HN8145x6,貌似找到分区解锁办法了
本帖最后由 张小牛 于 2022-2-15 10:04 编辑需要一个固件分区备份,或者谁有,试一下告诉我,最好手里有TTL或编程器,不然变砖可能救不回来。
秘密就是内置的mtd是阉割版,不能解锁、不能写入,升级一下mtd软件包,1、8、9、10、13、14等分区就都可以解锁了。再安装一个nand-utils查一下就更清楚。虽然6、7不能解锁,但是flash总共就256M,所以mtd1是mtd2-14的复合体,mtd1能写基本上就能解决问题。退一步说,9和10能写,可玩性也很高。
root@SAF:/usr/sbin# cat /proc/mtd
dev: size erasesizename
mtd0: 00100000 00020000 "bootcode"
mtd1: 0ff00000 00020000 "ubilayer_v5"
mtd2: 0001f000 0001f000 "flash_configA"
mtd3: 0001f000 0001f000 "flash_configB"
mtd4: 0001f000 0001f000 "slave_paramA"
mtd5: 0001f000 0001f000 "slave_paramB"
mtd6: 030ec000 0001f000 "allsystemA"
mtd7: 030ec000 0001f000 "allsystemB"
mtd8: 00117000 0001f000 "keyfile"
mtd9: 0103a000 0001f000 "frameworkA"
mtd10: 0103a000 0001f000 "frameworkB"
mtd11: 0001f000 0001f000 "wifi_paramA"
mtd12: 0001f000 0001f000 "wifi_paramB"
mtd13: 00a0d000 0001f000 "file_system"
mtd14: 06064000 0001f000 "apps"
root@SAF:/usr/sbin# cat /proc/partitions
major minor#blocksname
1 0 50000 ram0
1 1 50000 ram1
1 2 50000 ram2
1 3 50000 ram3
31 0 1024 mtdblock0
31 1 261120 mtdblock1
31 2 124 mtdblock2
31 3 124 mtdblock3
31 4 124 mtdblock4
31 5 124 mtdblock5
31 6 50096 mtdblock6
31 7 50096 mtdblock7
31 8 1116 mtdblock8
31 9 16616 mtdblock9
31 10 16616 mtdblock10
31 11 124 mtdblock11
31 12 124 mtdblock12
31 13 10292 mtdblock13
31 14 98704 mtdblock14
7 0 92 loop0
root@SAF:/usr/sbin# mtdinfo--all
Count of MTD devices: 15
Present MTD devices: mtd0, mtd1, mtd2, mtd3, mtd4, mtd5, mtd6, mtd7, mtd8, mtd9, mtd10, mtd11, mtd12, mtd13, mtd14
Sysfs interface supported: yes
mtd0
Name: bootcode
Type: nand
Eraseblock size: 131072 bytes, 128.0 KiB
Amount of eraseblocks: 8 (1048576 bytes, 1024.0 KiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
OOB size: 64 bytes
Character device major/minor: 90:0
Bad blocks are allowed: true
Device is writable: false
mtd1
Name: ubilayer_v5
Type: nand
Eraseblock size: 131072 bytes, 128.0 KiB
Amount of eraseblocks: 2040 (267386880 bytes, 255.0 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
OOB size: 64 bytes
Character device major/minor: 90:2
Bad blocks are allowed: true
Device is writable: true
mtd2
Name: flash_configA
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 1 (126976 bytes, 124.0 KiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:4
Bad blocks are allowed: false
Device is writable: false
mtd3
Name: flash_configB
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 1 (126976 bytes, 124.0 KiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:6
Bad blocks are allowed: false
Device is writable: false
mtd4
Name: slave_paramA
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 1 (126976 bytes, 124.0 KiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:8
Bad blocks are allowed: false
Device is writable: false
mtd5
Name: slave_paramB
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 1 (126976 bytes, 124.0 KiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:10
Bad blocks are allowed: false
Device is writable: false
mtd6
Name: allsystemA
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 404 (51298304 bytes, 48.9 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:12
Bad blocks are allowed: false
Device is writable: false
mtd7
Name: allsystemB
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 404 (51298304 bytes, 48.9 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:14
Bad blocks are allowed: false
Device is writable: false
mtd8
Name: keyfile
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 9 (1142784 bytes, 1.1 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:16
Bad blocks are allowed: false
Device is writable: true
mtd9
Name: frameworkA
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 134 (17014784 bytes, 16.2 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:18
Bad blocks are allowed: false
Device is writable: true
mtd10
Name: frameworkB
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 134 (17014784 bytes, 16.2 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:20
Bad blocks are allowed: false
Device is writable: true
mtd11
Name: wifi_paramA
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 1 (126976 bytes, 124.0 KiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:22
Bad blocks are allowed: false
Device is writable: false
mtd12
Name: wifi_paramB
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 1 (126976 bytes, 124.0 KiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:24
Bad blocks are allowed: false
Device is writable: false
mtd13
Name: file_system
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 83 (10539008 bytes, 10.1 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:26
Bad blocks are allowed: false
Device is writable: true
mtd14
Name: apps
Type: ubi
Eraseblock size: 126976 bytes, 124.0 KiB
Amount of eraseblocks: 796 (101072896 bytes, 96.4 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 2048 bytes
Character device major/minor: 90:28
Bad blocks are allowed: false
Device is writable: true
sdwfwmj 发表于 2022-2-14 22:37
我把mtd复制到主系统运行了,还是不能解锁mtd6,只能解锁mtd9,看来还得另想他法 ...
不是mtd的问题,除了mtd0和1之外都是虚拟的,不是真实的,别在mtd上浪费时间 blue206 发表于 2022-2-13 10:02
请问你升级的mtd工具是怎么来的?自己编译的?方便分享一下吗?
从openwrt官方镜像服务器下载的ipk安装包,17.01.7的版本兼容性较好。 本帖最后由 张小牛 于 2022-2-12 17:53 编辑
sdwfwmj 发表于 2022-2-12 16:59
楼主,那mtd1是整个闪存,不是一个分区。不明白为什么整个闪存解锁了但分区解锁不了。另外,怎么升级mtd包 ...
mtd1是一个分区,255M,格式化成ubifs,然后建了12个volume,每个volume虚拟成一个mtd,就是mtd2-14,这也是这些mtd表现和普通mtd不大一样的原因。至于怎么指定某个volume可写还是只读,我还没弄清楚,网上很多文章都是抄来抄去瞎扯的,害我花了不少时间。
升级mtd包要先进saf-huawei虚拟机。虚拟机里的opkg也是阉割的,要看我另外一篇帖子。 自己顶一下 楼主,那mtd1是整个闪存,不是一个分区。不明白为什么整个闪存解锁了但分区解锁不了。另外,怎么升级mtd包能说下不? 本帖最后由 sdwfwmj 于 2022-2-13 18:26 编辑
楼主,那个mtd13就是jffs2,mtd14就是/mnt/jffs2/plug,所以你备份了整个jffs2文件夹就相当于有了13 14分区内的文件,与系统相关的是6分区(主系统) 9分区(虚拟机的rootfs) 7和10分别是两者备份。125的mtd1以及6 9分区在论坛内已经有了,你可以找找,找不到的话留个邮箱我发给你也可以。另外,6,7不能解锁是不是因为那都是主系统文件分区,而你是在虚拟机运行mtd的原因? sdwfwmj 发表于 2022-2-12 18:29
楼主,那个mtd13就是jffs2,mtd14就是/jffs2/plugin/apps,所以你备份了整个jffs2文件夹就相当于有了13 14 ...
邮箱cymcd@qq.com,感谢!如果有全的就更好了。
你说得没错,我后来又装了ubi-utils,它们之间的关系就更清楚了。
root@SAF:/# ubinfo --all
UBI version: 1
Count of UBI devices: 1
UBI control device major/minor: 10:59
Present UBI devices: ubi0
ubi0
Volumes count: 13
Logical eraseblock size: 126976 bytes, 124.0 KiB
Total amount of logical eraseblocks: 2040 (259031040 bytes, 247.0 MiB)
Amount of available logical eraseblocks: 24 (3047424 bytes, 2.9 MiB)
Maximum count of volumes 128
Count of bad physical eraseblocks: 0
Count of reserved physical eraseblocks:40
Current maximum erase counter value: 48
Minimum input/output unit size: 2048 bytes
Character device major/minor: 253:0
Present volumes: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
Volume ID: 0 (on ubi0)
Type: dynamic
Alignment: 1
Size: 1 LEBs (126976 bytes, 124.0 KiB)
State: OK
Name: flash_configA
Character device major/minor: 253:1
-----------------------------------
Volume ID: 1 (on ubi0)
Type: dynamic
Alignment: 1
Size: 1 LEBs (126976 bytes, 124.0 KiB)
State: OK
Name: flash_configB
Character device major/minor: 253:2
-----------------------------------
Volume ID: 2 (on ubi0)
Type: dynamic
Alignment: 1
Size: 1 LEBs (126976 bytes, 124.0 KiB)
State: OK
Name: slave_paramA
Character device major/minor: 253:3
-----------------------------------
Volume ID: 3 (on ubi0)
Type: dynamic
Alignment: 1
Size: 1 LEBs (126976 bytes, 124.0 KiB)
State: OK
Name: slave_paramB
Character device major/minor: 253:4
-----------------------------------
Volume ID: 4 (on ubi0)
Type: dynamic
Alignment: 1
Size: 404 LEBs (51298304 bytes, 48.9 MiB)
State: OK
Name: allsystemA
Character device major/minor: 253:5
-----------------------------------
Volume ID: 5 (on ubi0)
Type: dynamic
Alignment: 1
Size: 404 LEBs (51298304 bytes, 48.9 MiB)
State: OK
Name: allsystemB
Character device major/minor: 253:6
-----------------------------------
Volume ID: 6 (on ubi0)
Type: dynamic
Alignment: 1
Size: 9 LEBs (1142784 bytes, 1.1 MiB)
State: OK
Name: keyfile
Character device major/minor: 253:7
-----------------------------------
Volume ID: 7 (on ubi0)
Type: dynamic
Alignment: 1
Size: 134 LEBs (17014784 bytes, 16.2 MiB)
State: OK
Name: frameworkA
Character device major/minor: 253:8
-----------------------------------
Volume ID: 8 (on ubi0)
Type: dynamic
Alignment: 1
Size: 134 LEBs (17014784 bytes, 16.2 MiB)
State: OK
Name: frameworkB
Character device major/minor: 253:9
-----------------------------------
Volume ID: 9 (on ubi0)
Type: dynamic
Alignment: 1
Size: 1 LEBs (126976 bytes, 124.0 KiB)
State: OK
Name: wifi_paramA
Character device major/minor: 253:10
-----------------------------------
Volume ID: 10 (on ubi0)
Type: dynamic
Alignment: 1
Size: 1 LEBs (126976 bytes, 124.0 KiB)
State: OK
Name: wifi_paramB
Character device major/minor: 253:11
-----------------------------------
Volume ID: 11 (on ubi0)
Type: dynamic
Alignment: 1
Size: 83 LEBs (10539008 bytes, 10.1 MiB)
State: OK
Name: file_system
Character device major/minor: 253:12
-----------------------------------
Volume ID: 12 (on ubi0)
Type: dynamic
Alignment: 1
Size: 796 LEBs (101072896 bytes, 96.4 MiB)
State: OK
Name: apps
Character device major/minor: 253:13 请问你升级的mtd工具是怎么来的?自己编译的?方便分享一下吗? 本帖最后由 blue206 于 2022-2-13 11:28 编辑
根据你的帖子看了一下,发现确实allsystem分区是一个ubi volume,我的HN8346X6的 /dev/ubi0_4 能够完整读出这个分区的数据,但是同样无法写入,搜了一下说是需要一个ubiupdatevol的命令/工具才能写入,这个应该是mtd-utils的一部分,但是我手头没有交叉编译的环境,请问你这边有交叉编译好的mtd-utils吗?
另外貌似mtd1不能直接写,我看了一下dump,里面的数据顺序可能是乱的
估计只能想办法写入ubi volume
张小牛 发表于 2022-2-12 19:05
邮箱,感谢!如果有全的就更好了。
你说得没错,我后来又装了ubi-utils,它们之间的关系就更清楚了。
已发,超大附件发送可能有时效性,请注意查收,