Posted: Tue Jan 08, 2019 7:14 Post subject: Fail to Flash DDWRT on Brand New R7000
Bought a brand new R7000 netgear but unable to flash DDWRT in the web GUI at all. I get an error message that the firmware I am attempting to use is unsupported. I'm using the latest kong .chk for my model (R7000). After searching google, it appears the new versions of this router have 'security' built in that do not allow flashing to older firmwares or custom firmwares so I'm in a bit of a bind.
Is this a known issue in the community? Can somebody please confirm this? Is there a work around?
man I typed out a detailed message on how to get this done and the forum didn't take it and when I hit back the whole message was not there!. Ok long story short, I had a client that had their ddwrt R7000 unit go bad. We sent it to RMA and the new unit had the -2 error for invalid firmware. I searched for hours on a step by step and only got parts of the entire picture. I didn't want to do the serial cable method as I wasn't sure if the processes are up to date and exactly which cable to buy. I should buy one since I do so many of these routers but knock on wood never had one go bad like this. If someone can point to the exact cable and process for a serial cable flash that would be awesome. Ok this will be a 2 part message and I don't want it to get cut off. This process = No Serial Cable needed for a straight from the factory unit with the locked firmware problem. I am sure it will be similar for other netgear routers
- Process I used to get ddwrt on a locked firmware R7000 using Win10 -
R7000 is powered off and computer is plugged in via network cable into a LAN Port. Assign the NIC with a static ip i.e 192.168.1.10
1) download nmrpflash and initial build of DDWRT
2) download and install WinPcap (no longer being developed)
3) Open a cmd prompt (1) (ADMIN RIGHTS) and go to the folder that has nmrpflash and ddwrt.
4) Open another cmd prompt (2) and start pinging the router
5) go back to cmd (1) and run nmrpflash -L and locate the network interface for your ethernet card plugged into the router. It will be called "net#"
6) Power on the router and navigate back to cmd (2) where it has been pinging the router.
7) go back to cmd (1) and wait till you see cmd (2) with a TTL=100 (very small window) issue the correct nmrpflash command using the net# for your nic. It should look something like "nmrpflash -v -i net# -f dd-wrt.K3_R7000.chk"
If you miss the window then after 60 secs it will abort. Then you have to power off the router and start again. Hitting the TTL=100 is the most important part of this otherwise it wont work. You will see status messages if it starts flashing and then it ends with a please reboot unit message. Then you are done.
I hope this helps people that are having this issue with any netgear router that has the locked firmware issue. I am sure other routers will follow a similar process. Thanks
@Klose attached my notes for Serial recovery with the right cable
In my signature the link to the R6400 install guide, in the second posting the debricking guide with a chapter on NMRPFlash
EGC I did see that guide for unbricking. I totally forgot that it included the cable specs and is much appreciated for the reminder. The reason I wrote this post was because he titled it the R7000 and I couldn't find on google a step by step for this router specifically. So I thought to post my thoughts and happenings on the subject since I installed on this stupid new firmware locked crap yesterday and it was still fresh in the mind. I saw that your steps and my steps were pretty similar so at least I wasn't too off base. Thanks for the response.
This is the first I've heard of NMRPflash. I'll have to bookmark that just in case. _________________ Netgear R7000: v3.0-r54248 std (11/29/23)
EdgeRouter-X: EdgeOS v2.0.9-hotfix 7
This is the first I've heard of NMRPflash. I'll have to bookmark that just in case.
This was my problem. Even though Egc must have put hours of effort into the guide, it didn't really come up in Google when I was searching how to beat this issue. Netgear's excuse for doing this lock was to prevent users from accidentally installing bad or earlier firmwares. The funny thing was when the R7000 was fairly new, they advertised that the R7000 was open source like DDWRT friendly. And now years later they reneg and do stupid things like this wasting everyone's time. I highly doubt the average home user would use anything else beside the UPDATE button in the genie software to update their firmwares. Most users I talked to have never heard of open source firmwares and they don't get the point of them. Sad but alas there is still a way to get open source firmwares on the unit without the USB cable.
Okay I decided since this thread helped me a good bit I would bother to look up my old login information and add to the thread to help the next guy along;
I did succeed in getting Kong DD-WRT on my R7000; this is the process I followed:
I'm going to skip over some of the basic command line functions since they're already covered in the above as well as the YouTube video.
I did not find it necessary to downgrade versions as mentioned in the youtube video but it was helpful to see the process and hear the discussion about it.
I did not time the NMRPflash perfectly as mentioned in this thread but I did find pinging the router helpful in determining connection and watching how things were progressing. (ping 192.168.1.1 -t was helpful to endlessly ping until stopped[Ctrl+C to break the ping]). I used the "brute force" multiple attempt approach shown in the YouTube video as opposed to timing it.
So my first successful flash was Merlin. It took a few tries with the command line but if you let it fail a few times and hit the up arrow and enter again eventually it sticks and uploads.
This is a copy/paste of the result from the Merlin cmd upload:
Adding 10.164.183.253 to interface net3.
Advertising NMRP server on net3 ... \
Received TFTP_UL_REQ while waiting for CONF_REQ!
Received upload request without filename.
Using remote filename 'R7000_380.69_2.chk'.
Uploading R7000_380.69_2.chk ... OK
Waiting for remote to respond.
Received keep-alive request.
..
..
..
Received keep-alive request.
Remote finished. Closing connection.
Reboot your device now.
From Merlin I attempted to go directly to Kong but it rejected the .chk files I had. I messed with this a bit, went back to trying to NMRP flash different versions and I eventually flashed/uploaded the Tomato Advanced .trx directly from the Merlin web interface.
At this point I tried to use Tomato to upload the .chk files which failed again and I googled and learned that if I want to go from tomato to DD-WRT I need the .bin files for Kong DD-WRT. So I downloaded the .bin version of Kong DD-WRT and uploaded those through Tomato Advanced. Worked flawlessly.
I can't say for certain but its possible I could have skipped a step or two in this process had I known about the .bin files to begin with. But I'm not claiming to be an expert and at this point my router has the version of DD-WRT I wanted and I'm leaving well enough alone.
Okay I decided since this thread helped me a good bit I would bother to look up my old login information and add to the thread to help the next guy along;
I did succeed in getting Kong DD-WRT on my R7000; this is the process I followed:
I'm going to skip over some of the basic command line functions since they're already covered in the above as well as the YouTube video.
I did not find it necessary to downgrade versions as mentioned in the youtube video but it was helpful to see the process and hear the discussion about it.
I did not time the NMRPflash perfectly as mentioned in this thread but I did find pinging the router helpful in determining connection and watching how things were progressing. (ping 192.168.1.1 -t was helpful to endlessly ping until stopped[Ctrl+C to break the ping]). I used the "brute force" multiple attempt approach shown in the YouTube video as opposed to timing it.
So my first successful flash was Merlin. It took a few tries with the command line but if you let it fail a few times and hit the up arrow and enter again eventually it sticks and uploads.
This is a copy/paste of the result from the Merlin cmd upload:
Adding 10.164.183.253 to interface net3.
Advertising NMRP server on net3 ... \
Received TFTP_UL_REQ while waiting for CONF_REQ!
Received upload request without filename.
Using remote filename 'R7000_380.69_2.chk'.
Uploading R7000_380.69_2.chk ... OK
Waiting for remote to respond.
Received keep-alive request.
..
..
..
Received keep-alive request.
Remote finished. Closing connection.
Reboot your device now.
From Merlin I attempted to go directly to Kong but it rejected the .chk files I had. I messed with this a bit, went back to trying to NMRP flash different versions and I eventually flashed/uploaded the Tomato Advanced .trx directly from the Merlin web interface.
At this point I tried to use Tomato to upload the .chk files which failed again and I googled and learned that if I want to go from tomato to DD-WRT I need the .bin files for Kong DD-WRT. So I downloaded the .bin version of Kong DD-WRT and uploaded those through Tomato Advanced. Worked flawlessly.
I can't say for certain but its possible I could have skipped a step or two in this process had I known about the .bin files to begin with. But I'm not claiming to be an expert and at this point my router has the version of DD-WRT I wanted and I'm leaving well enough alone.
Hope this helps someone else!
What ".bin" file from Kong did you use when you flashed from Tomato?