hacker:: [[turmio]] ##content goes here == Boot messages == {{{ U-boot DB120 DRAM: 128 MB id read 0x100000ff flash size 8MB, sector count = 128 Flash: 8 MB Using default environment PCIe Reset OK!!!!!! In: serial Out: serial Err: serial Net: ag934x_enet_initialize... No valid address in Flash. Using fixed address wasp reset mask:c03300 WASP ----> S17 PHY * : cfg1 0x7 cfg2 0x7114 eth0: ba:be:fa:ce:08:41 athrs17_reg_init: complete eth0 up eth0 Autobooting in 1 seconds ## Booting image at 9f020000 ... Uncompressing Kernel Image ... OK Starting kernel ... Booting Atheros AR934x [ 0.000000] Linux version 2.6.31--LSDK-9.2.0_U6.616 (root@localhost.localdomain) (gcc version 4.3.3 (GCC) ) #1 Mon Jun 17 12:35:36 CST 2013 [ 0.000000] Ram size passed from bootloader =128M [ 0.000000] flash_size passed from bootloader = 8 [ 0.000000] CPU revision is: 0001974c (MIPS 74Kc) [ 0.000000] ath_sys_frequency: cpu srif ddr srif cpu 560 ddr 450 ahb 225 [ 0.000000] Determined physical RAM map: [ 0.000000] memory: 08000000 @ 00000000 (usable) [ 0.000000] Zone PFN ranges: [ 0.000000] Normal 0x00000000 -> 0x00008000 [ 0.000000] Movable zone start PFN for each node [ 0.000000] early_node_map[1] active PFN ranges [ 0.000000] 0: 0x00000000 -> 0x00008000 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32512 [ 0.000000] Kernel command line: console=ttyS0,115200 root=31:02 rootfstype=squashfs init=/sbin/init mtdparts=ath-nor0:128k(u-boot),1024k(kernel),6912k(rootfs),64k(config),64k(ART) mem=128M [ 0.000000] PID hash table entries: 512 (order: 9, 2048 bytes) [ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes) [ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes) [ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes. [ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes [ 0.000000] Writing ErrCtl register=00000000 [ 0.000000] Readback ErrCtl register=00000000 [ 0.000000] Memory: 112924k/131072k available (1852k kernel code, 17984k reserved, 428k data, 120k init, 0k highmem) [ 0.000000] NR_IRQS:128 [ 0.000000] plat_time_init: plat time init done [ 0.000000] Calibrating delay loop... 279.55 BogoMIPS (lpj=559104) [ 0.096000] Mount-cache hash table entries: 512 [ 0.096000] [ 0.096000] ****************ALLOC*********************** [ 0.096000] Packet mem: 8026c4c0 (0xe00000 bytes) [ 0.096000] ******************************************** [ 0.096000] [ 0.096000] NET: Registered protocol family 16 [ 0.096000] PCI init:ath_pcibios_init [ 0.096000] ath_pcibios_init(294): PCI CMD write: 0x356 [ 0.096000] registering PCI controller with io_map_base unset [ 0.096000] bio: create slab at 0 [ 0.096000] pci 0000:00:00.0: PME# supported from D0 D1 D3hot [ 0.096000] pci 0000:00:00.0: PME# disabled [ 0.096000] Returning IRQ 64 [ 0.100000] NET: Registered protocol family 2 [ 0.100000] IP route cache hash table entries: 1024 (order: 0, 4096 bytes) [ 0.100000] TCP established hash table entries: 4096 (order: 3, 32768 bytes) [ 0.100000] TCP bind hash table entries: 4096 (order: 2, 16384 bytes) [ 0.100000] TCP: Hash tables configured (established 4096 bind 4096) [ 0.100000] TCP reno registered [ 0.100000] NET: Registered protocol family 1 [ 0.100000] ATH GPIOC major 0 [ 0.100000] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.100000] msgmni has been set to 220 [ 0.100000] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254) [ 0.100000] io scheduler noop registered [ 0.100000] io scheduler deadline registered (default) [ 0.100000] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled [ 0.104000] serial8250.0: ttyS0 at MMIO 0xb8020000 (irq = 19) is a 16550A [ 0.104000] console [ttyS0] enabled [ 0.404000] PPP generic driver version 2.4.2 [ 0.408000] NET: Registered protocol family 24 [ 0.412000] 5 cmdlinepart partitions found on MTD device ath-nor0 [ 0.420000] Creating 5 MTD partitions on "ath-nor0": [ 0.424000] 0x000000000000-0x000000020000 : "u-boot" [ 0.428000] 0x000000020000-0x000000120000 : "kernel" [ 0.436000] 0x000000120000-0x0000007e0000 : "rootfs" [ 0.440000] 0x0000007e0000-0x0000007f0000 : "config" [ 0.444000] 0x0000007f0000-0x000000800000 : "ART" [ 0.452000] ->Oops: flash id 0xef4017 . [ 0.456000] ----TP IGMP has been init------ [ 0.460000] TCP cubic registered [ 0.460000] NET: Registered protocol family 10 [ 0.468000] NET: Registered protocol family 17 [ 0.472000] 802.1Q VLAN Support v1.8 Ben Greear [ 0.480000] All bugs added by David S. Miller [ 0.484000] athwdt_init: Registering WDT success [ 0.488000] ath_otp_init: Registering OTP success [ 0.496000] ath_clksw_init: Registering Clock Switch Interface success [ 0.508000] VFS: Mounted root (squashfs filesystem) readonly on device 31:2. [ 0.516000] Freeing unused kernel memory: 120k freed init started: BusyBox v1.01 (2013.05.24-01:06+0000) multi-call binary This Board use 2.6.31 insmod: cannot open module `/lib/modules/2.6.31/kernel/x_tables.ko': No such file or directory insmod: cannot open module `/lib/modules/2.6.31/kernel/xt_tcpudp.ko': No such file or directory [ 1.660000] xt_time: kernel timezone is -0000 [ 1.860000] nf_conntrack version 0.5.0 (2048 buckets, 8192 max) [ 1.864000] CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use [ 1.872000] nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or [ 1.880000] sysctl net.netfilter.nf_conntrack_acct=1 to enable it. [ 2.272000] ip_tables: (C) 2000-2006 Netfilter Core Team insmod: cannot open module `/lib/modules/2.6.31/kernel/iptable_raw.ko': No such file or directory insmod: cannot open module `/lib/modules/2.6.31/kernel/flashid.ko': No such file or directory [ 2.652000] PPPoL2TP kernel driver, V1.0 [ 2.676000] PPTP driver version 0.8.3 insmod: cannot open module `/lib/modules/2.6.31/kernel/harmony.ko': No such file or directory (none) mips #1 Mon Jun 17 12:35:36 CST 2013 (none) (none) login: [ 6.064000] Now flash open! [ 6.700000] Now flash open! [ 7.048000] ATHR_GMAC: Length per segment 1536 [ 7.052000] ATHR_GMAC: fifo cfg 3 01f00140 [ 7.056000] ATHR_GMAC: RX TASKLET - Pkts per Intr:100 [ 7.060000] ATHR_GMAC: Mac address for unit 0:bfff0000 [ 7.068000] ATHR_GMAC: ff:ff:ff:ff:ff:ff [ 7.620000] ATHR_GMAC: Max segments per packet : 1 [ 7.628000] ATHR_GMAC: Max tx descriptor count : 128 [ 7.632000] ATHR_GMAC: Max rx descriptor count : 128 [ 7.636000] ATHR_GMAC: Mac capability flags : 2381 [ 7.652000] athr_gmac_ring_alloc Allocated 2048 at 0x87af2000 [ 7.656000] athr_gmac_ring_alloc Allocated 2048 at 0x87a5b800 [ 7.964000] WASP ----> S17 PHY * [ 7.968000] Setting Drop CRC Errors, Pause Frames and Length Error frames [ 8.040000] Hello, nat module! [ 8.044000] thread: napt_ct_scan create success pid:108 [ 8.048000] netlink_kernel_create succeeded at tp_rule_nl_prot: [29] [ 8.056000] isis_ip_intf_entry_add id[0] for vid[1] [ 8.064000] isis_ip_intf_entry_add id[1] for vid[2] [ 8.068000] ACL(Index 0) For packet From Wan Port and TTL is zero [ 8.080000] ACL is not yet enabled. Enabling... [ 8.088000] ACL Rule(Index 2) For UDP with Zero Checksum [ 8.104000] [ 8.104000] ######## S17 SSDK init succeeded! ######## [ 8.120000] ++++ athrs17_igmp_setup once [ 8.148000] athrs17_reg_init:done [ 8.152000] Setting PHY... [ 9.160000] napt_ct_scan_thread: time: 4 [ 9.164000] ADDRCONF(NETDEV_UP): eth0: link is not ready [ 9.228000] device eth0.1 entered promiscuous mode [ 9.232000] device eth0 entered promiscuous mode [ 9.248000] Now flash open! [ 9.252000] Receive unknown msgType:10 at isis_nat_helper.2631.c:2937/tp_rule_netlink()! [ 9.260000] isis_ip_intf_entry_add id[1] for vid[2] [ 9.348000] br0: port 1(eth0.1) entering forwarding state [ 11.008000] ACL Rule(Index 1) For Packet From WAN to LAN Port And DIP is in lan net [ 11.500000] nf_conntrack_rtsp v0.6.21 loading [ 11.516000] nf_nat_rtsp v0.6.21 loading [ 11.660000] [ 11.660000] Enet:0 port1 up [ 11.664000] ATH_MAC_TIMER: enet unit:0 is up... [ 11.668000] RGMii 1000Mbps full duplex [ 11.672000] ATH_MAC_TIMER: done cfg2 0x7215 ifctl 0x0 miictrl [ 11.680000] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 11.828000] asf: module license 'Proprietary' taints kernel. [ 11.832000] Disabling lock debugging due to kernel taint [ 12.400000] ath_hal: 0.9.17.1 (AR5416, AR9380, REGOPS_FUNC, WRITE_EEPROM, 11D) [ 12.528000] ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved [ 12.560000] ath_dfs: Version 2.0.0 [ 12.560000] Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved [ 12.904000] ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved [ 13.676000] ath_ahb: 9.2.0_U10.1020 (Atheros/multi-bss) [ 13.684000] __ath_attach: Set global_scn[0] [ 13.688000] ACBKMinfree = 48 [ 13.692000] ACBEMinfree = 32 [ 13.696000] ACVIMinfree = 16 [ 13.696000] ACVOMinfree = 0 [ 13.700000] CABMinfree = 48 [ 13.704000] UAPSDMinfree = 0 [ 13.732000] Restoring Cal data from Flash [ 13.740000] dfs_attach: use DFS enhancements [ 13.748000] DFS min filter rssiThresh = 18 [ 13.752000] DFS max pulse dur = 151 ticks [ 13.760000] ath_get_caps[5108] rx chainmask mismatch actual 3 sc_chainmak 0 [ 13.764000] ath_get_caps[5083] tx chainmask mismatch actual 3 sc_chainmak 0 [ 13.780000] SC Callback Registration for wifi0 [ 13.784000] wifi0: Atheros 9340: mem=0xb8100000, irq=2 [ 13.792000] ath_pci: 9.2.0_U10.1020 (Atheros/multi-bss) [ 13.796000] __ath_attach: Set global_scn[1] [ 13.800000] ACBKMinfree = 48 [ 13.804000] ACBEMinfree = 32 [ 13.804000] ACVIMinfree = 16 [ 13.808000] ACVOMinfree = 0 [ 13.812000] CABMinfree = 48 [ 13.816000] UAPSDMinfree = 0 [ 13.824000] Restoring Cal data from Flash [ 13.832000] dfs_attach: use DFS enhancements [ 13.840000] DFS min filter rssiThresh = 18 [ 13.844000] DFS max pulse dur = 151 ticks [ 13.848000] ath_get_caps[5108] rx chainmask mismatch actual 7 sc_chainmak 0 [ 13.852000] ath_get_caps[5083] tx chainmask mismatch actual 7 sc_chainmak 0 [ 13.868000] SC Callback Registration for wifi1 [ 13.876000] wifi1: Atheros 9580: mem=0x10000000, irq=64 hw_base=0xb0000000 [ 14.100000] wlan_vap_create : enter. devhandle=0x86c3c2c0, opmode=IEEE80211_M_HOSTAP, flags=0x1 [ 14.108000] wlan_vap_create : exit. devhandle=0x86c3c2c0, opmode=IEEE80211_M_HOSTAP, flags=0x1. [ 14.116000] VAP device ath0 created [ 14.272000] [ 14.272000] DES SSID SET=TP-LINK_2.4GHz_3B4D8D [ 14.288000] ieee80211_ioctl_siwmode: imr.ifm_active=131712, new mode=3, valid=1 [ 20.252000] device ath0 entered promiscuous mode [ 20.256000] br0: port 2(ath0) entering forwarding state [ 20.860000] ieee80211_ioctl_siwmode: imr.ifm_active=918144, new mode=3, valid=1 [ 20.876000] br0: port 2(ath0) entering disabled state [ 21.084000] [ 21.084000] DES SSID SET=TP-LINK_2.4GHz_3B4D8D [ 21.112000] br0: port 2(ath0) entering forwarding state [ 22.984000] br0: port 2(ath0) entering disabled state [ 23.016000] br0: starting userspace STP failed, starting kernel STP [ 23.052000] br0: topology change detected, propagating [ 23.060000] br0: port 2(ath0) entering forwarding state [ 23.108000] wlan_vap_create : enter. devhandle=0x87bac2c0, opmode=IEEE80211_M_HOSTAP, flags=0x1 [ 23.116000] wlan_vap_create : exit. devhandle=0x87bac2c0, opmode=IEEE80211_M_HOSTAP, flags=0x1. [ 23.124000] VAP device ath1 created [ 23.284000] [ 23.284000] DES SSID SET=TP-LINK_5GHz_3B4D8E [ 23.300000] ieee80211_ioctl_siwmode: imr.ifm_active=66176, new mode=3, valid=1 [ 27.704000] Found best 11na chan: 36 [ 29.176000] br0: port 1(eth0.1) entering disabled state [ 29.200000] br0: topology change detected, propagating [ 29.204000] br0: port 1(eth0.1) entering forwarding state [ 29.228000] device ath1 entered promiscuous mode [ 29.232000] br0: topology change detected, propagating [ 29.240000] br0: port 3(ath1) entering forwarding state [ 29.276000] ieee80211_ioctl_siwmode: imr.ifm_active=852608, new mode=3, valid=1 [ 29.284000] br0: port 3(ath1) entering disabled state [ 29.492000] [ 29.492000] DES SSID SET=TP-LINK_5GHz_3B4D8E [ 29.516000] br0: topology change detected, propagating [ 29.524000] br0: port 3(ath1) entering forwarding state [ 31.296000] br0: port 3(ath1) entering disabled state [ 31.356000] br0: topology change detected, propagating [ 31.360000] br0: port 3(ath1) entering forwarding state [ 31.800000] fuse init (API version 7.12) [ 32.004000] usbcore: registered new interface driver usbfs [ 32.008000] usbcore: registered new interface driver hub [ 32.016000] usbcore: registered new device driver usb [ 32.048000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 32.096000] Port Status 1c000004 [ 32.096000] ath-ehci ath-ehci.0: ATH EHCI [ 32.100000] ath-ehci ath-ehci.0: new USB bus registered, assigned bus number 1 [ 32.112000] ehci_reset Intialize USB CONTROLLER in host mode: 13 [ 32.116000] ehci_reset Port Status 1c000000 [ 32.120000] ath-ehci ath-ehci.0: irq 3, io mem 0x1b000000 [ 32.128000] ehci_reset Intialize USB CONTROLLER in host mode: 13 [ 32.136000] ehci_reset Port Status 1c000000 [ 32.152000] ath-ehci ath-ehci.0: USB 2.0 started, EHCI 1.00 [ 32.156000] usb usb1: configuration #1 chosen from 1 choice [ 32.164000] hub 1-0:1.0: USB hub found [ 32.168000] hub 1-0:1.0: 1 port detected [ 32.388000] SCSI subsystem initialized [ 32.508000] usb 1-1: new high speed USB device using ath-ehci and address 2 [ 32.652000] usb 1-1: configuration #1 chosen from 1 choice [ 32.660000] hub 1-1:1.0: USB hub found [ 32.664000] hub 1-1:1.0: 4 ports detected [ 32.724000] Initializing USB Mass Storage driver... [ 32.728000] usbcore: registered new interface driver usb-storage [ 32.736000] USB Mass Storage support registered. [ 32.956000] usb 1-1.2: new high speed USB device using ath-ehci and address 3 [ 33.068000] usb 1-1.2: configuration #1 chosen from 1 choice [ 33.084000] scsi0 : SCSI emulation for USB Mass Storage devices [ 34.412000] GPL NetUSB up! [ 34.640000] kc 88 : run_telnetDBGDServer start [ 34.644000] kc 225 : init_DebugD end [ 34.648000] INFO16B9: NetUSB 1.161, 0002061F : Feb 29 2012 15:22:09 [ 34.656000] INFO16BB: AUTH ISOC [ 34.660000] INFO16BC: [ 34.660000] usbcore: registered new interface driver KC NetUSB General Driver [ 34.668000] INFO0076: init proc : PAGE_SIZE 4096 [ 34.676000] INFO1715: Check mac address [ 34.680000] INFO1575: sleep to wait br0 to wake up [ 34.684000] INFO02D0: use dev Name br0 [ 34.688000] INFO157E: sleep to wait br0 end. [ 34.692000] INFO1597: UDP_BROAD 7437 tcpPort:625868800 [ 34.696000] INFO02D0: use dev Name br0 [ 34.700000] my server name : TL-WDR4300 [ 34.708000] INFO14CE: tcpConnector() started... [ 34.720000] TP_RULE_NAT:enable hardware nat [ 34.852000] IPv6 over IPv4 tunneling driver [ 37.216000] (tp_mroute_enable_write)140, tp_mroute_enable = 1 [ 37.732000] INFO13AB: Bind to br0 [ 38.292000] scsi 0:0:0:0: Direct-Access USB Flash Disk 1100 PQ: 0 ANSI: 4 [ 38.300000] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 38.308000] sd 0:0:0:0: [sda] 3915776 512-byte logical blocks: (2.00 GB/1.86 GiB) [ 38.316000] sd 0:0:0:0: [sda] Write Protect is off [ 38.320000] sd 0:0:0:0: [sda] Assuming drive cache: write through [ 38.332000] sd 0:0:0:0: [sda] Assuming drive cache: write through [ 38.336000] sda: sda1 [ 38.348000] sd 0:0:0:0: [sda] Assuming drive cache: write through [ 38.352000] sd 0:0:0:0: [sda] Attached SCSI removable disk [ 38.376000] SQUASHFS error: Can't find a SQUASHFS superblock on sda [ 38.384000] FAT: utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 38.392000] FAT: bogus number of reserved sectors [ 38.400000] VFS: Can't find a valid FAT filesystem on dev sda. [ 38.900000] SQUASHFS error: Can't find a SQUASHFS superblock on sda1 [ 38.908000] FAT: utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 41.404000] Now flash open! [ 41.408000] Erase from 0X7E0000 to 0X7EFCB4:. [ 41.632000] Program from 0X7E0000 to 0X7EFCB4: [ 41.800000] write successfully [ 41.808000] Now flash open! [ 41.808000] Erase from 0X7E0000 to 0X7EFCB4: [ 42.032000] . [ 42.036000] Program from 0X7E0000 to 0X7EFCB4: [ 42.204000] write successfully }}} description:: Reverse engineering started:: 2014-03-20 ---- CategoryProjekti