Please respect the license under which this work is made available. (See terms and conditions at the end of the page)
First a disclaimer: You must fully understand the risks involved in carrying out procedures on this page. I am not responsible for anything that may happen to anyone or any property as a result of following instructions on this page. If you're not comfortable with this then don't read any more.
Random information about BT home hub. Version of the hub abused here is 1.5.
Random information about the BT Hub Phone can be found on this page
To complete this procedure you'll need a Philips screwdriver, a flat screwdriver and a scalpel. (You can skip the scalpel if you don't care about the label on the back - just rip it off!)
Inside the hub theres a well populated PCB, a couple of additional antennas and connection to the hub phone front socket. The picture to the right shows one side of the PCB. The IC's are listed below.
An image is available here
The ultimate goal of this project is to allow all users to upload their own firmware to this device without specialised hardware. This *should* be provided for by the GPL as the Home Hub runs on Linux and uses BusyBox. BT have made available some GPL code, but this does not seem sufficient to actually create a firmware file that can be uploaded to the device. The released code can be found at this URL: http://www.btyahoo.com/broadband/adhoc_pages/gplcode.html. Make up your own mind whether or not they're violating the GPL license by withholding this information... I can't decide.
This boot-log was taken from the serial port on P2.
Bootup keypresses: Sending Ctrl+C during this sequence seems to kill the init routine dead resulting in the main application starting early. Sending it just after the nmon kernel module has loaded results in the application starting with the comment "[ERROR]: An illegal build is trying to run!" (What's illegal about that?!) Sending Ctrl+Q when bootup has completed turns on lots of application level debugging information. I can't login at the console with the latest firmware.
On the reverse of the board, there is a small 8-pin connector footprint sited directly under the CPU. Googling about indicates this may be a JTAG port (2=TDI=TP33, 3=TDO=TP32, 5=TMS=TP34, 6=TCK=TP35) but I have not tried this yet - it's next! It was indicated that reading the firmware can be accomplished with a strangely named utility and a simple parallel port cable. (See here)
Holding down the Wireless Assoc button during poweron for about 5 seconds puts the device into firmware recovery mode. The device will attempt to acquire from a BOOTP/DHCP server, an IP address, TFTP filename and TFTP server. If it gets all these things it will download the file and use it. Giving it the .BLI file from BT's recovery zip file results in a firmware upgrade. (Status information is outputted to the console during the upgrade process.)
I'm not yet sure of the format of this file. Feeding the device with a couple of "random" experimental files indicate:
http://psidoc.com/, has current
information about flashing the hub using JTAG.
BROKEN LINK: This forum is now closed.