-
UID:1013759
-
- 注册时间2011-12-08
- 最后登录2024-07-26
- 在线时间1074小时
-
-
访问TA的空间加好友用道具
|
朋友的广电宽带到期了,换成了联通的融合光宽带,原来的创维CM5100同轴猫就闲置了,拆开看看~
外观的话忘记拍了,在官网找到一个同型号的。但朋友的这个是纯桥接,没有WIFI,外观是一样只是没有天线...
其实拆开以后,里面的主板很小,只占1/2不到,跟TP差不多 哈哈哈
【正面】
高频头屏蔽罩和散热片都是焊死的 拆不下来接口也很简单:RF头,复位键,LAN口,12V电源网变是G24107MN,测试了一下是千兆口,旁边有一个TTL接口,看了一下是BCM3383的CPU支持广电Docisis3.0 千兆妥妥的,只是电缆稳定性和延时没有光缆好
【背面】比较简单,能看到就一个ROM芯片
【电源IC】FR9809 中规中矩
【RAM】ESMT M15T1G1664A 128MB
【ROM】比较常见的华邦W25Q64 8MB
正好有TTL和编程器,连接验证一下,波特率115200,ok~【TTL开机界面】- [BEGIN]
- BCM3383F2 Minimum AVS ADC = 849 (938 mv)
- Closure_VAVS = 853
- AVSThresholds low: ro_h = 819, ro_s = 1000
- AVSThresholds high: ro_h = 828, ro_s = 1009
- Sync: 0
- MemSize: 128 M
- Chip ID: BCM3383MR-B0
- BootLoader Version: 2.4.0mp1 caizhongpeng spiboot reduced DDR drive avs
- Build Date: Nov 17 2017
- Build Time: 11:05:07
- SPI flash ID 0xef4017, size 8MB, block size 64KB, write buffer 256, flags 0x0
- Cust key size 128
- Signature/PID: 3383
- Image 1 Program Header:
- Signature: 3383
- Control: 0005
- Major Rev: 0007
- Minor Rev: 0000
- Build Time: 2017/01/17 03:05:08 Z
- File Length: 1577708 bytes
- Load Address: 80004000
- Filename: sto.bin
- HCS: b079
- CRC: 12313b65
- Found image 1 at offset 20000
- Enter '1', '2', or 'p' within 1 seconds or take default...
- Performing CRC on Image 1...
- CRC time = 54264451
- Detected LZMA compressed image... decompressing...
- Target Address: 0x80004000
- decompressSpace is 0x8000000
- Elapsed time 1217444230
- Decompressed length: 7566404
- Executing Image 1...
- eCos - hal_diag_init
- Ecos memory map:
- BLOCK OWNER MIPS SIZE MEM
- Block 0: Owner: 0 - 0x00000000 0x07e00000 0x00000000
- Block 0: Owner: 0 - 0 MB 126 MB 0 MB
- Block 1: Owner: 3 - 0x07e00000 0x00200000 0x07e00000
- Block 1: Owner: 3 - 126 MB 2 MB 126 MB
- 126MB (129024KB) remaining for eCos
- BcmHeapInitialize starts
- Init device '/dev/BrcmTelnetIoDriver'
- Init device '/dev/ttydiag'
- Init tty channel: 8073ae18
- Init device '/dev/tty0'
- Init tty channel: 8073ae38
- Init device '/dev/haldiag'
- HAL/diag SERIAL init
- Init device '/dev/ser0'
- BCM 33XX SERIAL init - dev: b4e00500.2
- Set output buffer - buf: 0x807d1098 len: 4096
- Set input buffer - buf: 0x807d2098 len: 4096
- BCM 33XX SERIAL config...
是BCM3383的CPU 128M+8M 引导的应该是eCos Linux 输入指令居然木有没反应,只对?做出反应(例如he?),其它指令都不行,很神奇有木有啊!!!其它指令应该是被屏蔽了 - CM> system_time
- CM> show all
- CM> he?
- COMMAND: help
- USAGE: help [-t|-l|-s|-i|-a|-lr] [command [...]{126}]
- DESCRIPTION:
- {compiled out}
- EXAMPLES:
- {compiled out}
- ---------------------------------------------------------------------------
- CM> help -l
- CM>aaa
- CM>
 郁闷- root[url=u.php?uid=1837416]@centos[/url] :~/Downloads# binwalk -v cm5100fix.bin
- Scan Time: 2018-10-10 01:19:24
- Target File: /root/Downloads/cm5100fix.bin
- MD5 Checksum: d9442421780b0f8a03fc07bb867f3ba6
- Signatures: 344
- DECIMAL HEXADECIMAL DESCRIPTION
- --------------------------------------------------------------------------------
- 66262 0x102D6 Private key in DER format (PKCS header length: 4, sequence length: 629
- 66288 0x102F0 Private key in DER format (PKCS header length: 4, sequence length: 603
- 67169 0x10661 Certificate in DER format (x509 v3), header length: 4, sequence length: 902
- 68077 0x109ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1089
- 74454 0x122D6 Private key in DER format (PKCS header length: 4, sequence length: 629
- 74480 0x122F0 Private key in DER format (PKCS header length: 4, sequence length: 603
- 75361 0x12661 Certificate in DER format (x509 v3), header length: 4, sequence length: 902
- 76269 0x129ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1089
- 90838 0x162D6 Private key in DER format (PKCS header length: 4, sequence length: 629
- 90864 0x162F0 Private key in DER format (PKCS header length: 4, sequence length: 603
- 91745 0x16661 Certificate in DER format (x509 v3), header length: 4, sequence length: 902
- 92653 0x169ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1089
- 99030 0x182D6 Private key in DER format (PKCS header length: 4, sequence length: 629
- 99056 0x182F0 Private key in DER format (PKCS header length: 4, sequence length: 603
- 99937 0x18661 Certificate in DER format (x509 v3), header length: 4, sequence length: 902
- 100845 0x189ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1089
- 107222 0x1A2D6 Private key in DER format (PKCS header length: 4, sequence length: 629
- 107248 0x1A2F0 Private key in DER format (PKCS header length: 4, sequence length: 603
- 108129 0x1A661 Certificate in DER format (x509 v3), header length: 4, sequence length: 902
- 109037 0x1A9ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1089
- 115414 0x1C2D6 Private key in DER format (PKCS header length: 4, sequence length: 629
- 115440 0x1C2F0 Private key in DER format (PKCS header length: 4, sequence length: 603
- 116321 0x1C661 Certificate in DER format (x509 v3), header length: 4, sequence length: 902
- 117229 0x1C9ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1089
- 123606 0x1E2D6 Private key in DER format (PKCS header length: 4, sequence length: 629
- 123632 0x1E2F0 Private key in DER format (PKCS header length: 4, sequence length: 603
- 124513 0x1E661 Certificate in DER format (x509 v3), header length: 4, sequence length: 902
- 125421 0x1E9ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1089
- root[url=u.php?uid=1837416]@centos[/url] :~/Downloads#
问题来了,怎么解包这个固件啊?
|
