<div dir="ltr">Hello,<br><div>This is a python script to download flash memory content.</div><div><br></div><div>import serial<br>import time<br>import re<br><br>dev_name = '/dev/ttyACM0'<br>scoop_size = 0x80<br><br>def xmit(data, xtimeout=0.1):<br> response = b''<br> try:<br> with serial.Serial(dev_name, timeout=xtimeout) as ser:<br> ser.write(data.encode())<br> while True:<br> response_tmp = ser.read(1024)<br> response += response_tmp<br> if not len(response_tmp) == 1024:<br> break<br> except (OSError, FileNotFoundError, serial.serialutil.SerialException) as e:<br> print('IO exception')<br> time.sleep(2)<br> return response.decode('utf-8')<br><br>def send_at(at_cmd):<br> at_cmd += '\r'<br> return xmit(at_cmd, xtimeout=1.0)<br><br>def get_mtd_table():<br> response = xmit('mtd\r')<br> start = response.find('#:')<br> if start < 0:<br> return ''<br> line_idx = 0<br> output = []<br> for line in response[start:].split('\n\r'):<br> if len(line) < 2:<br> break<br> if line.find('#') >= 0:<br> continue<br> rows = line.split()<br> row_idx = 0<br> row_dict ={}<br> row_names = ["idx", "name", "size", "offset", "flags"]<br> for row in rows:<br> if row_idx == 0:<br> row = re.sub('\:$', '', row)<br> row_dict[row_names[row_idx]] = row<br> row_idx += 1<br> output.append(row_dict)<br> line_idx += 1<br> return output<br><br>def dump_part(record):<br> part_size = int(record['size'], 16)<br> name = record['name']<br> fd = open(name, 'wb')<br> response = xmit('nand read ${loadaddr} ' + name + '\r')<br> print(response)<br> response = xmit('md.l ${loadaddr} ' + hex(scoop_size) + '\r')<br> start_part_addr = -1<br> start_line_addr = 0<br> linear_addr = 0<br> run = True<br> while run:<br> for line in response.split('\n\r'):<br> if not run:<br> break<br> if line.find(':') < 0:<br> continue<br> rows = line.split()<br> start_line_addr = int(re.sub('\:$', '', rows[0]), 16)<br> if start_part_addr < 0:<br> start_part_addr = start_line_addr<br> if start_line_addr != linear_addr + start_part_addr:<br> print('error: linear_addr {} != start_line_addr {}'.format(linear_addr + start_part_addr, start_line_addr))<br> for i in range(1,5):<br> fd.write(int(rows[i], 16).to_bytes(4, byteorder='big', signed=False))<br> linear_addr += 4<br> if linear_addr >= part_size:<br> run = False<br> break<br> print('linear_addr {}, part_size {}'.format(linear_addr, part_size))<br> if linear_addr >= part_size:<br> run = False<br> break<br> else:<br> response = xmit('\r')<br> fd.close()<br> xmit(' \r')<br><br>for n in range(4):<br> response = send_at('AT')<br> if len(response) > 0:<br> break<br> else:<br> time.sleep(4)<br>send_at('AT')<br>response = send_at('AT+CFUN?')<br>if response.find('+CFUN:') >= 0:<br> print('in AT mode')<br> send_at('AT+CFUN=1,1')<br> time.sleep(1)<br> response = xmit(' \r')<br> while response.find('#') < 0:<br> time.sleep(1)<br> response = xmit(' \r')<br>if response.find('#') >= 0:<br> print('in U-Boot')<br> xmit(' \r')<br> mtd_table = get_mtd_table()<br> for record in mtd_table:<br> dump_part(record)<br> print('switching back into AT mode')<br> xmit('run boot_default\r')<br>else:<br> print('error: switching into U-Boot failed')<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 29 Jan 2020 at 00:28, Elias Devoldere <<a href="mailto:eldevoldere@gmail.com">eldevoldere@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hello,</div><div>I was playing with LTE modem R11e-4G based on ALT3800-B0 chipset.</div><div><span lang="en"><span title="">I was amazed when I got a U-Boot console after command at+cfun=1,1 and sending several random characters. <span lang="en"><span title="">I assume it's not news for seasoned wolves who hunt here.</span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">As a modem rookie I did not find a relevant link to this topic during Google's fast search.</span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><br></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">My questions.</span><br><span title="">Is this behavior generally known?</span><br><span title="">Can this be a one-piece property (I have only one piece)?</span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">Could it be useful for interesting research?</span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">Is there anyone who cares about it?</span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><br></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">I will try to extract parts of the memory using U-boot.</span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><br></span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">Below you find pieces of the listing.</span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><br></span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">Best,</span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">Elias<br></span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><br></span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""># help<br>help<br>? - alias for 'help'<br>base - print or set address offset<br>bdinfo - print Board Info structure<br>boot - boot default, i.e., run 'bootcmd'<br>bootd - boot default, i.e., run 'bootcmd'<br>bootelf - Boot from an ELF image in memory<br>bootfw - Load and boot FW from ELF image in memory<br>bootm - boot application image from memory<br>bootp - boot image via network using BOOTP/TFTP protocol<br>bootvx - Boot vxWorks from an ELF image<br>chpart - change active partition<br>clocks - print clock configuration<br>cmp - memory compare<br>coninfo - print console devices and information<br>cp - memory copy<br>crc32 - checksum calculation<br>create_bdinfo- Create Board info<br>dhcp - boot image via network using DHCP/TFTP protocol<br>dip - show the Boot mode configuration options<br>echo - echo args to console<br>editenv - edit environment variable<br>env - environment handling commands<br>exit - exit script<br>false - do nothing, unsuccessfully<br>fdt - flattened device tree utility commands<br>fsinfo - print information about filesystems<br>fsload - load binary file from a filesystem image<br>fsloadbsp- load bsp binary files from a filesystem image<br>fstest - testing filesystems<br>go - start application at address '[*]addr' (possibly be indirect address)<br>gpio - input/set/clear/toggle gpio pins<br>help - print command description/usage<br>i2c - I2C sub-system<br>iminfo - print header information for application image<br>imxtract- extract a part of a multi-image<br>initfw - Init FW PLLs<br>itest - return true/false on integer compare<br>kermit_stat- Show statistics of the last Kermit session<br>kermit_stat_print- print kermit statistics at the end of session<br>loadb - load binary file over serial line (kermit mode)<br>loads - load S-Record file over serial line<br>loady - load binary file over serial line (ymodem mode)<br>loop - infinite loop on address range<br>loopw - infinite write loop on address range<br>ls - list files in a directory (default /)<br>md - memory display<br>md5sum - compute MD5 message digest<br>mdc - memory display cyclic<br>mii - MII utility commands<br>mm - memory modify (auto-incrementing address)<br>mtdparts- define flash/nand partitions<br>mtest - simple RAM read/write test<br>mw - memory write (fill)<br>mwc - memory write cyclic<br>nand - NAND sub-system<br>nandotp - NAND OTP sub-system<br>nboot - boot from NAND device<br>nfs - boot image via network using NFS protocol<br>nm - memory modify (constant address)<br>ping - send ICMP ECHO_REQUEST to network host<br>printenv- print environment variables<br>rarpboot- boot image via network using RARP/TFTP protocol<br>reginfo - print register information<br>reset - Perform RESET of the CPU<br>reset_cause- print reset cause<br>run - run commands in an environment variable<br>saveenv - save environment variables to persistent storage<br>setenv - set environment variables<br>show_bdinfo- Show board info<br>showvar - print local hushshell variables<br>sleep - delay execution for some time<br>source - run script from memory<br>test - minimal test like /bin/sh<br>tftpboot- boot image via network using TFTP protocol<br>true - do nothing, successfully<br>unlzo - decopress a lzo memory region<br>unzip - unzip a memory region<br>version - print monitor, compiler and linker version</span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><br></span></span></span></span></span></span></span></span></span></span></span></span></span></span></div><div><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title=""><span lang="en"><span title="">U-Boot 2012.10 (Aug 09 2018 - 10:17:38)<br>mips-fourgee3100-linux-uclibc-gcc (0.1) 4.5.3<br>GNU ld (GNU Binutils) 2.21<br><br>#<br>baudrate=115200<br>boot_default=run flash_boot<br>boot_nand_mtd=run
nand_choose_rootfs; run flash_set_bootargs; nboot kernel${boot_number};
nand read ${dtb_addr} dtb${boot_number} ${dtb_size}; bootm ${loadaddr} -
${dtb_addr}<br>boot_nand_ramfs=run ram_set_bootargs; nboot kernel${boot_number}; bootm<br>boot_number=2<br>boot_option=boot_default<br>boot_tftp_ramfs=run ram_set_bootargs; ${tftpbootcmd} vmlinux.uboot; bootm ${loadaddr}<br>bootcmd=if itest.b 0 == *a00d001b; then run ${boot_option}; else echo 'GUESS MODE - NO BOOT ALLOWED !!!'; fi<br>bootdelay=6<br>bootm_low=0x82100000<br>bootm_size=0x6000000<br>cdc_connect_timeout=10<br>consoledev=ttyS0<br>dtb_addr=0x84000000<br>dtb_file=alt3802.dtb<br>dtb_size=0x4000<br>env_check=if test ${env_saved} = 0; then setenv env_saved 1; saveenv; fi<br>env_configured_size=0x4000<br>env_saved=1<br>erase_env_nand=nand erase.part env; nand erase.part backup_env<br>eth_phy_mode=rmii<br>ethact=usb_ether<br>ethaddr=00:E0:0C:00:11:A0<br>fastboot=setenv
loadaddr ${fastboot_loadaddr};run loadfw; if test $? -eq 0; then bootfw
${unziped_fwaddr} 1; fi; run loadotp; if run loadbsp;then run
process_fw; fi;<br>fastboot_loadaddr=0x82800000<br>fdt_high=0x83000000<br>fdtdbg=no<br>flash_boot=run
nand_choose_rootfs; run flash_set_bootargs; run fastboot; nboot
kernel${boot_number}; nand read ${dtb_addr} dtb${boot_number}
${dtb_size}; bootm ${loadaddr} - ${dtb_addr}<br>flash_set_bootargs=setenv
bootargs $ip root=${root} rw rootfstype=jffs2
console=$consoledev,$kernel_baudrate $othbootargs $kernellog<br>gatewayip=0.0.0.0<br>hostname=alt3800<br>initrd_high=0x83000000<br>ipaddr=10.0.0.1<br>kernel_baudrate=115200<br>kernel_file=uImage<br>kernellog=quiet<br>load_fw=run load_phy_fw; run load_lte_fw<br>load_lte_fw=${tftpbootcmd} $lte_fw; setenv fw_type LTE; bootelf<br>load_phy_fw=${tftpbootcmd} $phy_fw; setenv fw_type PHY; bootelf<br>loadaddr=0x80100000<br>loadbsp=chpart nvm; fsloadbsp 1 ${ramFilesShAddr} band_list bandbp file_list bspfilesbp<br>loadfw= nand read.jffs2 ${loadaddr} modem_fw${boot_number}; unlzo ${loadaddr} ${unziped_fwaddr};<br>loadotp=nandotp read ${ramOtpShAddr} spl 20<br>lte_fw=PS100_RealPHY.elf<br>mtdparts=mtdparts=alt3800_nfc:512k(spl),768k(uboot1),768k(uboot2),256k(env),256k(backup_env),3m(nvm),3m(kernel1),256k(dtb1),37m(rootfs1),3m(kernel2),256k(dtb2),37m(rootfs2),4m(modem_fw1),4m(modem_fw2),-(tstorage)<br>nand128_mtdparts=mtdparts=alt3800_nfc:512k(spl),768k(uboot1),768k(uboot2),256k(env),256k(backup_env),3m(nvm),3m(kernel1),256k(dtb1),37m(rootfs1),3m(kernel2),256k(dtb2),37m(rootfs2),4m(modem_fw1),4m(modem_fw2),-(tstorage)<br>nand128_scheme2_mtdparts=mtdparts=alt3800_nfc:512k(spl),768k(uboot1),768k(uboot2),256k(env),256k(backup_env),3m(nvm),4m(kernel1),256k(dtb1),53m(rootfs1),4m(kernel2),256k(dtb2),53m(rootfs2),4m(modem_fw1),4m(modem_fw2)<br>nand256_mtdparts=mtdparts=alt3800_nfc:512k(spl),768k(uboot1),768k(uboot2),256k(env),256k(backup_env),3m(nvm),4m(kernel1),256k(dtb1),40m(rootfs1),4m(kernel2),256k(dtb2),40m(rootfs2),4m(modem_fw1),4m(modem_fw2),10m(ua),-(tstorage)<br>nand_choose_rootfs=if test 1 = ${boot_number}; then setenv root /dev/mtdblock8;else setenv root /dev/mtdblock11; fi<br>nand_erasesize=20000<br>nand_oobsize=40<br>nand_uboot_file=u-boot.bin<br>nand_uboot_spl_file=u-boot-spl.bin.alt3800<br>nand_writesize=800<br>nc=run nchelp; setenv stdin nc;setenv stdout nc;setenv stderr nc<br>nchelp=echo On the host side run the script: ./netconsole $ipaddr $ncinport<br>ncinport=6665<br>ncip=10.0.0.10<br>ncmux=run nchelp; setenv stdout ${stdout},nc; setenv stdin ${stdin},nc; setenv stderr ${stderr},nc<br>ncoutport=6665<br>netdev=eth0<br>netmask=255.255.0.0<br>nvm_file=nvm.jffs2.img<br>phy_dbgstreamer=0<br>phy_fw=Lte.out<br>phy_sniffer=0<br>preboot=run env_check; if test -n $prebootcmd; then echo; echo Running pre-boot command; run prebootcmd;fi;<br>process_fw=initfw; bootfw ${unziped_fwaddr} 0<br>ramFilesShAddr=0xA030004c<br>ramOtpShAddr=0xA0300000<br>ram_set_bootargs=setenv bootargs $ip root=/dev/ram rw console=$consoledev,$kernel_baudrate $othbootargs $kernellog<br>rootfs_file=rootfs.jffs2.img<br>ser=setenv stdin serial;setenv stdout serial;setenv stderr serial<br>serverip=10.0.0.10<br>set_ip=setenv ip ip=$ipaddr:$serverip:$gatewayip:$netmask:$hostname:$netdev:off<br>stderr=serial,usbtty<br>stdin=serial,usbtty<br>stdout=serial,usbtty<br>testdramaddress=no<br>testdramcache=yes<br>testdramcount=1<br>testdramdata=no<br>testdramsize=0x08000000<br>testdramstart=0x80100000<br>testdramwalk=no<br>tftpbootcmd=tftpboot<br>toggle_boot_number=if test 1 = ${boot_number}; then set boot_number 2; else set boot_number 1; fi; saveenv<br>unziped_fwaddr=0x83000000<br>update_all=run update_all_nand<br>update_all_nand=run update_kernel_nand update_dtb_nand update_rootfs_nand<br>update_dtb=run update_dtb_nand<br>update_dtb_nand=if
${tftpbootcmd} ${dtb_file}; then nand erase.part dtb${boot_number};
nand write ${loadaddr} dtb${boot_number} ${filesize}; fi<br>update_kernel=run update_kernel_nand<br>update_kernel_nand=if
${tftpbootcmd} ${kernel_file}; then nand erase.part
kernel${boot_number}; nand write ${loadaddr} kernel${boot_number}
${filesize}; fi<br>update_linux=${tftpbootcmd} uImage<br>update_multi_img=run update_multi_img_nand<br>update_multi_img_nand=setenv kernel_file vmlinux.uboot; run update_kernel_nand<br>update_nvm=run update_nvm_nand<br>update_nvm_nand=if ${tftpbootcmd} ${nvm_file}; then nand erase.part nvm; nand write ${loadaddr} nvm ${filesize}; fi<br>update_ramdisk=${tftpbootcmd} $ramdiskaddr ramdisk.gz.uboot<br>update_rootfs=run update_rootfs_nand<br>update_rootfs_nand=if
${tftpbootcmd} ${rootfs_file}; then nand erase.part
rootfs${boot_number}; nand write ${loadaddr} rootfs${boot_number}
${filesize}; fi<br>update_uboot=run update_uboot_nand<br>update_uboot_nand=run update_uboot_nand_spl update_uboot_nand_non_spl erase_env_nand<br>update_uboot_nand_non_spl=if
${tftpbootcmd} ${nand_uboot_file}; then nand erase.part uboot1; nand
write ${loadaddr} uboot1 ${filesize}; nand erase.part uboot2; nand write
${loadaddr} uboot2 ${filesize}; fi<br>update_uboot_nand_spl=if
${tftpbootcmd} ${nand_uboot_spl_file}; then nand erase.part spl; nand
write ${loadaddr} spl ${filesize}; fi<br>usbphymode=0<br>usbtty=cdc_acm<br>ver=U-Boot 2012.10 (Aug 09 2018 - 10:17:38)<br><br>Environment size: 6184/16379 bytes<br><br>mtdparts<br><br>device nand0 <alt3800_nfc>, # parts = 15<br> #: name size offset mask_flags<br> 0: spl 0x00080000 0x00000000 0<br> 1: uboot1 0x000c0000 0x00080000 0<br> 2: uboot2 0x000c0000 0x00140000 0<br> 3: env 0x00040000 0x00200000 0<br> 4: backup_env 0x00040000 0x00240000 0<br> 5: nvm 0x00300000 0x00280000 0<br> 6: kernel1 0x00300000 0x00580000 0<br> 7: dtb1 0x00040000 0x00880000 0<br> 8: rootfs1 0x02500000 0x008c0000 0<br> 9: kernel2 0x00300000 0x02dc0000 0<br>10: dtb2 0x00040000 0x030c0000 0<br>11: rootfs2 0x02500000 0x03100000 0<br>12: modem_fw1 0x00400000 0x05600000 0<br>13: modem_fw2 0x00400000 0x05a00000 0<br>14: tstorage 0x02200000 0x05e00000 0<br><br>active partition: nand0,0 - (spl) 0x00080000 @ 0x00000000<br><br>defaults:<br>mtdids : nand0=alt3800_nfc<br>mtdparts: uninitialized<br></span></span></span></span></span></span></span></span></span></span></span></span></div></div>
</blockquote></div>