has joined #openocd
14:03
<
ScottBakula >
i am moving to another approach, i wan to understand if they did something to block access to the flash, i am looking at the firmware
14:18
vampiref- has joined #openocd
14:25
vampiref- has joined #openocd
14:27
vampirefrog has quit [Quit: Leaving]
15:00
pengi3 has quit [Ping timeout: 252 seconds]
15:14
pengi3 has joined #openocd
15:17
<
PaulFertser >
ScottBakula: asus-rt-n16.cfg is a tested example of using 8-bit bus.
16:53
<
PaulFertser >
ScottBakula: /now/ you can dump from it or flash it.
16:55
<
ScottBakula >
ok i am reading the firmware, let see if it's better
16:57
<
ScottBakula >
does the dump_image is writing to the file in streaming mode or wait to read all the content before writing ?
17:14
<
PaulFertser >
ScottBakula: should be streaming
17:21
<
PaulFertser >
ScottBakula: note you specified the size incorrectly but that shouldn't matter much.
17:29
<
ScottBakula >
argh still empty :(
17:30
<
ScottBakula >
i must confirm my hardware is working properly with another board
17:31
slobodan_ has joined #openocd
17:32
slobodan has quit [Ping timeout: 248 seconds]
17:36
<
PaulFertser >
ScottBakula: you can use "mdw" to check individual words.
17:36
<
PaulFertser >
ScottBakula: also try different addresses, e.g. 0xbc000000 vs. 0x1c000000
17:37
<
PaulFertser >
ScottBakula: does this board boot from this flash?
17:39
<
PaulFertser >
ScottBakula: it's certainly communicating with the flash in some reasonable way now since you read C2 C2 id bytes.
17:39
<
PaulFertser >
So probably just mapped to different address in your hardware, also there're cached vs. uncached regions on mips.
17:40
<
PaulFertser >
ScottBakula: yes, I know on wrt54gl that I was using it was mapped to 0x1c000000 , not bc, so I'd expect same for your wrt54g target.
17:47
<
ScottBakula >
ohohoh
17:47
<
ScottBakula >
i made a test and i have something now @PaulFertser !!!
17:47
<
ScottBakula >
dump_image test.bin 0xbc000000 4096
17:50
<
PaulFertser >
ScottBakula: why was previous dump_image not working?
17:51
<
ScottBakula >
i think yes, in the partition table we don't have the good adresses
17:52
<
ScottBakula >
jtag> readmem 0x1fc00000 0x400000 flash.bin <-- FALSE !!!
17:55
<
ScottBakula >
if i well understood, now i need to find the starting address on this flash, maybe i will bruteforce it
18:19
<
PaulFertser >
ScottBakula: you said you have flash of just 2 MiB so no wonder it's false for your case.
18:20
<
PaulFertser >
ScottBakula: dump all the 2 MiB, then use binwalk.
18:46
nerozero has quit [Ping timeout: 244 seconds]
19:46
slobodan_ has quit [Read error: Connection reset by peer]
19:46
slobodan_ has joined #openocd
20:04
slobodan_ has quit [Read error: Connection reset by peer]
20:06
slobodan_ has joined #openocd
20:51
slobodan_ has quit [Ping timeout: 248 seconds]
20:59
<
ScottBakula >
thanks @PaulFertser for your precious help !)
21:03
slobodan_ has joined #openocd
21:04
<
PaulFertser >
ScottBakula: got it all working now? Glad to help! What are you trying to RE, btw, what's the final goal with this antique board?
21:04
<
PaulFertser >
ScottBakula: also, can you confirm downgrading OpenOCD is necessary?
21:07
<
ScottBakula >
i used openocd version 0.12.0 for this
21:10
<
PaulFertser >
OK, so no regressions there, good to know.
21:11
<
ScottBakula >
"What are you trying to RE" : i know this is very old, but it was a starting point for me to experiment with jtag. I never used it before, i had to have a setup, i saw jtagulator was discontinued, and also i saw segger j-link is soo expensive
21:12
<
ScottBakula >
i bought a bus pirate 6 recently, but for the moment no jtag support, it still in dev
21:12
<
PaulFertser >
jtagulator you need only when pinout is unknown.
21:12
<
PaulFertser >
j-link edu can be bought for NC purposes for relatively cheapp.
21:13
<
PaulFertser >
My go-to device currently is TUMPA (non-light), it's FT2232H based. It has its silly gotchas but it seems to be the cheapest FT2232H board with fast buffer. Plus you get RS-232.
21:15
<
ScottBakula >
oh nice i take a look at it, for jtagulator i think i need something equivalent for iot hacking/reing because most of the time you don't know the jtag pins
21:16
<
PaulFertser >
There're newer much better projects.
21:21
<
PaulFertser >
ScottBakula: bluetag looks promising, thanks for sharing
21:22
<
ScottBakula >
omg i bought the bus pirate to quickly i guess, for 145$ the glasgow looks much more powerful
21:31
<
PaulFertser >
You didn't ask here :)
21:52
<
ScottBakula >
Oh boy! i didn't know you 2 months ago, if only I could travel in time 🤔
22:45
slobodan_ has quit [Read error: Connection reset by peer]
23:27
tsal has joined #openocd