我的ax1800pro是128G版本,固件去到了JDCOS-4.0.0.r4015,所以只能拆机TTL线刷了,本人对TTL知识为0,但熟悉系统操作。
本文仅做过程记录备忘,对您不一定有参考价值。
我的TTL线是淘宝随便买的4块多的CH340G模块的,但到手居然也就一次成功了,运气好!
拆机教程请自行搜索,需要注意的是底部5+4颗螺丝之后,顶部还需要撬开拆2颗螺丝,抽出主体的时候先把几个网口往里面用力怼就很容易出来了,我只花了几分钟
CH340G驱动在这:CH341SER.EXE – 南京沁恒微电子股份有限公司
因为我原来就是用xshell所以直接用xshell来连接ttl,注意新建连接的协议选serial,coms口在设备管理器里能看,波特率115200,连上;
TTL只连了3个针就可以,TX对RX,RX对TX,G对G,我没有焊也不会,就用淘宝送的两头的那个针直接插在上面(也不稳),通电后狂按电脑上的回车,一次就成功终止了路由器启动(如果一直在跳内容出来,大概说明你按晚了)
刷uboot步骤需要用的tftpd软件和uboot文件请找其他教程,简单来说就是ttl操作路由器的uboot系统(命令行那个),路由器从你电脑上的tftpd上把uboot文件搞到路由器本地并刷写,过程不超过1分钟。
刷完uboot(web版本),断电,摁住reset通电,红灯闪N次变蓝就说明进入web的uboot了,如果你没有断ttl,可以看到ttl里也有些提示
进了web版uboot我刷了 JDC02-1.5.40.r2181 版本的固件~
因为开始折腾前想确保安全,所以我通过两种方式备份了分区:
1、通过TTL直接备份,同样是需要tftpd服务,只是这次变成了路由器把备份的文件推到电脑罢了,以下指令可以备份,一条一条执行(网上说我,我没试过批量执行),我也不懂是啥,反正备份了再说
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
mmc read 0x44000000 0x00000000 0x22 ; tftpput 0x44000000 0x4400 mmcblk0_GPT.bin mmc read 0x44000000 0x00000022 0x600 ; tftpput 0x44000000 0xC0000 mmcblk0p1_0SBL1.bin mmc read 0x44000000 0x00000622 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p2_0BOOTCONFIG.bin mmc read 0x44000000 0x00000822 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p3_0BOOTCONFIG1.bin mmc read 0x44000000 0x00000a22 0xE00 ; tftpput 0x44000000 0x1C0000 mmcblk0p4_0QSEE.bin mmc read 0x44000000 0x00001822 0xE00 ; tftpput 0x44000000 0x1C0000 mmcblk0p5_0QSEE_1.bin mmc read 0x44000000 0x00002622 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p6_0DEVCFG.bin mmc read 0x44000000 0x00002822 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p7_0DEVCFG_1.bin mmc read 0x44000000 0x00002a22 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p8_0RPM.bin mmc read 0x44000000 0x00002c22 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p9_0RPM_1.bin mmc read 0x44000000 0x00002e22 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p10_0CDT.bin mmc read 0x44000000 0x00003022 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p11_0CDT_1.bin mmc read 0x44000000 0x00003222 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p12_0APPSBLENV.bin mmc read 0x44000000 0x00003422 0x500 ; tftpput 0x44000000 0xA0000 mmcblk0p13_0APPSBL.bin mmc read 0x44000000 0x00003922 0x500 ; tftpput 0x44000000 0xA0000 mmcblk0p14_0APPSBL_1.bin mmc read 0x44000000 0x00003e22 0x200 ; tftpput 0x44000000 0x40000 mmcblk0p15_0ART.bin mmc read 0x44000000 0x00004022 0x3000 ; tftpput 0x44000000 0x600000 mmcblk0p16_0HLOS.bin mmc read 0x44000000 0x00007022 0x3000 ; tftpput 0x44000000 0x600000 mmcblk0p17_0HLOS_1.bin mmc read 0x44000000 0x0000a022 0x1E000 ; tftpput 0x44000000 0x3C00000 mmcblk0p18_rootfs.bin mmc read 0x44000000 0x00028022 0x2000 ; tftpput 0x44000000 0x400000 mmcblk0p19_0WIFIFW.bin mmc read 0x44000000 0x0002a022 0x1E000 ; tftpput 0x44000000 0x3C00000 mmcblk0p20_rootfs_1.bin mmc read 0x44000000 0x00048022 0x2000 ; tftpput 0x44000000 0x400000 mmcblk0p21_0WIFIFW_1.bin mmc read 0x44000000 0x0004a022 0xA000 ; tftpput 0x44000000 0x1400000 mmcblk0p22_rootfs_data.bin mmc read 0x44000000 0x00054022 0x400 ; tftpput 0x44000000 0x80000 mmcblk0p23_0ETHPHYFW.bin mmc read 0x44000000 0x00054422 0x2BC00 ; tftpput 0x44000000 0x5780000 mmcblk0p24_plugin.bin mmc read 0x44000000 0x00080022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p25_log1.bin mmc read 0x44000000 0x000a0022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p25_log2.bin mmc read 0x44000000 0x000c0022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p25_log3.bin mmc read 0x44000000 0x000e0022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p25_log4.bin mmc read 0x44000000 0x00100022 0x16000 ; tftpput 0x44000000 0x2C00000 mmcblk0p25_log5.bin mmc read 0x44000000 0x00116022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p26_swap1.bin mmc read 0x44000000 0x00136022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p26_swap2.bin mmc read 0x44000000 0x00156022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p26_swap3.bin mmc read 0x44000000 0x00176022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p26_swap4.bin mmc read 0x44000000 0x00196022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p26_swap5.bin mmc read 0x44000000 0x001b6022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p26_swap6.bin mmc read 0x44000000 0x001d6022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p26_swap7.bin mmc read 0x44000000 0x001f6022 0x20000 ; tftpput 0x44000000 0x4000000 mmcblk0p26_swap8.bin |
2、通过SSH备份,我已经顺利刷到R2181,所以开ssh很简单,在路由器管理界面开F12,控制面板打
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
$.ajax({ url: "/jdcapi", async: false, data: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "call", params: [ $.cookie("sessionid"), "service", "set", { "name": "dropbear", "instances": {"instance1": {"command": ["/usr/sbin/dropbear"]}} } ] }), dataType: "json", type: "POST" }) |
就完事了
随后进入ssh,打
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
dd if=/dev/mmcblk0 bs=512 count=34 of=/mnt/mmcblk0p27/backup/mmcblk0_GPT.bin conv=fsync dd if=/dev/mmcblk0p1 of=/mnt/mmcblk0p27/backup/mmcblk0p1_0SBL1.bin conv=fsync dd if=/dev/mmcblk0p2 of=/mnt/mmcblk0p27/backup/mmcblk0p2_0BOOTCONFIG.bin conv=fsync dd if=/dev/mmcblk0p3 of=/mnt/mmcblk0p27/backup/mmcblk0p3_0BOOTCONFIG1.bin conv=fsync dd if=/dev/mmcblk0p4 of=/mnt/mmcblk0p27/backup/mmcblk0p4_0QSEE.bin conv=fsync dd if=/dev/mmcblk0p5 of=/mnt/mmcblk0p27/backup/mmcblk0p5_0QSEE_1.bin conv=fsync dd if=/dev/mmcblk0p6 of=/mnt/mmcblk0p27/backup/mmcblk0p6_0DEVCFG.bin conv=fsync dd if=/dev/mmcblk0p7 of=/mnt/mmcblk0p27/backup/mmcblk0p7_0DEVCFG_1.bin conv=fsync dd if=/dev/mmcblk0p8 of=/mnt/mmcblk0p27/backup/mmcblk0p8_0RPM.bin conv=fsync dd if=/dev/mmcblk0p9 of=/mnt/mmcblk0p27/backup/mmcblk0p9_0RPM_1.bin conv=fsync dd if=/dev/mmcblk0p10 of=/mnt/mmcblk0p27/backup/mmcblk0p10_0CDT.bin conv=fsync dd if=/dev/mmcblk0p11 of=/mnt/mmcblk0p27/backup/mmcblk0p11_0CDT_1.bin conv=fsync dd if=/dev/mmcblk0p12 of=/mnt/mmcblk0p27/backup/mmcblk0p12_0APPSBLENV.bin conv=fsync dd if=/dev/mmcblk0p13 of=/mnt/mmcblk0p27/backup/mmcblk0p13_0APPSBL.bin conv=fsync dd if=/dev/mmcblk0p14 of=/mnt/mmcblk0p27/backup/mmcblk0p14_0APPSBL_1.bin conv=fsync dd if=/dev/mmcblk0p15 of=/mnt/mmcblk0p27/backup/mmcblk0p15_0ART.bin conv=fsync dd if=/dev/mmcblk0p16 of=/mnt/mmcblk0p27/backup/mmcblk0p16_0HLOS.bin conv=fsync dd if=/dev/mmcblk0p17 of=/mnt/mmcblk0p27/backup/mmcblk0p17_0HLOS_1.bin conv=fsync dd if=/dev/mmcblk0p18 of=/mnt/mmcblk0p27/backup/mmcblk0p18_rootfs.bin conv=fsync dd if=/dev/mmcblk0p19 of=/mnt/mmcblk0p27/backup/mmcblk0p19_0WIFIFW.bin conv=fsync dd if=/dev/mmcblk0p20 of=/mnt/mmcblk0p27/backup/mmcblk0p20_rootfs_1.bin conv=fsync dd if=/dev/mmcblk0p21 of=/mnt/mmcblk0p27/backup/mmcblk0p21_0WIFIFW_1.bin conv=fsync dd if=/dev/mmcblk0p22 of=/mnt/mmcblk0p27/backup/mmcblk0p22_rootfs_data.bin conv=fsync dd if=/dev/mmcblk0p23 of=/mnt/mmcblk0p27/backup/mmcblk0p23_0ETHPHYFW.bin conv=fsync dd if=/dev/mmcblk0p24 of=/mnt/mmcblk0p27/backup/mmcblk0p24_plugin.bin conv=fsync dd if=/dev/mmcblk0p25 of=/mnt/mmcblk0p27/backup/mmcblk0p25_log.bin conv=fsync dd if=/dev/mmcblk0p26 of=/mnt/mmcblk0p27/backup/mmcblk0p26_swap.bin conv=fsync |
这里我是先在/mnt/mmcblk0p27/里创建了backup目录~ 随后出来 tar zcvf backup.tar.gz backup/ 一下,打包文件下载~
备份完成,相信接下来就可以开始乱来了,本文重点针对希望备份原厂分区的朋友,特别是听说mac地址在mmcblk0p15_0ART里。这是唯一的
转载请注明来源:WBB » 京东云亚瑟AX1800PRO折腾记录 – TTL刷uboot后备份原厂分区
