Flashing forceWare on SB6141

Files

forceWare-1.4b1-mod2.zip

forceWare-1.4b1-mod2 firmware

Zip Archive - 3.05 MB - 10/26/2017 at 23:08

Download

sb6141.layout

flashrom flash partition layout

layout - 167.00 bytes - 02/27/2017 at 06:03

Download

SPI_Hook_Rev-A-_schematic.pdf

Adobe Portable Document Format - 43.87 kB - 02/27/2017 at 05:46

Preview

Build Instructions

Collapse

1

Step 1

Using the 16 pin chip clip, connect the modem 16 pin SPI flash MX25L6406E to the SPI Hook using the pin table below.
SPI Hook J2 SPI Flash Description
1 2 Vcc
2 10 Gnd
3 7 CS#
4 16 SCLK
5 8 MISO
6 15 MOSI
Vcc 1 HOLD#
Vcc 9 WP#
The connections will look like this. My wires were the wrong gender so I had to use a breadboard in between.

Step 2

flashrom that comes with Ubuntu 16.04 does not include support for the FT2232H Hi-Speed Dual USB UART/FIFO IC and must be recompiled using the following steps.

$ sudo apt-get install libftdi1
$ sudo apt-get build-dep flashrom
$ cd flashroom-*
$ make

1. Run the tool and read the contents of the flash chip.

$ sudo ./flashrom -p ft2232_spi:type=2232h,port=A,divisor=4 -c "MX25L6406E/MX25L6408E" -r sb6141.bin
flashrom v0.9.9-rc1-r1942 on Linux 4.4.0-59-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Calibrating delay loop... OK.
Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) on ft2232_spi.
Reading flash... done.

2. Create a backup of the file.

cp sb6141.bin sb6141-edit.bin

3. Erase the application partitions. This creates a blank (0xff) file to serve as the erase. (0xff signifies an erased byte) in most SPI flash memory chips.

tr '\0' '\377' < /dev/zero | dd of=ubfi_blank.bin bs=1 count=3866624
dd if=ubfi_blank.bin conv=notrunc of=sb6141-edit.bin bs=1 seek=262144

4. Write the forceWare application to both partitions.

dd if=forceWare-1.4b1-mod2.bin conv=notrunc of=sb6141-edit.bin bs=1 seek=262144
dd if=forceWare-1.4b1-mod2.bin conv=notrunc of=sb6141-edit.bin bs=1 seek=4128768

5. Flash the new flash image to the SPI flash.

$ sudo ./flashrom -p ft2232_spi:type=2232h,port=A,divisor=4 -c "MX25L6406E/MX25L6408E" --layout sb6141.layout --image ubfi1 --image ubfi2 -w sb6141-edit.bin 
flashrom v0.9.9-rc1-r1942 on Linux 4.4.0-59-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Using regions: "ubfi1", "ubfi2".
Calibrating delay loop... OK.
Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) on ft2232_spi.
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED.

6. Disconnect the chip clip and power cycles the modem.

7. Connect to the modem over SSH using user root password force.

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 root@192.168.100.1

8. Connect to the web interface http://192.168.100.1 using user admin password force.

View all instructions

Discussions

Patata wrote 08/20/2021 at 08:39

I need some help with alphaware I can upload the file to the modem alphaware 4.0 I know I suppose to do it via tftp or via gui but is not working I can flash the modem and get it to work with forceware but I would like to do it with alphaware too

Are you sure? yes | no

adrian wrote 03/17/2021 at 22:59

Hi, i need some help. im using flashcat usb, i did everything according to here but the modem doesnt bootup, just turn on, the indicating lights are on, and never turn back off. HELP!!

Are you sure? yes | no

Shinrenko wrote 07/13/2020 at 06:37

Can I use these instructions on the latest version of Ubuntu, or should I stick with the version in the guide?

Are you sure? yes | no

Lucas Rangit MAGASWERAN wrote 07/25/2020 at 13:44

Try the latest. Newer versions of Ubuntu may include an updated flashrom tool which has support for the flash chip used by the modem. Then you can skip the step of building flashrom from source. Report back if it works!

Are you sure? yes | no

gantonio1988 wrote 05/25/2020 at 19:26

hola amigo alguien que tenga el programa dragon 8 ???

Are you sure? yes | no

chikillo600 wrote 02/14/2020 at 23:08

se llama alpha pero no se k esta pasando no me funciona la pagina para abrilos alguin puede alludar

Are you sure? yes | no

rorrin626 wrote 04/25/2020 at 22:11

Me pudieras alludar a flashar mi modem 6141

Are you sure? yes | no

E Sosa wrote 06/24/2020 at 18:22

cual se supone que estas usando?

Are you sure? yes | no

chikillo600 wrote 02/14/2020 at 21:54

hola amigo scorpionmichel yo tengo los files para flashear los modem k k ya esta flasheados y borra los password del primer flasheo chikillo600@gmail.com

Are you sure? yes | no

scorpionmichel wrote 02/12/2020 at 01:13

alguien tiene el forceware config file para obtener el internet despues de ya estas flasheado el modem

Are you sure? yes | no

fuzion24 wrote 01/10/2020 at 01:43

@Lucas Rangit MAGASWERAN How were you able to determine the layout of the SPI flash?

Are you sure? yes | no

fuzion24 wrote 01/10/2020 at 04:10

Also, which chip clip are you using?

Are you sure? yes | no

noradof651 wrote 01/20/2020 at 20:27

I have a same question. Any help would be appreciated!!

Are you sure? yes | no

Arran Cudbard-Bell wrote 05/04/2019 at 19:56

I can confirm this works with Raspberry Pi Model 2 B (and likely all the other models). One thing though, you'll need an external 3.3v supply, preferably sharing a common ground with whatever you use to power your Pi. I used a triple rail programmable bench supply to provide 3.3v and 5.0v.

This Raspberry Pi flash rom page: https://www.flashrom.org/RaspberryPi warns not to draw more than 50mA from the 3.3v pin on the GPIO header, but with the SOIC in circuit there's a draw of about 260mA.

1. Follow the instructions here to add the additional modules https://tomvanveen.eu/flashing-bios-chip-raspberry-pi/

Check you have the SPI interfaces come up `ls -l /dev/ | grep spi`

2. Install dependencies (these probably aren't exhaustive)

sudo -s

apt-get install libusb-dev build-deps git

3. Build flashrom without libpci support

git clone https://github.com/flashrom/flashrom.git
cd flashrom
make CONFIG_ENABLE_LIBPCI_PROGRAMMERS=no CONFIG_ENABLE_LIBUSB0_PROGRAMMERS=no CONFIG_ENABLE_LIBUSB1_PROGRAMMERS=no

4. Connect your chip clip - If you have one, otherwise there's loads available on digikey. I just got a set of 6 because I though the others would be useful https://www.digikey.ca/product-detail/en/pomona-electronics/5514/501-1638-ND/745108. But the SOIC 16 clip is available individually for much cheaper.

Using https://www.netcheif.com/Reviews/DIR-825AC/PDF/MX25L6406E.pdf and https://www.flashrom.org/RaspberryPi

We can figure out the pin mappings

Clip -> GPIO Header

1,2,9 External 3.3v supply (VCC)

7 24 /CS

8 21 DO

16 23 SCK

15 21 DI

10 External 3.3v supply (GND)

5. Check flashrom can detect the chip type

./flashrom -p linux_spi:dev=/dev/spidev0.0
flashrom v1.1-rc1-2-g93db6e1 on Linux 4.14.98-v7+ (armv7l)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Using default 2000kHz clock. Use 'spispeed' parameter to override.
Found Macronix flash chip "MX25L6405" (8192 kB, SPI) on linux_spi.
Found Macronix flash chip "MX25L6405D" (8192 kB, SPI) on linux_spi.
Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) on linux_spi.
Found Macronix flash chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E/MX25L6473F" (8192 kB, SPI) on linux_spi.
Multiple flash chip definitions match the detected chip(s): "MX25L6405", "MX25L6405D", "MX25L6406E/MX25L6408E", "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E/MX25L6473F"
Please specify which chip definition to use with the -c <chipname> option.

6. Download the contents a couple of times and check the results are consistent

./flashrom -p linux_spi:dev=/dev/spidev0.0 -c MX25L6406E/MX25L6408E -r sb6141.bin
./flashrom -p linux_spi:dev=/dev/spidev0.0 -c MX25L6406E/MX25L6408E -r sb6141_0.bin

md5sum sb6141_0.bin
7268bb414c701cef397a157e93247404 sb6141_0.bin
md5sum sb6141.bin
7268bb414c701cef397a157e93247404 sb6141.bin

7. Follow steps from original article to create new image

tr '\0' '\377' < /dev/zero | dd of=ubfi_blank.bin bs=1 count=3866624

3866624+0 records in
3866624+0 records out
3866624 bytes (3.9 MB, 3.7 MiB) copied, 55.9865 s, 69.1 kB/s

wget https://cdn.hackaday.io/files/20063858375392/forceWare-1.4b1-mod2.zip
unzip forceWare-1.4b1-mod2.zip
wget https://cdn.hackaday.io/files/20063858375392/sb6141.layout

dd if=forceWare-1.4b1-mod2.bin conv=notrunc of=sb6141-edit.bin bs=1 seek=262144
3276800+0 records in
3276800+0 records out
3276800 bytes (3.3 MB, 3.1 MiB) copied, 33.668 s, 97.3 kB/s

dd if=forceWare-1.4b1-mod2.bin conv=notrunc of=sb6141-edit.bin bs=1 seek=4128768
3276800+0 records in
3276800+0 records out
3276800 bytes (3.3 MB, 3.1 MiB) copied, 34.491 s, 95.0 kB/s

8. Finally, flash the new image

./flashrom -p linux_spi:dev=/dev/spidev0.0 -c MX25L6406E/MX25L6408E --layout sb6141.layout --image ubfi1 --image ubfi2 -w sb6141-edit.bin
flashrom v1.1-rc1-2-g93db6e1 on Linux 4.14.98-v7+ (armv7l)
flashrom is free software, get the source code at https://flashrom.org

Using regions: "ubfi1", "ubfi2".
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Using default 2000kHz clock. Use 'spispeed' parameter to override.
Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) on linux_spi.
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED.

Are you sure? yes | no

Jason Pereira wrote 07/11/2019 at 03:48

Does the modem need to be powered while performing the flashing?

Are you sure? yes | no

hahaitsmikejones wrote 03/07/2019 at 01:44

how would you connect the pins to the raspberry pi? I have a 16 pin chip clip and raspberry pi 3 b+.. not sure where each pin goes. thanks in advance

Are you sure? yes | no

cynthia0555 wrote 10/23/2018 at 08:49

I got a blackcat USB jtag is that same can get it find chip

Are you sure? yes | no

Lucas Rangit MAGASWERAN wrote 01/05/2018 at 00:26

@christner , yeah that's too bad. Do you have a RaspberryPi or similar embedded Linux SBC with a SPI interface? That's about the same price and you can use the flashrom tool . https://www.flashrom.org/RaspberryPi . If you find a different/better USB SPI flasher please post it back here.

Are you sure? yes | no

Maq wrote 05/03/2018 at 09:21

https://www.usbjtag.com/zenshop/index.php?main_page=product_info&cPath=1&products_id=9

http://www.embeddedcomputers.net/products/FlashcatUSB/

Are you sure? yes | no

christner wrote 01/04/2018 at 18:31

It looks like the SPI Hook has been discontinued, any suggestions on alternative inexpensive SPI flashing tools?

Are you sure? yes | no

Maq wrote 05/03/2018 at 09:22

http://www.embeddedcomputers.net/products/FlashcatUSB/ is like $30

but the usbjtag-nt is much faster

Are you sure? yes | no

Flashing forceWare on SB6141

Files

forceWare-1.4b1-mod2.zip

sb6141.layout

SPI_Hook_Rev-A-_schematic.pdf

Build Instructions

Collapse

Discussions

Similar Projects

The wifispectrumulator

CUTSIE WHUN and VISUINO -- Setting you GYRO C.O.B.

Using Konekt with a BeagleBone

Radio Controlled VTOL SR-71 Blackbird

SPI Hook J2	SPI Flash	Description
1	2	Vcc
2	10	Gnd
3	7	CS#
4	16	SCLK
5	8	MISO
6	15	MOSI
Vcc	1	HOLD#
Vcc	9	WP#

Flashing forceWare on SB6141

Become a Hackaday.io member

Just one more thing

Files

forceWare-1.4b1-mod2.zip

sb6141.layout

SPI_Hook_Rev-A-_schematic.pdf

Build Instructions Collapse

Enjoy this project?

Discussions

Become a Hackaday.io Member

Similar Projects

The wifispectrumulator

CUTSIE WHUN and VISUINO -- Setting you GYRO C.O.B.

Using Konekt with a BeagleBone

Radio Controlled VTOL SR-71 Blackbird

Does this project spark your interest?

Report project as inappropriate

Send message

Remove Member

Build Instructions

Collapse