Posted by
harpss1ngh on
May 18, 2016; 12:57pm
URL: https://itus.accessinnov.com/Guide-How-to-fix-resurrect-a-bricked-Shield-and-updated-to-1-51SP1-w-Feb-March-2016-hotfixes-fw-upgr-tp931.html
Just to help anyone who may be stuck with a bricked Shield:
1) Get a good quality console cable, USB to Serial adapter (or USB to console cable) with an FTDI chipset (not the cheap ones on ebay with a ch340 chip or fake pl2303). They're only 12 quid off Amazon, I got this:
Asunflower® Cisco USB Console Cable FTDI USB to RJ45 for Windows Vista MAC Linux RS-232 (6 feet)These steps will allow you to make your Shield boot, to the point where you can SSH to it and (hopefully) SCP the files you are missing.
2) Plug the console cable into the Shield's console port, USB to your laptop or pc or whatever you have. Install the drivers for the USB driver. Download and open putty. Select Serial and enter the COM port (you can find it via device manager > Ports), then enter 115200 for speed.
3) Power on the Shield, carefully inspect the first few lines, if it says "OCTBOOT2BIN not found Error: Trying embedded failsafe..." follow this guide to upload the missing octboot2.bin bootloader file
4) Hit enter a few times to get a Octeon sff7000# prompt.
5) Enter: fatls mmc 1
6) This will list the files in the embedded MMC chip. For your shield to boot you need to see these files:
octboot2.bin
u-boot-octeon_rhino_itus7x.bin
7) If any are missing, then at this point you need to first download a copy. Luckily a few board members here have uploaded these to dropbox so they have it covered, you can find these here:
octboot2.binu-boot-octeon_rhino_itus7x.binmd5sum of both the above files - You don't need this to fix the Shield to boot, this is just to verify the two files above aren't corrupted/modified if you know how to use it, otherwise don'tThanks to @Hans for these.
If you are missing these, don't worry they will be restored during the upgrade process, just follow this guide!:
itusgatewayimage
itusrouterimage
itusbridgeimage
ItusrestoreImage
8) Once you have downloaded a copy to your machine, you will need to tftp the missing files in a specific order to make the Shield boot to the correct stage.
octboot2.bin is needed to boot to Stage 2 (however to get the Shield up and running temporarily to fix it, you don't need this as there is a failover bootloader which the Shield will boot to which gives you the "Octeon sff7000# prompt and it can be uploaded once you can get SSH running).
Once you are at stage 2 (Octeon sff7000# prompt), u-boot-octeon_rhino_itus7x.bin is then needed to get to Stage 3, at Stage 3 you will need one of the 3 itus images to boot the Shield up to the Linux OS (You will see Snoopy at this stage) at which point you can issue an update and make the Shield download all the missing files it needs to boot as normal when it is rebooted (it will get stuck again if you don't).
So from the Octeon sff7000# prompt:
##################################################################################################################################
### If you have a u-boot-octeon_rhino_itus7x.bin file in the MMC, then simply run these commands to get to Stage 3: ###
setenv octeon_stage3_bootloader u-boot-octeon_rhino_itus7x.bin
bootstage3
At which point the console should start booting to the next stage, and you will then get this prompt:
Octeon cust_private_rhino_itus7x(ram)#
This is stage 3!
##################################################################################################################################
##################################################################################################################################
### If you don't have a u-boot-octeon_rhino_itus7x.bin file in the MMC, then follow this to upload it to tftp: ###
Install tftpd32 and copy the u-boot-octeon_rhino_itus7x.bin to the tftpd program files directory (C:\Program Files (x86)\tftpd32\
Install Teraterm SSH client and use that to transfer the file over the console instead of Putty (Close down Putty, open Teraterm on the COM port and speed 115200).
On the Shield, Run:
setenv loadaddr 0x400000
fatls mmc 1
loadb
The shield will now wait to receive a binary file:
## Ready for binary (kermit) download to 0x00400000 at 115200 bps...
## Total Size = 0x00115ef0 = 1138416 Bytes
## Start Addr = 0x00400000
From Teraterm , click on → file →transfer → Kermit → select the file which is u-boot-octeon_rhino_itus7x.bin. The Shield should then have a copy of this file loaded into Memory (RAM, not in the eMMC)
Then on the shield:
Type:
go 0x400000
Now, follow the previous step to get to Stage 3 to this prompt:
Octeon cust_private_rhino_itus7x(ram)#
##################################################################################################################################
9)
Now, at this prompt: Octeon cust_private_rhino_itus7x(ram)#
Wire up your Shield as per the Router configuration (Look at the label underneath it)
Type in dhcp, your Shield should now pick up an IP Address from your router and display it on screen
setenv serverip x.x.x.x (set this to the ip address of your machine or the one where tftpd32 or Solarwinds Tftp is running on)
Now on the Shield, enter:
ping x.x.x.x (The ip of your TFTP server). If it pings, then move on to the next step, if not then you need to check your network configuration and fix the issue preventing the shield from reaching your tftp server.
Now type, tftp ItusrouterImage
The router image should upload to the Shield.
Now run this to boot it:
bootoctlinux $(loadaddr) numcores=2 mem=0
Bam! Snoopy should now pop up!
10) Now log into the Shield's IP Address (should be 10.10.10.10), username admin, password itus. Enable DropBear SSH on the LAN interface.
Download and install winscp. Connect to the Shield's IP in Winscp via SCP (username is root, password is itus by default)
On the Shield serial console (or via SSH):
mount /dev/mmcblk0p1 /overlay
In WinSCP, go to the overlay directory on the Shield.
From here, upload any files from WinSCP that are missing from the Shield out of these:
octboot2.bin
u-boot-octeon_rhino_itus7x.bin
Not these, these will be installed from the upgrade script in the next step!
itusgatewayimage
itusrouterimage
itusbridgeimage
ItusrestoreImage
Then unmount the /overlay partition:
umount /overlay
11) Now run the upgrade script:
On the Shield in SSH:
root@Itus# cd /tmp
root@Itus:/tmp# wget http://itus.accessinnov.com/file/n10/Upgrade_RC_to_SP1.txt
root@Itus:/tmp# mv Upgrade_RC_to_SP1.txt Upgrade_RC_to_SP1.sh
root@Itus:/tmp# sh Upgrade_RC_to_SP1.sh
BAM! Your shield will now download the 1.51SP1 update and download the Itus Images.
Once done,
Install these two hotfixes:
root@Itus# cd /
root@Itus:/# wget http://itus.accessinnov.com/file/n8/hotfix_160210.tgz
root@Itus:/# tar -zxvf hotfix_160210.tgz
root@Itus:/# reboot -f
root@Itus# cd /
root@Itus:/# wget http://itus.accessinnov.com/file/n157/hotfix_160309-FINAL.tgz
root@Itus:/# tar -zxvf hotfix_160309-FINAL.tgz
root@Itus:/# reboot -f
Now install the latest fw_upgrade script (v8.3.1) which I have updated with the latest files downloaded from Github 23/05/2016:
root@Itus# cd /tmp
root@Itus:/tmp# wget http://itus.accessinnov.com/file/n896/dnsmasq.dnsmasq
root@Itus:/tmp# wget http://itus.accessinnov.com/file/n896/e2guardian.lua
root@Itus:/tmp# wget http://itus.accessinnov.com/file/n931/fw_upgrade.fw_upgrade
root@Itus:/tmp# wget http://itus.accessinnov.com/file/n931/index.htm
root@Itus:/tmp# wget http://itus.accessinnov.com/file/n931/install_fw_upgrade_8_3_1.sh
root@Itus:/tmp# wget http://itus.accessinnov.com/file/n896/write-categories.sh
root@Itus:/tmp# mv dnsmasq.dnsmasq dnsmasq
root@Itus:/tmp# mv fw_upgrade.fw_upgrade fw_upgrade
Note: .version no longer needed due to an update commited to Github here:
https://github.com/ItusShield/Shield-Master/commit/4a39bc4c823a3c4427fa901307ba2ffd6b24a96aThanks @Gnomad for the changes:
These are new files from Github, uploaded 23/05/2016, from fw_upgrade 8.3 to 8.3.1, the links above have been updated:
index.htmfw_upgrade.fw_upgradeinstall_fw_upgrade_8_3_1.shThen run:
root@Itus:/tmp# sh /tmp/install_fw_upgrade_8_3_1.sh
Then run fw_upgrade 3 times to make sure snort is properly updated. Wait a few minutes after each one to allow the services to come back up otherwise you may get issues:
root@Itus:/tmp# sh /sbin/fw_upgrade
(wait 2 mins)
root@Itus:/tmp# sh /sbin/fw_upgrade
(wait 2 mins)
root@Itus:/tmp# sh /sbin/fw_upgrade
root@Itus:/tmp# reboot -f
Done! Hope this helps someone!
Many thanks to @Hans, @Roadrunnere42, @user8446 and anyone else who I missed out for their posts which helped me put this guide together!
P.S: If you want to update the SSH banner, you can do this:
root@Itus# cd /etc
root@Itus:/etc#mv banner banner.bak
root@Itus:/etc# vi banner
Press i to insert and paste this :)
=========================================================================
| ___ _____ _ _ ____ _ _ _ _ |
| |_ _|_ _| | | / ___| | \ | | ___| |___ _____ _ __| | _____ |
| | | | | | | | \___ \ | \| |/ _ \ __\ \ /\ / / _ \| '__| |/ / __| |
| | | | | | |_| |___) | | |\ | __/ |_ \ V V / (_) | | | <\__ \ |
| |___| |_| \___/|____/ |_| \_|\___|\__| \_/\_/ \___/|_| |_|\_\___/ |
| ____ _ _ ___ _____ _ ____ ,-~~-.___. |
| / ___|| | | |_ _| ____| | | _ \ / | ' \ |
| \___ \| |_| || || _| | | | | | | ( ) 0 |
| ___) | _ || || |___| |___| |_| | \_/-, ,----' |
| |____/|_| |_|___|_____|_____|____/ ==== // |
| v1.51 SP1 + Hotfix Mar 9 2016 / \-'~; /~~~(O) |
| / __/~| / | |
| Powered by OpenWrt -==( _____| (_________| |
| See itus.accessinnov.com for suport |
=========================================================================
Then :wq to save and quit
DISCLAIMER: I'm just another user on this forum posting what worked for me. I don't provide any warranty for anything I contribute. I have tested this guide myself and it works for me.