Skip to content
/ airport-express-repurpose Public

Everything related to my quest for repurposing an airport express 2.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gautaz/airport-express-repurpose

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
pictures
pictures
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.adoc
README.adoc
 
 
custom.cfg
custom.cfg
 
 

Repository files navigation

Airport express repurpose musings

Lately, I have started sorting out what I could do with an airport express device I don’t use anymore. My goal is ultimately to replace the Apple’s firmware with a firmware of my own.

As an initial goal, I’d like to be able to extract the original firmware and flash again the device with it to ensure I can go back and forth between firmwares.

If you are interested in helping, please read the Next steps section.

JTAG setup

Access to the JTAG (and UART) pins was operated this way:

IMG 20220611 204200
IMG 20220611 232820
IMG 20220612 012753

Here is the custom external header pinout:

           TDI--\   /--UART0 RX
       TMS--\   |   |   /--GND
unused--\   |   |   |   |
        |   |   |   |   |
      +-|---|---|---|---|---+
      | |   |   |   |   |   |
      | *-+ *-+ *-+ *-+ *-+ |
      | | | | | | | | | | | |
      | +-+ +-+ +-+ +-+ +-+ |
      |                     |
      |     +-+ +-+ +-+ +-+ |
      |     | | | | | | | | |
      |     *-+ *-+ *-+ *-+ |
      |     |   |   |   |   |
      +-----|---|---|---|---+
            |   |   |   |
      TCLK--/   |   |   \--VCC
           TDO--/   \--UART0 TX

I am using a FT2232H Mini Module as a JTAG adapter:

ft2332h

Here is the complete setup:

IMG 20220728 184043
IMG 20220728 184601
IMG 20220728 184627
IMG 20220728 184310
IMG 20220728 184502
IMG 20220728 184522

OpenOCD startup

First things first, power up the airport express device.

Start OpenOCD:

openocd -f interface/ftdi/minimodule.cfg -f custom.cfg -f target/atheros_ar9344.cfg

Connect to the OpenOCD server through telnet:

telnet localhost 4444

Current memory dump process

Within telnet:

reset
halt
reset init
dump_image memdumps/0x80000000-0x90000000.bin 0x80000000 268435456

Next steps

As far as I know there is currently no OpenOCD board script for the airport express 2.

The target/atheros_ar9344.cfg script passed to OpenOCD only gives access to the board’s CPU features, this does not seem enough to operate a dump of the firmware. As I am quite new to JTAG/OpenOCD, I need to seek guidance.

If you’re interested in helping designing an OpenOCD board script for the airport express or know of any resources that might help with this task, do not hesitate to open an issue on this project, you might for instance ask me to:

  • operate a test on the current setup, please describe the test’s steps and the intended results in the issue

  • add a pointer to any relevant details about the airport express 2

  • add a pointer to any relevant details about how to write an airport express 2 OpenOCD board script

  • point out any error in this README

I will bring together all relevant information related to the airport express 2 and its associated OpenOCD board script in this README file.

About

Everything related to my quest for repurposing an airport express 2.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published