Hacking COMPLETED Fusee-LEDE Dongle (6$ payload injector)

[RazorX2014]

Could you, please, post a photo of your work? Would love to see where exactly you soldered the port.

i just soldered it to the usb pins, it was pretty straight forward.
for the usb-c board side with 6 pads the center two are D+ and D- and on the other side, the two pads are GND and VCC (5v) it's pretty straight forward

 

[KsAmJ]

i just soldered it to the usb pins, it was pretty straight forward.
for the usb-c board side with 6 pads the center two are D+ and D- and on the other side, the two pads are GND and VCC (5v) it's pretty straight forward

From where you bought

 

[RazorX2014]

From where you bought

this is the link for the one i bought but i wouldn't recommend this seller as i bought the male connector and he sent me a female connector instead so i messaged him and he apologised and sent the male connector out so i was happy and after that i needed another one for a different project and thought i would give him another try and again he sent me a female connector instead but again i messaged him and he apologised and sent the right one out, i'm guessing he has someone new sending out the orders maybe but either way i got what i wanted and i suppose i did end up with two female connectors as well XD

anyway here's the link:
https://www.ebay.co.uk/itm/DIY-24pi...e=STRK:MEBIDX:IT&_trksid=p2057872.m2749.l2649

 

[Wierd_w]

Holy COW!

I just received my unit in the mail today. It is the "poster child" hardware variant for the battery version on the openwrt hardware page, with the green lacquer covered serial debug console test pads.

Jeezus H Christ on a Pogo Stick--- This thing's firmware is SUPER locked down, and horrible. It is running a custom busybox that has everything yanked out. I can't even change directories!

EDIT
Nevermind--

I just needed to re-read the openwrt page. Appears I have *THE* poster-child. wow, what luck. I just needed to poke the magic 'runshellcmd' on the line, and boom. Got a root shell.
Will do the update later after work.

 

[PC_Arcade]

it's a bit of a bugger to solder, considering gluing it in

 

[mariogamer]

Holy COW!

I just received my unit in the mail today. It is the "poster child" hardware variant for the battery version on the openwrt hardware page, with the green lacquer covered serial debug console test pads.

Jeezus H Christ on a Pogo Stick--- This thing's firmware is SUPER locked down, and horrible. It is running a custom busybox that has everything yanked out. I can't even change directories!

EDIT
Nevermind--

I just needed to re-read the openwrt page. Appears I have *THE* poster-child. wow, what luck. I just needed to poke the magic 'runshellcmd' on the line, and boom. Got a root shell.
Will do the update later after work.

From where did you get it just like that?

 

[mariogamer]

Where is the image with the USB stick injection thingy?

Also what does it change exactly?

 

[Wierd_w]

I purchased an A5-V11 (with battery) from ebay. It is the same exact "with battery" hardware as seen on OpenWRT's teardown pics. However, it is missing mtd_write.

I need to find a way around this.


OK-- Looks like there is a static compiled mtd_write (MIPS24k, same instruction set as this Ralink SoC) for the zsun flashing script that I had downloaded a long time ago. I will see if it can execute.


Nope. It refused to execute. So, I did the a5-v11-squashfs-factory.bin method. Pushed reinx as "payload.bin", and now it boots my switch just fine. Will have to see about getting it to do the needful in terms of network services and pals later, but for now-- Very happy with my new payload injector.

 

[Mobutu16]

I purchased an A5-V11 (with battery) from ebay. It is the same exact "with battery" hardware as seen on OpenWRT's teardown pics. However, it is missing mtd_write.

I need to find a way around this.


OK-- Looks like there is a static compiled mtd_write (MIPS24k, same instruction set as this Ralink SoC) for the zsun flashing script that I had downloaded a long time ago. I will see if it can execute.


Nope. It refused to execute. So, I did the a5-v11-squashfs-factory.bin method. Pushed reinx as "payload.bin", and now it boots my switch just fine. Will have to see about getting it to do the needful in terms of network services and pals later, but for now-- Very happy with my new payload injector.

Follow Chinese Factory Firmware
https://wiki.openwrt.org/toh/unbranded/a5-v11

Then, go settings 192.168.1.1, install fuse, change payload with winscp and that’s all!!

Congrats

 

[Wierd_w]

Follow Chinese Factory Firmware
https://wiki.openwrt.org/toh/unbranded/a5-v11

Then, go settings 192.168.1.1, install fuse, change payload with winscp and that’s all!!

Congrats

Already done. The factory firmware install worked, but that does not give you the sexxy new uboot. I really wanted to do the full monty, but the firmware was missing essential components to do that. Regardless, the injector is working properly now, so I am pleased. May alter the rc scripts so that the LED lights are a different color than red when the system is ready.

 

[aut0mat3d]

I want to say thanks for the guides and firmware images here - got my router working as dongle!

 

[james12]

please someone help me to flash openwrt tru serial connection.

I accidentally upgrade my AV-511 with this firmware "albert-david(do)blogspot.com/2018/01/overwrite-stock-a5-v11-chinese-firmware.html", now i lost web interface of my router,

 

[Huntereb]

@Wierd_w just wanted to let you know that I ordered a soldering station and such for the installation of a SwitchMe unit, and I re-applied some solder to the joints you said looked like ass. It didn't help. Any other ideas?

I ordered one of those chink payload injectors that exist as well, before I decided to give installing the SwitchMe a try, so I have plenty of options! Still would be a neat little device in working order.

 

[Mobutu16]

Already done. The factory firmware install worked, but that does not give you the sexxy new uboot. I really wanted to do the full monty, but the firmware was missing essential components to do that. Regardless, the injector is working properly now, so I am pleased. May alter the rc scripts so that the LED lights are a different color than red when the system is ready.

Once you have openwrt-15.05-ramips-rt305x-a5-v11-squashfs-factory.bin installed, follow the next steps:

* Go to 192.168.1.1 to enter dongle, user:root pass: nothing
* Go to System -> Backup/Flash firmware
*

* Unmark Keep settings and upload the LEDE image. Found here: http://www.mediafire.com/file/cs3ll7cb76ie5pu/archivos.rar. Flash

* Wait until RED led is ON.

* Change payload with Winscp. Payload is in /usr/share/fusee-nano.

Thanks to josete2k and the tuto made in: https://www.elotrolado.net/hilo_fus...er-3g-chino-tutorial_2291305_s150#p1746138347

 

[cracker]

please someone help me to flash openwrt tru serial connection.

I accidentally upgrade my AV-511 with this firmware "albert-david(do)blogspot.com/2018/01/overwrite-stock-a5-v11-chinese-firmware.html", now i lost web interface of my router,

If you don't care about USB then use this LEDE firmware. It has working LAN but no USB.

Otherwise, download the factory image from @Mobutu16's post above yours.

Rename it to firmware.bin and put it on the root of a FAT/32 formatted flash drive. Unplug the router and plug the flash drive in. Push in the reset button and plug the USB cable in. Wait a few minutes before you unplug the cable and plug it back in. Make huge profit.

Try OpenWRT again if you used the factory image.

 

[Gemah]

I managed to get ahold of a powerbank+router rebranded for local market. I'm mostly sure it's an a5-v11 because the instruction booklet seem to be copied from the original product, even having screenshots with chinese text and mentioning MiFi.

The thing is I can't disassemble it in order to check the actual model number. That's because the new shell is a bit thicker and sturdier than the one in photos (at least it also features a battery level indicator with leds, which is handy). I tried fiddling with it but even unscrewed (as it is supposed to be), one of the covers won't come off. I attempted to access it via telnet as suggested in the OpenWRT/LEDE wiki, but I only get a "cannot run /sbin/nologin: No such file or directory" message when I attempt logging in.

Anyone knows a workaround regarding this issue or should I dive blindly into flashing the new firmware and stuff?

 

[cracker]

It sounds like you may have to brute force it open and use a USB2TTL adapter on it to get the bootloader and firmware flashed. Any Arduino device can act as one and it requires basic soldering.

 

[Gemah]

It sounds like you may have to brute force it open and use a USB2TTL adapter on it to get the bootloader and firmware flashed. Any Arduino device can act as one and it requires basic soldering.

I would rather have a less messier solution. If try the update method and it fails, will it brick the router beyond repair? Because if that's not the case then I'm willing to try an easier way before getting messy.

 

[Joshtech]

no, i bought it a usb-c board which already includes everything for it.

those boards are basically designed to be setup to be used as something like an otg cable so it's good to go.

I did something similar but with these https://www.ebay.com.au/itm/New-2-U...e=STRK:MEBIDX:IT&_trksid=p2057872.m2749.l2649

And just soldered it into the USB port. Works like a charm.

 

[Localhorst86]

I did something similar but with these https://www.ebay.com.au/itm/New-2-USB-C-To-USB-A-3-0-Adapter-Metal-Connector-For-MacBook-Pro-1G/273206628671?ssPageName=STRK:MEBIDX:IT&_trksid=p2057872.m2749.l2649

And just soldered it into the USB port. Works like a charm.

I did a similar thing. But for some reason, my frist device broke when I soldered the USB OTG adapter in place (maybe I soldered too hot?) so on my second try I just put a small dab of hot glue on the side without the contacts. Works just fine