[MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware

Tom Parker tparker at netspace.net.au
Thu May 1 07:35:17 EST 2003


Dan,

You're going to need access to an SMD rework station to get this chip off.  With the right tools it will come off like icing from a
cake.  Putting it back on will be easier than removing it, but the image in the flash chip will be more than the image that is
transferred across the network since it will contain the tftp server etc. which will not get erased (these things are block
erasable, you don't erase the whole chip).  It is likely to be fairly trivial to break the image up though.

It would also be fairly easy to buy these chips from www.digikey.com if really needed.

Yes, this is a last resort for sure.

Cheers,
Tom

----------------------------------
Tom Parker tparker at netspace.net.au
http://www.wiresncode.com/projects


-----Original Message-----
From: Dan Flett [mailto:conhoolio at hotmail.com]
Sent: Wednesday, 30 April 2003 11:35 PM
To: tparker at netspace.net.au; Melbourne Wireless
Subject: Re: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware


A mate of mine has a super-dooper desoldering tool, but the pins on the flash chip might be a challenge for even that.  And how
would you go about putting it back on afterwards?  Looks like we might have to make a sacrafice at the altar of reverse-engineering.
But it may be for the greater good. :)

Tom, I'll keep on trying other methods (including begging the manufacturers) and use your kind offer as a last resort.

BTW I've just done a bit more google research on the WLAP, and man, there's shitloads of rebadged WLAPs out there.  Lots of
different suppliers, lots of different model numbers.  but they all look the same (some are different colours).  And they all have
exactly the same spec sheet, word for word.  Which made them easy to find with google. :)  I'll stick a list of all the websites and
model numbers on the Wiki entry for the SVEC WLAP when I get a chance.  Might help all those people out there with differently
badged APs to band together in a reverse-engineering collective.

Dan
----- Original Message -----
From: Tom Parker
To: 'Melbourne Wireless'
Sent: Wednesday, April 30, 2003 7:24 PM
Subject: RE: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware


Sorry,  I looked at the wiki finally.  There is an SMD Atmel flash chip in the lower right corner of the image.

I can read this for you, but it will be hard to get off the board (all pins will need to be straight and clean to fit in the
programmer).

Cheers,
Tom

----------------------------------
Tom Parker tparker at netspace.net.au
http://www.wiresncode.com/projects


-----Original Message-----
From: owner-melbwireless at wireless.org.au [mailto:owner-melbwireless at wireless.org.au]On Behalf Of Tom Parker
Sent: Wednesday, 30 April 2003 6:51 PM
To: 'Melbourne Wireless'
Subject: RE: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware


Have you guys opened these up?  What kind of chip is the flash chip.

I've got access to gear that can read/write just about any kind of chip/package - but it might in involve some nasty soldering it is
SMD.

Cheers,
Tom
----------------------------------
Tom Parker tparker at netspace.net.au
http://www.wiresncode.com/projects


-----Original Message-----
From: owner-melbwireless at wireless.org.au [mailto:owner-melbwireless at wireless.org.au]On Behalf Of Fenn Bailey
Sent: Wednesday, 30 April 2003 12:20 PM
To: 'Melbourne Wireless'
Cc: 'Dan Flett'
Subject: RE: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware


I had a bit of a play with these (with Jamie's assistance) and basically ran into exactly the same problem.

You can see a bit of a summary here: http://melbourne.wireless.org.au/wiki/?SVECWLAP

By the looks of it, your findings should be added to this.

One of the major issues is that they don't _appear_ to implement standard TFTP - it looks like a slightly whacky variant, which
doesn't speak well for it fully implementing TFTP (eg: GET as well as PUT).

The main hurdle is finding a working copy of the firmware. I don't know if you found the same thing, but the ethernet port appears
to completely die when you flash them with Linksys firmware, which makes further TFTP flashing somewhat difficult. However, the
linksys USB client appears to flash it fine.

The best bet that I can think of is reverse-engineering the USB interface to it (I imagine it would be quite simple) and seeing if
you can read the firmware out this way. I have had success doing this sort of thing with DSL modems in the past (albeit via serial
ports), but the principle is much the same.

Unfortunately, I don't have the time to fiddle with this at the moment, but if anyone knows of good USB sniffing software, or a good
way to do this - it would be most appreciated.

Cheers,

    Fenn.
-----Original Message-----
From: owner-melbwireless at wireless.org.au [mailto:owner-melbwireless at wireless.org.au] On Behalf Of Dan Flett
Sent: Wednesday, 30 April 2003 10:52 AM
To: Melbourne Wireless
Subject: [MLB-WIRELESS] SVEC FD1811 (aka WLAP) Firmware


Hi all,

I have a SVEC FD1811 AP which is rather sick since I flashed it with Linksys firmware.  So to try to nurse it back to health I've
been trying to find any firmware which will make it work again.  I've noticed that the SVEC FD1811 has many twin (ie rebadged)
brothers sold by different suppliers.  But none of them offer a firmware download.  The SVEC AP, like many other APs out there
(including the Linsys WAP11 v1) uses the Atmel AT76c510 chipset.  Today I think I found an important difference between the SVEC and
most other 510-based APs.

I found this site:

http://www.toptrend.com.tw/Technical%20support%20for%20WLAN-1.htm

As far as I can tell, Toptrend write the firmware for the Atmel 510-based APs.  Most of them have Intersil radio chipsets in them.
I guessed this by looking at the firmware version number on the page above.  But the SVEC FD1811 (and I assume, all of the rebadged
SOHO-WLAPs out there) use RFMD radio chipsets.  The version number of the firmware listed on Toptrend's site is the same as what is
in my other, still working SVEC AP: V0.0.1.16

So can anyone suggest how I might get a hold of this firmware?  It isn't available for download anywhere.  SVEC won't send it out.
I'm goint to email Toptrend and see if they'll send it to me.  Jamie Moir and I have tried to extract the good firmware out of a
working SVEC AP using TFTP but with no success. That's not to say it isn't possible though.  Is anyone willing to devote a bit of
time to tinker with my malfunctioning AP?

Dan



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list