Joined: 28 Jun 2008 Posts: 12 Location: Zaporozhye, Ukraine
Posted: Sat Jun 28, 2008 14:11 Post subject:
I am using dd-wrt v24 firmware with WAN-port connected to home-LAN.
Active use of torrent client make router unresponsible.
Also maximal transfer speed from LAN to WAN 1,5Megabyte/s.
I want to recover original firmware of my DIR-400.
I tried to use "emergency web server" to upload original firmware (Power on router with holding reset button for 15 seconds). Web server running on IP 192.168.0.1. Original firmware image uploading succesfully, but firmware update process interrupts at 15% and router rebooting. After reflashing router not responding on any known IP-addresses. And the only way to make it work - reflash dd-wrt using Redboot, telnet and tftp.
Is anyone knows a correct way to flash original firmware ?
Joined: 06 May 2008 Posts: 26 Location: Chelyabinsk, Russia
Posted: Mon Jun 30, 2008 5:06 Post subject:
I've run into the same troubles. The router reboots at 14% of flashing process. Most probably linux has not been loaded after rebooting. When I flash dd-wrt back I've saw that boot script still is "..fis load -l linux ..exec" (even after unsuccessful attempt to flash original firmware), but I remember that the original boot script was "..fis load -l vmlinux.bin.l7 ..go". May this be a reason for the problem? DD-WRT firmware filename is linux.bin, but the original firmware filename is vmlinux.bin.l7. I think that flashing process of original firmware was successful, but after rebooting linux can't be loaded because the boot script is improper - the loader tries to load nonexistent linux kernel.
Joined: 06 May 2008 Posts: 26 Location: Chelyabinsk, Russia
Posted: Sat Jul 05, 2008 8:21 Post subject:
Last news - unfortunately this is impossible to revert the original DIR-400 firmware back using the DIR-300 method. Shadowandy has told me that his DIR-300 method is unapplicable for DIR-400. The only way is flashing via RedBoot, but we should have original vmlinux.bin.l7.
Can someone tell me how I can extract vmlinux.bin.l7 image from original firmware file? Can we get vmlinux.bin.l7 from the DIR-400 router with original firmware?
Joined: 28 Jun 2008 Posts: 12 Location: Zaporozhye, Ukraine
Posted: Wed Jul 09, 2008 4:46 Post subject:
It works!
I restored the original firmware with putty, redboot and tftpd.
1.First you need 2 files: vmlinux.bin.l7 and rootfs. (See attachment). Also putty and tftp server.
2.Put vmlinux.bin.l7 and rootfs to root directory of tftp server and start it.
3.Make IP address of your computer is 192.168.0.99 (or or any from range 192.168.0.2-192.168.0.254). And connect your computer network card to the router's WAN port.
4.Run putty, set connection type to telnet. IP: 192.168.0.1, Port: 9000.
5.Start ping 192.168.0.1 -t
6.Restart router with power-off - power-on.
7.After second successful ping reply connect putty. If not works try from step 6 again.
8.putty log:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2008.07.08 23:40:49 =~=~=~=~=~=~=~=~=~=~=~=
== Executing boot script in 0.060 seconds - enter ^C to abort
^C
RedBoot> ip_address -h 192.168.0.99 press Enter
IP: 192.168.0.1/255.255.255.0, Gateway: 0.0.0.0
Default server: 192.168.0.99
RedBoot> fis init press Enter
About to initialize [format] FLASH image system - continue (y/n)? y press Enter
*** Initialize FLASH Image System
And a descriptor for the configuration data size = 10000
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> load -r -b 0x80041000 vmlinux.bin.l7 press Enter
Using default protocol (TFTP)
Raw file loaded 0x80041000-0x800d0fff, assumed entry at 0x80041000
RedBoot> fis create vmlinux.bin.l7 press Enter
... Erase from 0xbfc40000-0xbfcd0000: .........
... Program from 0x80041000-0x800d1000 at 0xbfc40000: .........
prog_ok
flash_addr = 0xbfc40000
mem_addr = 0x80041000
entry_addr = 0x80041000
length = 0x90000
img_size = 0x90000
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> load -r -b 0x80041000 rootfs press Enter
Using default protocol (TFTP)
Raw file loaded 0x80041000-0x80350fff, assumed entry at 0x80041000
RedBoot> fis create -l 0x310000 -f 0xbfcd0000 -e 0x00000000 -r 0xbfcd0000 rootfs press Enter
... Erase from 0xbfcd0000-0xbffe0000: .................................................
... Program from 0x80041000-0x80351000 at 0xbfcd0000: .................................................
prog_ok
flash_addr = 0xbfcd0000
mem_addr = 0xbfcd0000
entry_addr = 0x0
length = 0x310000
img_size = 0x310000
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> fis list press Enter
Name FLASH addr Mem addr Length Entry point
RedBoot 0xBFC00000 0xBFC00000 0x00030000 0x00000000
Config 0xBFC30000 0xBFC30000 0x00010000 0x00000000
vmlinux.bin.l7 0xBFC40000 0x80041000 0x00090000 0x80041000
rootfs 0xBFCD0000 0xBFCD0000 0x00310000 0x00000000
FIS directory 0xBFFE0000 0xBFFE0000 0x0000F000 0x00000000
Calibration 0xBFFF0000 0xBFFF0000 0x00010000 0x00000000
RedBoot> fconfig press Enter
Run script at boot: true press Enter
Boot script:
.. fis load -l linux
.. exec
Enter script, terminate with empty line
>> fis load -l vmlinux.bin.l7 press Enter
>> go press Enter
>> press Enter
Boot script timeout (1000ms resolution): 2 press Enter
Use BOOTP for network configuration: false
Gateway IP address: press Enter
Local IP address: 192.168.0.1 press Enter
Local IP address mask: press Enter
Default server IP address: 192.168.0.100 press Enter
Console baud rate: 9600 press Enter
GDB connection port: 9000 press Enter
Force console for special debug messages: false press Enter
Network debug at boot time: false
Update RedBoot non-volatile configuration - continue (y/n)? y press Enter
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> reset press Enter
Red color highlighting commands that i print.
vmlinux.bin.l7 extracted from the Flash dump, thanks to dobrinia. But it can be extracted from original firmware .bin file from d-link oficial site.
Joined: 06 May 2008 Posts: 26 Location: Chelyabinsk, Russia
Posted: Wed Jul 09, 2008 5:26 Post subject:
Great job tklim! Yesterday I tried to revert my DIR-400 back with vmlinux.ap61.bin.l7 and jffs2.ap61.bin compiled from d-link sources and got router with d-link firmware work partially. WI-Fi does not operate. I tried to upgrade firmware via web interface, but the router does not respond after reboot. Did you have any problems with your router after d-link firmware flashing?
Joined: 28 Jun 2008 Posts: 12 Location: Zaporozhye, Ukraine
Posted: Wed Jul 09, 2008 6:59 Post subject:
dmitry1972 wrote:
Did you have any problems with your router after d-link firmware flashing?
After restoring firmware router works fine, even my old settings (before dd-wrt flashing) remains.
I had no time to test wi-fi, but i think it works fine. I'll try to test today.
Also i upgrade firmare to version 1.02beta via standart web-interface.
Joined: 06 May 2008 Posts: 26 Location: Chelyabinsk, Russia
Posted: Thu Jul 10, 2008 5:11 Post subject:
I've successfully reverted my DIR-400 back yesterday. Router works fine. Please add a new wiki page with the flashing instructions and post the link here.
tklim, im interested in reverting my dir300, and u said that vmlinux.bin.l7 can be extracted from firmware on dlink web, so how can i extract it??
also, would the atached root.fs work on my dir300, else where could i get it?? i know theres one in shadowandy(i guess thats the one), but theres problems with it, and i dont want my mac changed or lose some functions.
Joined: 28 Jun 2008 Posts: 12 Location: Zaporozhye, Ukraine
Posted: Thu Jul 10, 2008 14:28 Post subject:
duhast1, dir-300 firmware file format is differs from the dir-400.
About dir-400 firmware structure:
First 0x90000 bytes is vmlinux.bin.l7 that may be written to 0xbfc40000 (in router internal address space)
From 0x90000 to file end - is rootfs file (begin with "sqsh" text string
At the end of firmware is text string=board signature ("AP61-AR2318-RT-060913-00")
Joined: 06 May 2008 Posts: 26 Location: Chelyabinsk, Russia
Posted: Fri Jul 11, 2008 3:40 Post subject:
duhast1,
firstly try to get the memory map of DIR-300 with original firmware (fis list). Then you'll be able to separate the firmware file properly and flash it at appropriate places in the router address space. Also you can try to build the original firmware image file from sources, that available at d-link ftp. At the end of building process you'll see how to script assemble the result file from image files built previously, and you'll know the order of images in the result file.
Joined: 06 May 2008 Posts: 26 Location: Chelyabinsk, Russia
Posted: Mon Sep 15, 2008 4:00 Post subject:
tklim wrote:
3.Make IP address of your computer is 192.168.0.99 (or or any from range 192.168.0.2-192.168.0.254). And connect your computer network card to the router's WAN port.
Last news: if you've once flashed your DIR-400 router with DIR400A1_FW102B07 original firmware, then you should use LAN port instead WAN, because new redboot uses LAN port.