RAX3000M 修改配置文件，刷 u-boot 及 openwrt 固件

发表于 2024-07-10 更新于 2024-07-31 分类于 embedded devices ， rax3000m

流程导图内容简述
更新，有想刷固件的也可以联系我

刷机有风险，执行需谨慎。仅供参考。

设备备份，及使能 ssh

导出编辑配置文件

路由器网线连接电脑，登录路由器界面，在管理页面导出配置文件，解密解压。

1	openssl aes-256-cbc -d -pbkdf2 -k $CmDc#RaX30O0M@\!$ -in cfg_export_config_file.conf -out - \| tar -zxvf -

vi etc/shadow
第一行root::之间的删掉（加密的密码）

# etc/shadow
root::19179:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
ntp:x:0:0:99999:7:::
dnsmasq:x:0:0:99999:7:::
logd:x:0:0:99999:7:::
ubus:x:0:0:99999:7:::

vi etc/config/dropbear使能 ssh
option enable 设为 1

# etc/config/dropbear
config dropbear
	option enable '1'
	option PasswordAuth 'on'
	option RootPasswordAuth 'on'
	option Port         '22'
#	option BannerFile   '/etc/banner'

加密压缩成配置文件

1	tar -zcvf - etc \| openssl aes-256-cbc -pbkdf2 -k $CmDc#RaX30O0M@\!$ -out cfg_export_config_file_new.conf

报错：tar: Exiting with failure status due to previous errors
原因：tar: etc/wireless/mediatek/DBDC_card0.dat: Cannot open: Permission denied权限问题
执行：chmod 751 etc/wireless/mediatek/DBDC_card0.dat

备份

查看分区

root@RAX3000M:~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 08000000 00020000 "spi0.0"
mtd1: 00100000 00020000 "BL2"
mtd2: 00080000 00020000 "u-boot-env"
mtd3: 00200000 00020000 "Factory"
mtd4: 00200000 00020000 "FIP"
mtd5: 03d00000 00020000 "ubi"
mtd6: 02500000 00020000 "plugins"
mtd7: 00800000 00020000 "fwk"
mtd8: 00800000 00020000 "fwk2"

备份分区

dd if=/dev/mtd0 | gzip >/tmp/mtd0_spi0.0.bin.gz
dd if=/dev/mtd1 of=/tmp/mtd1_BL2.bin
dd if=/dev/mtd2 of=/tmp/mtd2_u-boot-env.bin
dd if=/dev/mtd3 of=/tmp/mtd3_Factory.bin
dd if=/dev/mtd4 of=/tmp/mtd4_mtd4_FIP.bin
dd if=/dev/mtd5 of=/tmp/mtd5_ubi.bin
dd if=/dev/mtd6 of=/tmp/mtd6_plugins.bin
dd if=/dev/mtd7 of=/tmp/mtd7_fwk.bin
dd if=/dev/mtd8 of=/tmp/mtd8_fwk2.bin

备份完成，浏览器路由器界面恢复刚修改的配置文件

设备刷写

使用 ssh 工具登录路由器
用户名：root
密码：空

下载文件

mtd-rw.zip：文件用来擦除 BL2 驱动
https://firmware-selector.openwrt.org/?version=23.05.3&target=mediatek%2Ffilogic&id=cmcc_rax3000m

openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip
openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin
mtd-rw.ko

openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb
openwrt-mediatek-filogic-cmcc_rax3000m-squashfs-sysupgrade.itb

上传uboot文件 /tmp

使用工具将3个文件openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip
openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin
mtd-rw.ko上传到路由器 /tmp 目录

挂载驱动，擦除分区，写入分区

insmod /tmp/mtd-rw.ko i_want_a_brick=1
mtd erase BL2
mtd write /tmp/openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin BL2
mtd erase FIP
mtd write /tmp/openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip FIP

opkg update
opkg install kmod-mtd-rw
insmod mtd-rw i_want_a_brick=1

192.168.1.254
2

mtd write /tmp/openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin bl2
mtd verify /tmp/openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin bl2
mtd write /tmp/openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip fip
mtd verify /tmp/openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip fip

tftp

tftpd64.464.zip
文件传输openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb首次安装或恢复使用

更新固件

上步完成在 openwrt web界面更新openwrt-mediatek-filogic-cmcc_rax3000m-squashfs-sysupgrade.itb

官方在线固件

原版固件在线编译

Packages

已包含 openclash 所需的依赖，只需刷好固件后，将 openclash 的 ipk 文件上传安装即可。
最新openclash ipk下载

base-files busybox ca-bundle dnsmasq dropbear e2fsprogs f2fsck firewall4 fstools kmod-crypto-hw-safexcel kmod-gpio-button-hotplug kmod-leds-gpio kmod-mt7915e kmod-mt7981-firmware kmod-nft-offload kmod-phy-aquantia kmod-usb3 libc libgcc libustream-mbedtls logd luci mkf2fs mt7981-wo-firmware mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd wpad-basic-mbedtls

-dnsmasq

luci-i18n-base-zh-cn luci-i18n-firewall-zh-cn luci-i18n-opkg-zh-cn luci-i18n-ddns-zh-cn luci-i18n-ttyd-zh-cn
coreutils-nohup bash dnsmasq-full curl ca-certificates ipset ip-full libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip kmod-nft-tproxy luci-compat luci luci-base

uci-defaults

简单自定义几项参数，其它定义可参考：
OpenWrt在线编译（官方网址）及自定义（openclash，设备名，密码等等）

cat << "EOF" > /etc/uci-defaults/99-custom

# Beware! This script will be in /rom/etc/uci-defaults/ as part of the image.
# Uncomment lines to apply:

##########################################################
###################私人配置，分享要改#######################
# 密码
root_password="***************"
# wan 拨号 pppoe 协议
pppoe_username="0000000000000"
pppoe_password="000000000"
# openclash 订阅地址
clash_rules="http://****************"
# ddns
ddns_host='*************'
ddns_username='**************'
ddns_password='*************'
# wifi 名称及密码
#wlan_name="************"
#wlan_password="************"
##########################################################

# log potential errors
exec >/etc/1setup.log 2>&1

#sed -i 's/ash/bash/' /etc/passwd
#re_boot=yes
#shopt -s extglob

# Test: 配置测试用（lan wan自定义无效）；Used: 日常使用
CHOICE=Test
#CHOICE=Used

# 主机名，时区
host_name="OpenWrt-3000M"
zone_name="Asia/Shanghai"

# lan 静态协议地址
lan_ip_address="10.0.0.1"
lan_netmask="255.255.255.0"

# lan 其它协议
#lan_proto="dhcp"

# wan 其它协议
#wan_proto="dhcp"

# 终端自动登录
ttyd_login="/bin/login -f root"

# 文件共享
k_smbd=yes

# 磁盘分区:
# yes(格式化已有 free 分区)
# no (不格式化已有 free 分区)
# new(空盘写入后格式化出 free 分区)
#format_disk='no'
#
# 磁盘挂载 (可单独设置分区，单独挂载不生效。根目录（/）x86 不能使用)
# 1: /mnt
# 2: /overlay
# 3: /
#mnt_disk="2"
#
# disk_nub 为分区后，磁盘名称编号
disk_nub=99

# 端口转发
#echo -e "
#config redirect
#        option dest 'lan'
#        option target 'DNAT'
#        option name 'alist'
#        option src 'wan'
#        option src_dport '5678'
#        option dest_ip '$lan_ip_address'
#        option dest_port '5678'" >> firewall_port_Forwards

# ddns
echo -e "
config service 'ddns'
        option service_name 'google.com'
        option use_ipv6 '0'
        option enabled '1'
        option lookup_host '$ddns_host'
        option domain '$ddns_host'
        option username '$ddns_username'
        option password '$ddns_password'
        option ip_source 'interface'
        option interface 'pppoe-wan'
        option use_syslog '2'
        option check_unit 'minutes'
        option force_unit 'minutes'
        option retry_unit 'seconds'
        option ip_interface 'pppoe-wan'" >> d_dns

funRax3000m(){
  # LAN 静态协议
  # More options: https://openwrt.org/docs/guide-user/base-system/basic-networking
  if [ -n "$lan_ip_address" ]; then
    uci set network.lan.proto='static'
    uci set network.lan.ipaddr="$lan_ip_address"
    uci set network.lan.netmask="$lan_netmask"
    uci commit network
    else echo "区域未执行: lan_ip_address"
  fi

  # LAN 其它协议
  # More options: https://openwrt.org/docs/guide-user/base-system/basic-networking
  if [ -n "$lan_proto" ]; then
    uci set network.lan.proto="$lan_proto"
    uci commit network
    else echo "区域未执行: lan_proto"
  fi

  # Wan pppoe 协议
  # More options: https://openwrt.org/docs/guide-user/network/wan/wan_interface_protocols#protocol_pppoe_ppp_over_ethernet
  if [ -n "$pppoe_username" -a "$pppoe_password" ]; then
    uci set network.wan.proto=pppoe
    uci set network.wan.username="$pppoe_username"
    uci set network.wan.password="$pppoe_password"
    uci delete network.wan6
    uci commit network
    else echo "区域未执行: pppoe_username"
  fi

  # WAN 其它协议
  if [ -n "$wan_proto" ]; then
    uci set network.wan.proto="$wan_proto"
    uci commit network
    else echo "区域未执行: wan_proto"
  fi

  # 主机名
  if [ -n "$host_name" ]; then
    uci set system.@system[0].hostname="$host_name"
    uci commit system
    uci set luci.languages.zh_cn='简体中文 (Chinese Simplified)'
    uci set luci.main.lang='zh_cn'
    uci commit luci
    else echo "区域未执行: host_name"
  fi

  # 时区
  if [ -n "$zone_name" ]; then
    uci set system.@system[0].zonename="$zone_name"
    uci set system.@system[0].timezone='UTC-8'
    uci commit system
    /etc/init.d/system reload
    else echo "区域未执行: zone_name"
  fi

  # root密码
  if [ -n "$root_password" ]; then
    (echo "$root_password"; sleep 1; echo "$root_password") | passwd > /dev/null
    else echo "区域未执行: root_password"
  fi

  ## WLAN
  ## More options: https://openwrt.org/docs/guide-user/network/wifi/basic#wi-fi_interfaces
  #if [ -n "$wlan_name" -a -n "$wlan_password" -a ${#wlan_password} -ge 8 ]; then
  #  uci set wireless.@wifi-device[0].disabled='0'
  #  uci set wireless.@wifi-iface[0].disabled='0'
  #  uci set wireless.@wifi-iface[0].encryption='psk2'
  #  uci set wireless.@wifi-iface[0].ssid="$wlan_name"
  #  uci set wireless.@wifi-iface[0].key="$wlan_password"
  #  uci commit wireless
  #  else echo "区域未执行: wlan_name"
  #fi

  # 终端自动登录
  if [ -n "$ttyd_login" ]; then
    uci set ttyd.@ttyd[0].command="$ttyd_login"
    uci delete ttyd.@ttyd[0].interface
    uci commit ttyd
    else echo "区域未执行: ttyd_login"
  fi

  # ddns
  if [ -n "$ddns_host" ]; then
    cat d_dns >> /etc/config/ddns
    uci commit ddns
    rm d_dns
    else echo "区域未执行: ddns_host"
  fi

  # 端口转发
  if [ -f firewall_port_Forwards ]; then
    cat firewall_port_Forwards >> /etc/config/firewall
    rm firewall_port_Forwards
    uci commit firewall
    else echo "区域未执行: firewall_port_Forwards"
  fi

  if [ -n "$clash_rules" ]; then
    #openclash
    #uci set openclash.config.enable='1'
    #uci set openclash.config.dashboard_password='OpenClash8517'
    ###uci set openclash.@authentication[0].password='OpenClash8517'
    #uci commit openclash
    #/etc/init.d/openclash reload
    uci add openclash config_subscribe
    uci set openclash.@config_subscribe[-1]=config_subscribe
    uci set openclash.@config_subscribe[-1].enabled='1'
    uci set openclash.@config_subscribe[-1].name='clash-rules'
    uci set openclash.@config_subscribe[-1].address="$clash_rules"
    uci set openclash.@config_subscribe[-1].sub_ua='Clash'
    uci set openclash.@config_subscribe[-1].sub_convert='0'
    uci commit openclash
    /etc/init.d/openclash reload
    else echo "区域未执行: clash_rules"
  fi

  # 文件共享 磁盘管理
  # 格式化format
  #uuid=$(blkid -s UUID -o value $dev_device)
  #dev_device=$(blkid -U $uuid)
  #mnt_device=$(echo $(blkid -U $uuid) | sed 's/dev/mnt/')
  disk_name=$(lsblk -Sno NAME;lsblk -Nno NAME)
  partn=$(lsblk -no PARTN | grep -v "1\|2\|128\|^$" | awk '{sub(/^ */, "");sub(/ *$/, "")}1')
  if [ "$partn" != '99' -a -n "$partn" ]; then
    disk_nub=$partn
    echo "分区序号不是 99 且不为空"
    else echo "区域未执行: partn"
  fi
  case $disk_name in
      *"nvme"*)
        p_disk_nub="p$disk_nub"
        dev_device="/dev/$disk_name$p_disk_nub"
        mnt_device=$(echo $dev_device | sed 's/dev/mnt/')
        ;;
      "sda")
        dev_device="/dev/$disk_name$disk_nub"
        mnt_device=$(echo $dev_device | sed 's/dev/mnt/')
        ;;
      *)
        format_disk='no'
        ;;
  esac

  # dockerd/共享 根目录路径
  directory_path="$mnt_disk"
  case $directory_path in
    "1")
      dockerd_dir="$mnt_device/opt/docker"
      #匹配替换整行
      sed -i "/data_root/c\	option data_root \'$dockerd_dir\'" /etc/config/dockerd
      #sed -i 's/opt\/docker/$dockerd_dir/' /etc/config/dockerd
      uci commit dockerd
      ksmbd_dir="$mnt_device"
      ;;
    "2")
      dockerd_dir="/overlay/opt/docker"
      sed -i "/data_root/c\	option data_root \'$dockerd_dir\'" /etc/config/dockerd
      uci commit dockerd
      ksmbd_dir="/overlay"
      ;;
    "3")
      dockerd_dir="/opt/docker"
      sed -i "/data_root/c\	option data_root \'$dockerd_dir\'" /etc/config/dockerd
      uci commit dockerd
      ksmbd_dir="/opt"
      ;;
    *)
      ksmbd_dir='/tmp'
  esac

  # 文件共享
  if [ -n "$k_smbd" ]; then
    uci set ksmbd.@globals[0].interface='lan wan'
    uci add ksmbd share
    uci set ksmbd.@share[-1]=share
    uci set ksmbd.@share[-1].name='x86_mnt'
    uci set ksmbd.@share[-1].path="$ksmbd_dir"
    uci set ksmbd.@share[-1].force_root='1'
    uci set ksmbd.@share[-1].read_only='no'
    uci set ksmbd.@share[-1].guest_ok='yes'
    uci set ksmbd.@share[-1].create_mask='0666'
    uci set ksmbd.@share[-1].dir_mask='0777'
    uci add ksmbd share
    uci set ksmbd.@share[-1]=share
    uci set ksmbd.@share[-1].name='x86_etc'
    uci set ksmbd.@share[-1].path='/etc'
    uci set ksmbd.@share[-1].force_root='1'
    uci set ksmbd.@share[-1].read_only='no'
    uci set ksmbd.@share[-1].guest_ok='yes'
    uci set ksmbd.@share[-1].create_mask='0666'
    uci set ksmbd.@share[-1].dir_mask='0777'
    uci commit ksmbd
    else echo "区域未执行: k_smbd"
  fi

  # 磁盘格式化/挂载
  case $format_disk in
    "yes")
      #echo -e "d\n$disk_nub\nn\n$disk_nub\n\n\nw" | fdisk /dev/$disk_name
      echo "y" | mkfs.ext4 $dev_device
      ;;
    "no")
      echo 'no 格式化'

      if [ -e "$dev_device" ]; then
        mkdir -p $mnt_device
        mount $dev_device $mnt_device
        cd $mnt_device
        ls | grep -v opt | awk  '{system("rm -rf "$1)}'
        cd -
        umount $mnt_device
        rm -r $mnt_device
      fi
      ;;
    "new")
      echo -e "n\n$disk_nub\n\n\nw" | fdisk /dev/$disk_name
      echo "y" | mkfs.ext4 $dev_device
  esac

  if [ -e "$dev_device" ]; then
    block detect > /etc/config/fstab
    uci show fstab > nub
    nub=$(cat nub | grep "$disk_name")
    nub=${nub#*'['}
    nub=${nub%']'*}
    case $mnt_disk in
      "1")
        uci set fstab.@mount["$nub"].enabled='1'
        uci commit fstab
        /etc/init.d/fstab reload
        ;;
      "2")
        uci set fstab.@mount["$nub"].target='/overlay'
        uci set fstab.@mount["$nub"].enabled='1'
        uci commit fstab
        /etc/init.d/fstab reload
        reboot
        ;;
      "3")
        mkdir -p /tmp/introot
        mkdir -p /tmp/extroot
        mount --bind / /tmp/introot
        mount "$dev_device" /tmp/extroot
        tar -C /tmp/introot -cvf - . | tar -C /tmp/extroot -xf -
        wait
        #umount /tmp/introot
        #umount /tmp/extroot

        uci set fstab.@mount["$nub"].target="/"
        uci set fstab.@mount["$nub"].enabled='1'
        uci commit fstab
        /etc/init.d/fstab reload
        #reboot
        ;;
      *)
        echo "没有选择挂载"
    esac
    else echo "不存在 $dev_device 设备。区域未执行: 磁盘格式化/挂载"
  fi
}

main(){
  funRax3000m
}
main "$@"

EOF