Posted: Tue Jun 28, 2022 19:04 Post subject: Bootloader needed, again (buffalo wzr-1750dhp)
Can someone please provide a working bootloader, or complete firmware image including bootloader for the buffalo wzr-1750dhp ? a year ago (check link below) i asked for a bootloader, but i was told it doesnt look good?
i had no time to test until recently, flashed that bootloader file using a flash tsop48 adapter from aliexpress (https://de.aliexpress.com/item/1005003021538241.html?gatewayAdapt=glo2deu). but had no luck getting a serial console after resoldering the chip back on..
i am out of options right now. any help, files would be appreciated.
What is wrong with the one I posted in that thread?
idk someone said it contains ram information and is thus bad? i dumped it to the nand flash chip, maybe i didnt write to the correct address? i started at 0x0
which model do you habe? US or EU?
What is wrong with the one I posted in that thread?
This is what's wrong with it. Open the file with HxD and look at it. 1024kb is twice the size of the normal bootloader on Broadcom ARM devices. Do you have this router? If so, would be helpful to see the information of cat /proc/mtd. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
i have a couple other buffalo bootloaders from an ftp server i found here. sadly my router is not there, but i took a look into the Buffalo-WZR-D1800H one, it's 512kB.
i also doubt 1MB Bootloader is normal. idk check attached file
What is wrong with the one I posted in that thread?
This is what's wrong with it. Open the file with HxD and look at it. 1024kb is twice the size of the normal bootloader on Broadcom ARM devices. Do you have this router? If so, would be helpful to see the information of cat /proc/mtd.
thanks for finding those hidden posted cfe.bin files.. i guess the flashing method might be wrong. i will do some reading and attempts and report back.
No the CFE must not be 1024KB, it should be 512KB.
The uploaded CFE in your first link looks to be ok at a quick glance but it is duplicated (the second half has the same contents as the first half) so just cut off the second 512KB from it with a hex editor. _________________ Kernel panic: Aiee, killing interrupt handler!
After examining the file again, that looks exactly like what the problem is. The attached file should be a proper split; please verify. Thank you for the interjection, LOM.
pitfermi wrote:
thanks for finding those hidden posted cfe.bin files.. i guess the flashing method might be wrong. i will do some reading and attempts and report back.
I would wait for a confirmation, but I think you were correctly flashing the file; it was just the wrong size.
_________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Why would backing up the CFE result in a 1024kB file size instead of 512KB? Probably because there are 2 flash partitions pointing to the same address, like @the-joker pointed out and the gui software treats it as different boot locations? only explanation i can find.
Thanks for your help though guys.
I am currently attaching fly wires to the flash pads since i ripped some of them and have to use a tsop48 adapter to wire the flash.
dale_gribble39 wrote:
After examining the file again, that looks exactly like what the problem is. The attached file should be a proper split; please verify. Thank you for the interjection, LOM.
pitfermi wrote:
thanks for finding those hidden posted cfe.bin files.. i guess the flashing method might be wrong. i will do some reading and attempts and report back.
I would wait for a confirmation, but I think you were correctly flashing the file; it was just the wrong size.
If this router is like the Linksys EA series Broadcom Northstar (ARM) devices, it has two firmware partitions. I haven't looked for the output of cat /proc/mtd or a serial bootlog of stock firmware for this router to chase that rabbit down the hole. The erroneous double-sized CFE backup may be that there is (or was?) a flaw in the way the backup mechanism works, but that is pure speculation on my part. Hopefully, you can get the device recovered now. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio