Joined: 14 Jan 2008 Posts: 3 Location: Lake Placid, NY
Posted: Mon Jan 14, 2008 21:32 Post subject: Bricked WAP54G v1.1
I've searched this forum and google but I'm still not sure if its possible to unbrick this AP. Has anyone had any luck? I've tried several different methods I've found for other versions. Is it possible to use JTAG with this AP? If anyone has any advice please let me know.
Joined: 14 Jan 2008 Posts: 3 Location: Lake Placid, NY
Posted: Wed Jan 16, 2008 3:29 Post subject:
I can't ping or tftp. I tried the reset button but nothing happens. I read the post and saw the pics of the ver1 recovery using JTAG. The ver1.1 that i have looks a lot different. I'll try to take a pic and post it tomorrow.
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Thu Jan 17, 2008 20:03 Post subject:
Wow...this is WAY different from my V1.0. I don't see a JTAG header anywhere in your pics.
Finding the JTAG points would be key to unlocking it but I don't know the unit....hopefully, someone else on the forum will recognize it and know a way to hard wire a JTAG header to the board.
redhawk _________________ The only stupid question....is the unasked one.
Anyone know how to unbrick the Wap54g V1.1 easily? I wish it were as easy as shorting 2 pins on the flash chip. Maybe it is. It uses the AMD AM29LV160D FLASH Chip. Any thoughts?
I did find this post to make a Cable by adding a UART and a MAX232 transceiver but I am not very good at electronics.
Hello, I just found this post when I was doing a google search to find out more about mine. Your WAP54G is Identical to mine! Does yours say v1.1 on the outside? Mine says WAP54G on the outside and the circuit board is WX5561_V02, which I believe is what yours says. Mine is bricked in basically the same way as yours. I have been trying a number of different things that others did, but I cant seem to bring it back so far.
There is a slight difference, mine is WX5561_02 109-501-4700 but other then that it looks the same. My flash chip is also different then others I have heard of "GLT5640L16-7TC" and another number says AA03936 right below the GL number. Dunno if this is helpful to anyone whos worked with these...
Well I think I figured it out. If you look at the circuit board you will see traces from the flash chip going to a second set of pins where it looks like the original flash chip was at. There is also a silk screen outline of another flash chip here. If you short pins 15 and 16 on this set of pins it will allow you to upload the firmware. (I have the AMD AM29LV160DB flash chip on my V1.1) I read on another forum that you want to short pins 1 and 16. So I did that also. I was able to bring my Wap54g V1.1 back from the dead to where I could log into it. My Activity and LAN lights were always working so I was pretty sure I could bring it back. Only took my 2 years to figure it out. LOL
Here is a picture of the area I am talking about that you want to short the pins at:
I don't know how you managed to get your WAP54G v1.1 to respond by shorting pin 1 to anything, because pin 1 is NC (Not Connected).It's not connected to anything. Also, shorting pins 15 & 16, 16 & 17 or any other combination doesn't work. Don't bother, you may just end up screwing up your flash to the point of no return. Pin 15 is a Ready/Busy Output state pin, 16 & 17 are Address Lines A18 and A17 respectively. Shorting or grounding these could be very dangerous for the flash.
I have 2 WAP54G v1.1 and neither of them are working at the moment. I've done most of my experimenting on the first one, the second one I'm saving untouched so that I can try accessing it through a home-built UART interface.
Oh, BTW, pin 16 on the second set of pins goes to pin 12 on the flash chip which is RESET#. By grounding RESET#, it causes the board to reboot and reread from the flash.
The pin that was most interesting for me was Pin 28 (Output Enable). Normally this pin is at V#IL (Voltage Input Low) which is between -0.5 and 0.8V. This tells the flash to function normally. If this pin is put to V#IH (Voltage Input High) which is 70% of Vcc (about 2.3V), then the flash will be disable mode which places the output pins in a high impedance state. I'd think that this would cause the board to go into recovery mode. So far no luck.
Oh, I also wanted to mention that even though I'm not getting ping replies, I do have an ARP table entry for 192.168.1.1 of 00-11-22-33-44-56 which is what the MAC was changed to after putting RC5 dd-wrt.v24_micro_generic.bin on it.
So the MAC is still there, but no functional TCP/IP.
Yes mine responds similarly. When I try to ping the WAP does respond to the initial ARP request and it says 192.168.1.1 is at 11.22.33.44.56, but it does not return the pings. So the layer 2 is functioning ok, but so far no tcp/ip on mine either.
Also see my own post about what Ive been doing to troubleshoot my own:
I don't know how you managed to get your WAP54G v1.1 to respond by shorting pin 1 to anything, because pin 1 is NC (Not Connected).It's not connected to anything. Also, shorting pins 15 & 16, 16 & 17 or any other combination doesn't work. Don't bother, you may just end up screwing up your flash to the point of no return. Pin 15 is a Ready/Busy Output state pin, 16 & 17 are Address Lines A18 and A17 respectively. Shorting or grounding these could be very dangerous for the flash.
I have 2 WAP54G v1.1 and neither of them are working at the moment. I've done most of my experimenting on the first one, the second one I'm saving untouched so that I can try accessing it through a home-built UART interface.
_glitch
I think mine was a corrupted configuration (Linksys settings and 3rd party mixed). The reset button no longer worked. When I shorted Pin 16 on the second set of pins (which you stated is the RESET# Pin 12 on the flash chip), it got it to reboot with the defaults of the firmware. It was still very messed up. I couldn't save any settings to it. I had to flash the linksys firmware back on to it by renaming it to code.bin and then doing a hard reset after the flash was done. Now it is working. So I think I was pretty lucky getting it to work again. All I was trying to do when I shorted teh pins was to get the flash to report a bad checksum so it would let me TFTP a new firmware. But I got lucky and got it working again.
