Teaser on Huawei B539u hacking
CFE> boot -elf -tftp 192.168.1.100:openwrt-brcm47xx-mips74k-vmlinux.elf
Loader:elf Filesys:tftp Dev:eth0 File:192.168.1.100:openwrt-brcm47xx-mips74k-vmlinux.elf Options:(null)
Loading: 0x80001000/3051196 0x802e9ebc/271728 Entry at 0x80005690
Closing network.
Starting program at 0x80005690
[ 0.000000] Linux version 3.10.49 (bobbuilder@openb593) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r42110) ) #1 Sun Aug 10 22:35:24 EEST 2014
[ 0.000000] CPU revision is: 00019749 (MIPS 74Kc)
[ 0.000000] bcm47xx: using bcma bus
[ 0.000000] bcma: bus0: Found chip with id 0x5357, rev 0x02 and package 0x09
[ 0.000000] bcma: bus0: Core 0 found: ChipCommon (manuf 0x4BF, id 0x800, rev 0x26, class 0x0)
[ 0.000000] bcma: bus0: Core 3 found: MIPS 74K (manuf 0x4A7, id 0x82C, rev 0x04, class 0x0)
[ 0.000000] bcma: bus0: Found M25FL128 serial flash (size: 16384KiB, blocksize: 0x10000, blocks: 256)
[ 0.000000] bcma: bus0: Early bus registered
[ 0.000000] MIPS: machine is Unknown Board
[ 0.000000] Determined physical RAM map:
[ 0.000000] memory: 07fff000 @ 00000000 (usable)
[ 0.000000] Initrd not found or empty - disabling initrd
[ 0.000000] Zone ranges:
[ 0.000000] Normal [mem 0x00000000-0x07ffefff]
[ 0.000000] HighMem empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x00000000-0x07ffefff]
[ 0.000000] Primary instruction cache 32kB, VIPT, 4-way, linesize 32 bytes.
[ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32511
[ 0.000000] Kernel command line: noinitrd console=ttyS0,115200
[ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Writing ErrCtl register=00000000
[ 0.000000] Readback ErrCtl register=00000000
[ 0.000000] Memory: 126604k/131068k available (2242k kernel code, 4464k reserved, 571k data, 188k init, 0k highmem)
[ 0.000000] NR_IRQS:128
[ 0.000000] Setting up vectored interrupts
[ 0.060000] Calibrating delay loop... 249.44 BogoMIPS (lpj=1247232)
[ 0.070000] pid_max: default: 32768 minimum: 301
[ 0.070000] Mount-cache hash table entries: 512
[ 0.070000] NET: Registered protocol family 16
[ 0.080000] bio: create slab <bio-0> at 0
[ 0.090000] Switching to clocksource MIPS
[ 0.100000] NET: Registered protocol family 2
[ 0.100000] TCP established hash table entries: 1024 (order: 1, 8192 bytes)
[ 0.100000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.100000] TCP: Hash tables configured (established 1024 bind 1024)
[ 0.100000] TCP: reno registered
[ 0.100000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[ 0.100000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[ 0.100000] NET: Registered protocol family 1
[ 0.100000] bcma: bus0: Core 1 found: IEEE 802.11 (manuf 0x4BF, id 0x812, rev 0x1C, class 0x0)
[ 0.100000] bcma: bus0: Core 2 found: GBit MAC (manuf 0x4BF, id 0x82D, rev 0x03, class 0x0)
[ 0.100000] bcma: bus0: Core 4 found: USB 2.0 Host (manuf 0x4BF, id 0x819, rev 0x05, class 0x0)
[ 0.100000] bcma: bus0: Core 5 found: DDR1/DDR2 Memory Controller (manuf 0x4BF, id 0x82E, rev 0x02, class 0x0)
[ 0.100000] bcma: bus0: Core 6 found: I2S (manuf 0x4BF, id 0x834, rev 0x02, class 0x0)
[ 0.100000] bcma: bus0: Core 7 found: Internal Memory (manuf 0x4BF, id 0x80E, rev 0x0B, class 0x0)
[ 0.110000] can not parse nvram name sb/1/rxpo2g(null) with value 0xff got -34
[ 0.110000] can not parse nvram name sb/1/ag2(null) with value 0xff got -34
[ 0.110000] can not parse nvram name sb/1/ag3(null) with value 0xff got -34
[ 0.160000] bcma: bus0: Bus registered
[ 0.160000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 0.160000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[ 0.160000] msgmni has been set to 247
[ 0.160000] io scheduler noop registered
[ 0.160000] io scheduler deadline registered (default)
[ 0.160000] Serial: 8250/16550 driver, 2 ports, IRQ sharing enabled
[ 0.190000] serial8250.0: ttyS0 at MMIO 0xb8000300 (irq = 2) is a U6_16550A
[ 0.560000] console [ttyS0] enabled
[ 0.620000] 8 bcm47xxpart partitions found on MTD device bcm47xxsflash
[ 0.630000] Creating 8 MTD partitions on "bcm47xxsflash":
[ 0.640000] 0x000000000000-0x000000040000 : "boot"
[ 0.640000] 0x000000040000-0x00000004011c : "firmware"
[ 0.650000] 0x00000004011c-0x0000001a14e8 : "linux"
[ 0.660000] mtd: partition "linux" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.670000] 0x0000001a14e8-0x000000a40000 : "rootfs"
[ 0.680000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.690000] mtd: device 3 (rootfs) set to be root filesystem
[ 0.700000] mtdsplit: no squashfs found in "bcm47xxsflash"
[ 0.700000] 0x000000a40000-0x000000ff0000 : "firmware"
[ 0.710000] 0x000000a4011c-0x000000ba14e8 : "linux"
[ 0.720000] mtd: partition "linux" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.730000] 0x000000ba14e8-0x000000ff0000 : "rootfs"
[ 0.740000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.750000] 0x000000ff0000-0x000001000000 : "nvram"
[ 0.760000] bgmac bcma0:1: Found PHY addr: 30 (NOREGS)
[ 0.770000] bgmac bcma0:1: Support for Roboswitch not implemented
[ 0.780000] libphy: bgmac mii bus: probed
[ 0.790000] b53_common: found switch: BCM5325, rev 4
[ 0.800000] bgmac: Broadcom 47xx GBit MAC driver loaded
[ 0.810000] bcm47xx-wdt bcm47xx-wdt.0: BCM47xx Watchdog Timer enabled (30 seconds)
[ 0.820000] TCP: cubic registered
[ 0.820000] NET: Registered protocol family 17
[ 0.830000] 8021q: 802.1Q VLAN Support v1.8
[ 0.830000] List of all partitions:
[ 0.840000] 1f00 256 mtdblock0 (driver?)
[ 0.840000] 1f02 1412 mtdblock2 (driver?)
[ 0.850000] 1f03 8826 mtdblock3 (driver?)
[ 0.850000] 1f04 5824 mtdblock4 (driver?)
[ 0.860000] 1f05 1412 mtdblock5 (driver?)
[ 0.860000] 1f06 4410 mtdblock6 (driver?)
[ 0.870000] 1f07 64 mtdblock7 (driver?)
[ 0.870000] No filesystem could mount root, tried: squashfs
[ 0.880000] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(31,3)
Loader:elf Filesys:tftp Dev:eth0 File:192.168.1.100:openwrt-brcm47xx-mips74k-vmlinux.elf Options:(null)
Loading: 0x80001000/3051196 0x802e9ebc/271728 Entry at 0x80005690
Closing network.
Starting program at 0x80005690
[ 0.000000] Linux version 3.10.49 (bobbuilder@openb593) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r42110) ) #1 Sun Aug 10 22:35:24 EEST 2014
[ 0.000000] CPU revision is: 00019749 (MIPS 74Kc)
[ 0.000000] bcm47xx: using bcma bus
[ 0.000000] bcma: bus0: Found chip with id 0x5357, rev 0x02 and package 0x09
[ 0.000000] bcma: bus0: Core 0 found: ChipCommon (manuf 0x4BF, id 0x800, rev 0x26, class 0x0)
[ 0.000000] bcma: bus0: Core 3 found: MIPS 74K (manuf 0x4A7, id 0x82C, rev 0x04, class 0x0)
[ 0.000000] bcma: bus0: Found M25FL128 serial flash (size: 16384KiB, blocksize: 0x10000, blocks: 256)
[ 0.000000] bcma: bus0: Early bus registered
[ 0.000000] MIPS: machine is Unknown Board
[ 0.000000] Determined physical RAM map:
[ 0.000000] memory: 07fff000 @ 00000000 (usable)
[ 0.000000] Initrd not found or empty - disabling initrd
[ 0.000000] Zone ranges:
[ 0.000000] Normal [mem 0x00000000-0x07ffefff]
[ 0.000000] HighMem empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x00000000-0x07ffefff]
[ 0.000000] Primary instruction cache 32kB, VIPT, 4-way, linesize 32 bytes.
[ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32511
[ 0.000000] Kernel command line: noinitrd console=ttyS0,115200
[ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Writing ErrCtl register=00000000
[ 0.000000] Readback ErrCtl register=00000000
[ 0.000000] Memory: 126604k/131068k available (2242k kernel code, 4464k reserved, 571k data, 188k init, 0k highmem)
[ 0.000000] NR_IRQS:128
[ 0.000000] Setting up vectored interrupts
[ 0.060000] Calibrating delay loop... 249.44 BogoMIPS (lpj=1247232)
[ 0.070000] pid_max: default: 32768 minimum: 301
[ 0.070000] Mount-cache hash table entries: 512
[ 0.070000] NET: Registered protocol family 16
[ 0.080000] bio: create slab <bio-0> at 0
[ 0.090000] Switching to clocksource MIPS
[ 0.100000] NET: Registered protocol family 2
[ 0.100000] TCP established hash table entries: 1024 (order: 1, 8192 bytes)
[ 0.100000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.100000] TCP: Hash tables configured (established 1024 bind 1024)
[ 0.100000] TCP: reno registered
[ 0.100000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[ 0.100000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[ 0.100000] NET: Registered protocol family 1
[ 0.100000] bcma: bus0: Core 1 found: IEEE 802.11 (manuf 0x4BF, id 0x812, rev 0x1C, class 0x0)
[ 0.100000] bcma: bus0: Core 2 found: GBit MAC (manuf 0x4BF, id 0x82D, rev 0x03, class 0x0)
[ 0.100000] bcma: bus0: Core 4 found: USB 2.0 Host (manuf 0x4BF, id 0x819, rev 0x05, class 0x0)
[ 0.100000] bcma: bus0: Core 5 found: DDR1/DDR2 Memory Controller (manuf 0x4BF, id 0x82E, rev 0x02, class 0x0)
[ 0.100000] bcma: bus0: Core 6 found: I2S (manuf 0x4BF, id 0x834, rev 0x02, class 0x0)
[ 0.100000] bcma: bus0: Core 7 found: Internal Memory (manuf 0x4BF, id 0x80E, rev 0x0B, class 0x0)
[ 0.110000] can not parse nvram name sb/1/rxpo2g(null) with value 0xff got -34
[ 0.110000] can not parse nvram name sb/1/ag2(null) with value 0xff got -34
[ 0.110000] can not parse nvram name sb/1/ag3(null) with value 0xff got -34
[ 0.160000] bcma: bus0: Bus registered
[ 0.160000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 0.160000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[ 0.160000] msgmni has been set to 247
[ 0.160000] io scheduler noop registered
[ 0.160000] io scheduler deadline registered (default)
[ 0.160000] Serial: 8250/16550 driver, 2 ports, IRQ sharing enabled
[ 0.190000] serial8250.0: ttyS0 at MMIO 0xb8000300 (irq = 2) is a U6_16550A
[ 0.560000] console [ttyS0] enabled
[ 0.620000] 8 bcm47xxpart partitions found on MTD device bcm47xxsflash
[ 0.630000] Creating 8 MTD partitions on "bcm47xxsflash":
[ 0.640000] 0x000000000000-0x000000040000 : "boot"
[ 0.640000] 0x000000040000-0x00000004011c : "firmware"
[ 0.650000] 0x00000004011c-0x0000001a14e8 : "linux"
[ 0.660000] mtd: partition "linux" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.670000] 0x0000001a14e8-0x000000a40000 : "rootfs"
[ 0.680000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.690000] mtd: device 3 (rootfs) set to be root filesystem
[ 0.700000] mtdsplit: no squashfs found in "bcm47xxsflash"
[ 0.700000] 0x000000a40000-0x000000ff0000 : "firmware"
[ 0.710000] 0x000000a4011c-0x000000ba14e8 : "linux"
[ 0.720000] mtd: partition "linux" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.730000] 0x000000ba14e8-0x000000ff0000 : "rootfs"
[ 0.740000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.750000] 0x000000ff0000-0x000001000000 : "nvram"
[ 0.760000] bgmac bcma0:1: Found PHY addr: 30 (NOREGS)
[ 0.770000] bgmac bcma0:1: Support for Roboswitch not implemented
[ 0.780000] libphy: bgmac mii bus: probed
[ 0.790000] b53_common: found switch: BCM5325, rev 4
[ 0.800000] bgmac: Broadcom 47xx GBit MAC driver loaded
[ 0.810000] bcm47xx-wdt bcm47xx-wdt.0: BCM47xx Watchdog Timer enabled (30 seconds)
[ 0.820000] TCP: cubic registered
[ 0.820000] NET: Registered protocol family 17
[ 0.830000] 8021q: 802.1Q VLAN Support v1.8
[ 0.830000] List of all partitions:
[ 0.840000] 1f00 256 mtdblock0 (driver?)
[ 0.840000] 1f02 1412 mtdblock2 (driver?)
[ 0.850000] 1f03 8826 mtdblock3 (driver?)
[ 0.850000] 1f04 5824 mtdblock4 (driver?)
[ 0.860000] 1f05 1412 mtdblock5 (driver?)
[ 0.860000] 1f06 4410 mtdblock6 (driver?)
[ 0.870000] 1f07 64 mtdblock7 (driver?)
[ 0.870000] No filesystem could mount root, tried: squashfs
[ 0.880000] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(31,3)
Comments
Post a Comment
Got something to say?!