Added Telstra Smart Modem Gen 3 (CobraXh) (#262)

* Added Telstra Smart Modem Gen 3

* Changed reference to ARM64 boards

* Reverted RBI change + changed PKGTB to ref U-boot

* Cannot restore ubifs rootfs_data dump

docs/Recovery.md

@@ -44,6 +44,7 @@ If you think you are not completely aware of what's going on or you don't know w
 !!! note "This reset method is **not** available if..."
     - You have lost any kind of access to root shell by either SSH, Telnet, or Serial console, and you cannot execute a custom command as root.
     - The Gateway bootloops or fails to boot properly.
+    - The Gateway uses the ubifs filesystem on the `rootfs_data`/`userfs` partition.
 
 1. Log in to root shell (whatever you have available to you; SSH, telnet, serial console ...)
 2. Run `cat /proc/mtd` and look for your user data partition name, it could be either `userfs` on older devices, or `rootfs_data` on newer ones
@@ -131,9 +132,9 @@ By holding down a button (usually reset) at power on, the Gateway will enter BOO
 If both firmware banks contain invalid firmware's, the Gateway will enter BOOTP mode automatically after three failed boot attempts on both banks.
 
 !!! warning "Please note and take into account"
-    - This **will not** automatically **switch** the active bank for you, if the active bank is `bank_2` and it still contains a valid firmware it will still boot it, instead of the one you are flashing here.
+    - Unless your device is a CobraXh, this **will not** automatically **switch** the active bank for you, if the active bank is `bank_2` and it still contains a valid firmware it will still boot it, instead of the one you are flashing here. The CobraXh will **only** enter BOOTP if the active bank is `bank_2`, and it *will* automatically switch to `bank_1` after successful firmware flash.
 
-    - Flashing via this method **does not** perform any factory **reset**, the new firmware will run on old and possibly corrupt or incompatible config. It is therefore recommended that you perform a factory reset before flashing a new firmware.
+    - Unless your device is a CobraXh, flashing via this method **does not** perform any factory **reset**, the new firmware will run on old and possibly corrupt or incompatible config. It is therefore recommended that you perform a factory reset before flashing a new firmware. The CobraXh, on the other hand, **will** perform a factory reset on *both* banks after successful firmware flash.
 
     - The firmware BLI image (.bli/.rbi files) is digitally signed, and the signature is verified by BOOTP before flashing, so you can't flash an incorrect image (a good thing) but you also can't load a modified image (sad face times 1000).
 
@@ -159,7 +160,7 @@ What you will Need
 
 1. Download the latest normal edition of [TFTP64](http://tftpd32.jounin.net/tftpd32_download.html) and install it.
 
-2. Get the firmware RBI file you want to load into the Gateway from the [Repository](../Repository/) and place it in the TFTP64 folder. You may use another folder and change the settings appropriately if you wish.
+2. Get the firmware file you want to load into the Gateway from the [Repository](../Repository/) and place it in the TFTP64 folder. You may use another folder and change the settings appropriately if you wish.
 
 3. Connect the Ethernet port on your PC to one of the LAN ports on the Gateway (usually LAN1).
 
@@ -226,6 +227,7 @@ You are now ready to try booting the Gateway to do the flash!
 4. Place Gateway into BOOTP mode, this is achieved by turning it off, holding the reset button down and powering on.
     - For TG789vac and TG799vac wait for the ethernet light to flash.
     - For TG800vac count to about 5.
+    - For CobraXh wait for the power light to flash white.
     - TFTP may detect the sooner though.
 
 5. Let the firmware flash, a download progress bar will show. When completed, the Gateway will start flashing the received firmware. Wait for the Gateway to reboot.
@@ -236,7 +238,7 @@ You are now ready to try booting the Gateway to do the flash!
 From here, Gateway has the firmware you flashed into its `bank_1` partition.
 
 !!! note "A few things to note"
-    - Again, the Gateway will not boot from this new firmware if `bank_2` is active and contains a valid firmware.
+    - Again, the Gateway will not boot from this new firmware if `bank_2` is active and contains a valid firmware (unless your device is a CobraXh).
 
     - If you followed rooting guide on this wiki and your bank plan is still optimal you are guaranteed to see this just flashed firmware to boot because active bank is always `bank_1` on optimal bank plan.
 
@@ -259,9 +261,9 @@ When you power on your device it starts loading by default the firmware from the
 
 In order to check which firmware bank is currently set as *active bank*" you can do any of the following:
 
-- Read contents of `/proc/banktable/active` file. This requires you have root access to the gateway.
+- Read contents of `/proc/banktable/active` file or run the `bootmgr partition active` command if that file does not exist. This requires you have root access to the gateway.
 - Read serial console log during boot. This requires a serial adapter connected to the gateway device board. Recommended in case of soft-bricks.
-- Fash some different, yet valid firmware from BOOTP via TFTP and see if the flashed firmware is being booted by default. This is recommended whenever you have yet to root the gateway for the first time and it is in normal working order.
+- Flash some different, yet valid firmware from BOOTP via TFTP and see if the flashed firmware is being booted by default. This is recommended whenever you have yet to root the gateway for the first time and it is in normal working order.
 
 ## Change booted bank
 

docs/Repository.md

@@ -720,3 +720,17 @@ A basic ADSL only BCM6362 based gateway. Very useful as SIP ATA.
 | ??? 🤔 | 19.4.0677          | 2021-07-28 | -             | [HTTP](https://fw.regman-tl.interbusiness.it:11443/Firmware/TR069/AGThomson/RPTEM_1.0.4_CLOSED.rbi)* - [Torrent](https://github.com/kevdagoat/hack-technicolor/blob/master/torrents/gcnt-n/RPTEM_1.0.4_CLOSED.rbi.torrent?raw=true) |
 
 > *\* requires access to ISP's network and download password*
+
+
+## CobraXh / VCNT-8
+
+### Telstra - Smart Modem (Gen3)
+
+!!! warning "PKGTB Firmware Format"
+    These devices do *NOT* use the RBI firmware file format. The firmware is packaged in PKGTB files. The firmware also consists of two partitions: bootfs and rootfs. See [Safe Upgrade for pkgtb Firmware](../Upgrade-pkgtb) for instructions.
+
+| Type   | Version          | Timestamp  | Root Strategy | Mirror |
+|:------:|:-----------------|:-----------|:--------------|:-------|
+| 2 😁   | 20.4.0256-MR0-RA | 2021-09-19 | #C            | [HTTPS](https://github.com/hack-technicolor/tch-bank-dumps/raw/master/vcnt-8/telstra-vcnt-8_20.4.0256-MR0-RA-bank_dump.tar.xz) - *Note: This **IS NOT** a PKGTB firmware. It is ubifs raw bank dumps. You can't use with TFTP or regular firmware upgrade tools* |
+| 2 😁   | 20.4.0319-MR0-RA | 2021-12-09 | #C            | [HTTP](http://fwstore.bdms.telstra.net/Technicolor_vcnt-8_20.4-319-RC4.2-RA-bootstrap/bcmVCNT-8_nand256_ubifs_update-r20.4-319-2-1-MR0-RA-BOOTSTRAP-signed.pkgtb) - [Torrent](https://github.com/hack-technicolor/hack-technicolor/blob/master/torrents/vcnt-8/bcmVCNT-8_nand256_ubifs_update-r20.4-319-2-1-MR0-RA-BOOTSTRAP-signed.pkgtb.torrent?raw=true) |
+| 3 🙄   | 20.4.0428-MR1-RA | 2022-03-15 | -             | [HTTP](http://fwstore.bdms.telstra.net/Technicolor_vcnt-8_20.4.428-2-3-MR1-RA/bcmVCNT-8_nand_squashfs_update-20.4.428-2-3-MR1-RA-signed.pkgtb) - [Torrent](https://github.com/hack-technicolor/hack-technicolor/blob/master/torrents/vcnt-8/bcmVCNT-8_nand_squashfs_update-20.4.428-2-3-MR1-RA-signed.pkgtb.torrent?raw=true) |

docs/Resources.md

@@ -28,6 +28,33 @@ The `rootfs_data` (formerly `userfs`) partition holds whatever file change (conf
 
 When a proper [Reset to Factory Defaults (RTFD)](../Recovery/#reset-to-factory-defaults-rtfd) is done, the overlay partition is not formatted, the only relevant `/overlay/bank_*` folder is deleted instead. You can learn more on such aspects by reading the [Recovery](../Recovery/) page.
 
+### Devices with U-boot bootloader
+
+Here is how the Homeware flash layout typically looks like on devices that use the U-boot bootloader:
+
+`root@CobraXh:~# cat /proc/mtd`
+
+| Device  | Size       | Erasesize   | Name          |
+|:--------|:-----------|:------------|:--------------|
+| `mtd0`  | `00200000` | `00040000`  | `loader`      |
+| `mtd1`  | `1fc00000` | `00040000`  | `image`       |
+| `mtd2`  | `00000500` | `0003e000`  | `metadata1`   |
+| `mtd3`  | `00000500` | `0003e000`  | `metadata2`   |
+| `mtd4`  | `008bd7b2` | `0003e000`  | `bootfs1`     |
+| `mtd5`  | `0599c000` | `0003e000`  | `rootfs1`     |
+| `mtd6`  | `008dc07a` | `0003e000`  | `bootfs2`     |
+| `mtd7`  | `0599c000` | `0003e000`  | `rootfs2`     |
+| `mtd8`  | `0083c000` | `0003e000`  | `data`        |
+| `mtd9`  | `0083c000` | `0003e000`  | `defaults`    |
+| `mtd10` | `0003e000` | `0003e000`  | `eripv2`      |
+| `mtd11` | `0c80c000` | `0003e000`  | `rootfs_data` |
+
+Firmware is stored in *two* partitions per bank: `bootfs1` and `rootfs1` are equivalent to `bank_1`, and `bootfs2` and `rootfs2` are equivalent to `bank_2`. The `bootfs` partitions contain the kernel, and the `rootfs` partitions contain the read-only filesystem images. The `rootfs` filesystems may be either UBIFS, or UBIFS within SQUASHFS filesystems, depending on the firmware version.
+
+The `rootfs_data` partition is identical in use as described above, with the only difference being that it contains a UBIFS filesystem rather than JFFS2. The overlay folder and its `bank_1` and `bank_2` sub-folders are identical to previous usage.
+
+It is important to note that UBIFS partitions *cannot* be overwritten by direct partition writing to the MTD device. They can be overwritten using the `ubiupdatevol` command through the associated UBI device, but this is only possible on *unmounted* partitions.
+
 ## The boot process
 
 There exist many versions of this bootloader stack. Here we describe one from a VBNT-O (ARMv7) board. Actual addresses or unpacking code may differ between board versions, still what you read here is quite general.
@@ -256,6 +283,9 @@ You can get a firmware image flashed by using one of the following modes:
 
 #### Direct partition writing
 
+!!! info "Devices that use ubifs filesystems"
+    Devices that have `ubifs` filesystems (instead of the more common `jffs2` filesystems) *cannot* use direct partition writing to modify the active bank. The ubifs file system cannot be written whilst mounted.
+
 * The firmware is usually transferred to the gateway temp filesystem via SSH/SCP or USB drive.
 * The firmware image is directly written to the bank you specify on the command line.
 * This flashing method requires root access to a booted firmware.
@@ -301,6 +331,9 @@ This guide will show you how to dump a bit-for-bit clone of any partition and re
 !!! info "Decrypted RBI _v.s._ bank dumps"
     Decrypted RBI firmwares are the same as `bank_1` or `bank_2` dumps except for their first four bytes. A correctly decrypted RBI starts with a sequence of four `0xFF`. You can edit these bytes to `0x00` and use the resulting file as a bank dump to be restored.
 
+!!! warning "Devices that use ubifs filesystems"
+    You *cannot* use these commands on partitions that contain `ubifs` filesystems.
+
 ### Making dumps
 
 `bank_1` is usually mapped to the `mtd3` partition and `bank_2` is usually mapped to `mtd4`, you do not really need to backup firmware banks if you already have an RBI file for that same firmware available.