Resetting.....

Upcoming fresh hacks

Non-Technical Hacks that works - Have Fun! (Status: in progress..)

Hacking network based biometric time-attendance system - Be your own boss! (Status: Done!)
Milestone Xprotect License Bypass hack - Replace a camera without license re-activation (Status: Done!)

Saturday, May 14, 2011

Hardware hacking: Debugging / Flashing Zain Broadband 2.0 Wimax Router (Huawei Echolife BM635) & Serial log

Zain Broadband 2.0 Device (Huawei Echolife BM635)
Debugging via Serial


How to flash kernel via Serial?

1. Setup a Local TFTP Server with IP address 192.168.1.10
2. Change the directory to where the Kernel image e.g. kernel.img is located
3. At the Bootloader Prompt Enter the following commands

tftpboot 0x80800000 kernel.img
erase 0xB0020000 0xB011FFFF 1
cp.b 0x80800000 0xB0020000 $(filesize)

4. End



Serial Output @ 115200


=============================
ROM VER: 1.0.3
CFG 01
Read EEPROMX
X
enter bootstrap_board_init_f
jump to bootstrap_relocate_code
addr_sp = 0x81fabf98
id = 0x81fcbfb0
addr = 0x81ffc000
bootstrap_board_init_r
start lzma_inflate
jump to start.s to run uboot addr = 0xa0400000
board_init_f
DRAM: 32 MB

relocate code finish.
Now running in RAM - U-Boot at: 81fd8000

type is 00000020
type is 000022ed
info->flash_id 00040000 000022ed
info->flash_id 000400b3Flash: 8 MB
*** Warning - bad CRC, using default environment

In: serial
Out: serial
Err: serial
Net: address:00:00:00:00:00:00danube Switch

befor main_loop!

Type "run flash_nfs" to mount root filesystem over NFS

Hit any key to stop autoboot: 1 0
## Booting image at b0020000 ...
addr is =: 0xb0020000
Image Name: MIPS Linux-2.6.20
Created: 2010-08-02 8:17:01 UTC
Image Type: MIPS Linux Kernel Image (lzma compressed)
Data Size: 859611 Bytes = 839.5 kB
Load Address: 80002000
Entry Point: 80283000
Verifying Checksum ... OK
Verifying rootfs Checksum ...
the mid is :49
the mid is :74
the mid is :61
the mid is :67
the mid is :70

the loopcount is :70
mathcrc_rootfs is :0xd3a2
the HGW_ROOTFS_APPEND_DATA.usFileCrc is :0xd3a2

the ROOTFS_APPEND is :V-ENS-0010

current information of edit have updated,do not save the edit information!
verify ok
OK
Uncompressing Kernel Image ... OK

Starting kernel ...

Infineon DANUBE
00183: memsz1=30
simple_strtoul: memsz=32
<** test: memsz = [32], memsz1 = [30] **>
into else.
Reserving memory for CP1 @0xa1e00000
<** test: danube_cp1_size = [2] **>
cpu_hz 333333334, mips_hpt_frequency 166666667, cpu_khz 166670, HWRENA 0xf, counter_resolution 2, CLOCK_TICK_RATE 500000
Linux version 2.6.20.19 (root@localhost.localdomain) (gcc version 3.4.4 20050119 (MIPS SDE)) #559 Mon Aug 2 16:16:48 CST 2010
CPU revision is: 00019641
Determined physical RAM map:
User-defined physical RAM map:
memory: 01e00000 @ 00000000 (usable)
Initrd not found or empty - disabling initrd
On node 0 totalpages: 7680
DMA zone: 60 pages used for memmap
DMA zone: 0 pages reserved
DMA zone: 7620 pages, LIFO batch:0
Normal zone: 0 pages used for memmap
Built 1 zonelists. Total pages: 7620
Kernel command line: root=/dev/mtdblock2 ro rootfstype=squashfs ip=192.168.1.1:192.168.1.10::::eth0:on console=ttyS1,115200 ethaddr=00:E0:92:00:01:40 mem=30M
mac address 0-e0-92- 0- 1-40
1 MIPSR2 register sets available
Primary instruction cache 16kB, physically tagged, 4-way, linesize 32 bytes.
Primary data cache 16kB, 4-way, linesize 32 bytes.
Synthesized TLB refill handler (20 instructions).
Synthesized TLB load handler fastpath (32 instructions).
Synthesized TLB store handler fastpath (32 instructions).
Synthesized TLB modify handler fastpath (31 instructions).
Cache parity protection disabled
Setting up vectored interrupts
0x802c9600: 0x401a6000
0x802c9800: 0x401a6000
0x802c9a00: 0x401a6000
0x802c9c00: 0x401a6000
0x802c9e00: 0x401a6000
0x802ca000: 0x401a6000
PID hash table entries: 128 (order: 7, 512 bytes)
cycles_per_jiffy: 00028b0a(166666)
Using 166.667 MHz high precision timer.
Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)
Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)
Memory: 27544k/30720k available (2097k kernel code, 3176k reserved, 460k data, 132k init, 0k highmem)
Calibrating delay loop... 221.18 BogoMIPS (lpj=110592)
Mount-cache hash table entries: 512
NET: Registered protocol family 16
PCI: Probing PCI hardware on host bus 0.
registering PCI controller with io_map_base unset
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 1024 (order: 0, 4096 bytes)
TCP bind hash table entries: 512 (order: -1, 2048 bytes)
TCP: Hash tables configured (established 1024 bind 512)
TCP reno registered
Danube DMA engine initialized...
squashfs: version 3.2-r2 (2007/01/15) Phillip Lougher
squashfs: LZMA suppport for slax.org by jro
io scheduler noop registered (default)
io scheduler deadline registered
dev 0000:00:00.0: interrupt pin 1
dev 0000:00:0e.0: interrupt pin 1
gptu: totally 6 16-bit timers/counters
gptu: misc_register on minor 63
gptu: succeeded to request irq 118
gptu: succeeded to request irq 119
gptu: succeeded to request irq 120
gptu: succeeded to request irq 121
gptu: succeeded to request irq 122
gptu: succeeded to request irq 123
Danube Port Initialization
cgu: misc_register on minor = 62
DANUBE PMU driver v0.3
Danube WDT Version 0.0.1
ttyS0 at MMIO 0xbe100400 (irq = 98) is a IFX_ASC
ttyS1 at MMIO 0xbe100c00 (irq = 105) is a IFX_ASC
ifx_asc_init: uart init successfully
loop: loaded (max 8 devices)
nbd: registered device at major 43
PPP generic driver version 2.4.2
PPP MPPE Compression module registered
NET: Registered protocol family 24
danube ETOP driver loaded!
eth0 up
SLY VPORTS!

g_usFLASHCBBChipID = 0x2200

a = 0x1000, b = 0x150, c = 0x0

Flash Chip doesn't support CFI.

Flash 0 at 0xb0000000
Size : 8 MB
Regions : 2
0 : 0x00000000 - 0x00002000 * 8
1 : 0x00010000 - 0x00010000 * 127
Use MAC set in u-boot...
Loading ADM6996 driver...

6996I SMI Mode-Chip ID:71023
bsp_mtd_init: chip probing count 0
Danube Bank 0: Found 1 x16 devices at 0x0 in 16-bit bank
Amd/Fujitsu Extended Query Table at 0x0040
Danube Bank 0: Swapping erase regions for broken CFI table.
number of CFI chips: 1
cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
bsp_mtd_init: bank1, name:Danube Bank 0, size:8388608B
DANUBE flash0: Using static image partition definition
Creating 6 MTD partitions on "Danube Bank 0":
0x00000000-0x00020000 : "U-Boot"
0x00020000-0x00120000 : "Linux"
0x00120000-0x00760000 : "Rootfs"
0x00760000-0x007e0000 : "Protect"
0x007e0000-0x007f0000 : "Calibration"
0x007f0000-0x00800000 : "U-Boot Environment"
Infineon Technologies Synchronous Serial Controller (SSC) driver version 1.0.6
DWC_otg: dwc_otg_driver_probe: snpsid : 0x4f54220a(0xbe101040)
DWC_otg: dwc_otg_cil_init(be101000,802748e0)
DWC_otg: CORE_IF_HWCFG2=428ffc50
DWC_otg: HWCFG2_26=10
DWC_otg: HWCFG2_24=2
DWC_otg: HWCFG2_22=2
DWC_otg: HWCFG2_20=0
DWC_otg: HWCFG2_19=1
DWC_otg: HWCFG2_18=1
DWC_otg: HWCFG2_14=f
DWC_otg: HWCFG2_10=f
DWC_otg: HWCFG2_08=0
DWC_otg: HWCFG2_06=1
DWC_otg: HWCFG2_05=0
DWC_otg: HWCFG2_03=2
DWC_otg: HWCFG2_00=0
DWC_otg: Internal DMA Mode
DWC_otg: Using DMA mode
dwc_otg dwc_otg: DWC OTG Controller
dwc_otg dwc_otg: new USB bus registered, assigned bus number 1
dwc_otg dwc_otg: irq 86, io mem 0x00000000
DWC_otg: Init: Port Power? op_state=1
DWC_otg: Init: Power Port (0)
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
usbcore: registered new interface driver cdc_ether
led: misc_register on minor = 151
IFX DEU DES initialized (multiblock) (DMA).
IFX DEU AES initialized (multiblock) (DMA).
IFX DEU SHA1 initialized (multiblock) (DMA).
IFX DEU MD5 initialized (multiblock) (DMA).
Netfilter messages via NETLINK v0.30.
nf_conntrack version 0.5.0 (240 buckets, 1920 max)
nf_ct_ftp: registering helper for pf: 2 port: 21
nf_ct_ftp: registering helper for pf: 10 port: 21
ip_tables: (C) 2000-2006 Netfilter Core Team
IPVS: Registered protocols (AH, ESP)
IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
IPVS: ipvs loaded.
TCP bic registered
TCP cubic registered
TCP westwood registered
TCP highspeed registered
TCP hybla registered
TCP htcp registered
TCP vegas registered
TCP veno registered
TCP scalable registered
TCP lp registered
NET: Registered protocol family 1
NET: Registered protocol family 17
NET: Registered protocol family 15
Bridge firewalling registered
Ebtables v2.0 registered
if_ec_vlan:ec_vlan_init
bhal: bhal_init entry

Total Flash size: 8192K
MacAddrs:256

Time: MIPS clocksource has been installed.
IP-Config: Device `eth0' not found.
VFS: Mounted root (squashfs filesystem) readonly.
Freeing unused kernel memory: 132k freed

init started: BusyBox v1.9.1 (2010-08-02 16:20:10 CST)

starting pid 131, tty '': '/etc/init.d/rcS'
Algorithmics/MIPS FPU Emulator v1.5
mknod: /dev/led: Read-only file system
BusyBox v1.9.1 (2010-08-02 16:20:10 CST) multi-call binary

Usage: chmod [-R] MODE[,MODE]... FILE...

Each MODE is one or more of the letters ugoa, one of the
symbols +-= and one or more of the letters rwxst

Options:
-R Recurse directories

Remounting /dev ;this is silly :-)
ifconfig: SIOCSIFADDR: No such device
ifconfig: SIOCSIFADDR: No such device
[add] not exist kthp module.
[add] not exist kthp module.
ifconfig: SIOCSIFADDR: No such device
[add] not exist kthp module.
RCS DONE

starting pid 203, tty '': '/bin/sh'
Loading drivers and kernel modules...
Waiting for cli start! | / enter the msg
- \ |===enter the log
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / -2000-1-1 0:0:6 Notice 1644167173 ------------- TSP_MC_ProcCreateNotify ---------------

[thp.cpp 373]: THP can not be used
2000-1-1 0:0:6 Error 10000000 send message 1 failed!

2000-1-1 0:0:6 Error 10000000 send register Message failed!

2000-1-1 0:0:6 Info 1644167173 PTHP INIT Done!!!

\ | / - \ |TSP_DBGetPara ok ulPort = 23

-----------CLI_Init------------
ulRet=0 in CLI_Init
/ -____________________________________________________welcome to ABC!

____________________________________________________welcome to china!

\cli_config.c, 1811VOICE: file[voicecli.c] line[900] cd[0x0] Return Code: 0, cmdkey = voice

VOICE: file[voicecli.c] line[918] cd[0x0] Return Code: 0, Func: VoiceCmdGetSipSerReister(), Command Register Strat!

VOICE: file[voicecli.c] line[921] cd[0x0] Return Code: 0, Func: VoiceCmdGetSipRegister(), Command Register Done!

<***** xujun: UnReg *****>VOICE: file[voicecli.c] line[1497] cd[0x0] Func: ATP_VOICE_CmdRegister(). Voice cli Init Done.


--------------------[log] will init----------------
Set filter succeed!

------------------------[log] init end, ret is [0x0]---------------
--------------------[bridge] will init----------------
#################################################################
#######################Cwmp initing...###########################
#################################################################
ATP CwmpApp R2C02 v1.0
ATP CwmpStk R2C02 v1.0
bootok

ConfigDefaultSsl return: 0
------------------------[bridge] init end, ret is [0x0]---------------
--------------------[wlan] will init----------------
chengqing dbg:acWanMacAddr=000000000000!
chengqing dbg:!
chengqing dbg:get macaddress!
chengqing dbg:get macaddress over,0000000000001!
chengqing dbg:!
chengqing dbg:get macaddress!
chengqing dbg:get macaddress over,0000000000002!
chengqing dbg:!
chengqing dbg:get macaddress!
chengqing dbg:get macaddress over,0000000000003!
chengqing dbg:!
chengqing dbg:get macaddress!
chengqing dbg:get macaddress over,0000000000004!

Welcome Visiting Huawei WiMAX CPE

Copyright by Huawei Technologies Co., Ltd.[thp.cpp 373]: THP can not be used

Login:wlan: 0.8.4.2 (Atheros/multi-bss)
ath_hal: module license 'Proprietary' taints kernel.
ath_hal: 0.9.14.25 (AR5212)
ath_rate_atheros: Version 2.0.1
Copyright (c) 2001-2004 Atheros Communications, Inc, All Rights Reserved
ath_dfs: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
[thp.cpp 373]: THP can not be used
ath_pci: 0.9.4.5 (Atheros/multi-bss)
ath_pci: CR-LSDK-0.0.0.999
ath_attach:717, mem_start:b8000000
Chan Freq RegPwr HT CTL CTL_U CTL_L DFS
1 2412b 20 0 0 0 N
1 2412g 20 0 0 0 N
2 2417b 20 0 0 0 N
2 2417g 20 0 0 0 N
3 2422g 20 0 0 0 N
3 2422b 20 0 0 0 N
4 2427b 20 0 0 0 N
4 2427g 20 0 0 0 N
5 2432g 20 0 0 0 N
5 2432b 20 0 0 0 N
6 2437g 20 0 0 0 N
6 2437b 20 0 0 0 N
7 2442g 20 0 0 0 N
7 2442b 20 0 0 0 N
8 2447b 20 0 0 0 N
8 2447g 20 0 0 0 N
9 2452g 20 0 0 0 N
9 2452b 20 0 0 0 N
10 2457g 20 0 0 0 N
10 2457b 20 0 0 0 N
11 2462g 20 0 0 0 N
11 2462b 20 0 0 0 N
12 2467g 20 0 0 0 N
12 2467b 20 0 0 0 N
13 2472g 20 0 0 0 N
13 2472b 20 0 0 0 N
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: mac 15.0 phy 7.0 radio 10.2
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Use hw queue 7 for UAPSD
wifi0: Atheros 5212: mem=0x18000000, irq=22 hw_base=0xb8000000
[thp.cpp 373]: THP can not be used
wlan: mac acl policy registered
[thp.cpp 373]: THP can not be used
ath0
Setting Max Stations:33
[thp.cpp 373]: THP can not be used
[thp.cpp 373]: THP can not be used

WlanStartServiceOne file wlancms.c line 1280 WepKey=0000000000001
WlanStartServiceOne file [add] insert kthp module.
[add] insert kthp module.
[add] insert kthp module.
Ethernet interface (eth1) not found
insmod: cannot insert '/lib/modules/kthp.ko': Success
BusyBox v1.9.1 (2010-08-02 16:20:10 CST) multi-call binary

Usage: mknod [OPTIONS] NAME TYPE MAJOR MINOR

Create a special file (block, character, or pipe)

Options:
-m Create the special file using the specified mode (default a=rw)

TYPEs include:
b: Make a block (buffered) device
c or u: Make a character (un-buffered) device
p: Make a named pipe. MAJOR and MINOR are ignored for named pipes

chmod: /dev/thp: No such file or directory
insmod: cannot insert '/lib/modules/kthp.ko': Success
wlancms.c line 1280 WepKey=0000000000002
WlanStartServiceOne file BusyBox v1.9.1 (2010-08-02 16:20:10 CST) multi-call binary

Usage: mknod [OPTIONS] NAME TYPE MAJOR MINOR

Create a special file (block, character, or pipe)

Options:
-m Create the special file using the specified mode (default a=rw)

TYPEs include:
b: Make a block (buffered) device
c or u: Make a character (un-buffered) device
p: Make a named pipe. MAJOR and MINOR are ignored for named pipes

chmod: /dev/thp: No such file or directory
insmod: cannot insert '/lib/modules/kthp.ko': Success
BusyBox v1.9.1 (2010-08-02 16:20:10 CST) multi-call binary

Usage: mknod [OPTIONS] NAME TYPE MAJOR MINOR

Create a special file (block, character, or pipe)

Options:
-m Create the special file using the specified mode (default a=rw)

TYPEs include:
b: Make a block (buffered) device
c or u: Make a character (un-buffered) device
p: Make a named pipe. MAJOR and MINOR are ignored for named pipes

chmod: /dev/thp: No such file or directory
wlancms.c line 1280 WepKey=0000000000003
WlanStartServiceOne file wlancms.c line 1280 WepKey=0000000000004
WlanStartServiceOne file device ath0 entered promiscuous mode
br0: port 1(ath0) entering learning state
br0: topology change detected, propagating
br0: port 1(ath0) entering forwarding state
[thp.cpp 373]: THP can not be used
wlancms.c line 1293 WepKeyIndex=1------------------------[wlan] init end, ret is [0x0]---------------
--------------------[lan] will init----------------
eth0.2: MAC Address: 00:00:00:00:00:00
eth0.3: MAC Address: 00:00:00:00:00:00
eth0.4: MAC Address: 00:00:00:00:00:00
eth0.5: MAC Address: 00:00:00:00:00:00
device eth0.2 entered promiscuous mode
br0: port 2(eth0.2) entering learning state
br0: topology change detected, propagating
br0: port 2(eth0.2) entering forwarding state
[thp.cpp 373]: THP can not be used
device eth0.3 entered promiscuous mode
br0: port 3(eth0.3) entering learning state
br0: topology change detected, propagating
br0: port 3(eth0.3) entering forwarding state
device eth0.4 entered promiscuous mode
br0: port 4(eth0.4) entering learning state
br0: topology change detected, propagating
br0: port 4(eth0.4) entering forwarding state
device eth0.5 entered promiscuous mode
br0: port 5(eth0.5) entering learning state
br0: topology change detected, propagating
br0: port 5(eth0.5) entering forwarding state
------------------------[lan] init end, ret is [0x0]---------------
--------------------[monitor] will init----------------
------------------------[monitor] init end, ret is [0x0]---------------
--------------------[wandev] will init----------------
WD_DEBUG:file[wdconfig.c] line[111]:ulNumOfInst=1
WD_DEBUG:file[wdconfig.c] line[146]:ulInstId=3
WD: file[wdconfig.c] line[147] cd[0x0] Get wd instance[3].

------------------------[wandev] init end, ret is [0x0]---------------
--------------------[wdwmx] will init----------------
------------------------[wdwmx] init end, ret is [0x0]---------------
--------------------[sntp] will init----------------


Sntp doesn't enable!

------------------------[sntp] init end, ret is [0x0]---------------
--------------------[alg] will init----------------
------------------------[alg] init end, ret is [0x0]---------------
--------------------[wan] will init----------------
WD: file[wdconfig.c] line[67] cd[0x0] Get index failed.

[thp.cpp 373]: THP can not be used

WanStartSS THSP_SS_STARTED_SET_REQ 1
WanStartSS THSP_SS_STARTED_SET_REQ 4
WIMAX_QOS_Stop
[thp.cpp 373]: THP can not be used
------------------------[wan] init end, ret is [0x0]---------------
--------------------[dhcp] will init----------------
br0: port 2(eth0.2) entering learning state
br0: topology change detected, propagating
br0: port 2(eth0.2) entering forwarding state
br0: port 3(eth0.3) entering learning state
br0: topology change detected, propagating
br0: port 3(eth0.3) entering forwarding state
br0: port 4(eth0.4) entering learning state
br0: topology change detected, propagating
br0: port 4(eth0.4) entering forwarding state
br0: port 5(eth0.5) entering learning state
br0: topology change detected, propagating
br0: port 5(eth0.5) entering forwarding state
------------------------[dhcp] init end, ret is [0x0]---------------
--------------------[route] will init----------------
------------------------[route] init end, ret is [0x0]---------------
--------------------[sec] will init----------------
atp: cur kernel version:[2.6.20.19]

ip_conntrack_rtsp v0.6.21 loading
[thp.cpp 373]: THP can not be used
ip_nat_rtsp v0.6.21 loading
[thp.cpp 373]: THP can not be used
[thp.cpp 373]: THP can not be used
[thp.cpp 373]: THP can not be used
------------------------[sec] init end, ret is [0x0]---------------
--------------------[qos] will init----------------
---------------------QosInit START------------------

------------------------[qos] init end, ret is [0x0]---------------
--------------------[vhgvoice] will init----------------
qhy the region is SA.
[thp.cpp 373]: THP can not be used
------------------------[vhgvoice] init end, ret is [0x0]---------------
--------------------[voice] will init----------------
[thp.cpp 373]: THP can not be used
[thp.cpp 373]: THP can not be used
IFX MIPS24KEc MPS driver, version 2.0.0.0, (c) 2006-2008 Infineon Technologies AG
request_timer(3, 0x000001AE, 1)...successful!
[reset_counter_flags]: counter3 oflags 0x1ae, nflags 0x1be, GPTU_CON 0x5c4
IFX TAPI, version 3.7.1.5, (c) 2001-2008 Infineon Technologies AG

IFX VMMC device driver, version 1.3.0.5, (c) 2006-2008 Infineon Technologies AG

Enter VoiceCommonCallFeatureInit.
mkdir: cannot create directory '/var/voice': File exists
[thp.cpp 373]: THP can not be used


---- do not send to T38 when voice init. ----


[(ERR)00:00:00.337-voice_netutil.c:L52]Error getting IP address

[(ERR)00:00:00.338-voice_cfg.c:L3147]VoiceCfgSetIfName failed, failed to get local address
[(ERR)00:00:00.338-voice_cfg.c:L1085]VoiceCfgReadSipAdvance VoiceCfgSetIfNameiptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
<** into bsp_get_cp1_size **>
<** test: cp1_size = [2097152]. **>
<** test: mem = [926272]. **>
<** into bsp_get_cp1_size **>
------------------------[voice] init end, ret is [0x0]---------------
--------------------[vlan] will init----------------


into Rtp Main()

[ifx_os.c:L170]IFX_OS_OpenFifo open iRet = [3]
[ifx_os.c:L170]IFX_OS_OpenFifo open iRet = [4]
[ifx_rtp_session.c:L431]Rtp Main Init OK !
rtp pid = [771]
[cclient.c:L394]IFX_RTP_RtpInit OK!

[(ERR)-ifin_fa.c:L1081]Into FA_Main.
[(ERR)-ifin_fa.c:L3411]<***** end of SetupFifo *****>
[(ERR)-ifin_fa.c:L1123]FA_Main Init OK!fax pid = [772]
[cclient.c:L408]IFX_FaxAgent_Init OK!
[cclient.c:L492]SipStartup OK!

[(ERR)00:00:01.799-voice_cfg.c:L5335]0 SipVerifyHostIPAddress Fail[thp.cpp 373]: THP can not be used
------------------------[vlan] init end, ret is [0x0]---------------
--------------------[wmx] will init----------------
[thp.cpp 373]: THP can not be used
------------------------[wmx] init end, ret is [0x0]---------------
--------------------[wmxlog] will init----------------
------------------------[wmxlog] init end, ret is [0x12c]---------------
--------------------[prttrg] will init----------------
------------------------[prttrg] init end, ret is [0x0]---------------
--------------------[acl] will init----------------
------------------------[acl] init end, ret is [0x0]---------------
--------------------[sshd] will init----------------
Dropbear sshd starting 2 /etc/handy_dss_key...
[839] Jan 01 00:00:48 Running in background
------------------------[sshd] init end, ret is [0x0]---------------
[thp.cpp 373]: THP can not be used
ath_newstate: Resetting VAP dfswait_run
wifi0: hardware error; reseting
br0: port 1(ath0) entering learning state
br0: topology change detected, propagating
br0: port 1(ath0) entering forwarding state
-------------------------------------------------------------------------------
-------------------- Multicast UPG Start --------------------
-------------------------------------------------------------------------------
MULTICAST UPG: start time !!!
The current time is [946684849] s


Loading:
ath_newstate: Resetting VAP dfswait_run
ath_newstate: Resetting VAP dfswait_run
[thp.cpp 373]: THP can not be used

WlanStartServiceOne file ath_newstate: Resetting VAP dfswait_run
ath_newstate: Resetting VAP dfswait_run
wlancms.c line 1280 WepKey=0000000000001
WlanStartServiceOne file ath_newstate: Resetting VAP dfswait_run
wlancms.c line 1280 WepKey=0000000000002
WlanStartServiceOne file ath_newstate: Resetting VAP dfswait_run
[thp.cpp 373]: THP can not be used
wlancms.c line 1280 WepKey=0000000000003
WlanStartServiceOne file ath_newstate: Resetting VAP dfswait_run
ath_newstate: Resetting VAP dfswait_run
ath_newstate: Resetting VAP dfswait_run
wlancms.c line 1280 WepKey=0000000000004
[multiupg.c,999]: timeout g_bRecvPktTimeout=1 !!

MULTICAST UPG: Some Error Occur when Loading ErrorCode=0xb
[multiupg.c,1132]: g_bRecvPktTimeout=1, g_bHasRecvPkt=0 !!
[multiupg.c,1135]: g_bRecvPktTimeout=1, g_bHasRecvPkt=0 !!
[multiupg.c,1144]: g_bRecvPktTimeout=1, g_bHasRecvPkt=0 !!
[multiupg.c,1161]: exit of multicast upg !!!
[upgmain_wmx.c,4594]: normal start up, quit upg process!!

===========================================

End!

9 comments:

tRilobites said...
This comment has been removed by the author.
Root Shell said...

I haven't seen Huawei BM622i.

You can try setallmacaddr to change all the macs.

Other way, you can dump the flash, edit the mac and flash it back.

On BM635, there are two flash.. one contains LAN, WIFI mac and the other contains Wimax mac.

I haven't yet dumped the wimax module flash.

knytwarrior said...

do you have any clear pictures where serial cable putin on bm635 if private ill understand

lastly what kind of serial programmer that you use to flash the bm635 ty in advance

tRilobites said...
This comment has been removed by the author.
casshern said...

sir rootshell i need a tutorial on jtag-ing bm622 and flashing please help me im willing to donate!!

Frozen Bytes said...
This comment has been removed by the author.
Colonel cl said...

hi I c is Colonel and I want t explain a little problem I have my wimax ECHOLIFE bm 626 and I maitement n get me connected and my address wan s not appear when I go to connect the wimax is put asp invalid command!

Eric Dilando said...

Hi, is there a way to set eth1 into AP mode ? otherwise, how to set an other interface as a WAN ?
Thanks a lot for your help !

N3RVE said...

Hi Root. I have the blank wan mac problem. How can I dump the flash for updating before flashing back? The wimax/wimax820 user provides only read access when I drop to shell from ATP.

Post a Comment