- 论坛徽章:
- 0
|
[color="#0000ff"]WRT开源无线路由用JTAG刷CFE过程
在之前的一篇《
关于开源无线路由器的资料
》文章中,我简单介绍了WRT开源无线路由的情况,同时我也从恩山淘宝店买了一个WRT300N V1.1的裸板无线路由,自己玩一下。对于一个开发板来讲,最重要的就是刷不死,一拿到手,第一件事就是将其中的UART调试口和JTAG口接出来,并试着刷机看看。
[color="#0000ff"]硬件连接
我在恩山的论坛上搜索到了硬件连接的资料(
JTAG 接点图大全
),拿来工具就开工了,我没有够买恩山网上的所谓TTL线和JTAG线,因为我有现成的板子,只要稍加修改就可以实现相同的功能。至于具体的接线我就不讲了,不同的板子有不同的接法,看资料吧。以下是我的连接照片:
![]()
![]()
![]()
![]()
一切都连接好以后,就可以通过我的本本连接路由板的串口和JTAG,与他通信刷机了。
[color="#0000ff"]串口通信
在“晕到死”系统下,可以用
PuTTY
连接相应的串口,只要路由板子一上电,就会从串口输出很多信息:
Start to blink diag led ...
CFE version 1.0.37 for BCM947XX (32bit,SP,LE)
Build Date: Tue Feb 27 19:35:53 CST 2007 (root@localhost.localdomain)
Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.
Initializing Arena
Initializing PCI. [normal]
PCI bus 0 slot 0/0: vendor 0x14e4 product 0x0800 (flash memory, rev 0x02)
PCI bus 0 slot 1/0: vendor 0x14e4 product 0x471f (ethernet network, rev 0x02)
PCI bus 0 slot 2/0: vendor 0x14e4 product 0x471a (USB serial bus, interface 0x10, rev 0x02)
PCI bus 0 slot 2/1: vendor 0x14e4 product 0x471a (USB serial bus, interface 0x20, rev 0x02)
PCI bus 0 slot 3/0: vendor 0x14e4 product 0x471b (USB serial bus, rev 0x02)
PCI bus 0 slot 4/0: vendor 0x14e4 product 0x0804 (PCI bridge, rev 0x02)
PCI bus 0 slot 5/0: vendor 0x14e4 product 0x0816 (MIPS processor, rev 0x02)
PCI bus 0 slot 6/0: vendor 0x14e4 product 0x471d (IDE mass storage, rev 0x02)
PCI bus 0 slot 7/0: vendor 0x14e4 product 0x4718 (network/computing crypto, rev 0x02)
PCI bus 0 slot 8/0: vendor 0x14e4 product 0x080f (RAM memory, rev 0x02)
PCI bus 0 slot 9/0: vendor 0x14e4 product 0x471e (class 0xfe, subclass 0x00, rev 0x02)
Initializing Devices.
No DPN
This is a Parallel Flash
Partition information:
boot #00 00000000 -> 0003FFFF (262144)
trx #01 00040000 -> 0004001B (28)
os #02 0004001C -> 007F7FFF (8093668)
nvram #03 007F8000 -> 007FFFFF (32768)
Partition information:
boot #00 00000000 -> 0003FFFF (262144)
trx #01 00040000 -> 007F7FFF (8093696)
nvram #02 007F8000 -> 007FFFFF (32768)
Reset switch via GPIO 8 ...
PCI bus 0 slot 1/0: pci_map_mem: attempt to map 64-bit region tag=0x800 @ addr=18010004
PCI bus 0 slot 1/0: pci_map_mem: addr=0x18010004 pa=0x18010000
ge0: BCM5750 Ethernet at 0x18010000
CPU type 0x2901A: 300MHz
Total memory: 131072 KBytes
Total memory used by CFE: 0x80600000 - 0x806A1900 (661760)
Initialized Data: 0x80636C40 - 0x80639BE0 (12192)
BSS Area: 0x80639BE0 - 0x8063B900 (7456)
Local Heap: 0x8063B900 - 0x8069F900 (409600)
Stack Area: 0x8069F900 - 0x806A1900 (8192)
Text (code) segment: 0x80600000 - 0x80636C40 (224320)
Boot area (physical): 0x006A2000 - 0x006E2000
Relocation Factor: I:00000000 - D:00000000
Boot version: v4.4
The boot is CFE
mac_init(): Find mac [00:XX:XX:XX:XX:XX] in location 0
Nothing...
CMD: [ifconfig eth0 -addr=192.168.1.1 -mask=255.255.255.0]
eth0: Link speed: 100BaseT FDX
Device eth0: hwaddr 00-XX-XX-XX-XX-XX, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
CMD: [go;]
Check CRC of image1
Len: 0x5C0000 (6029312) (0xBC040000)
Offset0: 0x1C (28) (0xBC04001C)
Offset1: 0x9D0 (2512) (0xBC0409D0)
Offset2: 0xE2C00 (928768) (0xBC122C00)
Header CRC: 0xE2BCDDD9
Calculate CRC: 0xE2BCDDD9
Image 1 is OK
Try to load image 1.
Waiting for 5 seconds to upgrade ...
CMD: [load -raw -addr=0x806a1900 -max=0xf70000 :]
Loader:raw Filesys:tftp Dev:eth0 File:: Options:(null)
Loading: _tftpd_open(): retries=0/5
Failed.
Could not load :: Interrupted
Stop to blink diag led ...CFE>
CMD: []
CFE>
[color="#0000ff"]一开始输出的是bootloader(CFE)的信息,一开机在终端中按下CTRL+C,就可以进入CFE的命令行模式下。否则会自动进入Linux系统。
进入Linux系统后就可以登录了:
DD-WRT v24-sp2 mega (c) 2009 NewMedia-NET GmbH
Release: 04/02/09 (SVN revision: 11805)
ÿ
Tekkaman WRT login: root
Password:
==========================================================
____ ___ __ ______ _____ ____ _ _
| _ \| _ \ \ \ / / _ \_ _| __ _|___ \| || |
|| | || ||____\ \ /\ / /| |_) || | \ \ / / __) | || |_
||_| ||_||_____\ V V / | _ | | \ V / / __/|__ _|
|___/|___/ \_/\_/ |_| \_\|_| \_/ |_____| |_|
DD-WRT v24-sp2
http://www.dd-wrt.com
==========================================================
Jan 1 00:00:38 login[562]: root login on 'console'
BusyBox v1.13.3 (2009-04-02 16:01:41 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
root@Tekkaman WRT:~#
[color="#0000ff"]JTAG刷机(“晕到死”系统下)
使用JTAG通信除了硬件上的连接以外,还需要两个软件:
(1)
GiveIO
(2)brjtag.exe (你可以在恩山论坛上下载最新的)
这里提供1.8b的下载:
![]()
文件:
brjtag18b.rar
大小:
60KB
下载:
下载
[color="#0000ff"]刷机步骤:
(1)加载GiveIO驱动,参考
GiveIO下载网站
的步骤!(注意:“痿死他”和“晕气”系统下运行LoadDrv,请用右键:使用管理员权限运行)
(2)到brjtag.exe程序目录下,通过命令行运行:
brjtag.exe -probeonly
以探测连接的芯片和flash。
见下图:
![]()
如果你是用台式机的并口,就不需要后面的/port:XXXX ,用默认的并口地址就好了,我使用的是Express 卡转并口,所以要定义端口地址,具体的情况见上图。
(3)刷新CFE,运行:
brjtag.exe -flash:cfe /port:XXXX
brjtag.exe程序就先擦除CFE分区,并会在当前目录下找名为CFE.BIN的文件,并将它烧写到CFE分区。
brjtag.exe还有许多其他的功能,需要看帮助信息的话,请直接运行brjtag.exe!
对于新买来的路由,最好先运行:
brjtag.exe -backup:cfe /port:XXXX
来备份CFE,以备不时之需。如果没有CEF的bin文件,你可以到恩山论坛上搜索,或者下载恩山上的:
CFE大全
。
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/34474/showart_2089433.html |
|
免费注册
发表于 2009-11-09 00:30