Recently, I had the fortune to come across a spare DSL1015EN router cum modem. After dismantling the external case, this is what the internals look like.
On the left, we can see 2 u.fl connectors for the antennaes. If I wanted to, I could get a RP-SMA adapter and hook up some 9-dbi antennaes but we will save that project for another day. Towards the middle, we have a 4 pin UART serial connector. Looking through the specifications for the flash chipset and through trial and error , I found the pinout configuration. From left to right
- brown wire - Ground
- orange wire - RX
- yellow wire - TX
- red wire - 3.3V //optional, will work even without it.
- Baud rate : 115200
Tip: When guessing the pinout configuration, you can swop around the Ground, RX and TX cables without causing damage to the board. Power might not be necessary for most devices since it is usually powered through other means as well. Once powered up:
CFE version 1.0.38-112.37 for BCM96328 (32bit,SP,BE) Build Date: Tue Oct 23 13:14:05 SGT 2012 (veerendra@rdfwsrv.aztech.com) Copyright (C) 2000-2011 Broadcom Corporation. HS Serial flash device: name MX25L256, id 0xc219 size 32768KB Total Flash size: 32768K with 512 sectors Chip ID: BCM6328B0, MIPS: 320MHz, DDR: 320MHz, Bus: 160MHz Main Thread: TP0 Memory Test Passed Total Memory: 67108864 bytes (64MB) Boot Address: 0xb8000000 Board IP address : 192.168.1.1:ffffff00 Host IP address : 192.168.1.100 Gateway IP address : Run from flash/host (f/h) : f Default host run file name : vmlinux Default host flash file name : bcm963xx_fs_kernel Boot delay (0-9 seconds) : 3 Board Id (0-7) : 963281TAN Number of MAC Addresses (1-32) : 6 Base MAC Address : 00:26:75:b8:e8:21 PSI Size (1-64) KBytes : 64 Enable Backup PSI [0|1] : 0 System Log Size (0-256) KBytes : 0 Main Thread Number [0|1] : 0 Serial Number (13 digits) : 0703134704629 Current Mode (F|N) : N WPS Device Pin : "10317221" *** Press any key to stop auto run (3 seconds) *** Auto run second count down: 2 web info: Waiting for connection on socket 0. CFE>
Help!
Available commands: sm Set memory or registers. dm Dump memory or registers. w Write the whole image start from beginning of the flash e Erase [n]vram or [a]ll flash except bootrom r Run program from flash image or from host depend on [f/h] flag p Print boot line and board parameter info c Change booline parameters f Write image to the flash i Erase persistent storage data a Change board AFE ID b Change board parameters reset Reset the board help Obtain help for CFE commands For more information about a command, enter 'help command-name' *** command status = 0 CFE>
Dumping
CFE> dm 0xb8010000 0x1000 b8010000: ffffffff ffffffff ffffffff ffffffff ................ b8010010: ffffffff ffffffff ffffffff ffffffff ................ b8010020: ffffffff ffffffff ffffffff ffffffff ................ b8010030: ffffffff ffffffff ffffffff ffffffff ................
Oops, why aren't we getting anything. I then booted it up normally and discovered that
Code Address: 0x80010000, Entry Address: 0x802dc220 Decompression OK! Entry at 0x802dc220
Paydirt
CFE> dm 0x802dc220 0x10000 802dc220: 40086000 3c011000 3421001f 01014025 @.`.<...4!....@% 802dc230: 3908001f 40886000 000000c0 3c08802e 9...@.`.....<... 802dc240: 2508c24c 01000008 00000000 3c08803c %..L........<..< 802dc250: 25089000 ad000000 3e09803f 25290fbc %.......>..?%).. 802dc260: 25080004 1509fffe ad000000 3c01803c %...........<..< 802dc270: ac249724 3c01803c ac259728 3c01803c .$.$<..<.%.(<..< 802dc280: ac26972c 3c01803c ac279730 40802000 .&.,<..<.'.0@. . 802dc290: 3c1c8037 279c4000 241d3fe0 03bce821 <..7'.@.$.?....! 802dc2a0: 3c01803c ac3d9738 27bdfff0 080e65b4 <..<.=.8'.....e. 802dc2b0: 27bdfc00 3c04803a 27bdffe8 24849264 '...<..:'...$..d 802dc2c0: 00002821 afbf0014 0c00529a 24060a00 ..(!......R.$... 802dc2d0: 3c048005 24060600 2484b090 0c00529a <...$...$.....R. 802dc2e0: 00002821 3c058038 24a5b5b8 0c011db9 ..(!<..8$....... 802dc2f0: 00402021 3c03803c ac625510 0c0ecc1d .@ !<..<.bU..... 802dc300: 8f840000 0c01208e 00000000 0c0b7e20 ...... .......~ 802dc310: 00000000 8fbf0014 08005284 27bd0018 ..........R.'...