EPC2203 - Zoro - 12-05-2016
Newbie here, I don't know if this is stupid question but please understand that I don't have any experience in this field. I own EPC2203 since 2009, a new modem is arriving soon so I've decided to experiment with this old one. I've bought a cheap USB to TTL cable and hooked it to my modem. After I access the terminal I get this:
Code: b00
BCM3368A1 TP1
1
Asymmetric VCDL shmoo:
DDR1 DDR2 DDR3 DDR4 VCDL
0000 0000 0424 0008 0D0D
Reduced DDR drive strength
PI sync init:1
346890
MemSize: .........................32M
Flash detected @0xbf000000
Signature: a010
SA BootLoader Version: 2.1.6l_R7 Release Gnu
Build Date: Aug 7 2006
Build Time: 21:16:19
(A). Image 2 Program Header:
Location: 0xbf200000
Signature: a010
Control: 0005
Major Rev: 0003
Minor Rev: 0000
Build Time: 2011/5/20 09:51:20 Z
File Length: 2005312 bytes
Load Address: 80004000
Filename: epc2203-ESIP-16-v202r1262-110520s.bin
HCS: 0c7d
CRC: 163af4b2
(B). Image 1 Program Header:
Location: 0xbf010000
Signature: a010
Control: 0005
Major Rev: 0003
Minor Rev: 0000
Build Time: 2007/11/20 05:43:42 Z
File Length: 2030952 bytes
Load Address: 80010000
Filename: epc2203-ESIP-13-v202r1262-071120.bin
HCS: 5485
CRC: 412a9f90
. .
Performing CRC on location (A)...
CRC time = 97397859
Detected LZMA compressed image... decompressing...
Target Address: 0x80004000
..................................Elapsed time 1053369552
Decompressed length: 8913900
Executing Image (A)...
eCos - hal_diag_init
Init device '/dev/BrcmTelnetIoDriver'
Init device '/dev/ttydiag'
Init tty channel: 8085e628
Init device '/dev/tty0'
Init tty channel: 8085e648
Init device '/dev/haldiag'
HAL/diag SERIAL init
Init device '/dev/ser0'
BCM 33XX SERIAL init - dev: 0.2
Set output buffer - buf: 0x8090c7b0 len: 2048
Set input buffer - buf: 0x8090cfb0 len: 2048
BCM 33XX SERIAL config
BcmEmtaBlindDataNonVolSettings::GetSingletonInstance: WARNING - the singleton instance is NULL, and someone is accessing it!
ERROR: Unable to get GetCountry blind data. (BcmEmtaBlindDataNonVolSettings = NULL)
WARNING: ResetDefaultBlindEmtaData() -Resetting EMTA non-vol data section to default
Is possible that this modem has locked bootloader or something as it seems that there is no available console? Any ideas how to unlock it? I just want to dump whole firmware and analyse it.
RE: EPC2203 - Sandy - 12-05-2016
(12-05-2016, 02:10 PM)Zoro Wrote: Newbie here, I don't know if this is stupid question but please understand that I don't have any experience in this field. I own EPC2203 since 2009, a new modem is arriving soon so I've decided to experiment with this old one. I've bought a cheap USB to TTL cable and hooked it to my modem. After I access the terminal I get this:
Code: b00
BCM3368A1 TP1
1
Asymmetric VCDL shmoo:
DDR1 DDR2 DDR3 DDR4 VCDL
0000 0000 0424 0008 0D0D
Reduced DDR drive strength
PI sync init:1
346890
MemSize: .........................32M
Flash detected @0xbf000000
Signature: a010
SA BootLoader Version: 2.1.6l_R7 Release Gnu
Build Date: Aug 7 2006
Build Time: 21:16:19
(A). Image 2 Program Header:
Location: 0xbf200000
Signature: a010
Control: 0005
Major Rev: 0003
Minor Rev: 0000
Build Time: 2011/5/20 09:51:20 Z
File Length: 2005312 bytes
Load Address: 80004000
Filename: epc2203-ESIP-16-v202r1262-110520s.bin
HCS: 0c7d
CRC: 163af4b2
(B). Image 1 Program Header:
Location: 0xbf010000
Signature: a010
Control: 0005
Major Rev: 0003
Minor Rev: 0000
Build Time: 2007/11/20 05:43:42 Z
File Length: 2030952 bytes
Load Address: 80010000
Filename: epc2203-ESIP-13-v202r1262-071120.bin
HCS: 5485
CRC: 412a9f90
. .
Performing CRC on location (A)...
CRC time = 97397859
Detected LZMA compressed image... decompressing...
Target Address: 0x80004000
..................................Elapsed time 1053369552
Decompressed length: 8913900
Executing Image (A)...
eCos - hal_diag_init
Init device '/dev/BrcmTelnetIoDriver'
Init device '/dev/ttydiag'
Init tty channel: 8085e628
Init device '/dev/tty0'
Init tty channel: 8085e648
Init device '/dev/haldiag'
HAL/diag SERIAL init
Init device '/dev/ser0'
BCM 33XX SERIAL init - dev: 0.2
Set output buffer - buf: 0x8090c7b0 len: 2048
Set input buffer - buf: 0x8090cfb0 len: 2048
BCM 33XX SERIAL config
BcmEmtaBlindDataNonVolSettings::GetSingletonInstance: WARNING - the singleton instance is NULL, and someone is accessing it!
ERROR: Unable to get GetCountry blind data. (BcmEmtaBlindDataNonVolSettings = NULL)
WARNING: ResetDefaultBlindEmtaData() -Resetting EMTA non-vol data section to default
Is possible that this modem has locked bootloader or something as it seems that there is no available console? Any ideas how to unlock it? I just want to dump whole firmware and analyse it.
Hey bernardo, throw that thing away and don't lose your time with such an old device.
|