I tested the voltage of the Vddh's and they are in fact 3.3v. And all the grounds are definately ground, since it can be confirmed visually right away (which is what made me suspect JTAG in the first place). Though due to the voltage, I figure this means one needs some kind of buffered JTAG cable in order to talk to it with a parallel port, unfortunately. I think the OS is VxWorks, because there's a Wind River Systems copyright string in the firmware for this model (that you can get from Belkin's site (http://www.belkin.com/support/download/downloaddetails.asp?lang=1&download=790)). The firmware image itself must be compressed, because there aren't really many other strings to be found in it. There also appears to be a header at the top of some sort (preventing you from uploading other firmwares via the web interface), but it's not the same as the Belkin Extended Header Format (see this white paper for info on that (http://midnightcode.org/papers/OpenWRT%20on%20the%20Belkin%20F5D7230-4.pdf)). It's somewhat similar though, at least in a couple spots, it seems. The first four bytes are some unknown stuff, but the next four seem to be the size of the image itself (least-significant byte first). If we follow the extended format, the next four are the CRC. Following that is the zero-terminated string "WirelessBelkin" (which differs from the extended format's structure). Now how large the header actually is, I don't know. Possibly 27 bytes, like the extended one. From looking at the bytes in the file, this is quite possibly true, since following that string is a series of bytes with the value 0xCC. As for the size of the image found earlier in the header, if we assume the image starts at 0x1B, then that leaves us some extra bytes at the end. In the extended format, this is for an NVRAM section. But I couldn't find anything even close to resembling the NVRAM header, so I really don't know at this point what's what. It doesn't help that it's compressed. I saw someone mention somewhere that one particular firmware was in ARJ, but I don't even remember what that was for. But at least it's a start, perhaps. I tried using a TFTP client to put a firmware update on it, but nothing happens, so I figure that method is out. We're likely stuck with either the updater in the web interface, or the JTAG connector. I think that's about all I know for the time being! |
Holy cow, I didn't understand half of that.
00000000h: 02 00 00 00 D0 CE 0A 00 7F 5E B1 05 57 69 72 65 ; ....ÐÎ..^±.Wire
00000010h: 6C 65 73 73 42 65 6C 6B 69 6E 00 CC CC CC CC CC ; lessBelkin.ÌÌÌÌÌ
00000020h: CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC ; ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ
00000030h: CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC ; ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ
00000040h: CC CC CC CC CC CC CC CC CC CC CC CC EC 2F 00 00 ; ÌÌÌÌÌÌÌÌÌÌÌÌì/..
Fyber, I must say, all that stuff you typed... I didn't get a word of it, but hey, you sound really smart typing it, so yay!
Here's some of the components from the Belkin that I've looked up:
...
91.EP213.002 217CP10746 - Unknown brand PCMCIA wifi card (802.11B) with dual-antennas hard-wired
Hi,
The card seems to be AWLAN WS8P/IEEE.
I just take it out from my F5D 6230-3 and insert into the laptop.
On another note, I am playing with an idea to build netbsd install for this hardware.
I have some experience with *BSD clone, however I have no idea how
to load the build into the flash memory. Regards, ML