通過(guò)Piotrbania [1]得知, 在一個(gè)可以被觸發(fā)的“上帝模式”中可以啟用隱藏的命令。那些隱藏的命令可以讓我們查看內(nèi)存的映射和編輯內(nèi)存的內(nèi)容�����,如下所示:
ATEN1,A847D6B1
OK
athe
=======Debug Command Listing =======
AT just answer OK
ATHE print help
ATBAx change baudrate. 1:38.4k, 2:19.2k,3:9.6k 4:57.6k 5:115.2k
ATENx,(y) set BootExtension Debug Flag (y=password)
ATSE show the seed of password generator
ATTI(h,m,s) change system time to hour:min:sec or showcurrent time
ATDA(y,m,d) change system date to year/month/day or showcurrent date
ATDS dump RAS stack
ATDT dump Boot Module Common Area
ATDUx,y dump memory contents from address x forlength y
ATWBx,y write address x with 8-bit value y
ATWWx,y write address x with 16-bit value y
ATWLx,y write address x with 32-bit value y
ATRBx display the 8-bit value of address x
ATRWx display the 16-bit value of address x
ATRLx display the 32-bit value of address x
ATGO(x) run program at addr x or boot router
ATGR boot router
ATGT run Hardware Test Program
AT%Tx Enable Hardware Test Program at bootup
ATBTx block0 write enable (1=enable,other=disable)
< pressany key to continue >
ATRTw,x,y(,z)RAM test level w, from address x to y (z iterations)
ATWEa(,b,c,d)write MAC addr, Country code, EngDbgFlag, FeatureBit to flash ROM
ATCUx write Country code to flash ROM
ATCB copy from FLASH ROM to working buffer
ATCL clear working buffer
ATSB save working buffer to FLASH ROM
ATBU dump manufacturer related data inworking buffer
ATSH dump manufacturer related data in ROM
ATWMx set low 6 digits MAC address inworking buffer
ATMHx set hight 6 digits MAC address inworking buffer
ATBS show the bootbase seed of passwordgenerator
ATLBx xmodem upload bootbase,x is password
ATSMx set 6 digits MAC address in workingbuffer
ATCOx set country code in working buffer
ATFLx set EngDebugFlag in working buffer
ATSTx set ROMRAS address in working buffer
ATSYx set system type in working buffer
ATVDx set vendor name in working buffer
ATPNx set product name in working buffer
ATFEx,y,... set feature bits in working buffer
ATMP check & dump memMapTab
ATDOx,y download from address x for length y toPC via XMODEM
< pressany key to continue >
ATTD download router configuration to PCvia XMODEM
ATUPx,y upload to RAM address x for length yfrom PC via XMODEM
ATUR upload router firmware to flash ROM
ATDC hardware version check disable duringuploading firmware
ATLC upload router configuration file toflash ROM
ATUXx(,y) xmodem upload from flash block x to y
ATERx,y erase flash rom from block x to y
ATWFx,y,z copy data from addr x to flash addr y,length z
ATXSx xmodem select: x=0: CRC mode(default);x=1: checksum mode
ATLD Upload Configuration File and DefaultROM File to Flash
ATBR Reset to default Romfile
ATCD Convert Running ROM File to DefaultROM File into Flash
OK
atmp
ROMIOimage start at bfc30000
1: HTPCode(RAMCODE), start=80048000,len=E0000
2: RasCode(RAMCODE), start=80048000,len=6E0000
$ROMSection:
3: BootBas(ROMIMG), start=bfc28000, len=4000
4: DbgArea(ROMIMG), start=bfc2c000, len=2000
5: RomDir2(ROMDIR), start=bfc2e000, len=2000
6: BootExt(ROMIMG), start=bfc30030, len=13FD0
7: MemMapT(ROMMAP), start=bfc44000, len=C00
8: HTPCode(ROMBIN), start=bfc44c00, len=8000
(Compressed)
Version: HTP_TC V 0.05, start: bfc44c30
Length: 10488, Checksum: CB32
Compressed Length: 41CF, Checksum: D5A5
9: termcap(ROMIMG), start=bfc4cc00, len=400
10: RomDefa(ROMIMG), start=bfc4d000, len=2000
11: LedDefi(ROMIMG), start=bfc4f000, len=400
12: LogoImg(ROMIMG), start=bfc4f400, len=2000
13: LogoImg2(ROMIMG), start=bfc51400, len=2000
14: StrImag(ROMIMG), start=bfc53400, len=32000
15: Rt11nE2p(ROMIMG), start=bfc85400, len=400
16: fdata(ROMBIN), start=bfc85800, len=10000
(Compressed)
Version: FDATA, start: bfc85830
Length: A94C, Checksum: DCEE
Compressed Length: 1D79, Checksum: 01BB
17: RasCode(ROMBIN), start=bfc95800,len=192800
(Compressed)
Version: ADSL ATU-R, start: bfc95830
Length: 3E7004, Checksum: 3336
Compressed Length: 122D57, Checksum: 3612
