0x00 embedded --- On the important hardware router

0x00 Flash

1. RAM：

   1. Read and write

   2. Memory, typically on a circuit board with a plurality of pins of the chip is memory chip.

      1. Here that memory are generally running out of memory, corresponding to the computer's memory.

      2. Hard disk (peripheral) usually people say the corresponding computer memory storage

         1. nand flash (file system, system kernel, can not directly run the code needs to be written must be erased)

2. ROM：

   1. Difficult to write legible

      1. eeprom

      2. nor flash (bootload, BIOS, the code can be run directly)

3. Features: long-term preservation of data, power-down does not lose data, read and write speed in general

4. Flash (flash memory) and RAM (memory) difference:

   1. Way to judge:

      1. By position determination pin, the pin in the long side of the rectangle is RAM, a Flash short side

      2. If you do not see the pin, you can also check the model number to determine surface

   2. RAM is the loss of data after a power failure that temporarily stores data, faster

   3. Flash is not lost data after power-down, with the long-term preservation of data capabilities, speed is generally

 

0x01 Serial

1. Serial port, a serial communication interface to expansion. Serial interface means transmitting a data bit sequence, which is characterized by a communication line as simple as a pair of transmission lines can be two-way communication, thereby greatly reducing the cost, especially for long-distance communication, but the transmission rate is lower.

2. Most routers are asynchronous serial, refers to UART (Universal Asynchronous Receiver / Transmitter), universal asynchronous receiver / transmitter. UART chip is becoming a parallel input serial output, typically integrated on the motherboard. Including UART TTL level RS232 level serial port and serial port.

   1. TTL level is generally 3.3 / 5V supply, which defines what is low 0.8V, and 2.0V or more is high, this router based.

      1. RS232 is a negative logic level, which defines the + 5 ~ + 12V is low, and a high level -12 ~ -5V.

3. For safety, the manufacturers generally serial castrated, in order to debug firmware resolution, you can be found in the router's serial port, and welding, and then the TTL serial cable, obtain a shell.

 

0x02 TTL

1. Pin definition:

   1. VCC: The supply positive

   2. GND: ground power supply

   3. RXD: data reception

   4. TXD: data transmission

2. Transmission logic:

   1. Start bit: the transmitter is started by sending a start bit transmitted character, a start bit of data at a logical 0 state, indicating the receiver is about to start the data transfer.

   2. Data bits (Data Bits): After the start bit is the data bit transmitted. Typically 8 bit data byte of data (bits 6,7), the lower (LSB) first, the high (MSB) in the post.

   3. Parity: it can be considered a special data bits. Parity bits typically used to determine whether the received data has no errors, typically parity. In use, this bit is often canceled.

   4. Bit Stop: stop bit at the end, a flag for completion of the transfer of the character, which corresponds to a logic 1 state.

   5. Baud Rate: transmission rate of the UART, for explaining the data transfer speed. In serial communication, data is transmitted by bit, so the transmission rate by the number of data bits transmitted per second is represented, called baud rate. The baud rate is 9600bps (bits / sec).

   6. TTL to serial port (an indispensable tool)

 

0x03 JTAG

1. JTAG (Joint Test Action Group Joint Test Working Group): is an international standard testing protocol, mainly used for chip testing. Briefly, JTAG protocol for receiving the control of the CPU.

2. JTAG Interface:

   1. TCK: Test Clock Input

   2. TMS: Test Mode Select, TMS JTAG port is used to set a particular test pattern

   3. TDI: Test Data Input, TDI input data via JTAG port

   4. TDO: Test Data Output TDO output data from the JTAG port

   5. VCC: The supply positive

   6. GND: ground power supply

3. Further action: JTAG read nor flash (bootload repository), when the router brick, can do a good job by the JTAG nor flash bootload rewritten into the (brick save method).

4. Manufacturer:

   1. J-Link (common)

   2. ULINK

   3. ST-Link

   4. 。。。

 

Common routers storage structure

1. nor flash + nand flash

2. CFI (eeprom, epcs serial flash) + nand flash

3. nand flash (modified, added stepstone (4K to boot area))

4. Operation mode: the first operation nor flash bootload or BIOS, BIOS initialization bootload or memory, peripherals, etc., and then run in kernel nand flash (code fragment is transported to a little memory bootload been completed inside the initial run, instead of running in the nand flash)

Some routers may file system is read-only, or write, but when written, restart the router, read written gone, because the router is to start by re-extract the tgz file, and the file is decompressed after we write files, so if we really want to write the file, you can replace tgz unzip the file before, or by similar web of LFI, because the configuration file is not overwritten, you can find what to read a configuration file, then the program is call system or other system functions, think of ways to bypass the check.