WRT开源无线路由用JTAG刷CFE过程
在之前的一篇《关于开源无线路由器的资料》文章中,我简单介绍了WRT开源无线路由的情况,同时我也从恩山淘宝店买了一个WRT300N V1.1的裸板无线路由,自己玩一下。对于一个开发板来讲,最重要的就是刷不死,一拿到手,第一件事就是将其中的UART调试口和JTAG口接出来,并试着刷机看看。
硬件连接
我在恩山的论坛上搜索到了硬件连接的资料(),拿来工具就开工了,我没有够买恩山网上的所谓TTL线和JTAG线,因为我有现成的板子,只要稍加修改就可以实现相同的功能。至于具体的接线我就不讲了,不同的板子有不同的接法,看资料吧。以下是我的连接照片:
一切都连接好以后,就可以通过我的本本连接路由板的串口和JTAG,与他通信刷机了。
串口通信
在“晕到死”系统下,可以用连接相应的串口,只要路由板子一上电,就会从串口输出很多信息:
Start to blink diag led ...
CFE version 1.0.37 for BCM947XX (32bit,SP,LE) Build Date: Tue Feb 27 19:35:53 CST 2007 (root@localhost.localdomain) Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.
Initializing Arena Initializing PCI. [normal] PCI bus 0 slot 0/0: vendor 0x14e4 product 0x0800 (flash memory, rev 0x02) PCI bus 0 slot 1/0: vendor 0x14e4 product 0x471f (ethernet network, rev 0x02) PCI bus 0 slot 2/0: vendor 0x14e4 product 0x471a (USB serial bus, interface 0x10, rev 0x02) PCI bus 0 slot 2/1: vendor 0x14e4 product 0x471a (USB serial bus, interface 0x20, rev 0x02) PCI bus 0 slot 3/0: vendor 0x14e4 product 0x471b (USB serial bus, rev 0x02) PCI bus 0 slot 4/0: vendor 0x14e4 product 0x0804 (PCI bridge, rev 0x02) PCI bus 0 slot 5/0: vendor 0x14e4 product 0x0816 (MIPS processor, rev 0x02) PCI bus 0 slot 6/0: vendor 0x14e4 product 0x471d (IDE mass storage, rev 0x02) PCI bus 0 slot 7/0: vendor 0x14e4 product 0x4718 (network/computing crypto, rev 0x02) PCI bus 0 slot 8/0: vendor 0x14e4 product 0x080f (RAM memory, rev 0x02) PCI bus 0 slot 9/0: vendor 0x14e4 product 0x471e (class 0xfe, subclass 0x00, rev 0x02) Initializing Devices.
No DPN This is a Parallel Flash Partition information: boot #00 00000000 -> 0003FFFF (262144) trx #01 00040000 -> 0004001B (28) os #02 0004001C -> 007F7FFF (8093668) nvram #03 007F8000 -> 007FFFFF (32768) Partition information: boot #00 00000000 -> 0003FFFF (262144) trx #01 00040000 -> 007F7FFF (8093696) nvram #02 007F8000 -> 007FFFFF (32768) Reset switch via GPIO 8 ... PCI bus 0 slot 1/0: pci_map_mem: attempt to map 64-bit region tag=0x800 @ addr=18010004 PCI bus 0 slot 1/0: pci_map_mem: addr=0x18010004 pa=0x18010000 ge0: BCM5750 Ethernet at 0x18010000 CPU type 0x2901A: 300MHz Total memory: 131072 KBytes
Total memory used by CFE: 0x80600000 - 0x806A1900 (661760) Initialized Data: 0x80636C40 - 0x80639BE0 (12192) BSS Area: 0x80639BE0 - 0x8063B900 (7456) Local Heap: 0x8063B900 - 0x8069F900 (409600) Stack Area: 0x8069F900 - 0x806A1900 (8192) Text (code) segment: 0x80600000 - 0x80636C40 (224320) Boot area (physical): 0x006A2000 - 0x006E2000 Relocation Factor: I:00000000 - D:00000000
Boot version: v4.4 The boot is CFE mac_init(): Find mac [00:XX:XX:XX:XX:XX] in location 0 Nothing... CMD: [ifconfig eth0 -addr=192.168.1.1 -mask=255.255.255.0] eth0: Link speed: 100BaseT FDX Device eth0: hwaddr 00-XX-XX-XX-XX-XX, ipaddr 192.168.1.1, mask 255.255.255.0 gateway not set, nameserver not set CMD: [go;] Check CRC of image1 Len: 0x5C0000 (6029312) (0xBC040000) Offset0: 0x1C (28) (0xBC04001C) Offset1: 0x9D0 (2512) (0xBC0409D0) Offset2: 0xE2C00 (928768) (0xBC122C00) Header CRC: 0xE2BCDDD9 Calculate CRC: 0xE2BCDDD9 Image 1 is OK Try to load image 1. Waiting for 5 seconds to upgrade ... CMD: [load -raw -addr=0x806a1900 -max=0xf70000 :] Loader:raw Filesys:tftp Dev:eth0 File:: Options:(null) Loading: _tftpd_open(): retries=0/5 Failed. Could not load :: Interrupted Stop to blink diag led ...CFE> CMD: [] CFE>
|
一开始输出的是bootloader(CFE)的信息,一开机在终端中按下CTRL+C,就可以进入CFE的命令行模式下。否则会自动进入Linux系统。
进入Linux系统后就可以登录了:
DD-WRT v24-sp2 mega (c) 2009 NewMedia-NET GmbH Release: 04/02/09 (SVN revision: 11805) ÿ Tekkaman WRT login: root Password: ==========================================================
____ ___ __ ______ _____ ____ _ _ | _ \| _ \ \ \ / / _ \_ _| __ _|___ \| || | || | || ||____\ \ /\ / /| |_) || | \ \ / / __) | || |_ ||_| ||_||_____\ V V / | _ < | | \ V / / __/|__ _| |___/|___/ \_/\_/ |_| \_\|_| \_/ |_____| |_|
DD-WRT v24-sp2 http://
========================================================== Jan 1 00:00:38 login[562]: root login on 'console'
BusyBox v1.13.3 (2009-04-02 16:01:41 CEST) built-in shell (ash) Enter 'help' for a list of built-in commands.
root@Tekkaman WRT:~#
|
JTAG刷机(“晕到死”系统下)
使用JTAG通信除了硬件上的连接以外,还需要两个软件:
(1)
(2)brjtag.exe (你可以在恩山论坛上下载最新的)
这里提供1.8b的下载:
|
文件: |
brjtag18b.rar |
大小: |
60KB |
下载: |
下载 | |
刷机步骤:
(1)加载GiveIO驱动,参考的步骤!
(注意:“痿死他”和“晕气”系统下运行LoadDrv,请用右键:使用管理员权限运行)(2)到brjtag.exe程序目录下,通过命令行运行:
以探测连接的芯片和flash。
见下图:
如果你是用台式机的并口,就不需要后面的/port:XXXX ,用默认的并口地址就好了,我使用的是Express 卡转并口,所以要定义端口地址,具体的情况见上图。
(3)刷新CFE,运行:
brjtag.exe -flash:cfe /port:XXXX
|
brjtag.exe程序就先擦除CFE分区,并会在当前目录下找名为CFE.BIN的文件,并
将它烧写到CFE分区。
brjtag.exe还有许多其他的功能,需要看帮助信息的话,请直接运行
brjtag.exe!
对于新买来的路由,最好先运行:
brjtag.exe -backup:cfe /port:XXXX
|
来备份CFE,以备不时之需。如果没有CEF的bin文件,你可以到恩山论坛上搜索,或者下载恩山上的:。
阅读(1068) | 评论(0) | 转发(0) |