Here is one way to break the APX120 uBoot and enter the uBoot cli environment...
Connect your serial port to the 4 pin header, setup putty and grab a cable connected to GND..
Don´t connect Pin 1 (3.3V) and use 2,3,4 (TX,GND,RX)
Powerup the APX120 and right after you see the first boot messages, just before u-Boot 2012.07 ... comes up
pull the SO/SIO1 from the SOIC 300-mil layout to GND (U26, Pin 8).
it´s needs a good timing and maybe some retries.
AND you would need a good USB/RS232 Adapter (Prolific PL2303HXD or maybe PL2303RA).
uBoot will enter the default environment, from here you can try to change bootdelay..
one drawback ...
if you change the bootdelay and save the environment you lose all settings for a successfull APX boot.
But you could reset the APX120 now, enter u-Boot again and you will have a clean uBoot environment.
From here you could set the neccesary environment variables and load the apx.uimage later on.
U-Boot 2012.07 [Chaos Calmer unknown,unknown] (Nov 02 2018 - 08:13:09) smem ram ptable found: ver: 1 len: 3 DRAM: 256 MiB @machid : 0x8010100 NAND: SF NAND unsupported id:0:8:20:21SF NAND unsupported id:0:8:20:21SF: Detected default with page size 64 KiB, total 16 MiB SF: Detected default with page size 64 KiB, total 16 MiB ipq_spi: page_size: 0x100, sector_size: 0x10000, size: 0x1000000 32 MiB MMC: *** Warning - bad CRC, using default environment In: serial Out: serial Err: serial machid: 8010100 flash_type: 0 Hit any key to stop autoboot: 0 nand1: partitioning exceeds flash size Error initializing mtdparts! (APX120) #
Update (04.03.2023)
For those, that want to try a debrick.
Here is a serial log, that i can provide, it shows the boot process after modding bootdelay and entering uBoot CLI, loading an APX.uimage, entering Root Shell and loading the Update image from Sophos.
You need to press enter after loading the kernel and from here you get the OpenWrt Shell.
Connect the APX to your ISP Router and from root, load the image from Sophos and start the update script.
The script is part of the image and fixed the NAND Layout (UBI, filesystem, etc....) and writes all that was required.
U-Boot 2012.07 [Chaos Calmer unknown,unknown] (Nov 02 2018 - 08:13:09)
smem ram ptable found: ver: 1 len: 3
DRAM: 256 MiB
@machid : 0x8010100
NAND: spi_nand: spi_nand_flash_probe SF NAND ID 0:ef:ab:21
SF: Detected W25M02GV with page size 2 KiB, total 256 MiB
SF: Detected MX25L1605D with page size 4 KiB, total 2 MiB
ipq_spi: page_size: 0x100, sector_size: 0x1000, size: 0x200000
258 MiB
MMC:
In: serial
Out: serial
Err: serial
machid: 8010100
flash_type: 0
Hit any key to stop autoboot: 0
Net: MAC0 addr:xx:xx:xx:xx:xx:xx
PHY ID1: 0x4d
PHY ID2: 0xd0b2
ipq40xx_ess_sw_init done
eth0
(APX120) # tftpboot APX.v2.1.1-1.uimage
eth0 PHY0 Down Speed :10 Half duplex
eth0 PHY1 Down Speed :10 Half duplex
eth0 PHY2 Down Speed :10 Half duplex
eth0 PHY3 Down Speed :10 Half duplex
eth0 PHY4 up Speed :1000 Full duplex
Using eth0 device
TFTP from server 192.168.1.8; our IP address is 192.168.1.1
Filename 'APX.v2.1.1-1.uimage'.
Load address: 0x84000000
Loading: #################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################
done
Bytes transferred = 16465885 (fb3fdd hex)
(APX120) # bootm 0x84000000#config@4
## Booting kernel from FIT Image at 84000000 ...
Using 'config@4' configuration
Trying 'kernel@1' kernel subimage
Description: ARM OpenWrt Linux-3.14.43
Type: Kernel Image
Compression: uncompressed
Data Start: 0x840000e4
Data Size: 16217188 Bytes = 15.5 MiB
Architecture: ARM
OS: Linux
Load Address: 0x80208000
Entry Point: 0x80208000
node name: signature@1
Sign algo: sha256,rsa4096
Sign value: 2544f5d8c17be345ae9f041107ae647c4b01638eb982275c0cb2c89c72c6703fee7ed2f86e112635f4c41644ac4d053c4d14f40a8f55c843d2252f143fa4a4343ab364470ba7fc75f3108e67c0fa712f34ca8c8ac53c31b0ba8fe995fb340ead4ee2ccdf41a5ef9c6b3e8cb7c08b8c2d7eb5f02ed2211bdd8cd9802ea08dae2132961bcd76f39c5abae21f1e89064d3812247711e9f1350bfa45c61330fb260b0631050c17e7f49708ad7a5ce06ea06414a4d27f921ed33a7cba0fbd2330a973ba6dde54a9287a418dc6f8ba520a91381ef0b4165e49c5ba7e694dc0175905f57e9bd37204eaee687b8c8cf108726f9a0f6386620e70528f0a9700d725cc4272fa73dff59a26ac19de1643823660bbf94db5def4a017c886347285ad77060924019616ebccef94a597a10c8e7e9dff0a6e6492931ab29602f08b54eabe957df80848f3d10a3e00c36c9b3c3a22acafec84037da896425ac82356ae43105a36b52b51eb3f2d2b3b6305b7363e66742873f66072926015edba6eb612fade9cb3e38cfda2b433836ac5bc7873d215b352211bb448a8d6766f6d34bfb6aa1d044cb4d21d023386f3a4e6e37cd3fbed97391311c6875ea94a8a84b8027570aa310883e6e63029c2ab42a33b3671aa63edd4d7d6386822889182fa0915589d109b41ee345b685cb540bf5c70e873eccca35ab4a0cd31cb32110302fe0009109836a2f4
Verifying Hash Integrity ... sha256+ OK
## Flattened Device Tree from FIT Image at 84000000
Using 'config@4' configuration
Trying 'fdt@4' FDT blob subimage
Description: ARM OpenWrt Sophos-APX device tree blob
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x84f8cd88
Data Size: 33944 Bytes = 33.1 KiB
Architecture: ARM
node name: signature@1
Sign algo: sha256,rsa4096
Sign value: b10820c244a7e9eee31fe5e0960b5d92734dc256f2a869cdd6834aa48842e95a803388cbab8d03a2227b50c07bd5f4bd536cb022134ab02863cec311d16ac8cd771218e23d68377d231a6642a3c4e9a5dcfa4754ada194b91e793470b8a784fe3ab8f646f419a0c4f38c3a5c4c86931108b4c926ac1a463cd4313459a7ea8f762ba8b141e1452c457520d6d4951f69a3cc6f9f8f6e60a189372393d7e41baa6788ddbd0330cf0ab962f506b34b1e4620217b05a45b2c10e81b9129b6cba3178fd4565b27be38f15f412e8f7df850e04bc434b938f116cd3d4dbaa941ca704b1896ef96a5af379f7bae826dfc166f8a3ed957a62a8dc8a815c4b09293aca868cf672a67f06ff81c8e397fd01abdb7ba48933f5ffa27563db558fb1ab7217fcac02b6a31faf1a86f9db430b23bf5261a8aaad03f9be8955e9c5a72b372dc91b558f52278698947ea04c46276a8ba13768cb2fe9386cf273e08b95abebcca4219632f730162a7ed9fe949551e1dc2546adfb64ae6d759421f5de48ad148d920b354b9b07196460aea74f8c4adece41e0e33ee0a009cbb3086c6e26131e6a07b6f21cfeaa7b34fe06a007c8972512bcc8b2f331151b160d9affae312bba7d03a800f8b93b8745121de78c326e90b869dd4415b48d84309614cd8d25727c6a852a456c57617cf764b02a4afdfab338a0d09a6d5d8114b68ea5a39b12cd04bae16074f
Verifying Hash Integrity ... sha256+ OK
Booting using the fdt blob at 0x84f8cd88
Loading Kernel Image ... OK
OK
Loading Device Tree to 87064000, end 8706f497 ... OK
eth1 MAC Address from ART is not valid
Using machid 0x8010100 from environment
Starting kernel ...
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
Please press Enter to activate this console.
Booting. (Version: v2.1.1-1)
Checking The AP model
Starting network configuration for ethernet interface over DHCP.
dnsserver entries are missing
Cloud certificate validation pending.
UTM certificate validation pending.
Ethernet autoconfiguration (bound): IP:192.168.1.1, gateway:192.168.1.254, nameservers:192.168.1.254
Ethernet link state changed to: up, Speed: 1000, Duplex: full
BusyBox v1.23.2 (2018-11-27 07:01:45 UTC) built-in shell (ash)
FIRMWARE_VERSION: v2.1.1-1
root@(none):/# wget https://d2apih4urmzzdu.cloudfront.net/v2.3.2-1/APX.uimage
root@OpenWrt:/bin# update_image.sh APX.uimage
This thread was automatically locked due to age.
