Appelwiki - User contributions [en]

Isl3893-Y.A.R.C - Yet another ReCovery-HOWTO

2006-03-28T15:16:32Z

Stefan:

=Recovering an isl3893-AP after a bad firmware-flash=

You can recover either using Safe Mode or a recovery image

==Method 1: Safe Mode==
Turn AP off, press the reset-button, keep it pressed and switch back on. The AP will then respond to IP 192.0.2.93, TFTP and ping only. You can then upload a firmware image. (Set you PCs IP accordingly, of course :-)

<pre>
On windows:
tftp -i 192.0.2.93 PUT <name of firmware imagefile>

On linux:
tftp 192.0.2.93
verbose
trace
binary
put <name of firmware imagefile>
quit
</pre>

Uploading this way takes 1-2 minutes, the LAN-LED flashes very fast during that time. Then the AP should automatically reboot. It may then take another 2-3 minutes before the AP responds again.

It helps to have a sniffer listening to the LAN-interface of the PC. You can immediately see if TFTP is uploading the firmware, and later when the AP is back online you may be able to see broadcasts, DHCP-discovery packets or other network-traffic to/from the AP. Usually you can see the current IP of the AP, in case you are unsure.

You may get the error-message "firmware image exceeds flash-size". In that case see section [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO#Recovery Image|Recovery Image]]

==Method 2: Recovery Image==
The error-message "firmware image exceeds flash-size" means the the previously flashed firmware has repartitioned the flash-memory of the AP. The partition for the firmware can then be too small for any other image, often even including the one that reset the partitions.

IMHO the bootloader is designed very badly. It should be able to reset the partitions if necessary before or during firmware-upload.

The publicly available firmware-sources usually have pre-set partition-sizes 10000/1b0000/200000. The can be changed before compiling the sources, see make menuconfig. Try for example 10000/200000/360000. That helps avoid the "exceeds flash-size"-error.

===Recovery-Upload===
For recovery get a small firmware-image like [http://isl3893.sourceforge.net/download/firmware/siemens-wlanap600rp/apfw.minimal.img apfw.minimal.img]

You will also need [http://www.student.kuleuven.ac.be/~s0169612/isl3893/imginstall imginstall]

apfw.minimal.img usually fits even if the partitions are misconfigured. Upload it as described in section
[[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO#Safe Mode|Safe Mode]]
Then set your PC to an IP fitting the default-IP of apfw.minimal.img, 192.168.24.23

After upload, reboot and another 2 minutes (use sniffer to monitor) you should be able to telnet 192.168.24.23. FTP should also work.

===Flashing new Firmware===
<pre>
Then FTP 192.168.24.23
cd /var
binary
put imginstall
put <another firmware image-file>
quit

Then telnet 192.168.24.23
cd /var
chmod +x imginstall
imginstall -k <firmware image-file>
</pre>

You should get a message like "programming block N" every few seconds.
After about 25 programmed blocks the message "rebooting in 5 seconds" should come up.

Then wait while the AP reboots, and set the IP of your PC to fit the default IP of the newly flashed image, usually 192.168.1.254, 192.168.0.1 or a few others, depending on the manufacturer of the newly flashed firmware. If you do not know the IP try the sniffer or google for the default IP of the manufacturer.

The AP should then behave according the features of the firmware.

==Other Links==
See Ruben's page: http://www.student.kuleuven.ac.be/~s0169612/isl3893.html
* section "Flashing large firmware images"
* section "Recovering the AP from a bad firmware image"

==[[ISL3893|Back to ISL3893]]==

Main Page

2006-03-28T15:12:43Z

Stefan:

'''The experimental hardware wiki'''

This wiki is all about the art of destructive education.
See this wiki as a scrapbook for the real howto's.

* [[ISL3893]]
* [[ADM5106]]
* [[Gigabyte GN-BR404W]]
* [[Zyxell Prestige-650R-30]]

Consult the [http://www.mediawiki.org/wiki/Help:Configuration_settings configuration settings list] and the [http://meta.wikipedia.org/wiki/MediaWiki_User%27s_Guide User's Guide] for information on customising and using the wiki software.

Suggestion for alternate Main Page

2006-03-28T15:12:33Z

Stefan:

Suggestion for alternate Main Page

2006-03-28T15:11:12Z

Stefan:

'''The experimental hardware wiki'''

This wiki is all about the art of destructive education.
See this wiki as a scrapbook for the real howto's.

=ISL3893=
== ISL 3893 ==

This chipset can be found in a lot of routers. For a list of hardware see the [http://isl3893.sourceforge.net/hardware.html isl3893.sf.net hardware page].
I myself own a [[Fujitsu siemens AP600]].

To create new firmware you need an [[ISL3893 Toolchain]] and the [[ISL3893 Source]].
You can get an [[ISL3893 quick start]] if you feel a bit scary diving into the deeps.

After creating the firmware you need to [[Flash the ISL3893]].

== Links ==
* [http://isl3893.sf.net ISL3893 Project page]
* [http://www.warp.at/projects/wg602.html warp.at]
* [http://www.student.kuleuven.ac.be/~s0169612/isl3893.html Ruben Faelens]
* [http://jbnote.free.fr/islsm/doku.php?id=documentation:isl38xx_hardware http://jbnote.free.fr/islsm/doku.php?id=documentation:isl38xx_hardware]
* [http://prism54.org/ http://prism54.org/]

== HOWTO ==
* [[isl3893-Y.A.F.H - Yet another Firmware-HOWTO]]
* [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO]]

=ADM5106=
== A peek inside ==
[[Image:EM4012Bottom.jpg|300px]]
[[Image:EM4012Top.jpg|300px]]

== Links ==
* [http://saintaardvarkthecarpeted.com/nwr04b/ Nwr04b]
* [http://hri.sf.net HRI project page]

=Gigabyte GN-BR404W=
[[Image:br404top.jpg|300px]]
[[Image:br404bottom.jpg|300px]]

==Zyxell Prestige-650R-30==
This is a wish project. These routers are thrown away and probably can get a second life.

== a peek inside ==

[[Image:prestige650top.jpg|300px]]
[[Image:prestige650bottom.jpg|300px]]

== ZYXEL Prestige 650 ==

U1: ZyDAS (CPU)
ZD2001
MFB4007.1 0309
WAVEPLUS
TAIWAN

U2: MTC-20156TQ-C1 (PROBABLY SECOND CPU OR SOMETHING ELSE)
C156-4AB ARM
LAUBT0311
TAIWAN
ST

J4:
1-VTREF?
2,4,6,8,10,12,14-GND
3-TRST (pin174)
5-TDI (pin1)
7-TMS (pin175)
9-TCK (pin171)
11-TDO(pin176)
13-VTREF?

U3: MTC20154TGC (ADSL CHIPSET)
1301533
7221F0309
MALTA
ST

U4: ALTIMA (LAN CONTROLLER)
AC101LKQT
TN0310 P11
70850A

U5: MX SO31445 (FLASH ROM)
29LV160BTC-90
2H191700
TAIWAN
16M-BIT [2Mx8/1Mx16] CMOS SINGLE VOLTAGE 3V ONLY FLASH MEMORY

U6: WINBOND (DRAM MODULE 1)
3150G
W986432DH-7

U7: WINBOND (DRAM MODULE 2)
311WH
W981616BH-7

==Help :-)==
Consult the [http://www.mediawiki.org/wiki/Help:Configuration_settings configuration settings list] and the [http://meta.wikipedia.org/wiki/MediaWiki_User%27s_Guide User's Guide] for information on customising and using the wiki software.

Suggestion for alternate Main Page

2006-03-28T15:08:00Z

Stefan:

'''The experimental hardware wiki'''

This wiki is all about the art of destructive education.
See this wiki as a scrapbook for the real howto's.

=ISL3893=
=ADM5106=
=Gigabyte GN-BR404W=
=Zyxell Prestige-650R-30=

Consult the [http://www.mediawiki.org/wiki/Help:Configuration_settings configuration settings list] and the [http://meta.wikipedia.org/wiki/MediaWiki_User%27s_Guide User's Guide] for information on customising and using the wiki software.

Main Page

2006-03-28T15:07:01Z

Stefan:

Isl3893-Y.A.F.H - Yet another Firmware-HOWTO

2006-03-28T15:05:24Z

Stefan:

=Isl3893-Y.A.F.H - Yet another Firmware-HOWTO=

This is a step-by-step-HOWTO on "from scratch"-compiling the firmware for the AP-600. It has been tested several times on two different SuSE-10-PCs, each time deleting the source-tree and starting over.

It assumes fair Linux-knowledge on your part, and of course NO CLAIM of any kind concerning these instructions shall be made. There is NO CLAIM that these instructions will work in any beneficial way, nor that you will not completely fuck up your AP if you try them. If you do not have at least a basic idea on [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO|what to do if you toast you AP]], then don't do anything described below. And don't bother your dealer or the customersupport if you blew it. OK?

The steps in this document have been tested by starting "from scratch", if necessary by deleting or renaming an already existing source-tree.
* Tried, not tested: The firmware-sources from Medion are very similar and should work too. The building path has been hardcoded into the Makefile however (intentionally to harden homebrew development?), so the sources can only be compiled when installed in /home/paulfh.
* Tried, not tested: The sources for the Sitecom WET-122-v1 can be compiled too, but you have to get the apps-nongpl-subtree elsewhere, for example from the AP-600-sources. Build the WL-122-v1-sources, then you will see where to copy the missing sub-tree.
* wet54gs5: See http://www.student.kuleuven.ac.be/~s0169612/isl3893.html for more info.

==Software/Tools==
Used current version of the linux-platform and linux-tools:
* Linux opensuse 10.0 (german)
* gcc, gcc-c++, cpp 4.02_20050901-31 (as included in SuSE 10.0)
* flex 2.4.5a-297 (as included in SuSE 10.0)
* bison 1.875-56 (as included in SuSE 10.0)
* The binary /sbin/depmod.old is called by the build-scripts of some firmware-sources. Make a softlink from your existing /sbin/depmod, that works most of the time.

==Building the toolchain==

After Arco did some serious patching to the sources on sf.net this should work out of the box:
http://osdn.dl.sourceforge.net/sourceforge/isl3893/isl3893-tools-20060321.tar.bz2
or: http://appeltaart.mine.nu/isl3893/isl3893-tools-20060321.tar.bz2
(both dated Mar 21 2006)

<pre>
unpack
cd tools
cp depmod.old /sbin
./make-tools.sh
# takes a few minutes ...
# that was easy, wasn't it ? :-)
</pre>

==Building the firmware==

Some steps may be unnecessary for the AP-600-sources, but can become necessary for other source-trees. They will not do any damage though.

The AP-600-sources were chosen because they are the easiest to build. They are not necessarily the best.

Also this HOWTO is not meant to be finished. You will have some basic functionality including shell-access. Then you can start making your own mods.

===Sources===
Get AP-600RP_GNU_source-code.zip. That should be the firmware-sources as released by Fujitsu-Siemens.

===Config and Building===
<pre>
unzip AP-600RP_GNU_source-code.zip
tar -xvzf Code.tgz
cd v1010
chmod -Rv a+rwx *
cd Software/firmware/uClinux/
make menuconfig
# change flash-layout to 10000/200000/360000
# leave "Accesspoint Features" as they are
# Development options: include shelld, additional command line tools, meminfo
# exit + save
cd kernel # Software/firmware/uClinux/kernel
make menuconfig
# no changes, exit + save
make dep
cd .. # Software/firmware
cd ../apfw # Software/firmware/apfw
make image
# takes a few minutes. You should then have a new firmware-image in file 'apfirmware.img'
# DO NOT UPLOAD THIS YET
</pre>

===Patching===
Unfortunately there are a few bugs in the sources. I do not speculate on whether ZCom or Fujitsu-Siemens or whoever else might have planted these intentionally :-(

So now some patches:
<pre>
cd ../uClinux/romfs/etc # Software/firmware/uClinux/romfs/etc/
vi startup.list
# comment out datastore and paed, they are somehow corrupt
# exit + save

# --- This part concerning /etc/passwd is only necessary for boa --- #
# passwd is normally softlinked to /usr/etc, here we replace it by a file in /etc
mv passwd passwd.old
vi passwd
# enter these lines:
root::0:0:/:/bin/sh
nobody::1234:1234::/:/bin/sh
# exit + save

cd init.d # Software/firmware/uClinux/romfs/etc/init.d/
vi network
after the line 'ifconfig lo 127.0.0.1 up' add these lines
a) for having the AP get its IP by dhcp:
ifup eth0 autoip
ifup eth1 autoip
ifup br0 autoip
ifup br0 dhcp
# exit + save

b) Or for static IP:
ifup eth0 autoip
ifup eth1 autoip
ifup br0 static 192.168.1.253 255.255.255.0
# exit + save

cd ../../.. # Software/firmware/uClinux/
cd ../apfw # Software/firmware/apfw
make image
# wait a while ...
</pre>

===Upload to the AP===
Then you can hopefully upload apfirmware.img. This is also known as the "Load-And-Pray"-Mode :-)

To upload put your AP in safe mode by turning on the power with the reset-button pressed. The AP now has the IP 192.0.2.93 and no firmware. It responds only to tftp and ping.

<pre>
Connect it to your PC and

ifconfig eth0 192.0.2.99
tftp 192.0.2.93
verbose
trace
bin
put apfirmware.img
quit
# upload takes 1-2 minutes, led on AP flashes fast
# the AP should then reboot automatically

# then:
ifconfig eth0 192.168.1.99
</pre>

The AP should come up and get an IP by dhcp or respond to ping 192.168.1.253. You can monitor what is happening if you start a sniffer on eth0.

You should be able to telnet 192.168.1.253

There may be trouble getting the webserver boa (/etc/init.d/boa and /bin/boa) running, and a webfilesystem has to be added later.

==Recovery==
Just in case something went wrong, see [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO]] http://www.smiley-channel.de/grafiken/smiley/idee/smiley-channel.de_idee004.gif

==[[ISL3893|Back to ISL3893]]==

Isl3893-Y.A.F.H - Yet another Firmware-HOWTO

2006-03-28T15:04:52Z

Stefan:

=Isl3893-Y.A.F.H - Yet another Firmware-HOWTO=

This is a step-by-step-HOWTO on "from scratch"-compiling the firmware for the AP-600. It has been tested several times on two different SuSE-10-PCs, each time deleting the source-tree and starting over.

It assumes fair Linux-knowledge on your part, and of course NO CLAIM of any kind concerning these instructions shall be made. There is NO CLAIM that these instructions will work in any beneficial way, nor that you will not completely fuck up your AP if you try them. If you do not have at least a basic idea on [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO|what to do if you toast you AP]], then don't do anything described below. And don't bother your dealer or the customersupport if you blew it. OK?

The steps in this document have been tested by starting "from scratch", if necessary by deleting or renaming an already existing source-tree.
* Tried, not tested: The firmware-sources from Medion are very similar and should work too. The building path has been hardcoded into the Makefile however (intentionally to harden homebrew development?), so the sources can only be compiled when installed in /home/paulfh.
* Tried, not tested: The sources for the Sitecom WET-122-v1 can be compiled too, but you have to get the apps-nongpl-subtree elsewhere, for example from the AP-600-sources. Build the WL-122-v1-sources, then you will see where to copy the missing sub-tree.
* wet54gs5: See http://www.student.kuleuven.ac.be/~s0169612/isl3893.html for more info.

==Software/Tools==
Used current version of the linux-platform and linux-tools:
* Linux opensuse 10.0 (german)
* gcc, gcc-c++, cpp 4.02_20050901-31 (as included in SuSE 10.0)
* flex 2.4.5a-297 (as included in SuSE 10.0)
* bison 1.875-56 (as included in SuSE 10.0)
* The binary /sbin/depmod.old is called by the build-scripts of some firmware-sources. Make a softlink from your existing /sbin/depmod, that works most of the time.

==Building the toolchain==

After Arco did some serious patching to the sources on sf.net this should work out of the box:
http://osdn.dl.sourceforge.net/sourceforge/isl3893/isl3893-tools-20060321.tar.bz2
or: http://appeltaart.mine.nu/isl3893/isl3893-tools-20060321.tar.bz2
(both dated Mar 21 2006)

<pre>
unpack
cd tools
cp depmod.old /sbin
./make-tools.sh
# takes a few minutes ...
# that was easy, wasn't it ? :-)
</pre>

==Building the firmware==

Some steps may be unnecessary for the AP-600-sources, but can become necessary for other source-trees. They will not do any damage though.

The AP-600-sources were chosen because they are the easiest to build. They are not necessarily the best.

Also this HOWTO is not meant to be finished. You will have some basic functionality including shell-access. Then you can start making your own mods.

===Sources===
Get AP-600RP_GNU_source-code.zip. That should be the firmware-sources as released by Fujitsu-Siemens.

===Config and Building===
<pre>
unzip AP-600RP_GNU_source-code.zip
tar -xvzf Code.tgz
cd v1010
chmod -Rv a+rwx *
cd Software/firmware/uClinux/
make menuconfig
# change flash-layout to 10000/200000/360000
# leave "Accesspoint Features" as they are
# Development options: include shelld, additional command line tools, meminfo
# exit + save
cd kernel # Software/firmware/uClinux/kernel
make menuconfig
# no changes, exit + save
make dep
cd .. # Software/firmware
cd ../apfw # Software/firmware/apfw
make image
* takes a few minutes. You should then have a new firmware-image in file 'apfirmware.img'
* DO NOT UPLOAD THIS YET
</pre>

===Patching===
Unfortunately there are a few bugs in the sources. I do not speculate on whether ZCom or Fujitsu-Siemens or whoever else might have planted these intentionally :-(

So now some patches:
<pre>
cd ../uClinux/romfs/etc # Software/firmware/uClinux/romfs/etc/
vi startup.list
# comment out datastore and paed, they are somehow corrupt
# exit + save

# --- This part concerning /etc/passwd is only necessary for boa --- #
# passwd is normally softlinked to /usr/etc, here we replace it by a file in /etc
mv passwd passwd.old
vi passwd
# enter these lines:
root::0:0:/:/bin/sh
nobody::1234:1234::/:/bin/sh
# exit + save

cd init.d # Software/firmware/uClinux/romfs/etc/init.d/
vi network
after the line 'ifconfig lo 127.0.0.1 up' add these lines
a) for having the AP get its IP by dhcp:
ifup eth0 autoip
ifup eth1 autoip
ifup br0 autoip
ifup br0 dhcp
# exit + save

b) Or for static IP:
ifup eth0 autoip
ifup eth1 autoip
ifup br0 static 192.168.1.253 255.255.255.0
# exit + save

cd ../../.. # Software/firmware/uClinux/
cd ../apfw # Software/firmware/apfw
make image
# wait a while ...
</pre>

===Upload to the AP===
Then you can hopefully upload apfirmware.img. This is also known as the "Load-And-Pray"-Mode :-)

To upload put your AP in safe mode by turning on the power with the reset-button pressed. The AP now has the IP 192.0.2.93 and no firmware. It responds only to tftp and ping.

<pre>
Connect it to your PC and

ifconfig eth0 192.0.2.99
tftp 192.0.2.93
verbose
trace
bin
put apfirmware.img
quit
# upload takes 1-2 minutes, led on AP flashes fast
# the AP should then reboot automatically

# then:
ifconfig eth0 192.168.1.99
</pre>

The AP should come up and get an IP by dhcp or respond to ping 192.168.1.253. You can monitor what is happening if you start a sniffer on eth0.

You should be able to telnet 192.168.1.253

There may be trouble getting the webserver boa (/etc/init.d/boa and /bin/boa) running, and a webfilesystem has to be added later.

==Recovery==
Just in case something went wrong, see [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO]] http://www.smiley-channel.de/grafiken/smiley/idee/smiley-channel.de_idee004.gif

==[[ISL3893|Back to ISL3893]]==

Isl3893-Y.A.R.C - Yet another ReCovery-HOWTO

2006-03-28T15:01:13Z

Stefan:

=Recovering an isl3893-AP after a bad firmware-flash=

You can recover either using Safe Mode or a recovery image

==Method 1: Safe Mode==
Turn AP off, press the reset-button, keep it pressed and switch back on. The AP will then respond to IP 192.0.2.93, TFTP and ping only. You can then upload a firmware image. (Set you PCs IP accordingly, of course :-)

<pre>
On windows:
tftp -i 192.0.2.93 PUT <name of firmware imagefile>

On linux:
tftp 192.0.2.93
verbose
trace
binary
put <name of firmware imagefile>
quit
</pre>

Uploading this way takes 1-2 minutes, the LAN-LED flashes very fast during that time. Then the AP should automatically reboot. It may then take another 2-3 minutes before the AP responds again.

It helps to have a sniffer listening to the LAN-interface of the PC. You can immediately see if TFTP is uploading the firmware, and later when the AP is back online you may be able to see broadcasts, DHCP-discovery packets or other network-traffic to/from the AP. Usually you can see the current IP of the AP, in case you are unsure.

You may get the error-message "firmware image exceeds flash-size". In that case see section [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO#Recovery Image|Recovery Image]]

==Method 2: Recovery Image==
The error-message "firmware image exceeds flash-size" means the the previously flashed firmware has repartitioned the flash-memory of the AP. The partition for the firmware can then be too small for any other image, often even including the one that reset the partitions.

IMHO the bootloader is designed very badly. It should be able to reset the partitions if necessary before or during firmware-upload.

The publicly available firmware-sources usually have pre-set partition-sizes 10000/1b0000/200000. The can be changed before compiling the sources, see make menuconfig. Try for example 10000/200000/360000. That helps avoid the "exceeds flash-size"-error.

===Recovery-Upload===
For recovery get a small firmware-image like [http://isl3893.sourceforge.net/download/firmware/siemens-wlanap600rp/apfw.minimal.img apfw.minimal.img]

apfw.minimal.img usually fits even if the partitions are misconfigured. Upload it as described in section
[[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO#Safe Mode|Safe Mode]]
Then set your PC to an IP fitting the default-IP of apfw.minimal.img, 192.168.24.23

After upload, reboot and another 2 minutes (use sniffer to monitor) you should be able to telnet 192.168.24.23. FTP should also work.

===Flashing new Firmware===
<pre>
Then FTP 192.168.24.23
cd /var
binary
put imginstall
put <another firmware image-file>
quit

Then telnet 192.168.24.23
cd /var
chmod +x imginstall
imginstall -k <firmware image-file>
</pre>

You should get a message like "programming block N" every few seconds.
After about 25 programmed blocks the message "rebooting in 5 seconds" should come up.

Then wait while the AP reboots, and set the IP of your PC to fit the default IP of the newly flashed image, usually 192.168.1.254, 192.168.0.1 or a few others, depending on the manufacturer of the newly flashed firmware. If you do not know the IP try the sniffer or google for the default IP of the manufacturer.

The AP should then behave according the features of the firmware.

==Other Links==
See Ruben's page: http://www.student.kuleuven.ac.be/~s0169612/isl3893.html
* section "Flashing large firmware images"
* section "Recovering the AP from a bad firmware image"

==[[ISL3893|Back to ISL3893]]==

Isl3893-Y.A.R.C - Yet another ReCovery-HOWTO

2006-03-28T14:49:54Z

Stefan:

=Recovering an isl3893-AP after a bad firmware-flash=

You can recover either using Safe Mode or a recovery image

==Method 1: Safe Mode==
Turn AP off, press the reset-button, keep it pressed and switch back on. The AP will then respond to IP 192.0.2.93, TFTP and ping only. You can then upload a firmware image. (Set you PCs IP accordingly, of course :-)

On windows:
tftp -i 192.0.2.93 PUT <name of firmware imagefile>

On linux:
tftp 192.0.2.93
verbose
trace
binary
put <name of firmware imagefile>
quit

Uploading this way takes 1-2 minutes, the LAN-LED flashes very fast during that time. Then the AP should automatically reboot. It may then take another 2-3 minutes before the AP responds again.

It helps to have a sniffer listening to the LAN-interface of the PC. You can immediately see if TFTP is uploading the firmware, and later when the AP is back online you may be able to see broadcasts, DHCP-discovery packets or other network-traffic to/from the AP. Usually you can see the current IP of the AP, in case you are unsure.

You may get the error-message "firmware image exceeds flash-size". In that case see section [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO#Recovery Image|Recovery Image]]

==Method 2: Recovery Image==
The error-message "firmware image exceeds flash-size" means the the previously flashed firmware has repartitioned the flash-memory of the AP. The partition for the firmware can then be too small for any other image, often even including the one that reset the partitions.

IMHO the bootloader is designed very badly. It should be able to reset the partitions if necessary before or during firmware-upload.

The publicly available firmware-sources usually have pre-set partition-sizes 10000/1b0000/200000. The can be changed before compiling the sources, see make menuconfig. Try for example 10000/200000/360000. That helps avoid the "exceeds flash-size"-error.

===Recovery-Upload===
For recovery get a small firmware-image like [http://isl3893.sourceforge.net/download/firmware/siemens-wlanap600rp/apfw.minimal.img apfw.minimal.img]

apfw.minimal.img usually fits even if the partitions are misconfigured. Upload it as described in section
[[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO#Safe Mode|Safe Mode]]
Then set your PC to an IP fitting the default-IP of apfw.minimal.img, 192.168.24.23

After upload, reboot and another 2 minutes (use sniffer to monitor) you should be able to telnet 192.168.24.23. FTP should also work.

===Flashing new Firmware===
Then FTP 192.168.24.23
cd /var
binary
put imginstall
put <another firmware image-file>
quit

Then telnet 192.168.24.23
cd /var
chmod +x imginstall
imginstall -k <firmware image-file>

You should get a message like "programming block N" every few seconds.
After about 25 programmed blocks the message "rebooting in 5 seconds" should come up.

Then wait while the AP reboots, and set the IP of your PC to fit the default IP of the newly flashed image, usually 192.168.1.254, 192.168.0.1 or a few others, depending on the manufacturer of the newly flashed firmware. If you do not know the IP try the sniffer or google for the default IP of the manufacturer.

The AP should then behave according the features of the firmware.

==Other Links==
See Ruben's page: http://www.student.kuleuven.ac.be/~s0169612/isl3893.html
* section "Flashing large firmware images"
* section "Recovering the AP from a bad firmware image"

==[[ISL3893|Back to ISL3893]]==

Isl3893-Y.A.F.H - Yet another Firmware-HOWTO

2006-03-28T14:49:37Z

Stefan:

=Isl3893-Y.A.F.H - Yet another Firmware-HOWTO=

This is a step-by-step-HOWTO on "from scratch"-compiling the firmware for the AP-600. It has been tested several times on two different SuSE-10-PCs, each time deleting the source-tree and starting over.

It assumes fair Linux-knowledge on your part, and of course NO CLAIM of any kind concerning these instructions shall be made. There is NO CLAIM that these instructions will work in any beneficial way, nor that you will not completely fuck up your AP if you try them. If you do not have at least a basic idea on [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO|what to do if you toast you AP]], then don't do anything described below. And don't bother your dealer or the customersupport if you blew it. OK?

The steps in this document have been tested by starting "from scratch", if necessary by deleting or renaming an already existing source-tree.
* Tried, not tested: The firmware-sources from Medion are very similar and should work too. The building path has been hardcoded into the Makefile however (intentionally to harden homebrew development?), so the sources can only be compiled when installed in /home/paulfh.
* Tried, not tested: The sources for the Sitecom WET-122-v1 can be compiled too, but you have to get the apps-nongpl-subtree elsewhere, for example from the AP-600-sources. Build the WL-122-v1-sources, then you will see where to copy the missing sub-tree.
* wet54gs5: See http://www.student.kuleuven.ac.be/~s0169612/isl3893.html for more info.

==Software/Tools==
Used current version of the linux-platform and linux-tools:
* Linux opensuse 10.0 (german)
* gcc, gcc-c++, cpp 4.02_20050901-31 (as included in SuSE 10.0)
* flex 2.4.5a-297 (as included in SuSE 10.0)
* bison 1.875-56 (as included in SuSE 10.0)
* The binary /sbin/depmod.old is called by the build-scripts of some firmware-sources. Make a softlink from your existing /sbin/depmod, that works most of the time.

==Building the toolchain==

After Arco did some serious patching to the sources on sf.net this should work out of the box:
http://osdn.dl.sourceforge.net/sourceforge/isl3893/isl3893-tools-20060321.tar.bz2
or: http://appeltaart.mine.nu/isl3893/isl3893-tools-20060321.tar.bz2
(both dated Mar 21 2006)

unpack
cd tools
cp depmod.old /sbin
./make-tools.sh
# takes a few minutes ...
# that was easy, wasn't it ? :-)

==Building the firmware==

Some steps may be unnecessary for the AP-600-sources, but can become necessary for other source-trees. They will not do any damage though.

The AP-600-sources were chosen because they are the easiest to build. They are not necessarily the best.

Also this HOWTO is not meant to be finished. You will have some basic functionality including shell-access. Then you can start making your own mods.

===Sources===
Get AP-600RP_GNU_source-code.zip. That should be the firmware-sources as released by Fujitsu-Siemens.

===Config and Building===
unzip AP-600RP_GNU_source-code.zip
tar -xvzf Code.tgz
cd v1010
chmod -Rv a+rwx *
cd Software/firmware/uClinux/
make menuconfig
# change flash-layout to 10000/200000/360000
# leave "Accesspoint Features" as they are
# Development options: include shelld, additional command line tools, meminfo
# exit + save
cd kernel # Software/firmware/uClinux/kernel
make menuconfig
# no changes, exit + save
make dep
cd .. # Software/firmware
cd ../apfw # Software/firmware/apfw
make image
# takes a few minutes. You should then have a new firmware-image in file 'apfirmware.img'
# DO NOT UPLOAD THIS YET

===Patching===
Unfortunately there are a few bugs in the sources. I do not speculate on whether ZCom or Fujitsu-Siemens or whoever else might have planted these intentionally :-(

So now some patches:

cd ../uClinux/romfs/etc # Software/firmware/uClinux/romfs/etc/
vi startup.list
# comment out datastore and paed, they are somehow corrupt
# exit + save

# --- This part concerning /etc/passwd is only necessary for boa --- #
# passwd is normally softlinked to /usr/etc, here we replace it by a file in /etc
mv passwd passwd.old
vi passwd
# enter these lines:
root::0:0:/:/bin/sh
nobody::1234:1234::/:/bin/sh
# exit + save

cd init.d # Software/firmware/uClinux/romfs/etc/init.d/
vi network
# after the line 'ifconfig lo 127.0.0.1 up' add these lines
a) for having the AP get its IP by dhcp:
ifup eth0 autoip
ifup eth1 autoip
ifup br0 autoip
ifup br0 dhcp
# exit + save

b) Or for static IP:
ifup eth0 autoip
ifup eth1 autoip
ifup br0 static 192.168.1.253 255.255.255.0
# exit + save

cd ../../.. # Software/firmware/uClinux/
cd ../apfw # Software/firmware/apfw
make image
# wait a while ...

===Upload to the AP===
Then you can hopefully upload apfirmware.img. This is also known as the "Load-And-Pray"-Mode :-)

To upload put your AP in safe mode by turning on the power with the reset-button pressed. The AP now has the IP 192.0.2.93 and no firmware. It responds only to tftp and ping.

Connect it to your PC and

ifconfig eth0 192.0.2.99
tftp 192.0.2.93
verbose
trace
bin
put apfirmware.img
quit
# upload takes 1-2 minutes, led on AP flashes fast
# the AP should then reboot automatically

# then:
ifconfig eth0 192.168.1.99

The AP should come up and get an IP by dhcp or respond to ping 192.168.1.253. You can monitor what is happening if you start a sniffer on eth0.

You should be able to telnet 192.168.1.253

There may be trouble getting the webserver boa (/etc/init.d/boa and /bin/boa) running, and a webfilesystem has to be added later.

==Recovery==
Just in case something went wrong, see [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO]] http://www.smiley-channel.de/grafiken/smiley/idee/smiley-channel.de_idee004.gif

==[[ISL3893|Back to ISL3893]]==

Isl3893-Y.A.R.C - Yet another ReCovery-HOWTO

2006-03-28T14:48:22Z

Stefan:

=Recovering an isl3893-AP after a bad firmware-flash=

You can recover either using Safe Mode or a recovery image

==Method 1: Safe Mode==
Turn AP off, press the reset-button, keep it pressed and switch back on. The AP will then respond to IP 192.0.2.93, TFTP and ping only. You can then upload a firmware image. (Set you PCs IP accordingly, of course :-)

On windows:
tftp -i 192.0.2.93 PUT <name of firmware imagefile>

On linux:
tftp 192.0.2.93
verbose
trace
binary
put <name of firmware imagefile>
quit

Uploading this way takes 1-2 minutes, the LAN-LED flashes very fast during that time. Then the AP should automatically reboot. It may then take another 2-3 minutes before the AP responds again.

It helps to have a sniffer listening to the LAN-interface of the PC. You can immediately see if TFTP is uploading the firmware, and later when the AP is back online you may be able to see broadcasts, DHCP-discovery packets or other network-traffic to/from the AP. Usually you can see the current IP of the AP, in case you are unsure.

You may get the error-message "firmware image exceeds flash-size". In that case see section [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO#Recovery Image|Recovery Image]]

==Method 2: Recovery Image==
The error-message "firmware image exceeds flash-size" means the the previously flashed firmware has repartitioned the flash-memory of the AP. The partition for the firmware can then be too small for any other image, often even including the one that reset the partitions.

IMHO the bootloader is designed very badly. It should be able to reset the partitions if necessary before or during firmware-upload.

The publicly available firmware-sources usually have pre-set partition-sizes 10000/1b0000/200000. The can be changed before compiling the sources, see make menuconfig. Try for example 10000/200000/360000. That helps avoid the "exceeds flash-size"-error.

===Recovery-Upload===
For recovery get a small firmware-image like [http://isl3893.sourceforge.net/download/firmware/siemens-wlanap600rp/apfw.minimal.img apfw.minimal.img]

apfw.minimal.img usually fits even if the partitions are misconfigured. Upload it as described in section
[[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO#Safe Mode|Safe Mode]]
Then set your PC to an IP fitting the default-IP of apfw.minimal.img, 192.168.24.23

After upload, reboot and another 2 minutes (use sniffer to monitor) you should be able to telnet 192.168.24.23. FTP should also work.

===Flashing new Firmware===
Then FTP 192.168.24.23
cd /var
binary
put imginstall
put <another firmware image-file>
quit

Then telnet 192.168.24.23
cd /var
chmod +x imginstall
imginstall -k <firmware image-file>

You should get a message like "programming block N" every few seconds.
After about 25 programmed blocks the message "rebooting in 5 seconds" should come up.

Then wait while the AP reboots, and set the IP of your PC to fit the default IP of the newly flashed image, usually 192.168.1.254, 192.168.0.1 or a few others, depending on the manufacturer of the newly flashed firmware. If you do not know the IP try the sniffer or google for the default IP of the manufacturer.

The AP should then behave according the features of the firmware.

==Other Links==
See Ruben's page: http://www.student.kuleuven.ac.be/~s0169612/isl3893.html
* section "Flashing large firmware images"
* section "Recovering the AP from a bad firmware image"

Isl3893-Y.A.F.H - Yet another Firmware-HOWTO

2006-03-28T14:47:44Z

Stefan:

=Isl3893-Y.A.F.H - Yet another Firmware-HOWTO=

This is a step-by-step-HOWTO on "from scratch"-compiling the firmware for the AP-600. It has been tested several times on two different SuSE-10-PCs, each time deleting the source-tree and starting over.

It assumes fair Linux-knowledge on your part, and of course NO CLAIM of any kind concerning these instructions shall be made. There is NO CLAIM that these instructions will work in any beneficial way, nor that you will not completely fuck up your AP if you try them. If you do not have at least a basic idea on [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO|what to do if you toast you AP]], then don't do anything described below. And don't bother your dealer or the customersupport if you blew it. OK?

The steps in this document have been tested by starting "from scratch", if necessary by deleting or renaming an already existing source-tree.
* Tried, not tested: The firmware-sources from Medion are very similar and should work too. The building path has been hardcoded into the Makefile however (intentionally to harden homebrew development?), so the sources can only be compiled when installed in /home/paulfh.
* Tried, not tested: The sources for the Sitecom WET-122-v1 can be compiled too, but you have to get the apps-nongpl-subtree elsewhere, for example from the AP-600-sources. Build the WL-122-v1-sources, then you will see where to copy the missing sub-tree.
* wet54gs5: See http://www.student.kuleuven.ac.be/~s0169612/isl3893.html for more info.

==Software/Tools==
Used current version of the linux-platform and linux-tools:
* Linux opensuse 10.0 (german)
* gcc, gcc-c++, cpp 4.02_20050901-31 (as included in SuSE 10.0)
* flex 2.4.5a-297 (as included in SuSE 10.0)
* bison 1.875-56 (as included in SuSE 10.0)
* The binary /sbin/depmod.old is called by the build-scripts of some firmware-sources. Make a softlink from your existing /sbin/depmod, that works most of the time.

==Building the toolchain==

After Arco did some serious patching to the sources on sf.net this should work out of the box:
http://osdn.dl.sourceforge.net/sourceforge/isl3893/isl3893-tools-20060321.tar.bz2
or: http://appeltaart.mine.nu/isl3893/isl3893-tools-20060321.tar.bz2
(both dated Mar 21 2006)

unpack
cd tools
cp depmod.old /sbin
./make-tools.sh
# takes a few minutes ...
# that was easy, wasn't it ? :-)

==Building the firmware==

Some steps may be unnecessary for the AP-600-sources, but can become necessary for other source-trees. They will not do any damage though.

The AP-600-sources were chosen because they are the easiest to build. They are not necessarily the best.

Also this HOWTO is not meant to be finished. You will have some basic functionality including shell-access. Then you can start making your own mods.

===Sources===
Get AP-600RP_GNU_source-code.zip. That should be the firmware-sources as released by Fujitsu-Siemens.

===Config and Building===
unzip AP-600RP_GNU_source-code.zip
tar -xvzf Code.tgz
cd v1010
chmod -Rv a+rwx *
cd Software/firmware/uClinux/
make menuconfig
# change flash-layout to 10000/200000/360000
# leave "Accesspoint Features" as they are
# Development options: include shelld, additional command line tools, meminfo
# exit + save
cd kernel # Software/firmware/uClinux/kernel
make menuconfig
# no changes, exit + save
make dep
cd .. # Software/firmware
cd ../apfw # Software/firmware/apfw
make image
# takes a few minutes. You should then have a new firmware-image in file 'apfirmware.img'
# DO NOT UPLOAD THIS YET

===Patching===
Unfortunately there are a few bugs in the sources. I do not speculate on whether ZCom or Fujitsu-Siemens or whoever else might have planted these intentionally :-(

So now some patches:

cd ../uClinux/romfs/etc # Software/firmware/uClinux/romfs/etc/
vi startup.list
# comment out datastore and paed, they are somehow corrupt
# exit + save

# --- This part concerning /etc/passwd is only necessary for boa --- #
# passwd is normally softlinked to /usr/etc, here we replace it by a file in /etc
mv passwd passwd.old
vi passwd
# enter these lines:
root::0:0:/:/bin/sh
nobody::1234:1234::/:/bin/sh
# exit + save

cd init.d # Software/firmware/uClinux/romfs/etc/init.d/
vi network
# after the line 'ifconfig lo 127.0.0.1 up' add these lines
a) for having the AP get its IP by dhcp:
ifup eth0 autoip
ifup eth1 autoip
ifup br0 autoip
ifup br0 dhcp
# exit + save

b) Or for static IP:
ifup eth0 autoip
ifup eth1 autoip
ifup br0 static 192.168.1.253 255.255.255.0
# exit + save

cd ../../.. # Software/firmware/uClinux/
cd ../apfw # Software/firmware/apfw
make image
# wait a while ...

===Upload to the AP===
Then you can hopefully upload apfirmware.img. This is also known as the "Load-And-Pray"-Mode :-)

To upload put your AP in safe mode by turning on the power with the reset-button pressed. The AP now has the IP 192.0.2.93 and no firmware. It responds only to tftp and ping.

Connect it to your PC and

ifconfig eth0 192.0.2.99
tftp 192.0.2.93
verbose
trace
bin
put apfirmware.img
quit
# upload takes 1-2 minutes, led on AP flashes fast
# the AP should then reboot automatically

# then:
ifconfig eth0 192.168.1.99

The AP should come up and get an IP by dhcp or respond to ping 192.168.1.253. You can monitor what is happening if you start a sniffer on eth0.

You should be able to telnet 192.168.1.253

There may be trouble getting the webserver boa (/etc/init.d/boa and /bin/boa) running, and a webfilesystem has to be added later.

==Recovery==
Just in case something went wrong, see [[isl3893-Y.A.R.C - Yet another ReCovery-HOWTO]] http://www.smiley-channel.de/grafiken/smiley/idee/smiley-channel.de_idee004.gif