1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mtd-write reports: "System is busy"

Discussion in 'Tomato Firmware' started by tunasashimi, May 3, 2007.

  1. tunasashimi

    tunasashimi LI Guru Member

    Howdy Tomatototalatarians!

    Check this out!
    (This is on a WRT54GL 1.1)

    (I know I shouldve done some nvram dumps :wall:)

    Code:
    login as: root
    root@192.168.170.1's password:
    
    
    Tomato  v1.04.0944
    
    
    BusyBox v1.2.2 (2007.01.24-17:12+0000) Built-in shell (ash)
    Enter 'help' for a list of built-in commands.
    
    # cd /
    # ls
    bin    cifs2  etc    jffs   mnt    proc   root   tmp    var
    cifs1  dev    home   lib    opt    rom    sbin   usr    www
    # cd /tmp
    # wget http://192.168.170.50/code.trx
    
    # md5sum code.trx
    2b38158cae4a18c7e257c8cb4daff929  code.trx
    # mtd-write -i code.trx
    
    [B][3 seconds.. nothing is output...] ^C[/B]
    
    # mtd-write -i code.trx
    System is busy
    # mtd-
    mtd-erase    mtd-unlock   mtd-write
    # mtd-
    mtd-erase    mtd-unlock   mtd-write
    # mtd-unlock
    Usage: mtd-unlock -d part
    # mtd-write -i code.trx -d linux
    System is busy
    
    # ifconfig
    br0        Link encap:Ethernet  HWaddr 00:18:39:CF:1E:FD
               inet addr:192.168.170.1  Bcast:192.168.170.255  Mask:255.255.255.0
    ......
    
    # uptime
     23:18:17 up 3 days, 21:18, load average: 0.00, 0.00, 0.00
    
    [B]At this point my web interface was dead...[/B]
    # killall httpd
    # httpd
    
    [B]Still dead, can log in and out though and everything seemed fine...[/B]     
    
    # mtd-write -i code.trx -d linux
    System is busy
    # ps
      PID  Uid     VmSize Stat Command
        1 root        476 S   init noinitrd
        2 root            SW  [keventd]
        3 root            SWN [ksoftirqd_CPU0]
        4 root            SW  [kswapd]
        5 root            SW  [bdflush]
        6 root            SW  [kupdated]
        7 root            SW  [mtdblockd]
       20 root        252 S   buttons
       97 root        288 S   ntpsync --init
       99 root        336 S   syslogd -m 60 -L -s 50
      100 root        316 S   klogd
      107 root        400 S   dropbear -p 22
      108 nobody      408 S   dnsmasq
      112 root        292 S   rstats
      113 root        364 S   crond
     2861 root        676 S   dropbear -p 22
     2862 root        468 S   -sh
     2886 root        276 S   httpd
     2887 root        336 R   ps
    # cd /
    # ls
    bin    cifs2  etc    jffs   mnt    proc   root   tmp    var
    cifs1  dev    home   lib    opt    rom    sbin   usr    www
    # reboot
    Rebooting...
    
    [B]BYE BYE ROUTER[/B]
    
    

    Well, now I'm a bit stuck :| The router is so far beyond reach, but I suppose I'll have to cut and break and climb to get to it....

    Basically, I haven't got a clue what it's doing, seeing as I can't see the power lights etc.

    The LAN connection lights up when the power goes up, but I've tried pinging anything it could possibly be, and tftp'ing to it... nada. nothing. not a blip.


    Now, I have 3 questions, besides the OBVIOUS "WHAT IS IT DOING?!!?":

    1) What IP would it have if it's waiting for me to tftp something?
    2) Would it be waiting?
    3) Will it wait if I manage to press the reset button, (without dripping sweat everywhere..) ;)

    Thanks..... any advice/info is appreciated. I've looked and looked, hey, maybe I should find a bootup printout and try guess where it's dying.

    My guess is that my first mtd-write, wrote a little bit over the start.... So theres some Tomato 1.06, possibly a blank few bytes, and then a bunch of Tomato 1.04.

    Here's to hoping TFTP does the trick..... because I reaaaaly don't feel like building JTAG interfaces.... or... do :confused: Do I?

    Now, what's all this boot_wait stuff? What's it's default settings? (Seeing as that I haven't touched it....) And is the default IP neccesarily 192.168.1.1?
    Will it be after a reset?
     
  2. Slimey

    Slimey Network Guru Member

    I have noticed this also mtd-* commands do not seem to work properly or at all.
     
  3. TexasFlood

    TexasFlood Network Guru Member

    I think the default IP address should be 192.168.10.1, if not it's 192.168.1.1, I can't recall. It's a function of the hardware and varies. Tomato should have boot_wait on. Plug in to a wired router port and set a static IP something like 192.168.10.12 (or 192.168.1.12 to try that subnet), unplug and plug in the router, ping that address (if you're on windows a ping -t will do a continuous ping), if boot_wait is on you should get about 4 responses. If not, you might still be able to tftp firmware to it but the timing will be difficult. You can increase your odds by putting a switch between your PC and the router since the PC interface will already have a link and not have to wait for a link condition on the router. I've read before that the mtd package on tomato has issues. I'm not sure if the issues are due to broken code, different syntax or what. I wonder if you unlocked linux before writing if it would have been different. When I have done an mtd under dd-wrt this wasn't required but that seemed to be a different mtd package.
     
  4. tunasashimi

    tunasashimi LI Guru Member

    :biggrin: :biggrin: :biggrin: :biggrin: :biggrin:

    Hi Guys!

    Great news. I have done some "extensive experimentation" and have gained these facts:

    (In fact, just to prepare for the tedious task of debricking the brick in question, I bricked a brand new router in exactly the same manner, just to test my method on it! Daredevil, aren't I?!)

    This is what I have learnt:

    This is on a WRT54GL 1.1 (S/N CL7B...) (Made in China)

    My initially bricked router did not respond at all on 192.168.1.1 when booting up. I tried this more than 5 times.

    Then finally I reset it while pinging 192.168.1.1 (from me 192.168.1.250 on XP). (My laptop is a little slow, takes a while to register that it's connected, but still I had no trouble).

    Without even powering down, about 10 seconds after the reset, it responded on 192.168.1.1. Then missed one ping, and responded on 192.168.1.1 when booting up.

    I used the LinksysTM tftp program to flash a CODE.BIN image (Code.trx does not seem to work)
    (When using Windows XP tftp, remember the -i option!)

    The LinksysTM app is cool, because it continually retries, and tells you that it is. It also complains when the file is the wrong type (IE CODE.TRX which is code.bin stripped of the first 32 bytes), and if you're not using the linksys password, which is "admin")

    Also, it does not matter what your router ip is, when it boots up, it stays in a certain state long enough to to three pings on 192.168.1.1. But only on the 4 switch ports, not the WAN port.

    So, I had tomato 1.04 (And also tested with stock Linksys Firmware); I flashed CODE.BIN from Tomato 1.06 with no problems, to both. Also the one where the firmware upgrade was interrupted shortly after it started.

    So, in conclusion, you have four options to flash the firmware:

    1) Use the web interface

    2a) Use the Windows XP tftp utility. Presumably use CODE.BIN.

    2b) Use the linksys tftp utility. Use CODE.BIN, not code.trx.

    PASSWORDS: Linksys tftp utility works perfectly when flashing tomato, if you leave the password field blank. For flashing Linksys stock router, you need the password "admin".

    BE sure to keep the power on for at least one or maybe even two minutes (Until the lights stop flashing) after you have transferred the image, as to not interrupt it's first boot. It is my understanding that it initialises its settings, and makes sure the filesystem is in order, during the first boot.

    Just to be sure that your NVRAM does not contain settings which may be untested on your new firmware, I would recommend you do a reset with the new firmware too. (Please could someone tell us what the point is in holding the reset button for longer than 5 seconds?! If the light starts flashing, the job is done, from what I've been able to test!)

    3) Host your code.trx file somewhere on a webserver. (You can generate this from the code.bin file with this linux command: dd if=code.bin of=code.trx bs=32 skip=1). SSH or Telnet into your router.

    Code:
    cd /tmp
    # wget http://192.168.my.pc/code.trx
    # md5sum code.trx (to comfort even the :cool:est geek)
    compare code with the one you memorised by accident... ;)
    # mdt-write -i code.trx -d linux
    [B]DO NOT PRESS ANYTHING here until it is finished, unless you want to use method 2 or 4![/B]
    ... wait ...
    # reboot
    
    4) Take some resistors and wires and solder them to a parallel port; Get the right software for the job; Connect this parrallel contraption to the 8 blank pins on the WRT circuit board. Run the funky software you downloaded from who-knows-where. Tell it to put your firmware file (Code.trx?) on the chip it tells you it sees. Reboot the router! :blush:

    Sweet, there we have it all neatly filed under a forum topic where nobody will ever find it!

    (Along with all the rest of the info you've been looking for on the internet!)
     
  5. tunasashimi

    tunasashimi LI Guru Member

    I did NOT try 192.168.10.1.... Although, Tomato 1.06 responded to 192.168.1.1 when flashing it with tftp.

    I got 3 pings from Windows XP, everytime - before it went on to the configured IP.

    Nope, not required. I presume it does it by itself.

    It seems there's no way back, other than Resetting it and using tftp, if this process is interrupted, though.
     
  6. TexasFlood

    TexasFlood Network Guru Member

    I think it's my WR850G that comes up listening on 192.168.10.1, not the Linksys, sorry for the confusion.

    I also use the linksys tftp program when I do tftp, it's just easier to use. I try to go with the web method as much as possible, again, just cause it's easier.

    Using wget and mtd-write gives you the most control and is safer so long as you do it exactly right, :)

    Looking back at your original post, thinking it was that first command "mtd-write -i code.trx" that did the evil. Without the write device of linux specified, maybe it wrote to whatever the default device is. I found what looks like a mapping of that in /proc/mtd (below). So maybe the default device would be the first one - pmon bootloader? If so then the bootloader got at least partially over-written with the linux image which would explain it not booting. Not sure but it sounds logical, to me, :) At any rate, if the default device was anything but linux, the results would not have been as expected and probably not good at all.

    dev: size erasesize name
    mtd0: 00040000 00020000 "pmon"
    mtd1: 003a0000 00020000 "linux"
    mtd2: 0021e680 00020000 "rootfs"
    mtd3: 000e0000 00020000 "jffs2"
    mtd4: 00020000 00020000 "nvram"

    Sounds like you had boot_wait set to get those 3 pings. Glad you were able to recovered the router, I've brought back mine many times using tftp, thank goodness for that failsafe capability, :) . Your post was much more detailed than mine, I wrote mine fast and took a lot for granted - I didn't even think to mention stuff like different tools, methods, stripping the header, etc. FYI, HDD is a nice freebie windows hex editor to strip the header.

    I do have one WR850G that is really bricked. Some day I need to build a jtag cable to review it but have been too lazy so far. I don't think anything else is going to revive that one from the evil that I did to it, :-(
     

Share This Page