Try to upgrade or downgrade directly
To refresh firmware, you need to refresh breed first. Begin to directly try the firmware upgrade method that comes with the system.
Result: Failed (reason: unsafe firmware)
Conclusion: The firmware upgrade method that comes with the system cannot flash bread,
After some searching, I found that we need to crack telnet first
1. Crack telnet
It turns out that telnet is not only a test port, but also a server.
To put it simply, the corresponding value of system settings, advanced settings, regular updates, and modification of 05 elements is: "05 | /usr/sbin/telnetd -l /bin/login.sh" and
click save on the web page to open telnet .
Reference detailed process detailed process links
At this point, if everything is normal, you can log in to the router system from the command line "telnet [router ip]".
Windows needs to enable telnet in the service, and mac also needs to install telnet (brew install telnet)
2. Brush breed
Method 1 (the old version is valid)
Refer to the method of cracking telnet to modify the element values as follows, and save and execute.
05 | wget http://breed.hackpascal.net/breed-mt7620-phicomm-psg1208.bin
05 | mtd unlock Bootloader
05 | mtd -r write breed-mt7620-phicomm-psg1208.bin Bootloader
But the result of this method is not visible, I don't know what the specific execution result is, and the operation result is imperceptible.
ps. The downloading of external network files may be slow. It is recommended to download the files first, and then establish a local area network file server [python -m httpServer]
ps. But it seems that this URL is okay. If you feel troublesome or difficult to operate, you can skip it and go directly from outside. Net download.
Method 2 (this version is valid)
Telnet to the server
wget http://breed.hackpascal.net/breed-mt7620-phicomm-psg1208.bin
mtd unlock Bootloader
mtd -r write breed-mt7620-phicomm-psg1208.bin Bootloader
The principle of flashing Bootloader should be very simple. Use mtn (it feels similar to flash tool) to overwrite the contents of Bootloader directly. However, the official may have fixed the bug of method 1 in the previous version update, which caused the /bin/ash: mtd: not found
to be a little confused at the beginning when the second command was executed , but I found that /sbin/mtn was A soft link links to a file in /tmp/, and then there is no such file in the /tmp directory.
At this time, I want to reinstall the mtd tool. Since the official system of Phicomm k2 is based on openwrt-14.07, it uses opkg to update, and when opkg update finds that the request is not available, check the source file and find that its source address is already 404.
When I look at the address, I find that there is no m7620 in the https://archive.openwrt.org/barrier_breaker/14.07/ramips/ directory, but there are m7620a and m7620n. Then query the cpu of Phicomm k2 as mt760a
更改源文件[/etc/opkg.conf] 7620 为 7620a,并取消package源(第二个网址那一行)注释。
Then execute
opkg remove mtd
opkg install mtd
mtd unlock Bootloader
mtd -r write breed-mt7620-phicomm-psg1208.bin Bootloader
Wait for the router to restart at this time to enter breed
3. Flash the firmware
There are many options on the Internet. I use the direct download address of the Merlin firmware , which has not been tested.
to sum up:
- The official setting of the scheduled restart task is relatively simple. It may be to cat a value to a file and then source it; this leads to the possibility of sql injection, so adding one after the value
| 【任意命令】will be executed immediately with root privileges. - After the official found the bug, the bug was fixed, but the repair process was too sloppy. Move the installed mtd directly to /tmp, and establish a soft link to the [path] directory, which can be used during the firmware development process. After the packaging is completed, the files in the /tmp directory are directly deleted, so that the command line sql is injected The way to upgrade the firmware will not work.
- Due to the age of this system, the official openwrt maintenance website has been updated, resulting in some twists and turns in this update.
- I feel that the structure of a Linux system such as a small router is simpler than that of a desktop Linux, and there will be no complicated things. The process of solving this problem is quite interesting this time, so record it.
The following is the official account, welcome to scan the QR code, thank you for your attention, thank you for your support!
Official account name: Python into the pit NLP
This official account is mainly dedicated to natural language processing, machine learning, coding algorithms and some knowledge sharing of Python. I am just a side dish. I hope everyone can make progress together while recording the process of my study and work. Welcome to exchange and share.
