Chris JonesAfter digging through the data and extracting what I can from the firmware update file I found the following usage data.. It still needs to be cleaned up, but it does help to identify data on the device.
Usage commands found in no particular order.. (needs to be cleaned up
usage: fat mkfs drive#
fat cat [file]
file : display file
fat mkfs [drive]
drive : drive no.(0 or 1)
0: User, 1: System(Hidden)
fat mkdir [dir]
dir : create directory name
fat write [file] [size]
file : write check file
size : write size(1-65535)
fat read [file]
file : read check file
fat mv [org] [new]
org : original file
new : new file
fat rm [remove]
remove : remove file
fat cp [org] [new]
org : source file
new : destination file
fat lsr <dir>
dir : directory
fat ls <dir>
dir : directory
usage: test read <file name>
usage: test write <file name> <file size>
usage: test cp <existing file name> <new file name>
usage: test rm <file name>
usage: test mv <source file name> <target file name>
usage: test mkdir <directory name>
srom conf -f [flow] -d [val] -s [samp]
flow : 0/1 (Invalid / Valid)
val : 1-10,16/32/64/128/255
samp : 0-63
srom read [addr] -l <length>
addr (hex) : 0xXXXXXXXX
length (dec) : default 4, Max 512 (round 4byte)
srom write [addr] [data] -l <length>
addr (hex) : 0xXXXXXXXX
data (hex) : 0xYYYYYYYY
length (dec) : default 4, Max 512 (round 4byte)
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name
Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.(AC_BE=0x00,AC_BK=0x20,AC_VI=0xA0,AC_VO=0xE0)
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
setup dump -m [mode] -f <fil>
mode : 0-3
0 : No Dump
1 : MAC Header Only
2 : MAC Header and Frame Header
3 : All
fil : 0-2
0 : Show only My address
1 : All
2 : Broadcast Frame hidden dump
setup reg -r <addr> -v <data>
NoOption : display register setting
addr (hex) : 0xXXXXXXXX
data (hex) : 0xYYYYYYYY
setup ch -f <freq> -c <channel>
Argumet freq or ch
freq : 2412/2417/2422/2427/2432/2437/2442/2447/2452/2457/2462/2467/2472/2484/
5180/5200/5220/5240/5260/5280/5300/5320/5500/5520/5540/5560/5580/5600/
5620/5640/5660/5680/5700/5475/5765/5785/5805/5825
channel : 1`14,36/40/44/48/52/56/60/64,100/104/108/112/116/120/124/128/132/136/
140/149/153/157/161/165
setup frame -l <macl> -u <macu> -b <body> -s <size> -t <tid> -r <rate>
-p <power> -a <ack> -m <mcs>
NoOption : display frame setting
MAC ADDRESS XX:XX:YY:YY:YY:YY
macl (hex) : 0xXXXX
macu (hex) : 0xYYYYYYYY
body : 0xZZ MAC Frame Data
size : 0-1500
tid : 0-65535
rate : 1/2/5/6/9/11/12/18/24/36/48/54(Mbps)
power : 0-255
ack : 0/1 (Normal/No ack)
mcs : 0-7
send pn -r <rate> -m <mcs> -p <preamble> -g <gi>
rate : 1/2/5/6/9/11/12/18/24/36/48/54(Mbps)
mcs : 0-7
preamble : 0/1 (Long Preamble / Short Preamble)
gi : 0/1 (Normal GI / Short GI)
send frame -n <count> -i <interval> -s <sifs> -r <rifs> -e <enc>
count : 0-65535
interval : 0-65535 (msec)
sifs : 0/1 (SIFS Burst Invalid / SIFS Burst Valid)
rifs : 0/1 (RIFS Burst Invalid / RIFS Burst Valid)
enc : 0 : None
1 : WEP
2 : AES
3 : TKIP
send help
send frame -n <count> -i <interval> -s <sifs> -r <rifs> -e <enc>
send pn -r <rate> -m <mcs> -p <preamble> -g <gi>
sd buffer [-d | -s]
-s : Single buffer
-d : Dubble buffer
sd clk ???
??? : SD_CLK_CTRL
sd update [filename]
filename : file name
sd fread [filename]
filename : file name
sd gcmd [number] <arg>
number : XX (dec)
arg : Command dependent
sd dcmd [number] <arg> <size>
number : XX (dec)
arg : Command dependent
size : XX (hex)
sd clear [sector] [count]
sector : clear sector
count : sector count
sd acmd [number] <arg>
number : XX (dec)
arg : Command dependent
sd cmd [number] <arg>
number : XX (dec)
arg : Command dependent
sd write [sector] <count>
sector : write sector (over 0x100)
count : sector count (If no <count> continue writing until you issue CMD12)
sd read [sector] <count>
sector : read sector
count : sector count (If no <count> continue reading until you issue CMD12)
wlan rate <rate>
NoOption : display rate setting
rate : 0 auto
1/2/5/6/9/11/12/18/24/36/48/54 (Mbps:11bg) 0-7 (MCS:11n)
wlan obss <0/1>
wlan ap [ssid] [channel] [mode]
ssid : 32 strings(max)
channel : 1-14
mode : 11a/11b/11g/11bg/11n
wlan ibss [bssid] [channel] [mode]
bssid : 32 strings(max)
channel : 0-14 (0:Auto)
mode : 11a/11b/11g/11bg/11n
wlan scan -s <ssid> -c <channel> -t <bsstype>
NoOption : full scan
ssid : 32 strings(max)
channel : 0-14 (0:Auto)
bsstype : 1-3
1 : access point
2 : adhoc
3 : any scan
wlan channel <channel>
NoOption : display channel
channel : 0-14 (0:Auto) channel
wlan enc <mode> <key> <keystring>
NoOption : display encrypt setting
mode : 0-4
0 : Open
1 : WEP40
2 : WEP104
3 : WPA
4 : WPA2
key : 0-3
0 : index / TKIP
1 : index / AES
2 : index
3 : index
keystring : encrypt key(max 63 strings)
WEP40 : 5 character fixed(ascii) / 10 character fixed(binary)
WEP104 : 13 character fixed(ascii) / 26 character fixed(binary)
WPA : 8-63 strings
WPA2 : 8-63 strings
wlan ssid [ssid]
NoOption : display ssid
ssid : 32 strings(max) ssid
wlan mac [macaddr] {-r}
NoOption : dispaly MAC ADDRESS
macaddr : MAC ADDRESS (XX:XX:XX:XX:XX:XX)
{-r} : after MAC ADDRESS FlashROM save and reboot
wlan start <channel>
channel : 0-14
wlan slottime <0..7>
0: station 11a/n short slot
1: station 11g/n short slot
2: station 11g/n long slot
3: station 11b long slog
4: ap 11a/n short slot
5: ap 11g/n short slot
6: ap 11g/n long slot
perf udp tx [ipaddr] <count> <size> {burst}
perf udp rx
ipaddr : X.X.X.X
count : Xs/Xm/Xh/X (sec/min/hour/num)
size : def/big/num (num<=14600)
burst : Non-Blocking only
cl : TCP client
clnb : TCP client Non-Blocking
sv : TCP server
svnb : TCP server Non-Blocking
cs : TCP client & server
csnb : TCP client & server Non-Blocking
wps credential {-c} <select>
NoOption : display Credential
{-c} : Credential clear
select : 0-5
wps assoc <mode>
NoOption : display Association mode
mode : auto / manual
wps pincheck <pin>
NoOption : display PIN code
pin : PIN code (8 character fixed)
wps pin <pin> <ssid>
pin : PIN code (8 character fixed)
ssid : 32 strings(max)
show help
show reg -r <addr>
show ch
show mac
show mep
show time
TELEC commands
show
stop help
stop frame
stop pn
stop
send frame -n <count> -i <interval> -s <sifs> -r <rifs> -e <enc>
send pn -r <rate> -m <mcs> -p <preamble> -g <gi>
setup frame -l <macl> -u <macu> -b <body> -s <size> -t <tid> -r <rate>
-p <power> -a <ack> -m <mcs>
setup ch -f <freq> -c <channel>
setup reg -r <reg:hex> -v <val:hex>
setup dump -m [mode] -f <fil>
macsend r <rate> -c <cipher> -a <ack> -n <count> -t <tid> -h <channel> [macaddr:hex]
rate : 0 auto
1/2/5/6/9/11/12/18/24/36/48/54 (Mbps)
cipher : no/wep/aes/tkip
ack : ack/no
count : 1-65535
tid : 0-65535
channel : 1-14
macaddr : XX:XX:XX:XX:XX:XX
MAC frame send
macsend
reboot system
reboot
ping [ipaddr] <count> <size>
ipaddr : X.X.X.X
count : 1-65535
size : 1-2920
ip [ipaddr] {mask [m_addr]} {gw [gw_addr]}
NoOption : display ip setting
ipaddr : X.X.X.X
m_addr : X.X.X.X
gw_addr : X.X.X.X
stat <NoOpt/clear/stack>
show status
stat
dump [addr] {-l length} (round 4byte)
addr (hex) : 0xXXXXXXXX
length(hex) : 0xYYYYYYYY
mod [addr] [data:hex] {-l length:hex} (round 4byte)
addr (hex) : 0xXXXXXXXX
data (hex) : 0xYYYYYYYY
length(hex) : 0xZZZZZZZZ
print [onoff]
onoff : on / off
sleep {-bb <bb>} {-host <host>} {-rxen <rxen>} {-rfshdn <rfshdn>} {-deep <deep>} {-clk <clk>}
bb : 0/1/2
0 : MAC layer reset
1 : MAC layer normal
2 : MAC layer clock stop
host : 0/1
0 : host clock stop
1 : host clock normal
rxen : 0/1
0 : RX control off
1 : RX control on
rfshdn : 0/1
0 : RF control off
1 : RF control on
deep : 1-65535
clk : 0/1
0 : External clock off
1 : External clock on
factory -mac <mac address> -code <manufacture code> -f0 <Traceability-0> -f1 <Traceability-1>
-agcuse <1:use, 0:Unuse> -agcdsss <ch1agc ch2agc..ch11agc> -agcofdm <ch1agc ch2agc..ch11agc>
-agcofdm <ch1agc ch2agc..ch11agc> -tbase <ch1TSSIbase ch2TSSIbase..ch11TSSIbase>
-toffset <DSSSoffset OFDMoffset MCSoffset> -e(erase information)
-iquse <1:use, 0:Unuse> -txiq <OFDMI OFDMQ DSSSI DSSSQ>
pw <bboff/bbon/anaoff/anaon/rfoff/rfon>
ps [on/off]
ftpscert [filename]
ftpsdel [-p <port>] -m <mode> <address> <user> <password> <filename>
mode: 0:Implicit 1:Explicit
ftpsren [-p <port>] -m <mode> <address> <user> <password> <source> <destination>
mode: 0:Implicit 1:Explicit
ftpsls [-p <port>] -m <mode> <address> <user> <password> <directory>
mode: 0:Implicit 1:Explicit
ftpsput [-p <port>] -m <mode> <address> <user> <password> <server file> <local file>
mode: 0:Implicit 1:Explicit
ftpsget [-p <port>] -m <mode> <address> <user> <password> <server file> <local file>
mode: 0:Implicit 1:Explicit
ftpdel [-p <port>] <address> <user> <password> <filename>
ftpren [-p <port>] <address> <user> <password> <source> <destination>
ftp rename
ftpls [-p <port>] <address> <user> <password> <directory>
ftpput [-p <port>] <address> <user> <password> <server file> <local file>
ftp upload
ftpget [-p <port>] <address> <user> <password> <server file> <local file>
ftp download
nbios [opt]
opt : start / stop / stat
dhcpc [opt]
opt : start / stop
dhcpd [opt]
opt : start / stop / stat
level <arg>
arg : NoOption : display mode setting
1048 : developer
2 : factory
1 : enduser
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.
Grabbing the register settings (possibly via setup reg) might go a long way in figuring out what kind of architecture this chip is
Are you sure? yes | no