Tuesday, September 18, 2018

AREDN - Recover AirMax NanoStation Loco M2


AREDN and Ubiquiti AirMax NanoStation Loco M2 Recovery [Ubiquity Model:LOCOM2US]
9-18-2018
KK4ZUU

DISCLAIMERS: This is provided as a courtesy to save you time, it is not an offer of a warrany/repair/guarantee that it will work for you. It depends (allot) on your ability to follow directions, your basic knowledge of linux (in this case it was mostly done in kali linux, windows users I did place some hints) and computers in-general. BY PROCEEDING YOU AGREE THAT YOU WILL NOT HOLD ME RESPONSIBLE, if it seems like too much for you ask another person for help please.

Now that that is out of the way....

PRODUCT BEING RECOVERED

This covers the Ubiquiti AirMax NanoStation Loco M2 Recovery [Ubiquity Model:LOCOM2US] steps as it pertains to ham or amateur radio and AREDN (arednmesh.org), it is a combination of the vendors documentation (Ubiquiti) and what you need to do to recover a Ubiquiti AirMax NanoStation Loco M2 *ONLY*. If you have a different piece of hardware, it is not the US version of the hardware, or you are not using AREDN, stop...search for what you are doing on your own.

ENVIRONMENT

This was performed using a linux host, kali on a netbook to be exact...a recent MacOS host should be similar as it's running a version of *inux.

Windows users, watch this youtube to see the programs they used (command prompt, a tftp program) but the steps are the same except you use a GUI for the TFTP upload and it's a different series of steps to configure networking in Windows (google is your friend). https://www.youtube.com/watch?v=lc0yQ-KdwOU [a random one I liked for Windows users]

PREPARATION

1. Download the current AirOS or TFTP image for the version of the product you are attempting to recover, in my case it was the factory image
-AREDN-3.16.2.0-ubnt-bullet-m-factory.bin, md5sum: de625e7f6652347b6a109df39678058b [*example, it may have changed...see ardenmesg.org*]

2. Verify the image downloaded cleanly by checking the MD5SUM of the file after download or copy off to another media *CRITICAL*
- md5sum file_name (In Win 7+ you can open ISE [PowerShell] and issue the command get-filehash -algorithm md5 file_name)
- file_name is not literally that, use the name of the file...
- If the MD5SUM does not match what is available on the AREDNmesh website STOP, delete the download, download it and check it again (STOP if no match)
- If you receive any firmware check errors while using TFTP STOP, re-download the file, the md5sum does not match/file is corrupt
- Lastly, with a good md5sum value, copy the downloaded file to code.bin if you are using another host, else copy it locally where you can find it

3. Setup networking on the host you will use to recover the M2, I used a laptop running kali linux. I will only cover the steps I used in kali linux here for networking:
- You only want one network active, the eth cable going to the POE injector directly from the laptop
- Disable all other networks including wireless
- In kali, you need to stop the network manager and disable ipv6 {this is temporary, I will have you reboot later to go back to normal}
- sudo systemctl stop NetworkManager.service
- sudo systemctl disable NetworkManager
- sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
- sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
- set your IP address to a static one/THIS one/very important: 192.168.1.254 -where eth0 is your wired interface
- sudo ifconfig eth0 192.168.1.254
- start a continous ping to the IP address of the M2 TFTP IP address set by the factory
- ping 192.168.1.20 (initially no response, LET IT RUN...)

4. Hands-on the M2, POE injector, and a local ethernet cable to your host
- Unplug any LAN cable from the POE injector, that will be connected DIRECTLY to your host shortly
- Unplug the power cable from the POE adapter, the POE eth cable to the M2 should still be connected (i.e. - power off M2)
- Using a blunt instrument, you have to hold down the power reset (on M2 or the POE adapter has one) with the LAN cable disconnected
- Plug in the power cable on the POE adapter while HOLDING DOWN the reset button until you see the lights on the back of the M2's wifi signal indicator scanning back and forth
- At this point the M2 should be in TFTP mode & your ping command you left running should have a ping response from 192.168.1.20
-- If you didn't make it this far re-check your network setup, if that is OK you may have made it necessary to do a serial reset of the M2 (not covered here)

Actual TFTP Image Upload

5. Here are the linux commands I typed to tftp the file I downloaded from ardenmesh.org (If everything above did not work, STOP...you missed something above, check/start over)
- Look at your curent path, the file you intend to transfer is assumed to be in the root of your user folder in this example [linux]
- cp ARDEN-#.#.#-bullet-m-factory.bin code.bin [this was done at the end of step two]
- echo -e "binary\nrexmt 1\ntimeout 60\nntrace\nput code.bin flash_update\n" | tftp 192.168.1.20
-- ^that command has to be exactly as-shown [linux] -Windows, use a ftfp program with a gui^
6. Next, your terminal prompt should show the file transfer occurring
- If you get Destination Unknown you made a networking mistake above
- Unknown file name or file not found, you didn't copy the file where your path is to transfer it (verify your ping is getting a response)
- or, your M2 is too far gone, you need to research the serial [USB TTY] cable recovery method..and I have not tried that...see Google

7. CAUTIONS
- Do not let anything interrupt the TFTP file transfer, it takes a while as it is copying 512 bytes of a 4Mb+ image file at a time into the M2's memory [8,100+ blocks]
- A lack of power/patience, screen saver, power saving settings, a power outage, a dog or cat, etc. may equal a bricked M2 [do NOT contact me and tell me I am responsible]
- You will have to try the serial recovery mentioned above if anything interrupts the TFTP operation
- Once the TFTP process begins it is a 2-4h process for the M2, do not interrupt it, read this several times before beginning, do not rush!
- I did stop the ping once I was sure the TFTP file transfer was running, I think it might save a little time (don't stop the file transfer)

73, David kk4zuu

No comments:

Post a Comment