<kerneltoast>
i failed to mention it in the commit message for that, but the inconsistent use of effective irq affinity tl;dr results in irq kthreads not getting the irq's affinity applied to them
<\x>
i saw it on another guy who did it for my phone
<kerneltoast>
the fault is really on all the irqchip drivers that select GENERIC_IRQ_EFFECTIVE_AFF_MASK but don't set the effective affinity mask
PaulFertser has quit [Remote host closed the connection]
mva has quit [Ping timeout: 480 seconds]
dannyAAM has quit [Ping timeout: 480 seconds]
rua has quit [Quit: Leaving.]
PaulFertser has joined #openwrt-devel
rua has joined #openwrt-devel
dannyAAM has joined #openwrt-devel
quinq has joined #openwrt-devel
<quinq>
Hello
<quinq>
I hope I'm asking in the correct channel: I got a device that I can't see support for on the openwrt website, though it's actually running an openwrt
<quinq>
I'm looking for help in order to hack this device, but I'm not sure how
<quinq>
I can't see a JTAG header anywhere on the PCB
<PaulFertser>
quinq: start with finding and connecting UART.
<quinq>
The device is a WatchGuard AP420 (Qualcomm ipq8064)
<quinq>
Yep, I have that
<quinq>
I have the full boot log
<PaulFertser>
quinq: are you able to interact with the bootloader, have you tried loading an initramfs image from there?
<quinq>
No, there is no U-Boot prompt, it goes directly to the NAND for loading the DTB and the kernel
<quinq>
I tried resetting the memory after initial boot, hoping to fallback to a U-Boot prompt on kernel loading, but it resets instead
<quinq>
Yeah PaulFertser, though the context is a bit different
<quinq>
“U-Boot even has a nice 3 second delay.” mine doesn't
<quinq>
It's the same hardware otherwise
<PaulFertser>
quinq: you might probably be able to find some NAND testpoint which you can short to GND after bootloader is read but before the kernel is read and so make it error and probably drop you to the prompt...
<quinq>
That's what I just explained I did :)
<quinq>
17:25:41 quinq$ I tried resetting the memory after initial boot, hoping to fallback to a U-Boot prompt on kernel loading, but it resets instead
<quinq>
that
<PaulFertser>
It wasn't clear tbh.
<PaulFertser>
So some other attack vector is needed.
<quinq>
ok, my bad then
<PaulFertser>
quinq: please stay on channel, probably some other tricks are known
<PaulFertser>
GND on every second pin, some series resistors at fast data lines etc.
<quinq>
Now that's a good picture :D
<quinq>
I coud definitely test that… If I can get those probes to stay on those lines
<quinq>
Will need to solder something I guess
<PaulFertser>
Before that you need a JTAG adapter that can work with target voltage.
<PaulFertser>
Is it 1.8 V or lower?
<PaulFertser>
I also suggest you check schematics for the reference design for this SoC.
<quinq>
I have 3.3
<quinq>
Yeah, but that's a Qualcomm, I couldn't find yet a pirate version of a manual
<quinq>
And I've been asking them for a couple weeks now
<PaulFertser>
Proper JTAG adapters use pin 1 as the reference voltage, but not all of them can go that low.
<quinq>
Well, “pirate”, I don't know if they actually forbid redistribution of their documentation, I just know they fight their users hard to get it
<quinq>
Also, I don't know where those lines go
<quinq>
Well, if they respect the header format you showed me, that should be good actually
<tmn505>
that device has factory reset button, maybe it triggers some sort recovery in bootloader when it's pressed on bootup?
<quinq>
Let-me see if it says anything on the console
<quinq>
It seems to just restart the device
goliath has joined #openwrt-devel
<tmn505>
so probably only used, to reset to factory defaults
<quinq>
yeah
<tmn505>
how is that AP managed? Does it have an option to backup settings?
<quinq>
It's an ugly vendor-locked device, got it second-hand
<quinq>
Apparently it's only usable online, through vendor network configuration
<tmn505>
on one device I had (controller managed), I could save some settings (/etc/passwd included) but the archive was encrypted. So I dumped flash contents with external programmer and searched for the method. Found it in lua scripts, prepared archive and voila we have shell access.
<PaulFertser>
But here it's BGA NAND flash so that would be much more involved.
<quinq>
gg tmn505 :)
<quinq>
Yeah Paul, hardly doable, for me at least
<Slimey>
so much paper work for buying a house -_-
<quinq>
But I have an objective now, getting this 20-pin header connected to my jtag device
<tmn505>
yeah, there is also NOR SPI chip which holds bootloader and some interresting partition names and that should be easier to dump, maybe it holds some value
<PaulFertser>
Oh, if u-boot is loaded from that then of course it's the best way to approach, one can just reflash it with a better u-boot.
<quinq>
Yeah but once I have JTAG access I *should* be able to dump that
<PaulFertser>
JTAG can be very tricky even when you have access.
<quinq>
It is
<PaulFertser>
flashing SPI NOR memory externally is much easier
<quinq>
I don't have clip for it though
<tmn505>
cheap ch341 should do, and BTW, that HLOS partition holds kernel (HLOS1 probably recovery kernel) one could write there initramfs image, then after booting dumping NAND chip
<quinq>
I have a ch341, but I need better material for the wiring
jetm has joined #openwrt-devel
dannyAAM has quit [Ping timeout: 480 seconds]
dannyAAM has joined #openwrt-devel
robimarko has quit [Remote host closed the connection]
robimarko has joined #openwrt-devel
<linusw>
Is there someone here with TOH access that can add the D-Link DIR-890L that is now supported on snapshots? I'd like to add a wiki for it.
<slh>
the SOC voltage for ipq806x is 1.8V, so anything they don't expect users to snoop on (at least JTAG, probably serial as well) is likely to run at 1.8V, so be careful and measure first
yolo has joined #openwrt-devel
Borromini has joined #openwrt-devel
<yolo>
rust binaries are big(e.g 4MB for ripgrep), is it possible to make rust use dynlib so all other rust binaries can share and reduce side? otherwise a few rust binaries alone blow up the flash storage
<yolo>
s/side/size/
jeff___m has joined #openwrt-devel
jeff___m has quit [Ping timeout: 480 seconds]
Tapper has quit [Read error: Connection reset by peer]