Skip to content

xiao-mantou/K3N

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README-zh.md
README-zh.md
 
 
README.md
README.md
 
 

Repository files navigation

中文

K3N

Phicomm K3 D1

Telnet

Preinsatlled firmware version: V23.1.8.89
For China: cn.dat, for worldwide: us.dat / de.dat
192.168.2.1>Advanced>Restore>Configuration File>Browse>xx.dat>Restore Configuration, One restore one season, reboot router will lose telnet.
PuTTY>192.168.2.1>Telnet>Open>EntryCommand

Source

Backup

mount
ls
cd /xxx
cat /dev/mtd0 > mtd0.bin

mtd0:cfe
mtd1:firemware generated settings
mtd2
mtd3
mtd4
mtd5
mtd6:firmware
mtd7:included in mtd6
mtd8

cfe

Flash command has been blocked since v260
Downgrade to 246 or lower
HxD
Copy 0x400 ~ 0xF9F(meet plenty of 00 before 0x13FC) from origianl mtd0, replace the same area of target cfe
Verify your work using broadcom_cfe_tool
192.168.2.x 225.225.225.0
Tftpd
cd tmp
tftp -g -r xxx.bin 192.168.2.x
cat xxx.bin > /dev/mtdblock0 && rebootSource
Wait for reboot finishing!

Quantum DAX firmware mod for K3

Linux:
sudo apt install binwalk
sudo apt-get update
binwalk xxx.bin

  • CAN be flashed via cfe:
DECIMAL HEXADECIMAL DESCRIPTION
0 0x0 TRX firmware header, xxx, header size: 28 bytes, loader offset: 0x1C, linux kernel offset: 0x21E244, xxx
28 0x1C LZMA compressed data, xxx
2220612 0x21E244 Squashfs filesystem, xxx
  • CAN NOT be flashed via cfe, there are some data before TRX,LZMA&Squashfs:
DECIMAL HEXADECIMAL DESCRIPTION
114692 0x1C004 LZMA compressed data, xxx
525312 0x80400 TRX firmware header, xxx
525340 0x8041C LZMA compressed data, xxx
2775712 0x2A5AA0 Squashfs filesystem, xxx, size: 32877312 bytes, xxx

Get the part(same as mtd6) that can be flashed via cfe:
dd if=Original.bin of=New.bin bs=1 skip=525312 count=35127712
525312 : TRX firmware header offset
35127712 : Squashfsfilesystem offset + Squashfs filesystem size - TRX firmware header offset eg.(2775712+32877312-525312)
Verify: header size = LZMA offset, loader offset = LZMA offset, linux kernel offset = Squashfs offset.

cfe flash

192.168.2.100 225.225.225.0
ping 192.168.2.1 hold Reset for 10s, wait for ttl=100
Tftpd
192.168.2.1/do.htm?cmd=flash+-noheader+192.168.2.x:/xxx.bin+nflash0.trx
Source

Other

Better flash cfe in firmware, Flash firmware in cfe

settings optimize

2.4G 802.11n
5G 802.11ac/n 80Mhz

TO Do

command
ttl

Tag

PHICOMM K3 AC3150 Dual Band Wi-Fi Gigabit Smart Router
Quantum DAX/WL-WN538A8 AC3200 (This guide is no target to this product)

About

K3 D1

Topics

k3 phicomm k3n

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository