April 2008 Archives

Some days ago, in my office, we had to reorganize our spaces and change our desks. It was also the chance to scrape out some stuff from our lockers. So, I noticed that one of my colleague was trashing a brand new Linksys WRT-54g! Of course I was asking why she was getting rid of it and the answer was "it's broken, it could not be repaired, they tried also resetting the hardware but there's no way". I kindly asked if I could have it and try to repair it.

This way I won the chance to have a great wireless router for free, or to have some hundred grams of rubbish if I was not able to fix it. Good challenge, I was happy anyway :o).

Before taking it I tried to switch it on and I saw that some LEDs were on (so there was at least something working) and, on top of all, that WAN and LAN LED behaviour was changing after some seconds. This was meaning that there were some working circuits and, most probably, the processor was unsuccessfully attempting to load something. Reading though forum posts and debricking guides I understood that my blinking power LED was confirming my suspects.

I understood that there was an unsuccessful attempt to upgrade or change the firmware. So, luckily, it was not hardware failed but just "bricked"!

As you may know, last year I worked a lot with OpenWRT on the Fonera, so I already heard about low level re-flashing this kind of devices through a so called JTAG cable.

So I went straight on searching more informations about this method and how I could accomplish it. I found the great guide from HairyDairyMaid (aka LightBulb). This guide is very famous and it gives all the needed informations to complete the job, that's why I'm not trying to write down a tutorial about this.

On the other hand I found few resources showing how to proceed practically, so my intention is to give my 2 cents illustrating with some photos and (hopefully) useful hints about how I managed to fix my WRT router.

I used the unbuffered version of the JTAG cable. It is a damn simple circuit, so simple that you need just 4 resistors and a DB25 male parallel port connector and, of course, a PC.

I bought the four resistors thinking to find a DB25 connector at home. Unfortunately I had no spare connectors so I had to take out it from another flashing cable.
It was an old LanC cable that I made to hack a Sony camcorder in order to enable the DV-in feature. Luckily I didn't trash this cable so I was able to reuse the connector.

So, preparing the cable is really the easy part and all the needed informations may be found in the great guide from LightBulb that i mentioned above. It's just about soldering 4 wires on 4 resistors!

The part that is more difficult to do is to prepare the WRT54g mainboard to accept this JTAG connection.

You can follow two paths: you can just solder the JTAG cable on the mainboard itself or you can solder a connector on the mainboard
and then use a connector as well on the JTAG cable so it will be more easy to unplug it and.....to plug it back in case you need it again in the future!

Of course I followed the second option. So, the first step was to unsolder the pin hole on the mainboard to make room for the pin connector.

There is just one tool that is absolutely essential for this task: it is the unsoldering pump.

I used it quite a lot to suck out all the tin that is normally filling the holes where I should solder the JTAG connector. I have to be honest saying that it took quite a lot because I needed to warm as much as possible the tin in the hole, from both sides of the mainboard, in order to suck it out completely. On the other hand I could not stay too much time on the mainboard with the soldering iron otherwise I risked to burn out some component. So I had to wait a little bit beetween each pin hole "evacuation" in order to let the the board cool down.

After three-four shots per hole of unsoldering pump I voided all holes and I was able to solder in two 5 pins strips of contacts. Then I soldered a female connector on the other end of the JTAG cable and voilà, the cable was done.

Few minutes after I was dealing with software to understand what was wrong with my router and how I could fix it.

As all the guides are suggesting I quickly erased the NVRAM thinking that there was something wrong with it that was preventing the router from booting. I later discovered that I was right but the router didn't went on soon.

This was because there was not only bad data in the NVRAM, there was also a corrupted kernel image in the flash!

So, basically, after clearing the NVRAM, I had to solder another pair of pin strips in the holes on the right of the JTAG interface in order to connect to the serial port of the WRT. Of course I used the RS232-to-TTL serial interface converter that I made for hacking my MRT StorLink NAS. What a luck, I was really happy of finding already on my desk the right circuit that I needed! :o)

I used the serial interface to connect to the CFE bootloader in order to instruct it to load a new kernel and system image from the TFTP server on my laptop and save those image in the flash.

So, at the end of the game, I was able to fix the WRT54g in less than 3 hours, including the time needed to build the cables and interfaces, definitvely a good price for a brand new router!

Thank you for reading and........thanks to Lidia for the router! :o)

As you saw in my last post, I was not happy at all of the firmware that my new NAS came with.

After playing with it for just one hour, I decided to see which chip it was based on and what was around in terms of hacks and (hopefully) improvements. As I was saying some days ago, I was really happy and excited to find that there's a great guy, LordScaffard, that completed the first porting of OpenWrt for this NAS!

So, of course, I was immediately looking at how to flash my NAS with that OpenWrt flavour. The bad news was that I needed to build an interface. This is because the standard RS-232 interface, which is the common serial interface that there's on the PC, works with logical signal of +12 Volts and -12 Volts that are too high for the serial interface that is on the NAS which is a TTL one. This one is working a + 3,3 Volts signal, so there's the need to use a logical signal converter that may adapt the RS-232 to the right voltage used in the NAS.

I managed to avoid to build such interface last year, when I was working on the Fonera. At that time, I was coding something in OpenWRT and I was flashing quite everyday my Fonera. So I bought the components needed for the serial adapter but I never built it. I was lucky and I flashed sucessfully the Fonera via software, so I didn't needed the serial interface.

So, at least this time I was able to decide to hack the NAS and to hack it really without going out to the electronics shop to buy the components! :o)
Anyway, it requires really few components: 5 capacitors and an integrated circuit!

So, after writing last post, I immediately started to build up my serial interface converter!
I used this electric schematics but I strongly recommand anyone that would like to try to build it to visit also this great page that shows by photo how to setup the converter on a prototyping board. Basically the circuit is using a MAX232 chip which is an integrated circuit that holds all the components to build the converter itself. It needs just some external capacitors to raise up the voltage from the +3,3 Volts to the +12 Volts.

You probably will find so many schematics in the Internet for this converter, and most probably you'll find it with different capacitors values. Basically there are several version of the original MAX232 and some of this version are capable to work with smaller condenser. In my case I used an equivalent chip, the ST232CN, with 5 electrolytic capacitors of 1 micro Farad each (and it worked out perfectly :o).

I followed the same suggestion that I gave you and soldered all the components on a prototyping board: easy and quick! Then I soldered also a DB-9 connector and a jumper connector that I got from an unused chip connector. The DB-9 connector is (of course) needed to connect to the PC's serial interface and the jumper connector is used to connect on the NAS board.

I plugged all together and......nothing worked out!!!
I checked and re-checked all the connections, I was really depressed because after two hours of work I didn't had any result, and, in addition, I didn't had the possibility to change the loosy firmware that was on the NAS!

After several minutes spend in carefully checking all the connections, I discovered that a bast...ehm a very mischievous pin of the chip was bent internally! It was the 16th pin, the Vcc! The pin that is powering up the chip itself! I unbent and inserted it properly with an extreme gentleness, I crossed the fingers and.....voilà!
 
OpenWRT is, of course, working ten times better than the original firmware. The porting by LordScaffard is not at 100%, it still lacks support for some functions and pheripherals. So (this will not sound strange for those who knows me) I immediately wrote him an email and............actually, even if I'm not a real programmer, I'm trying to give him an hand to adapt a more recent Linux kernel for the chip of the NAS!

LordScaffard is incredibly smart in kernel programming, and he's teaching me tons of things. On the other side, I'm trying to do my best, I'm learning really a lot and, of course, I'm enjoying a lot!

I really hope to see the kernel porting completion and, hopefully, to give an acceptable contribution to it. After that, it should be more easy to let all other OpenWRT packages work on this architecture!

Stay tuned!

Today arrived my new NAS!
I bought it on EBay, bidding from a German Ebayer that was really honest, precise and quick in the transaction.

I've choosen this particular one because it has 2 bays so it can hold up to 2 hard disks either Parallel ATA (PATA/IDE) or Serial ATA (SATA) and it has a 1 Gigabit Ethernet interface (instead of the common FastEthernet 10/100 Mbps). In addition there's an USB 1.1 port that can be used to attach to a printer in order to have the NAS acting also as a network printer server.

My first and quick test was with two old IDE hard disks of 6,5 and 40 GBytes. I just plugged them in and boot up the NAS to see what would happen.

To be really honest I was not happy of the product at the first test. I have a major problem regarding the network connectivity. The logical link is continuously flapping and I am able to operate on its HTTP interface only from time to time. From the network disk access point of view I have to wait when the NAS is reachable (when the logical link is up) and then access files, during copies or file moves the logical link is stable. So I had to launch big copies in order to work on the interface and look into menus and functions.

I think that this problem is coming from the fact that the switch that I'm using is a 10/100 Mbps and the NAS network driver is not enough able to handle the speed autosensing. Unfortunately there's no way to configure a fixed interface speed on it so I can't correct this problem for now.

So, basically it may be a good product but actually it has a crappy firmware and it is already the latest version!
So I immediately made some searches regarding it's chipset to find more informations and, hopefully solutions for the firmware.

I found that it the unit is a 35-HD-DUAL-NAS-E manufactured by MRT Communication. It is based on a well known StorLink chipset, the SL3516E from the Gemini family based on ARM processor. This means that probably there is a porting of some linux flavour to this platform.

Infact, some web searches after I discovered that there's an entire NAS-Central section regarding this unit. It is the MRT section where there's already available a porting of TinkyLS firmware and, wow, a very old friend: OpenWRT!

Great!
I think that next step will be to replace the original firmware with a more familiar one, and, hopefully compile by myself my favourite flavour of OpenWRT patckages! Unfortunately the actual firmware may be replaced just by using an interface to connect on the internal serial interface. So, the real next step will be to build up this serial interface!

Stay tuned!