This adds support for AR9331 based Hak5 penetration testing tools:
- WiFi Pineapple NANO
- LAN Turtle
- Packet Squirrel
WiFi Pineapple NANO specifications:
- SoC: Atheros AR9331 (400 MHz)
- RAM: 64 MB (DDR2)
- FLASH: 16 MB
- WiFi: 1T1R AR9331 (built-in), 1T1R AR9271 (built-in via USB bus)
- Ethernet: 1x FE over USB (ASIX AX88772A)
- Ports: 2x RP-SMA for antennas, 1x USB 2.0 (host), 1x micro SD
- Power: USB 5 V, 1.5 A
- Other: status LED, reset button
LAN Turtle specifications:
- SoC: Atheros AR9331 (400 MHz)
- RAM: 64 MB (DDR2)
- FLASH: 16 MB
- WiFi: none
- Ethernet: 1x FE (AR9331), 1x FE over USB (Realtek RTL8152B)
- Ports: 1x RJ45, version dependent: micro SD or 3G SIM slot
- Power: USB 5 V, 0.5 A
- Other: status LED, reset button (inside, on PCB)
Packet Squirrel specifications:
- SoC: Atheros AR9331 (400 MHz)
- RAM: 64 MB (DDR2)
- FLASH: 16 MB
- WiFi: none
- Ethernet: 2x FE (AR9331)
- Ports: 2x RJ45, 1x USB 2.0
- Power: USB 5 V, 0.12 A
- Other: status LED, reset button, 4-way switch
Flash instructions for all 3 devices:
Original firmware is based on OpenWrt.
Use sysupgrade via SSH to flash.
Signed-off-by: Sebastian Kinne <contact@sebkinne.com>
[squashed commits, combined and reworked mach files, aligned board
naming with general convention, fixed minor issues, tested on real
hardware, reworded commit subject and description]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Some NBG6716 do not have ath10k calibration data in flash, only in chip
OTP. To determine if flash has a valid calibration data, the first two
bytes telling the length of the calibration data are checked against the
requested length. If the lengths match, calibration data is valid and
read from flash.
Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
Vendor released new model (AP80Q) which is identical from hardware point
of view with already supported AP90Q. Include AP80Q in machine name.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
YunCore T830 is a simple N300 router with 5-port FE switch, detachable
antennas and USB 2.0 port.
Specification:
- 650/597/216 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 5x 10/100 Mbps Ethernet
- 2T2R 2.4 GHz (QCA9531), with ext. PA (SKY65174-21) and LNA
- two external, detachable antennas (RP-SMA)
- 1x USB 2.0
- 8x LED (7 driven by GPIO)
- 1x button (reset)
- DC jack for main power input (12 V)
- UART and JTAG headers on PCB
Flash instruction:
1. First, gain root access to the device, following below steps:
- Login into web gui (default password/IP: admin/192.168.188.253).
- Go to "Advanced" -> "Management" -> "System" and download backup of
configuration (bakfile.bin).
- Open the file as tar.gz archive, edit/update "shadow" file and change
hash of root password to something known.
- Repack the archive, rename it back to "bakfile.bin" and use to
restore configuration of the device.
- After that, device will reboot and can be accessed over SSH.
2. Then, install OpenWrt:
- Login over SSH and issue command:
fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
- Upload "sysupgrade" image and install it (only if previous command
succeeded) with command: "sysupgrade -n -F openwrt-...".
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Samsung WAM250 is a dual-band (selectable, not simultaneous) wireless
hub, dedicated for Samsung Shape Wireless Audio System. The device is
based on Atheros AR9344. FCC ID: A3LWAM250.
Specification:
- 560/450/225 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 2x 10/100 Mbps Ethernet
- 2T2R 2.4/5 GHz (AR9344), with ext. PA (SE2598L, SE5003L) and LNA
- 1x USB 2.0
- 4x LED (all are driven by GPIO)
- 2x button (reset, wps/speaker add)
- DC jack for main power input (14 V)
- UART header on PCB (J4, RX: 3, TX: 5)
Flash instruction:
This device uses dual-image (switched between upgrades) with a common
jffs2 config partition. Fortunately, there is a way to disable this mode
so that more flash space can be used by OpenWrt image.
You can easily access this device over telnet, using root/root
credentials (the same also work for serial console access).
1. Make sure that your device uses second (bootpart=2) image using
command: "fw_printenv bootpart".
2. If your device uses first image (bootpart=1), perform upgrade to the
latest vendor firmware (after the update, device should boot from
second partition) using web gui (default login: admin/1234567890).
3. Rename "sysupgrade" image to "firmware.bin", download it (you can use
wget, tftp or ftpget) to "/tmp" and issue below commands:
mtd_debug erase /dev/mtd3 0 $(wc -c /tmp/firmware.bin | awk -F' ' '{print $1}')
mtd_debug write /dev/mtd3 0 $(wc -c /tmp/firmware.bin)
fw_setenv bootpart
fw_setenv bootcmd "bootm 0x9f070000"
reboot
Revert to vendor firmware instruction:
1. Download vendor firmware to "/tmp" device and issue below commands:
fw_setenv bootpart 1
sysupgrade -n -F SS_BHUB_v2.2.05.bin
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
COMFAST CF-E385AC is an AC2200 ceiling mount AP with PoE support, based
on Qualcomm/Atheros QCA9558 + QCA9984 + QCA8337N.
Specification:
- 720/600/200 MHz (CPU/DDR/AHB)
- 256 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 2x 10/100/1000 Mbps Ethernet, with PoE support
- 3T3R 2.4 GHz (QCA9558), with external LNA and PA (SE2576L)
- 4T4R 5 GHz (QCA9984), with external FEM (SKY85728-11)
- 7x internal antennas
- 1x RGB LED (driven by GPIO)
- 1x button (reset)
- UART, LEDs/GPIO and USB headers on PCB
- external watchdog (Pericon Technology PT7A7514)
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
There are now supported two versions of the CF-E355AC board which differ
in 802.11ac radio chip. Include version number in board, model, image
filename, etc., also for the v1.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
COMFAST CF-E355AC v2 is a ceiling mount AP with PoE support, based on
Qualcomm/Atheros QCA9531 + QCA9886.
Short specification:
- 2x 10/100 Mbps Ethernet, with PoE support
- 128MB of RAM (DDR2)
- 16 MB of FLASH
- 2T2R 2.4 GHz, 802.11b/g/n
- 2T2R 5 GHz, 802.11ac/n/a, WAVE 2
- built-in 4x 3 dBi antennas
- output power (max): 500 mW (27 dBm)
- 1x RGB LED, 1x button
- built-in watchdog chipset
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Ding Tengfei <dtf@comfast.cn>
[updated kernel config for both boards]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The "QCA9531 v2.0 802.11n 2x2 2.4 GHz Premium SOC for WLAN Platforms"
datasheet (80-Y7991-1 Rev. C - October 2014) doesn't specify support for a
40 Mhz reference clock. The register description for "Bootstrap Options"
(page 31) defines following states for the bit 4 (REF_CLK):
* 0 - CLK25 (default)
* 1 - (reserved)
Devices like the TP-Link CPE210 v2 has this bit set to 1 but is using a 25
Mhz reference clock. OpenWrt is still interpreted this bit as 40 Mhz and
then break the bootup of the system due to this incorrect interpretation.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[refreshed patches]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
WHQX E1700AC v2 is based on Qualcomm QCA9563 + QCA9880 + QCA8334.
Specification:
- 750/400/250 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz (QCA9563) with external FEM (SKY85309-11)
- 3T3R 5 GHz (QCA9880) with external FEM (SKY85728-11)
- 2x 10/100/1000 Mbps Ethernet (one port with PoE support)
- 1x miniPCIe slot (USB 2.0 bus only)
- 1x microSIM slot
- 1x USB 2.0
- 5x LED (4 driven by GPIO)
- 1x button (reset)
- 1x 2-pos switch
- 1x DC jack for main power input (9-48 V)
- UART (J5) and LEDs (J13) headers on PCB
WHQX E600G is based on Qualcomm QCA9531.
Specification:
- 650/391/216 MHz (CPU/DDR/AHB)
- 64/128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz (QCA9531) with external PA (LXK-6601)
- 2x 10/100 Mbps Ethernet (one port with PoE support)
- 1x miniPCIe slot (with PCIe and USB 2.0 buses)
- 1x microSIM slot
- 5x LED (4 driven by GPIO)
- 1x button (reset)
- 1x DC jack for main power input (9-48 V)
- UART (J100), SIM (J34), JTAG (J5) and LEDs (J7) headers on PCB
WHQX E600GAC is based on Qualcomm QCA9531 + QCA9887.
Specification:
- 650/391/216 MHz (CPU/DDR/AHB)
- 64/128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz (QCA9531)
- 1T1R 5 GHz (QCA9887) with external FEM (SKY85703-11)
- 2x 10/100 Mbps Ethernet
- 6x LED (1x RGB, 5 driven by GPIO)
- 1x button (reset)
- 1x DC jack for main power input (9-12 V)
- UART (J100), USB (J102), JTAG (J5) and LEDs (J7) header on PCB
Important notice:
First version of these boards are using different mtd layout, with ART
data at the end. You should not use v2 images on v1 board because it
will result in lost of ART data!
Flash instruction (using U-Boot CLI and tftp server):
1. Configure PC with static IP 192.168.1.10 and tftp server.
2. Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
server directory.
3. Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
4. Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
1. Configure PC with static IP 192.168.1.xxx(2-254)/24.
2. Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
3. Open your browser and enter 192.168.1.1, select "sysupgrade" image
and click the upgrade button.
Signed-off-by: Peng Zhang <sd20@qxwlan.com>
[reworked: image generation code, mach-* files, commit description,
fixed minor code style issues, rebased on master]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
You should not define CFLAGS for the toolchain as this will also leak
into other targets if they share the same toolchain.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
The CN80XX Boot firmware uses an embedded FAT12 filesystem. For some reason
busybox can't mount this unless its enabled static in the kernel.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
When this target got updated to 4.14, this patch got removed to
re-evaluate if it was still needed.
Extensive testing now shows this issue is still present.
Let's re-add the patch to fix it for now.
As the uart bus is very low bandwidth .. performance impact is negligible.
Boot log:
[ 22.513051] imx-uart 2020000.serial: DMA transaction error.
[ 22.522721] imx-uart 2020000.serial: DMA transaction error.
As a sidenote:
The patch mentiones an issue with RS485, but the bootlog
errors above were recorded with the uart ports in standard RS232 mode.
Compile/Run-tested on imx6/GW5200
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If the auth or assoc request was denied the reason
was always WLAN_STATUS_UNSPECIFIED_FAILURE.
That's why for example the wpa supplicant was always
trying to reconnect to the AP.
Now it's possible to give reasoncodes why the auth
or assoc was denied.
Signed-off-by: Nick Hainke <vincent@systemli.org>