ar71xx: Add support for Ubiquiti NanoStation AC loco and Ubiquiti LiteBeam AC AP #689
Conversation
TobleMiner
force-pushed
the
ubnt-nanostation-ac-loco
branch
from
401dff9
to
3c78e8c
Compare
|
I am adding support for Litebeam 5AC 23 Also,it would make sense to push this upstream |
TobleMiner
force-pushed
the
ubnt-nanostation-ac-loco
branch
from
3c78e8c
to
167f6f1
Compare
|
@robimarko Nice to see more people working on the Ubiquiti AirMAX AC devices. I've renamed the patch to be more generic and will try upstraming on linux-wireless. (although i'll probably have to do something about the ugly pci vendor id hack for that) |
|
@TobleMiner Great job,it looks like it will be merged. |
TobleMiner
force-pushed
the
ubnt-nanostation-ac-loco
branch
from
167f6f1
to
de880ea
Compare
|
I've used the Nanostation AC as my primary AP for the last few days and discovered some issues with 1000 Mbit/s and 10 Mbit/s Ethernet. I've updated the PLL settings and introduced some RX delay to fix it. |
|
|
This PCB is pretty much the same as first gen LiteBeam and other WA boards. Since pretty much all WA devices are 99% the same it would be better to add ubnt-wa.c machfile like XC and XM have. You can do it, or I can do it when opening PR for LiteBeam. I am only pretty damn pissed that they locked the devices completely, both bootloader for TFTP and Stock firmware check for firmware signature. From what I looked at it is looks like SHA1 hash in the firmware header after version. This way in order to flash OpenWRT on LiteBeam I need to first open it and that is endeavor on its own, then I need to remove glued on heatsink with a thermal pad which is stuck hard to expose UART header which is usable. |
|
Yep, the 2.4GHz wireless is totally useable. It only has one tiny antenna and is not particularly fast though. I thought I had replaced all occurrences of Sure, I can add a WA machine file for the nanostation AC. Did you confirm that the litebeam AC is compatible with my settings though? Regarding the signature I did notice what seems to be a sha1 hash after the firmware version, too. But I think the actual RSA signature is at the very end of the file. Ubiquiti has changed the end header magic to Luckily opening the NanoStation AC loco is pretty easy. I've started a device page on the OpenWRT wiki |
|
@TobleMiner I did not confirm it since LiteBeam for developing is borrowed to a friend who was curious how POE works on it and since it was already disassembled I gave it to him to take a look. Hmm,I just took a look at the end of stock binary upgrade image. I tried decompiling fwupdate binary and it gets decompiled in IDA Pro, but I ain't really expert in that field and wasn't able to find out anything. |
TobleMiner
force-pushed
the
ubnt-nanostation-ac-loco
branch
from
de880ea
to
21ed503
Compare
|
@robimarko I've updated the PR to be more generic. I've taken a look at the fwupdate.real binary, too and reverse engineering it won't be an easy task. The task is made even harder by the fact that Ubiquiti jammed the update functionality into a big binary that contains a lot of different tools, stripped all symbols and even the elf section headers. Also there are some DSP instructions and conditional branches in the code that IDA can't decode. This breaks flow analysis in quite a few places. Analysing the binary will take quite some time. The u-boot tftp rescue mode might be worth taking a look at as well. EDIT: |
|
@TobleMiner Great, thanks for that. U-boot TFTP should be a much easier, I gotta try decompiling it, but finding relevant sections of code would not be easy. Took a look at stock binary using binwalk,a lot of stuff found. Also,took a look at fwupdate.real with strings. |
TobleMiner
force-pushed
the
ubnt-nanostation-ac-loco
branch
2 times, most recently
from
f1211a2
to
fea02b1
Compare
|
I've updated the PR to add proper WA image support to mkfwimage. @robimarko This allows for easy testing (and later flashing) of OpenWRT builds on the NanoStation AC |
|
@TobleMiner Awesome progress. |
|
I got the correct md5sum for /bin/ubntbox after uploading WA.v8.5.0.36727.180118.1314.bin to the firmware, downloaded from https://www.ubnt.com/download/airmax-ac/nanostation-ac/ns-5acl |
|
@kuehro I dont understand what you did. |
|
@kuehro Nice! Good to see someone else having success with this device. Thanks for pointing out the firmware version required for flashing. I've added it to the installation instructions. Does everything work as expected? Please report any issues you find. @robimarko I think he upgraded his device to stock firmware |
|
@robimarko: My device came with Version WA.v8.4.2 and after ssh to 192.1681.20 I got the wrong md5sum for /bin/ubntbox. So I downloaded different firmware versions from Ubiquiti and after uploading the 8.5.0 firmware under System -> Upload in the Ubiquiti interface, I got the correct md5sum for /bin/ubntbox. After that I patched the ubntbox binary with hexdump as shown above in the documentation and installed a *-factory.bin with the resulting /tmp/fwupdate.real. The firmware was built from sources checked out with Here is the log from the first boot (address is 192.168.1.1): @TobleMiner: Thanks for your hard work and +1 for merging with master. |
|
I have added the output of dmesg and iw phy info to |
|
I can also confirm that this works. Thanks! |
|
Hi, I tested it yesterday on a brand new device, after upgrading to stock firmware v8.5.0:
So far everything seems to be fine with the support. Thanks! |
|
@pepe2k , since you added the ar71xx tag, do you think you could merge the PR? Thanks! |
|
@TobleMiner Your commit can be very easily used to support the LBE-5AC-16-120. I'll send my PR on top of yours once it gets merged upstream. |
This commit adds support for the LiteBeam ac AP (model LBE-5AC-16-120), a 802.11ac router with a 16 dBi and 120º sector antenna and one Gigabit Ethernet port. Working: - Board identification, CPU, etc. - Ethernet port - Wireless - Button The board is very similar to the NanoStation AC loco, on which this commit is based (they share the WA board design). The same flashing processes described at openwrt#689 apply here. Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
|
+1 for merging this PR. |
This commit adds support for the LiteBeam ac (model LBE-5AC-23), a
lightweight 802.11ac CPE router with a detachable 23 dBi antenna and one
Gigabit Ethernet port.
Working:
Board identification, CPU, etc.
Ethernet port
Wireless
Button
The board is very similar to the LiteBeam ac AP, on which this commit is
based (they share the WA board design). The same flashing procedures
described at openwrt#689 apply here.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
|
@TobleMiner surprise! :) #1154 |
|
@rogerpueyo @TobleMiner which of the 2 patches should i merge ? and can you send the ath10k patch upstream please ? |
|
and can you not just port this over to ath79 ? |
|
It works on ath79 but the radio performance is terrible due to PCI issues |
|
@robimarko what pci issues ? |
|
Perfomance over it is really bad. |
|
ok, so which PR should i merge into ar71xx ? |
|
@blogic To the best of my knowledge this PR is the only one for the NanoStation AC loco. All the other PRs for Ubiqutiti AC AirMAX devices are based on this one. EDIT: |
TobleMiner
changed the title
|
Hi, This pull request adds support for two devices:
Furthermore, there is this commit (7da7c1f) and a pull request (#1154) to add support for a third device, the Ubiquiti LiteBeam ac. @TobleMiner, can you please include this last commit to this pull request, so that we have everything in one single place and I can close mine? After that, @blogic, you may want to merge the whole thing. Regarding the ath79 port, I've got a few commits here but they depend on @robimarko's code which has not been merged upstream yet. I think it'd be nice to have the devices supported in ar71xx and not wait for ath79 to replace it, since it's not even being compiled in the snapshots and, well, the code for the ar71xx port is already here. Thanks |
|
@rogerpueyo I will push Nanobeam ath79 PR once IRQ driver changes from mailing list are merged since they should fix the PCI low throughput issues. |
|
Closed in favor of #1346 |
|
Hi. I checked this firmware and installed it without appearant problems on a NanoBeam 5AC-16 (not Gen2) device (which is a different device then the LiteBeam mentioned above) I created a proper page in the Wiki to describe and store my findings. Possibly the only fix that need to be made is the model name in the firmware, which now read "Ubiquiti Nanostation AC loco (WA)" but should be "Ubiquiti NanoBeam AC (WA)" |
|
Thanks for testing it. However, this patch is based on the now deprecated ar71xx architecture, and was superseded by patch #1346 based on the ath79 architecture. I can try to add support for your device, but since I don't have it myself, somebody should test it thoroughly before sending it upstream. Would you like to test it? |
|
I was merely trying to contact a developer who was working on this area, sorry if this is an old thread. So maybe I respond to the wrong closed case, but the one I downloaded is already the newer ath79 one, and the info I am providing is that that one works, so NanoBeam AC (WA) can be added to the builds. openwrt-ath79-generic-ubnt_nanostation-ac-loco-squashfs-factory.bin Mind you, in the mean time this guy also responded: See also this new page: https://openwrt.org/toh/ubiquiti/ubiquiti_nanobeam_ac |
|
@cybermaus I've just built a support patch based on ath79 at https://github.com/TobleMiner/openwrt/tree/ubnt-nanobeam |
|
Ok, thanks. Two questions: Does this now show up automatically on the nightly builds tomorrow of the main OpenWRT snapshots? And also: It seems a reference to the nanostation ac (non-loco) is missing here: |
|
@cybermaus No, the patch is on my fork of the main openwrt repo only thus it won't be built automatically. I do however provide prebuilt binaries at https://github.com/TobleMiner/openwrt-prereleases-bin/tree/master/nanobeam-ac Please note that I have not verified that those binaries will work with your NanoBeam. I do not have a NanoBeam AC and can't test them. They will be missing configuration for the signal strength indicator LEDs since I do not know the correct GPIO -> LED mapping. Regarding your second question: The network configuration for the Nanostation AC is further down in the file. It has two ethernet ports and an integrated switch thus it requires different configuration parameters. |
|
few days ago i got Litebeam 5AC 23 Gen2 with WA.v8.5.7.38314.180628.1036, patching ubntbox did not work, downgrading to WA.v8.5.0.36727.180118.1314 was useless as device remained inaccessible. luckily there is a crack in airos8 upgrade procedure that allows for flash manipulation without opening device: log in to ssh and start to update same firmware that is already on device (in my case 8.5.7): fwupdate.real -m /tmp/WA.v8.5.7.38314.180628.1036.bin -d during the process abort the upgrade (sometime when it reaches checking of mtd3) by pressing Ctrl+C this way we let the airos upgrade do the hard work for us by unlocking mtd partitions :) after that flash your sysupgrade image to /dev/mtdblock2 and /dev/mtdblock3. it is needed to split sysupgrade image prior to that into chunks that will fit these partitions, see this great article by bugblue on how to do that: https://pastebin.com/0wzMthfr unplug and replug power to device and it boots openwrt i did waste several hours with this since i was trying factory image at first, then remembered sysupgrade must be used |
|
How to add super channels to ac loco |
solved? |
This PR adds support for the new Ubiquiti NanoStation AC loco and the very similar Ubiquiti LiteBeam AC AP. Below instructions (except for alternate installation, the serial header of the LiteBeam AC AP is probably in a different place) and specs apply to both devices.
Overview
The Ubiquiti NanoStation AC loco is the sucessor to the NanoStation M5 loco.
It features both a 5 GHz AC and a 2.4 GHz radio.
Specs
CPU: Atheros AR9342 @ 535 MHz
Flash: 128 Mbit nor flash, Macronix MX25L12805D
RAM: 64 MB
Ethernet: 1x 1000 Mbit/s (AR8035 PHY)
WLAN: AR9342 & QCA988X
It's worthy of note though that the 5 GHz radio is a custom Ubiquiti branded part with the pci id 0777:11ac and a Ubiquiti part number. Apart from the pci id it seems to be an absolutely normal QCA988X rev 2.
Obtaining firmware
Either build it yourself or get it from https://github.com/TobleMiner/openwrt-prereleases-bin
Installation
The firmware for this ubiquiti device is signed. But since there are no mtd utilities available on the device the original fwupdate.real binary must be used.
Please make sure you have got firmware version
v8.5.0.36727installed. The instructions probably won't work for other versions.To install unsigned firmware the fwupdate.real binary (which is in fact just a symlink to ubntbox) must be patched:
After that the factory image can be installed using the patched binary:
Problems installing?
The above instructions were only verified using firmware version
v8.5.0.36727.It will most likely work for any firmware version where
outputs
I've not had a look at any other firmware versions yet but up/downgrading to version
v8.5.0.36727should always work.If you do not have any luck with the non-invasive installation and are not afraid of opening your device and have a USB to serial adapter at hand you can always follow the instructions below.
Alternate Installation Instructions
There seem to be some additional checks in the tftp rescue and I was unable to install any of my firmware binaries that way.
It may be possible to dd the firmware onto the flash directly from AirOS but I used the tftpboot functionality of u-boot to first load an initramfs image and then persistently flash a squashfs image from inside openWrt:
Performance
Performance is great. I'm seeing upwards of 350 Mbit/s throughput on 5 GHz and around 40 Mbit/s on 2.4 GHz. The latter is to be expected since the 2.4 GHz radio is only used as a management and servicing radio by the Ubiquiti firmware.
Issues
I've not come across any compatibility issues yet, everything seems to work perfectly.
Signed-off-by: Tobias Schramm tobleminer@gmail.com