atin initialize hidden flash access module
atbt x block0 write enable (1=enable, other=disable)
atwm x set MAC address in working buffer
aten x,(y) set BootExtension Debug Flag (y=password)
atse x show the seed of password generator
atwz a(,b,c) write ZyXEL MAC addr, Country code, EngDbgFlag
atcb copy from FLASH ROM to working buffer
atcl clear working buffer
atsb save working buffer to FLASH ROM
atbu dump manufacturer related data in working buffer
atco x set country code in working buffer
atfl x set EngDebugFlag in working buffer
atub x,y,z upgrade bootloader, set engineer debug flag and country code
atdb x dump bootloader to a file
atec x,y set engineer debug flag and country code
atsn x set serial number
atmr dump MRD and MTD information
atmi x Enable/Disable model ID checking (1=enable, 0=disable)
Would be nice to find out how to debrand it. There's a guide for some other Zyxel equipment:
ReplyDeletehttp://futureblog.grawet.be/wp-content/uploads/2006/08/zyxel-debranding.pdf
Wondering what is that extra parameter in ATSE.
press z key at imediat power-on, and u will get (zloader)ZLO - prompt
ReplyDeleteZLGO boot up the whole system
ZLGU go back to U-Boot command line
ZLUA x upgrade ras image (whole image)
ZLUP x upgrade ras image (zboot+kernel+rootfs
at ZLGU command u will get U-BOOT enviroment.
VR9 # ?
? - alias for 'help'
askenv - get environment variables from stdin
base - print or set address offset
bootm - boot application image from memory
bootp - boot image via network using BootP/TFTP protocol
cmp - memory compare
cp - memory copy
crc32 - checksum calculation
echo - echo args to console
erase - erase FLASH memory
flinfo - print FLASH memory information
go - start application at address 'addr'
help - print online help
imls - list all images found in flash
loop - infinite loop on address range
md - memory display
mm - memory modify (auto-incrementing)
mtest - simple RAM test
mw - memory write (fill)
nand - NAND sub-system
nboot - boot from NAND device
nm - memory modify (constant address)
ping - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
protect - enable or disable FLASH write protection
rarpboot- boot image via network using RARP/TFTP protocol
reset - Perform RESET of the CPU
run - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv - set environment variables
tftpboot- boot image via network using TFTP protocol
version - print monitor version
to get seed necesary to unlock atxx protected commands, use ATSE DSL-2492HNU-L3v2 command.
ReplyDeleteafter, get the password with this tool https://www.dropbox.com/s/nvzskobftyzbmkz/zyxel
then use : aten 1, (resulted passwd)
What is sympthoms of corrupted bootloader? If it really corrupted, what is shown?
ReplyDelete