I have a ZTE ZXV10 H201L, and want to back its flash up for future recovery and for getting the VOIP settings. Since the firmware is modified by the ISP, I have no access to it. It has U-Boot (with serial console) but some commands are missing:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.24 17:35:15 =~=~=~=~=~=~=~=~=~=~=~=

ROM VER: 1.ñ

ROM VER: 1.1.3

CFG 01

DDR Access auto data-eye tuning Rev 0.3c

DDR size from 0xa0000000 - 0xa1ffffff

DDR check ok... start booting...

ZTE U-Boot V1.0.09 (Sep 9 2011 - 11:28:12)

Boot from NOR flash

AR9 BOARD

CLOCK CPU 333M RAM 166M

DRAM: 32 MB

relocate_code start

relocate_code finish.

Flash: 8 MB

*** Warning - bad CRC, using default environment

parse tag param success

In: serial

Out: serial

Err: serial

Net:

switch chip id=0000c852!!

amazon_s Switch

Type run flash_nfs to mount root filesystem over NFS

*** Press 1 means entering boot mode***

***Press 2 means entering testing mode***

***Press 3 means entering norm mode***

Hit key to stop autoboot: 3  2  0

Entering boot mode ...

AMAZON_S # ?

? - alias for 'help'

askenv - get environment variables from stdin

autoscr - run script from memory

base - print or set address offset

bdinfo - print Board Info structure

bootm - boot application image from memory

bootp - boot image via network using BootP/TFTP protocol

cmp - memory compare

cp - memory copy

crc32 - checksum calculation

echo - echo args to console

erase - erase FLASH memory

flinfo - print FLASH memory information

go - start application at address 'addr'

help - print online help

httpd - start http server

imls - list all images found in flash

loop - infinite loop on address range

md - memory display

mm - memory modify (auto-incrementing)

mtest - simple RAM test

mw - memory write (fill)

nm - memory modify (constant address)

printenv- print environment variables

protect - enable or disable FLASH write protection

rarpboot- boot image via network using RARP/TFTP protocol

reset - Perform RESET of the CPU

run - run commands in an environment variable

setenv - set environment variables

SPI flash sub-systemsflash - SPI FLASH sub-system

sleep - delay execution for some time

tag - set or get or list tag parmeters

version - print monitor version

AMAZON_S # base

Base Address: 0x00000000

AMAZON_S # bdinfo

boot_params = 0x81DDEFB0

memstart = 0x80000000

memsize = 0x02000000

flashstart = 0xB0000000

flashsize = 0x00800000

flashoffset = 0x00000000

ethaddr = (a mac addr)

ip_addr = 192.168.1.254

baudrate = 115200 bps

AMAZON_S # printenv

bootcmd=run flash_flash

bootdelay=3

baudrate=115200

preboot=echo;echo Type "run flash_nfs" to mount root filesystem over NFS;echo

serverip=192.168.1.55

netdev=eth0

baudrate=115200

rootpath=/opt/nfs

nfsargs=setenv bootargs root=/dev/nfs rw nfsroot=$(serverip):$(rootpath)

ramargs=setenv bootargs root=/dev/ram rw

addip=setenv bootargs $(bootargs) ip=$(ipaddr):$(serverip):$(gatewayip):$(netmask):$(hostname):$(netdev):on

mem=32M

vpe0mem=30M

vpe1mem=2M

vpe1_load_addr=0x81e00000

addmisc=setenv bootargs $(bootargs) console=ttyS1,$(baudrate) ethaddr=$(ethaddr) phym=$(mem) mem=$(vpe0mem) panic=1 vpe1_load_addr=$(vpe1_load_addr) vpe1_mem=$(vpe1mem) vpe1_wired_tlb_entries=1

flash_nfs=run nfsargs addip addmisc;bootm $(kernel_addr)

ramdisk_addr=B0100000

flash_self=run ramargs addip addmisc;bootm $(kernel_addr) $(ramdisk_addr)

img_uboot=u-boot.ifx

net_nfs=tftp 80500000 $(img_kernel);run nfsargs addip addmisc;bootm

net_ram=tftp 80500000 $(img_kernel);run ramargs addip addmisc;bootm

load=tftp 80500000 $(img_uboot)

flash_flash=run addip addmisc; bootm $(kernel_addr)

f_ubootconfig_addr=0xB001A000

f_ubootconfig_size=0x1000

ethaddr=(a mac addr)

ipaddr=192.168.1.254

netmask=255.255.255.0

stdin=serial

stdout=serial

stderr=serial

ethact=amazon_s Switch

Environment size: 1254/4092 bytes

AMAZON_S #

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.24 17:35:15 =~=~=~=~=~=~=~=~=~=~=~=

As I know cp can copy from TFTP to flash. Is it possible backward? If it cannot be solved through serial port, I may use JTAG. I just want to do it as simply as possible.