[RFC PATCH 5/7] ath79: support for TP-Link EAP245 v1

mail at adrianschmutzler.de mail at adrianschmutzler.de
Fri Jul 17 08:54:35 EDT 2020 

Hi,

> -----Original Message-----
> From: openwrt-devel [mailto:openwrt-devel-bounces at lists.openwrt.org]
> On Behalf Of Sander Vanheule
> Sent: Freitag, 17. Juli 2020 13:38
> To: openwrt-devel at lists.openwrt.org
> Cc: Sander Vanheule <sander at svanheule.net>; me at bibbl.com;
> julien.dusser at free.fr; john at phrozen.org; rafal at milecki.pl; ynezz at true.cz;
> mail at david-bauer.net
> Subject: [RFC PATCH 5/7] ath79: support for TP-Link EAP245 v1
> 
> TP-Link EAP245 v1 is an AC1750 (802.11ac Wave-1) ceiling mount access point.
> 
> Device specifications:
> * SoC: QCA9563 @ 775MHz
> * RAM: 128MiB DDR2
> * Flash: 16MiB SPI-NOR
> * Wireless 2.4GHz (SoC): b/g/n, 3x3
> * Wireless 5Ghz (QCA9880): a/n/ac, 3x3
> * Ethernet (AR8033): 1× 1GbE, 803.2at PoE
> 
> Flashing instructions:
> * Extract /usr/bin/uclited from the device via ssh and apply the binary
>   patch listed below. The patch is required to prevent `uclited -u` in
>   the last step from crashing.
> * Exploit the user management page in the web interface to start telnetd
>   by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`.
> * Immediately change the malformed username back to something valid
>   (e.g. 'admin') to make ssh work again.
> * Use the root shell via telnet to make /tmp world writeable (chmod 777)
> * Copy the patched uclited programme back to the device at /tmp/uclited
>   (via ssh)
> * Upload the factory image to /tmp/upgrade.bin (via ssh)
> * Run `chmod +x /tmp/uclited && /tmp/uclited -u` to flash OpenWrt.
> 
>     --- xxd uclited
>     +++ xxd uclited-patched
>     @@ -53796,7 +53796,7 @@
>      000d2240: 8c44 0000 0320 f809 0000 0000 8fbc 0010  .D... ..........
>      000d2250: 8fa6 0a4c 02c0 2821 8f82 87b8 0000 0000  ...L..(!........
>     -000d2260: 8c44 0000 0c13 45e0 27a7 0018 8fbc 0010  .D....E.'.......
>     +000d2260: 8c44 0000 2402 0000 0000 0000 8fbc 0010  .D..$...........
>      000d2270: 1040 001d 0000 1821 8f99 8374 3c04 0058  . at .....!...t<..X
>      000d2280: 3c05 0056 2484 a898 24a5 9a30 0320 f809  <..V$...$..0. ..
> 
> Debricking:
> * Serial port can be soldered on PCB J3 (1: TXD, 2: RXD, 3: GND, 4: VCC)
>     * Bridge unpopulated resistors R225 (TXD) and R237 (RXD).
>       Do NOT bridge R230.
>     * Use 3.3V, 115200 baud, 8n1
> * Interrupt bootloader with by holding CTRL+B during boot
> * tftp initramfs to flash via Luci web-interface
> 
> Tested on the EAP245v1 running the latest firmware (v1.4.0). The binary
> patch might not apply to uclited from other firmware versions.
> 
> Signed-off-by: Sander Vanheule <sander at svanheule.net>
> ---
>  .../ath79/dts/qca9563_tplink_eap245-v1.dts    | 26 +++++++++++++++++
>  .../generic/base-files/etc/board.d/02_network |  1 +
> .../etc/hotplug.d/firmware/11-ath10k-caldata  |  3 +-
>  target/linux/ath79/image/generic-tp-link.mk   |  9 ++++++
>  tools/firmware-utils/src/tplink-safeloader.c  | 28 +++++++++++++++++++
>  5 files changed, 66 insertions(+), 1 deletion(-)  create mode 100644
> target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts
> 
> diff --git a/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts
> b/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts
> new file mode 100644
> index 0000000000..8a11d2e469
> --- /dev/null
> +++ b/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts
> @@ -0,0 +1,26 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT /dts-v1/;
> +
> +#include <dt-bindings/gpio/gpio.h>

This line is already in the DTSI.

> +
> +#include "qca9563_tplink_eap2x5_1port.dtsi"
> +
> +/ {
> +	compatible = "tplink,eap245-v1", "qca,qca9563";
> +	model = "TP-Link EAP245 v1";
> +};
> +
> +&led_status_green {
> +	status = "okay";
> +	gpios = <&gpio 7 GPIO_ACTIVE_HIGH>;
> +};
> +
> +&led_status_amber {
> +	status = "okay";
> +	gpios = <&gpio 9 GPIO_ACTIVE_HIGH>;
> +};
> +
> +&led_status_red {
> +	status = "okay";
> +	gpios = <&gpio 1 GPIO_ACTIVE_HIGH>;
> +};

Use the whole LED block in the root node here, see my comment on the DTSI ...

> diff --git a/target/linux/ath79/generic/base-files/etc/board.d/02_network
> b/target/linux/ath79/generic/base-files/etc/board.d/02_network
> index 7524806d72..d19f885e27 100755
> --- a/target/linux/ath79/generic/base-files/etc/board.d/02_network
> +++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network
> @@ -38,6 +38,7 @@ ath79_setup_interfaces()
>  	pisen,wmb001n|\
>  	pisen,wmm003n|\
>  	siemens,ws-ap3610|\
> +	tplink,eap245-v1|\
>  	tplink,cpe210-v2|\
>  	tplink,cpe210-v3|\
>  	tplink,cpe510-v2|\
> diff --git a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-
> ath10k-caldata b/target/linux/ath79/generic/base-
> files/etc/hotplug.d/firmware/11-ath10k-caldata
> index 2926796d65..d722f2dcaf 100644
> --- a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-
> ath10k-caldata
> +++ b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-at
> +++ h10k-caldata
> @@ -63,7 +63,8 @@ case "$FIRMWARE" in
>  		caldata_extract "art" 0x5000 0x844
>  		ath10k_patch_mac $(macaddr_add $(mtd_get_mac_ascii u-
> boot-env ethaddr) +1)
>  		;;
> -	engenius,ews511ap)
> +	engenius,ews511ap|\
> +	tplink,eap245-v1)
>  		caldata_extract "art" 0x5000 0x844
>  		ath10k_patch_mac $(macaddr_add $(cat
> /sys/class/net/eth0/address) +1)

Please don't define this relative to eth0, but use the flash locations as a base, e.g.

ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) +1)

Best

Adrian Schmutzler
>  		;;
> diff --git a/target/linux/ath79/image/generic-tp-link.mk
> b/target/linux/ath79/image/generic-tp-link.mk
> index d2cc8d09bd..a4a14ed889 100644
> --- a/target/linux/ath79/image/generic-tp-link.mk
> +++ b/target/linux/ath79/image/generic-tp-link.mk
> @@ -372,6 +372,15 @@ define Device/tplink_eap2x5_1port
>    IMAGE/factory.bin := append-rootfs | tplink-safeloader factory | pad-extra
> 128  endef
> 
> +define Device/tplink_eap245-v1
> +  $(Device/tplink_eap2x5_1port)
> +  DEVICE_MODEL := EAP245
> +  DEVICE_VARIANT := v1
> +  TPLINK_BOARD_ID := EAP245-V1
> +  DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca988x-ct endef
> +TARGET_DEVICES += tplink_eap245-v1
> +
>  define Device/tplink_eap245-v3
>    $(Device/tplink-safeloader)
>    SOC := qca9563
> diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-
> utils/src/tplink-safeloader.c
> index e9e6f01ebd..a20304150b 100644
> --- a/tools/firmware-utils/src/tplink-safeloader.c
> +++ b/tools/firmware-utils/src/tplink-safeloader.c
> @@ -1291,6 +1291,34 @@ static struct device_info boards[] = {
>  		.last_sysupgrade_partition = "file-system"
>  	},
> 
> +	/** Firmware layout for the EAP245 v1 */
> +	{
> +		.id     = "EAP245-V1",
> +		.support_list =
> +			"SupportList:\r\n"
> +			"EAP245(TP-LINK|UN|AC1750-D):1.0\r\n",
> +		.support_trail = '\xff',
> +		.soft_ver = NULL,
> +
> +		.partitions = {
> +			{"fs-uboot", 0x00000, 0x20000},
> +			{"partition-table", 0x20000, 0x02000},
> +			{"default-mac", 0x30000, 0x01000},
> +			{"support-list", 0x31000, 0x00100},
> +			{"product-info", 0x31100, 0x00400},
> +			{"soft-version", 0x32000, 0x00100},
> +			{"firmware", 0x40000, 0xc00000},
> +			{"user-config", 0xdc0000, 0x10000},
> +			{"backup-config", 0xdd0000, 0x10000},
> +			{"log", 0xde0000, 0x10000},
> +			{"radio", 0xff0000, 0x10000},
> +			{NULL, 0, 0}
> +		},
> +
> +		.first_sysupgrade_partition = "os-image",
> +		.last_sysupgrade_partition = "file-system"
> +	},
> +
>  	/** Firmware layout for the EAP245 v3 */
>  	{
>  		.id     = "EAP245-V3",
> --
> 2.26.2
> 
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200717/4e945290/attachment.sig>

More information about the openwrt-devel mailing list