<div dir="ltr"><div><div>Apologies for jumping straight into tech jargon.<br><br></div>A serial console is a simple communications port available to the SoC (aka System-on-a-Chip, the embedded processor) that forms the core of these wifi routers. Typically, gaining access to this port is done by opening the case, soldering on a pin header, and then using a USB/serial dongle to open a console on that port. I do so using minicom on my laptop, for example. The serial console can be useful to manually trigger alternate boot modes, or just to see verbose logging and errors from the kernel and OS. The serial console is very low speed (~100kbits/s), so it's only useful for typing shell command interactively, or getting debug logging.<br><br></div>TFTP is "Trivial FTP," and it's a streamlined version of FTP that wifi routers commonly use to receive their firmware images via one of their Ethernet ports. On some devices, you may need to type commands into the serial console to trigger its TFTP upload mode, i.e. to put it into a state where it will receive the firmware image being sent to it and flash it. I think with most TP-Link products, you can actually trigger the TFTP mode just on the WAN port using an expect script, i.e. no need for serial console.<br><br>JTAG, aka Joint Test Action Group, is by far the least user-friendly option. That is a very low-level interface used more by the embedded designers themselves (or by determined modders needing to rescue a bricked device). As Benjamin H mentioned, using this interface would require that the software used to talk JTAG (e.g. the application running on your laptop) support the flash chip to be written. JTAG would be what you use if the more accessible options above, namely TFTP, are not available.<br><br><div>The last option that Benjamin H described involved using a device that clamps down onto the flash chip soldered to the router's board and rewrites it directly. Again, this would be a rather time-consuming option; TFTP definitely preferred.<br></div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 23, 2016 at 11:42 AM, Adam Longwill <span dir="ltr"><<a href="mailto:adam.longwill@metamesh.org" target="_blank">adam.longwill@metamesh.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_quote">On Feb 23, 2016 12:42 PM, "Adam Longwill" <<a href="mailto:adam.longwill@gmail.com" target="_blank">adam.longwill@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">I do not have a good understanding of the difference between jtag/serial/ and tftp. Can someone briefly explain the difference for people like myself? Can JTAG flashing replace a locked firmware? I thought the chips themselves could be built to only cryptographically accept approved firmware? Or is that only with "higher level" flashing methods.</p>
<p dir="ltr">Anyone have a Explain it Like I'm 5 version out there to help explain?</p>
<p dir="ltr">Thank you all.</p><div><div>
<div class="gmail_quote">On Feb 23, 2016 12:04 PM, "Ben West" <<a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Is JTAG intervention now required? I had thought I'd read
that serial console access and/or TFTP recovery mode was sufficient, at
least on TP-Link products being discussed. Since we're talking about products costing only 50-100USD, I would gather that the amount of effort manufacturers are willing to invest in locking the firmware is finite, meaning by extension the effort required to work-around such locks should also be finite.<br><br>That is, all radio products with firmware presently for sale can have their firmware modified, given sufficient effort. The fact that sufficiently determined persons can override countermeasures and mod the firmware doesn't appear to endanger their FCC certification.<br><br></div>Anyway, similar to the hardware compatibility pages on <a href="http://openwrt.org" target="_blank">openwrt.org</a>'s wiki, would it make sense to also record in wiki the list of working hardware, along with known work-arounds?<br><br></div>What would be a good venue for such wiki pages? Any of these?<br><br><div class="gmail_extra"><a href="https://wiki.openwrt.org/" target="_blank">https://wiki.openwrt.org/</a><br><a href="http://battlemesh.org/" target="_blank">http://battlemesh.org/</a><br><a href="https://wirelesspt.net/wiki/P%C3%A1gina_principal" target="_blank">https://wirelesspt.net/wiki/P%C3%A1gina_principal</a><br><a href="https://libreplanet.org/wiki/Main_Page" target="_blank">https://libreplanet.org/wiki/Main_Page</a><br><br><div class="gmail_quote">On Tue, Feb 23, 2016 at 10:23 AM, Philipp Borgers <span dir="ltr"><<a href="mailto:borgers@mi.fu-berlin.de" target="_blank">borgers@mi.fu-berlin.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span>On Tue, Feb 23, 2016 at 05:08:52PM +0100, Benjamin Henrion wrote:<br>
> On Tue, Feb 23, 2016 at 4:26 PM, Adam Longwill<br>
> <<a href="mailto:adam.longwill@metamesh.org" target="_blank">adam.longwill@metamesh.org</a>> wrote:<br>
> > We have contracts to fulfill. Can we start a discussion here about what<br>
> > hardware still works? What about Ligowave who came to Battlemesh v8? They<br>
> > said they gave out unlock codes. Do any of you use them? What hardware are<br>
> > you STILL buying that STILL works?<br>
> ><br>
> > Also, is it possible to use the JTAG interface to reflash a router and erase<br>
> > locked down firmware or is it the same as ethernet flashing- I've never done<br>
> > it.<br>
><br>
> Yes, depends on the SoC, and if the JTAG pins are properly exposed.<br>
><br>
> After that, the JTAG software needs to support your flash chip.<br>
><br>
> Otherwise, since nowadays most flash chips are SPI ones in SOIC8<br>
> format, it is easier to just use a buspirate with a 4x2 clamp hooked<br>
> on the chip, and you will be able to reflash it:<br>
><br>
> <a href="http://www.dhresource.com/0x0s/f2-albu-g1-M00-CA-EB-rBVaGFQ_GG6AHCR0AAEtkRTBPOQ099.jpg/updated-ic-clamp-soic8-sop8-ic-clip-1-adapter.jpg" rel="noreferrer" target="_blank">http://www.dhresource.com/0x0s/f2-albu-g1-M00-CA-EB-rBVaGFQ_GG6AHCR0AAEtkRTBPOQ099.jpg/updated-ic-clamp-soic8-sop8-ic-clip-1-adapter.jpg</a><br>
<br>
</span>Can someone give a workshop about the tools for flash reading and the process<br>
involved?<br>
<br>
Maybe we can collect some money in advance so everybody can have the right tools<br>
at hand?<br>
<br>
Best Philipp<br>
<br>_______________________________________________<br>
Battlemesh mailing list<br>
<a href="mailto:Battlemesh@ml.ninux.org" target="_blank">Battlemesh@ml.ninux.org</a><br>
<a href="http://ml.ninux.org/mailman/listinfo/battlemesh" rel="noreferrer" target="_blank">http://ml.ninux.org/mailman/listinfo/battlemesh</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div>Ben West<div><a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br><a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a><br><a href="tel:314-246-9434" value="+13142469434" target="_blank">314-246-9434</a><br></div></div>
</div></div>
<br>_______________________________________________<br>
Battlemesh mailing list<br>
<a href="mailto:Battlemesh@ml.ninux.org" target="_blank">Battlemesh@ml.ninux.org</a><br>
<a href="http://ml.ninux.org/mailman/listinfo/battlemesh" rel="noreferrer" target="_blank">http://ml.ninux.org/mailman/listinfo/battlemesh</a><br>
<br></blockquote></div>
</div></div></blockquote></div>
<br>_______________________________________________<br>
Battlemesh mailing list<br>
<a href="mailto:Battlemesh@ml.ninux.org" target="_blank">Battlemesh@ml.ninux.org</a><br>
<a href="http://ml.ninux.org/mailman/listinfo/battlemesh" rel="noreferrer" target="_blank">http://ml.ninux.org/mailman/listinfo/battlemesh</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div>Ben West<div><a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br><a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a><br><a href="tel:314-246-9434" value="+13142469434" target="_blank">314-246-9434</a><br></div></div>
</div></div>