Support for Google Onhub devices

Sungbo Eo mans0n at gorani.run
Sat Jan 15 05:44:10 PST 2022


Hi,

On 2022-01-13 02:52, Brian Norris wrote:
> On Wed, Jan 12, 2022 at 8:43 AM Thomas Deselaers <deselaers at gmail.com> wrote:
>>
>> Hey folks,
> 
> Hi!
> 
>> I have an Onhub router and some Google Wifi repeaters. Google recently
>> announced that they are going to shut down the support for Onhub
>> (effectively bricking them) by end of 2022.
>>
>> I have done a bit of research and it seems like there was some
>> preliminary support for OpenWRT on these devices at some point. I
>> guess there will be a lot of Onhubs that would be pretty good OpenwRT
>> routers in about a year - which otherwise, are probably going to the
>> trash.
>>
>> While I am a developer, I have only very little openWRT experience and
>> I have been wondering what it would take to bring up support for these
>> devices.
> 
> It's not likely to be a great "first hacking on OpenWRT" experience,
> but it should technically be possible...
> 
> FWIW, I've been hacking on Google WiFi, the successor of the OnHub. I
> have it working, and documented pretty much everything here:
> 
> https://openwrt.org/inbox/toh/google/google_wifi
> 
> For the OnHub, you could leverage the same partition formatting (OnHub
> is also running a similar Chrome OS bootloader), but you'd have to
> bring up a different SoC (OnHub uses ipq8064, while Google WiFi is
> ipq4019). OnHub also doesn't have as easy of serial-console access for
> hacking. And I don't see documentation for Developer Mode on OnHub,
> although I know it's possible.
> 
> But, I'm interested, and if you really have the stamina to hack on it,
> I can be a sounding board!

I've also been thinking of porting OpenWrt to OnHub since I ran into it 
a few years ago, but I couldn't make enough time to actually play with it...

Exploitee.rs already did great groundwork for it, they found out the way 
to enable developer mode (as mentioned by Alberto), and they also 
succeeded in getting serial access to ASUS OnHub [1].
I could not find any reference/discussion on serial access to TP-Link 
OnHub, but after rummaging through the internal photo from iFixit 
teardown [2], I strongly suspect JP2 connector (next to the QCA8337 
Ethernet switch) is the Yoshi debug header [3] which can be also found 
in some old Chromebook mainboards. (JP6 might be connected to Zigbee 
chip instead, otherwise Exploitee.rs guys wouldn't have missed it...) 
Comparing the schematic of Yoshi flex cable with the connector pads, I 
guess we can at least get access to UART2, JTAG, SPI2, DEV_MODE pins. 
That's why I fetched OnHub myself and put it into the cabinet before 
taking it apart and forgot about it. :/

Brian did a great work on Google WiFi support and I believe most of it 
can be applied to OnHub as well. (I really appreciate your work! I never 
thought Chrome OS stuff would be another hassle...) I hope I could find 
some time to start working on it someday...

Cheers,
Sungbo

[1] https://www.exploitee.rs/index.php/Asus_OnHub
[2] https://ko.ifixit.com/Teardown/OnHub+Teardown/48129
[3] 
https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/refs/heads/master/docs/servo_v2.md#connecting-servo-v2



More information about the openwrt-devel mailing list