如何使用串行或 tftp 使用 uboot 刷新 image.bin

逆向工程 linux 闪光
2021-07-07 03:25:03

您好,我有一个被阻止的 4G LTE 路由器。并且我之前已经telnet从另一台相同型号的设备转储了分区

    U-Boot 2010.09 (Sep 06 2016 - 10:08:39)GCT GDM7243



Build Info:

  date: 2016/09/06-10:08:44

  user: root@ubuntu-will

  svnr: 

  src: /home/will/DEVELOPMENT/LTE_Router/B5328_FDD/SDK/work/uboot

  ver: 0.46e



DRAM:  128 MiB (wbd-p2)

NAND:  Built-in ECC Nand
maf_id : 0x00000098, dev_id : 0x000000a1
Pagesize : 2Kbytes
Address cycle : 4
128 MiB
Bad block table found at page 65472, version 0x01
Bad block table found at page 65408, version 0x01
nand_read_bbt: Bad block at 0x000006000000
In:    serial
Out:   serial
Err:   serial
Net:    001cc910 Realtek8211  PHYCR1: 0000211c  Rx delay: 0x00802300 
    PHYCR2:0x842  mii0
Hit ENTER key to stop autoboot:  5  4  3  2  1  0 
GPIO RESET KEY OFF
00420000
---------------------
hdr chksum  : 0xffffffff
magic       : 0xffffffff
timstamp    : 0xffffffff
data chksum : 0xffffffff
data size   : 0xffffffff
---------------------
image header magic is invalid
00440000
---------------------
hdr chksum  : 0xa6160741
magic       : 0xcafebabe
timstamp    : 0x00000003
data chksum : 0xf314f304
data size   : 0x0001ffdc
---------------------
cmnnv current block is : 1
pesifwcheck=1
Erasing Nand...

Erasing at 0x80000 --  25% complete.
Erasing at 0xa0000 --  50% complete.
Erasing at 0xc0000 --  75% complete.
Erasing at 0xe0000 -- 100% complete.
Writing to Nand... done

boot from part_idx: 2
do_check_partition() type:linux2, ---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
no valid header(0)
There are no valid headers
---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
no valid header(1)
There are no valid headers
Erasing Nand...

Erasing at 0x80000 --  25% complete.
Erasing at 0xa0000 --  50% complete.
Erasing at 0xc0000 --  75% complete.
Erasing at 0xe0000 -- 100% complete.
Writing to Nand... done

---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
no valid header(0)
---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
no valid header(2)
---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
---------------------
hdr chksum  : 0x00000000
magic       : 0x00000000
timstamp    : 0x00000000
data chksum : 0x00000000
data size   : 0x00000000
---------------------
  ## Booting kernel from Legacy Image at d05fffc0 ...
   Image Name:   Linux-3.10.0-uc0
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    2317840 Bytes = 2.2 MiB
   Load Address: d0600000
   Entry Point:  d0600000
   Verifying Checksum ... Bad Data CRC
ERROR: can't get kernel image!

如果我尝试从 TFTP 启动,则图像加载得很好并且一切正常。

我将linux.bin图像刷入了相应的分区,但我不知道我需要做什么才能让设备再次工作。也许从 U-Boot 闪烁可以让它工作。

以下是来自 TFTP 的启动过程信息:

    Using mii0 device
TFTP from server 192.168.0.10; our IP address is 192.168.0.1
Filename 'linux.bin'.
Load address: 0xd05fffc0
Loading: *##T ###############################################################
     #################################################################
     #################################################################
     #################################################################
     ##########################
done
Bytes transferred = 4194304 (400000 hex)
Automatic boot of image at addr 0xD05FFFC0 ...
## Booting kernel from Legacy Image at d05fffc0 ...
   Image Name:   Linux-3.10.0-uc0
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    2317840 Bytes = 2.2 MiB
   Load Address: d0600000
   Entry Point:  d0600000
   Verifying Checksum ... OK
   Loading Kernel Image ... OK
OK

Starting kernel ...

Uncompressing Linux... done, booting the kernel.
gipc-protocol address: d4880010
ipc config: 00000004
  router-device
s-ch_enabled: 0x10010001
s-ch_enabled: 0x10010001
s-ch_enabled: 0x10010001
ipc magic=0x40540103(12)
s-ch_enabled: 0x10010003

这是分区布局:

device nand0 <gdm7243>, # parts = 17
 #: name        size        offset      mask_flags
 0: u-boot              0x00080000  0x00000000  0
 1: env                 0x00080000  0x00080000  0
 2: rev0                0x00100000  0x00100000  0
 3: ltenv               0x00100000  0x00200000  0
 4: wmnv                0x00100000  0x00300000  0
 5: cmnnv               0x00100000  0x00400000  0
 6: cmnnv2              0x00100000  0x00500000  0
 7: rev1                0x00400000  0x00600000  0
 8: linux               0x00400000  0x00a00000  0
 9: linux2              0x00400000  0x00e00000  0
10: rootfs              0x01e00000  0x01200000  0
11: rootfs2             0x01e00000  0x03000000  0
12: tk                  0x00500000  0x04e00000  0
13: tk2                 0x00500000  0x05300000  0
14: customize           0x00080000  0x05800000  0
15: log                 0x00280000  0x05880000  0
16: update              0x02000000  0x05b00000  0

active partition: nand0,0 - (u-boot) 0x00080000 @ 0x00000000

defaults:
mtdids  : nand0=gdm7243
mtdparts: mtdparts=gdm7243:512k(u-boot),512k(env),1m(rev0),1m(ltenv),1m(wmnv),1m(cmnnv),1m(cmnnv2),4m(rev1),4m(linux),4m(linux2),30m(rootfs),30m(rootfs2),5m(tk),5m(tk2),512k(customize),2560k(log),32m(update)
1个回答
kernel_load_addr=0xd0600000
filesize=400000

然后重置设备。它应该工作。

Starting kernel ...

Uncompressing Linux... done, booting the kernel.
gipc-protocol address: d4880010
ipc config: 00000004
  router-device
s-ch_enabled: 0x10010001
s-ch_enabled: 0x10010001
s-ch_enabled: 0x10010001
ipc magic=0x40540103(12)
s-ch_enabled: 0x10010003

第二次重启后问题仍然存在。如果我在输入这些命令后重新启动,设备实际上会正常启动,但如果我第二次重新启动,错误将再次出现。仍然有待调查的问题。