Open ant-thomas opened 1 year ago
Is you sure that the TX is working OK from your TTL adapter ?? Also make sure both hard and software flow control is disable of the TTL adapter is not sending any commands to the device. The baud rate and bits is OK then you is getting OK boot log in the terminal.
Its looks very nice and is using the same Zigbee module but the IPX version and i hope they have not changing the pins / pads used on it so we can using the same firmware as the original one.
TX is definitely working as I'm able to press enter to get to console login
Please press Enter to activate this console.
I'll have a look at the flow control and play some more.
That good then TX is working in the "cable". Its reported not so easy getting in the boolader in some newer versions of the first gen ZBGW so you is not alone.
I was finding one tuya ZBGW that looks similar but little different and its possible hacking :-)))
I haven't connected it to the Tuya cloud app yet. Should I set that up then try to hack?
I've added it to the cloud app. Looks like the SSH server isn't running - or at least not on port 2333 and there is mention of dropbear being killed during the original boot output.
Open ports 6668 6682 (when I try to ssh - kex_exchange_identification: Connection closed by remote host - so maybe ssh server on this?) 12130
Exact same problem with the exact same hardware.
Keystrokes are disabled during the boot process until Busybox is loaded, thus it is impossible to to stop the bootloader
I was finding one tuya ZBGW that looks similar but little different and its possible hacking :-)))
Irrelevant. Requires being able to break out of the bootloader, which is impossible to do
I have tried three completely different hubs now, and can not break out during the boot process. I have tried holding down the ESC key while powering them (powering using the Micro-USB port), have tried constantly hitting ESC while powering on, but they just do not break out. It seems that the current firmware version disables reading keystrokes until the boot cycle is almost complete.
Just to confirm, I have the RX and TX lines connected correctly, as once boot is complete, I can hit enter and it will bring up the login prompt.
Does anyone have a solution for this issue?
I've been playing with this device and found that if you short the pins 6-7 together shortly after powering on the device with a microusb cable. You need to allow it to read the bootloader from the memory and then bridge the pins when it attempt to read the rootfs partition, approx 1 sec after power on.
Booting...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@
@ chipno chipid mfrid devid cap_id size_sft dev_size chipSize
@ 0000000h 0c84018h 00000c8h 0000040h 0000018h 0000000h 0000018h 1000000h
@ blk_size blkcnt sec_size sec__cnt pageSize page_cnt chip_clk chipName
@ 0010000h 0000100h 0001000h 0001000h 0000100h 0000010h 000004eh GD25Q128
@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
DDR1:32MB
---RealTek(RTL8196E)at 2022.09.02-15:49+0800 v3.4T-pre2 16bit
P0phymode=01, embedded phy
check_image_header return_addr:05010000 bank_offset:00000000
no sys signature at 00010000!
rootfs checksum error at 00200000!
no rootfs signature at 00210000!
no rootfs signature at 00250000!
no rootfs signature at 00201000!
no rootfs signature at 00202000!
no rootfs signature at 00203000!
no rootfs signature at 00204000!
no rootfs signature at 00205000!
no rootfs signature at 00206000!
no rootfs signature at 00207000!
no rootfs signature at 00208000!
no rootfs signature at 00209000!
.......................................................................................
no rootfs signature at 003F6000!
no rootfs signature at 003F7000!
no rootfs signature at 003F8000!
no rootfs signature at 003F9000!
no rootfs signature at 003FA000!
no rootfs signature at 003FB000!
no rootfs signature at 003FC000!
no rootfs signature at 003FD000!
no rootfs signature at 003FE000!
no rootfs signature at 003FF000!
no rootfs signature at 00400000!
get uboot flag failed
P0phymode=01, embedded phy
---Ethernet init Okay!
I found the way
I found the way
Tell us more plz)
I've picked up a cheap ethernet gateway off Aliexpress.
Seems to be the same hardware as the Lidl
Firmware is a lot newer - I've added headers and got to the boot messages so far.
Pressing ESC doesn't seem to get to the bootload prompt.
Any suggestions for next steps?