[U-Boot] Atheros "ART" data crc calculation

Drassal, Allan drasal at wsu.edu
Sun Dec 16 04:02:56 CET 2012


Made a slight correction on which bytes to change to 0xff for the CRC calculation for the ART data.

BUFFALO WZR-HP-AG300H
***In order to change the MAC address of the wireless, we need to edit the
***FLASH where the "ART (Atheros Radio Test)" data is stored.

***This data is at address 0xbf050000 and runs to 0xbf05ffff
***however, it does not use the whole area
***the 2.4ghz information is from 0xbf051000 to 0xbf051fff
***the 5.8ghz information is from 0xbf055000 to 0xbf055fff

***the MAC address for 2.4ghz is stored at 0xbf05120c (3 bytes)
***the MAC address for 5.8ghz is stored at 0xbf05520c (3 bytes)

***this is an example of the two ethernet addresses and where they are stored
0005120c 106f3f0e5b3c
0005520c 106f3f0e5b3d

***we can't directly edit bytes in the flash since an entire page has to be
***erased and written at a time... therefore we copy the data to DRAM
***edit it, then erase the flash area and rewrite it

***copy a flash sector out so we can edit it
cp.b 0xbf050000 0x84000000 0x10000

***display the current 2.4ghz ethernet address
md 0x84001200
***edit the 2.4ghz ethernet address (edits the last two bytes)
***end the write command with a "." and enter
mm.b 0x84001210

***display the current 5.8ghz ethernet address
md 0x84005200
***edit the 5.8ghz ethernet address (edits the last two bytes)
mm.b 0x84005210

***we need to recalculate the CRC, or the Atheros driver will not load
***in order to do this, erase the current CRC bytes (two bytes)

***so, reset the following four bytes (two bytes for 2.4Ghz and two bytes for 5.8Ghz) to "ff"

***2.4ghz CRC bytes (two bytes starting at the following address)
mm.b 0x84001202
***set them to 0xff and 0xff

***5.8ghz CRC bytes (two bytes starting at the following address)
mm.b 0x84005202
***set them to 0xff and 0xff

***write the sector back into flash
protect off 0xbf050000 0xbf05ffff
erase 0xbf050000 0xbf05ffff
cp.b 0x84000000 0xbf050000 0x10000
protect on 0xbf050000 0xbf05ffff

***display the updated information in flash
md 0xbf050000
md 0xbf051200
md 0xbf055200

***reboot the board and let dd-wrt load, a failed EEPROM CRC error can be
***ignored for now, we can fix that later, use CTRL+C to exit the error
***then use "boot" to load dd-wrt

***then, when dd-wrt loads, login and do a "dmesg | grep ath:" and
***the failed CRC value will be displayed, make note of these two bytes
***we will write them into FLASH to make the CRC calculation of 0xffff
***come out corrently

***use the following commands to once again rewrite the ART area of the FLASH
***copy a flash sector out so we can edit it

cp.b 0xbf050000 0x84000000 0x10000
***2.4ghz CRC bytes
mm.b 0x84001202

***5.8ghz CRC bytes
mm.b 0x84005202

***write the sector back into flash
protect off 0xbf050000 0xbf05ffff
erase 0xbf050000 0xbf05ffff
cp.b 0x84000000 0xbf050000 0x10000
protect on 0xbf050000 0xbf05ffff

***to fix the EEPROM CRC failed error, erase the CRC enviornment variable
***it will be recreated on next reboot
setenv buf_crc
saveenv
reset

________________________________________
From: Dmytro [dioptimizer at gmail.com]
Sent: Friday, December 14, 2012 15:31
To: Drassal, Allan
Cc: U-Boot Mailing List
Subject: Re: Atheros "ART" data crc calculation

Hello again Allan,
Can you on work device (with correct ART section and with no checksum
error), enter the u-boot command - "printenv" ?
Also would you please share your ART section of the same device?

Idea is this, it is necessary to calculate the checksum of ART section
(only not clearly what part of the calculate, with empty sectors "FF"
or workspace) in CRC32 format, then correct this checksum in "buf_crc"
environment variable.

https://forum.openwrt.org/viewtopic.php?pid=153580#p153580

Best regards, Dmytro


More information about the U-Boot mailing list