...
That was for the anecdote, but recently I attempted to upgrade my OpenWRT wifi router from 18.06.02 to the latest code train: 19.07.4. As a lazy as I'amm lazy, I just sticked with OpenWRT web upgrade via LuCI. Not sure if I was right , ... I don't know why and how but the upgrade failed and my wifi router got "bricked".
After a lot of googling and reading, i concluded that I had only one solution: restore from factory and re-install OpenWRT 19.07.04 installation by hand. You have guess the rest of the article, the factory-reset procedure required requires a TFTP server.
Tip |
---|
|
But before that, I had to solder an USB - UART module as described here. |
...
[ #004 ] - Saving private OpenWRT", thanks freeRouter's TFTP server !
Expand |
---|
title | monitorLog into freeRouter |
---|
|
If you are familiar with Cisco operating system you will feel at home with this TFTP server. Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | Log into freeRouter in config mode: |
---|
| __ ____ _
/ _|_ __ ___ ___| _ \ ___ _ _| |_ ___ _ __
| |_| '__/ _ \/ _ \ |_) / _ \| | | | __/ _ \ '__|
| _| | | __/ __/ _ < (_) | |_| | || __/ |
|_| |_| \___|\___|_| \_\___/ \__,_|\__\___|_|
_ __ ___ ___| | _____ | |
| '__/ _ \ / __| |/ / __| | |
| | | (_) | (__| <\__ \ |_|
|_| \___/ \___|_|\_\___/ (_)
welcome
line ready
mjolnir#conf t
mjolnir(cfg)#server tftp openwrt
mjolnir(cfg-server)#?
access-blackhole4 - propagate and check violating prefixes
access-blackhole6 - propagate and check violating prefixes
access-class - set access list
access-log - log dropped attemps
access-map - set route map
access-peer - per client session limit
access-policy - set route policy
access-prefix - set prefix list
access-rate - access rate for this server
access-startup - initial downtime for this server
access-subnet - per subnet session limit
access-total - session limit for this server
do - execute one exec command
end - close this config session
exit - go back to previous mode
interface - interface to bind to
no - negate a command
path - set root folder
port - set port to listen on
protocol - set lower protocols to use
readonly - set write protection
security - set security parameters
show - running system information
vrf - set vrf to use
|
|
Expand |
---|
title | TFTP server configuration |
---|
|
sdn6 is the port #6 connected from my SOHO router to OpenWRT router. Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | TFTP server configuration |
---|
| sh run tftp
server tftp openwrt
path /rtr/owrt/
interface sdn6
vrf inet
exit
!
sh run sdn6
interface sdn6
description mjolnir@LAN6[08:00.0]
mtu 1500
macaddr 004c.7307.0a77
vrf forwarding inet
ipv4 address 192.168.136.1 255.255.255.0
ipv4 broadcast-multicast
no shutdown
no log-link-change
exit
!
...
|
So the LAN port of my OpenWRT router is like this: Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | OpenWRT config (this can be done via Web GUI) |
---|
| ...
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.136.2'
option netmask '255.255.255.0'
option broadcast '192.168.136.255'
option gateway '192.168.136.1'
option ip6assign '60'
list dns '192.168.254.1'
option ifname 'eth0 eth0.1 eth0.2 wlan0 wlan1'
...
|
Basic connectivity check (well techincally technically you could not ping as it is part if TFTP restore to factory process. Remember our box crashed ! ) Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | ping OpenWRT |
---|
| ping 192.168.136.2 /vrf inet
pinging 192.168.136.2, src=null, vrf=inet, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=0/1/2/5
...
|
|
Expand |
---|
title | Launch OpenWRT TFTP factory reset |
---|
|
So we are basically ready ... Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | Initiate OpenWRT factory restore process via TFTP |
---|
| ===================================================================
MT7621 stage1 code 10:33:11 (ASIC)
CPU=50000000 HZ BUS=12500000 HZ
==================================================================
Change MPLL source from XTAL to CR...
do MEMPLL setting..
MEMPLL Config : 0x11100000
3PLL mode + External loopback
=== XTAL-40Mhz === DDR-1200Mhz ===
PLL2 FB_DL: 0x9, 1/0 = 567/457 25000000
PLL3 FB_DL: 0xc, 1/0 = 596/428 31000000
PLL4 FB_DL: 0x11, 1/0 = 560/464 45000000
do DDR setting..[00320381]
Apply DDR3 Setting...(use customer AC)
0 8 16 24 32 40 48 56 64 72 80 88 96 104 112 120
--------------------------------------------------------------------------------
0000:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0001:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0002:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0003:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0004:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0005:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0006:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0007:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0008:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0009:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000A:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000B:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000C:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000D:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
000E:| 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1
000F:| 0 0 0 0 1 1 1 1 1 1 1 1 1 1 0 0
0010:| 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0
0011:| 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0
0012:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0013:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0014:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0015:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0016:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0017:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0018:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0019:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001A:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001B:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001C:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001D:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001E:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001F:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rank 0 coarse = 15
rank 0 fine = 72
B:| 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0
opt_dle value:11
DRAMC_R0DELDLY[018]=00001F1F
==================================================================
RX DQS perbit delay software calibration
==================================================================
1.0-15 bit dq delay value
==================================================================
bit| 0 1 2 3 4 5 6 7 8 9
--------------------------------------
0 | 10 7 9 9 7 7 8 7 3 6
10 | 6 7 7 9 6 9
--------------------------------------
==================================================================
2.dqs window
x=pass dqs delay value (min~max)center
y=0-7bit DQ of every group
input delay:DQS0 =31 DQS1 = 31
==================================================================
bit DQS0 bit DQS1
0 (1~61)31 8 (1~56)28
1 (1~58)29 9 (1~61)31
2 (1~60)30 10 (1~59)30
3 (1~58)29 11 (1~57)29
4 (1~57)29 12 (1~60)30
5 (1~61)31 13 (1~60)30
6 (1~58)29 14 (1~61)31
7 (1~62)31 15 (1~61)31
==================================================================
3.dq delay value last
==================================================================
bit| 0 1 2 3 4 5 6 7 8 9
--------------------------------------
0 | 10 9 10 11 9 7 10 7 6 6
10 | 7 9 8 10 6 9
==================================================================
==================================================================
TX perbyte calibration
==================================================================
DQS loop = 15, cmp_err_1 = ffff0000
dqs_perbyte_dly.last_dqsdly_pass[0]=15, finish count=1
dqs_perbyte_dly.last_dqsdly_pass[1]=15, finish count=2
DQ loop=15, cmp_err_1 = ffff0080
dqs_perbyte_dly.last_dqdly_pass[1]=15, finish count=1
DQ loop=14, cmp_err_1 = ffff0000
dqs_perbyte_dly.last_dqdly_pass[0]=14, finish count=2
byte:0, (DQS,DQ)=(8,8)
byte:1, (DQS,DQ)=(8,8)
20,data:88
[EMI] DRAMC calibration passed
===================================================================
MT7621 stage1 code done
CPU=50000000 HZ BUS=12500000 HZ
===================================================================
U-Boot 1.1.3 (Apr 17 2017 - 17:00:02)
Board: Ralink APSoC DRAM: 256 MB
Power on memory test. Memory size= 256 MB...OK!
relocate_code Pointer at: 8ffac000
Config XHCI 40M PLL
******************************
Software System Reset Occurred
******************************
Allocate 16 byte aligned buffer: 8ffdffd0
Enable NFI Clock
# MTK NAND # : Use HW ECC
NAND ID [C8 D1 80 95 42]
Device not found, ID: c8d1
Not Support this Device!
chip_mode=00000001
Support this Device in MTK table! c8d1
select_chip
[NAND]select ecc bit:4, sparesize :64 spare_per_sector=16
Signature matched and data read!
load_fact_bbt success 1023
load fact bbt success
[mtk_nand] probe successfully!
mtd->writesize=2048 mtd->oobsize=64, mtd->erasesize=131072 devinfo.iowidth=8
..============================================
Ralink UBoot Version: 5.0.0.0
--------------------------------------------
ASIC MT7621A DualCore (MAC to MT7530 Mode)
DRAM_CONF_FROM: Auto-Detection
DRAM_TYPE: DDR3
DRAM bus: 16 bit
Xtal Mode=5 OCP Ratio=1/4
Flash component: NAND Flash
Date:Apr 17 2017 Time:17:00:02
============================================
icache: sets:256, ways:4, linesz:32 ,total:32768
dcache: sets:256, ways:4, linesz:32 ,total:32768
##### The CPU freq = 880 MHZ ####
estimate memory size =256 Mbytes
#Reset_MT7530
set LAN/WAN LWLLL
Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
4: Entr boot command line interface.
7: Load Boot Loader code then write to Flash via Serial.
9: Load Boot Loader code then write to Flash via TFTP.
4
You choosed 2
0
2: System Load Linux Kernel then write to Flash via TFTP.
Warning!! Erase Linux in Flash then burn new one. Are you sure?(Y/N)
Please Input new ones /or Ctrl-C to discard
Input device IP (192.168.31.1) ==:192.168.31.1
Input server IP (192.168.31.100) ==:192.168.31.2
Input Linux Kernel filename () ==: <my_factory_router_image>
...
|
And ... Voilà ! |
Tip |
---|
|
Keep in mid that one battle is over, but this is not the end of the warWe won this factory reset battle but the war is over. After having restored the genuine official vendor image, we need to re-install OpenWRT with the latest 19.07.4 image and configure OpenWRT so that it can acts as a "dummy Wifi Access Point". DHCP, DNS will be served by the SOHO router. |
Discussion
You can deploy freeRouter manually in a VM or container and bind it to a linux interface if you need a TFTP server in order to apply configuration to all your equipment. When final staging are done in a secure Out of Band management network context having a TFTP server is a blessing as it correspond to a gain of time in a production environment. Imaging hundreds of people working in a SP environment and working at the same time.
...
- We presented freeRouter TFTP embedded server
- You can use it in order to deploy undertake network equipment deployment requiring TFTP
- This TFTP server is compatible with IPv4/IPv6
TFTP is a basic but a common tools tool in SP environment (or it was? If it is still used, yes please confirm !) In this example, I demonstrated the use of TFTP server in order to flash a wifi router to factory default. I have 802.11ac back up and running !
Tip |
---|
|
As its author said, freeRouter can be perceived not only as a router but it is a networking Swiss army knife. in further articles we will shed some lights in various treasure treasures hidden into freeRouter can offer ... And for free ! Last but not least, you can play with these different servers from this sandbox: (You'll be able to spot amazing server that will be the object of further article.) Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | type "telnet dl.nop.hu" in a terminal and choose "1" |
---|
| Trying 193.224.23.5...
Connected to dl.nop.hu.
Escape character is '^]'.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX XXXXX XXX XXX XXX XX XX XXXX XXXXXXXXXXXXXXXXXXX
XXXX XXXX XX XXXX XX XXXX XX XX XX XXXX XXXXX/~~~~~~\XXXXXX
XXXX X XXX XX XXXX XX XXXX XX XX XX XXXX XXXX| player |XXXXX
XXXX XX XX XX XXXX XX XXX XX XXXX XXXXX\______/XXXXXX
XXXX XXX X XX XXXX XX XXXXXXX XX XX XXXX XXXXXXXXXXXXXXXXXXX
XXXX XXXX XX XXXX XX XXXXXXX XX XX XXXX XXXXXXXXXXXXXXXXXXX
XXXX XXXXX XXX XXX XXX XXX XX XXX XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
welcome
line ready
menu lab:
# - reboot router1
$ - reboot router2
% - reboot router3
1 - connect to router1
2 - connect to router2
3 - connect to router3
^ - rebuild routers
l - connect to lg.nop.dn42
x - exit
choose:1 - attach vdc lab1
welcome
line ready
yourname#conf t
warning user.userLineHandler.doExec:userLine.java:606 <nobody> configuring from tty1
yourname(cfg)#server ?
bmp2mrt - configure an bmp to mrt server
bstun - configure a bstun server
chargen - configure a chargen server
daytime - configure a daytime server
dcp - configure a dcp server
dhcp4 - configure a dhcp4 server
dhcp6 - configure a dhcp6 server
discard - configure a discard server
dns - configure a dns server
echo - configure an echo server
etherip - configure a etherip server
forwarder - configure a forwarder server
ftp - configure a ftp server
geneve - configure a geneve server
gopher - configure a gopher server
gre - configure a gre server
gtp - configure a gtp server
honeypot - configure a honeypot server
http - configure a http server
irc - configure an irc server
iscsi - configure an iscsi server
l2f - configure a l2f server
l2tp2 - configure a l2tp v2 server
l2tp3 - configure a l2tp v3 server
loadbalancer - configure a loadbalancer server
lpd - configure a lpd server
modem - configure a modem server
mplsip - configure a mplsip server
mplsudp - configure a mplsudp server
multiplexer - configure a multiplexer server
netflow - configure an netflow server
nrpe - configure a nrpe server
ntp - configure a ntp server
openflow - configure an openflow server
p4lang - configure an p4lang server
pcep - configure a pcep server
pckodtls - configure a pckodtls server
pckotcp - configure a pckotcp server
pckotxt - configure a pckotxt server
pckoudp - configure a pckoudp server
pop3 - configure a pop3 server
pptp - configure a pptp server
prometheus - configure a prometheus server
quote - configure a quote server
radius - configure a radius server
rfb - configure a rfb server
rpki - configure a rpki server
sip - configure a sip server
smtp - configure a smtp server
snmp - configure a snmp server
socks - configure a socks server
streamingmdt - configure a streaming telemetry server
stun - configure a stun server
syslog - configure a syslog server
tacacs - configure a tacacs server
telnet - configure a telnet server
tftp - configure a tftp server
time - configure a time server
udpfwd - configure an udp forwarder server
udptn - configure an udptn server
upnpfwd - configure an upnp forwarder server
upnphub - configure an upnp hub server
voice - configure a voice server
vxlan - configure a vxlan server
yourname(cfg)#server
... |
In order to exit the sandbox session use the following escape sequence: Ctrl-c + Ctrl-x
|
...