addresses.md

Memory Addresses

RedBoot> fis list
Name              FLASH addr  Mem addr    Length      Entry point
RedBoot           0xBF000000  0xBF000000  0x00050000  0x00000000
linux             0xBF050000  0x80060000  0x00370000  0x80500000
nvram             0xBF3C0000  0x80500000  0x00010000  0x80500000
lang              0xBF3D0000  0xBF3D0000  0x00010000  0x80500000
FIS directory     0xBF3E0000  0xBF3E0000  0x0000EF00  0x00000000
RedBoot config     0xBF3EEF00  0xBF3EEF00  0x00001100  0x00000000

bootlog.txt

+Ethernet eth0: MAC address 00:0d:0b:13:6b:00
IP: 192.168.2.1/255.255.255.0, Gateway: 0.0.0.0
Default server: 0.0.0.0
tcp_listen: s[0x80043300] port[80]

RedBoot(tm) bootstrap and debug environment [ROMRAM]
DT-Series release, version 1.05 - built 19:49:26, Aug  6 2007

Copyright (C) 2000, 2001, 2002, 2003, 2004 Red Hat, Inc.

Board: pb42 
RAM: 0x80000000-0x82000000, [0x800534d0-0x80fe0ff4] available
FLASH: 0xbf000000 - 0xbf3f0000, 64 blocks of 0x00010000 bytes each.
== Executing boot script in 1.000 seconds - enter ^C to abort
RedBoot> fis load -d linux;exec
Image name: linux
Image loaded from 0x80060000-0x8022c086
Now booting linux kernel:
 Base address 0x80050000 Entry 0x8020f000
 Cmdline : console=ttyS0,115200 root=31:02 rootfstype=squashfs init=/sbin/init rootfsoffset=0xe0000 rootfslen=0x1c0000
Linux version 2.6.15 ([email protected]) (gcc version 3.4.4) #526 Tue Oct 9 10:03:15 CST 2007
flash_size passed from bootloader = 4
arg 1: console=ttyS0,115200 root=31:02 rootfstype=squashfs init=/sbin/init rootfsoffset=0xe0000 rootfslen=0x1c0000
CPU revision is: 00019374
Determined physical RAM map:
 memory: 02000000 @ 00000000 (usable)
Built 1 zonelists
Kernel command line: console=ttyS0,115200 root=31:02 rootfstype=squashfs init=/sbin/init rootfsoffset=0xe0000 rootfslen=0x1c0000 
Primary instruction cache 64kB, physically tagged, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, linesize 32 bytes.
Synthesized TLB refill handler (20 instructions).
Synthesized TLB load handler fastpath (32 instructions).
Synthesized TLB store handler fastpath (32 instructions).
Synthesized TLB modify handler fastpath (31 instructions).
Cache parity protection disabled
PID hash table entries: 256 (order: 8, 4096 bytes)
Using 200.000 MHz high precision timer.
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 30104k/32768k available (1426k kernel code, 2648k reserved, 293k data, 120k init, 0k highmem)
Mount-cache hash table entries: 512
 available.r 'wait' instruction... 
NET: Registered protocol family 16
AR7100 GPIOC major 0
squashfs: version 3.0 (2006/03/15) Phillip Lougher
Initializing Cryptographic API
io scheduler noop registered
io scheduler deadline registered
Serial: 8250/16550 driver $Revision: #1 $ 1 ports, IRQ sharing disabled
serial8250: ttyS0 at MMIO 0x0 (irq = 19) is a 16550A
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <[email protected]>
cmdlinepart partition parsing not available
Searching for RedBoot partition table in ar7100-nor0 at offset 0x3e0000
7 RedBoot partitions found on MTD device ar7100-nor0
Creating 7 MTD partitions on "ar7100-nor0":
0x00000000-0x00050000 : "RedBoot"
0x00050000-0x003c0000 : "linux"
0x003c0000-0x003d0000 : "nvram"
0x003d0000-0x003e0000 : "lang"
0x003e0000-0x003eef00 : "FIS directory"
mtd: partition "FIS directory" doesn't end on an erase block -- force read-only
0x003eef00-0x003f0000 : "RedBoot config"
mtd: partition "RedBoot config" doesn't start on an erase block boundary -- force read-only
0x00130000-0x002f0000 : "filesystem"
NET: Registered protocol family 2
IP route cache hash table entries: 512 (order: -1, 2048 bytes)
TCP established hash table entries: 2048 (order: 1, 8192 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP reno registered
TCP bic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
Ebtables v2.0 registered
to (31:6)t to change from (31:02) 
SQUASHFS: Mounting a different endian SQUASHFS filesystem on mtdblock6
VFS: Mounted root (squashfs filesystem) readonly.
Freeing unused kernel memory: 120k freed
type = [get_mac]tinue...
get_data(): cmd=0x11 count=8 len=18
get_data(): Get MAC count is [3]type = [get_cut]
get_data(): cmd=0x1a count=8 len=12
get_data(): Get type = [get_ver]
get_data(): cmd=0x18 count=8 len=4
get_data(): Get type = [get_sn]
get_data(): cmd=0x15 count=8 len=32
get_data(): Get type = [get_bver]
get_data(): cmd=0x1c count=1 len=8
get_data(): Get type = [get_hwver]
get_data(): cmd=0x1e count=8 len=12
name=[ath0] lan_ifname=[br0]ll
Creating ap for DAP on
Added ath0 mode master
Created ath0 mode ap for DAP
lo        no wireless extensions.

eth0      no wireless extensions.

br0       no wireless extensions.

wifi0     no wireless extensions.

cp: /etc/wlan/js_akillallkillall
******************************************************
Wi-Fi Si=====> set br0 hwaddr to ath0
name=[eth0] lan_ifname=[br0]
=====> set br0 hwaddr to eth0

br0: Network is unreachable
Busybox configured w/o syslogd
lo: File exists
=== syslogd -l 7 -L -m 0 -O /var/log/mess -b 1 -s 50 ===
zebra disabled.
br0 192.168.1.220  172800
The boot is UNKNOWN
tftp server started
tftpd: standalone sockHit enter to continue...../../common/MasterControl/Info.cpp(156):Read WSC Config File:/tmp/wlan/wsc_config.txt
../../common/MasterControl/Info.cpp(1295):Use eth0 address  0: 1:e3:ec:7b:b2
the default AP PIN = 12345670
Configuration file: /tmp/wlan/hostapd.conf
Using interface ath0 with hwaddr 00:01:e3:ec:7b:b2 and ssid 'DAP'
../../common/InbWlan/InbWlan.cpp(241):UDP recv m_recvPort[0]= 2048
Flushing old station entries
Deauthenticate all stations
Hit enter to continue...../../common/WscCmd/WscCmd.cpp(897):wsc_cfg cmd = wpsmethod, val = 2
l2_packet_receive - recvfrom: Network is down
l2_packet_receive - recvfrom: Network is down



BusyBox v1.1.0-pre1 (2007.08.01-09:39+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

/ # 
/ # 
/ # % 

hexabin.py

#! /usr/bin/python
# Thanks to Deavid (https://deavid.wordpress.com/), taken from:
# http://blog.manty.net/2012/04/recovering-my-foneras-filesystem-files.html

from binascii import unhexlify
import sys

for line in sys.stdin:
        colon = line.find(":")
        end = line.find("|")
        if colon < 0 or end <0:
                sys.stderr.write(line)
        else:
                newline = line[colon+1:end].replace(" ","")
                sys.stdout.write(unhexlify(newline))

linux.md

Linux

Version

Linux (none) 2.6.15 #526 Tue Oct 9 10:03:15 CST 2007 mips unknown

Siemens-Gigaset-SE365-Wlan.md

Siemens Gigaset SE365 WLAN

CPUINFO

/www # cat /proc/cpuinfo 
system type             : Atheros AR7100 (hydra)
processor               : 0
cpu model               : MIPS 24K V7.4
BogoMIPS                : 265.21
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 16
extra interrupt vector  : yes
hardware watchpoint     : yes
ASEs implemented        : mips16
VCED exceptions         : not available
VCEI exceptions         : not available

Busybox

/etc # busybox
BusyBox v1.1.0-pre1 (2007.08.01-09:39+0000) multi-call binary

Usage: busybox [function] [arguments]...
   or: [function] [arguments]...

        BusyBox is a multi-call binary that combines many common Unix
        utilities into a single executable.  Most people will create a
        link to busybox for each function they wish to use and BusyBox
        will act like whatever it was invoked as!

Currently defined functions:
        [, [[, adduser, ash, basename, busybox, cat, chmod, cp, cut, dmesg,
        echo, egrep, false, fgrep, free, getopt, grep, ifconfig, init,
        insmod, kill, killall, klogd, ln, logger, login, ls, lsmod, mkdir,
        mknod, mktemp, mount, ping, ps, reboot, rm, rmdir, rmmod, route,
        sh, sleep, sync, syslogd, tar, test, touch, true, tty, uname,
        uptime, usleep, uudecode, wget