Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
L
lede-mikrotik
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
External wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Johannes Rudolph
lede-mikrotik
Commits
dab4271c
Commit
dab4271c
authored
18 years ago
by
Florian Fainelli
Browse files
Options
Downloads
Patches
Plain Diff
Add a subsection on the bootloaders
SVN-Revision: 6032
parent
0f6a90e0
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
docs/adding.tex
+65
-13
65 additions, 13 deletions
docs/adding.tex
with
65 additions
and
13 deletions
docs/adding.tex
+
65
−
13
View file @
dab4271c
...
@@ -30,14 +30,19 @@ fingerprinting, we will show here an example using \textbf{nmap}:
...
@@ -30,14 +30,19 @@ fingerprinting, we will show here an example using \textbf{nmap}:
\begin{Verbatim}
\begin{Verbatim}
nmap -P0 -O <IP address>
nmap -P0 -O <IP address>
Not shown: 1694 closed ports
Starting Nmap 4.20 ( http://insecure.org ) at 2007-01-08 11:05 CET
PORT STATE SERVICE
Interesting ports on 192.168.2.1:
631/tcp open ipp
Not shown: 1693 closed ports
1033/tcp open netinfo
PORT STATE SERVICE
6000/tcp open X11
22/tcp open ssh
Device type: general purpose
23/tcp open telnet
Running: Apple Mac OS X 10.4.X
53/tcp open domain
OS details: Apple Mac OS X 10.4.8 (Tiger)
80/tcp open http
MAC Address: 00:13:xx:xx:xx:xx (Cisco-Linksys)
Device type: broadband router
Running: Linksys embedded
OS details: Linksys WRT54GS v4 running OpenWrt w/Linux kernel 2.4.30
Network Distance: 1 hop
\end{Verbatim}
\end{Verbatim}
nmap is able to report whether your device uses a Linux TCP/IP stack, and if so,
nmap is able to report whether your device uses a Linux TCP/IP stack, and if so,
...
@@ -50,7 +55,16 @@ on the device, and which version of the service is being used:
...
@@ -50,7 +55,16 @@ on the device, and which version of the service is being used:
\begin{verbatim}
\begin{verbatim}
nmap -P0 -sV <IP address>
nmap -P0 -sV <IP address>
Starting Nmap 4.20 ( http://insecure.org ) at 2007-01-08 11:06 CET
Interesting ports on 192.168.2.1:
Not shown: 1693 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Dropbear sshd 0.48 (protocol 2.0)
23/tcp open telnet Busybox telnetd
53/tcp open domain ISC Bind dnsmasq-2.35
80/tcp open http OpenWrt BusyBox httpd
MAC Address: 00:13:xx:xx:xx:xx (Cisco-Linksys)
Service Info: Device: WAP
\end{verbatim}
\end{verbatim}
The web server version, if identified, can be determining in knowing the Operating
The web server version, if identified, can be determining in knowing the Operating
...
@@ -147,9 +161,11 @@ CD-ROM the open source software used to build or modify the firmware.
...
@@ -147,9 +161,11 @@ CD-ROM the open source software used to build or modify the firmware.
In conformance to the GPL license, you have to release the following sources:
In conformance to the GPL license, you have to release the following sources:
- complete toolchain that made the kernel and applications be compiled (gcc, binutils, libc)
\begin{itemize}
- tools to build a custom firmware (mksquashfs, mkcramfs ...)
\item
complete toolchain that made the kernel and applications be compiled (gcc, binutils, libc)
- kernel sources with patches to make it run on this specific hardware, this does not include binary drivers
\item
tools to build a custom firmware (mksquashfs, mkcramfs ...)
\item
kernel sources with patches to make it run on this specific hardware, this does not include binary drivers
\end{itemize}
Thank you very much in advance for your answer.
Thank you very much in advance for your answer.
...
@@ -201,7 +217,7 @@ VERSION = 2
...
@@ -201,7 +217,7 @@ VERSION = 2
PATCHLEVEL = x
PATCHLEVEL = x
SUBLEVEL = y
SUBLEVEL = y
EXTRAVERSION = z
EXTRAVERSION = z
NAME=A
vast! A bilge rat!
NAME=A
fancy name
\end{verbatim}
\end{verbatim}
So now, you know that you have to download a standard kernel tarball at
So now, you know that you have to download a standard kernel tarball at
...
@@ -235,6 +251,42 @@ code that has been added to make the binary driver work with the Linux kernel.
...
@@ -235,6 +251,42 @@ code that has been added to make the binary driver work with the Linux kernel.
This code might not be useful if you plan on writing from scratch drivers for
This code might not be useful if you plan on writing from scratch drivers for
this hardware.
this hardware.
\subsubsection
{
Using the device bootloader
}
The bootloader is the first program that is started right after your device has
been powered on. This program, can be more or less sophisticated, some do let you
do network booting, USB mass storage booting ... The bootloader is device and
architeture specific, some bootloaders were designed to be universal such as
RedBoot or U-Boot so that you can meet those loaders on totally different
platforms and expect to work the same way.
If your device runs a proprietary operating system, you are very likely to deal
with a proprietary boot loader as well. This may not always be a limitation,
some proprietary bootloaders can even have source code available (i.e : Broadcom CFE).
According to the bootloader features, hacking on th device will be more or less
easier. It is very probable that the bootloader, even exotic and rare, has a
documentation somewhere over the Internet. In order to know what will be possible
with your bootloader and the way you are going to hack the device, look over the
following features :
\begin{itemize}
\item
does the bootloader allow net booting via bootp/DHCP/NFS or tftp
\item
does the bootloader accept loading ELF binaries ?
\item
does the bootloader have a kernel/firmware size limitation ?
\item
does the bootloader expect a firmware format to be loaded with ?
\item
are the loaded files executed from RAM or flash ?
\end{itemize}
Net booting is something very convenient, because you will only have to set up network
booting servers on your development station, and keep the original firmware on the device
till you are sure you can replace it. This also prevents your device from being flashed,
and potentially bricked every time you want to test a modification on the kernel/filesystem.
If your device needs to be flashed every time you load a firmware, the bootlader might
only accept a specific firmware format to be loaded, so that you will have to
understand the firmware format as well.
\subsubsection
{
Making binary drivers work
}
\subsubsection
{
Making binary drivers work
}
As we have explained before, manufacturers do release binary drivers in their GPL
As we have explained before, manufacturers do release binary drivers in their GPL
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment