Cidi Rome
join:2007-12-12
| reply to Bicephale
Re: Thomson SpeedTouch 5x6 & 585 EJTAG "De-Brick" Access
Hi Chaveiro.
You post concerns me...
I have to dead ST585v6 and in both cases they become like that after an incorrect bootloader has been flashed...
The first one was incorrect byte swap (not exactly the same has incorrect endian) provoked by an error on the original wrt54g tool in /nodma mode (at least with this routers)
The other one was my error, I flashed its bootloader with the ST516 one. Happened exactly the same as the other one.
There is much coincidence :-(
Best Regards. |
|
chaveiro
join:2007-12-06
1 edit | reply to Cidi Rome
Re: Thomson SpeedTouch 5x6 & 585 EJTAG "De-Brick" Access
Hi,
I have to desagree with cidi.
I had completely reflash my 585v6 with the wrong binaries (incorrect endian) and was able to revover it. |
|
Cidi Rome
join:2007-12-12
1 edit | reply to Bicephale
Hi there.
I can tell everybody that mess with the Speedtouch 516v6 is pretty safe, I have tested with many with no casualties, but I'm sure the same does not apply to the Speedtouch 585v6.
If you flash an incorrect bootloader to a ST585v6 you will certainly get a dead router that you won't be able to recover even with JTAG connections. At this point I'm waiting to test some approaches to recover this cases, but they go further than the use of a JTAG connection.
This is just an advise to the ones who have this router and are messing with them. BE CAREFUL.
Best regards. |
|
Bicephale
join:2005-09-24
 ·TekSavvy Solutions..
| reply to BerkuL
MIPS-32 EJTAG "De-Brick" Access for STs and similar
Hi BerkuL,
The initial goal of this thread was to provide the
means to BackUp/Restore FirmWare; so far the tool
originally provided by HairyDairyMaid was meant to
be used with LinkSys WRT54G routers but a visit on
the Open FreeBox site helped me to realize that it
probably supported the SpeedTouch 5xx MoDems which
were built around BCM63x8 chips... I submitted my
"De-Brick" idea and then some confirmation arrived
five months later that an E-JTAG cable combined to
'WRT54G.EXE' (or a modified version of it) allowed
us to conclude that the SpeedTouch 5xx devices can
effectively be fixed after a Flash incident. This
thread has evolved through time, as long as a unit
contains supported chips you should be able to fix
("De-Brick") your MoDem/Router provided that there
is an image of your original Flash contents handy.
This thread is not meant to help you steel service
from any ISP, if you plan to make money by selling
unlock kits or by unlocking ISP-branded units then
your posts are likely to violate the site's rules.
On the other hand, if all you want is to obtain an
additional "insurance" for your DSL device, you're
welcomed to publish close shots of the main chips:
if they're supported you may be able to BackUp the
FirmWare, just in case you might need it some day.
The thread is a project in progress. According to
our Portuguese visitors, the SoftWare is ready for
testing so i guess we should only need to focus on
the basics: how to open a casing safely, identify
the E-JTAG pin layout, build a suitable adaptor...
Mentions have been made about a 3Com model already
and i suspect that some TP-Link products will make
valid candidates as well, eventually. Details are
still required on those but there's a chance, IMO. |
|
BerkuL
join:2008-01-28 | reply to Bicephale
Re: Thomson SpeedTouch 5x6 & 585 EJTAG "De-Brick" Access
Bicephale,
This website is just about another brand and models...
Do you think they can help me?! |
|
Bicephale
join:2005-09-24 | reply to Bicephale
Hacker talk will have to move to a proper site, try this one:
»corz.org/comms/hardware/router/o···ters.php |
|
BerkuL
@com.br
|  reply to Bicephale
Hello people,
After days searching the internet I found this forum!
Hopefully I think I can use some of your information to help me with my ST510v6. (I live in Brazil)
I bought it a couple weeks ago and it's locked by ISP (UOL).
I know that it uses CANT-K board, do you think maybe I can use an older/alternative firmware version to unlock it using JTAG?!
Do you anything about this model?!
Thanks in advance! |
|
Bicephale
join:2005-09-24
·TekSavvy Solutions..
1 edit | reply to Cidi Rome
Hi Cidi Rome,
Don't bother. I see you don't gather the facts even
if they've been put in print, privately or publicly:
"no further cooperation is possible" (2008-Jan-18)
Speaking of which, i've received no source-code yet. |
|
Cidi Rome
join:2007-12-12 | reply to Bicephale
I'm glad you finally understood that.
Best Regards. |
|
Bicephale
join:2005-09-24 | reply to Cidi Rome
The situation is quite clear already, further comments are trivial. |
|
Cidi Rome
join:2007-12-12 | reply to Bicephale
Chaveiro said it all. |
|
chaveiro
join:2007-12-06 | reply to Bicephale
If you are building a lasting build you need good foundations. If you are just camping, a smooth ground in enough.
I wont comment anymore on electrical schematics for the jtag interface. |
|
Bicephale
join:2005-09-24
·TekSavvy Solutions..
| reply to Laidback
Hi LaidBack,
I repeated my requests asking for cooperation over
collecting electrical signatures, in hope it might
open the door to more MIPS-32 based devices... My
attempt was useless and there's no garantee you'll
get help on a short notice unless the audience has
some direct interrest about your topic. My advice
is to share images of main areas such as the Flash
chip, etc., as it may ease future identifications. |
|
Laidback
join:2001-09-30
Woodstock, ON | reply to Bicephale
bicephale, I know this thread is on the 500 series, but I have a 780WL. I wonder if you might know how hot these run at?
Regards
Mike |
|
Bicephale
join:2005-09-24
·TekSavvy Solutions..
3 edits | reply to chaveiro
Adaptor for Altera MAX3xxx 5 Volts tolerant FPGA |
»Re: Thomson SpeedTouch 5x6 & 585 EJTAG "De-Brick" Access
Ref.:
FPGAs DEMISTIFIED - LETS TALK KLINGON, Fig. 3
-=*=-
Notice the similarities, the GTronica circuit just
got the Power-Sensing and TriState Muting features
removed... This technology has been transposed to
another context without even knowing if BroadCom's
chip is 5 Volts tolerant at all, see for yourself:
GTronica's "simplified" version
Such modifications allow the injection of currents
into the MoDem even when it's turned off, resistor
values are not adapted and i must also insist once
again the Lithium cell generates 3 Volts, not 3.3,
which is even worst when interfacing to 5 V logic.
And lets not forget to mention the risk of current
injection into the computer's parallel port too...
Can it work? Obviously it does. Is it safe? No! |
|
master
@novis.pt
| reply to chaveiro
said by chaveiro  :Hi, Mine is a st585v6, i used the original software package without modifications. So... you already "unlocked" your 585?
Im Portuguese, with an 585 from vodafone  |
|
chaveiro
join:2007-12-06 | reply to HyperDrive
Hi,
Mine is a st585v6, i used the original software package without modifications. |
|
chaveiro
join:2007-12-06
| reply to fenster16
As i did get a JTAG BUFFERED tool were.
They send worldwide and accept paypal:
»shop.gtronica.com/product_info.p···ts_id=53
Risk? None.
Why? Se my documentated posts above. |
|
