TP-Link Archer C58 v1 is a dual-band AC1350 router, based on Qualcomm
QCA9561 + QCA9886. It looks like Archer C59 v1 without USB port.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 6x LED, 3x button
- UART header on PCB, RX, TX at TP4+5 (backside)
QCA9886 wlan needs pre_cal_data file and enable ieee80211 phy hotplug to
patch macaddress.
Flash instruction:
Use "factory" image directly in vendor GUI.
Recovery method:
1. Set PC to fixed ip address 192.168.0.66/24.
2. Download "lede-ar71xx-generic-archer-c58-v1-squashfs-factory.bin" and
rename it to "tp_recovery.bin".
3. Start a tftp server with the file "tp_recovery.bin" in its root
directory.
4. Turn off the router.
5. Press and hold Reset button.
6. Turn on router with the reset button pressed and wait ~15 seconds.
7. Release the reset button and after a short time the firmware should
be transferred from the tftp server.
8. Wait ~30 second to complete recovery.
Flash instruction under U-Boot, using UART:
tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
erase 0x9f020000 +$filesize
cp.b $fileaddr 0x9f020000 $filesize
reset
This commit is based on GitHub PR#1112
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
TP-Link TL-WA855RE v1 is a wall-plug N300 Wi-Fi range extender,
based on Qualcomm/Atheros QCA9533 v2.
Short specification:
- 550/397/198 MHz (CPU/DDR/AHB)
- 1x 10/100 Mbps Ethernet
- 32 MB of RAM (DDR1)
- 4 MB of FLASH
- 2T2R 2.4 GHz
- 2x external antennas
- 2x LED (green and orange in the same package), 2x button
- UART: TP5(TX) and TP4(RX) test points on PCB
Flash instruction: use "factory" image directly in vendor GUI.
Warning: this device does not include any kind of recovery mechanism
in the bootloader and disassembling process is not trivial.
You can access vendor firmware over serial line using:
- login: root
- password: sohoadmin
Image was tested only in EU version of the device, but should work
also with the same device version sold in other countries.
Signed-off-by: Federico Cappon <dududede371@gmail.com>
Use statically defined sizes for kernel and rootfs mtd partitions.
Vendor upgrade script writes both firmware parts independently which
ends up in a gap between kernel and rootfs images. This results in
incorrectly calculated rootfs_data start offset.
Also, fix IMAGE_SIZE, DEVICE_PACKAGES and drop redundant KERNEL
definition.
Fixes FS#835
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Migrate Arduino Yun from legacy to generic building code.
Note: the mtd partitioning is changed to adopt the LEDE default
partitioning. It allows to have a kernel bigger than 1280k. It is
necessary as kernel > 4.4 with default LEDE configuration grows
bigger.
To use the new partitioning, you need to update your U-Boot env in
advance:
setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro"
setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000"
saveenv
Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
This way, the assigned addresses match those on the barcode labels.
Otherwise, the addresses appear to vary on boot.
Signed-off-by: Leon M. George <leon@georgemail.eu>
Use --mtime when SOURCE_DATE_EPOCH is set.
Use gzip -n9z instead of tar z to remove
timestamp in gzip header.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)
To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:
ftp> quote USER adam2
ftp> quote PASS adam2
ftp> binary
ftp> debug
ftp> passive
ftp> quote MEDIA FLSH
ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1
Signed-off-by: Mathias Kresin <dev@kresin.me>
Add upstream send AR724x PCIe patches to get the PCIe controller out of
reset during driver init.
The AVM Fritz 300E bootloader doesn't take care of releasing the
different PCIe controller related resets which causes an endless hang
as soon as either the PCIE Reset register (0x180f0018) or the PCI
Application Control register (0x180f0000) is read from.
Signed-off-by: Mathias Kresin <dev@kresin.me>
All TP-Link TL-WR710N versions share the same machine code.
This has been working since the beginning as we don't use double-quotes
to protect spaces inside command line values. Thus, kernel interprets
'board=TL-WR710N v2' as 'board=TL-WR710N' and separate parameter 'v2'.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Keep TP-Link devices definitions in alphabetical order whenever it's
possible. Also group together similar devices or devices from the same
series.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
TP-Link TL-WR942N v1 is a 2.4 GHz single-band N450 router, based on
Qualcomm/Atheros QCA9561.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 5x 10/100 Mbps Ethernet
- 2x USB 2.0
- 11x LED (most are controlled by 74HC595)
- 2x button
- UART header on PCB*
* Serial console is disabled in OEM non-beta firmwares and corresponding
GPIO pins 14 and 15 are assigned to control USB1 and USB2 LEDs by
production (non-beta) U-Boot and firmware.
Currently not working:
1. USB1 and USB2 LEDs if UART RX and TX pins are assigned to their GPIOs
by some U-Boot versions.
Flash instruction under vendor GUI:
1. Download "lede-ar71xx-generic-tl-wr942n-v1-squashfs-factory.bin".
2. Go to WEB interface and perform usual firmware upgrade.
FLash instruction under U-Boot recovery mode (doesn't work in beta
firmware):
1. Setup PC with static IP "192.168.0.66/24" and tftp server.
2. Change "*-factory" image filename to "WR942v1_recovery.bin" and make
it available to download from your tftp server.
3. Press "reset" button and power up the router, wait till "WPS" LED
turns on.
Flash instruction under U-Boot, using UART (can be done only with
preinstalled UART-enabled U-Boot version!):
1. Use "tpl" to stop autobooting and obtain U-Boot CLI access.
2. Setup ip addresses for U-Boot and your tftp server.
3. Issue below commands:
tftp 0x81000000 lede-ar71xx-generic-tl-wr942n-v1-sysupgrade.bin
erase 0x9f020000 +$filesize
cp.b 0x81000000 0x9f020000 $filesize
reset
Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>
[minor code style fixes, extended commit message]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Use "GL.iNet" as vendor name (based on information from the vendor, this
is registered name of the company) and align model names with official
website.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Most of the custom Build/* functions in ar71xx target are rarely used by
image building code for devices from more than one subtarget. As they
don't need to be always included, move them to corresponding *.mk files.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
ag71xx_ethtool_set_ringparam() will return an uninitialized value on
success.
Found-by: Coverity Scan #1330877
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
If nand chip has no NAND_NO_SUBPAGE_WRITE flag on its options
ubifs can't use it mtd devices and the kernel crashes with error:
__nand_correct_data: uncorrectable ECC error
Signed-off-by: Sergey Sergeev <adron@yapic.net>
This fixes wrong GPIO numbers for LEDs and button in Wallys DR344 board
and sets color of all LEDs to green as the mass production boards have
only green one.
Actually, DR344 has 6 GPIO-connected LEDs and one button:
- GPIO11: status
- GPIO12: sig1
- GPIO13: sig2
- GPIO14: sig3
- GPIO15: sig4
- GPIO16: reset button
- GPIO17: lan
WAN LED is connected directly with AR8035 PHY.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This aligns default network interfaces configuration with vendor
firmware: GE (eth0) -> wan, FE (eth1) -> lan.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
GMAC0 interface of AR9344 SOC in Wallys DR344 board is connected with
AR8035, not with AR8327. Without this fix, GE interface doesn't work at
all or shows high packet loss ratio.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
EnGenius ENS202EXT is an outdoor wireless access point with
2-port 10/100 switch, detachable antennas and proprietery PoE.
The device is based on Qualcomm/Atheros AR9341 v1.
Specifications:
- 535/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM
- 16 MB of FLASH
- UART (J1) header on PCB (unpopulated)
- 2x 10/100 Mbps Ethernet
- 2.4 GHz, up to 26dBm
- 2x external, detachable antennas
- 7x LED, 1x button
Flash instructions:
You have three options:
- Use the vendor firmware upgrade page on the web interface and give
it the factory.img. This is the easiest way to go about it.
- If you have serial access during u-boot, interrupt the normal boot
(any key before timeout) and run 'run failsafe_boot'; this will bring
you to a minimal openwrt luci image on ip 192.168.1.1 useful if you've
bricked the normal firmware.
- Use the vendor's management cli, which can be accessed via telnet
with the same credentials as the web login (default admin:admin), then
issue the following commands:
*** Hi admin, welcome to use cli(V-1.6.7) ***
---========= Commands Help =========---
stat -- Status
sys -- System
wless2 -- 2.4G-Wireless
mgmt -- Management
tree -- Tree
help -- Help
reboot -- Reboot
ens202ext>mgmt
Management
---========= Commands Help =========---
admin -- Administration
mvlan -- Management VLAN settings
snmp -- SNMP settings
backup -- Backup/Restore settings
autorb -- Auto reboot settings
fwgrade -- Firmware upgrade
time -- Time settings
wifisch -- Wifi schedule
log -- Log
diag -- Diagnostics
disc -- Device Discovery
logout -- Logout
help -- Help
exit -- Exit
ens202ext/mgmt>fwgrade
Management --> Firmware upgrade
---========= Commands Help =========---
fwup -- Firmware upgrade
help -- Help
exit -- Exit
ens202ext/mgmt/fwgrade>fwup http://web.server/lede-ar71xx-generic-ens202ext-squashfs-factory.bin
Signed-off-by: Marty Plummer <ntzrmtthihu777@gmail.com>