Hacking Build your own dongle (Research and development thread)

[Pacote]

I will order tomorrow the one I linked the picture and open to see the revision.

Then I will probably ask you guys for help cause I was reading the guide and I had no clue one how to even start.

My most advanced deal with openwrt (dd-wrt and tomato) was to simple flash a router with the .bin and that was it.

I have no idea how to setup that router and make it so when I connecto the switch it would just spill the code.

But then again Im on 2.3.0 so I think it wouldnt work for me, and only pegaswitch correct?

 

[Wierd_w]

I will order tomorrow the one I linked the picture and open to see the revision.

Then I will probably ask you guys for help cause I was reading the guide and I had no clue one how to even start.

My most advanced deal with openwrt (dd-wrt and tomato) was to simple flash a router with the .bin and that was it.

I have no idea how to setup that router and make it so when I connecto the switch it would just spill the code.

But then again Im on 2.3.0 so I think it wouldnt work for me, and only pegaswitch correct?

I have not tried to build retr0id's GIT source yet. It looks lean when I looked at it. I expect it pulls the source tarballs for openwrt and pals on the fly, then applies the patch. Instructions would be similar to installing ordinary openwrt.

Looks like he wants you to pull the lede project source tarball, extract it, download his tarball/git, copy the contents of his git into the lede sources folder, then enter menuconfig, select his package as a module, then build.

Result is a stock firmware flashable image. You would tell the device's firmware updater that you have an "update" for it, then send that file. It will reprogram itself with the package, and bob's your uncle.

 

[Mrdx]

Guys, just wait for the SX release and shortly after we will see many chinese copies of the dongle to launch payloads, self powered, USB-C connector and half the price

 

[Retr0id]

Guys, just wait for the SX release and shortly after we will see many chinese copies of the dongle to launch payloads, self powered, USB-C connector and half the price

If you read the thread, you'd know that there are already cheap ($12) chinese "dongles" capable of launching payloads (you *do* need an A-to-C adapter, but that's only another ~$2). There is no need to "wait" for TX to do anything, since they aren't doing anything new and we already know exactly what their "dongle" does.

That said, cheaper SAMD21 (et al.) based devices are sure to pop up eventually, both for internal "modchip" and external "dongle" usage. However, I still don't see them going much below $12 (that's already less than the price of a basic SAMD21 dev board (~$13)...)

 

[guily6669]

If someone would make a FW hack for the CronusMAx or Titan one would also be cool... I have CM V1.

Anyway Kate said that she will give the info to build a DiY chip later, though most likely I will probably just try with my old smartphone to see if it works.

 

[hackotedelaplaqu]

I have a spare Alcatel Linkzone 4g/wifi router. I can flash fusee-lede on it?

 

[Wierd_w]

I have a spare Alcatel Linkzone 4g/wifi router. I can flash fusee-lede on it?

I can't find any information on this device, so probably not... Let me see if Alcatel has GPL source package.
I cannot find a vendor GPL sources package either. I see that it claims to have more than adequate flash and ram, but the SoC apparently is a bit wonky according to LEDE forums.
I would tentatively say "No", do to insufficient source packages to work with.

 

[subcon959]

If this ever progresses to an internal solution then I'll be extremely interested.

 

[softwareengineer]

Oh it's coming alright... Internals are in the works!

 

[Hodorian]

what about github/brandonlw/Psychson ?

That is a custom firmware for a usb flash drive. However since it has usb.h already implemented, it should be easy to modify the firmware/main.c to execute the fuse Gele: github/DavidBuchanan314/fusee-lede.

The hardware would be just a normal usb dongle (e.g. Kingston DataTraveler 3.0 T111 8GB ~~7€).


I'm not sure about the power over usb-otg. Is the xecuter dongle running on battery power?

 

[sweetlilmre]

what about github/brandonlw/Psychson ?

That is a custom firmware for a usb flash drive. However since it has usb.h already implemented, it should be easy to modify the firmware/main.c to execute the fuse Gele: github/DavidBuchanan314/fusee-lede.

The hardware would be just a normal usb dongle (e.g. Kingston DataTraveler 3.0 T111 8GB ~~7€).


I'm not sure about the power over usb-otg. Is the xecuter dongle running on battery power?

Wouldn't this be USB device only though? I'd be impressed if you could get host mode out of a flash drive.

-(e)

 

[Poketrekker]

Would this one work?

https://www.aliexpress.com/item/Adr...ro-USB-Wireless-Router-JUN23/32687557800.html

Cheapest one I could find at just over 6 Euro

This one is 9 Euro:

https://www.ebay.ie/itm/5-IN-1-Mini...298892?hash=item41d67b9a4c:g:pbQAAOSwCcZaMSZB

 

[Retr0id]

I can't find any information on this device, so probably not... Let me see if Alcatel has GPL source package.
I cannot find a vendor GPL sources package either. I see that it claims to have more than adequate flash and ram, but the SoC apparently is a bit wonky according to LEDE forums.
I would tentatively say "No", do to insufficient source packages to work with.

If you can get a root shell on it, in theory you can still run fusee-nano - no real need to actually replace the entire firmware. You'd have to do the EHCI patch in-memory, but that can be done. If the rootfs is not writable, that would be a bit annoying since you wouldn't be able to install permanently.

 

[Wierd_w]

If you can get a root shell on it, in theory you can still run fusee-nano - no real need to actually replace the entire firmware. You'd have to do the EHCI patch in-memory, but that can be done. If the rootfs is not writable, that would be a bit annoying since you wouldn't be able to install permanently.

Often times if you have root shell, you can remount rootfs as rw on such hardware. Getting root shell is the trick.

 

[Wierd_w]

Would this one work?

https://www.aliexpress.com/item/Adr...ro-USB-Wireless-Router-JUN23/32687557800.html

Cheapest one I could find at just over 6 Euro

This one is 9 Euro:

https://www.ebay.ie/itm/5-IN-1-Mini...298892?hash=item41d67b9a4c:g:pbQAAOSwCcZaMSZB

Those look like the "Without battery" and "With battery", respectively. Again, remember that this hardware is highly variable, so there is a chance it will work, not a guarantee.

--------------------- MERGED ---------------------------

Oh it's coming alright... Internals are in the works!

Which hardware did you settle on? Inquiring mind wishes to know.

 

[Hodorian]

Wouldn't this be USB device only though? I'd be impressed if you could get host mode out of a flash drive.

-(e)

You are right. I've somehow misunderstood the concept of usb device and host with an otg adapter.


Back to the power question:

Does the "Without battery"-china router need an external power source?

Because i'm experimenting around with the pi zero. My problem is, connected as an host, it' doesn't receive any power.

 

[Wierd_w]

You are right. I've somehow misunderstood the concept of usb device and host with an otg adapter.


Back to the power question:

Does the "Without battery"-china router need an external power source?

Because i'm experimenting around with the pi zero. My problem is, connected as an host, it' doesn't receive any power.

It does. It is powered over the micro-usb connector on the side. I asked Retr0id if his model can be backfed through the host port (as cheap hardware like this often takes shortcuts, and wiring the power rails of both ports together would cut down on component costs at the expense of being unsound electronics design-- but that does not really seem to be a major concern with many chinese brandless devices) but he did not give a reply yet. Regardless, I hear from multiple sources that RCM mode disables power output through the NX's USB-C port. That means either internal battery or external power pack/charger.

 

[Red1Reaper]

It does. It is powered over the micro-usb connector on the side. I asked Retr0id if his model can be backfed through the host port (as cheap hardware like this often takes shortcuts, and wiring the power rails of both ports together would cut down on component costs at the expense of being unsound electronics design-- but that does not really seem to be a major concern with many chinese brandless devices) but he did not give a reply yet. Regardless, I hear from multiple sources that RCM mode disables power output through the NX's USB-C port. That means either internal battery or external power pack/charger.

Maybe this can provite battery enought time to load a payload: https://hackaday.io/project/25107-single-supercapacitor-ups-for-raspberry-pi

 

[Wierd_w]

Maybe this can provite battery enought time to load a payload: https://hackaday.io/project/25107-single-supercapacitor-ups-for-raspberry-pi

Something similar should be possible with a teensie, or other compact and low power micro. That implementation is a bit too large for living inside the switch, (or even inside the cited 'without battery' router.)

I suggested as such on the dischord chat. Premise would be a bit like this:

NX powers on, power to USB rails is active. This powers on the micro, and charges the capacitor.

Early in the boot cycle, the micro executes the first stage of its program, which sends signals out of its gpio pins that cause the NX to panic, and go into RCM. (say, shorting one of the data leads to the eMMC, causing a faulted read-- doing the exact thing that autoRCM does, but without actually overwriting the eMMC-- The NX gets a "corrupt read", and panics, going into RCM, or shorting the two pins on the joycon and the volume button, or whatever.).

The NX then disables power to the USB port, and the micro continues running on the capacitor.

It waits for the NX to present its Ven and Unit IDs in RCM mode over the usb port's data pins. It then sends the injected payload after putting its GPIO pins back low (re-enabling the eMMC, or however else you want to trigger RCM being disabled), and the NX boots.

This turns power on USB back on, and the micro stays powered until you cold boot it again, executing a no-op loop eternally.

A very custom dongle version might be possible to build using a piezo crystal "clicker" (the kind of thing that makes the spark on electric ignition lighters) that jabs voltage at the capacitor to charge it, prior to powering on the switch, and the software autoRCM solution. (you would click the button on top of the dongle a few times to give it a charge and turn on the micro controller prior to inserting it into the port and turning on the NX) I would be afraid of it nuking the NX though.

A battery backed dongle seems the most sane and sensible solution.

 

[DeoNaught]

Something similar should be possible with a teensie, or other compact and low power micro. That implementation is a bit too large for living inside the switch, (or even inside the cited 'without battery' router.)

I suggested as such on the dischord chat. Premise would be a bit like this:

NX powers on, power to USB rails is active. This powers on the micro, and charges the capacitor.

Early in the boot cycle, the micro executes the first stage of its program, which sends signals out of its gpio pins that cause the NX to panic, and go into RCM. (say, shorting one of the data leads to the eMMC, causing a faulted read-- doing the exact thing that autoRCM does, but without actually overwriting the eMMC-- The NX gets a "corrupt read", and panics, going into RCM, or shorting the two pins on the joycon and the volume button, or whatever.).

The NX then disables power to the USB port, and the micro continues running on the capacitor.

It waits for the NX to present its Ven and Unit IDs in RCM mode over the usb port's data pins. It then sends the injected payload after putting its GPIO pins back low (re-enabling the eMMC, or however else you want to trigger RCM being disabled), and the NX boots.

This turns power on USB back on, and the micro stays powered until you cold boot it again, executing a no-op loop eternally.

A very custom dongle version might be possible to build using a piezo crystal "clicker" (the kind of thing that makes the spark on electric ignition lighters) that jabs voltage at the capacitor to charge it, prior to powering on the switch, and the software autoRCM solution. (you would click the button on top of the dongle a few times to give it a charge and turn on the micro controller prior to inserting it into the port and turning on the NX) I would be afraid of it nuking the NX though.

A battery backed dongle seems the most sane and sensible solution.

Why do we need battery powered?

and if we go with the Piezo method, you would want it in a dongle ofc, and then have shitton of stuff making sure voltage is alright, and then putting it in the switch. I honestly think just a small ass battery, like ones inside Ipod nano would be fine, and then just have a micro usb to charge it when need be.


Which discord chat might I ask?

 

[wicksand420]

Hi all, I have a adafruit Trinket M0 and was wondering if anybody could point me to a tutorial on how to load fusee with it.

I know I have to use sam-fusee-launcher but cant find any instructions. Thanks