I am running this on Kali Linux and for a different router. I kind of modified the code a bit (I am not a trained developer). bow is my code and the error

[edwinsunder]

Basically I need to extract firmware for Syrotech 2010 router and page file seems to be the same (2K), the uboot seems to be letting me in as well. I pasted Code, resulting error and also the boot log below for your reference. Let me know if you need more info. I am not a developer to know exactly whats happening to this extent.

######################## CODE ######################## Code as below:

import coloredlogs import logging import os import serial import sys # Import the sys module from pexpect import fdpexpect # Import the correct module

logger = logging.getLogger(name) coloredlogs.install(level="DEBUG")

serial_device = "/dev/ttyUSB0"

def parse_page(pagedata): data = b"" for linenum in range(0, 128): line = pagedata[linenum 51 : (linenum + 1) 51] line = line.strip() line = line.replace(b"\x00", b"") data += bytes.fromhex(line.decode("ascii")) return data

logger.debug(f"Opening Serial + {serial_device}") ser = serial.Serial(serial_device, 115200) if ser.name != serial_device: logger.critical(f"Unexpected device: {ser.name} != {serial_device}") os.exit() else: logger.debug(f"Device open: {ser.name}")

reader = fdpexpect.fdspawn(ser) # Use fdspawn instead of spawn

logger.info("Waiting for router boot sequence... (power cycle whenever)")

reader.expect("Hit any key to stop autoboot: ") logger.debug("Stopping Autoboot") reader.sendline("") # Provide the required argument (e.g., a newline character) logger.debug("Waiting for uboot prompt") reader.expect("=> ")

reader.sendline("nand dump 800")

reader.expect("Page 00000800 dump:\r\n\t")

pagedata = reader.read(6527)

nand dump asks for a page but actually wants offset of start of page

page @: 80000000

page 1: 00000800 (2048 = 0x800)

page 65535: 07111800

with open("dump.bin", "wb") as fd: for pagenum in range(0, 65535): page_offset = f"{pagenum * 2048:06x}" # gets offset of page, formats it in hex (no 0x) with leading zeroes logger.debug(f"Dumping page {pagenum} ({page_offset})") reader.sendline(f"nand dump {page_offset}") reader.expect(f"Page {page_offset} dump:\r\n\t-") pagedata = reader.read(6527) fd.write(parse_page(pagedata))

######################## ERROR ########################

└─# python3 ./6snipped.py dump.bin 2024-07-04 12:04:43 kali main[110244] DEBUG Opening Serial + /dev/ttyUSB0 2024-07-04 12:04:43 kali main[110244] DEBUG Device open: /dev/ttyUSB0 2024-07-04 12:04:43 kali main[110244] INFO Waiting for router boot sequence... (power cycle whenever) 2024-07-04 12:04:52 kali main[110244] DEBUG Stopping Autoboot 2024-07-04 12:04:52 kali main[110244] DEBUG Waiting for uboot prompt Traceback (most recent call last): File "/home/kali/gitfolder/firmwaredump/./6snipped.py", line 38, in reader.expect("=> ") File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 354, in expect return self.expect_list(compiled_pattern_list, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 383, in expect_list return exp.expect_loop(timeout) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 181, in expect_loop return self.timeout(e) ^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 144, in timeout raise exc pexpect.exceptions.TIMEOUT: Timeout exceeded. <pexpect.fdpexpect.fdspawn object at 0x7fd4c0983b10> searcher: searcher_re: 0: re.compile(b'=> ')

######################## BOOT LOG ########################

Bismarck Preloader 3.7 II: LPLR:11261 PLR:ab04910e BD:22101410 TK:msdk-4.8.5-mips-EB-3.18-u0.9.33-m32ut-170828_lunapro-171213 II: TLB initial done: .ro section works! .text and .ro sections work! II: CPU0 1150MHz, CPU1 600MHz, DRAM 666MHz, LX 200MHz, SRAM 500MHz, SPIF 100MHz AK: DRAM calibration version: v5.5 AK: MEMPLL[31/63/95/127/159/191/223]=907f, c0000210, 64237c0, 320f0030, fff, a7f, 0 AK: TP=3, VD=1, CC=3, OT=2, EP=0, EB=0 AK: DRAM type = DDR3, Freq. = 666 MHz ZQ: Clock: ODT/OCD=60/48, zq_zctrl_prog=0x c08033e, zq_zctrl_status=0x20a144 ZQ: Address: ODT/OCD=60/80, zq_zctrl_prog=0x1c080332, zq_zctrl_status=0x20a111 ZQ: DQ: ODT/OCD=60/60, zq_zctrl_prog=0x2c080338, zq_zctrl_status=0x20a122 ZQ: DQS: ODT/OCD=60/60, zq_zctrl_prog=0x3c080338, zq_zctrl_status=0x20a122 ZQ: INTERAL DDR3, ZQCL done, ZQCS Enable AK: MRS: mr[0]=0x101a50, mr[1]=0x110004, mr[2]=0x120010, mr[3]=0x130000 AK: Bit/max_r_s/max_r_l/max_w_s/max_w_l Bit/max_r_s/max_r_l/max_w_s/max_w_l [ 0] 0 1f 0 1d [16] 0 1f 0 1d [ 1] 0 1f 0 1f [17] 0 1f 0 1f [ 2] 0 1f 0 1f [18] 0 1f 0 1f [ 3] 0 1f 0 1d [19] 0 1f 0 1f [ 4] 0 1f 0 1d [20] 0 1f 0 1d [ 5] 0 1f 0 1d [21] 0 1f 0 1d [ 6] 0 1f 0 1d [22] 0 1f 0 1f [ 7] 0 1f 0 1d [23] 0 1f 0 1d [ 8] 0 1f 0 1d [24] 0 1f 0 1f [ 9] 0 1f 0 1f [25] 0 1f 0 1f [10] 0 1f 0 1f [26] 0 1f 0 1f [11] 0 1f 0 1f [27] 0 1f 0 1f [12] 0 1f 0 1d [28] 0 1f 0 1f [13] 0 1f 0 1f [29] 0 1f 0 1f [14] 0 1f 0 1f [30] 0 1f 0 1f [15] 0 1f 0 1f [31] 0 1f 0 1f AK: DRAM size=0x10000000, tRFC[2]=0x165(nS), tREF=1729(nS) AK: DCR=0x21321003, DTR[0:2]=0x99655828, 0x909061f, 0x6f19000 II: Change Stack from 0x9f002edc to 0x806fffe0 II: U-boot Magic Number is 0x27051956 II: Inflating U-Boot (0x80700040 -> 0x83c00000)... OK II: Starting U-boot...

U-Boot 2020.01 (Oct 14 2022 - 10:09:20 +0800)

Board: RTL9607Cv2, MIPS interAptiv:1150MHz RLX5281:600MHz LX:200MHz DDR3:666MHz SCLK:100MHz ICACHE: 64KB (32-byte/4-way/512-set) DCACHE: 32KB (32-byte/4-way/256-set) DRAM: Physical 256 MiB, uboot useable size 256 MiB SPI NAND: 0xEFAA21, Mode(111/111) Create bbt: NAND: 128 MiB Loading Environment from NAND... OK In: serial Out: serial Err: serial II: Init Software Patch! II: Configurate otto_flash_layout Saving Environment to NAND... Erasing NAND... Erasing at 0xc0000 -- 100% complete. Writing to NAND... OK OK

NAND read: device 0 offset 0x0, size 0xc0000 786432 bytes read: OK CRC32 for 81c80000 ... 81d3ffff ==> 1c264a87 Net: LUNA GMAC Warning: eth device name has a space!

Hit any key to stop autoboot: 0 Phoebus#

[edwinsunder]