https://forum.openwrt.org/viewtopic.php?id=33600 http://lekensteyn.nl/files/sx551/ original firmware retrieved from http://files.uberfail.nl/sx551-experia-upgrade.bin root LAYS?8<}HJ?]W.i&c*oV[ouHwzM:QMV]9:XQ(u MIPS http://en.wikipedia.org/wiki/MIPS_architecture#MIPS_assembly_language http://logos.cs.uic.edu/366/notes/mips%20quick%20tutorial.htm http://www.mrc.uidaho.edu/mrc/people/jff/digital/MIPSir.html # produce assembly, better than gcc+objcopy stuff! mipsel-linux-gnu-objdump -D --adjust-vma=0x94000000 \ -b binary -mmips -EL \ -Mgpr-names=32,cp0-names=mips32,cp0-names=mips32,hwr-names=mips32,reg-names=mips32 \ vmlinux | less var s="";var a=document.getElementsByTagName("textarea")[1].value.replace(/^.+?:\s*([0-9a-f]{8}).+$/mg, "0x$1").split("\n"); a.forEach(function(n){ n = parseInt(n); while (n) { s += String.fromCharCode(n & 0xFF); n >>= 8 } }); s; //"print_memory_map".split("").map(function(c){return ("0"+c.charCodeAt(0).toString(16)).substr(-2)}) // some javascript foo to generate instructions (binary format, not LE) :) var r=["","at","v0","v1","a0","a1","a2","a3","t0","t1","t2","t3","t4","t5", "t6","t7","s0","s1","s2","s3","s4","s5","s6","s7","t8","t9","k0","k1","gp","sp" ,"s8","ra"],LW="100011",ADDIU="001001",LUI="001111" ,i = ADDIU ,t = "sp" ,s = "sp" ,m = 0x68 ,f=function(n,l){return ((new Array(l)).join("0")+n.toString(2)).substr(-l)} ,l=function(k){if(typeof k=="string"){k=r.indexOf(k);if(k==-1) throw arguments[0]}return k;}; parseInt(i+f(l(s),5)+f(l(t),5)+f(m,16), 2).toString(16) ##### BEGIN INTERESTING STUFF # patches and config can be found on http://lekensteyn.nl/files/sx551/ # Busybox and kernel require the environment below export STAGING_DIR=~/wrt/trunk/staging_dir export PATH="$HOME/wrt/trunk/staging_dir/toolchain-mipsel_gcc-4.6-linaro_uClibc-0.9.33/bin:$PATH" export CC=mipsel-openwrt-linux-gcc export CROSS_COMPILE=mipsel-openwrt-linux- export ARCH=mips # copy ld-uClibc-0.9.33.so libuClibc-0.9.33.so libcrypt-0.9.33.so # libm-0.9.33.so libutil.so.0 and symlinks to /lib/. Then use # mipsel-openwrt-linux-strip --strip-unneeded on each # use `readelf -d lib...so | grep UNNEEDED` to find out which libraries # you need # get Busybox tarball (tested with 1.19.4), extract wget http://lekensteyn.nl/files/sx551/config/busybox-larger.config -O .config mkdir targ && cd targ # replace $SRC by the extracted directory (absolute path?) make -C $SRC O=$PWD ~/wrt/genirfs busybox /tmp/initramfs # get Linux tarball, extract and cd it. 3.2.14 and 2.6.37.6 have been tested # If you're using 3.3, apply the serial patch below as the file has moved # http://lekensteyn.nl/files/sx551/patches/500-serial_kludge-3.3.patch wget http://lekensteyn.nl/files/sx551/patches/500-serial_kludge-3.2.patch wget http://lekensteyn.nl/files/sx551/patches/prom-init-bypass-boot-params.patch wget http://lekensteyn.nl/files/sx551/patches/ar7-boot-raw.patch sed -i s/94100000/94000000/ arch/mips/ar7/Platform patch -p1 < 500-serial_kludge-3.2.patch patch -p1 < prom-init-bypass-boot-params.patch patch -p1 < ar7-boot-raw.patch KDIR=$PWD; mkdir ../build-kernel && cd ../build-kernel wget http://lekensteyn.nl/files/sx551/config/kernel.config -O .config make -C $KDIR O=$PWD -j4 mipsel-openwrt-linux-uclibc-objcopy -O binary -R .reginfo -R .notes -R .note -R .comment -R .mdebug -R .note.gnu.build-id -S vmlinux /tmp/vmlinux # lzma kernel, and create firmware image. 00000000.lzma is the PFS junk from # the original firmware image. Expected files in the current directory: crc # (gcc -Wall -o crc crc.c). Both the zeroes.lzma and crc.c file can be # retrieved from http://lekensteyn.nl/files/sx551/ lzma -k -c /tmp/vmlinux > /tmp/vmlinux.lzma && ./mkfirm2 zeroes.lzma /tmp/vmlinux.lzma /tmp/fw.bin && du -k /tmp/fw.bin fw.bin is the file to be flashed on http://192.168.2.1/ # Dropbear (SSH server) # to fix compile issue in at least 2012.55, apply https://secure.ucc.asn.au/hg/dropbear/raw-rev/405418f7dc5e ./configure --disable-lastlog --disable-syslog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-zlib --enable-bundled-libtom --host mipsel-openwrt-linux --build x86_64-unknown-linux cp dropbear-options.h options.h make -j4 PROGRAMS='dropbear dropbearkey' MULTI=1 strip # install dropbearmulti into usr/sbin/dropbear # iptables 1.4.13 ./configure --prefix=/usr --disable-devel --enable-static --disable-shared --build=x86_64-unknown-linux --host=mipsel-openwrt-linux make -j4 mipsel-openwrt-linux-strip iptables/xtables-multi # cp iptables/xtables-multi /sbin/iptables and # create symlinks from iptables-save, iptables-restore to iptables as needed # Setup date echo date -s $(date +%Y%m%d%H%M.%S) ssh -oStrictHostKeyChecking=no xpbox -- date -s $(date +%Y%m%d%H%M.%S) # GPIOs 7 - power 8 - online 6 - wifi 8,13 - USB 17 - all network leds on and lockup DON'T TRY. Possibly because it should not be set to direction=out (i.e. stay at direction=in) 8 and 13 in combination may control online/wifi. But I managed to break the order of 8 and 13 to 8=USB, 13=Online where it was previously 8=online, 13+8=usb. Hmm... wget http://${SSH_CONNECTION%% *}:8000/gpio -O gpio;chmod +x gpio;o(){ ./gpio $1 1;};f(){ ./gpio $1 0;}