pass the gravy and the arlan
Thanksgiving week looks like it might be dedicated to continuing the project from the last hack night. Ken's SWN Node south of me on 26th looks like the closest node to my place. Alas, there's trees and such in between, but we've been playing a little bit with some old 900mhz tech, The Arlan (of doom). The product line that lead up to the Cisco Aironet's that still kick around today was a popular platform for barcode scanners and such inventory tracking devices.Some ol' chap named xam ended up with a bunch of the 900mhz models and hacked around with the firmware for a bit. His pages aren't around anymore but you can hit them up via the archive. Ken and Matt picked up a pile of these and since the last hack night we own all of them in the world (We'll sell them back to you at $250ea btw). Anyways, we bricked a 630-900 following xam's instructions for downgrading (most of ours started at 4.2c although they had 'shipped firmware 2.39 stickers'). Not trusting the downloaded firmware from the archive, a few connections were hit up and we found a couple other places from filename searches. We have since reamassed a collection of arlan firmware on the swn website.
After bricking a second (the downgraded firmware installs, but then reboots, prints "Decompressing the code", and reboots again (GOTO 10)) we tried upgrading and successfully brought it up to the latest firmware. We weren't really sure about all of the menu settings so we tried getting a fourth working and managed to swap some parts around from the bricked radios. The product is three boards: the motherboard, a radio board and an network interface board. There are Ethernet and Token ring network interfaces which appear to be swappable. Some of the radio boards are swappable, but there are two different connectors. The odd part is that the motherboards all seem to have traces for both connections. Some of the older 900mhz radios were large and used the larger connector but we had other 900mhz radios that had the smaller radio. We successfully swapped the 900mhz off a bricked arlan into a 630-2400 (2.4ghz) model that we had that was having complaints about it's radio anyways. (this was the one model we had working at the time).
Another model had a write password (it all seems snmp based) and last I knew we had some brute force scripts running against it.
Power supplies are scarce but we have plans to build a few now that we know the pinouts and power levels. Hopefully next hacknight we can make a bridge and start plans to actually deploy these through some trees.
posted by btm at 7:35 PM
8 Comments:
Any chance to "de-brick" those units?? :)
i don't think so. a few hardware-ish people have stared at them. they only have enough flash memory on board for on copy of the software. I figure if there is a way to recover them without a soldering iron it's a matter of finding a startup mode where it will tftp from a certain IP address on boot.
Unfortunately and oddly, the full interface only supported ftp, so the chances of anything convenient like that seem slim.
That is strange but I understand what you are saying. If it only does ftp when it is working, it would be up to something special in the boot code to do tftp or serial xfer. I wonder if there is someway to get them to do something like xmodem from the serial port? I used to do firmware upgrades to ciscos and ascend stuff (especially the isdn ta's) over the seral port. Slow but it worked.
What kind of links are you getting with these with the yagi antennas? These might be handy for some NLOS links.
Yeah. Cisco used to have a copy of IOS in ROM so even if you hosed your IOS you could boot with limited functionality and get another one up. I'm not sure about all the newer lines but I know that the 2600 dropped the boot rom, but still had rommon which supported the likes of xmodem.
whereas on the arlan, ctrl+break, random key pounding, etc, brings up not rommon like interface on boot. such a thing probably doesn't exist.
we haven't verified the link distance yet, still burn-in testing my plastic bag based outdoor case.
I got a couple of these linking but just using omni antennas right now.
You guys play with these bridges anymore? I got some even later firmware, version 5.29 I have loaded on mine..
not recently, i've still got one on my deck pointing at kens. I don't think I have another around that's been reflashed.
In case you ever have the need, these can be modified for POE fairly easy. Pins 4,5,7 and 8 are just "hanging" on the board, not connected to anything..
Post a Comment
<< Home