📄 wrt54g.c
字号:
// **************************************************************************
//
// WRT54G.C - WRT54G/GS EJTAG Debrick Utility v4.5
//
// Note:
// This program is for De-Bricking the WRT54G/GS and other misc routers.
//
// New for v4.5 - Added 2 new Flash Chip Parts to the list:
// - K8D1716UTC 1Mx16 TopB (2MB)
// - K8D1716UBC 1Mx16 BotB (2MB)
//
// New for v4.4 - Added PrAcc routines to support additional MIPS chips
// without the ability to use EJTAG DMA Access
// - Added Chip ID for Broadcom BCM5365 Rev 1 CPU
// - Added Chip ID for Broadcom BCM6348 Rev 1 CPU (Big Endian)
// - Added Chip ID for Broadcom BCM6345 Rev 1 CPU
// - Added 6 new Flash Chip Parts to the list:
// - SST39VF1601 1Mx16 BotB (2MB)
// - SST39VF1602 1Mx16 TopB (2MB)
// - SST39VF3201 2Mx16 BotB (4MB)
// - SST39VF3202 2Mx16 TopB (4MB)
// - SST39VF6401 4Mx16 BotB (8MB)
// - SST39VF6402 4Mx16 TopB (8MB)
// - Added the following New Switch Options
// - /noemw ............. prevent Enabling Memory Writes
// - /nocwd ............. prevent Clearing CPU Watchdog Timer
// - /dma ............... force use of DMA routines
// - /nodma ............. force use of PRACC routines (No DMA)
// - /window:XXXXXXXX ... custom flash window base (in HEX)
// - /start:XXXXXXXX .... custom start location (in HEX)
// - /length:XXXXXXXX ... custom length (in HEX)
// - /silent ............ prevent scrolling display of data
// - /skipdetect ........ skip auto detection of CPU Chip ID
// - /instrlen:XX ....... set instruction length manually
// - Added elapsed time to Backup, Erase, and Flash routines
// - Other minor miscellaneous changes/additions.
//
// New for v4.3 - Corrected Macronix Flash Chip Block Defintions.
// - Add 8 new Flash Chip Parts to the list:
// - AT49BV/LV16X 2Mx16 BotB (4MB)
// - AT49BV/LV16XT 2Mx16 TopB (4MB)
// - MBM29LV160B 1Mx16 BotB (2MB)
// - MBM29LV160T 1Mx16 TopB (2MB)
// - MX29LV161B 1Mx16 BotB (2MB)
// - MX29LV161T 1Mx16 TopB (2MB)
// - ST M29W160EB 1Mx16 BotB (2MB)
// - ST M29W160ET 1Mx16 TopB (2MB)
//
// New for v4.2 - Changed the chip_detect routine to allow for easier
// additions of new chip id's.
// - Added detection support for the Broadcom BCM5350 chip.
// - Fixed DMA routines to check status bit that was
// removed in prior version.
// - Removed clockout routine in an effort to speed up access.
// - Changed clockin routine in an effort to speed up access.
// - Changed ReadData and WriteData routines to merely call
// ReadWriteData routine.
// - Removed Defines from .h file and placed flash areas in a
// structure list for easier maintenance should they change.
// - Miscellaneous other minor changes.
//
// **************************************************************************
//
// wrt54g: read/write flash memory via EJTAG
// usage: wrt54g [parameter] </noreset> </noemw> </nocwd> </nobreak> </noerase>
// </notimestamp> </dma> </nodma>
// <start:XXXXXXXX> </length:XXXXXXXX>
// </silent> </skipdetect> </instrlen:XX> </fc:XX>
//
// Required Parameter
// ------------------
// -backup:cfe
// -backup:nvram
// -backup:kernel
// -backup:wholeflash
// -backup:custom
// -erase:cfe
// -erase:nvram
// -erase:kernel
// -erase:wholeflash
// -erase:custom
// -flash:cfe
// -flash:nvram
// -flash:kernel
// -flash:wholeflash
// -flash:custom
//
// Optional Switches
// -----------------
// /noreset ........... prevent Issuing EJTAG CPU reset
// /noemw ............. prevent Enabling Memory Writes
// /nocwd ............. prevent Clearing CPU Watchdog Timer
// /nobreak ........... prevent Issuing Debug Mode JTAGBRK
// /noerase ........... prevent Forced Erase before Flashing
// /notimestamp ....... prevent Timestamping of Backups
// /dma ............... force use of DMA routines
// /nodma ............. force use of PRACC routines (No DMA)
// /start:XXXXXXXX .... custom start location (in HEX)
// /length:XXXXXXXX ... custom length (in HEX)
// /silent ............ prevent scrolling display of data
// /skipdetect ........ skip auto detection of CPU Chip ID
// /instrlen:XX ....... set instruction length manually
// /fc:XX = Optional (Manual) Flash Chip Selection
//
// **************************************************************************
// Written by HairyDairyMaid (a.k.a. - lightbulb)
// hairydairymaid@yahoo.com
// **************************************************************************
//
// This program is copyright (C) 2004 HairyDairyMaid (a.k.a. Lightbulb)
// This program is free software; you can redistribute it and/or modify it
// under the terms of version 2 the GNU General Public License as published
// by the Free Software Foundation.
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
// more details.
// To view a copy of the license go to:
// http://www.fsf.org/copyleft/gpl.html
// To receive a copy of the GNU General Public License write the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//
// **************************************************************************
// Default is Compile for Linux (both #define's below should be commented out)
// #define WINDOWS_VERSION // uncomment only this for Windows Compile / MS Visual C Compiler
// #define __FreeBSD__ // uncomment only this for FreeBSD
#ifdef WINDOWS_VERSION
#include <windows.h> // Only for Windows Compile
#define strcasecmp stricmp
#define strncasecmp strnicmp
#endif
#define LINUX_DIRECT#ifdef LINUX_DIRECT #include <unistd.h> #include <sys/io.h> #endif
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "wrt54g.h"
static unsigned int ctrl_reg;
int pfd;
int instruction_length;
int issue_reset = 1;
int issue_enable_mw = 1;
int issue_watchdog = 1;
int issue_break = 1;
int issue_erase = 1;
int issue_timestamp = 1;
int force_dma = 0;
int force_nodma = 0;
int selected_fc = 0;
unsigned int selected_window = 0;
unsigned int selected_start = 0;
unsigned int selected_length = 0;
int custom_options = 0;
int silent_mode = 0;
int skipdetect = 0;
int instrlen = 0;
char flash_part[128];
unsigned int flash_size = 0;
int block_total = 0;
unsigned int block_addr = 0;
unsigned int blocks[1024];
unsigned int cmd_type = 0;
char AREA_NAME[128];
unsigned int AREA_START;
unsigned int AREA_LENGTH;
unsigned int FLASH_MEMORY_START;
unsigned int vendid;
unsigned int devid;
unsigned int data_register;
unsigned int address_register;
int USE_DMA = 0;
int ejtag_version = 0;
typedef struct _processor_chip_type {
unsigned int chip_id; // Processor Chip ID
int instr_length; // EJTAG Instruction Length
char* chip_descr; // Processor Chip Description
} processor_chip_type;
processor_chip_type processor_chip_list[] = {
{ 0x0471017F, 5, "Broadcom BCM4702 Rev 1 CPU" },
{ 0x1471217F, 8, "Broadcom BCM4712 Rev 1 CPU" },
{ 0x2471217F, 8, "Broadcom BCM4712 Rev 2 CPU" },
{ 0x0535017F, 8, "Broadcom BCM5350 Rev 1 CPU" },
{ 0x0535217F, 8, "Broadcom BCM5352 Rev 1 CPU" },
{ 0x0536517F, 8, "Broadcom BCM5365 Rev 1 CPU" }, // BCM5365 Not Completely Verified Yet
{ 0x0634817F, 5, "Broadcom BCM6348 Rev 1 CPU" },
{ 0x0634517F, 5, "Broadcom BCM6345 Rev 1 CPU" }, // BCM6345 Not Completely Verified Yet
{ 0x0000100F, 5, "TI AR7WRD TNETD7300GDU Rev 1 CPU" }, // TI AR7WRD Only Partially Verified
{ 0, 0, 0 }
};
typedef struct _flash_area_type {
unsigned int chip_size;
char* area_name;
unsigned int area_start;
unsigned int area_length;
} flash_area_type;
flash_area_type flash_area_list[] = {
//--------- ---------- ----------- ------------
//chip_size area_name area_start area_length
//--------- ---------- ----------- ------------
{ size2MB, "CFE", 0x1FC00000, 0x40000 },
{ size4MB, "CFE", 0x1FC00000, 0x40000 },
{ size4bMB, "CFE", 0x90000000, 0x20000 },
{ size8MB, "CFE", 0x1C000000, 0x40000 },
{ size16MB, "CFE", 0x1C000000, 0x40000 },
{ size2MB, "KERNEL", 0x1FC40000, 0x1B0000 },
{ size4MB, "KERNEL", 0x1FC40000, 0x3B0000 },
{ size4bMB, "KERNEL", 0x900d0000, 0xb0000 },
{ size8MB, "KERNEL", 0x1C040000, 0x7A0000 },
{ size16MB, "KERNEL", 0x1C040000, 0x7A0000 },
{ size2MB, "NVRAM", 0x1FDF0000, 0x10000 },
{ size4MB, "NVRAM", 0x1FFF0000, 0x10000 },
{ size4bMB, "NVRAM", 0x903E0000, 0x10000 },
{ size8MB, "NVRAM", 0x1C7E0000, 0x20000 },
{ size16MB, "NVRAM", 0x1C7E0000, 0x20000 },
{ size2MB, "WHOLEFLASH", 0x1FC00000, 0x200000 },
{ size4MB, "WHOLEFLASH", 0x1FC00000, 0x400000 },
{ size4bMB, "WHOLEFLASH", 0x90000000, 0x400000 },
{ size8MB, "WHOLEFLASH", 0x1C000000, 0x800000 },
{ size16MB, "WHOLEFLASH", 0x1C000000, 0x800000 },
{ size2MB, "ENV", 0x1FC00000, 0x200000 },
{ size4MB, "ENV", 0x1FC00000, 0x400000 },
{ size4bMB, "ENV", 0x903F0000, 0x10000 },
{ size8MB, "ENV", 0x1C000000, 0x800000 },
{ size16MB, "ENV", 0x1C000000, 0x800000 },
{ 0, 0, 0, 0 }
};
typedef struct _flash_chip_type {
unsigned int vendid; // Manufacturer Id
unsigned int devid; // Device Id
unsigned int flash_size; // Total size in MBytes
unsigned int cmd_type; // Device CMD TYPE
char* flash_part; // Flash Chip Description
unsigned int region1_num; // Region 1 block count
unsigned int region1_size; // Region 1 block size
unsigned int region2_num; // Region 2 block count
unsigned int region2_size; // Region 2 block size
unsigned int region3_num; // Region 3 block count
unsigned int region3_size; // Region 3 block size
unsigned int region4_num; // Region 4 block count
unsigned int region4_size; // Region 4 block size
} flash_chip_type;
flash_chip_type flash_chip_list[] = {
{ 0x0001, 0x2249, size2MB, CMD_TYPE_AMD, "AMD 29lv160DB 1Mx16 BotB (2MB)" ,1,size16K, 2,size8K, 1,size32K, 31,size64K },
{ 0x0001, 0x22c4, size2MB, CMD_TYPE_AMD, "AMD 29lv160DT 1Mx16 TopB (2MB)" ,31,size64K, 1,size32K, 2,size8K, 1,size16K },
{ 0x0001, 0x22f9, size4MB, CMD_TYPE_AMD, "AMD 29lv320DB 2Mx16 BotB (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 },
{ 0x0001, 0x22f6, size4MB, CMD_TYPE_AMD, "AMD 29lv320DT 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0001, 0x2200, size4MB, CMD_TYPE_AMD, "AMD 29lv320MB 2Mx16 BotB (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 },
{ 0x0001, 0x227E, size4MB, CMD_TYPE_AMD, "AMD 29lv320MT 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0001, 0x2201, size4MB, CMD_TYPE_AMD, "AMD 29lv320MT 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0089, 0x0018,size16MB, CMD_TYPE_SCS, "Intel 28F128J3 8Mx16 (16MB)" ,128,size128K, 0,0, 0,0, 0,0 },
{ 0x0089, 0x8891, size2MB, CMD_TYPE_BSC, "Intel 28F160B3 1Mx16 BotB (2MB)" ,8,size8K, 31,size64K, 0,0, 0,0 },
{ 0x0089, 0x8890, size2MB, CMD_TYPE_BSC, "Intel 28F160B3 1Mx16 TopB (2MB)" ,31,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0089, 0x88C3, size2MB, CMD_TYPE_BSC, "Intel 28F160C3 1Mx16 BotB (2MB)" ,8,size8K, 31,size64K, 0,0, 0,0 },
{ 0x0089, 0x88C2, size2MB, CMD_TYPE_BSC, "Intel 28F160C3 1Mx16 TopB (2MB)" ,31,size64K, 8,size8K, 0,0, 0,0 },
{ 0x00b0, 0x00d0, size2MB, CMD_TYPE_SCS, "Intel 28F160S3/5 1Mx16 (2MB)" ,32,size64K, 0,0, 0,0, 0,0 },
{ 0x0089, 0x8897, size4MB, CMD_TYPE_BSC, "Intel 28F320B3 2Mx16 BotB (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 },
{ 0x0089, 0x8896, size4MB, CMD_TYPE_BSC, "Intel 28F320B3 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0089, 0x88C5, size4MB, CMD_TYPE_BSC, "Intel 28F320C3 2Mx16 BotB (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 },
{ 0x0089, 0x88C4, size4MB, CMD_TYPE_BSC, "Intel 28F320C3 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0089, 0x0016, size4MB, CMD_TYPE_SCS, "Intel 28F320J3 2Mx16 (4MB)" ,32,size128K, 0,0, 0,0, 0,0 },
{ 0x0089, 0x0014, size4MB, CMD_TYPE_SCS, "Intel 28F320J5 2Mx16 (4MB)" ,32,size128K, 0,0, 0,0, 0,0 },
{ 0x00b0, 0x00d4, size4MB, CMD_TYPE_SCS, "Intel 28F320S3/5 2Mx16 (4MB)" ,64,size64K, 0,0, 0,0, 0,0 },
{ 0x0089, 0x8899, size8MB, CMD_TYPE_BSC, "Intel 28F640B3 4Mx16 BotB (8MB)" ,8,size8K, 127,size64K, 0,0, 0,0 },
{ 0x0089, 0x8898, size8MB, CMD_TYPE_BSC, "Intel 28F640B3 4Mx16 TopB (8MB)" ,127,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0089, 0x88CD, size8MB, CMD_TYPE_BSC, "Intel 28F640C3 4Mx16 BotB (8MB)" ,8,size8K, 127,size64K, 0,0, 0,0 },
{ 0x0089, 0x88CC, size8MB, CMD_TYPE_BSC, "Intel 28F640C3 4Mx16 TopB (8MB)" ,127,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0089, 0x0017, size8MB, CMD_TYPE_SCS, "Intel 28F640J3 4Mx16 (8MB)" ,64,size128K, 0,0, 0,0, 0,0 },
{ 0x0089, 0x0015, size8MB, CMD_TYPE_SCS, "Intel 28F640J5 4Mx16 (8MB)" ,64,size128K, 0,0, 0,0, 0,0 },
{ 0x0004, 0x22F9, size4MB, CMD_TYPE_AMD, "MBM29LV320BE 2Mx16 BotB (4MB)" ,1,size16K, 2,size8K, 1,size32K, 63,size64K },
{ 0x0004, 0x22F6, size4MB, CMD_TYPE_AMD, "MBM29LV320TE 2Mx16 TopB (4MB)" ,63,size64K, 1,size32K, 2,size8K, 1,size16K },
// --- These definitions were defined based off the flash.h in GPL source from Linksys, but appear incorrect ---
// { 0x00C2, 0x22A8, size4MB, CMD_TYPE_AMD, "MX29LV320B 2Mx16 BotB (4MB)" ,1,size16K, 2,size8K, 1,size32K, 63,size64K },
// { 0x00C2, 0x00A8, size4MB, CMD_TYPE_AMD, "MX29LV320B 2Mx16 BotB (4MB)" ,1,size16K, 2,size8K, 1,size32K, 63,size64K },
// { 0x00C2, 0x00A7, size4MB, CMD_TYPE_AMD, "MX29LV320T 2Mx16 TopB (4MB)" ,63,size64K, 1,size32K, 2,size8K, 1,size16K },
// { 0x00C2, 0x22A7, size4MB, CMD_TYPE_AMD, "MX29LV320T 2Mx16 TopB (4MB)" ,63,size64K, 1,size32K, 2,size8K, 1,size16K },
// --- These below are proper however ---
{ 0x00C2, 0x22A8, size4bMB, CMD_TYPE_AMD,"MX29LV320B 2Mx16 BotB on WAG200G (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 },
{ 0x00C2, 0x00A8, size4MB, CMD_TYPE_AMD, "MX29LV320B 2Mx16 BotB (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 },
{ 0x00C2, 0x00A7, size4MB, CMD_TYPE_AMD, "MX29LV320T 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 },
{ 0x00C2, 0x22A7, size4MB, CMD_TYPE_AMD, "MX29LV320T 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 },
//--- End of Changes ----
{ 0x00BF, 0x2783, size4MB, CMD_TYPE_SST, "SST39VF320 2Mx16 (4MB)" ,64,size64K, 0,0, 0,0, 0,0 },
{ 0x0020, 0x22CB, size4MB, CMD_TYPE_AMD, "ST 29w320DB 2Mx16 BotB (4MB)" ,1,size16K, 2,size8K, 1,size32K, 63,size64K },
{ 0x0020, 0x22CA, size4MB, CMD_TYPE_AMD, "ST 29w320DT 2Mx16 TopB (4MB)" ,63,size64K, 1,size32K, 2,size8K, 1,size16K },
{ 0x00b0, 0x00e3, size4MB, CMD_TYPE_BSC, "Sharp 28F320BJE 2Mx16 BotB (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 },
{ 0x0098, 0x009C, size4MB, CMD_TYPE_AMD, "TC58FVB321 2Mx16 BotB (4MB)" ,1,size16K, 2,size8K, 1,size32K, 63,size64K },
{ 0x0098, 0x009A, size4MB, CMD_TYPE_AMD, "TC58FVT321 2Mx16 TopB (4MB)" ,63,size64K, 1,size32K, 2,size8K, 1,size16K },
// --- Add a few new Flash Chip Defintions ---
{ 0x001F, 0x00C0, size4MB, CMD_TYPE_AMD, "AT49BV/LV16X 2Mx16 BotB (4MB)" ,8,size8K, 63,size64K, 0,0, 0,0 },
{ 0x001F, 0x00C2, size4MB, CMD_TYPE_AMD, "AT49BV/LV16XT 2Mx16 TopB (4MB)" ,63,size64K, 8,size8K, 0,0, 0,0 },
{ 0x0004, 0x2249, size2MB, CMD_TYPE_AMD, "MBM29LV160B 1Mx16 BotB (2MB)" ,1,size16K, 2,size8K, 1,size32K, 31,size64K },
{ 0x0004, 0x22c4, size2MB, CMD_TYPE_AMD, "MBM29LV160T 1Mx16 TopB (2MB)" ,31,size64K, 1,size32K, 2,size8K, 1,size16K },
{ 0x00C2, 0x2249, size2MB, CMD_TYPE_AMD, "MX29LV161B 1Mx16 BotB (2MB)" ,1,size16K, 2,size8K, 1,size32K, 31,size64K },
{ 0x00C2, 0x22c4, size2MB, CMD_TYPE_AMD, "MX29LV161T 1Mx16 TopB (2MB)" ,31,size64K, 1,size32K, 2,size8K, 1,size16K },
{ 0x0020, 0x2249, size2MB, CMD_TYPE_AMD, "ST M29W160EB 1Mx16 BotB (2MB)" ,1,size16K, 2,size8K, 1,size32K, 31,size64K },
{ 0x0020, 0x22c4, size2MB, CMD_TYPE_AMD, "ST M29W160ET 1Mx16 TopB (2MB)" ,31,size64K, 1,size32K, 2,size8K, 1,size16K },
// --- Add a few new Flash Chip Defintions ---
{ 0x00BF, 0x234B, size4MB, CMD_TYPE_SST, "SST39VF1601 1Mx16 BotB (2MB)" ,64,size32K, 0,0, 0,0, 0,0 },
{ 0x00BF, 0x234A, size4MB, CMD_TYPE_SST, "SST39VF1602 1Mx16 TopB (2MB)" ,64,size32K, 0,0, 0,0, 0,0 },
{ 0x00BF, 0x235B, size4MB, CMD_TYPE_SST, "SST39VF3201 2Mx16 BotB (4MB)" ,128,size32K, 0,0, 0,0, 0,0 },
{ 0x00BF, 0x235A, size4MB, CMD_TYPE_SST, "SST39VF3202 2Mx16 TopB (4MB)" ,128,size32K, 0,0, 0,0, 0,0 },
{ 0x00BF, 0x236B, size4MB, CMD_TYPE_SST, "SST39VF6401 4Mx16 BotB (8MB)" ,256,size32K, 0,0, 0,0, 0,0 },
{ 0x00BF, 0x236A, size4MB, CMD_TYPE_SST, "SST39VF6402 4Mx16 TopB (8MB)" ,256,size32K, 0,0, 0,0, 0,0 },
// --- Add a few new Flash Chip Defintions ---
{ 0x00EC, 0x2275, size2MB, CMD_TYPE_AMD, "K8D1716UTC 1Mx16 TopB (2MB)" ,31,size64K, 8,size8K, 0,0, 0,0 },
{ 0x00EC, 0x2277, size2MB, CMD_TYPE_AMD, "K8D1716UBC 1Mx16 BotB (2MB)" ,8,size8K, 31,size64K, 0,0, 0,0 },
{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
};
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -