宽带技术网»首页 ::::: 技 术 交 流 区 ::::: 『 ADSL技术交流区 』(历史记录) Broadcom路由DSL猫用的JTAG工具最新版
1 ...102103104105106107108109... 127下一页
返回列表 发新帖
楼主: hugebird

Broadcom路由DSL猫用的JTAG工具最新版

    [复制链接]
hugebird
 楼主| 发表于 2011-2-8 19:21:26 | 显示全部楼层

2.0.1

增加BCM Chipc spi控制器支持,理论可以支持大部分wifi路由spi flash读写。



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

×
回复

举报

hugebird
 楼主| 发表于 2011-2-8 19:37:03 | 显示全部楼层
春节这一周都用在这上面了,只有长假期间可以投入一下,平时实在找不到合适的时间。
wifi系列的spi flash估计基本都可以支持了,63x8的spi控制器有好几种,要再等等再说。
如果spi flash cfe出错,jtag无法进入debug模式,还需要按照短接的方法修正。
读写spi flash,建议用并口线,usbasp,stm32 这3个版本的硬件。ft2232和jlink由于不能进行实时轮询,不能进行批量读写,速度可能很慢,提醒大家注意下。


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

×
回复

举报

hugebird
 楼主| 发表于 2011-2-8 19:40:29 | 显示全部楼层
sycy 发表于 2011-1-30 00:13
你好,老大,有个问题想请教一下:
WRT350N V1 的路由.用的是J-link.j-link 版本4.08

注意下是否提示“NOT enter Debug mode”,如果无法进入调试模式,可能是flash cfe代码写入有问题,采用OE接地方式加电,再进行jtag读写操作
回复

举报

uzer222
发表于 2011-2-9 07:09:35 | 显示全部楼层
本帖最后由 uzer222 于 2011-2-9 07:11 编辑

hi! i have some errors

brjtag -flash:cfe /cable:3

<code>

HID-Brjtag MCU ROM version: 1.04 on USBASP hardware!

Probing bus ... Done
Detected IR Length is 5
CPU assumed running under BIG endian
CPU Chip ID: 00000110001101001000000101111111 (0634817F)
*** Found a Broadcom manufactured BCM6348 REV 01 CPU ***

    - EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
    - EJTAG Version ....... : 1 or 2.0
    - EJTAG DMA Support ... : Yes
    - EJTAG Implementation flags: R4k MIPS32

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Done
Halting Processor ... <Processor Entered Debug Mode!> ... Done
Clearing Watchdog ... Done
Loading CPU Configuration Code ... Skipped
Detecting Flash Base Address...0x1FC00000

Probing Flash at Address: 0x1FC00000 ...
Detected pFlash Chip ID (VenID:DevID = 00C2 : 22A8)
*** Found a (4MB) CFI Compatiable Flash Chip from Macronix

    - Flash Chip Window Start .... : 1FC00000
    - Flash Chip Window Length ... : 00400000
    - Selected Area Start ........ : 1FC00000
    - Selected Area Length ....... : 00040000

*** You Selected to Flash the CFE.BIN ***

=========================
Flashing Routine Started
=========================
Total Blocks to Erase: 11

Erasing block: 1 (addr = 1FC00000)...Done
Erasing block: 2 (addr = 1FC02000)...Done
....
Erasing block: 8 (addr = 1FC0E000)...Done
Erasing block: 9 (addr = 1FC10000)...Done
Erasing block: 10 (addr = 1FC20000)...Done
Erasing block: 11 (addr = 1FC30000)...Done

Loading CFE.BIN to Flash Memory...
   3%   bytes = 8448
dma write not correctly !!
3809CCFD - FFFFCCFD
dma write not correctly !!
3E4F9D36 - 3E4FFFFF
   3%   bytes = 9248
dma write not correctly !!
777BED35 - FFFFED35
   4%   bytes = 12576
dma write not correctly !!
3F62309F - 3F62304F
   5%   bytes = 14304
dma write not correctly !!
2ADD073A - FFFF073A
   5%   bytes = 14688
dma write not correctly !!
1BA18939 - FFFF8939
   5%   bytes = 15008
dma write not correctly !!
EA50D8A4 - E6125EE0
   6%   bytes = 16128
dma write not correctly !!
C5A8B269 - C5A8FFFF
   6%   bytes = 16672
dma write not correctly !!
1C6D4CDF - 1C6D4C6F
   6%   bytes = 17184
dma write not correctly !!
B2CAB9DF - B2CAB96F
   7%   bytes = 20032
Done  (CFE.BIN loaded into Flash Memory OK)

=========================
Flashing Routine Complete
=========================
elapsed time: 101 seconds

*** REQUESTED OPERATION IS COMPLETE ***
</code>
回复

举报

hugebird
 楼主| 发表于 2011-2-9 09:57:57 | 显示全部楼层
回复 uzer222 的帖子

The error info show partial write failure. May caused by not enough polling time delay for older MXIC flash chip. try add /L4:128 switch let polling time delay to 128us
>brjtag -flash:cfe /cable:3 /L4:128 /L1:5
or
> brjtag -flash:cfe /cable:3 /L9:1
or
> brjtag -flash:cfe /cable:3 /safemode
回复

举报

uzer222
发表于 2011-2-10 07:05:43 | 显示全部楼层
本帖最后由 uzer222 于 2011-2-10 07:15 编辑

回复 hugebird 的帖子

> brjtag -flash:cfe /cable:3 /L4:128 /L1:5     - this command makes much errors
> brjtag -flash:cfe /cable:3 /L9:1  - this -many
> brjtag -flash:cfe /cable:3 /safemode  - this ok

thanks!

maybe you know about this error? this error appears sometimes

> brjtag -probeonly /erasechip /port:e000

  2.          Broadcom EJTAG Debrick Utility v2.0.1-hugebird
  3. Probing bus ... Done
  4. Detected IR Length is 5
  5. CPU assumed running under BIG endian

  7. CPU Chip ID: 00000110001101001000000101111111 (0634817F)
  8. *** Found a Broadcom manufactured BCM6348 REV 01 CPU ***

  10.     - EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
  11.     - EJTAG Version ....... : 1 or 2.0
  12.     - EJTAG DMA Support ... : Yes
  13.     - EJTAG Implementation flags: R4k MIPS32

  15. Issuing Processor / Peripheral Reset ... Done
  16. Enabling Memory Writes ... Done
  17. Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done
  18. Clearing Watchdog ... Done
  19. Loading CPU Configuration Code ... Skipped
  20. [b]Detecting Flash Base Address...Address invalid!, Skipped.[/b]

  22. Probing Flash at Address: 0x1FC00000 ...
  23. [b]Detected pFlash Chip ID (VenID:DevID = 0000 : 0000)[/b]
  24. *** Unknown or NO Flash Chip Detected ***
  25. *** REQUESTED OPERATION IS COMPLETE ***
复制代码

回复

举报

hugebird
 楼主| 发表于 2011-2-10 10:13:17 | 显示全部楼层
本帖最后由 hugebird 于 2011-2-10 10:15 编辑

回复 uzer222 的帖子

Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done

very common error,  avoid this error by optimizting the delay between power-on device and running brjtag command.
*) When using this utility, usually it is best to type the command line
            out, then power up the router, about 0.5 second delay, hit <ENTER>
             quickly to avoid bad CFE code lead to <CPU NOT enter Debug mode>
             or the CPUs watchdog interfering with the EJTAG operations.

If always not enter debug mode, Maybe the currupt CFE lead cpu reject jtag debugging. could short flash oe# pin to GND (shall OE# to vcc with a resistance, but oe# to gnd also works) before power-on device, prevent from boot code loading, then running brjtag. follow the pic show.



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

×
回复

举报

thethree
发表于 2011-2-12 21:22:50 | 显示全部楼层
用 dma 写 wrt54gs 不工作:


  2. c:\brjtag.exe -flash:cfe /noemw /cable:1

  4.         ===============================================
  5.          Broadcom EJTAG Debrick Utility v1.9o-hugebird
  6.         ===============================================


  9. Set I/O speed to 6000 KHz

  11. USB TAP device has been initialized. Please confirm VREF signal connected!
  12. Press any key to continue... ONCE target board is powered on!

  14. Probing bus ... Done

  16. Detected IR Length is 8

  18. CPU assumed running under LITTLE endian

  20. CPU Chip ID: 00010100011100010010000101111111 (1471217F)
  21. *** Found a Broadcom manufactured BCM4712 REV 01 CPU ***

  23.     - EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
  24.     - EJTAG Version ....... : 1 or 2.0
  25.     - EJTAG DMA Support ... : Yes
  26.     - EJTAG Implementation flags: R4k MIPS32

  28. Issuing Processor / Peripheral Reset ... Done
  29. Enabling Memory Writes ... Skipped
  30. Halting Processor ... <Processor Entered Debug Mode!> ... Done
  31. Clearing Watchdog ... Done
  32. Loading CPU Configuration Code ... Skipped

  34. Probing Flash at Address: 0x1FC00000 ...
  35. Detected Chip ID (VenID:DevID = 0089 : 0017)
  36. *** Found a Intel 28F640J3 4Mx16       (8MB) Flash Chip from Intel

  38.     - Flash Chip Window Start .... : 1C000000
  39.     - Flash Chip Window Length ... : 00800000
  40.     - Selected Area Start ........ : 1C000000
  41.     - Selected Area Length ....... : 00040000

  43. *** You Selected to Flash the CFE.BIN ***

  45. =========================
  46. Flashing Routine Started
  47. =========================
  48. Total Blocks to Erase: 2

  50. Erasing block: 1 (addr = 1C000000)...Done
  51. Erasing block: 2 (addr = 1C020000)...Done

  53. Loading CFE.BIN to Flash Memory...

  55. dma write not correctly !!
  56. 10000817 - 00800080

  58. dma write not correctly !!
  59. 00000000 - 00800080

  61. dma write not correctly !!
  62. 00000000 - 00800080

  64. dma write not correctly !!
  65. 00000000 - 00800080

  67. dma write not correctly !!
  68. 00000000 - 00800080

  70. dma write not correctly !!
  71. 00000000 - 00800080

  73. dma write not correctly !!
  74. 00000000 - 00800080
复制代码

不用 dma, 写到 89% 就停了:

  1. c:\brjtag.exe -flash:cfe /noemw /nodma /cable:1

  3.         ===============================================
  4.          Broadcom EJTAG Debrick Utility v1.9o-hugebird
  5.         ===============================================


  8. Set I/O speed to 6000 KHz

  10. USB TAP device has been initialized. Please confirm VREF signal connected!
  11. Press any key to continue... ONCE target board is powered on!

  13. Probing bus ... Done

  15. Detected IR Length is 8

  17. CPU assumed running under LITTLE endian

  19. CPU Chip ID: 00010100011100010010000101111111 (1471217F)
  20. *** Found a Broadcom manufactured BCM4712 REV 01 CPU ***

  22.     - EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
  23.     - EJTAG Version ....... : 1 or 2.0
  24.     - EJTAG DMA Support ... : Yes
  25.     - EJTAG Implementation flags: R4k MIPS32
  26.     *** DMA Mode Forced Off ***

  28. Issuing Processor / Peripheral Reset ... Done
  29. Enabling Memory Writes ... Skipped
  30. Halting Processor ... <Processor Entered Debug Mode!> ... Done
  31. Clearing Watchdog ... Done
  32. Loading CPU Configuration Code ... Skipped

  34. Probing Flash at Address: 0x1FC00000 ...
  35. Detected Chip ID (VenID:DevID = 0089 : 0017)
  36. *** Found a CFI Compatiable Flash Chip from Intel

  38.     - Flash Chip Window Start .... : 1C000000
  39.     - Flash Chip Window Length ... : 00800000
  40.     - Selected Area Start ........ : 1C000000
  41.     - Selected Area Length ....... : 00040000

  43. *** You Selected to Flash the CFE.BIN ***

  45. =========================
  46. Flashing Routine Started
  47. =========================
  48. Total Blocks to Erase: 2

  50. Erasing block: 1 (addr = 1C000000)...Done
  51. Erasing block: 2 (addr = 1C020000)...Done

  53. Loading CFE.BIN to Flash Memory...
  54. ^C89%   bytes = 234060
  55. c:\>
复制代码

用 2.01 也是一样的结果。

有人试过吗?
谢谢!

回复

举报

hugebird
 楼主| 发表于 2011-2-13 01:12:04 | 显示全部楼层
回复 hugebird 的帖子

2.02

- 修正2.01 引入的一个读取错误
-为hidbrjtag rom增加并行flash写入状态查询。一直以来并行flash写入是以精确延时来保证写入正确,在对较老设备进行写入时延时不好调整,2.02配合hidbrjtag rom可以查询flash的写入状态标志,从而可以有更好的兼容性。效率可能会比精确延时差。
通过/L4:128激活。



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

×
回复

举报

hugebird
 楼主| 发表于 2011-2-13 01:18:16 | 显示全部楼层
回复 thethree 的帖子

手里没有intel芯片的设备,这部分从没测试过。
看你写入用6MHz,这个速度很难成功的。用/L1:xxx参数将速度降到2MHz一下为好。
ft2232, 可以用/L1:5 降到1MHz
或者用/L9:1选择安全写入脚本。

还有就是是否部分写入成功还是根本无法写入,给的信息太少,无法进行判断
回复

举报

下一页 »
1 ...102103104105106107108109... 127下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

关闭

站长推荐上一条 /1 下一条

Archiver|小黑屋|宽带技术网 |网站地图 粤公网安备44152102000001号

相关侵权、举报、投诉及建议等,请发 E-mail:yesdong@qq.com

Powered by Discuz! X5.0 Licensed © 2001-2026 Discuz! Team.44152102000001

在本版发帖QQ客服返回顶部