!!WARNING!! Unofficial Openwrt NANO upgrade

[Mr.miYagi]

As i wrote in the title, be warned.

You can brick your Device, loose you guarantee (MK5 should be out of guarantee), lose wife and children etc.

Im not responsable for all the bad thing will happen to you, if you follow this flash procedure

as i wrote here

 its possible to flash a MK5 with the newest Opwnwrt NANO image.

it boots, but im stuck in the setup. It asks for pressing the "reset" button, wich i don't have. Idk if im right, but as i can see, there is no way to trigger the GPIO/reset button on hardware side, since GPIO (reset button on NANO) isn't wired up.

I could flash back 2.4 with my bus pirate, but like to hack and break things 🙂

Can we work out something to skip the secure setup? On PHP side? Or triggering some pins on the PCB directly? Would appreciate some idea. I already tried to manipulate some TCP package with wireshark, im not really good at it, maybe someone can  explain to me it if makes sense to continue to search there for the weak point.

[wobblybobz]

I have been playing with this for the last few days.... and understand that it is not supported....

I was running the MKV v3.0.0 beta firmware and some of the modules were no longer working once updated.. like Recon etc...

Since it is no longer supported i thought screw it... what is the worst that could happen it doesn't do what i need now if i break it i'm no worse off.

I downloaded the official upgrade-2.7.0.bin for the NANO and scp'd it to the /tmp and then sysupgrade'd it with -F to skip the hardware id check...

Boom

I currently have the HAK5 Official Compiled Nano Firmware 2.7.0 running on my MK V...

I got to the get started page and then went fuck... there is no reset button to press....

First i tried tricking it using fiddler to say the button was pressed but there was a step in the configuration that checked it again in the backend that could not be bypassed...

I tried console into it over the UART... need a root password...

looking deeper i found it was looking for GPIO12 to write a file to show the button was pressed...

next i looked up the AR9331 chip pin-outs and found where the GPIO12 pin was...

Shorting out the Solder Pads for C26... and then it let me through to configuring the root password, wifi etc....

I then wired in a button for it.

What is working:

• Ethernet Port works
• USB Works
• Both WLAN adapters work.
• Hacked Reset buttons custom script works 😛

What does not work:

• PineAPD SegFaults because the boards hardware ID does not match what is expected... it tests if the board id matches 44b65156 a quick hex patch to change it to test for 61b798de instead.. that works.... 🙂
• The SDCard doesn't mount and sometimes causes the USB to reset... also when a SD Card is installed after boot it is not detected.

[  399.323414] usb 1-1.4: reset high-speed USB device number 5 using ehci-platform
[  399.857733] sd 0:0:0:0: [sda] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08
[  399.864581] sd 0:0:0:0: [sda] tag#0 Sense Key : 0x6 [current]
[  399.870298] sd 0:0:0:0: [sda] tag#0 ASC=0x28 ASCQ=0x0
[  399.875486] sd 0:0:0:0: [sda] tag#0 CDB: opcode=0x28 28 00 03 ba 77 88 00 00 38 00
[  399.882977] print_req_error: I/O error, dev sda, sector 62551944

Removed SD Card here...

[  399.934481] sd 0:0:0:0: [sda] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08
[  399.941252] sd 0:0:0:0: [sda] tag#0 Sense Key : 0x2 [current]
[  399.947129] sd 0:0:0:0: [sda] tag#0 ASC=0x3a ASCQ=0x0
[  399.952198] sd 0:0:0:0: [sda] tag#0 CDB: opcode=0x28 28 00 03 ba 77 c8 00 00 28 00
[  399.959776] print_req_error: I/O error, dev sda, sector 62552008
[  399.970757] sda: detected capacity change from 32026656768 to 0

• The Blue LED does not light up.
• Sometimes when using an additional USB Wifi Adapter the wlan numbering screws up.
• The GPIO Headers and Dip Switches will not work either as nothing in firmware for them

 

[WatskeBart]

Cool findings @wobblybobz

Would be awesome to blow some new life in the MK5. This device was abandoned too soon IMHO.