Posted: Tue Dec 19, 2017 14:23 Post subject: R7000 is on a boot loop and keeps resetting.
Having some issues with my R7000 with a Kong build on it.
I mistakingly add something to the script and made it execute on boot up, which just made the router go in a loop.
I bought a usb to ttl cable and can see everything, i can get a ping out of the router but only for a couple of seconds then its lost. here is some of the log.
The router is on a boot loop and keeps resetting.
When I ping the router I get mostly "Request time out" with a TTL=100 4 times in a row every now and again, then it restarts.
When using a serial usb cable and putty to flash firmware into it I can't successfully break (Ctrl+c)
Overclocked the cpu? _________________ Segment 1 XR700 10Gb LAN, 1Gb WAN ISP BS
Wired AP 1 Unifi Wifi 6 LR US 1Gb LAN
Wired AP 2 Unifi Wifi 6 LR US 1Gb LAN
Wired AP 3 Unifi Wifi 6 LR US 1Gb LAN
Syslog Services Asustor 7110T NAS 10GB
NetGear XS716T 10GB Switch
download1.dd-wrt.com/dd-wrtv2/downloads/betas/ (Brain Slayer)
YAMon https://usage-monitoring.com/index.php
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Thu Dec 21, 2017 11:35 Post subject:
well if you can successfully log in via serial than erase nvram and reboot this will clear the wrong script held in nvram i guess.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
well if you can successfully log in via serial than erase nvram and reboot this will clear the wrong script held in nvram i guess..
I made a serial connection with PUTTY and an USB-TTL cable....Ican see the log of the boot...but, it's impossible to interrupt the process and to get the C>...
It's an netgear r7000. Typing tpl won't stop the cfe.
Start hitting ctrl + c even before turning the router on. Hit them as fast as possible. _________________ I am far from a guru, I'm barely a novice.
I can't break the process with Ctrl-C...
Is it possible to erase nvram with another method ?
Is it possible to replace the CFE ?
How to Jtag the R7000 ?
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Tue Dec 26, 2017 10:42 Post subject:
the other thing i know is press 4 or 1 but yep again this is
for RTL router _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 03 Jan 2017 Posts: 49 Location: Lindau, Germany
Posted: Fri Jan 26, 2018 5:59 Post subject: bebrick R7000/R6300v2
A few weeks ago I bricked my R7000 and R6300v2 while trying WDS: Both router froze short befor DHCP would be enabled.
Assigning a static IP I could ping the router short after Power-Up and I could break the boot loop by CTRL-C on a serial console.
In short a recovery via tftp feature is explained:
During the possible pinging of the router after power-up the router assigns itself the IP 192.168.1.1 and tries to download a vmlinuz file via tftp protokoll from a tftp server running on 192.168.1.2.
To use this you have to install a tftp server and have a vmlinuz file for download (detailed explanation in the link, there you will find a vmlinuz file). Then assign the static IP 192.168.1.2 to your PC connected to the router via LAN network. After power up the router downloads this file and boots in this firmware. The vmwlinuz from the post is an openwrt software with a GUI and a SSH server, you can erase the NVRAM via SSH. Warning: In my config even MAC adresses and standard wlan KEY was erased, maybe more.
You should try if you can download the vmlinuz file from an other PC to see if the tftp server is configured correctly.
During playing around with different the vmlinuz files I renamed a dd-wrt firmware to vmlinuz. This file was downloaded as well. As It has not the correct format there was an error message after download and the boot process failed... and I got an serial console!
Don't know if this will happen every time but in my config I had this nice effect.
A reset of the settings via RESET button has not worked for me, even it explained in older posts. For me it seems that the RESET button has no function at all...
Recommendation:
- You can/should monitor this process with Wireshark.
- You see that the downloads starts as the pinging continues during download.
- Read the complete discussion in the link, there is even more information at the end.
- After eecovery rename the vmlinuz file and disable the tftp server. Otherwise the router will load this file after power up if the PC has the IP 192.168.1.2.
- Don't get confused with tftp client and server
- There are several tftp server available , maybe not all of then will work on the PC.
I did this all with a linux system using the build in tftpd service but windows it should be possible as well.
Good look and be patient. For me it took a few hours for the first recovery. The second was done in a few minutes, even with CTRL-C.
both the r7000 and r6300v2 have very good bootloaders, but i've managed to brick an r6300v2 and an r7000 by adventurous flashing of various homebrewed firmwares. i have not tried the ploit vmlinuz approach but that looks promising. it is not clear wot me whcih file to use for vmlinuz for an r7000.
one cause of bootloops on both r6300v2 and r7000 is firmware or nvram that has the gpio maps for reset button incorrect; this makes the firmware reboot becasue it * thinks * that that the reset button is being held down.
as far as i can tell, the most resilient bootloader for the r7000 platform boards (r7000, ea6900, ac68u) is the asus. there is a modified-for-r7000 asus cfe on the linksysinfo boards in an asuswrt-for-r7000 thread. i have been using this for the last year and have not scrod my r7000 yet, despite a number of errant flashes.
i have found that i could burn out the Rx serial line on routers by connecting the +3.3/+5v wire to the Rx pin. obviously stupid. i'm suggesting to get the +5v line off your serial adapter so you don't wreck your router. also, you can wreck the Tx line on your serial adapter by connecting it to the +3.3/+5v line on router. you probably have already tried another serial adapter.
finally, if you overclocked, you can try keeping the router in the freezer and breaking in to the bootloader while it is very cold, and erase your overclock settings. you have to do this before the cpu warms up enough to faial at the overclocked rate. i have read scattered success stories. i tried a couple times with failure.
i hope not to have to atone for router murders. i'm guilty on mnay counts.