You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

113 lines
6.0 KiB

\documentclass[11pt]{article}
%Gummi|065|=)
\usepackage{graphicx}
\usepackage{caption}
\usepackage{xcolor}
\usepackage[vcentering,dvips]{geometry}
\geometry{papersize={6in,9in},total={4.5in,6.8in}}
\title{\textbf{}}
\author{Steak Electronics}
\date{}
\begin{document}
\maketitle
%\tableofcontents
\textcolor{green!60!blue!70}{
\section{Edimax WAP1750}}
\begin{verbatim}
From:
https://openwrt.org/toh/devolo/devolo_wifi_pro_1750e
\end{verbatim}
\footnote{Always type out full URL in links. Don't put hyperlinks. This is done, so that when you print out a webpage, the URLs are still readable.}
The devolo WiFi pro 1750e is a wall mountable access point with:
Dual band 2.4 and 5 GHz WiFi (3 by 3 IEEE 802.11n 450Mbps, 3 by3 IEEE 802.11ac 1299Mpbs)
\begin{itemize}
\item 2x 1Gbit ethernet ports (with Power over Ethernet support)
\item 1x USB 2.0 port
\item External serial console port (Currently unsupported but internal 4-pin internal Dupont connector is functional)
\item 1x GPIO attached piezo beeper
\end{itemize}
The access point is manufactured by OEM Acelink Technologies Co., Ltd. as a EW-7679WAC and was originally sold by Edimax as a WAP1750. The Edimax unit was reviewed by SmallNetBuilder.
\subsection{Flashing Openwrt on to the WAP1750}
At the moment, this page:
\\
https://openwrt.org/toh/devolo/devolo\_wifi\_pro\_1750e
discusses flashing new firmware via SSH. However, the WAP1750 has a custom console, and while it's running GPLv2 GNU Linux, somehow it managed to lock down the software, so that simply shelling into it, is no longer possible. I'm sure that is a sin. GPLv2 does not mean people can take it and then abuse it for commercial use. It's a community good.
None the less, it can be turned into an upgradeable router via the following means:
\begin{itemize}
\item Teardown enclosure
\item Remove flash chip by desoldering with hot air
\item Read flash with appropriate tool (Flashrom, TL866A).
\item Patch existing image sysupgrade for Devolo 1700 series.
\item Write flash with new image
\item Resolder chip to board
\item Access board via FTDI / USB-Serial chip
\end{itemize}
Simple enough, right? It is simple. But it's not simple. At least 5 years of hobbyist electronics and I'm able to do this, but for the layman... Only with a guide. And let's also talk about the issues that arose during the above steps. It's never as easy as it would be in a normal world. Earth is not normal. Earth is tilted.
\subsection{Teardown Enclosure}
The first time, I went careful with a plastic spudger. This device is actually well designed as far as teardowns go. The second time, I got angry and snapped off the front plate with a screwdriver. In fact, the screwdriver approach (here) was superior. Much faster. Although scratches are left. Scratches only hurt those who favor form over function. Fools.
\subsection{Remove Flash chip by desoldering with hot air}
Once you teardown into the board, you'll examine the ICs. The flash is nowhere to be seen. Is it onboard the CPU? No, it's on the bottom of the board. So it must be lifted out of the enclosure. With hot air desoldering, you must also use lead solder first on the pins. This guide is not a tutorial on hot air soldering. I assume you know this kind of stuff. I won't go into it, unless notable.
Not all tweezers can grab these large chips easy. I have one pair that fits them, and about 3 that don't. Can't have enough tweezers, it seems.
\subsection{Read flash with appropriate tool}
I have a new rule. Every EE should have a toolbox of flash reading / writing equipment. It's necessary.
My weapon of choice for this project was the Beaglebone black with flashrom. A TL866A could also work. Flashrom is compatible with lots of hardware. An RPI can be used. Doesn't matter, but you must set it up. And when you have the chip, you will need:
\begin{itemize}
\item Breakout boards for the IC, as those clips are useless \footnote{I have two of those flash-in-place clips. Pomona used to sell them for \$40 each, then China came in and sells them for less than 12 dollars each now. Some for 5. They can work, but the one I had barely reached to all the pins. It wasn't big enough. Not worth it. Get breakout pcbs unless you do this a lot.}
\item Soldering Iron
\item Hot Air station
\item Lead solder
\item Tweezers
\item Experience to not damage pins during the operation
\item Short wires between breakout and BBB
\item Proper connecting of wires to BBB
\end{itemize}
I got a tote/toolbox of a few pages of documentation on flashing via BBB, and also the pinouts of the P8 and P9 headers of the BBB. Printouts help.
A guide on the BBB flashrom setup is here: %insertlibrebootlink
BBB SRM manual has the P8 and P9 headers.
Since I've used flashrom in the past to flash Libreboot, this was not new territory for me. Experience with this helps. \footnote{Such as, keep wires short, make multiple reads, and compare with md5sum afterwards, don't fry chip.}
\subsection{Patch existing image sysupgrade for Devolo 1700 series.}
This was easy enough (what I tried worked the first time). Based on this link on the forum for tp link devices https://forum.openwrt.org/t/debricking-tl-wr1043nd-v4-hard-way-by-external-flashing-solved/7675/6
So the command was similar.
\begin{verbatim}
sudo dd if=lede-17.01.4-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin of=dump.bin bs=1 seek=$((0x20000)) conv=notrunc
\end{verbatim}
Except I knew the proper directory was at 0x70000 on my chip, thanks to the partition map at the devolo page, and also the partitions page here which explains all this:
https://openwrt.org/docs/techref/flash.layout
Another interesting, but not required reading:
https://openwrt.org/docs/techref/flash
Basically, any IT admin who sells / maintains a flash based device, and doesn't have a plan to replace the flash when it fails (which it very likely will at some point) is a hack. It's the number one cause of built in obsolescence. Even Tesla ran into trouble with their cars\footnote{Some early cars had their onboard flash fail. Flash is a problem, and a big one for the long game.}.
\end{document}