Asus' recovery mode firmware... Read-only? Protected?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Wed May 15, 2024 13:12    Post subject: Asus' recovery mode firmware... Read-only? Protected? Reply with quote
Is Asus' recovery mode firmware read-only? That is even if you write to it (or its address space), it will remain unchanged.

I only know that DD-WRT is always flashed to mtd2 "linux". I suppose mtd0 "boot" and mtd3 "rootfs" are always protected and read-only?

Is Asus' recovery mode firmware in another chip, not listed as mtd?

Or does DD-WRT include Asus' recovery mode firmware? Well, that is dangerous and explains my recent LAN problem after flashing. Smile

DD-WRT :: View topic - New Build - 05/13/2024 - r56359
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=336573&start=7

Code:
~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00080000 00020000 "boot"
mtd1: 00180000 00020000 "nvram"
mtd2: 01e00000 00020000 "linux"
mtd3: 01c60000 00020000 "rootfs"
mtd4: 06000000 00020000 "ddwrt"

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw


Last edited by mwchang on Fri May 17, 2024 8:15; edited 1 time in total
Sponsor
BFG-9000
DD-WRT Novice


Joined: 31 Dec 2017
Posts: 17

PostPosted: Thu May 16, 2024 7:21    Post subject: Reply with quote
It was probably more obvious in Broadcom MIPs such as RT-AC66 (where the CFE was on a separate 2MB NOR serial chip rather than on NAND flash with the firmware), but tools/commands for flashing firmware are usually designed to never touch the CFE. When Broadcom went to ARM everything just went to different partitions on the NAND flash to save on cost. And with so much RAM nowadays, the live CFE may even be shadowed (to run faster) so you may well be only writing to the temporary copy in RAM.

The ASUS Recovery webserver is nothing more than the bog-standard Broadcom GUI rescue/recovery mode in the CFE supplied by Broadcom, lightly modified with ASUS branding on it. It only seems like an unusual feature to us because Netgear, Linksys and TP-Link for some reason disabled it entirely.

As it is in the CFE, it never writes to the partition it is itself in either. The recovery webserver is automatically invoked if the firmware fails to boot, however if it does boot, control of everything including the LAN ports is handed off to the firmware even if that immediately crashes afterwards (I don't know if there's anything in NVRAM that affects the LAN ports in a similar way to wifi radios, but firmware can definitely write to that). Even dual firmware partitions would fail there because it would just keep bootlooping the primary partition.

Normally all it takes to manually invoke the recovery webserver (with the power LED flashing slowly) is to power-on with the reset button held down, but sometimes the NVRAM has to be cleared before this works with a power-on while the wps button is held down, then once the router reboots (all lights flash) let go of the wps button and hold the reset button as usual. Failing that, you have to stop the booting past the CFE with a serial cable just as as with Netgear, Linksys and TP-Link.

It's like these companies never expect things to break because sometimes even TFTP is disabled by default.

As for your question on why routers seem to die after a few years, it's almost always the electolytic caps as they have the shortest rated life, especially at elevated temperatures. While your RT-N18U appears to have particularly good build quality with just three polymer caps inside, there are still electrolytics in the power supply. So always try another power brick first.
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Thu May 16, 2024 10:42    Post subject: Reply with quote
BFG-9000 wrote:
As for your question on why routers seem to die after a few years, it's almost always the electolytic caps as they have the shortest rated life, especially at elevated temperatures. While your RT-N18U appears to have particularly good build quality with just three polymer caps inside, there are still electrolytics in the power supply. So always try another power brick first.

Okay, I finally pryed open my RT-N18U, along the front of the router.

The board has the printing "ASUS RT-N18U REV 2.20".

The 3 capacitors (4E4-100-16V, E479-300-6.3V, 470-25A-K64) are clean, no leakage of fluid. Not sure whether they are solid capacitors. No bulging as well.

I found no burnt marks on the dark blue PCB, front and back. I haven't removed the big heatsink, which is unnecessary as the firmware was basically working fine.

The 4-pin serial header J3 is now visible and accessible.

There are two kind of induction coils labeled "1419 HN36201CG" for the LAN ports, and one coil labelled "1419 HN18101CG" for the WAN port. Would they affect connection?

The top plastic cover is so tightly sealing the router that I don't know why 4 screws are needed. Smile

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
khayalan
DD-WRT Novice


Joined: 28 Feb 2021
Posts: 10

PostPosted: Thu May 16, 2024 19:59    Post subject: Reply with quote
BFG-9000 wrote:

As for your question on why routers seem to die after a few years, it's almost always the electolytic caps as they have the shortest rated life, especially at elevated temperatures. While your RT-N18U appears to have particularly good build quality with just three polymer caps inside, there are still electrolytics in the power supply. So always try another power brick first.


mwchang wrote:
Asus RT-N18U **NOT** responding after flashing this build. Only 3 LEDs were lit up instead of 5 after booting this build, which was abnormal.

Asus' recovery mode seemed not working. The power LED was just blinking slowly, but no access to the CFE MiniWeb Page at 192.168.1.1.

Did all LAN ports just die? Right after flashing? Or was it bricked?? Smile

Other than dead LAN ports or even the Ethernet controller, couldn't understand what was happening.

Need more tests to confirm....


@mwchang Apparently you're a power user, 5 LEDs that could means using usb ports too. Since you have been owning it since 2014, I am wondering have you checked it's power adapter voltage value? FYI, I own it since 2014 too, but I only use it as a gateway plus it's wireless features, and it's OEM frailty adapter didn't last long. As a result, causing stability problems and then came to a situation where I can't get to my gateway IP address 192.168.1.1 one day. I've checked the adapter's voltage and found that it's value ~10 VDC, compares to the supposed power requirement of 12 VDC. A new replacement solved the problem for me. My two cents.
BFG-9000
DD-WRT Novice


Joined: 31 Dec 2017
Posts: 17

PostPosted: Thu May 16, 2024 22:38    Post subject: Reply with quote
Often the voltage actually checks fine on a DC multimeter, while the problem is a massive amount of output ripple due to dead caps in the PSU. You'd have to use an oscilloscope to see that, or for just an averaged noise value set the multimeter to "AC".

The other common failure is tin whiskers growing from the lead-free solder shorting something out. Cold solder joints/cracks are usually seen in stuff that's frequently thermal cycled between cold and hot + fortunately aren't that common if operating at continuous high temperature, but shocks and vibration take their toll too.
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Fri May 17, 2024 3:49    Post subject: Reply with quote
khayalan wrote:
@mwchang Apparently you're a power user, 5 LEDs that could means using usb ports too. Since you have been owning it since 2014, I am wondering have you checked it's power adapter voltage value? FYI, I own it since 2014 too, but I only use it as a gateway plus it's wireless features, and it's OEM frailty adapter didn't last long. As a result, causing stability problems and then came to a situation where I can't get to my gateway IP address 192.168.1.1 one day. I've checked the adapter's voltage and found that it's value ~10 VDC, compares to the supposed power requirement of 12 VDC. A new replacement solved the problem for me. My two cents.

That I.T.E DC 12V power supply of Asus RT-N18U can power another 12V Totolink router without problem. So it's safe to rule out this issue.

As I said in another thread, only the 4 LAN ports are not responding. The firmware is indeed responding to the RESET button, both DD-WRT(?) and Asus' recovery mode, based on the blue LEDs' behavior.

Could it be a dead flash (NVRAM) chip after being flashed for 10 years? That strangely just affect the LAN function? Or is it really the fault of DD-WRT?

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
lexridge
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1251
Location: WV, USA

PostPosted: Fri May 17, 2024 5:29    Post subject: Reply with quote
mwchang wrote:
That I.T.E DC 12V power supply of Asus RT-N18U can power another 12V Totolink router without problem. So it's safe to rule out this issue.

It is often difficult to rule out the power supply. It may work fine on another device that doesn't draw as many amps and way less if no usb devices are plugged into it. An will even check out fine on a multi-meter. The multi-meter doesn't compensate for the load. That is what makes them malfunction.
Quote:

Could it be a dead flash (NVRAM) chip after being flashed for 10 years? That strangely just affect the LAN function? Or is it really the fault of DD-WRT?

Very unlikely. I have been flashing my EA8500 way more than I would ever think was safe, but still taking updates nicely. You have anywhere from 50k to 250k writes to firmware. Very few of us might ever exceed this or get even close...unless the flashrom itself is faulty otherwise.

_________________
- Linksys EA8500: I-Gateway, AP/VAP 5ghz only r56820: Features: WDS-AP, VLANs, Samba, WG, Entware
- Linksys EA8500: WDS Station x2 - r56941
- Netgear R6400v2: WAP/VAP 2.4ghz only w/VLANs over single trunk port. r56820
- Netgear R7800 (WDS-AP, WAP/VAP) - r56820: Features in use: multiple VLANs over single trunk port
- Linksys MR7350: Testing r56941
- Linksys Velop WHW03v1 x2: OpenWRT w/GRETAP tunnel for VLANs on VAPs
- OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.

- Forum member #248
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Fri May 17, 2024 7:47    Post subject: Reply with quote
BFG-9000 wrote:
Often the voltage actually checks fine on a DC multimeter, while the problem is a massive amount of output ripple due to dead caps in the PSU. You'd have to use an oscilloscope to see that, or for just an averaged noise value set the multimeter to "AC".

lexridge wrote:
It is often difficult to rule out the power supply. It may work fine on another device that doesn't draw as many amps and way less if no usb devices are plugged into it. An will even check out fine on a multi-meter. The multi-meter doesn't compensate for the load. That is what makes them malfunction.

I can connect the Totolink 12V power adapter, which is seldom used, to my Asus RT-N18U. It has the same spec (12V, 1.5A) as the Asus' power adapter.

Update: Tried it. No change, LAN ports are still NOT working.

Still think it's not a power issue as the firmwares in the NVRAM are still responding to the RESET button, based how the LEDs flashed.



I have since found 3 breadboard jumper cables (female to female), and my motherboard has a serial port header. But it seemed that TFTP flash requires a working LAN port, but all LAN ports of my Asus RT-N18U are not working. TFTP is T-FTP.

Unless I can upload a BINARY file over serial port, and without any file transfer programs(e.g. Kermit). And what about storage for the upload? Wink

Serial Recovery - DD-WRT Wiki
https://wiki.dd-wrt.com/wiki/index.php/Serial_Recovery

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw


Last edited by mwchang on Fri May 17, 2024 8:40; edited 8 times in total
khayalan
DD-WRT Novice


Joined: 28 Feb 2021
Posts: 10

PostPosted: Fri May 17, 2024 7:51    Post subject: Reply with quote
mwchang wrote:
As I said in another thread, only the 4 LAN ports are not responding. The firmware is indeed responding to the RESET button, both DD-WRT(?) and Asus' recovery mode, based on the blue LEDs' behavior.


BFG-9000 wrote:
Normally all it takes to manually invoke the recovery webserver (with the power LED flashing slowly) is to power-on with the reset button held down, but sometimes the NVRAM has to be cleared before this works with a power-on while the wps button is held down, then once the router reboots (all lights flash) let go of the wps button and hold the reset button as usual. Failing that, you have to stop the booting past the CFE with a serial cable just as as with Netgear, Linksys and TP-Link.


BFG-9000’s words remind me of there is another way you could try before going with a serial cable route; an Asus WPS method that you didn’t mention in your post.

https://www.asus.com/support/faq/1039074/

Good luck.


Last edited by khayalan on Fri May 17, 2024 8:00; edited 1 time in total
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Fri May 17, 2024 7:57    Post subject: Reply with quote
khayalan wrote:
BFG-9000’s words reminds me of there is another way you could try before going with a serial cable route; an Asus WPS method that you didn’t mention in your post.

https://www.asus.com/support/faq/1039074/

I think I tried various combinations of WPS and RESET buttons. Asus assumed that you are still using Asus' official firmware. Smile

But thank you for the link.

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
khayalan
DD-WRT Novice


Joined: 28 Feb 2021
Posts: 10

PostPosted: Fri May 17, 2024 9:31    Post subject: Reply with quote
mwchang wrote:
I think I tried various combinations of WPS and RESET buttons. Asus assumed that you are still using Asus' official firmware. Smile

But thank you for the link.


O yea? I have put method 1 into a test. Power off my RT-N18U, while pressing WPS button, press power button on. Wait until I see the Power LED flashing rapidly, then I release my pressing of WPS button. Wait for a moment(2 or 3 minutes) or so, then I will see the Power LED, Wireless LED, and WAN LED lights up.
Now, I double check with ping -t 192.168.1.1, and via the web browser, voila! My Asus RT-N18U is running with the latest DD-WRT firmware, reset. Very Happy
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Fri May 17, 2024 11:18    Post subject: Reply with quote
khayalan wrote:
O yea? I have put method 1 into a test. Power off my RT-N18U, while pressing WPS button, press power button on. Wait until I see the Power LED flashing rapidly, then I release my pressing of WPS button. Wait for a moment(2 or 3 minutes) or so, then I will see the Power LED, Wireless LED, and WAN LED lights up.
Now, I double check with ping -t 192.168.1.1, and via the web browser, voila! My Asus RT-N18U is running with the latest DD-WRT firmware, reset. Very Happy

The four LAN ports in your RT-N18U are working. But mine are not. SO being able to reset the firmware or its settings are useless to my RT-N18U.

When the LAN ports in my RT-N18U were still working, I could also go to Recovery Mode and ping 192.168.1.1. They failed after I flashed DD-WRT build r56359 and a cold boot. Could just be a coincidence.

But thank you for the suggestion anyway.

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Fri May 17, 2024 11:47    Post subject: Reply with quote
BFG-9000 wrote:
The ASUS Recovery webserver is nothing more than the bog-standard Broadcom GUI rescue/recovery mode in the CFE supplied by Broadcom, lightly modified with ASUS branding on it. It only seems like an unusual feature to us because Netgear, Linksys and TP-Link for some reason disabled it entirely.

As it is in the CFE, it never writes to the partition it is itself in either. The recovery webserver is automatically invoked if the firmware fails to boot, however if it does boot, control of everything including the LAN ports is handed off to the firmware even if that immediately crashes afterwards (I don't know if there's anything in NVRAM that affects the LAN ports in a similar way to wifi radios, but firmware can definitely write to that). Even dual firmware partitions would fail there because it would just keep bootlooping the primary partition.

So programmers of DD-WRT (and anyone from the government?) *theoretically* could destroy the CFE inside the mandatory Broadcom binary as well as to destroy the shared LAN ports' management codes?

Too bad the CFE / Recovery mode is NOT completely safe from tampering.... Well...

10 years of DD-WRT adventure will most likely rest this time. Smile

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw


Last edited by mwchang on Sat May 18, 2024 10:11; edited 1 time in total
lexridge
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1251
Location: WV, USA

PostPosted: Fri May 17, 2024 15:04    Post subject: Reply with quote
mwchang wrote:
I can connect the Totolink 12V power adapter, which is seldom used, to my Asus RT-N18U. It has the same spec (12V, 1.5A) as the Asus' power adapter.

Update: Tried it. No change, LAN ports are still NOT working.

Okay, I would agree then, probably not the p/s.

Quote:
I have since found 3 breadboard jumper cables (female to female), and my motherboard has a serial port header. But it seemed that TFTP flash requires a working LAN port, but all LAN ports of my Asus RT-N18U are not working. TFTP is T-FTP.

Unless I can upload a BINARY file over serial port, and without any file transfer programs(e.g. Kermit). And what about storage for the upload? Wink


Not sure how to upload via serial with your particular hw, but if you find out it's possible, you would upload the file into /tmp.

If nothing else, I would connect to the serial port to see what is happening on boot, and if it is actually really booting (or completing to boot) at all, for that matter. Connecting the serial port is really the only true way to find out for sure. Otherwise you are working completely in the dark with zero information about the goings on under the hood.

_________________
- Linksys EA8500: I-Gateway, AP/VAP 5ghz only r56820: Features: WDS-AP, VLANs, Samba, WG, Entware
- Linksys EA8500: WDS Station x2 - r56941
- Netgear R6400v2: WAP/VAP 2.4ghz only w/VLANs over single trunk port. r56820
- Netgear R7800 (WDS-AP, WAP/VAP) - r56820: Features in use: multiple VLANs over single trunk port
- Linksys MR7350: Testing r56941
- Linksys Velop WHW03v1 x2: OpenWRT w/GRETAP tunnel for VLANs on VAPs
- OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.

- Forum member #248
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 2054

PostPosted: Fri May 17, 2024 16:42    Post subject: Reply with quote
x2 for serial port. That will tell you what is happening on boot, and you can also break boot and clear nvram and reboot to see if that is part of the issue. As far as how to upload a file without ethernet ports, might be able to utilize the usb port(s).
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum