NOTE: attempting to change your router's bootloader is a VERY RISKY VENTURE. It can all so easily go BADLY WRONG, with your router being totally trashed. If you don't have a good alternative router, then you'd better stop here! If your bootloader becomes corrupted, you WILL require JTAG (and a backup copy of a working bootloader) in order to stand any chance at all of recovering it.
I only had the courage to try what I document below because I had other fully functional routers, and was quite happy to throw this DLink 524T into the bin if the attempt to change the bootloader trashed the router.
These were the steps that I took:
1. I connected a serial console cable so that I could see exactly what was happening.
2. I upgraded the router's firmware to the RouterTech v2.91.1 Adam2 (4mb-flash) firmware.
3. I logged in to the router via telnet (telnet 192.168.1.1)
4. I defragmented the environment again (setenv DEFRAG DEFRAG)
5. I transferred the new PSP bootloader binary (psbl_4M_16M_AMD_AR7RD.bin) to the router's /var/ directory, with WinSCP
6. I copied the new bootloader to overwrite the existing one
Code: Select all
cat psbl_4M_16M_AMD_AR7RD.bin > /dev/mtdblock/2
Code: Select all
dd if=psbl_4M_16M_AMD_AR7RD.bin of=/dev/mtdblock/2
Comment: copying the bootloader over was the real biggie! - At this point, we had reached "the point of no return" - the router either had a new bootloader, or it was ready for the dustbin, since I have no suitable JTAG, and don't know how to make one!
7. I fired up the pctool (v2.3) and rebooted the router (/sbin/reboot)
8. I watched as gibberish appeared on my serial console, and thought I'd killed the router!
9. I tried to connect with the pctool, but it couldn't connect (it was trying to connect to 169.254.87.1). The pctool eventually crashed!
10. I opened the tcp/ip settings for my network connection, and set the static IP to 169.254.87.3, and the default gateway to 169.254.87.1
11. I fired up the pctool again, removed the power lead from the router, and inserted it again.
12. I tried to connect again with the pctool, and was relieved when it connected. I could see my brand new bootloader (phew!)
13. I ran a pre-prepared PSPboot environment script (c:\psbl_env.txt - see contents below) with the pctool (to change the environment to PSPboot)
Code: Select all
setenv IPA 192.168.1.1
setenv mtd0 0x900a9000,0x90400000
setenv mtd1 0x90020090,0x900a9000
setenv mtd2 0x90000000,0x90010000
setenv mtd3 0x90010000,0x90020000
setenv mtd4 0x90020000,0x90400000
setenv MAC_PORT 1
setenv MODETTY0 38400,n,8,1,hw
setenv MODETTY1 38400,n,8,1,hw
setenv StaticBuffer 384
setenv modulation 0x1
setenv BOOTCFG m:f:"mtd1"
setenv PROMPT (psbl)
setenv vcc_encaps0 0.0
setenv vcc_encaps1 0.0
setenv vcc_encaps2 0.0
setenv vcc_encaps3 0.0
setenv vcc_encaps4 0.0
setenv vcc_encaps5 0.0
setenv vcc_encaps6 0.0
setenv vcc_encaps7 0.0
setenv FLASHSZ 0x00400000
setenv MEMSZ 0x01000000
PS: HWA_0 was set to the value of "maca" in my original Adam2 environment (saved with the RUC, of course), and HWA_3 was set to the value of Adam2's "macc".
14. I set the pctool's "Media Type" to "FLASH"
15. I flashed the RouterTech firmware's config file (RTech_AR7RD-4Ports_config.img) with the pctool
16. I flashed the RouterTech firmware image (RouterTech_3.6.0D_20090922_2.91.1_AR7RD-4Ports_psbl-4mb-flash_firmware.upgrade.img) with the pctool
17. I rebooted the router, and watched it all boot up successfully!
Attached is a zip file containing the PSP bootloader image that I used. Use entirely at your own peril!
Edit: some re-formatting done, and the "dd" command syntax added.
Edit2: "setenv MAC_PORT 1" is NOT right for every router - so you would be well advised to backup your router's working environment (e.g., by running the RUC again) before trying any of this.
Edit3: look further down this page for another (later) version of the PSP boot loader. If it works, it will automatically set fully functional PSPboot environment variables (including the mtd partitions), avoiding the need for step #13 above. And you will then only need to flash a pspboot firmware (via ftp or the pctool). So this one is a better option.