Stormwind_mobile has quit [Ping timeout: 276 seconds]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 240 seconds]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Remote host closed the connection]
gatin00b has quit [Quit: Lost terminal]
<marcan>
whitequark: remind me again what the state of MIPS JTAG is?
<marcan>
I might want to JTAG my router (to swap out the NAND in particular)
<whitequark>
marcan: should basically work
<whitequark>
there are some extremely obscure routers that don't because i literally could not find any docs or working code
<whitequark>
i wrote an openocd backend for one of those and openocd doesn't work with either, rip
<whitequark>
oh yeah
<whitequark>
worst case you can just use the openocd bridge
<marcan>
oh, that's a thing
<marcan>
right
<marcan>
this is MT7621
<whitequark>
i'd be curious to see if the native debugger works tho
<whitequark>
since it'll be the base for moving JTAG roundtrips to the device
<whitequark>
using boneless
<marcan>
how does this usually work? load uboot into RAM and run that? directly flash via the NAND controller?
<whitequark>
hm
<marcan>
(I really just need to get uboot onto a blank NAND)
<whitequark>
loading uboot into RAM and running it seems like the absolute easiest way
<whitequark>
one gdb command, ideally
<marcan>
cool
<marcan>
fun thing: this thing seems to have a SPI flash that is totally empty
<marcan>
theoretically I might be able to put uboot on there and just have it boot with a blank NAND, *if* the straps are set correctly
<marcan>
but I want this to continue working with vendor firmware, so doing some big change like that isn't a great idea :p
<marcan>
(vendor firmware should support 512MB NANDs at least, as far as I can tell from the GPL tree)
<marcan>
(original is 256MB)
<whitequark>
ahh that's how you ended up with a blank NAND
<whitequark>
could've programmed it directly :p
<whitequark>
probably not unless you have a tsop48 socket
<marcan>
I have some somewhere but... that's extra effort
Stormwind_mobile has joined #glasgow
<marcan>
though I guess it ought to work, glasgow has enough pins for 8bit nand, right?
<marcan>
so maybe I can try that
<whitequark>
yes, it works, should have read/write/erase and ONFI autodetect
<marcan>
cool
<whitequark>
except most flashes don't actually have ONFI so you probably still need to enter the parameters by hand
<marcan>
shrug
<whitequark>
and the ones which do or claim to have sometimes have it utterly broken
<whitequark>
hell
<whitequark>
i have a few flashes with a wrong JEDEC ID
<whitequark>
like, it doesn't even have the correct parity bit
<whitequark>
because someone at samsung accidentally swapped the nibbles
<whitequark>
and ... just ... shippedit like that
<marcan>
do you support ECC magic or whatever, or is that separate?
<whitequark>
you're on your own for anything related to FTL
<marcan>
so the images are raw block+spare?
<whitequark>
yes
<marcan>
ok
<marcan>
need to figure out what mtd wants then
<whitequark>
if you pass SPARE-FILE then you have separate data+spare, otherwise it's organized like a linear concatenation of data+spare pairs
<whitequark>
i think most software uses the latter
<marcan>
yeah, that's what we did for the wii
<marcan>
2048+64 blocks
<whitequark>
tbh if you could jtag it that'd still be handy
<whitequark>
i haven't tested it on any mediatek
<marcan>
funny enough I should have a bunch of Wii NANDs, but I don't think they will be in the supported chip list sadly
<marcan>
even though the config is identical
<whitequark>
mostly broadcom so far, and other, even more cursed shit
<whitequark>
like trendchip
<marcan>
lol
<whitequark>
you know it's good when you have to reverse-engineer the JTAG pinout by guessing which reserved pins are that
<marcan>
MX30LF2G18AC is the old NAND, MX30LF4G18AC sounds like a good replacement (also in the support list)
<hl>
any reason you all keep discussing the MT7621
<whitequark>
and they're connected to LEDs obviously
<marcan>
hl: keep?
<hl>
just wondering if you have plans for it or something
<marcan>
it's just the chip in my router
<hl>
aah
<marcan>
whitequark: well I dumped my current nand with spare (thanks ubiquity for including the useful commandline tools)
<marcan>
so that should be enough to just 1:1 flash it to a new nand
<marcan>
and heck, if bad blocks don't get in the way and ubifs doesn't whine at its partition suddenly growing, that might even Just Work all the way to linux
<marcan>
sounds like it might even automagically work to expand to size
gatin00b has joined #glasgow
<kc8apf>
Which router is this? I've mostly hacked on their cavium-based ones.
<whitequark>
marcan: neat!
<marcan>
kc8apf: ER-X
<marcan>
I also have an ERLite-3, but the cavium ones inexplicably do not support IPv6 PPPoE+VLAN offload
<marcan>
which I need
<marcan>
I might use it in the interim while I mess with the ER-X, but I expect the ER-X will perform better on v6
<marcan>
(also the built-in switch is handy)
<kc8apf>
Ah, yeah. Offload is weak on ER-Lite
<marcan>
sad, because those have the FS on a USB stick which you can just replace
<marcan>
I have no idea why they don't support v6 PPPoE+VLAN
<marcan>
when they do on v4
<marcan>
like, you can pick one or the other, but not both
<marcan>
it's really odd
<kc8apf>
Limits in the silicon
Stormwind_mobile has quit [Ping timeout: 276 seconds]
Stormwind_mobile has joined #glasgow
m4ssi has joined #glasgow
<Stormwind_mobile>
whitequark: I remember there have been talks at past congresses discussing discovery of JTAG on an unknown chip with unknown pinout, just by tapping into and wiggling all possible pins/traces on a PCB and observing the patterns on the other monitored traces.
<Stormwind_mobile>
Could this be made automatic with Glasgow?
<kbeckmann>
Stormwind_mobile: sounds like the jtag_pinout applet is what you are looking for
<ZirconiumX>
Yep, I'm pretty sure jtag_pinout can do that automatically
_whitelogger has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 240 seconds]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 250 seconds]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Read error: Connection reset by peer]
fridtjof[m] has quit [Write error: Connection reset by peer]
disasm[m] has quit [Read error: Connection reset by peer]
chocol4te has quit [Write error: Connection reset by peer]
nrossi has quit [Remote host closed the connection]
cyrillu[m] has quit [Remote host closed the connection]
jschievink has quit [Read error: Connection reset by peer]
JJJollyjim has quit [Write error: Connection reset by peer]
kerel has quit [Remote host closed the connection]
jschievink has joined #glasgow
JJJollyjim has joined #glasgow
disasm[m] has joined #glasgow
chocol4te has joined #glasgow
kerel has joined #glasgow
nrossi has joined #glasgow
fridtjof[m] has joined #glasgow
cyrillu[m] has joined #glasgow
Stormwind_mobile has joined #glasgow
gatin00b has quit [Ping timeout: 265 seconds]
gatin00b has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 246 seconds]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 240 seconds]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 240 seconds]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 250 seconds]
Stormwind_mobile has joined #glasgow
m4ssi has quit [Remote host closed the connection]
Stormwind_mobile has quit [Ping timeout: 265 seconds]
Stormwind_mobile has joined #glasgow
Sellerie_ has quit [Quit: Ping timeout (120 seconds)]
Sellerie_ has joined #glasgow
Stormwind_mobile has quit [Read error: Connection reset by peer]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 265 seconds]
bgamari_ has joined #glasgow
bgamari has quit [Ping timeout: 268 seconds]
Stormwind_mobile has joined #glasgow
Stormwind_mobile has quit [Ping timeout: 268 seconds]