[OpenWrt-Devel] OpenWRT support for MPR-A1

Felix Kaechele felix at fetzig.org
Sat Oct 4 07:59:28 EDT 2014

Am 04.10.2014 um 03:43 schrieb Stefan Monnier:
> AFAICT OpenWRT comes with some support for the Hame MPR-A1 thingy
> (although its 16MB of RAM and 4MB of flash probably prevent it from
> being fully supported).

Yes, the MPR-A1 is supported. Also fully so, but it's pretty much 
impossible to get LuCI to work on it with acceptable performance at just 
16MB of RAM.

> The page for MPR-A2 (whose hardware and firmware seem very similar) says
> that the image can be installed via the factory web UI.
> Does someone know if that would work for the MPR-A1 as well?

Probably not. As far as I remember at least some MPR-A1 use a kind of 
XOR obfuscation to "encrypt" their firmware image. We implemented a tool 
to create or extract these kind of images called mkporayfw (hint: it's 
in tools/firmware-utils, if you successfully completed a build already 
you should find binaries for it in build_dir/host/firmware-utils/bin). 
You use it like this to create a factory image for the MPR-A1:

   ./mkporayfw -B MPR-A1 -f <path to your MPR-A1 
squashfs-sysupgrade.bin> -o <output-filename.bin>

I wonder why no one got around to implementing the automatic generation 
of obfuscated images in target/linux/ramips/image/Makefile like we did 
for the Poray boards.

> And if it doesn't work, would it just immediately fail, leaving the
> factory firmware untouched, or would it result in an unbootable machine
> (and if so would it be recoverable via the serial console)?

That I don't know. I never owned a MPR-A1. But what these devices have 
in common is that they all use Ralink's u-boot. That means you will be 
able to recover from a bad flash using the console for input and TFTP 
for file transfer (unless you overwrite the bootloader in flash on 
purpose or by accident, although I never had that happen to me while 
heavily fiddling around with all the other RT5350 boards I have.)
My guess would be it will fail if obfuscation is active on your board's 
factory firmware and the image has the incorrect checksum after 
obfuscation or wasn't obfuscated at all. If the checksum is correct it 
will probably flash whatever you throw at it. That means that you might 
very well render your board unbootable (also in the extended sense of 
board does boot but no network connection to it is possible) but not 
unrecoverable. However, the images built through the OpenWrt build 
system should generally boot okay.

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list