Feel free to contact me.
lemmingreviews (NO SPAM) @ (NO SPAM) gmail (DOT) com
65$ for 1
120$ for a pair
Includes Power Supply, Ethernet Cable and NIM100. And I guess that the site will serve as a manual.
Tuesday, March 13, 2007
Need a NIM100?
NIM100 Web Interface
Here are the snapshots of the main Web Interface pages available in the NIM100. Advanced
Note: Click on the images to zoom in.
Firmware Upgrade
Link Status
Password
Security
Status
Setup
Happy hacking, and please post a comment if you decide to do something with this !!!
NIM100 Web Interface Password (Hack Part 5)
Now that we have root access, how do we change the configuration so that we can manage this NIM100 for our needs?
http://169.254.1.1 from your web browser of choice will get you to the web interface of the NIM100.
Oohps, Password required ....
A quick check of ./etc/passwd gives us the password "entropic" no quotes.
... and voila' we are in.
Happy hacking, and please post a comment if you decide to do something with this !!!
Monday, March 12, 2007
NIM100 Ethernet/IP Access (Hack Part 4)
Now that we see the boot process, we can see that NIM100 is running a IP host, which out of the box is 169.254.1.x
If you are connecting from your computer to the NIM100 and the NIM100 is not connected to anything on the COAX side, the IP address will be 169.254.1.1 but if more NIM100 are connected together over COAX, the various NIM100s will get different IP addresses starting from 169.254.1.1 with increments of 1.
DHCP is disabled out of the BOX and therefore you will have to create a private network on your PC (set you PC to 169.254.1.100 netmask 255.255.255.0).
Now you can access your NIM100 with:
- telnet 169.254.1.1
- root has no Password !!!
Happy hacking, and please post a comment if you decide to do something with this !!! Full Article ...
NIM100 Boot Log RS232 (Hack Part 3)
Here is a log of the Boot process as observed from the Serial Port RS232:
�+ECB Init
Performing boot FlashBase=0x50000000 FlashPartitionTbl=0x0003FE00...
Flash Memory Size=0x00800000, BlockSize=0x00020000
PartitionName: boot, Base=0x00000000, Size=0x00040000
PartitionName: otpd, Base=0x00040000, Size=0x00020000
PartitionName: bcfg, Base=0x00060000, Size=0x00020000
PartitionName: acfg, Base=0x00080000, Size=0x00020000
PartitionName: slog, Base=0x000A0000, Size=0x00020000
PartitionName: osi1, Base=0x000C0000, Size=0x00300000
PartitionName: osi2, Base=0x003C0000, Size=0x00300000
RedBoot(tm) bootstrap and debug environment [ROM]
Red Hat certified release, version 1.92 - built 09:17:48, Jul 23 2004
Platform: Entropic ECB (XScale)
Copyright (C) 2000, 2001, 2002, Red Hat, Inc.
RAM: 0x00000000-0x02000000, 0x0001f800-0x01ff1000 available
FLASH: 0x50000000 - 0x50800000, 64 blocks of 0x00020000 bytes each.
== Executing boot script in 2.000 seconds - enter ^C to abort
RedBoot> ecb_boot
Performing boot FlashBase=0x50000000 FlashPartitionTbl=0x0003FE00...
Flash Memory Size=0x00800000, BlockSize=0x00020000
PartitionName: boot, Base=0x00000000, Size=0x00040000
PartitionName: otpd, Base=0x00040000, Size=0x00020000
PartitionName: bcfg, Base=0x00060000, Size=0x00020000
PartitionName: acfg, Base=0x00080000, Size=0x00020000
PartitionName: slog, Base=0x000A0000, Size=0x00020000
PartitionName: osi1, Base=0x000C0000, Size=0x00300000
PartitionName: osi2, Base=0x003C0000, Size=0x00300000
... Unlock from 0x50000000-0x50020000: 12131072-640x50000000-022.
Validating OS Image partition base at=0x500C0000
Validating OS Image partition base at=0x503C0000
execing image #1, addr=0x500C0000
relocating ECB OS Image from 0x500C0000 to 0x007FFF80
Exec ECB OS Image, cmd_line=console=ttyS0,115200 root=/dev/ram0 ecb_bootflags=0x1
base=0x00917A80, initrd=0x00800000, bootflags=0x00000001
Uncompressing Linux.................................. done, booting the kernel.
Linux version 2.4.22-uc0 (azhuang@labdev2) (gcc version 3.3.2) #5 Tue Jun 14 12:23:24 PDT 2005
CPU: XScale-IXP425/IXC1100 revision 1
Machine: ECB (Ethernet Coax Bridge) Platform
Security risk: creating user accessible mapping for 0x60000000 at 0xff00f000
On node 0 totalpages: 8192
zone(0): 8192 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: console=ttyS0,115200 root=/dev/ram0 ecb_bootflags=0x1
Calibrating delay loop... 263.78 BogoMIPS
Memory: 32MB = 32MB total
Memory: 30144KB available (856K code, 197K data, 60K init)
Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
POSIX conformance testing by UNIFIX
PCI Autoconfig: Found Bus 0, Device 15, Function 0
PCI Autoconfig: BAR 0, Mem, size=0x40000, address=0x4bfc0000
PCI Autoconfig: Found Bus 0, Device 15, Function 1
PCI Autoconfig: BAR 0, Mem, size=0x1000, address=0x4bfbf000
PCI: bus0: Fast back to back transfers enabled
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
spawn_ksoftirqd() failed for cpu 0
Starting kswapd
pty: 16 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
ttyS00 at 0xff000003 (irq = 15) is a XScale UART
RAMDISK driver initialized: 16 RAM disks of 5632K size 1024 blocksize
!p!abort_handler addr = 0x3ffddedd, fsr = 0x406, status = 0x22a0 pc/lr/cpsr 0xc00833e8 0xc00827e0 0x60000013
!p!abort_handler addr = 0x3ffddedd, fsr = 0x406, status = 0x2a0 pc/lr/cpsr 0xc0082870 0xc0082824 0x20000013
!p!abort_handler addr = 0x3ffddedd, fsr = 0x406, status = 0x2a0 pc/lr/cpsr 0xc0082884 0xc0082888 0x60000013
cfi_cmdset_0001: Erase suspend on write enabled
Using buffer write method
ECB Flash Partition table detected
Creating 7 MTD partitions on "ECB (Ethernet Cable Bridge) Flash":
0x00000000-0x00040000 : "boot"
0x00040000-0x00060000 : "otpd"
0x00060000-0x00080000 : "bcfg"
0x00080000-0x000a0000 : "acfg"
0x000a0000-0x000c0000 : "slog"
0x000c0000-0x003c0000 : "osi1"
0x003c0000-0x006c0000 : "osi2"
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 2048 bind 4096)
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
NET4: Ethernet Bridge 008 for NET4.0
NetWinder Floating Point Emulator V0.97 (double precision)
RAMDISK: Compressed image found at block 0
Freeing initrd memory: 1118K
VFS: Mounted root (ext2 filesystem).
Freeing init memory: 60K
Using /lib/modules/2.4.22-uc0/kernel/drivers/char/ecb_misc.o
Warning: loading ecb_misc will taint the kernel: no licenseECB-Misc, Watchdog ENABLE, autonomous reset, every 60 secs
See http://www.tux.org/lkml/#export-tainted for information about tainted modules
Using /lib/modules/2.4.22-uc0/kernel/Lost/tags.o
Warning: loading tags will taint the kernel: no license
See http://www.tux.org/lkml/#export-tainted for information about tainted modules
<190>TAGS: ecb_bootflags = 0x1
### - Intel ixp1 interface -
Using /lib/modules/2.4.22-uc0/kernel/drivers/ixp400/ixp400.o
Warning: loading ixp400 will taint the kernel: no license
See http://www.tux.org/lkml/#export-tainted for information about tainted modules
Module init.
Using /lib/modules/2.4.22-uc0/kernel/drivers/net/ixp425_eth.o
ixp425_eth:
Initializing IXP425 NPE Ethernet driver software v. 1.1
[error] ixEthMiiPhyScan : unexpected Mii PHY ID 00225521
ixp425_eth: ixp0 is using the PHY at address 0
ixp425_eth: ixp1 is using the PHY at address 1
### - CLINK driver -
Using /lib/modules/2.4.22-uc0/kernel/Lost/clnkdvr.o
Warning: loading clnkdvr will taint the kernel: no license
See http://www.tux.org/lkml/#export-tainted for information ixp425_eth: ixEthMiiLinkStatus failed on PHY1.
about tainted modules
Can't determine
the auto negotiated parameters. Using default values.
Linux Clink Ethernet driver version 2.02 (Jun 14, 2005)
00:15:9a:1f:b6:da:
clnk_eth: Ethernet multicast flags:1003 mc:0
clnk_eth: Ethernet multicast flags:1003 mc:0
### - Create the BRIDGE now -
ixp425_eth: ixp0: Entering promiscuous mode
device ixp0 entered promiscuous mode
clnk_eth: Ethernet multicast flags:1103 mc:0
eth0 promiscuous mode not supported
device eth0 entered promiscuous mode
Starting daemon: 144 STARTING C.Link Daemon! hostId 0 ipaddr 169.254.1.4 netmask 255.255.255.0 desseed 0bb605db CMRatio 20
Set key PMK_INIT e6647ffd:xxxxxxxx 9454c71c:xxxxxxxx
DistanceMode 0 TxPower 10 PHY_margin 8 PHY_mgn_bitmask 127 SwConfig 0x27ff channelPlan 1 dhcp 0 gateway 0.0.0.0 channelMask 0x4000 lof 1150000000 bias 0 Target_PHY_rate 180 PowerCtl_PHY_rate 250 productMask 0x1554000 tabooMask 0xee0000 tabooOffset 3 <185>Clink Device Forced reset<185>Clink Link Down
br0: port 2(eth0) entering learning state
br0: port 1(ixp0) entering learning state
br0: port 2(eth0) entering forwarding state
br0: topology change detected, propagating
br0: port 1(ixp0) entering forwarding state
br0: topology change detected, propagating
Privacy is off
ECB-Misc, Watchdog ENABLE, requires user keep-alive, every 60 secs
Welcome to the c.LINK (Ethernet Cable Bridge) platform...
Vendor Attributions...
* Welcome to uClinux. Info at http://www.uclinux.org/
* Intel(R) IXP425 Access Library (CSR1.1) Integrated
* Based on Entropic c.LINK Technology
BusyBox v0.60.4 (2005.06.09-20:36+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
# LinkLocal: ifconfig br0 169.254.1.1 netmask 255.255.255.0 up
<185>Clink Reset Cause :0x10003 Reg:0x200 Dbg:0x140e0000
<185>Clink Reset Cause :0x10003 Reg:0x200 Dbg:0x140e0000
<185>Clink Link Up
LinkLocal: ifconfig br0 169.254.1.2 netmask 255.255.255.0 up
ECB-Misc Watchdog timer is active, user-keepalive=1, timeout=60secs
#
# ls
bin etc lib mnt sbin usr
dev home lost+found proc tmp var
NIM100 Getting to the RS232 ... (Hack Part 2)
In the previous post we discovered where the RS232 is accessible inside the NIM100.
Now we need a RS232 cable to get to it. Since the signal is not in standard RS232 12V but TTL logic, we will need a converter. The easist way to build one is to use a Radio Shack (Future Dial) "Mobile Phone Data Cables" .
Almost any of the FutureDial cables which have a small box in the middle like the one above contains a Prolific PL2303 chipset (DataSheet) which converts USB to RS232 TTL. These cables are usually used to connect to CellPhones.
Open the Small box in the middle of the cable and check the Pinout of the PL2303 against the board accessible pads. You will only need TX, RX and GND. (The image below shows a sample mapping)
WARNING: not all cables are the same so check the DataSheet to make sure you map the right signals from the chip.
Make a connection between the pads on the cable to the NIM100 RS232 pads and you are done. If you want you can do this cleanly by adding wires and jumpers to the Datacable and headers on the NIM100 Board. (That makes life easier to plug/unplug the RS232)
Now is time to install the driver for the USB to RS232 Cable.
Find the driver here for Windows, you will not need a driver for Linux.
Under Windows the driver will recognize the cable as a COM(x) which can be accessed with Hyperterminal (use 115200 8N1 Hyperterminal setting).
Under Linux start minicom and set the port to /dev/ttyUSB0 115200 8N1.
Happy hacking, and please post a comment if you decide to do something with this !!!
Full Article ...What is inside a NIM100 (Hack Part 1)
NIM100 from Motorola, as explained in the presious post is the device required to transform regular Ethernet over CAT-5 to a signal capable of crossing the existing COAX wiring infrastructure inside the house, based on MoCA specifications.
NIM100 is not for Sale to the Public and it was used by Verizon in the first FiOS TV installations to support VoD to and from the set top boxes.
But since it starts to apper on ebay from liquidators, lets see what is inside and what this could be used for.
The NIM100 sports a very nice processor IXP420 from intel which is the same processor used in the very popular and very hackable NSLU2 from Linksys which has Open-source projects than only stop short of "open-source coffee maker". (See, asterisk, storage server, home controller ....)
The processor subsystem is based on:
- CPU: XScale-IXP425/IXC1100 revision 1
- Calibrating delay loop... 263.78 BogoMIPS (266 MHz)
- Hynix DDR 32 MB
- Intel Flash 16/32 MB
- EN2010 (Baseband Processor and MAC)
- EN1010 AFE
The ethernet interface is handled by a Altima (Broadcom Company) chip.
- AC101L
The Box also has a USB interface out of the box.
A RS232 (Serial port) is accessible with some rework inside the box.
WARNING: The RS232 uses TTL logic and therefore a special cable is required to access it. A post will become available on how to do this or just google it.
Below is a picture with the mapping of RS232 signals on the NIM100 motherboard.
Happy hacking, and please post a comment if you decide to do something with this !!!
Full Article ...
Thursday, March 08, 2007
MoCA Home Networking (FiOS TV) and more ...
FiOS TV from Verizon uses a new Home Networking technology based on MoCA, a Standard defined by a consortium of companies. The founding company of this consortium, and MoCA Pioneer, is Entropic Communication which sports the venerable Andrew Viterbi as one of the Board Members.
This Technology Converts regular Ethernet traffic to a Signal that is able to traverse the COAXial wiring infrastructure already existent in most of the homes without affecting the Cable, Satellite or FiOS TV signal.
Multiple Nodes/Devices can be hooked to the same COAXIAL infrastructure and communicate in a mesh like topology on the shared medium.
In order to be able to make multiple devices communicate over the same medium and maintain Quaity of Service by avoiding packet collisions, one of the nodes elects himself as arbiter of the network and tells everybody when they can transmit and when they can not transmit.
In order to increase the available throughput of the network, each node can talk with each other directly avoiding wasting bandwidth by going back and forth to/from a centralized access point.
A 50 MHz portion of the spectrum in the 950MHz (MoCA WAN) 1150MHz (MoCA LAN) vicinity is reserved for communication among the different MoCA nodes. The 50 MHz channel is divided in 256 sub-channels. Each sub-channel communicates using the best modulation possible starting from BPSK up to 256-QAM.
Every node will negotiate the best modulation profile that can be achieved while maintaining a low Packet error rate for each of the nodes, the result is a logical mesh network between each node with different bit-rates for each unidirectional path.
In order to effectively Multi-cast or BroadCast packets destined to more than one node, the lowest common denominator profile is used so that all the nodes can receive the communication correctly.
Up to 8 networks (50 MHz each) can co-exist on the same wiring infrastructure without interference.
The result is a reliable backbone for Home Networking which at current state of the art can support a total troughput of around 150 Mbps.
Verizon uses regular Cable TV channels to broadcast TV to all users of FiOS TV which are hooked to a Fiber Network. The architecture for sending broadcast TV works similarly to current HFC (Hybrid Fiber Coax) Cable networks but the fiber reaches the home of the end user and the signal is converted back to coax directly in the home.
So, why Verizon uses MoCA technology?
While Broadcast Television does not require to be transported over ethernet, Video on Demand requires both:
- The ability for a user to request for a particular program.
- The ability for Verizon to send a program to a specific User.
So, for VoD Verizon uses this backbone Home Networking technology to carry the traffic associated with the VoD request and the VoD stream itself.
What are the important advantages of this technology?
- Coaxial Cables are already installed in the Home
- Coaxial Cables are already used to carry the TV signal to the TV sets and STBs.
Verizon originally had planned to use MoCA technology for the delivery of LAN traffic to all the Set Top Boxes in the house, but now two MoCA networks can be established in a FiOS installation in order to minimize installation costs by reusing existing wiring as much as possible. The result is that a MoCA domain is established between the Router and the different Set Top Boxes (MoCA LAN) and another domain (MoCA WAN) is established between the router and the ONT (Which is the box that converts the optical signal coming in the home from the fiber to regular Ethernet signal).
Below is a picture of a Typical Early installation of Verizon FiOS TV: (The MoCA technology is integrated in all Set Top Boxes and in the NIM100 a stand alone device which converts Ethernet to Moca)
Below is a picture of a Typical current installation of Verizon FiOS TV: (The MoCA technology is integrated in all Set Top Boxes and in the ONT, while 2 MoCA channels are embedded in the Brodband router.
NIM100 devices are being discontinued as routers from the early deployments get upgraded to the new Actiontec BHR with integrated MoCA and are becoming available from Liquidators on Ebay. Below is a picture of how one of these NIM100 devices coud be used in the current Verizon FiOS installations.
Full Article ...
Subscribe to:
Posts (Atom)