This is the mail archive of the
ecos-discuss@sourceware.org
mailing list for the eCos project.
Re: Odd RedBoot installation found - tips needed
- From: Gary Thomas <gary at mlbassoc dot com>
- To: Joakim Wennergren <jocke at dovado dot com>
- Cc: ecos-discuss at ecos dot sourceware dot org
- Date: Mon, 28 Jan 2008 05:36:58 -0700
- Subject: Re: [ECOS] Odd RedBoot installation found - tips needed
- References: <479D95DC.8080305@dovado.com>
Joakim Wennergren wrote:
Hi,
I've stated to dismantle a new hardware I've got (a small
firewall/router), and managed to attach a serial cable to it. When it
boots up I get RedBoot, but it's an odd version, It calls itself:
RedBoot(tm) bootstrap and debug environment [ROM]
Non-certified release, version v2_0 - built 22:17:05, Dec 22 2005
So it seems to be a modified RedBoot, nothing new there. But when I
checked what commands I had, there were only a short list; "channel",
"help", "ip_address", "linux", "load", "switch", "wdog" and "flash". No
fis commands :(
As far as I can tell there is no list of partitions on the flash at all,
just the Linux kernel and then the file system appended to the end of
it... An the Linux kernel seems to unpack an area of the flash into RAM
and using it as a ramdrive.
So what I need help with is where to burn my own images. I compiled the
vendors released kernel, but as usual when vendors are forced to release
the kernel under GPL they stripped it bare. When I installed it using
the web interface it boots Linux but failed to unpack the ramdisk and is
pretty much useless.
The Linux boots up using the RedBoot command
linux -b 0x400000 -l 0x0010f9c4 -s 0x001a50e9 -c "console=ttyS0,38400"
And the "help" output from RedBoot is:
RedBoot> help
Display/switch console channel
channel [<channel number>]
Help about help?
help [<topic>]
Set/change IP addresses
ip_address [-l <local_ip_address>] [-h <server_address>]
Execute a Linux image
linux [-w timeout] [-b <base address> [-l <image length>]]
[-r <ramdisk addr> [-s <ramdisk length>]]
[-c "kernel command line"]
Load a file
load [-r] [-v] [-h <host>] [-m <varies>] [-c <channel_number>]
[-b <base_address>] <file_name>
cat switch value
switch no
set watchdog
wdog no
flash upgrade
flash [-s <source>][-d <destination>][-l <image length>]
So I guess it reads the kernel from 0x400000, but what that address
means I have no clue :( I can't write to it using "flash", so it's not
the start of the flash. And I don't want to try addresses randomly since
I might overwrite RedBoot and brick the router completely.
So any tips on where to burn the image? "load" works just fine so I can
load images, but I don't know where to burn it.
I managed to "hack" their released firmware so I have access to the
contents of their file system, but all flash burning tools are compiled
binaries so I can't find any addresses there.
Is this something other than the RedBoot code?
In worst case I could maybe figure out the JTAG pins on the hardware,
but I don't have any JTAG burning stuff, I'd have to borrow some. And
considering how non-standard the serial port was the pins are probably
all jumbled... I'd rather not go that way.
You should be able to build a RAM version of RedBoot and run that.
Using this version, you can experiment a little, try updating the
Linux kernel pieces, etc. Once comfortable, you should be able
to build and update the ROM (or ROMRAM) code.
You've mentioned that you got sources, but they are "stripped".
What do you mean by this? The GPL doesn't allow for the vendor
to provide some pieces and not others (for the code that corresponds
to what's in your router). You should *absolutely* be capable of
rebuilding the RedBoot that's in your box from the sources provided,
or else the vendor is not living up to their GPL responsibilities.
What's the underlying target/architecture?
--
------------------------------------------------------------
Gary Thomas | Consulting for the
MLB Associates | Embedded world
------------------------------------------------------------
--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss