This is the mail archive of the ecos-discuss@sourceware.org mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Odd RedBoot installation found - tips needed


Hi,

I've stated to dismantle a new hardware I've got (a small firewall/router), and managed to attach a serial cable to it. When it boots up I get RedBoot, but it's an odd version, It calls itself:

RedBoot(tm) bootstrap and debug environment [ROM]
Non-certified release, version v2_0 - built 22:17:05, Dec 22 2005

So it seems to be a modified RedBoot, nothing new there. But when I checked what commands I had, there were only a short list; "channel", "help", "ip_address", "linux", "load", "switch", "wdog" and "flash". No fis commands :(

As far as I can tell there is no list of partitions on the flash at all, just the Linux kernel and then the file system appended to the end of it... An the Linux kernel seems to unpack an area of the flash into RAM and using it as a ramdrive.

So what I need help with is where to burn my own images. I compiled the vendors released kernel, but as usual when vendors are forced to release the kernel under GPL they stripped it bare. When I installed it using the web interface it boots Linux but failed to unpack the ramdisk and is pretty much useless.

The Linux boots up using the RedBoot command
linux -b 0x400000 -l 0x0010f9c4 -s 0x001a50e9 -c "console=ttyS0,38400"

And the "help" output from RedBoot is:
RedBoot> help
Display/switch console channel
  channel [<channel number>]
Help about help?
  help [<topic>]
Set/change IP addresses
  ip_address [-l <local_ip_address>] [-h <server_address>]
Execute a Linux image
  linux [-w timeout] [-b <base address> [-l <image length>]]
       [-r <ramdisk addr> [-s <ramdisk length>]]
       [-c "kernel command line"]
Load a file
  load [-r] [-v] [-h <host>] [-m <varies>] [-c <channel_number>]
       [-b <base_address>] <file_name>
cat switch value
  switch no
set watchdog
  wdog no
flash upgrade
  flash [-s <source>][-d <destination>][-l <image length>]


So I guess it reads the kernel from 0x400000, but what that address means I have no clue :( I can't write to it using "flash", so it's not the start of the flash. And I don't want to try addresses randomly since I might overwrite RedBoot and brick the router completely.


So any tips on where to burn the image? "load" works just fine so I can load images, but I don't know where to burn it.

I managed to "hack" their released firmware so I have access to the contents of their file system, but all flash burning tools are compiled binaries so I can't find any addresses there.


In worst case I could maybe figure out the JTAG pins on the hardware, but I don't have any JTAG burning stuff, I'd have to borrow some. And considering how non-standard the serial port was the pins are probably all jumbled... I'd rather not go that way.




regards
Joakim Wennergren

This email was Anti Virus checked by Astaro Security Gateway.


-- Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]