SW/openwrt
2
0
Fork 0
forked from Ivasoft/openwrt
Code Pull Requests Activity
Files
0f6b6aab2bc9d34b5d516ddf38fb14e8c5d029db
openwrt/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
Sander Vanheule 0f6b6aab2b ath79: add support for TP-Link EAP225 v1 
TP-Link EAP225 v1 is an AC1200 (802.11ac Wave-1) ceiling mount access point.

Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 2x2
* Wireless 5Ghz (QCA9882): a/n/ac, 2x2
* Ethernet (AR8033): 1× 1GbE, 802.3at PoE

Flashing instructions:
* Ensure the device is upgraded to firmware v1.4.0
* Exploit the user management page in the web interface to start telnetd
  by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`.
* Immediately change the malformed username back to something valid
  (e.g. 'admin') to make ssh work again.
* Use the root shell via telnet to make /tmp world writeable (chmod 777)
* Extract /usr/bin/uclited from the device via ssh and apply the binary
  patch listed below. The patch is required to prevent `uclited -u` in
  the last step from crashing.
* Copy the patched uclited binary back to the device at /tmp/uclited
  (via ssh)
* Upload the factory image to /tmp/upgrade.bin (via ssh)
* Run `chmod +x /tmp/uclited && /tmp/uclited -u` to install OpenWrt.

uclited patching:
    --- xxd uclited
    +++ xxd uclited-patched
    @@ -53811,7 +53811,7 @@
     000d2330: 8c44 0000 0320 f809 0000 0000 8fbc 0010  .D... ..........
     000d2340: 8fa6 0a4c 02c0 2821 8f82 87c4 0000 0000  ...L..(!........
    -000d2350: 8c44 0000 0c13 461c 27a7 0018 8fbc 0010  .D....F.'.......
    +000d2350: 8c44 0000 2402 0000 0000 0000 8fbc 0010  .D..$...........
     000d2360: 1040 001d 0000 1821 8f99 8378 3c04 0058  .@.....!...x<..X
     000d2370: 3c05 0056 2484 ad68 24a5 9f00 0320 f809  <..V$..h$.... ..

To make sure the correct file is patched, the following MD5 checksums
should match the unpatched and patched files:
    4bd74183c23859c897ed77e8566b84de  uclited
    4107104024a2e0aeaf6395ed30adccae  uclited-patched

Debricking:
* Serial port can be soldered on unpopulated 4-pin header
  (1: TXD, 2: RXD, 3: GND, 4: VCC)
    * Bridge unpopulated resistors running from pins 1 (TXD) and 2 (RXD).
      Do NOT bridge the pull-down for pin 2, running parallel to the
      header.
    * Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via the LuCI web interface
    setenv ipaddr 192.168.1.1 # default, change as required
    setenv serverip 192.168.1.10 # default, change as required
    tftp 0x80800000 initramfs.bin
    bootelf $fileaddr

Tested by forum user KernelMaker.

Link: https://forum.openwrt.org/t/eap225-v1-firmware/87116
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2021-12-05 18:49:14 +01:00

277 lines
7.7 KiB
Bash
Raw Blame History

#!/bin/sh
[ -e /lib/firmware/$FIRMWARE ] && exit 0
. /lib/functions/caldata.sh
. /lib/functions/k2t.sh
board=$(board_name)
case "$FIRMWARE" in
"ath10k/cal-pci-0000:00:00.0.bin")
case $board in
allnet,all-wap02860ac|\
engenius,eap1200h|\
engenius,enstationac-v1|\
glinet,gl-x750)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary art 0x0) 2)
;;
avm,fritz1750e|\
avm,fritzdvbc)
caldata_extract "urlader" 0x198a 0x844
;;
comfast,cf-wr650ac-v1|\
comfast,cf-wr650ac-v2|\
devolo,dlan-pro-1200plus-ac|\
devolo,magic-2-wifi|\
joyit,jt-or750i|\
qxwlan,e1700ac-v2-8m|\
qxwlan,e1700ac-v2-16m|\
qxwlan,e600gac-v2-8m|\
qxwlan,e600gac-v2-16m|\
ubnt,aircube-ac|\
ubnt,bullet-ac|\
ubnt,unifiac-lite|\
ubnt,unifiac-lr|\
ubnt,unifiac-mesh|\
ubnt,unifiac-mesh-pro|\
ubnt,lap-120|\
ubnt,litebeam-ac-gen2|\
ubnt,nanobeam-ac|\
ubnt,nanobeam-ac-gen2|\
ubnt,nanostation-ac|\
ubnt,nanostation-ac-loco|\
ubnt,powerbeam-5ac-500|\
ubnt,powerbeam-5ac-gen2|\
ubnt,rocket-5ac-lite|\
ubnt,unifiac-pro|\
yuncore,a770)
caldata_extract "art" 0x5000 0x844
;;
devolo,dvl1200e|\
devolo,dvl1200i|\
devolo,dvl1750c|\
devolo,dvl1750e|\
devolo,dvl1750i|\
devolo,dvl1750x)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary art 0x0) -1)
;;
dlink,dap-2660-a1|\
dlink,dap-2695-a1|\
dlink,dap-3662-a1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(mtd_get_mac_ascii bdcfg wlanmac_a)
;;
dlink,dir-859-a1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(mtd_get_mac_ascii devdata "wlan5mac")
;;
elecom,wrc-1750ghbk2-i)
caldata_extract "art" 0x5000 0x844
;;
engenius,ecb1200|\
engenius,ecb1750)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(mtd_get_mac_ascii u-boot-env athaddr)
;;
engenius,epg5000|\
iodata,wn-ac1167dgr|\
iodata,wn-ac1600dgr2|\
sitecom,wlr-7100|\
zyxel,nbg6616)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_ascii u-boot-env ethaddr) 1)
;;
engenius,ews511ap)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(cat /sys/class/net/eth0/address) 1)
;;
glinet,gl-ar750)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary art 0x0) 1)
;;
nec,wg800hp)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(mtd_get_mac_text board_data 0x880)
;;
ocedo,koala|\
ocedo,ursus)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(mtd_get_mac_binary art 0xc)
;;
openmesh,a40|\
openmesh,a60|\
openmesh,mr1750-v1|\
openmesh,mr1750-v2)
caldata_extract "ART" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(cat /sys/class/net/eth0/address) 16)
;;
openmesh,om5p-ac-v2)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(cat /sys/class/net/eth0/address) 16)
;;
qihoo,c301)
caldata_extract "radiocfg" 0x5000 0x844
ath10k_patch_mac $(mtd_get_mac_ascii devdata wlan5mac)
;;
tplink,archer-a7-v5|\
tplink,archer-c2-v3|\
tplink,archer-c7-v4|\
tplink,archer-c7-v5|\
tplink,archer-c25-v1|\
tplink,tl-wr902ac-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) -1)
;;
tplink,archer-c5-v1|\
tplink,tl-wdr7500-v3)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary u-boot 0x1fc00) -1)
;;
tplink,archer-d50-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary romfile 0xf100) 2)
;;
tplink,archer-d7-v1|\
tplink,archer-d7b-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary romfs 0xf100) 2)
;;
tplink,eap225-v1|\
tplink,eap245-v1|\
tplink,re450-v2|\
tplink,re450-v3|\
tplink,re455-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) 1)
;;
tplink,re350k-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) 2)
;;
tplink,re355-v1|\
tplink,re450-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(cat /sys/class/net/eth0/address) -2)
;;
tplink,tl-wpa8630-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary u-boot 0x0fc00) 1)
;;
esac
;;
"ath10k/cal-pci-0000:01:00.0.bin")
case $board in
sitecom,wlr-8100)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_ascii u-boot-env ethaddr) 1)
;;
esac
;;
"ath10k/pre-cal-pci-0000:00:00.0.bin")
case $board in
comfast,cf-e313ac)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(mtd_get_mac_binary art 0x6)
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
rm /lib/firmware/ath10k/QCA9888/hw2.0/board-2.bin
;;
comfast,cf-e375ac|\
comfast,cf-e560ac|\
comfast,cf-ew72|\
comfast,cf-wr752ac-v1)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary art 0x0) 2)
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
rm /lib/firmware/ath10k/QCA9888/hw2.0/board-2.bin
;;
dlink,dap-2680-a1)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(mtd_get_mac_ascii bdcfg wlanmac_a)
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
;;
dlink,dir-842-c1|\
dlink,dir-842-c2|\
dlink,dir-842-c3)
caldata_extract "art" 0x5000 0x2f20
caldata_valid "202f" || caldata_extract "reserved" 0x15000 0x2f20
ath10k_patch_mac $(mtd_get_mac_ascii devdata wlan5mac)
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
;;
nec,wf1200cr|\
nec,wg1200cr)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(mtd_get_mac_ascii devdata wlan5mac)
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
;;
netgear,ex6400|\
netgear,ex7300)
caldata_extract "caldata" 0x5000 0x2f20
ath10k_patch_mac $(mtd_get_mac_binary caldata 0xc)
;;
phicomm,k2t)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(k2t_get_mac "5g_mac")
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
;;
tplink,archer-c58-v1|\
tplink,archer-c59-v1|\
tplink,archer-c59-v2|\
tplink,archer-c60-v1|\
tplink,archer-c60-v2|\
tplink,archer-c60-v3|\
tplink,archer-c6-v2|\
tplink,archer-c6-v2-us|\
tplink,tl-wa1201-v2)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) -1)
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
;;
tplink,cpe710-v1)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(mtd_get_mac_binary info 0x8)
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
;;
tplink,eap225-outdoor-v1|\
tplink,eap225-v3|\
tplink,eap225-wall-v2|\
tplink,tl-wpa8630p-v2-int|\
tplink,tl-wpa8630p-v2.0-eu|\
tplink,tl-wpa8630p-v2.1-eu)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) 1)
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
;;
tplink,eap245-v3)
caldata_extract "art" 0x5000 0x2f20
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) 1)
;;
xiaomi,aiot-ac2350)
caldata_extract "art" 0x5000 0x2f20
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9984/hw1.0/board.bin
;;
yuncore,a782|\
yuncore,xd4200)
caldata_extract "art" 0x5000 0x2f20
ln -sf /lib/firmware/ath10k/pre-cal-pci-0000\:00\:00.0.bin \
/lib/firmware/ath10k/QCA9888/hw2.0/board.bin
;;
esac
;;
*)
exit 1
;;
esac
View Git Blame Copy Permalink