[Necromant] recently acquired a router that was nearly free. Looking his gift horse in the mouth, he hooked up a serial port to see if it could run some updated firmware such as OpenWRT. The initial findings were promising; it used the same CPU as the very popular WR703N, but this free router only had 2 MiB of Flash and 8 MiB of RAM – barely enough to do anything. His solution to this problem is in the true hacker tradition: just solder some more chips onto the router.
Upgrading the RAM was comparatively easy; [Necromant] found an old stick of RAM, desoldered one of the chips, and replaced the measly 8 MiB chip with a new 64 Megabyte chip.
The Flash, though, proved more difficult. Without the right code in the Flash for the radio test, the router wouldn’t be useful at all. The solution was to read the original 2 MiB chip, read the Flash from a WR703, and combined the two with a simple dd command. This was written to a new SPI flash chip with a buspirate and a home etched board.
Now that is what I call a Hack!
I love this. A culmination of bits all displayed regularly on Hackaday, put together FTW! Nice to see its not just another project that is more colored LEDs or a camera attached to an RC car or something. srius bsnss. Hats off to the hacker!!!
Hear hear!
I would have loved to see him post more info on the details. I get that he needed a 22 ohm resistor to take advantage of the new ram… but how did he know this? Is this in the chip documentation for the MCU? Trial and error? Magic?
It always starts with the datasheet for the ram chip and the SoC and eyeballing the board for the circuit that’s in place. The other thing to consider here is ram timing in the bootloader, along with sourcing the correct ram chips to upgrade with. If any of those are out of whack to start off with, you might have a soft/hard brick :)
knowing a little bit of assembler may or may not be useful in this situation but understanding how to read and translate register mappings and values will also help with the bootloader side of things. For instance, it may well boot your shiny new ram chip but does the bootloader actually know it’s there, or is it just seeing the original ram size due to hardcoding in the bl?
Does it really matter what the bootloader thinks? That will only be running for a short time anyways – just long enough to load and execute the kernel.
Actually it can matter but it depends entirely on the system/architecture/design. For example, the bootloader may be passing a hard coded value to the kernel at boot.
22 Ohm is the usual value put there. If you have ever router DDR RAM and know the typical circuit it’s obvious.
And yes, I was lucky. Unlike VxWorks bootloader, u-boot for ar9331 detects RAM size, so no disassembly/register dumping is needed. Just plug^Wsolder&play
Nice job! Thanks for the u-boot tip :)
I’d just be left with a brick…..Good hack
Nice hack,definitely beyond my skill set, but an interesting ready anyway. To those who have to post a bitch about the hackady staff post,goof grief, be realistic. Hackaday isn’t exactly rife with colored LED etc. .
I had a small nerdgasm over this hack. Damn I would love to have the skills to do that.
I used to teach people how to solder SMT components by hand where I used to work… most people got it on the first try after a short demo by me…. in other words…just try it because you probably do have the skill!!
I assume MiB means megabyte. What happened to MB? Did I miss something?
Actually, MiB is NOT MegaByte, it’s Mebibyte. HOWEVER, both units of measurement are identical (1,048,576 bytes).
MB is an IEEE standard, where MiB is an IEC standard.
Actually mega is a SI decimal prefix so a mega byte should means 10^6 bytes = 1000000bytes.
Whereas the prefix mebi means 2^20 bytes = 1048576bytes.
The usage of mebibytes endorsed by the ICE as well as by the IEEE, since it is more precise.
The problem is megabyte is often used ‘wrong’:
Depending on who you ask as megabyte is either : 1024*1024byte, 1000*1000byte or even 1000*1024.
This confusion started back in the days of floppy disc drives, where each manufacturer had it’s own definition of megabyte.
I appreciate see MiB instead of MB. If I see MB I never know if they mean 1,000,000 Bytes or 1,048,576 Bytes even Hardware manufactures use both values interchangeably for MB. However if I see MiB it’s almost always the correct value of 1048576 Bytes.
I think it’s mainly the French (seriously, no idea why) and pedants who use MiB. Hard Drive manufacturers started off using decimal (10^6) megabytes, apparently due to tradition, but I think they were just trying to con people.
A proper megabyte is 2^20. That’s what MiB is supposed to be for. I call bullshit. 2^20 was a megabyte back when that was a lot of memory, or $1000 of hard-drive space. It was good enough for the folks that first had one, it’s good enough for you whippersnappers.
10^6 can be called “a million bytes”, and shame on anyone who causes you to use it.
So is a KB now a KiB? Wait–Is a Terabyte drive really a TiB drive?
Am I the only one who thought of the other kind of “router” and wondered why hacking one of those that needed fine soldering skills?
One’s a router, rhymes with “computer”. The other one’s a router, rhymes with “outer”.
Thanks for explaining that. I expected that he just meant popping the lid off and adding another DIMM. ’round here consumer routers are more aptly called switching bridges, or occasionally a switch with a routing module or layer 3 switch (though that one is wrong).
Great soldering skills for sure, but impeccable might be hyperbole. Though perhaps if your standard of soldering involves a modified BIC lighter this might be true. I do however find the follow up USB modification both delightfully clever and terrifying all at once. Good hack all around though!
These are the kind of hacks that i expect to see! excellent skills.
Have a Brolken router here which could be recoverable, the 29lv640 is dead (as in failed during DD-WRT and now won’t respond to tftp or anything else.
Some old digital picture frames use the mostly compatible 29xx 1/2 the capacity so if I can get a minimal firmware on that or at least read back the kernel it might work.
Apparently the chips do degrade especially if you flash them a lot, some people have reported errors and eventual failure in less than 25 reflashes which is not a good sign.