Hello,
so I have this LTE router and I am interested in extracting the firmware from it.
I found 2 4-pin headers on 2 different PCBs (PCBs connected via cable). The first one I tried was an actual UART, giving me root access to the system (I'll call "wifi" as it seems to provide the wifi).
It turns out that the router consists of two systems, as the system I got UART access to had a different IP than the router advertised via DHCP.
This "wifi" system could communicate with the "main" system via ethernet (it could ping the advertised IP address).
So I assumed the other 4-pin header could be a UART for the "main" system, and pins 1 and 2 match the layout of the "wifi" system (Vcc and GND), but pins 3 and 4 (which were TX and RX on "wifi") seem to be floating (0 volts and not connected to GND).
I have attached a photo of that header, pin 1 is in the right (the label is on the other side of the PCB).
The traces of pin 3 and 4 go up to the solder pads where an 8-pin IC could be placed and seem to end there.
Is there a typical IC that one could insert there to allow UART access? Or does this look like something else?
P.S.
I can also telnet into the "wifi" system without a password, but on the "main" system, telnet asks for a password which is not the web interface password, so I can't login that way.
I want to keep the device in good working condition, so disassembling it until I get to some flash chip is out of the question. Most of the electronics are hidden under metal covers anyway.