通过Piotrbania [1]得知, 在一个可以被触发的“上帝模式”中可以启用隐藏的命令。那些隐藏的命令可以让我们查看内存的映射和编辑内存的内容,如下所示:
ATEN1,A847D6B1 OK athe =======Debug Command Listing ======= AT just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k,3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or showcurrent time ATDA(y,m,d) change system date to year/month/day or showcurrent date ATDS dump RAS stack ATDT dump Boot Module Common Area ATDUx,y dump memory contents from address x forlength y ATWBx,y write address x with 8-bit value y ATWWx,y write address x with 16-bit value y ATWLx,y write address x with 32-bit value y ATRBx display the 8-bit value of address x ATRWx display the 16-bit value of address x ATRLx display the 32-bit value of address x ATGO(x) run program at addr x or boot router ATGR boot router ATGT run Hardware Test Program AT%Tx Enable Hardware Test Program at bootup ATBTx block0 write enable (1=enable,other=disable) < pressany key to continue > ATRTw,x,y(,z)RAM test level w, from address x to y (z iterations) ATWEa(,b,c,d)write MAC addr, Country code, EngDbgFlag, FeatureBit to flash ROM ATCUx write Country code to flash ROM ATCB copy from FLASH ROM to working buffer ATCL clear working buffer ATSB save working buffer to FLASH ROM ATBU dump manufacturer related data inworking buffer ATSH dump manufacturer related data in ROM ATWMx set low 6 digits MAC address inworking buffer ATMHx set hight 6 digits MAC address inworking buffer ATBS show the bootbase seed of passwordgenerator ATLBx xmodem upload bootbase,x is password ATSMx set 6 digits MAC address in workingbuffer ATCOx set country code in working buffer ATFLx set EngDebugFlag in working buffer ATSTx set ROMRAS address in working buffer ATSYx set system type in working buffer ATVDx set vendor name in working buffer ATPNx set product name in working buffer ATFEx,y,... set feature bits in working buffer ATMP check & dump memMapTab ATDOx,y download from address x for length y toPC via XMODEM < pressany key to continue > ATTD download router configuration to PCvia XMODEM ATUPx,y upload to RAM address x for length yfrom PC via XMODEM ATUR upload router firmware to flash ROM ATDC hardware version check disable duringuploading firmware ATLC upload router configuration file toflash ROM ATUXx(,y) xmodem upload from flash block x to y ATERx,y erase flash rom from block x to y ATWFx,y,z copy data from addr x to flash addr y,length z ATXSx xmodem select: x=0: CRC mode(default);x=1: checksum mode ATLD Upload Configuration File and DefaultROM File to Flash ATBR Reset to default Romfile ATCD Convert Running ROM File to DefaultROM File into Flash OK atmp ROMIOimage start at bfc30000 1: HTPCode(RAMCODE), start=80048000,len=E0000 2: RasCode(RAMCODE), start=80048000,len=6E0000 $ROMSection: 3: BootBas(ROMIMG), start=bfc28000, len=4000 4: DbgArea(ROMIMG), start=bfc2c000, len=2000 5: RomDir2(ROMDIR), start=bfc2e000, len=2000 6: BootExt(ROMIMG), start=bfc30030, len=13FD0 7: MemMapT(ROMMAP), start=bfc44000, len=C00 8: HTPCode(ROMBIN), start=bfc44c00, len=8000 (Compressed) Version: HTP_TC V 0.05, start: bfc44c30 Length: 10488, Checksum: CB32 Compressed Length: 41CF, Checksum: D5A5 9: termcap(ROMIMG), start=bfc4cc00, len=400 10: RomDefa(ROMIMG), start=bfc4d000, len=2000 11: LedDefi(ROMIMG), start=bfc4f000, len=400 12: LogoImg(ROMIMG), start=bfc4f400, len=2000 13: LogoImg2(ROMIMG), start=bfc51400, len=2000 14: StrImag(ROMIMG), start=bfc53400, len=32000 15: Rt11nE2p(ROMIMG), start=bfc85400, len=400 16: fdata(ROMBIN), start=bfc85800, len=10000 (Compressed) Version: FDATA, start: bfc85830 Length: A94C, Checksum: DCEE Compressed Length: 1D79, Checksum: 01BB 17: RasCode(ROMBIN), start=bfc95800,len=192800 (Compressed) Version: ADSL ATU-R, start: bfc95830 Length: 3E7004, Checksum: 3336 Compressed Length: 122D57, Checksum: 3612
