Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

R7000 / RT-AC68U (xwrt/merlin-assus) has arm arch and arm-brcm-linux-uclibcgnueabi toolchain #27

Closed
mihaiaka opened this issue May 15, 2024 · 11 comments
Closed

R7000 / RT-AC68U (xwrt/merlin-assus) has arm arch and arm-brcm-linux-uclibcgnueabi toolchain #27

mihaiaka opened this issue May 15, 2024 · 11 comments
Labels
device support

Comments

@mihaiaka
Copy link

I have a NetGear R7000 router. Is the same hardware inside as the Asus RT-AC68U, which made possible the porting of Asus-Merlin. The project name is Xwrt, documented here: https://www.linksysinfo.org/index.php?threads/asuswrt-merlin-on-netgear-r7000.71108

Long story short, I was trying to make use of this C++ implementation on it, but failed with the two types I've tried:

  1. with "arm-linux-musleabi(cortex_a7)" i get "Illegal instruction"
  2. with "mipsel-linux-musl" i get "./pppwn: line 1: syntax error: unexpected word (expecting ")")"

The dev over there mentioned that (on the last page):
R7000) / RT-AC68U has arm arch and arm-brcm-linux-uclibcgnueabi toolchain.
toolchains are here: https://github.com/RMerl/am-toolchains

Q? Would it be possible to get "nightlies" for this type of architecture? Or how can one make/built it to run on my device?

Any pointers would be appreciated.
Thank you, M.
@xfangfang
Copy link
Owner

xfangfang commented May 15, 2024
edited
Loading

I think arm-linux-musleabi(cortex_a7) should work on your device.

According to Broadcom_BCM4708, R7000 / RT-AC68U use a cortex-a9 cpu. (The Cortex-A series CPUs all have backward compatibility, so the Cortex-A9 should be able to run)

try run uname -a on your router and see what output.

and run: cat /proc/cpuinfo

@stanleyws
Copy link

I have the same problem too, managed to compile for my AC87U with cortex-a9 but won't run and returns 'Illegal instruction'. Looked it up and seems like the Broadcom BCM4709 SoC does not have VFP like this issue mentioned: openwrt/packages#10967

I tried to compile a simple hellow world with 'zig cc -target arm-linux-musleabi -mcpu=cortex_a9 -mfpu=none -o hello hello.c' and the compiled hellow world still won't run on the router and returns 'Illegal instruction'. Tried all possible options for 'mfpu' including 'softvpu' listed here https://developer.arm.com/documentation/dui0774/b/compiler-command-line-options/-mfpu but the compiled binary does not change at all (they have the same checksum):

user@user-virtual-machine:~/Documents$ sha256sum test_none
a27aaeab79d1d51d6b8ac73b224b1689ac7a8722469250b9a83298fcc831a24b  test_none
user@user-virtual-machine:~/Documents$ sha256sum test_softvfp 
a27aaeab79d1d51d6b8ac73b224b1689ac7a8722469250b9a83298fcc831a24b  test_softvfp
user@user-virtual-machine:~/Documents$ sha256sum test_vfpv3 
a27aaeab79d1d51d6b8ac73b224b1689ac7a8722469250b9a83298fcc831a24b  test_vfpv3

Seems like zig cc has some issues passing -mfpu option so I don't know what to do now

@mihaiaka
Copy link
Author

think arm-linux-musleabi(cortex_a7) should work on your device.

According to Broadcom_BCM4708, R7000 / RT-AC68U use a cortex-a9 cpu. (The Cortex-A series CPUs all have backward compatibility, so the Cortex-A9 should be able to run)

try run uname -a on your router and see what output.

uname -a
Linux R7000-EADE 2.6.36.4brcmarm #1 SMP PREEMPT Tue May 16 10:05:49 PDT 2023 armv7l XWRT-Vortex

and run: cat /proc/cpuinfo

cat /proc/cpuinfo
Processor : ARMv7 Processor rev 0 (v7l)
processor : 0 BogoMIPS : 1998.84
processor : 1 BogoMIPS : 1998.84

Features : swp half thumb fastmult edsp CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x3 CPU part : 0xc09 CPU revision : 0

Hardware : Northstar Prototype
Revision : 0000
Serial : 0000000000000000

@xfangfang
Copy link
Owner

xfangfang commented May 15, 2024
edited
Loading

@mihaiaka @stanleyws

You can try this: https://github.com/xfangfang/PPPwn_cpp/actions/runs/9101996371

arm-linux-musleabi(cortex_a7_soft)

The latest build attempts to disable FP registers by adding -Xclang -target-feature -Xclang -fpregs to compile option, hoping it will work.

Maybe no work, but you can try to add more options like: -Xclang -target-feature -Xclang -vfp2 (This will disable fp2)

@stanleyws
Copy link

I managed to compile the code for 'mpcorenovfp' and it finally works:
cmake -B build -DZIG_TARGET=arm-linux-musleabi -DUSE_SYSTEM_PCAP=OFF -DZIG_COMPILE_OPTION="-mcpu=mpcorenovfp"

Maybe open a wiki page so we can document build target options for different platforms

@stanleyws
Copy link

By the way the last build with -Xclang -target-feature -Xclang -fpregs still doesn't work, tried them on my AC87U router and it shows:

admin@RT-AC87U-E160:/tmp/home/root# ./pppwn_soft
Illegal instruction
admin@RT-AC87U-E160:/tmp/home/root# ./pppwn_softfp 
Illegal instruction

@xfangfang
Copy link
Owner

xfangfang commented May 15, 2024
edited
Loading

I'm glad to hear that -mcpu=mpcorenovfp is working properly. But I think the best solution would be to reduce features on specific CPU models to achieve faster operation as much as possible.

According to ziglang/zig#4261 (comment) we can using -mcpu=cortex_a7-vfp4 to drop vfp4 feature in cortex_a7.

You can test it here: https://github.com/xfangfang/PPPwn_cpp/actions/runs/9103419502 (arm-linux-musleabi(cortex_a7_soft))

I'm not sure if removing only vfp4 is enough. You can view more features here and test them:
https://github.com/ziglang/zig/blob/efe06c5f31fe1e9ff02da1082367302b0a188a63/lib/std/Target/arm.zig#L2028-L2044

maybe we need: -mcpu=mpcorenovfp+has_v7clrex+has_v7+aclass ?

You can use: ./zig cc -### -target arm-linux-musleabi -mcpu=cortex_a7 main.c to get the default feature set

@mihaiaka
Copy link
Author

By the way the last build with -Xclang -target-feature -Xclang -fpregs still doesn't work, tried them on my AC87U router and it shows:

admin@RT-AC87U-E160:/tmp/home/root# ./pppwn_soft
Illegal instruction
admin@RT-AC87U-E160:/tmp/home/root# ./pppwn_softfp 
Illegal instruction

I get the exact outcome on my router with both.

I managed to compile the code for 'mpcorenovfp' and it finally works: cmake -B build -DZIG_TARGET=arm-linux-musleabi -DUSE_SYSTEM_PCAP=OFF -DZIG_COMPILE_OPTION="-mcpu=mpcorenovfp"

Maybe open a wiki page so we can document build target options for different platforms

can this be shared as an artifacts/nightly built?

Thank you.

@xfangfang
Copy link
Owner

xfangfang commented May 16, 2024
edited
Loading

@mihaiaka https://github.com/xfangfang/PPPwn_cpp/actions/runs/9109346620

https://github.com/xfangfang/PPPwn_cpp/actions/runs/9109346620/attempts/1

@mihaiaka
Copy link
Author

mihaiaka commented May 16, 2024
edited
Loading

admin@R7000-EADE:/jffs/addons# ./pppwn
[+] PPPwn++ - PlayStation 4 PPPoE RCE by theflow
SYNOPSIS
pppwn --interface [--fw ] [--stage1 ] [--stage2 ] [-a]
pppwn list

OPTIONS
--interface network interface
--fw {750,751,755,800,801,803,850,852,900,903,904,950,951,960,1000,1001,1050,1070,1071,1100}
--stage1 stage1 binary
--stage2 stage2 binary
-a, --auto-retry
automatically retry when fails

Looks good! thank you very much sir. Are there any support/ko-fi links available?

@xfangfang
Copy link
Owner

Thank you, it's just a little bit of work. Maybe you can take a look at https://github.com/TheOfficialFloW He is the hero in this scene

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
device support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xfangfang @mihaiaka @stanleyws