zkdc 发表于 2020-7-29 04:06

发一个自己编译的 wdr5600v2 openwrt 固件,附带修改的 patch 文件

本帖最后由 zkdc 于 2022-2-18 11:49 编辑

2022/2/18:
编译 openwrt 21.02.1 ,提供 squashfs-sysupgrade.bin 文件,依然是官方基础配置加中文支持。
已经按下面方法刷入的可以直接在 openwrt 里使用这个文件升级,没有按下面方法刷入过的请参照用法部分使用。
移除编辑好的 final_rom.bin 文件,请自己按下面的方法对自己的固件进行编辑。
同样提供 patch 文件以方便自己编译修改(虽然其实也没改多少东西就是了)。


2020/9/24 更新:

编译 openwrt 19.07.4 ,提供 squashfs-sysupgrade.bin 文件,依然是官方基础配置加中文支持。
已经按下面方法刷入的可以直接在 openwrt 里使用这个文件升级,没有按下面方法刷入过的请参照用法部分使用,或者用编程器刷入我之前做的 final_rom.bin 后再升级。
同样提供 patch 文件以方便自己编译修改(虽然我其实也没改多少东西就是了)。

网盘链接不变。

=============


更新:
由于楼主过于专注让 openwrt 跑起来,结果构建时失误连中文支持都没选:L。现在编译并上传了添加了中文支持的固件,名字分别为 openwrt-19.07.3-ath79-generic-tplink_tl-wdr5600-v2-squashfs-sysupgrade_zh-cn.bin 和 final_rom_zh-cn.bin,用法和下文对应文件用法一样。


==============


openwrt 版本为 19.07.3,主要根据c25-v1的设备配置进行修改

没有添加各种软件包,纯 openwrt 官方配置

链接: https://pan.baidu.com/s/1L-N16YU-7VFf3shbVe1X9A 提取码: 9r5f

用法:

首先,这机子原厂的固件更新和启动时使用的第一个 uboot 会检查固件的签名,所以不拆机刷不成。
另外,拆开后仅用ttl也刷不成:uboot 阶段没办法输入。进入 linux 后可以输入了,但需要登录 root 账户,而 root 的密码我们不知道。
(坑人啊,自己不更新固件还tm阻止别人换新固件)

所以必须用编程器刷:

1.先用编程器将原厂固件读出来,并留一份做备份
2.修改原厂固件,将 0x0-0x1d800(不包括0x1d800,下同),0x40000-0x800000(固件末尾)填充ff    (这步可以不做,只是我强迫症不全写成 ff 看着难受:lol)
3.将原厂固件的 0x30000-0x40000 间的数据复制到 0x0-0x10000(即将其复制到固件头),将 openwrt-19.07.3-ath79-generic-tplink_tl-wdr5600-v2-squashfs-sysupgrade.bin 的内容复制到 0x40000处。
4.修改完成后用编程器将修改完成的固件写回flash。



原理:这个设备有两个uboot,分别在 0x0-0x1d800 和 0x30000-0x40000 。启动时会先启动第一个 uboot,第一个 uboot 在正常启动时好像只会检查固件签名,之后会启动第二个 uboot,而第二个 uboot 不会检查固件签名。将第二个uboot复制到 0x0 后,设备启动时就会直接运行第二个 uboot (其实只将第二个 uboot 前面的一小段复制过去应该就有这种效果)。而第二个 uboot 在完成一系列操作后就会在 flash 的 0x40018,0x4001C 处读取内核的加载地址和入口地址,然后就会加载位于 0x40200 的内核。(除了 wdr5600 以外应该还有不少 tplink 的路由是这样)

如果你懒得进行上面的修改操作,直接使用我做好的 final_rom.bin 即可。该文件除了进行了上面的操作以外,还将 0x20000-0x30000 的内容填充为 ff (强迫症:lol)。此固件中的 mac 地址后 24 位以及 devID(均位于flash的0x1d800处)是随机生成的。

patch文件可以用于自己编译固件,本人是基于 19.07.3 稳定版源码进行修改的,具体如何进行openwrt的编译、使用git和使用patch,请参考论坛中其他资料或自行百度。


下面会写一些设备相关信息和我自己折腾的杂项。

zkdc 发表于 2020-7-29 16:55

本帖最后由 zkdc 于 2020-7-29 16:59 编辑

拆机正面:

背面:

Soc:QCA9561-al3a
5Gwifi:QCA9887
内存:64mb,m14d5121632a
flash:8m,25系列芯片,25Q64CSIG(在板子背面)
ttl:板子左边一排四个洞,从板子边到板内依次是 txd,rxd,gnd,电压3.3v(接线的时候将 ttl 的 rxd 接到板子的 txd 上,txd 接到 rxd上,gnd 接 gnd 上,vcc 不接)。
波特率 :uboot 阶段和开始部分 linux 启动阶段为 128000,后面 Linux 会将其设置为 115200,uboot 阶段无法输入。

原厂固件分区信息:
根据 ttl 得到的内核启动 log:
[    0.280000] Creating 9 MTD partitions on "spi0.0":
[    0.290000] 0x000000000000-0x00000001d800 : "factory_boot"
[    0.290000] mtd: partition "factory_boot" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[    0.310000] 0x00000001d800-0x00000001e000 : "factory_info"
[    0.320000] 0x00000001e000-0x000000020000 : "art"
[    0.320000] 0x000000020000-0x000000030000 : "config"
[    0.330000] 0x000000030000-0x000000040000 : "normal_boot"
[    0.330000] 0x000000040000-0x00000013fa78 : "kernel"
[    0.340000] mtd: partition "kernel" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[    0.350000] 0x00000013fa78-0x000000680000 : "rootfs"
[    0.360000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[    0.370000] mtd: partition "rootfs" set to be root filesystem
[    0.380000] 0x000000680000-0x000000800000 : "rootfs_data"
[    0.390000] 0x000000040000-0x000000800000 : "firmware"第一个分区 0x0-0x1d800(不含末位,下同)是放第一个 uboot 的分区,主要负责校验固件以及校验不通过进入恢复模式。第二个分区 0x1d800-0x1e000 主要存放 mac 地址,devid 等信息。第三个分区 0x1e000-0x20000 是 art 分区,存放 art 数据。该分区开头是 2g 的 art 数据,共 1088 字节;然后偏移 0x1000 (闪存 0x1f000)处是 5g 的 art 数据,共 2116 字节(一般设备的 art 分区是闪存的最后 64kb,在该分区偏移量0x1000 处放 2g 的 art 数据,偏移 0x5000 处放 5g 的 art 数据)。0x20000-0x30000 分区作用不明,可能是存放原厂固件用户设置的分区。0x30000-0x40000 是放第二个 uboot 的分区。后面的这些分区是原厂的固件分区。原厂的固件应该是根据老版本的 openwrt 进行修改得到的。(在这里提一句,原厂的 kernel 不认现在的 mksquashfs 制作的 squashfs 分区。我试着提取原厂的 squashfs 分区,删了 root 密码重新打包回去,内核不认,最后用 ubuntu 12.04 的 mksquashfs 才解决问题)


(2g art)



(5g art)


gpio信息:
gpio1 是复位按钮,按下去的时候是 0,不按是 1
gpio21 是灯,值是 1 的时候不亮,是 0 的时候亮
ttl 的 rxd 在 18 口, txd 在 20 口
(在删掉 root 密码的原厂系统测试 gpio 时,得先把占用 gpio 的原厂 led 控制和按钮控制内核模块卸载,否则灯和复位按钮的 gpio 测试不了)

(在原厂设备上,显示的 led 其实有四个,分别是 status、5g、2g、wps,可实际上设备只有一个灯:))

内核前面的固件头(0x40000-0x40200):

开头4个字节:应该是固件头的版本号

后面20个字节:应该是magic number。其在多个 tplink 的固件中出出现

再后面8个字节:存放内核的加载地址和入口地址(uboot 唯一读取的地方,我将0x40000-0x40200其他部分全部用 ff 填充,设备依然能正常启动)
之后的112字节:应该是某种分区表
再往后的字节:不知道


其他:
2.4g wifi 和 lan 口的 mac 地址是设备 mac,wan 口的 mac 是设备 mac + 1,5g wifi 的 mac 是设备 mac +2
设备树文件中(即 patch 里面新建的那个文件)的 eth0、eth1 和实际系统中的 eth0、eth1 对应接口是反着的。也就是说设备树中描述的eth0实际对应系统中的eth1,eth1对应eth0

本人刷机用的 xtw100 编程器,使用夹子夹上后发现只能读不能写,按店家说明要给 8脚加一个 3.3v 电压。好在我还买了一个 ch340g ttl 模块,最后用它上面的 3.3v 勉强混了过去。就是直接用夹子刷机的的话加的电压会让设备启动。


附原厂固件启动ttl输出:
波特率128000阶段:


U-Boot 1.1.4 (Oct 30 2015 - 15:16:04)(COMPRESSED)

ap151 - Dragonfly 1.0

DRAM:64 MB
Top of RAM usable for U-Boot at: 84000000
Reserving 212k for U-Boot at: 83fc8000
Reserving 132k for malloc() at: 83fa7000
Reserving 44 Bytes for Board Info at: 83fa6fd4
Reserving 36 Bytes for Global Data at: 83fa6fb0
Reserving 128k for boot params() at: 83f86fb0
Stack Pointer at: 83f86f98
Now running in RAM - U-Boot at: 83fc8000
Flash Manuf Id 0xc8, DeviceId0 0x40, DeviceId1 0x17
flash size 8MB, sector count = 2048
Flash:8 MB
Using default environment

Autobooting in 1 seconds
verifying uboot partition...
ok
verifying kernel and romfs partition...
ok
Now starting to boot from uboot2!


U-Boot 1.1.4-dirty (May 12 2016 - 17:13:24)

ap151 - Dragonfly 1.0

DRAM:64 MB
Top of RAM usable for U-Boot at: 84000000
Reserving 137k for U-Boot at: 83fdc000
Reserving 132k for malloc() at: 83fbb000
Reserving 44 Bytes for Board Info at: 83fbafd4
Reserving 36 Bytes for Global Data at: 83fbafb0
Reserving 128k for boot params() at: 83f9afb0
Stack Pointer at: 83f9af98
Now running in RAM - U-Boot at: 83fdc000
Flash Manuf Id 0xc8, DeviceId0 0x40, DeviceId1 0x17
flash size 8MB, sector count = 2048
Flash:8 MB
Using default environment

In:    serial
Out:   serial
Err:   serial
Net:   ath_gmac_enet_initialize...
No valid address in Flash. Using fixed address
Fetching MAC Address from 0x83ff113c
ath_gmac_enet_initialize: reset mask:c02200
Dragonfly----> S27 PHY *
: cfg1 0x80000000 cfg2 0x7114
eth0: 00:03:7f:09:0b:ad
athrs27_phy_setup ATHR_PHY_CONTROL 4 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 4 :10
eth0 up
ATHRS27: resetting s27
ATHRS27: s27 reset done
: cfg1 0x800c0000 cfg2 0x7214
eth1: 00:0c:f0:60:dc:98
athrs27_phy_setup ATHR_PHY_CONTROL 0 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 0 :10
athrs27_phy_setup ATHR_PHY_CONTROL 1 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 1 :10
athrs27_phy_setup ATHR_PHY_CONTROL 2 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 2 :10
athrs27_phy_setup ATHR_PHY_CONTROL 3 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 3 :10
eth1 up
eth0, eth1
Setting 0x181162c0 to 0x4b962100
Autobooting in 1 seconds
## Booting image at 9f040000 ...
   Uncompressing Kernel Image ... OK
No initrd
## Transferring control to Linux (at address 80060000) ...
## Giving linux memsize in bytes, 67108864

Starting kernel ...

[    0.000000] Linux version 3.3.8 (tplink@tplink-0B) (gcc version 4.6.3 20120201 (prerelease) (Linaro GCC 4.6-2012.02) ) #1 Thu May 12 17:15:46 CST 2016
[    0.000000] bootconsole enabled
[    0.000000] CPU revision is: 00019750 (MIPS 74Kc)
[    0.000000] SoC: Qualcomm Atheros QCA956X rev 0
[    0.000000] Clocks: CPU:775.000MHz, DDR:650.000MHz, AHB:258.333MHz, Ref:25.000MHz
[    0.000000] Determined physical RAM map:
[    0.000000]memory: 04000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone PFN ranges:
[    0.000000]   Normal   0x00000000 -> 0x00004000
[    0.000000] Movable zone start PFN for each node
[    0.000000] Early memory PFN ranges
[    0.000000]   0: 0x00000000 -> 0x00004000
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.Total pages: 16256
[    0.000000] Kernel command line:board=AP151 console=ttyS0,115200 rootfstype=squashfs,jffs2 noinitrd
[    0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[    0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] Writing ErrCtl register=00000000
[    0.000000] Readback ErrCtl register=00000000
[    0.000000] Memory: 61388k/65536k available (2208k kernel code, 4148k reserved, 563k data, 180k init, 0k highmem)
[    0.000000] SLUB: Genslabs=9, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS:83
[    0.000000] Calibrating delay loop... 385.84 BogoMIPS (lpj=1929216)
[    0.060000] pid_max: default: 32768 minimum: 301
[    0.060000] Mount-cache hash table entries: 512
[    0.060000] Initialized recycle list for cpu 0.
[    0.070000] NET: Registered protocol family 16
[    0.070000] gpiochip_add: registered GPIOs 0 to 22 on device: ath79
[    0.080000] MIPS: machine is Qualcomm Atheros AP151 reference board
[    0.080000] registering PCI controller with io_map_base unset
[    0.090000] bio: create slab <bio-0> at 0
[    0.100000] PCI host bridge to bus 0000:00
[    0.100000] pci_bus 0000:00: root bus resource
[    0.110000] pci_bus 0000:00: root bus resource
[    0.110000] pci 0000:00:00.0: invalid calibration data
[    0.120000] pci 0000:00:00.0: BAR 0: assigned
[    0.120000] pci 0000:00:00.0: BAR 6: assigned
[    0.130000] pci 0000:00:00.0: using irq 40 for pin 1
[    0.130000] Switching to clocksource MIPS
[    0.140000] NET: Registered protocol family 2
[    0.140000] IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.140000] TCP established hash table entries: 2048 (order: 2, 16384 bytes)
[    0.150000] TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
[    0.150000] TCP: Hash tables configured (established 2048 bind 2048)
[    0.160000] TCP reno registered
[    0.160000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.170000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.170000] NET: Registered protocol family 1
[    0.190000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.190000] JFFS2 version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.200000] msgmni has been set to 119
[    0.210000] io scheduler noop registered
[    0.210000] io scheduler deadline registered (default)
[    0.220000] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
[    0.240000] serial8250.0: ttyS0 at MMIO 0x18020000 (irq = 11) is a 16550A波特率115200阶段:
[    0.250000] console enabled, bootconsole disabled
[    0.250000] console enabled, bootconsole disabled
[    0.260000] m25p80 spi0.0: found gd25q64CSIG, expected m25p80
[    0.270000] m25p80 spi0.0: gd25q64CSIG (8192 Kbytes)
[    0.270000] Searching for RedBoot partition table
[    0.280000] 9 RedBoot partitions found on MTD device spi0.0
[    0.280000] Creating 9 MTD partitions on "spi0.0":
[    0.290000] 0x000000000000-0x00000001d800 : "factory_boot"
[    0.290000] mtd: partition "factory_boot" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[    0.310000] 0x00000001d800-0x00000001e000 : "factory_info"
[    0.320000] 0x00000001e000-0x000000020000 : "art"
[    0.320000] 0x000000020000-0x000000030000 : "config"
[    0.330000] 0x000000030000-0x000000040000 : "normal_boot"
[    0.330000] 0x000000040000-0x00000013fa78 : "kernel"
[    0.340000] mtd: partition "kernel" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[    0.350000] 0x00000013fa78-0x000000680000 : "rootfs"
[    0.360000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[    0.370000] mtd: partition "rootfs" set to be root filesystem
[    0.380000] 0x000000680000-0x000000800000 : "rootfs_data"
[    0.390000] 0x000000040000-0x000000800000 : "firmware"
[    0.390000] Registered character driver slp_flash_chrdev
[    0.400000] u32 classifier
[    0.400000]   Performance counters on
[    0.400000]   input device check on
[    0.410000]   Actions configured
[    0.410000] nf_conntrack version 0.5.0 (959 buckets, 3836 max)
[    0.420000] TCP cubic registered
[    0.420000] NET: Registered protocol family 17
[    0.430000] 8021q: 802.1Q VLAN Support v1.8
[    0.440000] Flash UID signiture check OK.
[    0.440000] ### of_selftest(): No testcase data in device tree; not running tests
[    0.450000] VFS: Mounted root (squashfs filesystem) readonly on device 31:6.
[    0.460000] Freeing unused kernel memory: 180k freed
- preinit -
- regular preinit -
[    2.730000] JFFS2 notice: (338) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
switching to jffs2
- init -
CAL_TAG=0000000 1111

Please press Enter to activate this console. Fri Jul 17 13:51:00 UTC 2020
[    5.010000] ar71xx: invalid MDIO id 1
[    5.430000] ag71xx_mdio: probed
[    5.440000] ag71xx_mdio: probed
[    5.450000] eth0: Atheros AG71xx at 0xb9000000, irq 4
[    6.000000] ag71xx ag71xx.0: eth0: connected to PHY at ag71xx-mdio.1:04
[    6.010000] eth1: Atheros AG71xx at 0xba000000, irq 5
[    6.570000] eth1: Found an AR934X built-in switch
[    7.860000] PPP generic driver version 2.4.2
[    7.890000] asf: module license 'Proprietary' taints kernel.
[    7.890000] Disabling lock debugging due to kernel taint
[    7.910000] ****Address of trace_timer :83bf25c0
[    8.190000] ath_hal: 0.9.17.1 (AR5416, AR9380, REGOPS_FUNC, WRITE_EEPROM, TX_DATA_SWAP, RX_DATA_SWAP, 11D)
[    8.260000] ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved
[    8.280000] ath_tx99: Version 2.0
[    8.280000] Copyright (c) 2010 Atheros Communications, Inc, All Rights Reserved
[    8.440000] ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved
[    9.970000]
[    9.970000] -----------------2G Caldata--------------------
[    9.980000] 02 02 00 02 03 04 05 06 00 00 00 00 00 00 00 00
[    9.980000] -----------------------------------------------
[    9.980000]
[    9.990000]
[    9.990000] -----------------5G Caldata--------------------
[   10.000000] 44 08 DE 9D 04 01 00 03 7F 12 34 56 00 00 1F 00
[   10.000000] -----------------------------------------------
[   10.000000]
[   10.010000] __ath_attach: Set global_scn
[   10.020000] *** All the minfree values should be <= ATH_TXBUF-32, otherwise default value will be used instead ***
[   10.030000] ACBKMinfree = 48
[   10.030000] ACBEMinfree = 32
[   10.030000] ACVIMinfree = 16
[   10.040000] ACVOMinfree = 0
[   10.040000] CABMinfree = 48
[   10.040000] UAPSDMinfree = 0
[   10.040000] ATH_TXBUF=512
[   10.060000] Enterprise mode: 0x03bda000
[   10.060000] Restoring Cal data from Flash
[   10.070000] ath_get_caps rx chainmask mismatch actual 7 sc_chainmak 0
[   10.080000] ath_get_caps tx chainmask mismatch actual 7 sc_chainmak 0
[   10.090000] ath_tx_paprd_init sc 831e0000 PAPRD Enabled
[   10.100000] wifi0: Atheros 956X: mem=0xb8100000, irq=47
[   10.100000] ath_pci: 10.2.3.31 (Atheros/multi-bss)
[   10.110000] ath_pci_probe
[   10.110000] PCI device id is 0050 :0050
[   10.110000] ath_pci 0000:00:00.0: BAR 0: assigned
[   10.120000] PCI: Enabling device 0000:00:00.0 (0000 -> 0002)
[   10.130000] ath_pci 0000:00:00.0: ath DEBUG: sc=0x83ba9800
[   10.140000]
[   10.140000]ol_ath_pci_configure : num_desired MSI set to 0
[   10.140000]
[   10.140000]Using PCI Legacy Interrupt
[   11.150000] CE_per_engine_handler_adjust, base=83ba9800 offset=57400
[   11.150000] CE_per_engine_handler_adjust, base=83ba9800 offset=57800
[   11.170000] __ol_ath_attach: ath_attach TODO
[   11.170000] __ol_ath_attach: dev name wifi1
[   11.180000] ol_ath_set_default_tgt_config : AC Minfree buffer allocation through module param (umac.ko)
[   11.190000]OL_ACBKMinfree : 0
[   11.190000]OL_ACBEMinfree : 0
[   11.200000]OL_ACVIMinfree : 0
[   11.200000]OL_ACVOMinfree : 0
[   11.200000] ol_ath_attach() BMI inited.
[   11.210000] ol_ath_attach() BMI Get Target Info.
[   11.210000] ol_ath_attach() TARGET TYPE: 7 Vers 0x4100016d
[   11.220000] NUM_DEV=1 FWMODE=0x2 FWSUBMODE=0x0 FWBR_BUF 0
[   11.220000] ol_ath_attach() configure Target .
[   11.230000] qc98xx_verify_checksum: flash checksum passed: 0x9dde
[   11.230000] ol_transfer_bin_file 2201: Download Flash data len 2116
[   11.240000] Swift firmware download
[   11.250000] ol_transfer_bin_file 2115: Download Firmware data len 224308
[   12.210000] ol_ath_attach() Download FW.
[   12.220000] ol_ath_attach() HT Create .
[   12.220000] ol_ath_attach() HIF Claim.
[   12.220000] ol_ath_attach() BMI Done.
[   12.230000] ol_ath_attach() WMI attached. wmi_handle 832b0000
[   12.230000] +HWT
[   12.240000] SOC_RESET_CONTROL_ADDRESS : 800
[   12.240000] CPU_INTR_ADDRESS =
[   12.240000] SOC_GLOBAL_RESET_ADDRESS =
[   12.250000] Rx_Filter :
[   12.250000] CE_per_engine_handler_adjust, base=83ba9800 offset=57400
[   12.260000] CE_per_engine_handler_adjust, base=83ba9800 offset=57800
[   12.260000] CE_per_engine_handler_adjust, base=83ba9800 offset=57c00
[   12.270000] CE_per_engine_handler_adjust, base=83ba9800 offset=58000
[   12.280000] CE_per_engine_handler_adjust, base=83ba9800 offset=58400
[   12.280000] CE_per_engine_handler_adjust, base=83ba9800 offset=58800
[   12.290000] CE_recv_buf_enqueue 653 Populate last entry 512 for CE 5
[   12.300000] CE_recv_buf_enqueue 662 CE 5 wi 511 dest_ptr 0x21bb020 nbytes 0 recv_ctxt 0x8219dd80
[   12.310000] -HWT
[   12.310000] HTC Service:0x0300 ep:1 TX flow control disabled
[   12.320000] CE_pkt_dl_len_set CE 4 Pkt download length 64
[   12.330000] ol_txrx_pdev_attach: 1424 tx desc's allocated ; range starts from 81df0000
[   12.340000] HTC Service:0x0100 ep:2 TX flow control disabled
[   12.340000] wmi_service_ready_event_rx:WMI UNIFIED SERVICE READY event
[   12.350000] num_rf_chain : 00000001
[   12.350000] ht_cap_info: : 0000085b
[   12.360000] vht_cap_info : 338001b2
[   12.360000] vht_supp_mcs : 0000fffe
[   12.360000] LARGE_AP enabled. num_peers 144, num_vdevs 16, num_tids 256
[   12.370000] idx 0 req 1num_units 0 num_unit_info 2 unit size 408 actual units 145
[   12.380000] chunk 0 len 59160 requested ,ptr0x1e10000
[   12.390000] FIRMWARE:P 145 V 16 T 443
[   12.390000]
[   12.400000] wmi_ready_event_rx:WMI UNIFIED READY event
[   12.400000] ol_ath_connect_htc() WMI is ready
[   12.410000] ol_ath_set_host_app_area TODO
[   12.410000] target uses HTT version 2.1; host uses 2.1
[   12.420000] ol_ath_attach() connect HTC.
[   12.430000] bypasswmi : 0
[   12.430000] ol_regdmn_start: reg-domain param: regdmn=0, countryName=, wModeSelect=FFFFFFFF, netBand=FFFFFFFF, extendedChanMode=0.
[   12.440000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x2) flags 0x2150
[   12.450000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x4) flags 0xa0
[   12.460000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x8) flags 0xc0
[   12.460000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x20) flags 0xd0
[   12.470000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x40) flags 0x150
[   12.480000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x800) flags 0x10080
[   12.480000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x2000) flags 0x20080
[   12.490000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x4000) flags 0x40080
[   12.500000] Add VHT80 channel: 5210
[   12.500000] Add VHT80 channel: 5290
[   12.510000] Add VHT80 channel: 5530
[   12.510000] Add VHT80 channel: 5610
[   12.510000] Add VHT80 channel: 5690
[   12.520000] Add VHT80 channel: 5775
[   12.520000] Skipping VHT80 channel 5825
[   12.530000] ol_ath_phyerr_attach: called
[   12.530000] OL Resmgr Init-ed
[   12.530000] ol_ath_rtt_meas_report_attach: called
[   12.540000] ol_ath_attach() UMAC attach .
[   12.540000] __ol_ath_attach: init tx/rx TODO
[   12.550000] __ol_ath_attach: hard_header_len reservation 58
[   12.640000] GRE over IPv4 demultiplexor driver
[   12.660000] GRE over IPv4 tunneling driver
[   12.670000] ip_tables: (C) 2000-2006 Netfilter Core Team
[   12.830000] xt_time: kernel timezone is -0000
[   12.900000] NET: Registered protocol family 24
[   13.230000] FWLOG: WAL_DBGID_TX_AC_BUFFER_SET ( 0x3, 0x1e, 0x460, 0x460, 0x0 )
[   13.240000] FWLOG: WAL_DBGID_TX_AC_BUFFER_SET ( 0x12, 0x1e, 0x460, 0x460, 0x0 )
[   13.250000] FWLOG: WAL_DBGID_TX_AC_BUFFER_SET ( 0x45, 0x1e, 0x460, 0x460, 0x0 )
[   13.260000] FWLOG: WAL_DBGID_TX_AC_BUFFER_SET ( 0x67, 0x1e, 0x460, 0x460, 0x0 )
[   13.270000] FWLOG: WHAL_ERROR_RECV_STOPPCU ( 0x110298a, 0x3 )
[   13.270000] FWLOG: WHAL_ERROR_RESET_PM ()
[   13.280000] FWLOG: ANI Enable:1
[   13.520000] nf_conntrack_rtsp v0.6.21 loading
[   13.540000] nf_nat_rtsp v0.6.21 loading
[   13.580000] Registered character driver slp_gpio_chrdev
[   14.720000] lan ip is 0xc0a80101
Command failed: Not found
uci: Entry not found (protocol.wan.macaddr)
user did not configured wan mac, use default.
Command failed: Not found
Command failed: Not found
[   20.520000] device eth1 entered promiscuous mode
Write Reg: 0x00000054: Oldval = 0x24696858 Newval = 0x24696858
Write Reg: 0x00000058: Oldval = 0x000f0001 Newval = 0x000f0001
Write Reg: 0x00000050: Oldval = 0x56100002 Newval = 0x5610000a
Enable device phy_change all_vifs enabled_vifs changed_vifs
[   25.880000] wlan_vap_create : enter. devhandle=0x831a8380, opmode=IEEE80211_M_HOSTAP, flags=0x1
[   25.890000] wlan_vap_create : exit. devhandle=0x831a8380, opmode=IEEE80211_M_HOSTAP, flags=0x1.
[   25.900000] VAP device ath0 created osifp: (818c2380) os_if: (818f0000)
[   25.940000] Set freq vap stop send + 818f0000
[   25.950000] Set freq vap stop send -818f0000
[   26.080000] Set wait done --818f0000
[   26.090000] wlan_vap_create : enter. devhandle=0x831a8380, opmode=IEEE80211_M_HOSTAP, flags=0x1
[   26.100000] wlan_vap_create : exit. devhandle=0x831a8380, opmode=IEEE80211_M_HOSTAP, flags=0x1.
[   26.110000] VAP device guest0 created osifp: (818c3b80) os_if: (81f80000)
[   26.150000] Set freq vap stop send + 818f0000
[   26.150000] Set freq vap stop send -818f0000
[   26.290000] Set wait done --818f0000
[   26.290000] Set freq vap stop send + 81f80000
[   26.290000] Set freq vap stop send -81f80000
[   26.430000] Set wait done --81f80000
[   26.440000] wlan_vap_create : enter. devhandle=0x831a8380, opmode=IEEE80211_M_STA, flags=0x1
[   26.450000] wlan_vap_create : exit. devhandle=0x831a8380, opmode=IEEE80211_M_STA, flags=0x1.
[   26.460000] VAP device wdscli0 created osifp: (81939380) os_if: (818fc000)
[   26.540000] Setting Max Stations:16
set encryption with driver
[   26.590000] set IEEE80211_IOC_WPA to WPA and RSN
[   26.600000] set Key Mgmt Algs to PSK!
[   26.610000] set cipher as AES
[   26.620000] set psksecret 1234qaz5678, length = 11
[   26.630000] set rekey period 86400
[   26.660000]
[   26.660000]DES SSID SET=
[   26.670000]
[   26.670000]DES SSID SET=dbwz
[   26.750000] Setting Max Stations:31
[   26.820000]
[   26.820000]DES SSID SET=
[   26.830000]
[   26.830000]DES SSID SET=TPGuest_5610
[   27.060000] 8021q: adding VLAN 0 to HW filter on device ath0
[   27.850000] device ath0 entered promiscuous mode
[   27.850000] br-lan: port 2(ath0) entered forwarding state
[   27.860000] br-lan: port 2(ath0) entered forwarding state
[   28.020000] 8021q: adding VLAN 0 to HW filter on device guest0
[   28.800000] device guest0 entered promiscuous mode
[   28.800000] br-lan: port 3(guest0) entered forwarding state
[   28.810000] br-lan: port 3(guest0) entered forwarding state
[   30.090000] br-lan: port 2(ath0) entered forwarding state
[   30.110000] br-lan: port 3(guest0) entered disabled state
Enable device phy_change all_vifs enabled_vifs changed_vifs
[   30.240000] isCountryCodeValid: EEPROM regdomain 0x0
[   30.250000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x2) flags 0x2150
[   30.260000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x4) flags 0xa0
[   30.260000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x8) flags 0xc0
[   30.270000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x20) flags 0xd0
[   30.280000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x40) flags 0x150
[   30.290000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x800) flags 0x10080
[   30.290000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x2000) flags 0x20080
[   30.300000] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x4000) flags 0x40080
[   30.310000] Add VHT80 channel: 5775
[   30.310000] Skipping VHT80 channel 5825
[   30.360000] ath_ioctl: SIOC80211IFCREATE CALLED
[   30.360000] wmi_unified_vdev_create_send: ID = 0 VAP Addr = 24:69:68:58:56:12:
[   30.370000] Setting dscp for vap id: 0
[   30.370000] VAP device ath1 created osifp: (818cd380) os_if: (819a8000)
[   30.410000] Following channels are blocked from Channel selection algorithm
[   30.420000]
[   30.430000] Set freq vap stop send + 819a8000
[   30.430000] OL vap_stop +
[   30.440000] wmi_unified_vdev_stop_send for vap 0 (832b0000)
[   30.440000] OL vap_stop -
[   30.440000] STOPPED EVENT for vap 0 (832b0000)
[   30.450000] Set freq vap stop send -819a8000
[   30.580000] Set wait done --819a8000
[   30.590000] ath_ioctl: SIOC80211IFCREATE CALLED
[   30.590000] wmi_unified_vdev_create_send: ID = 1 VAP Addr = 26:69:68:58:56:12:
[   30.600000] wmi_unified_set_psmode:set psmode=1
[   30.610000] Setting dscp for vap id: 1
[   30.610000] VAP device wdscli1 created osifp: (818cfb80) os_if: (819b0000)
[   30.680000] Setting Max Stations:16
set encryption with driver
[   30.740000] set IEEE80211_IOC_WPA to WPA and RSN
[   30.750000] set Key Mgmt Algs to PSK!
[   30.760000] set cipher as AES
[   30.760000] set psksecret 1234qaz5678, length = 11
[   30.770000] set rekey period 86400
[   30.780000] ol_ath_desc_alloc_and_mark_for_mcast_clone: VAP Mcast to Unicast buffer allocated: 400
[   30.790000] ol_ath_vap_set_param: VAP param is now supported param:66 value:2
[   30.830000]
[   30.830000]DES SSID SET=
[   30.840000]
[   30.840000]DES SSID SET=dbwz
[   30.920000] OL vap_stop +
[   30.920000] wmi_unified_vdev_stop_send for vap 0 (832b0000)
[   30.920000] OL vap_stop -
[   30.930000] STOPPED EVENT for vap 0 (832b0000)
[   31.060000] wmi_unified_scan_start_send for vap 0 (832b0000)
[   31.060000] 8021q: adding VLAN 0 to HW filter on device ath1
[   31.840000] device ath1 entered promiscuous mode
[   31.850000] br-lan: port 4(ath1) entered forwarding state
[   31.850000] br-lan: port 4(ath1) entered forwarding state
[   32.560000] OL vap_start +
[   32.570000] wmi_unified_vdev_start_send for vap 0 (832b0000)
[   32.570000] OL vap_start -
[   32.580000] ol_vdev_start_resp_ev for vap 0 (832b0000)
[   32.580000] ol_ath_vap_join: join operation is only for STA/IBSS mode
[   32.590000] ol_ath_wmm_update:
[   32.800000] wmi_unified_vdev_up_send for vap 0 (832b0000)
[   32.810000] Notification to UMAC VAP layer
[   32.990000] Lan ip: C0A80101, Lan mask: FFFFFF00
[   33.000000] wan dev name: eth0
[   33.190000] ----IGMP init begin------
[   33.190000] wan_dev_index = 255 lan_dev_name=br-lan wan_dev_name=eth0
[   33.200000] ----IGMP has been loaded------
[   33.230000] FWLOG: WAL_DBGID_SECURITY_ENCR_EN ()
[   33.240000] FWLOG: WAL_DBGID_SECURITY_MCAST_KEY_SET ( 0x1 )
[   33.850000] br-lan: port 4(ath1) entered forwarding state
wlan has already started in etc/init.d/network script.
Loading redirects
Loading dmz
Loading forbidhost
Loading localmanage
Loading hostctrl
Loading includes
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
uci: Entry not found (guest_network.@guest_rule_2g)
uci: Entry not found (guest_network.@guest_rule_5g)
not ap mode, ignored.
not ap mode, ignored.
uci: Entry not found (guest_network.@guest_rule_2g)
uci: Entry not found (guest_network.@guest_rule_5g)


ldx327361536 发表于 2020-7-29 06:01

牛批啊兄得

qlzh 发表于 2020-8-6 16:45

好文章,楼主研究的真是透彻!

qlzh 发表于 2020-8-6 16:47

这WDR5600可也真是个怪胎,3根2.4G天线,1根5G天线。

bjxqkx 发表于 2020-8-21 15:48

编程器修改 看不懂。老大能分享下编程器的固件吗?先谢谢了!

zkdc 发表于 2020-8-22 01:27

bjxqkx 发表于 2020-8-21 15:48
编程器修改 看不懂。老大能分享下编程器的固件吗?先谢谢了!

给了,final_rom_zh-cn.bin 就是编辑完的固件。

wyhtc 发表于 2020-9-3 10:28

可以直接上夹子刷吗?

zkdc 发表于 2020-9-6 20:45

wyhtc 发表于 2020-9-3 10:28
可以直接上夹子刷吗?

可以,我就这么刷的

一条寂寞的鱼 发表于 2020-9-15 21:42

今天也刚搞了个5600V2你这个盘里面有4个文件,到底刷哪个啊?固件能否更新下

一条寂寞的鱼 发表于 2020-9-15 21:47

本帖最后由 一条寂寞的鱼 于 2020-9-15 21:49 编辑

9561不是有个6500V2的breed吗,


为啥你搞了个编程器固件,OPENWRT不是直接用breed刷吗

afeng11 发表于 2020-9-16 13:17

一条寂寞的鱼 发表于 2020-9-15 21:47
9561不是有个6500V2的breed吗,




他没有研究breed,用的原厂的第二个uboot

zkdc 发表于 2020-9-22 15:47

一条寂寞的鱼 发表于 2020-9-15 21:47
9561不是有个6500V2的breed吗,




要改成这个breed用的可能你需要先把原厂的art数据和mac数据按6500的分区放置,然后修改我这个补丁,让他和6500的分区布置一致,再自己编译

一条寂寞的鱼 发表于 2020-9-22 17:24

试了Breed刷不了,用了编程器烧写固件了,有一个很大的问题,就是WAN口用 不了 上不了网,PPPOE还是二级路由 插WAN口没网络,是固件问题?还有固件能否加点插件啊,太干净了,

zkdc 发表于 2020-9-23 03:06

一条寂寞的鱼 发表于 2020-9-22 17:24
试了Breed刷不了,用了编程器烧写固件了,有一个很大的问题,就是WAN口用 不了 上不了网,PPPOE还是二级路 ...

1. 不做修改确实无法使用breed刷。


2. 我试了一下wan口正常,不管是pppoe还是插另一个路由lan口都没问题(这会儿回帖就是用的 final_rom_zh-cn.bin 刷的路由器拨的号)。


如果你有问题的话建议试试手动在自己的原路由固件上使用 squashfs-sysupgrade_zh-cn.bin 文件编辑一下试试(见用法部分)

3. 至于插件(软件包)的话我觉得还是自己需要什么就自己装什么吧,没有必要提前就内置好了。

页: [1] 2 3 4
查看完整版本: 发一个自己编译的 wdr5600v2 openwrt 固件,附带修改的 patch 文件