To open it, just remove two screws and take off the top cover:
The Netgear WNR2000 router pinout is well documented , find position J1 inside the router.
At position J1, from right to left the pins are:
GND, RX, TX, VCC(3.3 V)
My usb to ttl cable has 4 different wires with colors:
Black corresponding to GROUND
White corresponding to RX
Green corresponding to TX
Red corresponding to + 5V (will not be used here)
From running
dmesg | grep tty
after connecting the usb to ttl cable to the computer the correct serial device for minicom
is obtained as:
/dev/ttyUSB0
Note that in order to receive data from the router the ttl-cable's RX-wire will be connected to the
TX-port and the ttl-cable's TX-wire to the RX-port, ground is connected to ground:
Next, run
minicom -s
to enter minicom and provide the correct serial device found earlier as
/dev/ttyUSB0
Then power on the router. Boot-messages will appear in minicom and finally one arrives at a
busybox-shell.
Excerpt from boot-log:
Press CTRL-A Z for help on special keys
�
U-Boot 1.1.4.16-g04e9b8bf (May 14 2008 - 17:04:28)
AP81 (ar7100) U-boot
sri
32 MB
Top of RAM usable for U-Boot at: 82000000
Reserving 245k for U-Boot at: 81fc0000
Reserving 192k for malloc() at: 81f90000
Reserving 44 Bytes for Board Info at: 81f8ffd4
Reserving 36 Bytes for Global Data at: 81f8ffb0
Reserving 128k for boot params() at: 81f6ffb0
Stack Pointer at: 81f6ff98
Now running in RAM - U-Boot at: 81fc0000
id read 0x100000ff
flash size 4MB, sector count = 64
Flash: 4MB
In: serial
Out: serial
Err: serial
Net: ag7100_enet_initialize...
Fetching MAC Address from 0x81fea7b0
: cfg1 0xf cfg2 0x7114
eth0: 00:22:3f:04:8b:b9
dup 1 speed 100
eth0 up
eth0
### main_loop entered:
---etc--
## Booting image at bf2a0000 ...
Image Name: Linux Kernel Image
Created: 2008-12-18 9:51:34 UTC
Image Type: MIPS Linux Kernel Image (lzma compressed)
Data Size: 737478 Bytes = 720.2 kB
Load Address: 80060000
Entry Point: 80267000
Verifying Checksum ... OK
Uncompressing Kernel Image ...OK
No initrd
## Transferring control to Linux (at address 80267000) ...
## Giving linux memsize in bytes, 33554432
Starting kernel ...
Linux version 2.6.15 (root@linux-server) (gcc version 3.4.4 (OpenWrt-2.0)) #199 Thu Dec 18 17:45:39 CST 2008
flash_size passed from bootloader = 4
arg 1: console=ttyS0,115200
arg 2: root=31:02
arg 3: init=/sbin/init
arg 4: mtdparts=ar7100-nor0:256k(u-boot),64k(u-boot-env),2304k(rootfs),64k(user-config),1152k(uImage),128k(language_table),64k(rootfs_check)
arg 5: mem=32M
CPU revision is: 00019374
Determined physical RAM map:
memory: 02000000 @ 00000000 (usable)
User-defined physical RAM map:
memory: 02000000 @ 00000000 (usable)
Built 1 zonelists
Kernel command line: console=ttyS0,115200 root=31:02 init=/sbin/init mtdparts=ar7100-nor0:256k(u-boot),64k(u-boot-env),2304k(rootfs),64k(us
Primary instruction cache 64kB, physically tagged, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, linesize 32 bytes.
---etc---
References:
http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/
http://www.liatoss.com/blog/28-it-hardware/66-netgear-wnr2000-v3-serial-recovery-guide-en.html
http://andre.blaatschaap.be/2013/01/cubieboard-serial-connection/
https://wiki.openwrt.org/doc/hardware/port.serial
