DGND3700 V1 CFE Boot Loader TFTP De-Brick
Jump to navigation
Jump to search
Contents
You bricked it!
Yep, sooner or later the inevitable would happen when making a new firmware - you did something stupid and bricked it.
When I first screwed a firmware up I hoped I could rescue it with the (normal) 1 second opportunity (boot_wait) the device waits for a TFTP connection these type of devices usually give from uboot, alas after a great deal of trying I decided it wasn't possible
This post details putting a similar device into rescue mode (i.e. starts it up with tftpd server and waits for firmware) but this didn't seem to work either.
I decided it would have to come apart, put a pinheader on it, and get into it via the console.
It comes apart fairly easily, there are Torx screws under each rubber foot and a couple in the middle. Just be careful of the wifi antennae connections to the miniPCI board as there isn't much free movement without popping the Hirose connectors off. They arent coded either so note which goes where. Love the antennae taped to the inside, lol !
- Note console port bottom left of pic prior to soldering pin header on - love that white glue !
Add pinheader to board
The holes were filled (on my DGND3700 V1 anyway) on the board so doing this is a real pain.
The best (only) technique I have found is to remove a clean spare pin, heat it up and simultaneously and slowly push it through the hole, you may need to tin it to get it going - the solder in the hole should stick to the pin as it passes through thus getting it all out. A clean new pin is needed for each hole. It isn't easy to leave a fully clean hole.
Hook up a TTL Serial adapter
You will need some sort of TTL 3.3v to serial adapter, and connect TX/RX/Ground up to it. The whole session is at 115200 bps, (it doesn't change speed like some things do halfway through)
I have a TTL direct to USB one (they cost about £1 on fleaBay nowadays, search for 'USB TTL', suggest getting one that does 3.3v and 5v).
Using Putty thus; Simply select 'Connection Type' as serial, 'Serial Line' /dev/ttyUSB0, 'Speed' 115200 and connect. You can leave it across router reboots etc you don't need to disconnect and reconnect.
Flashing via TFTP
The board is hard coded on 192.168.1.1 so you need to have your machine manually set on this subnet, like 192.168.1.2 / 255.255.255.0, obv. no gateway or dns neccesary. (AND don't forget to put your machine back to DHCP after it flashes/reboots as it will be back on 192.168.0.1 ! I know it sounds daft but it caught me out once when I couldn't work out why the http interface wasn't working!!)
You have 1 second to press enter to enter the CFE from your console connection (and stop it then booting the kernel). Just type in tftpd after that and it starts TFTPD server on 192.168.1.1
I think the rest is fairly self explanatory from this log. Remember you are (put)sending the file from your machine to the router in binary.
e.g. in Ubuntu
$ busybox tftp -p -l DGND3700_02130941_A_D.chk 192.168.1.1
You should then see dots immediately going across the terminal screen connected to the router after 'Loading', as per below. It will then take a good few minutes flashing, so be patient.
DGND3700 Boot Code V1.0.8 CFE version 1.0.37-104.4 for BCM96368 (32bit,SP,BE) Build Date: Mon Feb 21 17:59:46 CST 2011 (finerain@moonlight) Copyright (C) 2000-2009 BroAdcom Corporation. Parallel flash device: name AM29LV320MT, id 0x2201 size 32768KB Total Flash size: 32768K with 256 sectors ethsw: found bcm53115! Chip ID: BCM6368B2, MIPS: 400MHz Main Thread: TP0 Total Memory: 134217728 bytes (128MB) Boot Address: 0xb8000000 Board IP address : 192.168.1.1:ffffff00 Host IP address : 192.168.1.100 Gateway IP address : Run from flash/host (f/h) : f Default host run file name : vmlinux Default host flash file name : bcm963xx_fs_kernel oot delay (0-9 seconds) : 1 Boot image (0=latest, 1=previous) : 0 Board Id (0-11) : 96368MVWG Number of MAC Addresses (1-32) : 10 Base MAC Address : 84:1b:5e:36:a1:10 PSI Size (1-64) KBytes : 24 Enable Backup PSI [0|1] : 0 System og Size (0-256) KBytes : 0 Main Thread Number [0|1] : 0 *** Press any key to stop auto run (1 seconds) *** Auto run second count down: 1 CFE> CFE> help Available commands: tftpd Start TTP server sm Set memory or registers. dm Dump memory or registers. w Write the whole image start from beginning of the flash e Erase [n]vram or [a]ll flash except bootrom r Run program from flash image or from host depend on [f/h] flag p Print boot line and board parameter info c Change booline parameters f Write image to the flash i Erase persistent storage data b Change board parameters reset Reset the board flashimage Flashes a compressed image after the bootloader. ifconfig Configure the Ethernet interface help Obtain help for CFE commands Formore information about a command, enter 'help command-nAme' *** command status = 0 CFE> tftpd Start TFTP server Loading : ... Finished loading 9008421 bytes Loading ...................................................................................................... ..................................................................... Resetting board...
It will then reboot following normal sequence below.
Normal boot sequence
DGND3700 Boot Code V1.0.8
CFE version 1.0.37-104.4 for BCM96368 (32bit,SP,BE)
Build Date: Mon Feb 21 17:59:46 CST 2011 (finerain@moonlight)
Copyright (C) 2000-2009 Broadcom Corporation.
Parallel flash device: name AM29LV320MT, id0x2201 size 32768KB
Total Flash size: 32768K with 256 sectors
ethsw: found bcm53115!
Chip ID: BM6368B2, MIPS: 400MHz
Main Thread: TP0
Total Memory: 134217728 bytes (128MB)
Boot Address: 0xb8000000
Board IP address : 192.168.1.1:ffffff00
Host IP address : 192.168.1.100
Gateway IP address :
Run from flash/host (f/h) : f
Default host run file name : vmlinux
Default host flash file name : bcm963xx_fs_kernel
Boot delay (0-9 seconds) : 1
Boot image (0=latest, 1=previous) : 0
Board Id (0-11) : 96368MVWG
Number of MAC Addresses (1-32) : 10
Base MA Address : 84:1b:5e:36:a1:10
PSI Size (1-64) KBytes : 24
Enable Backup PSI [0|1] : 0
System Log Size (0-256) KBytes : 0
Main Thread Number [0|1] : 0
*** Press any key to stop auto run (1 seconds) ***
Auto run second count down: 0
Booting from only image (0xb8020000) ...
Code Address: 0x80010000, Entry Address: 0x80298000
Decompression OK!
Entry at 0x80298000
Closing network.
Disabling Switch ports.
lushing Receive Buffers...
0 buffers found.
Closing DMA Channels.
Starting program at 0x80298000
Linux version 2.6.21.5 (root@UbuntuSSDx64) (gcc version 4.2.3) #1 Sat Feb 16 21:47:28 GMT 2013
Parallel flash device: name AM29LV320MT, id 0x2201 size 32768KB
96368MVWG prom init
CPU revision is: 0002a031
Determined physical RAM map:
memory: 07f00000 @ 00000000 (usable)
On node 0 totalpages: 32512
MA zone: 32 pages used for memmap
DMA zone: 0 pages reserved
DMA zone: 4064 pages, LIFO batch:0
Normal zone: 222 pages used for memmap
Normal zone: 28194 pages, LIFO batch:7
Built 1 zonelists. Total pages: 32258
Kernel command line: root=31:0 ro noinitrd console=ttyS0,115200
brcm mips: enabling icache and dcache...
Primary instruction cache 64kB, physically tagged, 4-way, linesize 16 bytes.
Primary data cache 32kB, 2-way, linesize 16 bytes.
Synthesized TLB refill handler (21 instructions).
Synthesized TLB load handler fastpath (33 instruCtions).
Synthesized TLB store handler fastpath (33 instructions).
Synthesized TLB modify handler fastpath (32 instructions).
PID hash table entries: 512 (order: 9, 2048 bytes)
Using 200.000 MHz high precision timer.
Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
Inode-cache hash table entries: 8192 (orDer: 3, 32768 bytes)
Memory: 126012k/130048k available (2097k kernel code, 4012k reserved, 490k data, 92k init, 0k highmem)
KLOB Pool 1 Initialized: 1048576 bytes <0x80300000... 0x80400000>
Calibrating delay loop... 398.95 BogoMIPS (lpj=997376)
Mount-cache hash table entries: 512
wait instruction: enabled
NET: Registered protocol family 16
Total Flash size: 32768K with 256 sectors
registering PCI controller with io_map_base unset
SCSI subsystem initialized
usbcore: registered new Interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
BLOG v2.1 Initialized
NET: Registeredprotocol family 8
NET: Registered protocol family 20
Time: MIPS clocksource has been installed.
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 4096 (order: 3, 32768 bytes)
TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
TCP: Hash tables configured (established 4096 bind 4096)
TCP reno registered
squashfs: version 3.2-r2 (2007/01/15) Phillip Lougher
squashfs: LZMA suppport for slax.org by jro
JFFS2 version 2.2. (NAND) (C) 2001-2006 Red Hat, Inc.
fuse init (API version 7.8)
io scheduler noop registered (default)
PPP generic driver version 2.4.2
NET: Registered protocol family 24
physmap platform flash device: 02000000 at b8000000
physmap-flash.0: ound 1 x16 devices at 0x0 in 16-bit bank
Amd/Fujitsu Extended Query Table at 0x0040
physmap-flash.0: CFI does not contain boot bank location. Assuming top.
number of CFI chips: 1
cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
cmdlinepart partition parsing not available
RedBoot partition parsing not available
Using physmap partition information
Creating 17 MTD partitions on "physmap-flash.0":
0x00020100-0x01e40000 : "rootfs"
mtd: partition "rootfs" doesn't start on an erase block boundary -- force reaD-only
0x00020000-0x01e40000 : "fw_upgrade"
0x01e40000-0x01e60000 : "SP"
0x01e60000-0x01e80000 : "MISC"
0x01e80000-0x01ea0000 : "DPF"
0x01ea0000-0x01ec0000 : "T_Meter1"
0x01ec0000-0x01ee0000 : "T_Meter2"
0x01ee0000-0x01f00000 : "T_Meter3"
0x01f00000-0x01f20000 : "T_Meter4"
0x01f20000-0x01f40000 : "POT"
0x01f40000-0x01f60000 : "Reserved1"
0x01f60000-0x01f80000 : "Reserved2"
0x01f80000-0x01fa0000 : "Reserved3"
0x01fa0000-0x01fc0000 : "Reserved4"
0x01fc0000-0x01fe0000 : "board_data"
0x01fe0000-0x02000000 : "nvram"
0x00000000-0x02000000 : "whole_flash"
bcm963xx_mtd driver v1.0
File systEm address: 0xb9000100
Broadcom DSL NAND controller (BrcmNand Controller)
i=0, CS[0] = 0
brcmnand_probe: CS0: dev_id=ecf10095
NAND Config: Reg=55042200, chipSize=128 MB, blockSize=128K, erase_shift=11
busWidth=1, pageSize=2048B, page_shift=11, page_mask=000007ff
timing1 not adjusted: 5363444f
timing2 not adjusted: 00000fc6
BrcmAND mfg ec f1 Samsung K9F1G08U0A 128MB
Found NAND: ACC=d3000000, cfg=55042200, flashId=ecf10095, tim1=5363444f, tim2=00000fc6
BrcmNAND version = 0x0201 128MB @00000000
brcmnand_probe: CS0: dev_id=ecf10095
1. Found NAND chip on Chip Select 0, chipSize=128MB, usable size=128MB, bAse=0x00000000
brcmnand_scan: B4 nand_select = 40000002
brcmnand_scan: After nand_select = 40000002
page_shift=11, bbt_erase_shift=17, chip_shift=27, phys_erase_shift=17
Brcm NAND controller version = 2.1 NAN flash size 128MB @16000000
brcmnand_scan: mtd->oobsize=64
brcmnand_scan: oobavail=50, eccsize=512, writesize=2048
brcmnand_scan, eccsize=512, writesize=2048, eccsteps=4, ecclevel=15, eccbytes=3
brcmnand_default_bbt: bbt_td = bbt_main_descr
Bad block table found at page 65472, version 0xFF
Bad block table found at page 65408, version 0xF
nand_read_bbt: Bad block at 0x02600000
nand_read_bbt: Bad block at 0x02be0000
nand_read_bbt: BaD block at 0x05480000
nand_read_bbt: Bad block at 0x07a80000
numchips=1, size=8000000
Creating 1 MTD partitions on "bcm63xx-nand.0":
0x00000000-0x08000000 : "storage"
PCI: Enabling device 0000:00:0a.0 (0000 -> 0002)
PCI: Setting latency timer of device 0000:00:0a.0 to 64
ehci_hcd 0000:00:0a.0: EHCI Host Controller
ehci_hcd 0000:00:0a.0: new USB bus registered, assigned bus number 1
ehci_hcd 0000:00:0a.0: irq 15, io mem 0x10001500
ehci_hcd 0000:00:0a.0: USB f.f started, EHCI 1.00, driver 10 Dec 2004
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 2 ports detected
ohci_hcd: 2006 August 04 USB 1.1 Open' Host Controller (CI) Driver
PCI: Enabling device 0000:00:09.0 (0000 -> 0002)
PCI: Setting latency timer ofdevice 0000:00:09.0 to 64
ohci_hcd 0000:00:09.0: OHCI Host Controller
ohci_hcd 0000:00:09.0: new USB bus registered, assigned bus number 2
ohci_hcd 0000:00:09.0: irq 13, io mem 0x10001600
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
usbcore: registered new interface driver usblp
drivers/usb/class/usblp.c: v0.13: USB Printer Device Class driver
Initializing USB Mass Storage driver...
usbcore: registered New interface driver usb-storage
USB Mass Storage support registered.
brcmboard: brcm_board_init entry
===>brcm_board_init: GPIO->GPIOBaseMode=0x3b000
===>brcm_board_init: GP O->GPIOMode=0x1f0003
Serial: BCM63XX driver $Revision: 3.00 $
ttyS0 at MMIO 0xb0000100 (irq = 10) is a BCM63XX
ttyS1 at MMIO 0xb0000120 (irq = 11) is a BCM63XX
bcmxtmrt: Broadcom BCM6368B2 ATM/PTM Network Device v0.3 Feb 16 2013 21:46:42
netem: version 1.2
u32 classifier
TCP cubic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
802.1Q VLAN Support v1.8Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (squashfs filesystem) readonly.
Freeing unused kernel memory: 92k freed
init started: BusyBox v1.00 (2013.02.16-21:55+0000) multi-call binary
BusyBox v1.00 (2013.02.16-21:55+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
Loading drivers and kernel modules...
pktflow: module license 'Proprietary' taints kernel.
Broadcom PaCket Flow Cache Char Driver v2.1 Nov 20 2009 22:08:08 Registered<242>
NBUFF v1.0 Initialized
Broadcom Packet Flow Cache learning via BLOG enabled.
Created Proc FS /procfs/fcache
Broadcom Packet Flow Cache registered with netdev chain
Constructed roadcom Packet Flow Cache v2.1 Nov 20 2009 22:08:06
Broadcom Packet CMF (Experimental) Char Driver v0.1 Nov 20 2009 22:08:03 Registered<232>
Broadcom Packet CMF (Experimental) [6368-B2] v0.1 ov 20 2009 22:08:02 Loaded
bcmxtmcfg: bcmxtmcfg_init entry
adsl: adsl_init entry
Broadcom BCMPROCFS v1.0 initialized
Broadcom BCM6368B2 Ethernet Network Device v0.1 Oct 31 2011 09:20:58
KLOB extended to 2 pools
KLOB extended to 3 pools
KLOB extended to 4 pools
Config Switch Through SPI Slave Select 1
ethsw: found bcm53115!
dgasp: kerSysRegisterDyingGaspHandler: bcmsw registered
roadcom Packet CMF (Experimental) SWC RESET.
Broadcom Packet CMF (Experimental) SWC INITIALIZED.
KLOB extended to 5 pools
KLOB extended to 6 pools
LO extended to 7 pools
KLOB extended to 8 pools
Broadcom Packet CMF (Experimental) Forwarder Net Device 0 v0.1 Nov 20 2009 22:08:03 Registered
Broadcom Packet CMF (Experimental) Forwarder et Device 0 v0.1 Nov 20 2009 22:08:03 Registered
Broadcom Packet CMF (Experimental) ENABLED.
eth0: MAC Address: 84:1B:5E:36:A1:11
eth1: MAC Address: 84:1B:5E:36:A1:10
eth2: MA Address: 84:1B:5E:36:A1:10
eth3: MAC Address: 84:1B:5E:36:A1:10
eth4: MAC Address: 84:1B:5E:36:A1:10
eth0 Link DOWN.
eth1 Link DOWN.
eth2 Link DOWN.
eth3 Link DOWN.
eth4 Link DOWN.
PCI: Enabling device 0000:00:01.0 (0000 -> 0002)
PCI: Setting latency timer of device 0000:00:01.0 to 64
wl0: Broadcom BCM4351 802.11 Wireless Controller 5.10.120.0.cpe4.404.8
dgasp: kerSysRegisterDyingGaspHandler: wl0 registered
PCI: Enabling device 0000:00:02.0 (0000 -> 0002)
PCI: SEtting latency timer of device 0000:00:02.0 to 64
wl1: Broadcom BCM4350 802.11 Wireless Controller 5.10.120.0.cpe4.404.8
dgasp: kerSysRegisterDyingGaspHandler: wl1 registered
p8021ag: p8021ag_init entry
Broadcom Packet Flow Cache learning via BLOG disabled.
sh: cannot create/proc/sys/net/ipv4/neigh/br0/base_reachable_time: Directory nonexistent
Reading board data...
WSC UUID: 0x2f7837f617b49fff361c2dff1b138aa7
wps_uuid=0x2f7837f617b49fff361c2dff1b138aa7
klips_info:ipsec_init: K
IPS startup, Openswan KLIPS IPsec stack version: 2.4.9
NET: Registered protocol family 15
klips_info:ipsec_alg_init: KL PS alg v=0.8.1-0 (EALG_MAX=255, AALG_MX=251)
klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
<6>KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 keymaxbits=256, found(0)
KLIPS: lookup for ciphername=cbc(twofish): not found
KLIPS: lookup for ciphername=cbc(serpent): not found
KLIPS: lookup for ciphername=cbc(cast5): not found
KLIPS: lookup for ciphername=cbc(blowfish): not found
<6>KLIPS cryptoapi interface: alg_type=15 alg_id=3 name=cbc(des3_ede)keyminbits=192 keymaxbits=192, found(0)
<6>KLIPS cryptoapi interface: alg_type=15 alg_iD=2 name=cbc(des) keyminbits=64 keymaxbits=64, found(0)
ln: /dev/random: File exists
device eth1 entered promiscuous mode
device eth2 entered promiscuous mode
device eth3 entered promiscuous mode
device eth4 entered promiscuous mode
device wl0 entered promiscuous mode
br0: port 5(wl0) entering learning state
sh: arping: not found
eth4 Link UP 1000 mbps full duplex
br0: port 4(eth4) entering learning state
xtm command is xtm operate conn --createnetdev 1.0.38 atm0
bcmxtmrt: MAC address: 84 1b 5e 36 a1 12
DS
mode command is xdslctl start --bitswap on --sra off --lpair i --mod dlt2pemv --up
BcmAdsl_Initialize=0xC010EA10, g_pFnNotifyCallback=0xC0142FD4
Clocks for QPRC and AFE are being aligned with step through ...
AFE is aligned, i = 049, PhaseValue = -050, PhaseCntl = 0x3FCF0000
QPRC is aligned, i = 051, PhaseValue = -050, PhaseCntl = 0x3FCF3FCD
Clocks for QPROC And AFE are aligned with syn_status AFE = 0x70, QPROC = 0x70
AFE phase control reg @0xb0f570f8 default actual = 0x0021C38F, exp = 0x0021c38f
QPRC phase controlreg @0xb0f5f0c0 default actual = 0x0421C38F, exp = 0x0421c38f
pSdramPHY=0xA7FFFFF8, 0xFFFBFFF 0x77EFE6BF
*** XfaceOffset: 0x5FF90 => 0x5FF90 ***
br0: topology change detected, propagating
br0: port 5(wl0) entering forwarding state
*** PhySdramSize got adjusted: 0xC6F58 => 0xFD610 ***
AdslCoreSharedMemInit: shareMemAvailable=10704
br0: topologychange detected, propagating
br0: port 4(eth4) entering forwarding state
AdslCoreHwReset: pLocSbSta=872a0000 bkupThreshold=3072
AdslCoreHwReset: AdslOemDataAddr = 0xA7FBC6D8
dgasp: kerSysRegisterDyingGaspHandler: dsl0 registered
SL mode command is xdslctl configure --phycfg 0 0 0 0 0 0x00000002 0x00000000
info, udhcp server (v0.9.8) started
error, unable to parse 'option wins '
error, unable to parse 'option domain '
save_router_stats(721): port=1
POT integrity check OK.
POT time is up.
192.168.0.1
c0a80001
automount: get SIGUSR1.
killall: minidlna.exe: no process killed
IOCTL_AG_REGION_SET: English
Info: No FWPT default policies.
httpd: socket bound in 0.0.0.0:80.
/ # Setting SSID "Xxxxxx"
Setting SSID "Xxxxx"
Setting SSID "NETGEAR-3"
Setting SSID "NETGEAR-4"
br0: port 5(wl0) enterinG disabled state
Chanspec set to 0x2e09
The kernel doesn't support the ebtables nat tAble.
The kernel doesn't support the ebtables nat table.
device wl0 is already a member of a bridge; can't enslave it to bridge br0.
device wl0.1 entered promiscuous mode
device wl0.2 entered promiscuous mode
device wl0.3 entered promiscuous mode
br0: port 5(wl0) entering learning state
Reaped 709
UPnP daemon is ready to run
br0: topology change detected, propagating
br0: port 5(wl0) entering forwarding state
Couldn't open the directory
: No such file or directory
ftpRestart:
Start WS !!
killall: bftpd: no process killed
killAll: bftpd: no process killed
http_d: got signal
usage smb_pass user passwd
Setting SSID "NETGEAR-5G"
Setting SSID "NETEAR-5G-2"
Setting SSID "NETGEAR-5G-3"
Setting SS D "NETGEAR-5G-4"
hanspec set to 0x1d26
The kernel doesn't support the ebtables nat table.
The kernel doesn't support theebtables nat table.
The kernel doesn't support the ebtables nat table.
The kernel doesn't support the ebtables nat table.
The kernel doesn't support the ebtables nat table.
The kernel doesn't support the ebtables nat table.
The kernel doesn't support the ebtables nat table.
The kernel doesn't support the ebtables nat table.
device wl1 entered promiscuous mode
device wl1.1 entered promisCuous mode
device wl1.2 entered promiscuous mode
device wl1.3 entered promiscuous mode
Reaped 1338
UPnP daemon is ready to run
Start WPS !!
- Note , "Bad block table found" on the NAND, hmm !!
Normal Flashing via http
This looks slightly different from the console, first lot of dots are quick as it transfers the image, second lot are slow as it writes to NAND (/dev/mtd1)
/ # killall: wsccmd: no process killed ......................................................................................................................................... Writing 9016667 bytes to /dev/mtd1. .....................................................................done. Restarting system. ****** DDR->DSLCorePhaseCntl=0 ****** ▒ DGND3700 Boot Code V1.0.8 CFE version 1.0.37-104.4 for BCM96368 (32bit,SP,BE) Build Date: Mon Feb 21 17:59:46 CST 2011 (finerain@moonlight) Copyright (C) 2000-2009 Broadcom Corporation. <SNIP>
References
http://wiki.openwrt.org/toh/netgear/dgnd3700
JTAG
If you are more broken even than this is able to fix, then this may help
http://www.dd-wrt.com/wiki/index.php/JTAG
Supported chips mentions the Broadcom BCM6368
Comments
blog comments powered by Disqus
