[MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware

Ben Anderson a_neb at optushome.com.au
Thu May 1 07:45:41 EST 2003 

No need to reverse engineer the code out of the chip - just flash the whole
image into the other chip...

Ben.

>
> You're going to need access to an SMD rework station to get this chip off.
With the right tools it will come off like icing from a
> cake.  Putting it back on will be easier than removing it, but the image
in the flash chip will be more than the image that is
> transferred across the network since it will contain the tftp server etc.
which will not get erased (these things are block
> erasable, you don't erase the whole chip).  It is likely to be fairly
trivial to break the image up though.
>
> It would also be fairly easy to buy these chips from www.digikey.com if
really needed.
>
> Yes, this is a last resort for sure.
>
> Cheers,
> Tom
>
> ----------------------------------
> Tom Parker tparker at netspace.net.au
> http://www.wiresncode.com/projects
>
>
> -----Original Message-----
> From: Dan Flett [mailto:conhoolio at hotmail.com]
> Sent: Wednesday, 30 April 2003 11:35 PM
> To: tparker at netspace.net.au; Melbourne Wireless
> Subject: Re: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware
>
>
> A mate of mine has a super-dooper desoldering tool, but the pins on the
flash chip might be a challenge for even that.  And how
> would you go about putting it back on afterwards?  Looks like we might
have to make a sacrafice at the altar of reverse-engineering.
> But it may be for the greater good. :)
>
> Tom, I'll keep on trying other methods (including begging the
manufacturers) and use your kind offer as a last resort.
>
> BTW I've just done a bit more google research on the WLAP, and man,
there's shitloads of rebadged WLAPs out there.  Lots of
> different suppliers, lots of different model numbers.  but they all look
the same (some are different colours).  And they all have
> exactly the same spec sheet, word for word.  Which made them easy to find
with google. :)  I'll stick a list of all the websites and
> model numbers on the Wiki entry for the SVEC WLAP when I get a chance.
Might help all those people out there with differently
> badged APs to band together in a reverse-engineering collective.
>
> Dan
> ----- Original Message -----
> From: Tom Parker
> To: 'Melbourne Wireless'
> Sent: Wednesday, April 30, 2003 7:24 PM
> Subject: RE: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware
>
>
> Sorry,  I looked at the wiki finally.  There is an SMD Atmel flash chip in
the lower right corner of the image.
>
> I can read this for you, but it will be hard to get off the board (all
pins will need to be straight and clean to fit in the
> programmer).
>
> Cheers,
> Tom
>
> ----------------------------------
> Tom Parker tparker at netspace.net.au
> http://www.wiresncode.com/projects
>
>
> -----Original Message-----
> From: owner-melbwireless at wireless.org.au
[mailto:owner-melbwireless at wireless.org.au]On Behalf Of Tom Parker
> Sent: Wednesday, 30 April 2003 6:51 PM
> To: 'Melbourne Wireless'
> Subject: RE: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware
>
>
> Have you guys opened these up?  What kind of chip is the flash chip.
>
> I've got access to gear that can read/write just about any kind of
chip/package - but it might in involve some nasty soldering it is
> SMD.
>
> Cheers,
> Tom
> ----------------------------------
> Tom Parker tparker at netspace.net.au
> http://www.wiresncode.com/projects
>
>
> -----Original Message-----
> From: owner-melbwireless at wireless.org.au
[mailto:owner-melbwireless at wireless.org.au]On Behalf Of Fenn Bailey
> Sent: Wednesday, 30 April 2003 12:20 PM
> To: 'Melbourne Wireless'
> Cc: 'Dan Flett'
> Subject: RE: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware
>
>
> I had a bit of a play with these (with Jamie's assistance) and basically
ran into exactly the same problem.
>
> You can see a bit of a summary here:
http://melbourne.wireless.org.au/wiki/?SVECWLAP
>
> By the looks of it, your findings should be added to this.
>
> One of the major issues is that they don't _appear_ to implement standard
TFTP - it looks like a slightly whacky variant, which
> doesn't speak well for it fully implementing TFTP (eg: GET as well as
PUT).
>
> The main hurdle is finding a working copy of the firmware. I don't know if
you found the same thing, but the ethernet port appears
> to completely die when you flash them with Linksys firmware, which makes
further TFTP flashing somewhat difficult. However, the
> linksys USB client appears to flash it fine.
>
> The best bet that I can think of is reverse-engineering the USB interface
to it (I imagine it would be quite simple) and seeing if
> you can read the firmware out this way. I have had success doing this sort
of thing with DSL modems in the past (albeit via serial
> ports), but the principle is much the same.
>
> Unfortunately, I don't have the time to fiddle with this at the moment,
but if anyone knows of good USB sniffing software, or a good
> way to do this - it would be most appreciated.
>
> Cheers,
>
>     Fenn.
> -----Original Message-----
> From: owner-melbwireless at wireless.org.au
[mailto:owner-melbwireless at wireless.org.au] On Behalf Of Dan Flett
> Sent: Wednesday, 30 April 2003 10:52 AM
> To: Melbourne Wireless
> Subject: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware
>
>
> Hi all,
>
> I have a SVEC FD1811 AP which is rather sick since I flashed it with
Linksys firmware.  So to try to nurse it back to health I've
> been trying to find any firmware which will make it work again.  I've
noticed that the SVEC FD1811 has many twin (ie rebadged)
> brothers sold by different suppliers.  But none of them offer a firmware
download.  The SVEC AP, like many other APs out there
> (including the Linsys WAP11 v1) uses the Atmel AT76c510 chipset.  Today I
think I found an important difference between the SVEC and
> most other 510-based APs.
>
> I found this site:
>
> http://www.toptrend.com.tw/Technical%20support%20for%20WLAN-1.htm
>
> As far as I can tell, Toptrend write the firmware for the Atmel 510-based
APs.  Most of them have Intersil radio chipsets in them.
> I guessed this by looking at the firmware version number on the page
above.  But the SVEC FD1811 (and I assume, all of the rebadged
> SOHO-WLAPs out there) use RFMD radio chipsets.  The version number of the
firmware listed on Toptrend's site is the same as what is
> in my other, still working SVEC AP: V0.0.1.16
>
> So can anyone suggest how I might get a hold of this firmware?  It isn't
available for download anywhere.  SVEC won't send it out.
> I'm goint to email Toptrend and see if they'll send it to me.  Jamie Moir
and I have tried to extract the good firmware out of a
> working SVEC AP using TFTP but with no success. That's not to say it isn't
possible though.  Is anyone willing to devote a bit of
> time to tinker with my malfunctioning AP?
>
> Dan
>
>
>
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
>
>



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list