hi guys.
I have an Kaon router wich runs "Linux version 3.10.24-svn1480 (jskim@jake-205) (gcc version 4.4.7 (Realtek MSDK-4.4.7 Build 1459".
The problem I have it is that its firmware is in early stages and has alot of things messed up.
Wake on lan doesn't work without arp binding and that can be done only via telnet as it's webinterface doesn't have that option.
Its a workaround that works , unfortunately it only lasts untill I reboot the router.
What I was trying to accomplish is creating a script in /etc/init.d that runs the arp bind command.
That's where my troubles really began. I can't create or edit files in /etc/init.d (or /etc for that matter). The filesystem is Ready-only.
I have tried "mount -o remount, rw /" command and the / is still "ro"
here are my mounts. I managed to create a file inside /apps (though that doesn't help much as, as I need it in /etc/init.d
# mount
rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro,relatime)
proc on /proc type proc (rw,relatime)
ramfs on /var type ramfs (rw,relatime)
/dev/mtdblock5 on /apps type jffs2 (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
Your linux is embedded ( for that Your "rootfs" ( "/") is in like RAM drive/disk ( as temp/pivot root ) -> then you cannot remount for r/w and this only r/w only at runtime ). )
( Your firmware in the flash ( mostly ) loaded to the RAM at the boot stages by bootloader ( like u-boot ).. )
Your "/dev/root" device is mounted to (/) point that is "read-only fs" with squashfs ( compressed ) that located in the flash ( or sometimes sdcard ? )
it should contains all binaries , startup files , default config files and the others....
Your mount command is wrong as already @Corona688 said this.
And you cannot re-mount the squahfs for r/w ( try with "/dev/root" lets see what happen or not )
Your device ( /dev/mtdblock5 is read/writable block device ( Flash or disk-on-chip ) with "rootfstype=jffs2" and
then you can read the some configs or other related files from it.
But also you can write via "/dev/mtd5" ( safe way ) char device to flash partiton which is writable side.
Shortly , mount command works via block device and must used via the char device for i/o operations..
Your ( /apps ) mount point is writable and has contains user apps/data/configs ( already i said above ) and these are permanent.
Look at the some details.. Managing flash storage with Linux
( the others are Kernel partitions from RAM or other memory chips ( ssd ? ) .. )
You can look for the details of the flash partitions ( "cat /proc/mtd" )
Now i m not sure is there a easy way ? , ( because i have no knowlodge about the routers and firmware )
But i can say , you have to create the customized firmware and you must flash it to router for permanent solution.. ( if it has not nvram settings for non-squash filesystem support )
( or you must unsquashfs to extract the contents to writable partition then mksquashfs to create new image from thises and write it to the target mtd device ( like "writemtd.c" codes or image dump tools )
Another try , you maybe update the router firmware with ( open-source ) alternatives like dd-wrt , open-wrt .. ( if your product ( Kaon media ) vendor does not the new firmware..)
But best way as @Corona688 said , you must update the new firmware from original Kaon hardware vendor if there is..
thanks guys.
I have managed to unpack the firmware , though it seems kinda risky to pack it back and try to flash it.
any other way I could make squashfs read /etc from another location (ex usb) instead of the default one?
Depends a lot on the drivers available and when they get loaded in the boot procedure. It's the exact same risk for the exact same reason anyway - the slightest mistake will brick it.
There's presumably a sane way to update it but we don't know what it is, being we don't know what distrubution it is. "Linux" is just the name of the 3 megabyte file which loads when you turn it on, everything else is down to the distro. Check for a file like /etc/release which states what it is
could you write what you did ( commands and outputs ) ?
where did you extract to unpack the firmware ? ( external stroage ? )
can you see the images/files as separately ( bootloader/kernel/rootfs and the others.. )
do you have the orginal firmware image outside the flash ?
i can try search your hardware but i cannot find any usefull infos.
so i have to learn this :
your device chip details
your flash chip details
cat /proc/mounts ( and fstab ? )
cat /proc/mtd
have you any tools ? ( flash_erase / nandwrite ... )
( can you list the your binaries related flash that you have .. )
what is your boot-loader ? any screen output releated booting ?
can you execute the boot-loader commands ( so is there any prompt ? )
can you paste the dmesg or /var/log/messages files ?
did you try the plug in the usb drive and kernel see it ? ( like /dev/sdaX )
are there any kernel configs ( /proc/configXX , /boot/config* )
I do not recommend to change the firmware yourself without prior experience in this area. Chances to brick your device immediately are very high.
As of now it seems a good place to create your custom scripts within the /apps folder, which is writable and likely durable across reboots.
What's left is to figure out what mechanism your router-linux-distribution provides to call your scripts.
Since it's highly likely that some open source distribution is used, the first thing is to figure out which one it is(google, vendor homepage, product specifications, ...) and when the distribution name/type is found look/read for the possibillities for calling individual startup scripts.
@Corona688 - no ""/etc/release" file only version:
RTL819xD v1.0 -- 2017. 04. 13. () 20:01:43 KST
The SDK version is: Realtek SDK v3.4.9.4-r34739
Ethernet driver version is: 21743-21743
Wireless driver version is: 34739-34739
Fastpath source version is: -
Feature support version is: -
for 6-10 I will answer tomorrow when I will redo the dump. I think I didn't perform it the right way and only got the squashfs out if.
---------- Post updated 04-22-17 at 04:07 PM ---------- Previous update was 04-21-17 at 07:51 PM ----------
I think I saw Uboot mention while analyzing the dump of an older firmware. The newer firmware only dumps the squashfs, no longer bootloader or kernel
no ideea how to do that, sorry
8
dmesg
wlan1: Open and authenticated
wlan1: A wireless client is associated - E8:93:09:8B:0B:CD
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - E8:93:09:8B:0B:CD
wlan1: Open and authenticated
wlan1: A wireless client is disassociated - 9C:B7:0D:86:19:C5
wlan1: A wireless client is associated - E8:93:09:8B:0B:CD
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - E8:93:09:8B:0B:CD
wlan1: Open and authenticated
wlan1: A STA is expired - 0C:D7:46:91:61:CB
wlan1: A STA is expired - E8:93:09:8B:0B:CD
wlan1: A expired STA is resumed - 0C:D7:46:91:61:CB
wlan1: A STA is expired - 0C:D7:46:91:61:CB
wlan1: A wireless client is associated - E8:93:09:8B:0B:CD
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - E8:93:09:8B:0B:CD
wlan1: Open and authenticated
wlan1: A wireless client is associated - E8:93:09:8B:0B:CD
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - E8:93:09:8B:0B:CD
wlan1: Open and authenticated
wlan1: A wireless client is associated - 0C:D7:46:91:61:CB
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - 0C:D7:46:91:61:CB
wlan1: Open and authenticated
wlan1: A wireless client is disassociated - 0C:D7:46:91:61:CB
wlan1: A wireless client is associated - 0C:D7:46:91:61:CB
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - 0C:D7:46:91:61:CB
wlan1: Open and authenticated
wlan1: A wireless client is disassociated - 0C:D7:46:91:61:CB
wlan0: A wireless client is associated - 0C:D7:46:91:61:CB
wlan0: WPA2-AES PSK authentication in progress...
wlan0: A wireless client is associated - 0C:D7:46:91:61:CB
wlan0: Open and authenticated
wlan0: A wireless client is associated - 48:5A:3F:89:EA:F4
wlan0: WPA2-AES PSK authentication in progress...
wlan0: A wireless client is associated - 48:5A:3F:89:EA:F4
wlan0: Open and authenticated
wlan1: A wireless client is associated - 9C:B7:0D:86:19:C5
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - 9C:B7:0D:86:19:C5
wlan1: Open and authenticated
wlan0: A wireless client is disassociated - 48:5A:3F:89:EA:F4
wlan1: A wireless client is disassociated - 9C:B7:0D:86:19:C5
wlan1: A wireless client is associated - 9C:B7:0D:86:19:C5
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - 9C:B7:0D:86:19:C5
wlan1: Open and authenticated
ODM_TXPowerTrackingCallback_ThermalMeter_JaguarSeries2(437)
wlan1: A wireless client is associated - 9C:B7:0D:86:19:C5
wlan1: WPA2-AES PSK authentication in progress...
wlan1: A wireless client is associated - 9C:B7:0D:86:19:C5
wlan1: Open and authenticated
wlan1: A STA is expired - E8:93:09:8B:0B:CD
ok.. i think test / try and lets see way is difficult and time consuming and also risky..
therefore can you execute the below commands and attachment the output files to me ? ( thanks. )
I'm not sure I'm going to be able to accomplish anything here.
I have made the modifications, but unfortunately the router is branded by the internet provider and there is no official support or any way to download the firmware.
the provider pushes new firmware and can't think of any way I could intercept it
i guess what I was dumping the squashfs only using cat /dev/mtd5 > /var/tmp/usb/sda1/backup1.bin command.
it's a router. couldn't care less if they apreciate it or not, I might just even disable their remote connection to it if I get my way.
Hopefuly I will intercept de next firmware and get what I need.
it's not openwrt compatible yet and I wouldn't flash it to that anyway , because it's a gigabit router and being closed source openwrt would come without hardware NAT , wich means only 100MBps speed limit.
Hi apoklyps3 ,
Sorry for late response beceause of im very busy with some jobs and a lot of works :rolleyes:
I could see for a few hours at the images..
It takes a lot of time to study it in depth but i see some files in the images so it look MIPS arch executable ( kernel code ) and
other kernel data ( but i m not sure consistency of this data , i could not test it due to limited time ) and the other one contains two boot data ( i guess binary bootloader and configs )..
as I understand it we must the update the rootfs that contains ( /etc/ and others dirs ) ..
so i will continue to examine ( when i have time )
now if you have the firmware image ( one-piece ) , can you attach here it ?
and can you attach the other mtd ( ( 2-3-4-5-6) especially rootfses ) parts ( thanks )
unfortunately the firmare image is not public. the router is branded by the ISP and automaticaly updates the firmware.
My guess is that they put the firmware somewhere and it gets updated on a reboot.
Hopefuly I'll be able to intercept it next time there will be an update.
I have probed /bin/busybox myself and it seems to be an ELF-64 kind of executable...not sure what to make of that ...
the files I attached before were from mtdblock0 and 1 , because when trying to do it on mtd0 and 1 i got "dd: can't open '/dev/mtd0': No such file or directory",wich is weird because they are mentioned in "cat /proc/mnt"
In /dev I have mtd from 5 to 7 and mtdblock from 0 to 7. which of them do you want me to post?
