Haru

Haru

HomeArchives

New Toy: Replacement, Rescue, and Exploration of G7615

#G7615#网络问题#刷机338
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Two months ago, the author noticed their internet speed was capped at 940Mbps despite having a capable WiFi6 setup that could utilize more bandwidth. To address this, they decided to upgrade their optical modem to a ZTE G7615 V1, which they purchased second-hand. After configuring the new modem via telnet, they successfully unlocked the speed limit. However, while exploring the modem's shell, the author accidentally rendered it unbootable by executing a command. They researched a solution and decided to recover the device using a USB-TTL adapter. After preparing the necessary tools and connecting the adapter, they interrupted the boot process to enter UBOOT mode and began the firmware recovery process. The recovery involved setting up IP addresses, checking for bad blocks, and flashing new firmware. After successfully rebooting the modem, the author proceeded with the initialization and configuration. They noted the G7615's impressive hardware specifications and planned to enhance its capabilities further by adding busybox and useful plugins. The article concludes with the author mentioning they will add more details later.

0x00 Background#

Two months ago, during a speed test of the network, it was found that whether it was a wired connection or a wireless connection, the speed test results always hovered around 940Mbps. As is well known, operators always provide an additional 20% bandwidth as redundancy when formulating bandwidth throttling templates. With the continuous improvement of WiFi protocols, the current WiFi6 160Mhz 2x2 can achieve a rate of 2400Mbps, which is more than enough to utilize this 20% redundant bandwidth, thus the idea of replacing the optical modem arose. To fully utilize this redundant bandwidth, not only is a 2.5G or higher upstream optical port needed, but it is also necessary to ensure that there is a 2.5G electrical port to guarantee the rate of downstream devices. To save on the cost of a 2.5G router, the final choice of optical modem was ZTE's G7615 V1.

A G7615 v1 was purchased from a second-hand trading platform, and the seller was asked to flash the corresponding firmware for the relevant region and operator before shipping, while also enabling telnet. After a long wait, the package was finally received a week later. That day, the contents of the original optical modem were recorded and backed up, such as the VLAN ID of the Internet interface, the LOID used for registering the optical modem, the serial number and MAC address of the original optical modem, and the account and password for broadband dialing. Then, the modem was replaced, and configuration and registration were performed in the shell of the new optical modem via telnet, ultimately successfully replacing it and unlocking the 940Mbps speed limit.

With shell access, I began to search for some interesting content within the optical modem. A large part of this was skipped, but ultimately, after executing the terrifying command mount -o rw,remount auto /, the G7615 became unresponsive and could not boot again. After checking a forum for related content, I learned that performing an rw remount operation on the root directory would cause it to fail to boot, so I decided to disassemble it and start the recovery from TTL. Despite a thorough search, I couldn't find a USB-TTL, so I purchased three CH340G modules from an e-commerce platform for ¥11.8, beginning the redemption journey for the G7615.

0x01 Preparation Before Recovery#

Before starting the recovery, you need to prepare the following:

  • A serial monitor software, such as MobaXterm or Lucy
  • A USB→TTL, such as CH340, and ensure the driver is installed
  • A disassembled G7615 connected to the TTL line and waiting for revival
  • The firmware for the G7615

After consulting the information, I learned that the meanings of the four contact points in the upper left corner are VCC, TX, RX, and GND. TTL can use either 1.8V or 3.3V, and VCC should not be connected, so the final wiring is: empty, TTL's RX, TTL's TX, TTL's GND.

After connecting the CH340 to the computer, please ensure that you can see the CH340 label in the ports of the device manager.

Figure-1

Record the number of the COM port, double-click to open it, and in the new dialog, select port settings, setting it to the following state.

Figure-2

After completing the wiring, open the serial monitor software on the computer, select the newly connected CH340 serial port, set the baud rate to 115200, and enable the TFTP service in MobaXterm, placing the firmware to be flashed (kernel.bin, framework.bin) into the TFTP service directory. Once prepared, you can start listening to the serial port and repeatedly press the spacebar when starting the optical modem to ensure entering the interactive terminal.

Figure-2

When the symbol appears, it indicates that the normal boot has been successfully interrupted, entering UBOOT mode, at which point you can choose to flash the firmware.

0x02 Starting the Flashing Process#

Connect the computer's network port to the optical modem's LAN port and set the computer to a static IP: 192.168.1.100/24, leaving the default gateway field empty.

First, enter nand bad to check for bad blocks. If the result returns Device 0 bad blocks, you can proceed with the following operations to flash the firmware; otherwise, you need to clean up the bad blocks first.

The commands to execute are:

  • Set the local IP and the optical modem's IP
setenv ipaddr 192.168.1.1
setenv serverip 192.168.1.100
saveenv

tftp 0x88000000 G7615P2T2.bin

Figure-3

  • Perform the write operation and reboot
nand erase 0x1700000 0x3000000
nand erase 0x4700000 0x3000000
nand write 0x88000000 0x1700000 0x3000000
nand write 0x88000000 0x4700000 0x3000000
reset

Figure-4

If all goes well, the optical modem should successfully boot after restarting, and the remaining tasks are to perform initialization configuration and register LOID and other content.

Figure-5

The remaining configuration part can refer to the numerous configuration processes available online, and the specific process may vary by region, so it will not be described in detail here.

0x03 Completing the Shell and Exploring New Features#

It is not difficult to see that the configuration of the G7615 is quite sincere. The processor is ZX279132, a quad-core A53 with a frequency of 1.1G, along with 512M of memory and 256M of flash storage. This configuration can be considered quite high-end even for a hard router, and merely serving as a dial-up internet device seems somewhat wasteful, so I plan to add a busybox to it and run some useful plugins.

There are too many things to do, and I will think of more content later; for now, I will leave it at that.

This article is synchronized and updated to xLog by Mix Space. The original link is https://blog.allieqian.com/posts/tech/3gUpK83mTBPJk

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.