Forceware weirdness on SB6121 - Printable Version

Forceware weirdness on SB6121 - Printable Version

+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: Forceware weirdness on SB6121 (/showthread.php?tid=5347)

Pages: 1 2

RE: Forceware weirdness on SB6121 - zxa1o - 09-08-2017

LOL, fair enough hahahahaha.

Looks like reflashing is the next step, I'll give this a go over the weekend! I usually don't run windows whatsoever, so any tips for a linux user before I try this? I have quite a few programmers laying around (including the tl866a), so I should be good. I have read that apparently, you can have two ROMs on the flash chip. (you mentioned UBFI1/2) Am I correct about that?

https://hackaday.io/project/20063-flashing-forceware-on-sb6141 - I stumbled upon this; looking at the following:

Code:
00000000:0001FFFF uboot

00020000:0002FFFF env1

00030000:0004FFFF env2

00040000:003EFFFF ubfi1

003F0000:0079FFFF ubfi2

007A0000:007AFFFF blank

007B0000:007FFFFF nvram

This is the partition layout for the MX25L6406E. Since the 6141 is basically the 6121 with a slightly upgraded radio, could someone confirm if the 6121 follows the same partition layout?

Ninja edit - The internet is awesome. I came across this lovely program/command - http://www.sleuthkit.org/sleuthkit/man/mmls.html
I'm thinking about dumping the flash on my unmodded SB6121 to compare to the modded one, and then just utilizing mmls to figure out the raw partition layout. From there, I can just reflash the application partitions manually. Hopefully, win \m/

RE: Forceware weirdness on SB6121 - modembricker - 09-08-2017

You somehow fucked up your nvram, happened to me many times and I got locked out of gui. Neo helped me with that a couple times till I got my own jtag.

RE: Forceware weirdness on SB6121 - zxa1o - 09-08-2017

modembricker - question for you: currently as I type right this second, my programmer is dumping the contents of the flash chip a few times. Each time I run diff against each and any two files, it returns files differ. Yet, 'head' and 'tail' report like data. (I ran those two, as it's an 8 MB file) The following link is a diff of "hexdump -C" between two dumps - http://sprunge.us/TXMY

So my question would be, would you know why the files would report differently? And, if so, what would be a better way to dump the chip? Currently I'm using the TL866A programmer, and I desoldered the flash chip and wired it manually to the tl866 (breakout board).

PS - Do you know of a way to reset nvram via SSH?