Well, guys, keep us informed on what you get finally. As I see, fluffy has got a good result copying from the same router, , when I just managed to reprogram flash in full at d-link tech support. I do believe it's connected to board config data damaged by new red boot; same as you, I had this problem after revert to original firmware and back to dd-wrt. So there's some hidden problem in it, and we still have no idea how to prevent it, despite on keeping it working on dd-wrt and never change to another version or back to d-link. Which is not really the case.
vcn, the problem is they can not load dd-wrt kernel on their boards. And thus they can not do the step 2) from your post. I suppose they can load the original firmware, but this can not help to restore the board config and can cause some problem even with this original software (in my case the redboot can not load boot script and I have to start the kernel manually by "fload" and "go" commands from redboot)
Board config for dir-300 is located at 0xbfff0000-0xbfffffff. But nither original redboot nor the dd-wrt redbott do not allow to write to this scope of addresses. bdrestore and bdmove should do this, as I could understand, but they can not find the board config and nobody knows where they are trying to find it .
Well, everybody who has the dir-300 can try my steps - I think all these boards should have the similar board config information.
deaftone,
You said in the other thread that this happened after you enabled jffs. The same thing happened to me last week. It looks like turning on jffs nuked the board config.
Good news is that I managed to recover it. I don't have an ar430w handy right now, so I'll post the details to restore it when I get home. It's similar to the steps fluffy posted. (I saw it after I spend a good part of my sleeping hours figuring out the same thing) The gist of it is this:
1) Find the flash location of the board config. You can find this in the dd-wrt boot log of a good ar430w or dir300. it's the address of mtd\6. I think openwrt also has a copy up on their site.
2) Make a copy of /dev/mtd/6 from a good router.
3) Find the MAC addresses located in the previous file and change them to those of your router.
4) Load up the original ar430w redboot to your router.
5) fwrite the file from step 3 to the address from step 1.
6) flash to dd-wrt
Wow!
vcn if you are able to detail your steps, indeed if you have the data file "from a good router" (i.e. AR430W) and can post it, you will have some of us in your debt!
I have a full dump of new (good) dir-300. But its too long to post it here (even the board config part only). And also I think it will be unusable due to the incorrect symbol representation here. Wel, I try to attach it here as a file.
Thanks for the info fluffy, I was wondering how would I go about writing it to flash? At the moment the only thing that'll "keep" is a bootloader, I can't flash any firmware due to no board/radio config... I'm guessing it got corrupted when I tried to enable jffs, but if I remember correctly jffs failed then I reset to defaults and that bricked/corrupted the config. From reading around I guess it writes to the wrong address and overwrites the board/radio config, to the point where the only thing I can flash to the box is the bootloader. It'd be great if there would be a way to write in the board/radio config from that dump you posted. Thanks for the great support! I'll keep in touch with what I find and hopefully with a working wrt stat
btw, the jffs prob only occured with the pre-sp2, I did the same steps under v24-sp1 before upgrading and the box reset to defaults just fine and booted after failing to enable jffs. So I'm guessing it's either related to the jffs or factory defaults memory writes in the v24-pre-sp2 (just a hunch). I have spent countless numbers of hours bashing my brains in to the point where I was about to squash the thing, after looping in the same install circle for ddwrt/original firmware and my limited knowledge when it comes to wrt's, but I have to admit, I am glad I came across this problem thus I can learn more 'ins and outs' when it comes to redboot/flashing etc. Thanks for everyone's support keep up the good work!
**CAUTION: this may brick your router even more than it is. please read thru this and understand each step before attempting this. writing to the wrong part of the flash may cause your router to not boot at all. You should double check my math and commands since most of this is from memory. I tried to verify as much as possible, but I don't have a bricked router to play with.
Verify that your board_config is nuked by doing "x -b 0xbfff0000 -l 0x100". If it doesn't start with "5311.}..Atheros" and you don't see your MAC addresses on the 7th line, then your board_config is probably gone.
Here's the proper layout for a good router. See board_config
<0>found RedBoot partition at [0xBFC00000]
<0>found linux partition at [0xBFC30000]
<5>Creating 8 MTD partitions on "spiflash":
<5>0x00000000-0x00030000 : "RedBoot"
<5>0x00030000-0x003d0000 : "linux"
<5>0x00100000-0x003d0000 : "rootfs"
<5>0x003d0000-0x00400000 : "ddwrt"
<5>0x003d0000-0x003e0000 : "nvram"
<5>0x003e0000-0x003f0000 : "FIS Directory"
<5>0x003f0000-0x00400000 : "board_config" <-- this is nuked
<5>0x00030000-0x003e0000 : "fullflash"
Note that the flash base address for the ar430w is at 0xbfc00000. 0xbfc00000 + 0x3f0000 gives us 0xbfff0000, the base address of the flash board_config.
Grab the attached board_config_template.bin. (compare this to the one fluffy posted to be really sure) Fill in your MAC addresses at 0x60 and 0x66 with a hex editor. Replace the 00 1D 6A AA AA AA values with the wireless MAC address found on the sticker underneath your router. Replace the 00 1D 6A BB BB BB values with the switch MAC address. Add 1 to the wireless address to get this. Save the modified file. Lets call this board_config.bin.
You should still be able to get into dd-wrt redboot.
Flash back to the original ar430w or dir300 redboot. See http://www.shadowandy.net/2007/10/flashing-dir-300-back-to-original-firmware.htm Just do the stuff in changing back to the original redboot. We need this because the dd-wrt firmware wouldn't let us write to 0xbfff0000.
Reboot router and connect to redboot. See the dd-wrt install instructions for this.
We need to load board_config.bin into the ram of the router so we can write it into flash. do "load –r –b %{FREEMEMLO} board_config.bin"
Note the memory address board_config.bin has been put into. Use the x command to make sure that the stuff at this memory address is what is in board_config.bin
You need to use the fwrite command to write it into flash. The syntax for it is this: fwrite [-f] flash base [-b] mem base [l] image size [e] entry point. It's not exactly accurate.
I don't remember the exact command I typed in. I remember having to play around with the syntax because the help wasn't clear.
The command should look something like "fwrite -f 0xBFFF0000 -b 0x<address from load> -l 0x10000 -e 0x0"
Verify that it was written correctly by doing "x -b 0xbfff0000 -l 0x100". It should start with the string "5311.}..Atheros" and you should see your MAC addresses on the 7th line.
Reboot
You should be able to flash the original ar430w firmware or dd-wrt redboot at this point.
I'm way behind you guys, but if someone can explain to me exactly how to write my own AR430's board-config to a file, we could compare it to vcn's. I think my board config was undamaged in going from v24-sp1 to pre-sp2 and back to v24-sp1 again but would like to check it!
Once again, vcn: NEITHER dd-wrt RedBoot NOR original RedBoot do not allow to write directly to the addresses above 0xbfff0000. And this is a major problem for those who lost its board config. Did you try yourself to fwrite your own dump to its own place? Try it (any way you can stop when the RedBoot ask you "Are you sure..."). The only way to write some information to that addresses is the bdrestore and bdmove commands, as I could understand (but I'm not sure my steps I described in previous posts are absolutelly correct). And I could restore my board config by loading the original board config (that I attached here before) to the RAM and then run the bdrestore and bdmove commands in dd-wrt redboot.
You are right, the first bytes of the address 0xbfff0000 should be like "5311.}..Atheros". When my router was broken they strat with some other symbols. And you are right with proedure of loading the file we both posted here to the RAM address firstly. But then you should fwrite (or fis write) this file to the correct place in ROM (in my case it was the address 0xbffd0000) and then run the commands bdrestore and bdmove consequently.
laserfan, turn on the "log to file" option in your telnet client and use the "x" (or "dump") comand in redboot to dump the flash memory. If you use "putty" client then you can use the attached program to convert the log file to the binary.
I do not recall the exact steps I took to restore my router. I tried using dd-wrt redboot's fis write. That told me I couldn't write to the address. Then, I tried the dir300 redboot from shadowandy. That worked for me. I remember playing with bdrestore and bdmove, but I don't think they did anything in my case. I definitely did use fwrite to copy from ram to flash. I'm pretty sure it did let me write to 0xbfff0000 but I can't give you a definite. I got the fwrite idea from another thread http://www.dd-wrt.com/phpBB2/viewtopic.php?p=198275&highlight=&sid=4834cdb29c2a68c197f5781af83f09d2 see cycrap's 8/04 post.
Two other ideas that I came up with but didn't try:
1) write to 0xbff90000 (the address that bdrestore gave), and use bdrestore or bdmove to get it to the right place.
2) load the board_config to RAM. dd-wrt actually reads it from an address in RAM. load dd-wrt into flash. do fis -l linux.bin and go. that may allow dd-wrt to start when it sees a good board_config in RAM. Use mtd to write to board_config.
Sorry that I can't verify this. I don't have a ar430w with the original redboot handy.[url][/url]
Well... vcn, you are right. It is possible to write to the address 0xbfff0000 in original redboot with "fwrite" command. I tried to do that with "fis write" command, which is not required the entry point.
So, the exact steps to restore board config is:
1. Get the correct image of the board config from somwhere (we posted them here with vcn (my image was for dir-300).
2. Flash the original RedBoot (see the "Flashing DIR-300 back to original firmware" from dd-wrt site), and telnet to it.
3. Load the board config to base memory:
load -r -b %{FREEMEMLO} bfff0000-10000.bin
(remember the start address it is loaded)
4. fwrite -f 0xbfff0000 -b 0x80036400 -l 0x10000 -e 0x80036400
(-b and -e addresses are from the "load" command. But if they will differ from 0x80036400 then your router is differ from mine and maybe it is not possible to use my image of board config).
.
